95
95
if ((netret = DsRoleGetPrimaryDomainInformation(NULL, DsRolePrimaryDomainInfoBasic, (PBYTE *) & pDSRoleInfo) == ERROR_SUCCESS)) {
97
* Check the machine role.
100
if ((pDSRoleInfo->MachineRole == DsRole_RoleMemberWorkstation) ||
101
(pDSRoleInfo->MachineRole == DsRole_RoleMemberServer) ||
102
(pDSRoleInfo->MachineRole == DsRole_RoleBackupDomainController) ||
103
(pDSRoleInfo->MachineRole == DsRole_RolePrimaryDomainController)) {
105
size_t len = wcslen(pDSRoleInfo->DomainNameFlat);
107
/* allocate buffer for str + null termination */
108
safe_free(DomainName);
109
DomainName = (char *) xmalloc(len + 1);
110
if (DomainName == NULL)
113
/* copy unicode buffer */
114
WideCharToMultiByte(CP_ACP, 0, pDSRoleInfo->DomainNameFlat, -1, DomainName, len, NULL, NULL);
116
/* add null termination */
117
DomainName[len] = '\0';
120
* Member of a domain. Display it in debug mode.
122
debug("Member of Domain %s\n", DomainName);
123
debug("Into forest %S\n", pDSRoleInfo->DomainForestName);
126
debug("Not a Domain member\n");
97
* Check the machine role.
100
if ((pDSRoleInfo->MachineRole == DsRole_RoleMemberWorkstation) ||
101
(pDSRoleInfo->MachineRole == DsRole_RoleMemberServer) ||
102
(pDSRoleInfo->MachineRole == DsRole_RoleBackupDomainController) ||
103
(pDSRoleInfo->MachineRole == DsRole_RolePrimaryDomainController)) {
105
size_t len = wcslen(pDSRoleInfo->DomainNameFlat);
107
/* allocate buffer for str + null termination */
108
safe_free(DomainName);
109
DomainName = (char *) xmalloc(len + 1);
110
if (DomainName == NULL)
113
/* copy unicode buffer */
114
WideCharToMultiByte(CP_ACP, 0, pDSRoleInfo->DomainNameFlat, -1, DomainName, len, NULL, NULL);
116
/* add null termination */
117
DomainName[len] = '\0';
120
* Member of a domain. Display it in debug mode.
122
debug("Member of Domain %s\n", DomainName);
123
debug("Into forest %S\n", pDSRoleInfo->DomainForestName);
126
debug("Not a Domain member\n");
129
debug("DsRoleGetPrimaryDomainInformation Error: %ld\n", netret);
129
debug("DsRoleGetPrimaryDomainInformation Error: %ld\n", netret);
132
132
* Free the allocated memory.
134
134
if (pDSRoleInfo != NULL)
135
DsRoleFreeMemory(pDSRoleInfo);
135
DsRoleFreeMemory(pDSRoleInfo);
137
137
return DomainName;
144
144
WCHAR wszGroup[GNLEN + 1]; // Unicode Group
147
MultiByteToWideChar(CP_ACP, 0, *array,
148
strlen(*array) + 1, wszGroup, sizeof(wszGroup) / sizeof(wszGroup[0]));
149
debug("Windows group: %S, Squid group: %S\n", str, wszGroup);
150
if ((use_case_insensitive_compare ? _wcsicmp(str, wszGroup) : wcscmp(str, wszGroup)) == 0)
147
MultiByteToWideChar(CP_ACP, 0, *array,
148
strlen(*array) + 1, wszGroup, sizeof(wszGroup) / sizeof(wszGroup[0]));
149
debug("Windows group: %S, Squid group: %S\n", str, wszGroup);
150
if ((use_case_insensitive_compare ? _wcsicmp(str, wszGroup) : wcscmp(str, wszGroup)) == 0)
175
175
LPBYTE pBufTmp = NULL;
177
177
if ((Domain_Separator = strchr(UserName, '/')) != NULL)
178
*Domain_Separator = '\\';
178
*Domain_Separator = '\\';
180
180
debug("Valid_Local_Groups: checking group membership of '%s'.\n", UserName);
182
/* Convert ANSI User Name and Group to Unicode */
182
/* Convert ANSI User Name and Group to Unicode */
184
184
MultiByteToWideChar(CP_ACP, 0, UserName,
185
strlen(UserName) + 1, wszUserName, sizeof(wszUserName) / sizeof(wszUserName[0]));
185
strlen(UserName) + 1, wszUserName, sizeof(wszUserName) / sizeof(wszUserName[0]));
188
* Call the NetUserGetLocalGroups function
188
* Call the NetUserGetLocalGroups function
189
189
* specifying information level 0.
191
* The LG_INCLUDE_INDIRECT flag specifies that the
192
* function should also return the names of the local
191
* The LG_INCLUDE_INDIRECT flag specifies that the
192
* function should also return the names of the local
193
193
* groups in which the user is indirectly a member.
195
195
nStatus = NetUserGetLocalGroups(NULL,
203
203
pBuf = (LPLOCALGROUP_USERS_INFO_0) pBufTmp;
205
205
* If the call succeeds,
207
207
if (nStatus == NERR_Success) {
208
if ((pTmpBuf = pBuf) != NULL) {
209
for (i = 0; i < dwEntriesRead; i++) {
210
assert(pTmpBuf != NULL);
211
if (pTmpBuf == NULL) {
215
if (wcstrcmparray(pTmpBuf->lgrui0_name, Groups) == 0) {
208
if ((pTmpBuf = pBuf) != NULL) {
209
for (i = 0; i < dwEntriesRead; i++) {
210
assert(pTmpBuf != NULL);
211
if (pTmpBuf == NULL) {
215
if (wcstrcmparray(pTmpBuf->lgrui0_name, Groups) == 0) {
226
* Free the allocated memory.
226
* Free the allocated memory.
228
228
if (pBuf != NULL)
229
NetApiBufferFree(pBuf);
229
NetApiBufferFree(pBuf);
260
260
strncpy(NTDomain, UserName, sizeof(NTDomain));
262
262
for (j = 0; j < strlen(NTV_VALID_DOMAIN_SEPARATOR); j++) {
263
if ((domain_qualify = strchr(NTDomain, NTV_VALID_DOMAIN_SEPARATOR[j])) != NULL)
263
if ((domain_qualify = strchr(NTDomain, NTV_VALID_DOMAIN_SEPARATOR[j])) != NULL)
266
266
if (domain_qualify == NULL) {
267
strcpy(User, NTDomain);
268
strcpy(NTDomain, DefaultDomain);
267
strcpy(User, NTDomain);
268
strcpy(NTDomain, DefaultDomain);
270
strcpy(User, domain_qualify + 1);
271
domain_qualify[0] = '\0';
270
strcpy(User, domain_qualify + 1);
271
domain_qualify[0] = '\0';
275
275
debug("Valid_Global_Groups: checking group membership of '%s\\%s'.\n", NTDomain, User);
277
277
/* Convert ANSI User Name to Unicode */
279
279
MultiByteToWideChar(CP_ACP, 0, User,
280
strlen(User) + 1, wszUserName,
281
sizeof(wszUserName) / sizeof(wszUserName[0]));
280
strlen(User) + 1, wszUserName,
281
sizeof(wszUserName) / sizeof(wszUserName[0]));
283
283
/* Query AD for a DC */
285
285
if (DsGetDcName(NULL, NTDomain, NULL, NULL, DS_IS_FLAT_NAME | DS_RETURN_FLAT_NAME, &pDCInfo) != NO_ERROR) {
286
fprintf(stderr, "%s DsGetDcName() failed.'\n", myname);
288
NetApiBufferFree(pDCInfo);
286
fprintf(stderr, "%s DsGetDcName() failed.'\n", myname);
288
NetApiBufferFree(pDCInfo);
291
291
/* Convert ANSI Domain Controller Name to Unicode */
293
293
MultiByteToWideChar(CP_ACP, 0, pDCInfo->DomainControllerName,
294
strlen(pDCInfo->DomainControllerName) + 1, wszDomainControllerName,
295
sizeof(wszDomainControllerName) / sizeof(wszDomainControllerName[0]));
294
strlen(pDCInfo->DomainControllerName) + 1, wszDomainControllerName,
295
sizeof(wszDomainControllerName) / sizeof(wszDomainControllerName[0]));
297
297
debug("Using '%S' as DC for '%s' user's domain.\n", wszDomainControllerName, NTDomain);
298
298
debug("DC Active Directory Site is %s\n", pDCInfo->DcSiteName);
299
299
debug("Machine Active Directory Site is %s\n", pDCInfo->ClientSiteName);
302
* Call the NetUserGetGroups function
302
* Call the NetUserGetGroups function
303
303
* specifying information level 0.
307
307
nStatus = NetUserGetGroups(wszDomainControllerName,
314
314
pUsrBuf = (LPGROUP_USERS_INFO_0) pBufTmp;
316
316
* If the call succeeds,
318
318
if (nStatus == NERR_Success) {
319
if ((pTmpBuf = pUsrBuf) != NULL) {
320
for (i = 0; i < dwEntriesRead; i++) {
321
assert(pTmpBuf != NULL);
322
if (pTmpBuf == NULL) {
326
if (wcstrcmparray(pTmpBuf->grui0_name, Groups) == 0) {
319
if ((pTmpBuf = pUsrBuf) != NULL) {
320
for (i = 0; i < dwEntriesRead; i++) {
321
assert(pTmpBuf != NULL);
322
if (pTmpBuf == NULL) {
326
if (wcstrcmparray(pTmpBuf->grui0_name, Groups) == 0) {
336
fprintf(stderr, "%s NetUserGetGroups() failed.'\n", myname);
336
fprintf(stderr, "%s NetUserGetGroups() failed.'\n", myname);
339
339
* Free the allocated memory.
341
341
if (pUsrBuf != NULL)
342
NetApiBufferFree(pUsrBuf);
342
NetApiBufferFree(pUsrBuf);
343
343
if (pDCInfo != NULL)
344
NetApiBufferFree((LPVOID) pDCInfo);
344
NetApiBufferFree((LPVOID) pDCInfo);
366
366
while (-1 != (opt = getopt(argc, argv, "D:Gcdh"))) {
369
DefaultDomain = xstrndup(optarg, DNLEN + 1);
370
strlwr(DefaultDomain);
376
use_case_insensitive_compare = 1;
386
/* fall thru to default */
388
fprintf(stderr, "%s Unknown option: -%c. Exiting\n", myname, opt);
391
break; /* not reached */
369
DefaultDomain = xstrndup(optarg, DNLEN + 1);
370
strlwr(DefaultDomain);
376
use_case_insensitive_compare = 1;
386
/* fall thru to default */
388
fprintf(stderr, "%s Unknown option: -%c. Exiting\n", myname, opt);
391
break; /* not reached */
422
422
process_options(argc, argv);
424
424
if (use_global) {
425
if ((machinedomain = GetDomainName()) == NULL) {
426
fprintf(stderr, "%s Can't read machine domain\n", myname);
429
strlwr(machinedomain);
431
DefaultDomain = xstrdup(machinedomain);
425
if ((machinedomain = GetDomainName()) == NULL) {
426
fprintf(stderr, "%s Can't read machine domain\n", myname);
429
strlwr(machinedomain);
431
DefaultDomain = xstrdup(machinedomain);
433
433
debug("External ACL win32 group helper build " __DATE__ ", " __TIME__
434
" starting up...\n");
434
" starting up...\n");
436
debug("Domain Global group mode enabled using '%s' as default domain.\n", DefaultDomain);
436
debug("Domain Global group mode enabled using '%s' as default domain.\n", DefaultDomain);
437
437
if (use_case_insensitive_compare)
438
debug("Warning: running in case insensitive mode !!!\n");
438
debug("Warning: running in case insensitive mode !!!\n");
441
441
while (fgets(buf, sizeof(buf), stdin)) {
442
if (NULL == strchr(buf, '\n')) {
443
/* too large message received.. skip and deny */
444
fprintf(stderr, "%s: ERROR: Too large: %s\n", argv[0], buf);
445
while (fgets(buf, sizeof(buf), stdin)) {
446
fprintf(stderr, "%s: ERROR: Too large..: %s\n", argv[0], buf);
447
if (strchr(buf, '\n') != NULL)
452
if ((p = strchr(buf, '\n')) != NULL)
453
*p = '\0'; /* strip \n */
454
if ((p = strchr(buf, '\r')) != NULL)
455
*p = '\0'; /* strip \r */
457
debug("Got '%s' from Squid (length: %d).\n", buf, strlen(buf));
459
if (buf[0] == '\0') {
460
fprintf(stderr, "Invalid Request\n");
463
username = strtok(buf, " ");
464
for (n = 0; (group = strtok(NULL, " ")) != NULL; n++) {
465
rfc1738_unescape(group);
470
if (NULL == username) {
471
fprintf(stderr, "Invalid Request\n");
474
rfc1738_unescape(username);
476
if ((use_global ? Valid_Global_Groups(username, groups) : Valid_Local_Groups(username, groups))) {
442
if (NULL == strchr(buf, '\n')) {
443
/* too large message received.. skip and deny */
444
fprintf(stderr, "%s: ERROR: Too large: %s\n", argv[0], buf);
445
while (fgets(buf, sizeof(buf), stdin)) {
446
fprintf(stderr, "%s: ERROR: Too large..: %s\n", argv[0], buf);
447
if (strchr(buf, '\n') != NULL)
452
if ((p = strchr(buf, '\n')) != NULL)
453
*p = '\0'; /* strip \n */
454
if ((p = strchr(buf, '\r')) != NULL)
455
*p = '\0'; /* strip \r */
457
debug("Got '%s' from Squid (length: %d).\n", buf, strlen(buf));
459
if (buf[0] == '\0') {
460
fprintf(stderr, "Invalid Request\n");
463
username = strtok(buf, " ");
464
for (n = 0; (group = strtok(NULL, " ")) != NULL; n++) {
465
rfc1738_unescape(group);
470
if (NULL == username) {
471
fprintf(stderr, "Invalid Request\n");
474
rfc1738_unescape(username);
476
if ((use_global ? Valid_Global_Groups(username, groups) : Valid_Local_Groups(username, groups))) {