]>
Commit | Line | Data |
---|---|---|
5b95b903 AJ |
1 | /* |
2 | * Copyright (C) 1996-2014 The Squid Software Foundation and contributors | |
3 | * | |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
6e785d85 | 9 | /* |
10 | NT_auth - Version 2.0 | |
11 | ||
12 | Modified to act as a Squid authenticator module. | |
13 | Removed all Pike stuff. | |
14 | Returns OK for a successful authentication, or ERR upon error. | |
15 | ||
16 | Guido Serassio, Torino - Italy | |
17 | ||
18 | Uses code from - | |
19 | Antonino Iannella 2000 | |
20 | Andrew Tridgell 1997 | |
21 | Richard Sharpe 1996 | |
22 | Bill Welliver 1999 | |
23 | ||
24 | * Distributed freely under the terms of the GNU General Public License, | |
25 | * version 2. See the file COPYING for licensing details | |
26 | * | |
27 | * This program is distributed in the hope that it will be useful, | |
28 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
29 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
30 | * GNU General Public License for more details. | |
26ac0430 | 31 | |
6e785d85 | 32 | * You should have received a copy of the GNU General Public License |
33 | * along with this program; if not, write to the Free Software | |
34 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
35 | */ | |
36 | ||
f7f3304a | 37 | #include "squid.h" |
6e785d85 | 38 | #include "util.h" |
39 | ||
40 | /* Check if we try to compile on a Windows Platform */ | |
be266cb2 AJ |
41 | #if !_SQUID_WINDOWS_ |
42 | /* NON Windows Platform !!! */ | |
43 | #error NON WINDOWS PLATFORM | |
44 | #endif | |
6e785d85 | 45 | |
be266cb2 | 46 | #if _SQUID_CYGWIN_ |
6e785d85 | 47 | #include <wchar.h> |
48 | #endif | |
49 | #include "valid.h" | |
50 | ||
51 | char Default_NTDomain[DNLEN+1] = NTV_DEFAULT_DOMAIN; | |
52 | const char * errormsg; | |
53 | ||
54 | const char NTV_SERVER_ERROR_MSG[] = "Internal server errror"; | |
55 | const char NTV_GROUP_ERROR_MSG[] = "User not allowed to use this cache"; | |
56 | const char NTV_LOGON_ERROR_MSG[] = "No such user or wrong password"; | |
57 | const char NTV_VALID_DOMAIN_SEPARATOR[] = "\\/"; | |
58 | ||
59 | /* returns 1 on success, 0 on failure */ | |
60 | int | |
61 | Valid_Group(char *UserName, char *Group) | |
62 | { | |
63 | int result = FALSE; | |
f53969cc SM |
64 | WCHAR wszUserName[256]; // Unicode user name |
65 | WCHAR wszGroup[256]; // Unicode Group | |
6e785d85 | 66 | |
67 | LPLOCALGROUP_USERS_INFO_0 pBuf = NULL; | |
68 | LPLOCALGROUP_USERS_INFO_0 pTmpBuf; | |
69 | DWORD dwLevel = 0; | |
70 | DWORD dwFlags = LG_INCLUDE_INDIRECT; | |
71 | DWORD dwPrefMaxLen = -1; | |
72 | DWORD dwEntriesRead = 0; | |
73 | DWORD dwTotalEntries = 0; | |
74 | NET_API_STATUS nStatus; | |
75 | DWORD i; | |
76 | DWORD dwTotalCount = 0; | |
77 | ||
26ac0430 | 78 | /* Convert ANSI User Name and Group to Unicode */ |
6e785d85 | 79 | |
80 | MultiByteToWideChar(CP_ACP, 0, UserName, | |
26ac0430 AJ |
81 | strlen(UserName) + 1, wszUserName, |
82 | sizeof(wszUserName) / sizeof(wszUserName[0])); | |
6e785d85 | 83 | MultiByteToWideChar(CP_ACP, 0, Group, |
26ac0430 | 84 | strlen(Group) + 1, wszGroup, sizeof(wszGroup) / sizeof(wszGroup[0])); |
6e785d85 | 85 | |
86 | /* | |
26ac0430 AJ |
87 | * Call the NetUserGetLocalGroups function |
88 | * specifying information level 0. | |
89 | * | |
90 | * The LG_INCLUDE_INDIRECT flag specifies that the | |
91 | * function should also return the names of the local | |
92 | * groups in which the user is indirectly a member. | |
93 | */ | |
94 | nStatus = NetUserGetLocalGroups(NULL, | |
95 | wszUserName, | |
96 | dwLevel, | |
97 | dwFlags, | |
98 | (LPBYTE *) & pBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries); | |
99 | /* | |
100 | * If the call succeeds, | |
101 | */ | |
6e785d85 | 102 | if (nStatus == NERR_Success) { |
26ac0430 | 103 | if ((pTmpBuf = pBuf) != NULL) { |
755494da | 104 | for (i = 0; i < dwEntriesRead; ++i) { |
26ac0430 AJ |
105 | if (pTmpBuf == NULL) { |
106 | result = FALSE; | |
107 | break; | |
108 | } | |
109 | if (wcscmp(pTmpBuf->lgrui0_name, wszGroup) == 0) { | |
110 | result = TRUE; | |
111 | break; | |
112 | } | |
755494da FC |
113 | ++pTmpBuf; |
114 | ++dwTotalCount; | |
26ac0430 AJ |
115 | } |
116 | } | |
6e785d85 | 117 | } else |
26ac0430 AJ |
118 | result = FALSE; |
119 | /* | |
120 | * Free the allocated memory. | |
121 | */ | |
6e785d85 | 122 | if (pBuf != NULL) |
26ac0430 | 123 | NetApiBufferFree(pBuf); |
6e785d85 | 124 | return result; |
125 | } | |
126 | ||
127 | /* Valid_User return codes - | |
128 | 0 - User authenticated successfully. | |
129 | 1 - Server error. | |
130 | 2 - Group membership error. | |
131 | 3 - Logon error; Incorrect password or username given. | |
132 | */ | |
133 | ||
134 | int | |
135 | Valid_User(char *UserName, char *Password, char *Group) | |
136 | { | |
137 | int result = NTV_SERVER_ERROR; | |
138 | size_t i; | |
139 | char NTDomain[256]; | |
f3f3e961 | 140 | char *domain_qualify = NULL; |
6e785d85 | 141 | char DomainUser[256]; |
142 | char User[256]; | |
143 | ||
144 | errormsg = NTV_SERVER_ERROR_MSG; | |
145 | strncpy(NTDomain, UserName, sizeof(NTDomain)); | |
146 | ||
755494da | 147 | for (i=0; i < strlen(NTV_VALID_DOMAIN_SEPARATOR); ++i) { |
6e785d85 | 148 | if ((domain_qualify = strchr(NTDomain, NTV_VALID_DOMAIN_SEPARATOR[i])) != NULL) |
149 | break; | |
150 | } | |
151 | if (domain_qualify == NULL) { | |
26ac0430 AJ |
152 | strcpy(User, NTDomain); |
153 | strcpy(NTDomain, Default_NTDomain); | |
6e785d85 | 154 | } else { |
26ac0430 AJ |
155 | strcpy(User, domain_qualify + 1); |
156 | domain_qualify[0] = '\0'; | |
6e785d85 | 157 | } |
158 | /* Log the client on to the local computer. */ | |
159 | if (!SSP_LogonUser(User, Password, NTDomain)) { | |
26ac0430 | 160 | result = NTV_LOGON_ERROR; |
6e785d85 | 161 | errormsg = NTV_LOGON_ERROR_MSG; |
162 | debug("%s\n", errormsg); | |
163 | } else { | |
26ac0430 AJ |
164 | result = NTV_NO_ERROR; |
165 | if (strcmp(NTDomain, NTV_DEFAULT_DOMAIN) == 0) | |
166 | strcpy(DomainUser, User); | |
167 | else { | |
168 | strcpy(DomainUser, NTDomain); | |
169 | strcat(DomainUser, "\\"); | |
170 | strcat(DomainUser, User); | |
171 | } | |
172 | if (UseAllowedGroup) { | |
173 | if (!Valid_Group(DomainUser, NTAllowedGroup)) { | |
174 | result = NTV_GROUP_ERROR; | |
6e785d85 | 175 | errormsg = NTV_GROUP_ERROR_MSG; |
176 | debug("%s\n", errormsg); | |
26ac0430 AJ |
177 | } |
178 | } | |
179 | if (UseDisallowedGroup) { | |
180 | if (Valid_Group(DomainUser, NTDisAllowedGroup)) { | |
181 | result = NTV_GROUP_ERROR; | |
6e785d85 | 182 | errormsg = NTV_GROUP_ERROR_MSG; |
183 | debug("%s\n", errormsg); | |
26ac0430 AJ |
184 | } |
185 | } | |
6e785d85 | 186 | } |
187 | return result; | |
188 | } | |
f53969cc | 189 |