2 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
12 Modified to act as a Squid authenticator module.
13 Removed all Pike stuff.
14 Returns OK for a successful authentication, or ERR upon error.
16 Guido Serassio, Torino - Italy
19 Antonino Iannella 2000
24 * Distributed freely under the terms of the GNU General Public License,
25 * version 2 or later. See the file COPYING for licensing details
27 * This program is distributed in the hope that it will be useful,
28 * but WITHOUT ANY WARRANTY; without even the implied warranty of
29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30 * GNU General Public License for more details.
32 * You should have received a copy of the GNU General Public License
33 * along with this program; if not, write to the Free Software
34 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
40 /* Check if we try to compile on a Windows Platform */
42 /* NON Windows Platform !!! */
43 #error NON WINDOWS PLATFORM
49 #include "auth/basic/SSPI/valid.h"
51 char Default_NTDomain
[DNLEN
+1] = NTV_DEFAULT_DOMAIN
;
52 const char * errormsg
;
54 const char NTV_SERVER_ERROR_MSG
[] = "Internal server errror";
55 const char NTV_GROUP_ERROR_MSG
[] = "User not allowed to use this cache";
56 const char NTV_LOGON_ERROR_MSG
[] = "No such user or wrong password";
57 const char NTV_VALID_DOMAIN_SEPARATOR
[] = "\\/";
59 /* returns 1 on success, 0 on failure */
61 Valid_Group(char *UserName
, char *Group
)
64 WCHAR wszUserName
[256]; // Unicode user name
65 WCHAR wszGroup
[256]; // Unicode Group
67 LPLOCALGROUP_USERS_INFO_0 pBuf
= NULL
;
68 LPLOCALGROUP_USERS_INFO_0 pTmpBuf
;
70 DWORD dwFlags
= LG_INCLUDE_INDIRECT
;
71 DWORD dwPrefMaxLen
= -1;
72 DWORD dwEntriesRead
= 0;
73 DWORD dwTotalEntries
= 0;
74 NET_API_STATUS nStatus
;
76 DWORD dwTotalCount
= 0;
78 /* Convert ANSI User Name and Group to Unicode */
80 MultiByteToWideChar(CP_ACP
, 0, UserName
,
81 strlen(UserName
) + 1, wszUserName
,
82 sizeof(wszUserName
) / sizeof(wszUserName
[0]));
83 MultiByteToWideChar(CP_ACP
, 0, Group
,
84 strlen(Group
) + 1, wszGroup
, sizeof(wszGroup
) / sizeof(wszGroup
[0]));
87 * Call the NetUserGetLocalGroups function
88 * specifying information level 0.
90 * The LG_INCLUDE_INDIRECT flag specifies that the
91 * function should also return the names of the local
92 * groups in which the user is indirectly a member.
94 nStatus
= NetUserGetLocalGroups(NULL
,
98 (LPBYTE
*) & pBuf
, dwPrefMaxLen
, &dwEntriesRead
, &dwTotalEntries
);
100 * If the call succeeds,
102 if (nStatus
== NERR_Success
) {
103 if ((pTmpBuf
= pBuf
) != NULL
) {
104 for (i
= 0; i
< dwEntriesRead
; ++i
) {
105 if (pTmpBuf
== NULL
) {
109 if (wcscmp(pTmpBuf
->lgrui0_name
, wszGroup
) == 0) {
120 * Free the allocated memory.
123 NetApiBufferFree(pBuf
);
128 Valid_User(char *UserName
, char *Password
, char *Group
)
130 int result
= NTV_SERVER_ERROR
;
133 char *domain_qualify
= NULL
;
134 char DomainUser
[256];
137 errormsg
= NTV_SERVER_ERROR_MSG
;
138 strncpy(NTDomain
, UserName
, sizeof(NTDomain
));
140 for (i
=0; i
< strlen(NTV_VALID_DOMAIN_SEPARATOR
); ++i
) {
141 if ((domain_qualify
= strchr(NTDomain
, NTV_VALID_DOMAIN_SEPARATOR
[i
])) != NULL
)
144 if (domain_qualify
== NULL
) {
145 strcpy(User
, NTDomain
);
146 strcpy(NTDomain
, Default_NTDomain
);
148 strcpy(User
, domain_qualify
+ 1);
149 domain_qualify
[0] = '\0';
151 /* Log the client on to the local computer. */
152 if (!SSP_LogonUser(User
, Password
, NTDomain
)) {
153 result
= NTV_LOGON_ERROR
;
154 errormsg
= NTV_LOGON_ERROR_MSG
;
155 debug("%s\n", errormsg
);
157 result
= NTV_NO_ERROR
;
158 if (strcmp(NTDomain
, NTV_DEFAULT_DOMAIN
) == 0)
159 strcpy(DomainUser
, User
);
161 strcpy(DomainUser
, NTDomain
);
162 strcat(DomainUser
, "\\");
163 strcat(DomainUser
, User
);
165 if (UseAllowedGroup
) {
166 if (!Valid_Group(DomainUser
, NTAllowedGroup
)) {
167 result
= NTV_GROUP_ERROR
;
168 errormsg
= NTV_GROUP_ERROR_MSG
;
169 debug("%s\n", errormsg
);
172 if (UseDisallowedGroup
) {
173 if (Valid_Group(DomainUser
, NTDisAllowedGroup
)) {
174 result
= NTV_GROUP_ERROR
;
175 errormsg
= NTV_GROUP_ERROR_MSG
;
176 debug("%s\n", errormsg
);