]> git.ipfire.org Git - thirdparty/squid.git/blob - src/auth/basic/SSPI/valid.cc
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Maintenance: replace most NULL with nullptr (#1402)
[thirdparty/squid.git] / src / auth / basic / SSPI / valid.cc
1 /*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9 /*
10 NT_auth - Version 2.0
11
12 Modified to act as a Squid authenticator module.
13 Removed all Pike stuff.
14 Returns OK for a successful authentication, or ERR upon error.
15
16 Guido Serassio, Torino - Italy
17
18 Uses code from -
19 Antonino Iannella 2000
20 Andrew Tridgell 1997
21 Richard Sharpe 1996
22 Bill Welliver 1999
23
24 * Distributed freely under the terms of the GNU General Public License,
25 * version 2 or later. See the file COPYING for licensing details
26 *
27 * This program is distributed in the hope that it will be useful,
28 * but WITHOUT ANY WARRANTY; without even the implied warranty of
29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30 * GNU General Public License for more details.
31
32 * You should have received a copy of the GNU General Public License
33 * along with this program; if not, write to the Free Software
34 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
35 */
36
37 #include "squid.h"
38 #include "auth/basic/SSPI/valid.h"
39 #include "util.h"
40
41 #include <cwchar>
42
43 char Default_NTDomain[DNLEN+1] = NTV_DEFAULT_DOMAIN;
44 const char * errormsg;
45
46 const char NTV_SERVER_ERROR_MSG[] = "Internal server error";
47 const char NTV_GROUP_ERROR_MSG[] = "User not allowed to use this cache";
48 const char NTV_LOGON_ERROR_MSG[] = "No such user or wrong password";
49 const char NTV_VALID_DOMAIN_SEPARATOR[] = "\\/";
50
51 /* returns 1 on success, 0 on failure */
52 static int
53 Valid_Group(char *UserName, char *Group)
54 {
55 int result = FALSE;
56 WCHAR wszUserName[256]; // Unicode user name
57 WCHAR wszGroup[256]; // Unicode Group
58
59 LPLOCALGROUP_USERS_INFO_0 pBuf = nullptr;
60 LPLOCALGROUP_USERS_INFO_0 pTmpBuf;
61 DWORD dwLevel = 0;
62 DWORD dwFlags = LG_INCLUDE_INDIRECT;
63 DWORD dwPrefMaxLen = -1;
64 DWORD dwEntriesRead = 0;
65 DWORD dwTotalEntries = 0;
66 NET_API_STATUS nStatus;
67 DWORD i;
68 DWORD dwTotalCount = 0;
69
70 /* Convert ANSI User Name and Group to Unicode */
71
72 MultiByteToWideChar(CP_ACP, 0, UserName,
73 strlen(UserName) + 1, wszUserName,
74 sizeof(wszUserName) / sizeof(wszUserName[0]));
75 MultiByteToWideChar(CP_ACP, 0, Group,
76 strlen(Group) + 1, wszGroup, sizeof(wszGroup) / sizeof(wszGroup[0]));
77
78 /*
79 * Call the NetUserGetLocalGroups function
80 * specifying information level 0.
81 *
82 * The LG_INCLUDE_INDIRECT flag specifies that the
83 * function should also return the names of the local
84 * groups in which the user is indirectly a member.
85 */
86 nStatus = NetUserGetLocalGroups(nullptr,
87 wszUserName,
88 dwLevel,
89 dwFlags,
90 (LPBYTE *) & pBuf, dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries);
91 /*
92 * If the call succeeds,
93 */
94 if (nStatus == NERR_Success) {
95 if ((pTmpBuf = pBuf) != NULL) {
96 for (i = 0; i < dwEntriesRead; ++i) {
97 if (pTmpBuf == NULL) {
98 result = FALSE;
99 break;
100 }
101 if (wcscmp(pTmpBuf->lgrui0_name, wszGroup) == 0) {
102 result = TRUE;
103 break;
104 }
105 ++pTmpBuf;
106 ++dwTotalCount;
107 }
108 }
109 } else
110 result = FALSE;
111 /*
112 * Free the allocated memory.
113 */
114 if (pBuf != NULL)
115 NetApiBufferFree(pBuf);
116 return result;
117 }
118
119 int
120 Valid_User(char *UserName, char *Password, char *)
121 {
122 int result = NTV_SERVER_ERROR;
123 size_t i;
124 char NTDomain[256];
125 char *domain_qualify = nullptr;
126 char DomainUser[256];
127 char User[256];
128
129 errormsg = NTV_SERVER_ERROR_MSG;
130 xstrncpy(NTDomain, UserName, sizeof(NTDomain));
131
132 for (i=0; i < strlen(NTV_VALID_DOMAIN_SEPARATOR); ++i) {
133 if ((domain_qualify = strchr(NTDomain, NTV_VALID_DOMAIN_SEPARATOR[i])) != NULL)
134 break;
135 }
136 if (domain_qualify == NULL) {
137 strcpy(User, NTDomain);
138 strcpy(NTDomain, Default_NTDomain);
139 } else {
140 strcpy(User, domain_qualify + 1);
141 domain_qualify[0] = '\0';
142 }
143 /* Log the client on to the local computer. */
144 if (!SSP_LogonUser(User, Password, NTDomain)) {
145 result = NTV_LOGON_ERROR;
146 errormsg = NTV_LOGON_ERROR_MSG;
147 debug("%s\n", errormsg);
148 } else {
149 result = NTV_NO_ERROR;
150 if (strcmp(NTDomain, NTV_DEFAULT_DOMAIN) == 0)
151 strcpy(DomainUser, User);
152 else {
153 strcpy(DomainUser, NTDomain);
154 strcat(DomainUser, "\\");
155 strcat(DomainUser, User);
156 }
157 if (UseAllowedGroup) {
158 if (!Valid_Group(DomainUser, NTAllowedGroup)) {
159 result = NTV_GROUP_ERROR;
160 errormsg = NTV_GROUP_ERROR_MSG;
161 debug("%s\n", errormsg);
162 }
163 }
164 if (UseDisallowedGroup) {
165 if (Valid_Group(DomainUser, NTDisAllowedGroup)) {
166 result = NTV_GROUP_ERROR;
167 errormsg = NTV_GROUP_ERROR_MSG;
168 debug("%s\n", errormsg);
169 }
170 }
171 }
172 return result;
173 }
174
Mirror of https://github.com/squid-cache/squid.git