]> git.ipfire.org Git - thirdparty/squid.git/blob - helpers/basic_auth/SSPI/valid.cc
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SourceFormat Enforcement
[thirdparty/squid.git] / helpers / basic_auth / SSPI / valid.cc
1 /*
2 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9 /*
10 NT_auth - Version 2.0
11
12 Modified to act as a Squid authenticator module.
13 Removed all Pike stuff.
14 Returns OK for a successful authentication, or ERR upon error.
15
16 Guido Serassio, Torino - Italy
17
18 Uses code from -
19 Antonino Iannella 2000
20 Andrew Tridgell 1997
21 Richard Sharpe 1996
22 Bill Welliver 1999
23
24 * Distributed freely under the terms of the GNU General Public License,
25 * version 2. See the file COPYING for licensing details
26 *
27 * This program is distributed in the hope that it will be useful,
28 * but WITHOUT ANY WARRANTY; without even the implied warranty of
29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30 * GNU General Public License for more details.
31
32 * You should have received a copy of the GNU General Public License
33 * along with this program; if not, write to the Free Software
34 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
35 */
36
37 #include "squid.h"
38 #include "util.h"
39
40 /* Check if we try to compile on a Windows Platform */
41 #if !_SQUID_WINDOWS_
42 /* NON Windows Platform !!! */
43 #error NON WINDOWS PLATFORM
44 #endif
45
46 #if _SQUID_CYGWIN_
47 #include <wchar.h>
48 #endif
49 #include "valid.h"
50
51 char Default_NTDomain[DNLEN+1] = NTV_DEFAULT_DOMAIN;
52 const char * errormsg;
53
54 const char NTV_SERVER_ERROR_MSG[] = "Internal server errror";
55 const char NTV_GROUP_ERROR_MSG[] = "User not allowed to use this cache";
56 const char NTV_LOGON_ERROR_MSG[] = "No such user or wrong password";
57 const char NTV_VALID_DOMAIN_SEPARATOR[] = "\\/";
58
59 /* returns 1 on success, 0 on failure */
60 int
61 Valid_Group(char *UserName, char *Group)
62 {
63 int result = FALSE;
64 WCHAR wszUserName[256]; // Unicode user name
65 WCHAR wszGroup[256]; // Unicode Group
66
67 LPLOCALGROUP_USERS_INFO_0 pBuf = NULL;
68 LPLOCALGROUP_USERS_INFO_0 pTmpBuf;
69 DWORD dwLevel = 0;
70 DWORD dwFlags = LG_INCLUDE_INDIRECT;
71 DWORD dwPrefMaxLen = -1;
72 DWORD dwEntriesRead = 0;
73 DWORD dwTotalEntries = 0;
74 NET_API_STATUS nStatus;
75 DWORD i;
76 DWORD dwTotalCount = 0;
77
78 /* Convert ANSI User Name and Group to Unicode */
79
80 MultiByteToWideChar(CP_ACP, 0, UserName,
81 strlen(UserName) + 1, wszUserName,
82 sizeof(wszUserName) / sizeof(wszUserName[0]));
83 MultiByteToWideChar(CP_ACP, 0, Group,
84 strlen(Group) + 1, wszGroup, sizeof(wszGroup) / sizeof(wszGroup[0]));
85
86 /*
87 * Call the NetUserGetLocalGroups function
88 * specifying information level 0.
89 *
90 * The LG_INCLUDE_INDIRECT flag specifies that the
91 * function should also return the names of the local
92 * groups in which the user is indirectly a member.
93 */
94 nStatus = NetUserGetLocalGroups(NULL,
95 wszUserName,
96 dwLevel,
97 dwFlags,
98 (LPBYTE *) & pBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries);
99 /*
100 * If the call succeeds,
101 */
102 if (nStatus == NERR_Success) {
103 if ((pTmpBuf = pBuf) != NULL) {
104 for (i = 0; i < dwEntriesRead; ++i) {
105 if (pTmpBuf == NULL) {
106 result = FALSE;
107 break;
108 }
109 if (wcscmp(pTmpBuf->lgrui0_name, wszGroup) == 0) {
110 result = TRUE;
111 break;
112 }
113 ++pTmpBuf;
114 ++dwTotalCount;
115 }
116 }
117 } else
118 result = FALSE;
119 /*
120 * Free the allocated memory.
121 */
122 if (pBuf != NULL)
123 NetApiBufferFree(pBuf);
124 return result;
125 }
126
127 int
128 Valid_User(char *UserName, char *Password, char *Group)
129 {
130 int result = NTV_SERVER_ERROR;
131 size_t i;
132 char NTDomain[256];
133 char *domain_qualify = NULL;
134 char DomainUser[256];
135 char User[256];
136
137 errormsg = NTV_SERVER_ERROR_MSG;
138 strncpy(NTDomain, UserName, sizeof(NTDomain));
139
140 for (i=0; i < strlen(NTV_VALID_DOMAIN_SEPARATOR); ++i) {
141 if ((domain_qualify = strchr(NTDomain, NTV_VALID_DOMAIN_SEPARATOR[i])) != NULL)
142 break;
143 }
144 if (domain_qualify == NULL) {
145 strcpy(User, NTDomain);
146 strcpy(NTDomain, Default_NTDomain);
147 } else {
148 strcpy(User, domain_qualify + 1);
149 domain_qualify[0] = '\0';
150 }
151 /* Log the client on to the local computer. */
152 if (!SSP_LogonUser(User, Password, NTDomain)) {
153 result = NTV_LOGON_ERROR;
154 errormsg = NTV_LOGON_ERROR_MSG;
155 debug("%s\n", errormsg);
156 } else {
157 result = NTV_NO_ERROR;
158 if (strcmp(NTDomain, NTV_DEFAULT_DOMAIN) == 0)
159 strcpy(DomainUser, User);
160 else {
161 strcpy(DomainUser, NTDomain);
162 strcat(DomainUser, "\\");
163 strcat(DomainUser, User);
164 }
165 if (UseAllowedGroup) {
166 if (!Valid_Group(DomainUser, NTAllowedGroup)) {
167 result = NTV_GROUP_ERROR;
168 errormsg = NTV_GROUP_ERROR_MSG;
169 debug("%s\n", errormsg);
170 }
171 }
172 if (UseDisallowedGroup) {
173 if (Valid_Group(DomainUser, NTDisAllowedGroup)) {
174 result = NTV_GROUP_ERROR;
175 errormsg = NTV_GROUP_ERROR_MSG;
176 debug("%s\n", errormsg);
177 }
178 }
179 }
180 return result;
181 }
182
Mirror of https://github.com/squid-cache/squid.git