Index: readme.txt =================================================================== RCS file: /cvsroot/squid/squid/helpers/external_acl/winbind_group/readme.txt,v retrieving revision 1.1.6.3 diff -u -p -r1.1.6.3 readme.txt --- readme.txt 3 May 2003 02:16:26 -0000 1.1.6.3 +++ readme.txt 10 May 2003 08:48:04 -0000 @@ -43,6 +43,9 @@ http_access deny all In the previous example all validated NT users member of ProxyUsers Global domain group are allowed to use the cache. +Groups name can be specified in both domain-qualified group notation +(DOMAIN\Groupname) or simple group name notation. + Groups with spaces in name, for example "Domain Users", must be quoted and the acl data ("Domain Users") must be placed into a separate file included by specifying "/path/to/file". The previous example will be: @@ -52,7 +55,6 @@ acl ProxyUsers external NT_global_group and the DomainUsers files will contain only the following line: "Domain Users" - NOTE: the standard group name comparation is case sensitive, so group name must be specified with same case as in the NT/2000 Domain. Index: wb_check_group.c =================================================================== RCS file: /cvsroot/squid/squid/helpers/external_acl/winbind_group/wb_check_group.c,v retrieving revision 1.2.2.9 diff -u -p -r1.2.2.9 wb_check_group.c --- wb_check_group.c 3 May 2003 02:16:26 -0000 1.2.2.9 +++ wb_check_group.c 10 May 2003 08:48:04 -0000 @@ -31,6 +31,13 @@ * * History: * + * Version 1.20 + * 10-05-2003 Roberto Moreda + * Added support for domain-qualified group Microsoft notation + * (DOMAIN\Groupname). + * Guido Serassio + * More debug info. + * Updated documentation. * Version 1.10 * 26-04-2003 Guido Serassio * Added option for case insensitive group name comparation. @@ -147,7 +154,9 @@ char * wbinfo_lookupsid(char * group, ch /* Display response */ - strcpy(group,response.data.name.name); + strcpy(group,response.data.name.dom_name); + strcat(group,"\\"); + strcat(group,response.data.name.name); return group; } @@ -179,9 +188,21 @@ char * wbinfo_gid_to_sid(char * sid, gid /* returns 0 on match, -1 if no match */ static inline int strcmparray(const char *str, const char **array) { + const char *wgroup; + while (*array) { - debug("Windows group: %s, Squid group: %s\n", str, *array); - if ((use_case_insensitive_compare ? strCaseCmp(str, *array) : strcmp(str, *array)) == 0) + /* If the groups we want to match are specified as 'group', and + * not as 'DOMAIN\group' we strip the domain from the group to + * match against */ + if (strstr(*array,"\\") == NULL) { + wgroup = strstr(str,"\\") + 1; + debug("Stripping domain from group name %s\n", str); + } else { + wgroup = str; + } + + debug("Windows group: %s, Squid group: %s\n", wgroup, *array); + if ((use_case_insensitive_compare ? strCaseCmp(wgroup, *array) : strcmp(wgroup, *array)) == 0) return 0; array++; } @@ -217,8 +238,10 @@ Valid_Groups(char *UserName, const char for (i = 0; i < response.data.num_entries; i++) { if ((wbinfo_gid_to_sid(sid, (int)((gid_t *)response.extra_data)[i])) != NULL) { debug("SID: %s\n", sid); - if (wbinfo_lookupsid(group,sid) == NULL) + if (wbinfo_lookupsid(group,sid) == NULL) { + warn("Can't lookup group SID.\n"); break; + } if (strcmparray(group, UserGroups) == 0) { match = 1; break;