* 20-07-2009 Guido Serassio
* Global groups support rewritten, now is based on ADSI.
* New Features:
- * - support for Domain Local, Domain Global ad Universal
+ * - support for Domain Local, Domain Global ad Universal
* groups
* - full group nesting support
* Version 1.0
* First release, based on mswin_check_lm_group.
*
* This is a helper for the external ACL interface for Squid Cache
- *
+ *
* It reads from the standard input the domain username and a list of
* groups and tries to match it against the groups membership of the
* specified username.
CloseCOM(void)
{
if (WIN32_COM_initialized == 1)
- CoUninitialize();
+ CoUninitialize();
}
long lLBound, lUBound, cElements;
if ((!pVar) || (!ppByte))
- return E_INVALIDARG;
+ return E_INVALIDARG;
if ((pVar->n1.n2.vt) != (VT_UI1 | VT_ARRAY))
- return E_INVALIDARG;
+ return E_INVALIDARG;
hr = SafeArrayGetLBound(V_ARRAY(pVar), 1, &lLBound);
hr = SafeArrayGetUBound(V_ARRAY(pVar), 1, &lUBound);
cElements = lUBound - lLBound + 1;
hr = SafeArrayAccessData(V_ARRAY(pVar), &pArray);
if (SUCCEEDED(hr)) {
- LPBYTE pTemp = (LPBYTE) pArray;
- *ppByte = (LPBYTE) CoTaskMemAlloc(cElements);
- if (*ppByte)
- memcpy(*ppByte, pTemp, cElements);
- else
- hr = E_OUTOFMEMORY;
+ LPBYTE pTemp = (LPBYTE) pArray;
+ *ppByte = (LPBYTE) CoTaskMemAlloc(cElements);
+ if (*ppByte)
+ memcpy(*ppByte, pTemp, cElements);
+ else
+ hr = E_OUTOFMEMORY;
}
SafeArrayUnaccessData(V_ARRAY(pVar));
/* Get the primaryGroupID property */
hr = pUser->lpVtbl->Get(pUser, L"primaryGroupID", &var);
if (SUCCEEDED(hr)) {
- User_primaryGroupID = var.n1.n2.n3.uintVal;
+ User_primaryGroupID = var.n1.n2.n3.uintVal;
} else {
- debug("Get_primaryGroup: cannot get primaryGroupID, ERROR: %s\n", Get_WIN32_ErrorMessage(hr));
- VariantClear(&var);
- return result;
+ debug("Get_primaryGroup: cannot get primaryGroupID, ERROR: %s\n", Get_WIN32_ErrorMessage(hr));
+ VariantClear(&var);
+ return result;
}
VariantClear(&var);
/*Get the objectSid property */
hr = pUser->lpVtbl->Get(pUser, L"objectSid", &var);
if (SUCCEEDED(hr)) {
- PSID pObjectSID;
- LPBYTE pByte = NULL;
- char *szSID = NULL;
- hr = GetLPBYTEtoOctetString(&var, &pByte);
+ PSID pObjectSID;
+ LPBYTE pByte = NULL;
+ char *szSID = NULL;
+ hr = GetLPBYTEtoOctetString(&var, &pByte);
- pObjectSID = (PSID) pByte;
+ pObjectSID = (PSID) pByte;
- /* Convert SID to string. */
- ConvertSidToStringSid(pObjectSID, &szSID);
- CoTaskMemFree(pByte);
+ /* Convert SID to string. */
+ ConvertSidToStringSid(pObjectSID, &szSID);
+ CoTaskMemFree(pByte);
- *(strrchr(szSID, '-') + 1) = '\0';
- sprintf(tmpSID, "%s%u", szSID, User_primaryGroupID);
+ *(strrchr(szSID, '-') + 1) = '\0';
+ sprintf(tmpSID, "%s%u", szSID, User_primaryGroupID);
- wcsize = MultiByteToWideChar(CP_ACP, 0, tmpSID, -1, wc, 0);
- wc = (wchar_t *) xmalloc(wcsize * sizeof(wchar_t));
- MultiByteToWideChar(CP_ACP, 0, tmpSID, -1, wc, wcsize);
- LocalFree(szSID);
+ wcsize = MultiByteToWideChar(CP_ACP, 0, tmpSID, -1, wc, 0);
+ wc = (wchar_t *) xmalloc(wcsize * sizeof(wchar_t));
+ MultiByteToWideChar(CP_ACP, 0, tmpSID, -1, wc, wcsize);
+ LocalFree(szSID);
- result = My_NameTranslate(wc, ADS_NAME_TYPE_SID_OR_SID_HISTORY_NAME, ADS_NAME_TYPE_1779);
- safe_free(wc);
+ result = My_NameTranslate(wc, ADS_NAME_TYPE_SID_OR_SID_HISTORY_NAME, ADS_NAME_TYPE_1779);
+ safe_free(wc);
- if (result == NULL)
- debug("Get_primaryGroup: cannot get DN for %s.\n", tmpSID);
- else
- debug("Get_primaryGroup: Primary group DN: %S.\n", result);
+ if (result == NULL)
+ debug("Get_primaryGroup: cannot get DN for %s.\n", tmpSID);
+ else
+ debug("Get_primaryGroup: Primary group DN: %S.\n", result);
} else
- debug("Get_primaryGroup: cannot get objectSid, ERROR: %s\n", Get_WIN32_ErrorMessage(hr));
+ debug("Get_primaryGroup: cannot get objectSid, ERROR: %s\n", Get_WIN32_ErrorMessage(hr));
VariantClear(&var);
return result;
}
Get_WIN32_ErrorMessage(HRESULT hr)
{
FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM |
- FORMAT_MESSAGE_IGNORE_INSERTS,
- NULL,
- hr,
- MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
- (LPTSTR) & WIN32_ErrorMessage,
- 0,
- NULL);
+ FORMAT_MESSAGE_IGNORE_INSERTS,
+ NULL,
+ hr,
+ MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+ (LPTSTR) & WIN32_ErrorMessage,
+ 0,
+ NULL);
return WIN32_ErrorMessage;
}
wchar_t *wc;
if (WIN32_COM_initialized == 0) {
- hr = CoInitialize(NULL);
- if (FAILED(hr)) {
- debug("My_NameTranslate: cannot initialize COM interface, ERROR: %s\n", Get_WIN32_ErrorMessage(hr));
- /* This is a fatal error */
- exit(1);
- }
- WIN32_COM_initialized = 1;
+ hr = CoInitialize(NULL);
+ if (FAILED(hr)) {
+ debug("My_NameTranslate: cannot initialize COM interface, ERROR: %s\n", Get_WIN32_ErrorMessage(hr));
+ /* This is a fatal error */
+ exit(1);
+ }
+ WIN32_COM_initialized = 1;
}
hr = CoCreateInstance(&CLSID_NameTranslate,
- NULL,
- CLSCTX_INPROC_SERVER,
- &IID_IADsNameTranslate,
- (void **) &pNto);
+ NULL,
+ CLSCTX_INPROC_SERVER,
+ &IID_IADsNameTranslate,
+ (void **) &pNto);
if (FAILED(hr)) {
- debug("My_NameTranslate: cannot create COM instance, ERROR: %s\n", Get_WIN32_ErrorMessage(hr));
- /* This is a fatal error */
- exit(1);
+ debug("My_NameTranslate: cannot create COM instance, ERROR: %s\n", Get_WIN32_ErrorMessage(hr));
+ /* This is a fatal error */
+ exit(1);
}
hr = pNto->lpVtbl->Init(pNto, ADS_NAME_INITTYPE_GC, L"");
if (FAILED(hr)) {
- debug("My_NameTranslate: cannot initialise NameTranslate API, ERROR: %s\n", Get_WIN32_ErrorMessage(hr));
- pNto->lpVtbl->Release(pNto);
- /* This is a fatal error */
- exit(1);
+ debug("My_NameTranslate: cannot initialise NameTranslate API, ERROR: %s\n", Get_WIN32_ErrorMessage(hr));
+ pNto->lpVtbl->Release(pNto);
+ /* This is a fatal error */
+ exit(1);
}
hr = pNto->lpVtbl->Set(pNto, in_format, name);
if (FAILED(hr)) {
- debug("My_NameTranslate: cannot set translate of %S, ERROR: %s\n", name, Get_WIN32_ErrorMessage(hr));
- pNto->lpVtbl->Release(pNto);
- return NULL;
+ debug("My_NameTranslate: cannot set translate of %S, ERROR: %s\n", name, Get_WIN32_ErrorMessage(hr));
+ pNto->lpVtbl->Release(pNto);
+ return NULL;
}
hr = pNto->lpVtbl->Get(pNto, out_format, &bstr);
if (FAILED(hr)) {
- debug("My_NameTranslate: cannot get translate of %S, ERROR: %s\n", name, Get_WIN32_ErrorMessage(hr));
- pNto->lpVtbl->Release(pNto);
- return NULL;
+ debug("My_NameTranslate: cannot get translate of %S, ERROR: %s\n", name, Get_WIN32_ErrorMessage(hr));
+ pNto->lpVtbl->Release(pNto);
+ return NULL;
}
debug("My_NameTranslate: %S translated to %S\n", name, bstr);
wc = (wchar_t *) xmalloc((wcslen(Base_DN) + 8) * sizeof(wchar_t));
if (query_mode == LDAP_MODE)
- wcscpy(wc, L"LDAP://");
+ wcscpy(wc, L"LDAP://");
else
- wcscpy(wc, L"GC://");
+ wcscpy(wc, L"GC://");
wcscat(wc, Base_DN);
return wc;
DWORD netret;
if ((netret = DsRoleGetPrimaryDomainInformation(NULL, DsRolePrimaryDomainInfoBasic, (PBYTE *) & pDSRoleInfo) == ERROR_SUCCESS)) {
- /*
- * Check the machine role.
- */
+ /*
+ * Check the machine role.
+ */
- if ((pDSRoleInfo->MachineRole == DsRole_RoleMemberWorkstation) ||
- (pDSRoleInfo->MachineRole == DsRole_RoleMemberServer) ||
- (pDSRoleInfo->MachineRole == DsRole_RoleBackupDomainController) ||
- (pDSRoleInfo->MachineRole == DsRole_RolePrimaryDomainController)) {
+ if ((pDSRoleInfo->MachineRole == DsRole_RoleMemberWorkstation) ||
+ (pDSRoleInfo->MachineRole == DsRole_RoleMemberServer) ||
+ (pDSRoleInfo->MachineRole == DsRole_RoleBackupDomainController) ||
+ (pDSRoleInfo->MachineRole == DsRole_RolePrimaryDomainController)) {
- size_t len = wcslen(pDSRoleInfo->DomainNameFlat);
+ size_t len = wcslen(pDSRoleInfo->DomainNameFlat);
- /* allocate buffer for str + null termination */
- safe_free(DomainName);
- DomainName = (char *) xmalloc(len + 1);
+ /* allocate buffer for str + null termination */
+ safe_free(DomainName);
+ DomainName = (char *) xmalloc(len + 1);
- /* copy unicode buffer */
- WideCharToMultiByte(CP_ACP, 0, pDSRoleInfo->DomainNameFlat, -1, DomainName, len, NULL, NULL);
+ /* copy unicode buffer */
+ WideCharToMultiByte(CP_ACP, 0, pDSRoleInfo->DomainNameFlat, -1, DomainName, len, NULL, NULL);
- /* add null termination */
- DomainName[len] = '\0';
+ /* add null termination */
+ DomainName[len] = '\0';
- /*
- * Member of a domain. Display it in debug mode.
- */
- debug("Member of Domain %s\n", DomainName);
- debug("Into forest %S\n", pDSRoleInfo->DomainForestName);
+ /*
+ * Member of a domain. Display it in debug mode.
+ */
+ debug("Member of Domain %s\n", DomainName);
+ debug("Into forest %S\n", pDSRoleInfo->DomainForestName);
- } else {
- debug("Not a Domain member\n");
- }
+ } else {
+ debug("Not a Domain member\n");
+ }
} else
- debug("GetDomainName: ERROR DsRoleGetPrimaryDomainInformation returned: %s\n", Get_WIN32_ErrorMessage(netret));
+ debug("GetDomainName: ERROR DsRoleGetPrimaryDomainInformation returned: %s\n", Get_WIN32_ErrorMessage(netret));
/*
* Free the allocated memory.
*/
if (pDSRoleInfo != NULL)
- DsRoleFreeMemory(pDSRoleInfo);
+ DsRoleFreeMemory(pDSRoleInfo);
return DomainName;
}
wchar_t **array;
if (User_Groups_Count == 0) {
- User_Groups = (wchar_t **) xmalloc(sizeof(wchar_t *));
- *User_Groups = NULL;
- User_Groups_Count++;
+ User_Groups = (wchar_t **) xmalloc(sizeof(wchar_t *));
+ *User_Groups = NULL;
+ User_Groups_Count++;
}
array = User_Groups;
while (*array) {
- if (wcscmp(Group, *array) == 0)
- return 0;
- array++;
+ if (wcscmp(Group, *array) == 0)
+ return 0;
+ array++;
}
User_Groups = (wchar_t **) xrealloc(User_Groups, sizeof(wchar_t *) * (User_Groups_Count + 1));
User_Groups[User_Groups_Count] = NULL;
wccmparray(const wchar_t * str, const wchar_t ** array)
{
while (*array) {
- debug("Windows group: %S, Squid group: %S\n", str, *array);
- if (wcscmp(str, *array) == 0)
- return 0;
- array++;
+ debug("Windows group: %S, Squid group: %S\n", str, *array);
+ if (wcscmp(str, *array) == 0)
+ return 0;
+ array++;
}
return -1;
}
WCHAR wszGroup[GNLEN + 1]; // Unicode Group
while (*array) {
- MultiByteToWideChar(CP_ACP, 0, *array,
- strlen(*array) + 1, wszGroup, sizeof(wszGroup) / sizeof(wszGroup[0]));
- debug("Windows group: %S, Squid group: %S\n", str, wszGroup);
- if ((use_case_insensitive_compare ? _wcsicmp(str, wszGroup) : wcscmp(str, wszGroup)) == 0)
- return 0;
- array++;
+ MultiByteToWideChar(CP_ACP, 0, *array,
+ strlen(*array) + 1, wszGroup, sizeof(wszGroup) / sizeof(wszGroup[0]));
+ debug("Windows group: %S, Squid group: %S\n", str, wszGroup);
+ if ((use_case_insensitive_compare ? _wcsicmp(str, wszGroup) : wcscmp(str, wszGroup)) == 0)
+ return 0;
+ array++;
}
return -1;
}
VariantInit(&var);
hr = pObj->lpVtbl->Get(pObj, L"memberOf", &var);
if (SUCCEEDED(hr)) {
- if (VT_BSTR == var.n1.n2.vt) {
- if (add_User_Group(var.n1.n2.n3.bstrVal)) {
- wchar_t *Group_Path;
- IADs *pGrp;
-
- Group_Path = GetLDAPPath(var.n1.n2.n3.bstrVal, GC_MODE);
- hr = ADsGetObject(Group_Path, &IID_IADs, (void **) &pGrp);
- if (SUCCEEDED(hr)) {
- hr = Recursive_Memberof(pGrp);
- pGrp->lpVtbl->Release(pGrp);
- safe_free(Group_Path);
- Group_Path = GetLDAPPath(var.n1.n2.n3.bstrVal, LDAP_MODE);
- hr = ADsGetObject(Group_Path, &IID_IADs, (void **) &pGrp);
- if (SUCCEEDED(hr)) {
- hr = Recursive_Memberof(pGrp);
- pGrp->lpVtbl->Release(pGrp);
- } else
- debug("Recursive_Memberof: ERROR ADsGetObject for %S failed: %s\n", Group_Path, Get_WIN32_ErrorMessage(hr));
- } else
- debug("Recursive_Memberof: ERROR ADsGetObject for %S failed: %s\n", Group_Path, Get_WIN32_ErrorMessage(hr));
- safe_free(Group_Path);
- }
- } else {
- if (SUCCEEDED(SafeArrayGetLBound(V_ARRAY(&var), 1, &lBound)) &&
- SUCCEEDED(SafeArrayGetUBound(V_ARRAY(&var), 1, &uBound))) {
- VARIANT elem;
- while (lBound <= uBound) {
- hr = SafeArrayGetElement(V_ARRAY(&var), &lBound, &elem);
- if (SUCCEEDED(hr)) {
- if (add_User_Group(elem.n1.n2.n3.bstrVal)) {
- wchar_t *Group_Path;
- IADs *pGrp;
-
- Group_Path = GetLDAPPath(elem.n1.n2.n3.bstrVal, GC_MODE);
- hr = ADsGetObject(Group_Path, &IID_IADs, (void **) &pGrp);
- if (SUCCEEDED(hr)) {
- hr = Recursive_Memberof(pGrp);
- pGrp->lpVtbl->Release(pGrp);
- safe_free(Group_Path);
- Group_Path = GetLDAPPath(elem.n1.n2.n3.bstrVal, LDAP_MODE);
- hr = ADsGetObject(Group_Path, &IID_IADs, (void **) &pGrp);
- if (SUCCEEDED(hr)) {
- hr = Recursive_Memberof(pGrp);
- pGrp->lpVtbl->Release(pGrp);
- safe_free(Group_Path);
- } else
- debug("Recursive_Memberof: ERROR ADsGetObject for %S failed: %s\n", Group_Path, Get_WIN32_ErrorMessage(hr));
- } else
- debug("Recursive_Memberof: ERROR ADsGetObject for %S failed: %s\n", Group_Path, Get_WIN32_ErrorMessage(hr));
- safe_free(Group_Path);
- }
- VariantClear(&elem);
- } else {
- debug("Recursive_Memberof: ERROR SafeArrayGetElement failed: %s\n", Get_WIN32_ErrorMessage(hr));
- VariantClear(&elem);
- }
- ++lBound;
- }
- } else
- debug("Recursive_Memberof: ERROR SafeArrayGetxBound failed: %s\n", Get_WIN32_ErrorMessage(hr));
- }
- VariantClear(&var);
+ if (VT_BSTR == var.n1.n2.vt) {
+ if (add_User_Group(var.n1.n2.n3.bstrVal)) {
+ wchar_t *Group_Path;
+ IADs *pGrp;
+
+ Group_Path = GetLDAPPath(var.n1.n2.n3.bstrVal, GC_MODE);
+ hr = ADsGetObject(Group_Path, &IID_IADs, (void **) &pGrp);
+ if (SUCCEEDED(hr)) {
+ hr = Recursive_Memberof(pGrp);
+ pGrp->lpVtbl->Release(pGrp);
+ safe_free(Group_Path);
+ Group_Path = GetLDAPPath(var.n1.n2.n3.bstrVal, LDAP_MODE);
+ hr = ADsGetObject(Group_Path, &IID_IADs, (void **) &pGrp);
+ if (SUCCEEDED(hr)) {
+ hr = Recursive_Memberof(pGrp);
+ pGrp->lpVtbl->Release(pGrp);
+ } else
+ debug("Recursive_Memberof: ERROR ADsGetObject for %S failed: %s\n", Group_Path, Get_WIN32_ErrorMessage(hr));
+ } else
+ debug("Recursive_Memberof: ERROR ADsGetObject for %S failed: %s\n", Group_Path, Get_WIN32_ErrorMessage(hr));
+ safe_free(Group_Path);
+ }
+ } else {
+ if (SUCCEEDED(SafeArrayGetLBound(V_ARRAY(&var), 1, &lBound)) &&
+ SUCCEEDED(SafeArrayGetUBound(V_ARRAY(&var), 1, &uBound))) {
+ VARIANT elem;
+ while (lBound <= uBound) {
+ hr = SafeArrayGetElement(V_ARRAY(&var), &lBound, &elem);
+ if (SUCCEEDED(hr)) {
+ if (add_User_Group(elem.n1.n2.n3.bstrVal)) {
+ wchar_t *Group_Path;
+ IADs *pGrp;
+
+ Group_Path = GetLDAPPath(elem.n1.n2.n3.bstrVal, GC_MODE);
+ hr = ADsGetObject(Group_Path, &IID_IADs, (void **) &pGrp);
+ if (SUCCEEDED(hr)) {
+ hr = Recursive_Memberof(pGrp);
+ pGrp->lpVtbl->Release(pGrp);
+ safe_free(Group_Path);
+ Group_Path = GetLDAPPath(elem.n1.n2.n3.bstrVal, LDAP_MODE);
+ hr = ADsGetObject(Group_Path, &IID_IADs, (void **) &pGrp);
+ if (SUCCEEDED(hr)) {
+ hr = Recursive_Memberof(pGrp);
+ pGrp->lpVtbl->Release(pGrp);
+ safe_free(Group_Path);
+ } else
+ debug("Recursive_Memberof: ERROR ADsGetObject for %S failed: %s\n", Group_Path, Get_WIN32_ErrorMessage(hr));
+ } else
+ debug("Recursive_Memberof: ERROR ADsGetObject for %S failed: %s\n", Group_Path, Get_WIN32_ErrorMessage(hr));
+ safe_free(Group_Path);
+ }
+ VariantClear(&elem);
+ } else {
+ debug("Recursive_Memberof: ERROR SafeArrayGetElement failed: %s\n", Get_WIN32_ErrorMessage(hr));
+ VariantClear(&elem);
+ }
+ ++lBound;
+ }
+ } else
+ debug("Recursive_Memberof: ERROR SafeArrayGetxBound failed: %s\n", Get_WIN32_ErrorMessage(hr));
+ }
+ VariantClear(&var);
} else {
- if (hr != E_ADS_PROPERTY_NOT_FOUND)
- debug("Recursive_Memberof: ERROR getting memberof attribute: %s\n", Get_WIN32_ErrorMessage(hr));
+ if (hr != E_ADS_PROPERTY_NOT_FOUND)
+ debug("Recursive_Memberof: ERROR getting memberof attribute: %s\n", Get_WIN32_ErrorMessage(hr));
}
return hr;
}
entry = wc_array = (wchar_t **) xmalloc((numberofgroups + 1) * sizeof(wchar_t *));
while (*array) {
- if (strchr(*array, '/') != NULL) {
- strncpy(Group, *array, GNLEN);
- source_group_format = ADS_NAME_TYPE_CANONICAL;
- } else {
- source_group_format = ADS_NAME_TYPE_NT4;
- if (strchr(*array, '\\') == NULL) {
- strcpy(Group, userdomain);
- strcat(Group, "\\");
- strncat(Group, *array, GNLEN - sizeof(userdomain) - 1);
- } else
- strncpy(Group, *array, GNLEN);
- }
-
- wcsize = MultiByteToWideChar(CP_ACP, 0, Group, -1, wc, 0);
- wc = (wchar_t *) xmalloc(wcsize * sizeof(wchar_t));
- MultiByteToWideChar(CP_ACP, 0, Group, -1, wc, wcsize);
- *entry = My_NameTranslate(wc, source_group_format, ADS_NAME_TYPE_1779);
- safe_free(wc);
- array++;
- if (*entry == NULL) {
- debug("build_groups_DN_array: cannot get DN for '%s'.\n", Group);
- continue;
- }
- entry++;
+ if (strchr(*array, '/') != NULL) {
+ strncpy(Group, *array, GNLEN);
+ source_group_format = ADS_NAME_TYPE_CANONICAL;
+ } else {
+ source_group_format = ADS_NAME_TYPE_NT4;
+ if (strchr(*array, '\\') == NULL) {
+ strcpy(Group, userdomain);
+ strcat(Group, "\\");
+ strncat(Group, *array, GNLEN - sizeof(userdomain) - 1);
+ } else
+ strncpy(Group, *array, GNLEN);
+ }
+
+ wcsize = MultiByteToWideChar(CP_ACP, 0, Group, -1, wc, 0);
+ wc = (wchar_t *) xmalloc(wcsize * sizeof(wchar_t));
+ MultiByteToWideChar(CP_ACP, 0, Group, -1, wc, wcsize);
+ *entry = My_NameTranslate(wc, source_group_format, ADS_NAME_TYPE_1779);
+ safe_free(wc);
+ array++;
+ if (*entry == NULL) {
+ debug("build_groups_DN_array: cannot get DN for '%s'.\n", Group);
+ continue;
+ }
+ entry++;
}
*entry = NULL;
return wc_array;
LPBYTE pBufTmp = NULL;
if ((Domain_Separator = strchr(UserName, '/')) != NULL)
- *Domain_Separator = '\\';
+ *Domain_Separator = '\\';
debug("Valid_Local_Groups: checking group membership of '%s'.\n", UserName);
-/* Convert ANSI User Name and Group to Unicode */
+ /* Convert ANSI User Name and Group to Unicode */
MultiByteToWideChar(CP_ACP, 0, UserName,
- strlen(UserName) + 1, wszUserName, sizeof(wszUserName) / sizeof(wszUserName[0]));
+ strlen(UserName) + 1, wszUserName, sizeof(wszUserName) / sizeof(wszUserName[0]));
/*
- * Call the NetUserGetLocalGroups function
+ * Call the NetUserGetLocalGroups function
* specifying information level 0.
- *
- * The LG_INCLUDE_INDIRECT flag specifies that the
- * function should also return the names of the local
+ *
+ * The LG_INCLUDE_INDIRECT flag specifies that the
+ * function should also return the names of the local
* groups in which the user is indirectly a member.
*/
nStatus = NetUserGetLocalGroups(NULL,
- wszUserName,
- dwLevel,
- dwFlags,
- &pBufTmp,
- dwPrefMaxLen,
- &dwEntriesRead,
- &dwTotalEntries);
+ wszUserName,
+ dwLevel,
+ dwFlags,
+ &pBufTmp,
+ dwPrefMaxLen,
+ &dwEntriesRead,
+ &dwTotalEntries);
pBuf = (LPLOCALGROUP_USERS_INFO_0) pBufTmp;
/*
* If the call succeeds,
*/
if (nStatus == NERR_Success) {
- if ((pTmpBuf = pBuf) != NULL) {
- for (i = 0; i < dwEntriesRead; i++) {
- assert(pTmpBuf != NULL);
- if (pTmpBuf == NULL) {
- result = 0;
- break;
- }
- if (wcstrcmparray(pTmpBuf->lgrui0_name, Groups) == 0) {
- result = 1;
- break;
- }
- pTmpBuf++;
- dwTotalCount++;
- }
- }
+ if ((pTmpBuf = pBuf) != NULL) {
+ for (i = 0; i < dwEntriesRead; i++) {
+ assert(pTmpBuf != NULL);
+ if (pTmpBuf == NULL) {
+ result = 0;
+ break;
+ }
+ if (wcstrcmparray(pTmpBuf->lgrui0_name, Groups) == 0) {
+ result = 1;
+ break;
+ }
+ pTmpBuf++;
+ dwTotalCount++;
+ }
+ }
} else {
- debug("Valid_Local_Groups: ERROR NetUserGetLocalGroups returned: %s\n", Get_WIN32_ErrorMessage(nStatus));
- result = 0;
+ debug("Valid_Local_Groups: ERROR NetUserGetLocalGroups returned: %s\n", Get_WIN32_ErrorMessage(nStatus));
+ result = 0;
}
-/*
- * Free the allocated memory.
- */
+ /*
+ * Free the allocated memory.
+ */
if (pBuf != NULL)
- NetApiBufferFree(pBuf);
+ NetApiBufferFree(pBuf);
return result;
}
strncpy(NTDomain, UserName, sizeof(NTDomain));
for (j = 0; j < strlen(NTV_VALID_DOMAIN_SEPARATOR); j++) {
- if ((domain_qualify = strchr(NTDomain, NTV_VALID_DOMAIN_SEPARATOR[j])) != NULL)
- break;
+ if ((domain_qualify = strchr(NTDomain, NTV_VALID_DOMAIN_SEPARATOR[j])) != NULL)
+ break;
}
if (domain_qualify == NULL) {
- strncpy(User, DefaultDomain, DNLEN);
- strcat(User, "\\");
- strncat(User, UserName, UNLEN);
- strncpy(NTDomain, DefaultDomain, DNLEN);
+ strncpy(User, DefaultDomain, DNLEN);
+ strcat(User, "\\");
+ strncat(User, UserName, UNLEN);
+ strncpy(NTDomain, DefaultDomain, DNLEN);
} else {
- domain_qualify[0] = '\\';
- strncpy(User, NTDomain, DNLEN + UNLEN + 2);
- domain_qualify[0] = '\0';
+ domain_qualify[0] = '\\';
+ strncpy(User, NTDomain, DNLEN + UNLEN + 2);
+ domain_qualify[0] = '\0';
}
debug("Valid_Global_Groups: checking group membership of '%s'.\n", User);
/* Convert ANSI User Name to Unicode */
MultiByteToWideChar(CP_ACP, 0, User,
- strlen(User) + 1, wszUser,
- sizeof(wszUser) / sizeof(wszUser[0]));
+ strlen(User) + 1, wszUser,
+ sizeof(wszUser) / sizeof(wszUser[0]));
/* Get CN of User */
if ((User_DN = My_NameTranslate(wszUser, ADS_NAME_TYPE_NT4, ADS_NAME_TYPE_1779)) == NULL) {
- debug("Valid_Global_Groups: cannot get DN for '%s'.\n", User);
- return result;
+ debug("Valid_Global_Groups: cannot get DN for '%s'.\n", User);
+ return result;
}
wszGroups = build_groups_DN_array(Groups, NTDomain);
hr = ADsGetObject(User_LDAP_path, &IID_IADs, (void **) &pUser);
if (SUCCEEDED(hr)) {
- wchar_t *User_PrimaryGroup_Path;
- IADs *pGrp;
-
- User_PrimaryGroup = Get_primaryGroup(pUser);
- if (User_PrimaryGroup == NULL)
- debug("Valid_Global_Groups: cannot get Primary Group for '%s'.\n", User);
- else {
- add_User_Group(User_PrimaryGroup);
- User_PrimaryGroup_Path = GetLDAPPath(User_PrimaryGroup, GC_MODE);
- hr = ADsGetObject(User_PrimaryGroup_Path, &IID_IADs, (void **) &pGrp);
- if (SUCCEEDED(hr)) {
- hr = Recursive_Memberof(pGrp);
- pGrp->lpVtbl->Release(pGrp);
- safe_free(User_PrimaryGroup_Path);
- User_PrimaryGroup_Path = GetLDAPPath(User_PrimaryGroup, LDAP_MODE);
- hr = ADsGetObject(User_PrimaryGroup_Path, &IID_IADs, (void **) &pGrp);
- if (SUCCEEDED(hr)) {
- hr = Recursive_Memberof(pGrp);
- pGrp->lpVtbl->Release(pGrp);
- } else
- debug("Valid_Global_Groups: ADsGetObject for %S failed, ERROR: %s\n", User_PrimaryGroup_Path, Get_WIN32_ErrorMessage(hr));
- } else
- debug("Valid_Global_Groups: ADsGetObject for %S failed, ERROR: %s\n", User_PrimaryGroup_Path, Get_WIN32_ErrorMessage(hr));
- safe_free(User_PrimaryGroup_Path);
- }
- hr = Recursive_Memberof(pUser);
- pUser->lpVtbl->Release(pUser);
- safe_free(User_LDAP_path);
- User_LDAP_path = GetLDAPPath(User_DN, LDAP_MODE);
- hr = ADsGetObject(User_LDAP_path, &IID_IADs, (void **) &pUser);
- if (SUCCEEDED(hr)) {
- hr = Recursive_Memberof(pUser);
- pUser->lpVtbl->Release(pUser);
- } else
- debug("Valid_Global_Groups: ADsGetObject for %S failed, ERROR: %s\n", User_LDAP_path, Get_WIN32_ErrorMessage(hr));
-
- tmp = User_Groups;
- while (*tmp) {
- if (wccmparray(*tmp, wszGroups) == 0) {
- result = 1;
- break;
- }
- tmp++;
- }
+ wchar_t *User_PrimaryGroup_Path;
+ IADs *pGrp;
+
+ User_PrimaryGroup = Get_primaryGroup(pUser);
+ if (User_PrimaryGroup == NULL)
+ debug("Valid_Global_Groups: cannot get Primary Group for '%s'.\n", User);
+ else {
+ add_User_Group(User_PrimaryGroup);
+ User_PrimaryGroup_Path = GetLDAPPath(User_PrimaryGroup, GC_MODE);
+ hr = ADsGetObject(User_PrimaryGroup_Path, &IID_IADs, (void **) &pGrp);
+ if (SUCCEEDED(hr)) {
+ hr = Recursive_Memberof(pGrp);
+ pGrp->lpVtbl->Release(pGrp);
+ safe_free(User_PrimaryGroup_Path);
+ User_PrimaryGroup_Path = GetLDAPPath(User_PrimaryGroup, LDAP_MODE);
+ hr = ADsGetObject(User_PrimaryGroup_Path, &IID_IADs, (void **) &pGrp);
+ if (SUCCEEDED(hr)) {
+ hr = Recursive_Memberof(pGrp);
+ pGrp->lpVtbl->Release(pGrp);
+ } else
+ debug("Valid_Global_Groups: ADsGetObject for %S failed, ERROR: %s\n", User_PrimaryGroup_Path, Get_WIN32_ErrorMessage(hr));
+ } else
+ debug("Valid_Global_Groups: ADsGetObject for %S failed, ERROR: %s\n", User_PrimaryGroup_Path, Get_WIN32_ErrorMessage(hr));
+ safe_free(User_PrimaryGroup_Path);
+ }
+ hr = Recursive_Memberof(pUser);
+ pUser->lpVtbl->Release(pUser);
+ safe_free(User_LDAP_path);
+ User_LDAP_path = GetLDAPPath(User_DN, LDAP_MODE);
+ hr = ADsGetObject(User_LDAP_path, &IID_IADs, (void **) &pUser);
+ if (SUCCEEDED(hr)) {
+ hr = Recursive_Memberof(pUser);
+ pUser->lpVtbl->Release(pUser);
+ } else
+ debug("Valid_Global_Groups: ADsGetObject for %S failed, ERROR: %s\n", User_LDAP_path, Get_WIN32_ErrorMessage(hr));
+
+ tmp = User_Groups;
+ while (*tmp) {
+ if (wccmparray(*tmp, wszGroups) == 0) {
+ result = 1;
+ break;
+ }
+ tmp++;
+ }
} else
- debug("Valid_Global_Groups: ADsGetObject for %S failed, ERROR: %s\n", User_LDAP_path, Get_WIN32_ErrorMessage(hr));
+ debug("Valid_Global_Groups: ADsGetObject for %S failed, ERROR: %s\n", User_LDAP_path, Get_WIN32_ErrorMessage(hr));
safe_free(User_DN);
safe_free(User_LDAP_path);
safe_free(User_PrimaryGroup);
tmp = wszGroups;
while (*tmp) {
- safe_free(*tmp);
- tmp++;
+ safe_free(*tmp);
+ tmp++;
}
safe_free(wszGroups);
tmp = User_Groups;
while (*tmp) {
- safe_free(*tmp);
- tmp++;
+ safe_free(*tmp);
+ tmp++;
}
safe_free(User_Groups);
User_Groups_Count = 0;
usage(char *program)
{
fprintf(stderr, "Usage: %s [-D domain][-G][-c][-d][-h]\n"
- " -D default user Domain\n"
- " -G enable Active Directory Global group mode\n"
- " -c use case insensitive compare (local mode only)\n"
- " -d enable debugging\n"
- " -h this message\n",
- program);
+ " -D default user Domain\n"
+ " -G enable Active Directory Global group mode\n"
+ " -c use case insensitive compare (local mode only)\n"
+ " -d enable debugging\n"
+ " -h this message\n",
+ program);
}
void
opterr = 0;
while (-1 != (opt = getopt(argc, argv, "D:Gcdh"))) {
- switch (opt) {
- case 'D':
- DefaultDomain = xstrndup(optarg, DNLEN + 1);
- strlwr(DefaultDomain);
- break;
- case 'G':
- use_global = 1;
- break;
- case 'c':
- use_case_insensitive_compare = 1;
- break;
- case 'd':
- debug_enabled = 1;
- break;
- case 'h':
- usage(argv[0]);
- exit(0);
- case '?':
- opt = optopt;
- /* fall thru to default */
- default:
- fprintf(stderr, "%s Unknown option: -%c. Exiting\n", myname, opt);
- usage(argv[0]);
- exit(1);
- break; /* not reached */
- }
+ switch (opt) {
+ case 'D':
+ DefaultDomain = xstrndup(optarg, DNLEN + 1);
+ strlwr(DefaultDomain);
+ break;
+ case 'G':
+ use_global = 1;
+ break;
+ case 'c':
+ use_case_insensitive_compare = 1;
+ break;
+ case 'd':
+ debug_enabled = 1;
+ break;
+ case 'h':
+ usage(argv[0]);
+ exit(0);
+ case '?':
+ opt = optopt;
+ /* fall thru to default */
+ default:
+ fprintf(stderr, "%s Unknown option: -%c. Exiting\n", myname, opt);
+ usage(argv[0]);
+ exit(1);
+ break; /* not reached */
+ }
}
return;
}
int n;
if (argc > 0) { /* should always be true */
- myname = strrchr(argv[0], '/');
- if (myname == NULL)
- myname = argv[0];
+ myname = strrchr(argv[0], '/');
+ if (myname == NULL)
+ myname = argv[0];
} else {
- myname = "(unknown)";
+ myname = "(unknown)";
}
mypid = getpid();
process_options(argc, argv);
if (use_global) {
- if ((machinedomain = GetDomainName()) == NULL) {
- fprintf(stderr, "%s Can't read machine domain\n", myname);
- exit(1);
- }
- strlwr(machinedomain);
- if (!DefaultDomain)
- DefaultDomain = xstrdup(machinedomain);
+ if ((machinedomain = GetDomainName()) == NULL) {
+ fprintf(stderr, "%s Can't read machine domain\n", myname);
+ exit(1);
+ }
+ strlwr(machinedomain);
+ if (!DefaultDomain)
+ DefaultDomain = xstrdup(machinedomain);
}
debug("External ACL win32 group helper build " __DATE__ ", " __TIME__
- " starting up...\n");
+ " starting up...\n");
if (use_global)
- debug("Domain Global group mode enabled using '%s' as default domain.\n", DefaultDomain);
+ debug("Domain Global group mode enabled using '%s' as default domain.\n", DefaultDomain);
if (use_case_insensitive_compare)
- debug("Warning: running in case insensitive mode !!!\n");
+ debug("Warning: running in case insensitive mode !!!\n");
atexit(CloseCOM);
/* Main Loop */
while (fgets(buf, sizeof(buf), stdin)) {
- if (NULL == strchr(buf, '\n')) {
- /* too large message received.. skip and deny */
- fprintf(stderr, "%s: ERROR: Too large: %s\n", argv[0], buf);
- while (fgets(buf, sizeof(buf), stdin)) {
- fprintf(stderr, "%s: ERROR: Too large..: %s\n", argv[0], buf);
- if (strchr(buf, '\n') != NULL)
- break;
- }
- goto error;
- }
- if ((p = strchr(buf, '\n')) != NULL)
- *p = '\0'; /* strip \n */
- if ((p = strchr(buf, '\r')) != NULL)
- *p = '\0'; /* strip \r */
-
- debug("Got '%s' from Squid (length: %d).\n", buf, strlen(buf));
-
- if (buf[0] == '\0') {
- fprintf(stderr, "Invalid Request\n");
- goto error;
- }
- username = strtok(buf, " ");
- for (n = 0; (group = strtok(NULL, " ")) != NULL; n++) {
- rfc1738_unescape(group);
- groups[n] = group;
- }
- groups[n] = NULL;
- numberofgroups = n;
-
- if (NULL == username) {
- fprintf(stderr, "Invalid Request\n");
- goto error;
- }
- rfc1738_unescape(username);
-
- if ((use_global ? Valid_Global_Groups(username, groups) : Valid_Local_Groups(username, groups))) {
- SEND("OK");
- } else {
- error:
- SEND("ERR");
- }
- err = 0;
+ if (NULL == strchr(buf, '\n')) {
+ /* too large message received.. skip and deny */
+ fprintf(stderr, "%s: ERROR: Too large: %s\n", argv[0], buf);
+ while (fgets(buf, sizeof(buf), stdin)) {
+ fprintf(stderr, "%s: ERROR: Too large..: %s\n", argv[0], buf);
+ if (strchr(buf, '\n') != NULL)
+ break;
+ }
+ goto error;
+ }
+ if ((p = strchr(buf, '\n')) != NULL)
+ *p = '\0'; /* strip \n */
+ if ((p = strchr(buf, '\r')) != NULL)
+ *p = '\0'; /* strip \r */
+
+ debug("Got '%s' from Squid (length: %d).\n", buf, strlen(buf));
+
+ if (buf[0] == '\0') {
+ fprintf(stderr, "Invalid Request\n");
+ goto error;
+ }
+ username = strtok(buf, " ");
+ for (n = 0; (group = strtok(NULL, " ")) != NULL; n++) {
+ rfc1738_unescape(group);
+ groups[n] = group;
+ }
+ groups[n] = NULL;
+ numberofgroups = n;
+
+ if (NULL == username) {
+ fprintf(stderr, "Invalid Request\n");
+ goto error;
+ }
+ rfc1738_unescape(username);
+
+ if ((use_global ? Valid_Global_Groups(username, groups) : Valid_Local_Groups(username, groups))) {
+ SEND("OK");
+ } else {
+error:
+ SEND("ERR");
+ }
+ err = 0;
}
return 0;
}
projects / thirdparty / squid.git / commitdiff
