From: serassio <> Date: Mon, 31 Oct 2005 23:29:45 +0000 (+0000) Subject: Windows port: addition of native external ACL helper. X-Git-Tag: SQUID_3_0_PRE4~567 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=736a9a4df38fb23926e09c7b3c1cfb34c4b1779b;p=thirdparty%2Fsquid.git Windows port: addition of native external ACL helper. - mswin_check_lm_group: Windows domain groups membership check (Based on Windows Lan Manager framework) Supported build environment: - Cygwin - MSYS + MinGW - MS VisualStudio C++ 2005 --- diff --git a/configure.in b/configure.in index e65c43da8b..0eda227109 100644 --- a/configure.in +++ b/configure.in @@ -3,7 +3,7 @@ dnl Configuration input file for Squid dnl dnl Duane Wessels, wessels@nlanr.net, February 1996 (autoconf v2.9) dnl -dnl $Id: configure.in,v 1.389 2005/10/30 21:48:21 serassio Exp $ +dnl $Id: configure.in,v 1.390 2005/10/31 16:29:45 serassio Exp $ dnl dnl dnl @@ -13,7 +13,7 @@ AC_CONFIG_SRCDIR([src/main.cc]) AC_CONFIG_AUX_DIR(cfgaux) AM_INIT_AUTOMAKE(squid, 3.0-PRE3-CVS) AM_CONFIG_HEADER(include/autoconf.h) -AC_REVISION($Revision: 1.389 $)dnl +AC_REVISION($Revision: 1.390 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE @@ -2954,7 +2954,8 @@ AC_CONFIG_FILES([\ helpers/external_acl/ip_user/Makefile \ helpers/external_acl/ldap_group/Makefile \ helpers/external_acl/unix_group/Makefile \ - helpers/external_acl/wbinfo_group/Makefile + helpers/external_acl/wbinfo_group/Makefile \ + helpers/external_acl/mswin_lm_group/Makefile ]) AC_CONFIG_SUBDIRS(lib/libTrie) diff --git a/helpers/external_acl/Makefile.am b/helpers/external_acl/Makefile.am index 4c392387bb..6471ea6397 100644 --- a/helpers/external_acl/Makefile.am +++ b/helpers/external_acl/Makefile.am @@ -1,7 +1,7 @@ # Makefile for storage modules in the Squid Object Cache server # -# $Id: Makefile.am,v 1.4 2005/07/01 22:34:50 hno Exp $ +# $Id: Makefile.am,v 1.5 2005/10/31 16:29:45 serassio Exp $ # -DIST_SUBDIRS = ip_user ldap_group unix_group wbinfo_group +DIST_SUBDIRS = ip_user ldap_group unix_group wbinfo_group mswin_lm_group SUBDIRS = @EXTERNAL_ACL_HELPERS@ diff --git a/helpers/external_acl/mswin_lm_group/Makefile.am b/helpers/external_acl/mswin_lm_group/Makefile.am new file mode 100755 index 0000000000..54bd4099b6 --- /dev/null +++ b/helpers/external_acl/mswin_lm_group/Makefile.am @@ -0,0 +1,19 @@ +# +# Makefile for the Squid Object Cache server +# +# $Id: Makefile.am,v 1.1 2005/10/31 16:29:45 serassio Exp $ +# +# Uncomment and customize the following to suit your needs: +# + + +libexec_PROGRAMS = mswin_check_lm_group + +mswin_check_lm_group_SOURCES = win32_check_group.c win32_check_group.h + +INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir)/src + +LDADD = -L$(top_builddir)/lib -lmiscutil -lnetapi32 -ladvapi32 \ + -lntdll $(XTRA_LIBS) + +EXTRA_DIST = readme.txt diff --git a/helpers/external_acl/mswin_lm_group/Makefile.in b/helpers/external_acl/mswin_lm_group/Makefile.in new file mode 100755 index 0000000000..c73526fdc9 --- /dev/null +++ b/helpers/external_acl/mswin_lm_group/Makefile.in @@ -0,0 +1,542 @@ +# Makefile.in generated by automake 1.7.9 from Makefile.am. +# @configure_input@ + +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 +# Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# +# Makefile for the Squid Object Cache server +# +# $Id: Makefile.in,v 1.1 2005/10/31 16:29:45 serassio Exp $ +# +# Uncomment and customize the following to suit your needs: +# + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +top_builddir = ../../.. + +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +INSTALL = @INSTALL@ +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +host_triplet = @host@ +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMDEP_FALSE = @AMDEP_FALSE@ +AMDEP_TRUE = @AMDEP_TRUE@ +AMTAR = @AMTAR@ +AR = @AR@ +AR_R = @AR_R@ +AUTH_LIBS = @AUTH_LIBS@ +AUTH_LINKOBJS = @AUTH_LINKOBJS@ +AUTH_MODULES = @AUTH_MODULES@ +AUTH_OBJS = @AUTH_OBJS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BASIC_AUTH_HELPERS = @BASIC_AUTH_HELPERS@ +CACHE_HTTP_PORT = @CACHE_HTTP_PORT@ +CACHE_ICP_PORT = @CACHE_ICP_PORT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CGIEXT = @CGIEXT@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPTLIB = @CRYPTLIB@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ +DISK_LIBS = @DISK_LIBS@ +DISK_LINKOBJS = @DISK_LINKOBJS@ +DISK_PROGRAMS = @DISK_PROGRAMS@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +ENABLE_ARP_ACL_FALSE = @ENABLE_ARP_ACL_FALSE@ +ENABLE_ARP_ACL_TRUE = @ENABLE_ARP_ACL_TRUE@ +ENABLE_HTCP_FALSE = @ENABLE_HTCP_FALSE@ +ENABLE_HTCP_TRUE = @ENABLE_HTCP_TRUE@ +ENABLE_IDENT_FALSE = @ENABLE_IDENT_FALSE@ +ENABLE_IDENT_TRUE = @ENABLE_IDENT_TRUE@ +ENABLE_PINGER_FALSE = @ENABLE_PINGER_FALSE@ +ENABLE_PINGER_TRUE = @ENABLE_PINGER_TRUE@ +ENABLE_SSL_FALSE = @ENABLE_SSL_FALSE@ +ENABLE_SSL_TRUE = @ENABLE_SSL_TRUE@ +ENABLE_UNLINKD_FALSE = @ENABLE_UNLINKD_FALSE@ +ENABLE_UNLINKD_TRUE = @ENABLE_UNLINKD_TRUE@ +ENABLE_WIN32SPECIFIC_FALSE = @ENABLE_WIN32SPECIFIC_FALSE@ +ENABLE_WIN32SPECIFIC_TRUE = @ENABLE_WIN32SPECIFIC_TRUE@ +ENABLE_XPROF_STATS_FALSE = @ENABLE_XPROF_STATS_FALSE@ +ENABLE_XPROF_STATS_TRUE = @ENABLE_XPROF_STATS_TRUE@ +EPOLL_LIBS = @EPOLL_LIBS@ +ERR_DEFAULT_LANGUAGE = @ERR_DEFAULT_LANGUAGE@ +ERR_LANGUAGES = @ERR_LANGUAGES@ +EXEEXT = @EXEEXT@ +EXTERNAL_ACL_HELPERS = @EXTERNAL_ACL_HELPERS@ +F77 = @F77@ +FALSE = @FALSE@ +FFLAGS = @FFLAGS@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBADD_DL = @LIBADD_DL@ +LIBDLMALLOC = @LIBDLMALLOC@ +LIBOBJS = @LIBOBJS@ +LIBREGEX = @LIBREGEX@ +LIBS = @LIBS@ +LIBSASL = @LIBSASL@ +LIBTOOL = @LIBTOOL@ +LIB_LBER = @LIB_LBER@ +LIB_LDAP = @LIB_LDAP@ +LIB_MALLOC = @LIB_MALLOC@ +LN = @LN@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ +MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@ +MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@ +MAKEINFO = @MAKEINFO@ +MAKE_LEAKFINDER_FALSE = @MAKE_LEAKFINDER_FALSE@ +MAKE_LEAKFINDER_TRUE = @MAKE_LEAKFINDER_TRUE@ +MKDIR = @MKDIR@ +MV = @MV@ +NEED_OWN_MD5_FALSE = @NEED_OWN_MD5_FALSE@ +NEED_OWN_MD5_TRUE = @NEED_OWN_MD5_TRUE@ +NEED_OWN_SNPRINTF_FALSE = @NEED_OWN_SNPRINTF_FALSE@ +NEED_OWN_SNPRINTF_TRUE = @NEED_OWN_SNPRINTF_TRUE@ +NEGOTIATE_AUTH_HELPERS = @NEGOTIATE_AUTH_HELPERS@ +NTLM_AUTH_HELPERS = @NTLM_AUTH_HELPERS@ +OBJEXT = @OBJEXT@ +OPT_DEFAULT_HOSTS = @OPT_DEFAULT_HOSTS@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +RANLIB = @RANLIB@ +REGEXLIB = @REGEXLIB@ +REPL_LIBS = @REPL_LIBS@ +REPL_OBJS = @REPL_OBJS@ +REPL_POLICIES = @REPL_POLICIES@ +RM = @RM@ +SET_MAKE = @SET_MAKE@ +SH = @SH@ +SHELL = @SHELL@ +SNMPLIB = @SNMPLIB@ +SQUID_CFLAGS = @SQUID_CFLAGS@ +SQUID_CPPUNIT_DIR = @SQUID_CPPUNIT_DIR@ +SQUID_CPPUNIT_INC = @SQUID_CPPUNIT_INC@ +SQUID_CPPUNIT_LA = @SQUID_CPPUNIT_LA@ +SQUID_CXXFLAGS = @SQUID_CXXFLAGS@ +SSLLIB = @SSLLIB@ +STORE_LIBS = @STORE_LIBS@ +STORE_LINKOBJS = @STORE_LINKOBJS@ +STORE_OBJS = @STORE_OBJS@ +STRIP = @STRIP@ +TRUE = @TRUE@ +USE_DELAY_POOLS_FALSE = @USE_DELAY_POOLS_FALSE@ +USE_DELAY_POOLS_TRUE = @USE_DELAY_POOLS_TRUE@ +USE_DNSSERVER_FALSE = @USE_DNSSERVER_FALSE@ +USE_DNSSERVER_TRUE = @USE_DNSSERVER_TRUE@ +USE_ESI_FALSE = @USE_ESI_FALSE@ +USE_ESI_TRUE = @USE_ESI_TRUE@ +USE_SNMP_FALSE = @USE_SNMP_FALSE@ +USE_SNMP_TRUE = @USE_SNMP_TRUE@ +VERSION = @VERSION@ +WIN32_PSAPI = @WIN32_PSAPI@ +XTRA_LIBS = @XTRA_LIBS@ +XTRA_OBJS = @XTRA_OBJS@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +ac_ct_RANLIB = @ac_ct_RANLIB@ +ac_ct_STRIP = @ac_ct_STRIP@ +am__fastdepCC_FALSE = @am__fastdepCC_FALSE@ +am__fastdepCC_TRUE = @am__fastdepCC_TRUE@ +am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@ +am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +datadir = @datadir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localstatedir = @localstatedir@ +makesnmplib = @makesnmplib@ +mandir = @mandir@ +oldincludedir = @oldincludedir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ + +libexec_PROGRAMS = mswin_check_lm_group + +mswin_check_lm_group_SOURCES = win32_check_group.c win32_check_group.h + +INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir)/src + +LDADD = -L$(top_builddir)/lib -lmiscutil -lnetapi32 -ladvapi32 \ + -lntdll $(XTRA_LIBS) + + +EXTRA_DIST = readme.txt +subdir = helpers/external_acl/mswin_lm_group +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +mkinstalldirs = $(SHELL) $(top_srcdir)/cfgaux/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/include/autoconf.h +CONFIG_CLEAN_FILES = +libexec_PROGRAMS = mswin_check_lm_group$(EXEEXT) +PROGRAMS = $(libexec_PROGRAMS) + +am_mswin_check_lm_group_OBJECTS = win32_check_group.$(OBJEXT) +mswin_check_lm_group_OBJECTS = $(am_mswin_check_lm_group_OBJECTS) +mswin_check_lm_group_LDADD = $(LDADD) +mswin_check_lm_group_DEPENDENCIES = +mswin_check_lm_group_LDFLAGS = + +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include +depcomp = $(SHELL) $(top_srcdir)/cfgaux/depcomp +am__depfiles_maybe = depfiles +@AMDEP_TRUE@DEP_FILES = ./$(DEPDIR)/win32_check_group.Po +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \ + $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +DIST_SOURCES = $(mswin_check_lm_group_SOURCES) +DIST_COMMON = $(srcdir)/Makefile.in Makefile.am +SOURCES = $(mswin_check_lm_group_SOURCES) + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) + cd $(top_srcdir) && \ + $(AUTOMAKE) --foreign helpers/external_acl/mswin_lm_group/Makefile +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) +libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) +install-libexecPROGRAMS: $(libexec_PROGRAMS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(libexecdir) + @list='$(libexec_PROGRAMS)'; for p in $$list; do \ + p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ + if test -f $$p \ + || test -f $$p1 \ + ; then \ + f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(libexecPROGRAMS_INSTALL) $$p $(DESTDIR)$(libexecdir)/$$f || exit 1; \ + else :; fi; \ + done + +uninstall-libexecPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(libexec_PROGRAMS)'; for p in $$list; do \ + f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ + echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \ + rm -f $(DESTDIR)$(libexecdir)/$$f; \ + done + +clean-libexecPROGRAMS: + @list='$(libexec_PROGRAMS)'; for p in $$list; do \ + f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f $$p $$f"; \ + rm -f $$p $$f ; \ + done +mswin_check_lm_group$(EXEEXT): $(mswin_check_lm_group_OBJECTS) $(mswin_check_lm_group_DEPENDENCIES) + @rm -f mswin_check_lm_group$(EXEEXT) + $(LINK) $(mswin_check_lm_group_LDFLAGS) $(mswin_check_lm_group_OBJECTS) $(mswin_check_lm_group_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) core *.core + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/win32_check_group.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" \ +@am__fastdepCC_TRUE@ -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; \ +@am__fastdepCC_TRUE@ else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; \ +@am__fastdepCC_TRUE@ fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$< + +.c.obj: +@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" \ +@am__fastdepCC_TRUE@ -c -o $@ `if test -f '$<'; then $(CYGPATH_W) '$<'; else $(CYGPATH_W) '$(srcdir)/$<'; fi`; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; \ +@am__fastdepCC_TRUE@ else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; \ +@am__fastdepCC_TRUE@ fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Po' tmpdepfile='$(DEPDIR)/$*.TPo' @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `if test -f '$<'; then $(CYGPATH_W) '$<'; else $(CYGPATH_W) '$(srcdir)/$<'; fi` + +.c.lo: +@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" \ +@am__fastdepCC_TRUE@ -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; \ +@am__fastdepCC_TRUE@ else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; \ +@am__fastdepCC_TRUE@ fi +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ depfile='$(DEPDIR)/$*.Plo' tmpdepfile='$(DEPDIR)/$*.TPlo' @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + -rm -f libtool +uninstall-info-am: + +ETAGS = etags +ETAGSFLAGS = + +CTAGS = ctags +CTAGSFLAGS = + +tags: TAGS + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$tags$$unique" \ + || $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique + +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + +top_distdir = ../../.. +distdir = $(top_distdir)/$(PACKAGE)-$(VERSION) + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \ + list='$(DISTFILES)'; for file in $$list; do \ + case $$file in \ + $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ + $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \ + esac; \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + dir="/$$dir"; \ + $(mkinstalldirs) "$(distdir)$$dir"; \ + else \ + dir=''; \ + fi; \ + if test -d $$d/$$file; then \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) + +installdirs: + $(mkinstalldirs) $(DESTDIR)$(libexecdir) +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-libtool distclean-tags + +dvi: dvi-am + +dvi-am: + +info: info-am + +info-am: + +install-data-am: + +install-exec-am: install-libexecPROGRAMS + +install-info: install-info-am + +install-man: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-info-am uninstall-libexecPROGRAMS + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libexecPROGRAMS clean-libtool ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am info info-am install \ + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am \ + install-libexecPROGRAMS install-man install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-info-am \ + uninstall-libexecPROGRAMS + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/helpers/external_acl/mswin_lm_group/readme.txt b/helpers/external_acl/mswin_lm_group/readme.txt new file mode 100755 index 0000000000..44711cbb89 --- /dev/null +++ b/helpers/external_acl/mswin_lm_group/readme.txt @@ -0,0 +1,86 @@ + +This is the readme.txt file for mswin_check_lm_group, an external +helper fo the External ACL Scheme for Squid. + + +This helper must be used in with an authentication scheme, tipically +basic or NTLM, based on Windows NT/2000 domain users. +It reads from the standard input the domain username and a list of groups +and tries to match it against the groups membership of the specified +username. + + +============== +Program Syntax +============== + +mswin_check_lm_group [-D domain][-G][-P][-c][-d][-h] + +-D domain specify the default user's domain +-G start helper in Domain Global Group mode +-P use ONLY PDCs for group validation +-c use case insensitive compare +-d enable debugging +-h this message + + +================ +squid.conf usage +================ + +external_acl_type NT_global_group %LOGIN c:/squid/libexec/mswin_check_lm_group.exe -G +external_acl_type NT_local_group %LOGIN c:/squid/libexec/mswin_check_lm_group.exe + +acl GProxyUsers external NT_global_group GProxyUsers +acl LProxyUsers external NT_local_group LProxyUsers +acl password proxy_auth REQUIRED + +http_access allow password GProxyUsers +http_access allow password LProxyUsers +http_access deny all + +In the previous example all validated NT users member of GProxyUsers Global +domain group or member of LProxyUsers machine local group are allowed to +use the cache. + +Groups with spaces in name, for example "Domain Users", must be quoted and +the acl data ("Domain Users") must be placed into a separate file included +by specifying "/path/to/file". The previous example will be: + +acl ProxyUsers external NT_global_group "c:/squid/etc/DomainUsers" + +and the DomainUsers files will contain only the following line: + +"Domain Users" + +NOTES: +- The standard group name comparation is case sensitive, so group name + must be specified with same case as in the NT/2000 Domain. + It's possible to enable not case sensitive group name comparation (-c), + but on on some non - English locales, the results can be unexpected. +- Native WIN32 NTLM and Basic Helpers must be used without the + -A & -D switches. + +Refer to Squid documentation for the more details on squid.conf. + + +======= +Testing +======= + +I strongly reccomend that mswin_check_lm_group is tested prior to being used in a +production environment. It may behave differently on different platforms. +To test it, run it from the command line. Enter username and group +pairs separated by a space (username must entered with domain\\username +syntax). Press ENTER to get an OK or ERR message. +Make sure pressing behaves the same as a carriage return. +Make sure pressing aborts the program. + +Test that entering no details does not result in an OK or ERR message. +Test that entering an invalid username and group results in an ERR message. +Test that entering an valid username and group results in an OK message. + +-- +Serassio Guido +squidnt at acmeconsulting dot it + diff --git a/helpers/external_acl/mswin_lm_group/win32_check_group.c b/helpers/external_acl/mswin_lm_group/win32_check_group.c new file mode 100755 index 0000000000..eaa2e8f395 --- /dev/null +++ b/helpers/external_acl/mswin_lm_group/win32_check_group.c @@ -0,0 +1,606 @@ +/* + * win32_group: lookup group membership in a Windows NT/2000 domain + * + * (C)2002,2005 Guido Serassio - Acme Consulting S.r.l. + * + * Authors: + * Guido Serassio + * Acme Consulting S.r.l., Italy + * + * With contributions from others mentioned in the change history section + * below. + * + * In part based on check_group by Rodrigo Albani de Campos. + * + * Dependencies: Windows NT4 SP4 and later. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. + * + * History: + * + * Version 1.22 + * 08-07-2005 Guido Serassio + * Added -P option for force usage of PDCs for group validation. + * Added support for '/' char as domain separator. + * Fixed Bugzilla #1336. + * Version 1.21 + * 23-04-2005 Guido Serassio + * Added -D option for specify default user's domain. + * Version 1.20.1 + * 15-08-2004 Guido Serassio + * Helper protocol changed to use URL escaped strings in Squid-3.0 + * (Original work of Henrik Nordstrom) + * Version 1.20 + * 13-06-2004 Guido Serassio + * Added support for running on a Domain Controller. + * Version 1.10 + * 01-05-2003 Guido Serassio + * Added option for case insensitive group name comparation. + * More debug info. + * Updated documentation. + * Segfault bug fix (Bugzilla #574) + * Version 1.0 + * 24-06-2002 Guido Serassio + * Using the main function from check_group and sections + * from wbinfo wrote win32_group + * + * This is a helper for the external ACL interface for Squid Cache + * + * It reads from the standard input the domain username and a list of + * groups and tries to match it against the groups membership of the + * specified username. + * + * Returns `OK' if the user belongs to a group or `ERR' otherwise, as + * described on http://devel.squid-cache.org/external_acl/config.html + * + */ + +#include "config.h" +#ifdef _SQUID_CYGWIN_ +#include +int _wcsicmp(const wchar_t*, const wchar_t*); +#endif +#if HAVE_STDIO_H +#include +#endif +#if HAVE_CTYPE_H +#include +#endif +#ifdef HAVE_STRING_H +#include +#endif +#if HAVE_GETOPT_H +#include +#endif +#undef assert +#include +#include +#include +#include + +#include "util.h" + +#define BUFSIZE 8192 /* the stdin buffer size */ +int use_global = 0; +int use_PDC_only = 0; +char debug_enabled = 0; +char *myname; +pid_t mypid; +char * machinedomain; +int use_case_insensitive_compare = 0; +char * DefaultDomain = NULL; +const char NTV_VALID_DOMAIN_SEPARATOR[] = "\\/"; + +#include "win32_check_group.h" + + +char * AllocStrFromLSAStr(LSA_UNICODE_STRING LsaStr) +{ + size_t len; + static char * target; + + len = LsaStr.Length/sizeof(WCHAR) + 1; + + /* allocate buffer for str + null termination */ + safe_free(target); + target = (char *)xmalloc(len); + if (target == NULL) + return NULL; + + /* copy unicode buffer */ + WideCharToMultiByte(CP_ACP, 0, LsaStr.Buffer, LsaStr.Length, target, len, NULL, NULL ); + + /* add null termination */ + target[len-1] = '\0'; + return target; +} + + +char * GetDomainName(void) + +{ + LSA_HANDLE PolicyHandle; + LSA_OBJECT_ATTRIBUTES ObjectAttributes; + NTSTATUS status; + PPOLICY_PRIMARY_DOMAIN_INFO ppdiDomainInfo; + PWKSTA_INFO_100 pwkiWorkstationInfo; + DWORD netret; + char * DomainName = NULL; + + /* + * Always initialize the object attributes to all zeroes. + */ + memset(&ObjectAttributes, '\0', sizeof(ObjectAttributes)); + + /* + * You need the local workstation name. Use NetWkstaGetInfo at level + * 100 to retrieve a WKSTA_INFO_100 structure. + * + * The wki100_computername field contains a pointer to a UNICODE + * string containing the local computer name. + */ + netret = NetWkstaGetInfo(NULL, 100, (LPBYTE *)&pwkiWorkstationInfo); + if (netret == NERR_Success) { + /* + * We have the workstation name in: + * pwkiWorkstationInfo->wki100_computername + * + * Next, open the policy object for the local system using + * the LsaOpenPolicy function. + */ + status = LsaOpenPolicy( + NULL, + &ObjectAttributes, + GENERIC_READ | POLICY_VIEW_LOCAL_INFORMATION, + &PolicyHandle + ); + + /* + * Error checking. + */ + if (status) { + debug("OpenPolicy Error: %ld\n", status); + } else { + + /* + * You have a handle to the policy object. Now, get the + * domain information using LsaQueryInformationPolicy. + */ + status = LsaQueryInformationPolicy(PolicyHandle, + PolicyPrimaryDomainInformation, + (PVOID *)&ppdiDomainInfo); + if (status) { + debug("LsaQueryInformationPolicy Error: %ld\n", status); + } else { + + /* Get name in useable format */ + DomainName = AllocStrFromLSAStr(ppdiDomainInfo->Name); + + /* + * Check the Sid pointer, if it is null, the + * workstation is either a stand-alone computer + * or a member of a workgroup. + */ + if (ppdiDomainInfo->Sid) { + + /* + * Member of a domain. Display it in debug mode. + */ + debug("Member of Domain %s\n",DomainName); + } else { + DomainName = NULL; + } + } + } + + /* + * Clean up all the memory buffers created by the LSA and + * Net* APIs. + */ + NetApiBufferFree(pwkiWorkstationInfo); + LsaFreeMemory((LPVOID)ppdiDomainInfo); + } else + debug("NetWkstaGetInfo Error: %ld\n", netret); + return DomainName; +} + +/* returns 0 on match, -1 if no match */ +static int wcstrcmparray(const wchar_t *str, const char **array) +{ + WCHAR wszGroup[GNLEN+1]; // Unicode Group + + while (*array) { + MultiByteToWideChar(CP_ACP, 0, *array, + strlen(*array) + 1, wszGroup, sizeof(wszGroup) / sizeof(wszGroup[0])); + debug("Windows group: %S, Squid group: %S\n", str, wszGroup); + if ((use_case_insensitive_compare ? _wcsicmp(str, wszGroup) : wcscmp(str, wszGroup)) == 0) + return 0; + array++; + } + return -1; +} + +/* returns 1 on success, 0 on failure */ +int +Valid_Local_Groups(char *UserName, const char **Groups) +{ + int result = 0; + char * Domain_Separator; + WCHAR wszUserName[UNLEN+1]; // Unicode user name + + LPLOCALGROUP_USERS_INFO_0 pBuf = NULL; + LPLOCALGROUP_USERS_INFO_0 pTmpBuf; + DWORD dwLevel = 0; + DWORD dwFlags = LG_INCLUDE_INDIRECT; + DWORD dwPrefMaxLen = -1; + DWORD dwEntriesRead = 0; + DWORD dwTotalEntries = 0; + NET_API_STATUS nStatus; + DWORD i; + DWORD dwTotalCount = 0; + + if ((Domain_Separator = strchr(UserName, '/')) != NULL) + *Domain_Separator = '\\'; + + debug("Valid_Local_Groups: checking group membership of '%s'.\n", UserName); + +/* Convert ANSI User Name and Group to Unicode */ + + MultiByteToWideChar(CP_ACP, 0, UserName, + strlen(UserName) + 1, wszUserName, sizeof(wszUserName) / sizeof(wszUserName[0])); + + /* + * Call the NetUserGetLocalGroups function + * specifying information level 0. + * + * The LG_INCLUDE_INDIRECT flag specifies that the + * function should also return the names of the local + * groups in which the user is indirectly a member. + */ + nStatus = NetUserGetLocalGroups( + NULL, + wszUserName, + dwLevel, + dwFlags, + (LPBYTE *) &pBuf, + dwPrefMaxLen, + &dwEntriesRead, + &dwTotalEntries); + /* + * If the call succeeds, + */ + if (nStatus == NERR_Success) { + if ((pTmpBuf = pBuf) != NULL) { + for (i = 0; i < dwEntriesRead; i++) { + assert(pTmpBuf != NULL); + if (pTmpBuf == NULL) { + result = 0; + break; + } + if (wcstrcmparray(pTmpBuf->lgrui0_name, Groups) == 0) { + result = 1; + break; + } + pTmpBuf++; + dwTotalCount++; + } + } + } else + result = 0; +/* + * Free the allocated memory. + */ + if (pBuf != NULL) + NetApiBufferFree(pBuf); + return result; +} + + +/* returns 1 on success, 0 on failure */ +int +Valid_Global_Groups(char *UserName, const char **Groups) +{ + int result = 0; + WCHAR wszUserName[UNLEN+1]; // Unicode user name + WCHAR wszLocalDomain[DNLEN+1]; // Unicode Local Domain + WCHAR wszUserDomain[DNLEN+1]; // Unicode User Domain + + char NTDomain[DNLEN+UNLEN+2]; + char *domain_qualify; + char User[UNLEN+1]; + size_t j; + + LPWSTR LclDCptr = NULL; + LPWSTR UsrDCptr = NULL; + LPGROUP_USERS_INFO_0 pUsrBuf = NULL; + LPGROUP_USERS_INFO_0 pTmpBuf; + LPSERVER_INFO_101 pSrvBuf = NULL; + DWORD dwLevel = 0; + DWORD dwPrefMaxLen = -1; + DWORD dwEntriesRead = 0; + DWORD dwTotalEntries = 0; + NET_API_STATUS nStatus; + DWORD i; + DWORD dwTotalCount = 0; + + strncpy(NTDomain, UserName, sizeof(NTDomain)); + + for (j=0; j < strlen(NTV_VALID_DOMAIN_SEPARATOR); j++) { + if ((domain_qualify = strchr(NTDomain, NTV_VALID_DOMAIN_SEPARATOR[j])) != NULL) + break; + } + if (domain_qualify == NULL) { + strcpy(User, NTDomain); + strcpy(NTDomain, DefaultDomain); + } else { + strcpy(User, domain_qualify + 1); + domain_qualify[0] = '\0'; + strlwr(NTDomain); + } + + debug("Valid_Global_Groups: checking group membership of '%s\\%s'.\n", NTDomain, User); + + /* Convert ANSI User Name and Group to Unicode */ + + MultiByteToWideChar(CP_ACP, 0, User, + strlen(User) + 1, wszUserName, + sizeof(wszUserName) / sizeof(wszUserName[0])); + MultiByteToWideChar(CP_ACP, 0, machinedomain, + strlen(machinedomain) + 1, wszLocalDomain, sizeof(wszLocalDomain) / sizeof(wszLocalDomain[0])); + + +/* Call the NetServerGetInfo function for local computer, specifying level 101. */ + dwLevel = 101; + nStatus = NetServerGetInfo(NULL, dwLevel, (LPBYTE *)&pSrvBuf); + + if (nStatus == NERR_Success) + { + /* Check if we are running on a Domain Controller */ + if ((pSrvBuf->sv101_type & SV_TYPE_DOMAIN_CTRL) || + (pSrvBuf->sv101_type & SV_TYPE_DOMAIN_BAKCTRL)) + { + LclDCptr = NULL; + debug("Running on a DC.\n"); + } + else + nStatus = (use_PDC_only ? NetGetDCName(NULL, wszLocalDomain, (LPBYTE *) & LclDCptr) : NetGetAnyDCName(NULL, wszLocalDomain, (LPBYTE *) & LclDCptr)); + } else { + fprintf(stderr, "%s NetServerGetInfo() failed.'\n", myname); + if (pSrvBuf != NULL) + NetApiBufferFree(pSrvBuf); + return result; + } + + if (nStatus == NERR_Success) { + debug("Using '%S' as DC for '%S' local domain.\n", LclDCptr, wszLocalDomain); + + if (strcmp(NTDomain, machinedomain) != 0) { + MultiByteToWideChar(CP_ACP, 0, NTDomain, + strlen(NTDomain) + 1, wszUserDomain, sizeof(wszUserDomain) / sizeof(wszUserDomain[0])); + nStatus = (use_PDC_only ? NetGetDCName(LclDCptr, wszUserDomain, (LPBYTE *) & UsrDCptr) : NetGetAnyDCName(LclDCptr, wszUserDomain, (LPBYTE *) & UsrDCptr)); + if (nStatus != NERR_Success) { + fprintf(stderr, "%s Can't find DC for user's domain '%s'\n", myname, NTDomain); + if (pSrvBuf != NULL) + NetApiBufferFree(pSrvBuf); + if (LclDCptr != NULL) + NetApiBufferFree((LPVOID) LclDCptr); + if (UsrDCptr != NULL) + NetApiBufferFree((LPVOID) UsrDCptr); + return result; + } + } else + UsrDCptr = LclDCptr; + + debug("Using '%S' as DC for '%s' user's domain.\n", UsrDCptr, NTDomain); + /* + * Call the NetUserGetGroups function + * specifying information level 0. + */ + dwLevel = 0; + nStatus = NetUserGetGroups(UsrDCptr, + wszUserName, + dwLevel, + (LPBYTE *) & pUsrBuf, + dwPrefMaxLen, + &dwEntriesRead, + &dwTotalEntries); + /* + * If the call succeeds, + */ + if (nStatus == NERR_Success) { + if ((pTmpBuf = pUsrBuf) != NULL) { + for (i = 0; i < dwEntriesRead; i++) { + assert(pTmpBuf != NULL); + if (pTmpBuf == NULL) { + result = 0; + break; + } + if (wcstrcmparray(pTmpBuf->grui0_name, Groups) == 0) { + result = 1; + break; + } + pTmpBuf++; + dwTotalCount++; + } + } + } else { + result = 0; + fprintf(stderr, "%s NetUserGetGroups() failed.'\n", myname); + } + } else { + fprintf(stderr, "%s Can't find DC for local domain '%s'\n", myname, machinedomain); + } + /* + * Free the allocated memory. + */ + if (pSrvBuf != NULL) + NetApiBufferFree(pSrvBuf); + if (pUsrBuf != NULL) + NetApiBufferFree(pUsrBuf); + if ((UsrDCptr != NULL) && (UsrDCptr != LclDCptr)) + NetApiBufferFree((LPVOID) UsrDCptr); + if (LclDCptr != NULL) + NetApiBufferFree((LPVOID) LclDCptr); + return result; +} + +static void +usage(char *program) +{ + fprintf(stderr,"Usage: %s [-D domain][-G][-P][-c][-d][-h]\n" + " -D default user Domain\n" + " -G enable Domain Global group mode\n" + " -P use ONLY PDCs for group validation\n" + " -c use case insensitive compare\n" + " -d enable debugging\n" + " -h this message\n", + program); +} + +void +process_options(int argc, char *argv[]) +{ + int opt; + + opterr = 0; + while (-1 != (opt = getopt(argc, argv, "D:GPcdh"))) { + switch (opt) { + case 'D': + DefaultDomain = xstrndup(optarg, DNLEN + 1); + strlwr(DefaultDomain); + break; + case 'G': + use_global = 1; + break; + case 'P': + use_PDC_only = 1; + break; + case 'c': + use_case_insensitive_compare = 1; + break; + case 'd': + debug_enabled = 1; + break; + case 'h': + usage(argv[0]); + exit(0); + case '?': + opt = optopt; + /* fall thru to default */ + default: + fprintf(stderr, "%s Unknown option: -%c. Exiting\n", myname, opt); + usage(argv[0]); + exit(1); + break; /* not reached */ + } + } + return; +} + + +int +main (int argc, char *argv[]) +{ + char *p; + char buf[BUFSIZE]; + char *username; + char *group; + int err = 0; + const char *groups[512]; + int n; + + if (argc > 0) { /* should always be true */ + myname=strrchr(argv[0],'/'); + if (myname==NULL) + myname=argv[0]; + } else { + myname="(unknown)"; + } + mypid=getpid(); + + setbuf(stdout, NULL); + setbuf(stderr, NULL); + + /* Check Command Line */ + process_options(argc, argv); + + if (use_global) { + if ((machinedomain = GetDomainName()) == NULL) { + fprintf(stderr, "%s Can't read machine domain\n", myname); + exit(1); + } + strlwr(machinedomain); + if (!DefaultDomain) + DefaultDomain = xstrdup(machinedomain); + } + + debug("External ACL win32 group helper build " __DATE__ ", " __TIME__ + " starting up...\n"); + if (use_global) + debug("Domain Global group mode enabled using '%s' as default domain.\n", DefaultDomain); + if (use_case_insensitive_compare) + debug("Warning: running in case insensitive mode !!!\n"); + if (use_PDC_only) + debug("Warning: using only PDCs for group validation !!!\n"); + + /* Main Loop */ + while (fgets (buf, sizeof(buf), stdin)) + { + if (NULL == strchr(buf, '\n')) { + /* too large message received.. skip and deny */ + fprintf(stderr, "%s: ERROR: Too large: %s\n", argv[0], buf); + while (fgets(buf, sizeof(buf), stdin)) { + fprintf(stderr, "%s: ERROR: Too large..: %s\n", argv[0], buf); + if (strchr(buf, '\n') != NULL) + break; + } + goto error; + } + + if ((p = strchr(buf, '\n')) != NULL) + *p = '\0'; /* strip \n */ + if ((p = strchr(buf, '\r')) != NULL) + *p = '\0'; /* strip \r */ + + debug("Got '%s' from Squid (length: %d).\n",buf,strlen(buf)); + + if (buf[0] == '\0') { + fprintf(stderr, "Invalid Request\n"); + goto error; + } + + username = strtok(buf, " "); + for (n = 0; (group = strtok(NULL, " ")) != NULL; n++) { + rfc1738_unescape(group); + groups[n] = group; + } + groups[n] = NULL; + + if (NULL == username) { + fprintf(stderr, "Invalid Request\n"); + goto error; + } + rfc1738_unescape(username); + + if ((use_global ? Valid_Global_Groups(username, groups) : Valid_Local_Groups(username, groups))) { + printf ("OK\n"); + } else { +error: + printf ("ERR\n"); + } + err = 0; + } + return 0; +} diff --git a/helpers/external_acl/mswin_lm_group/win32_check_group.h b/helpers/external_acl/mswin_lm_group/win32_check_group.h new file mode 100755 index 0000000000..9adc0938dc --- /dev/null +++ b/helpers/external_acl/mswin_lm_group/win32_check_group.h @@ -0,0 +1,79 @@ +/* + * (C) 2002, 2005 Guido Serassio + * Based on previous work of Francesco Chemolli, Robert Collins and Andrew Doran + * + * Distributed freely under the terms of the GNU General Public License, + * version 2. See the file COPYING for licensing details + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. + */ + +#undef debug + +/************* CONFIGURATION ***************/ +/* + * define this if you want debugging + */ +#ifndef DEBUG +#define DEBUG +#endif + +/************* END CONFIGURATION ***************/ + +#include + +#define safe_free(x) if (x) { free(x); x = NULL; } + +/* Debugging stuff */ + +#ifdef __GNUC__ /* this is really a gcc-ism */ +#ifdef DEBUG +#include +#include +static char *__foo; +extern char debug_enabled; +#define debug(X...) if (debug_enabled) { \ + fprintf(stderr,"%s[%d](%s:%d): ", myname, mypid, \ + ((__foo=strrchr(__FILE__,'/'))==NULL?__FILE__:__foo+1),\ + __LINE__);\ + fprintf(stderr,X); } +#else /* DEBUG */ +#define debug(X...) /* */ +#endif /* DEBUG */ +#else /* __GNUC__ */ +extern char debug_enabled; +static void +debug(char *format,...) +{ +#ifdef DEBUG +#ifdef _SQUID_MSWIN_ + if (debug_enabled) { + va_list args; + + va_start(args,format); + fprintf(stderr, "%s[%d]: ", myname, mypid); + vfprintf(stderr, format, args); + fprintf(stderr, "\n"); + va_end(args); + } +#endif /* _SQUID_MSWIN_ */ +#endif /* DEBUG */ +} +#endif /* __GNUC__ */ + + +/* A couple of harmless helper macros */ +#define SEND(X) debug("sending '%s' to squid\n",X); printf(X "\n"); +#ifdef __GNUC__ +#define SEND2(X,Y...) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y); +#else +/* no gcc, no debugging. varargs macros are a gcc extension */ +#define SEND2(X,Y) debug("sending '" X "' to squid\n",Y); printf(X "\n",Y); +#endif