--------------------- PatchSet 6711 Date: 2005/07/08 09:20:59 Author: serassio Branch: nt-2_5 Tag: (none) Log: Updated win32_check_group to Version 1.22: Added -P option for force usage of PDCs for group validation. Added support for '/' char as domain separator. Members: helpers/external_acl/win32_group/readme.txt:1.1.8.10->1.1.8.11 helpers/external_acl/win32_group/win32_check_group.c:1.1.8.19->1.1.8.20 Index: squid/helpers/external_acl/win32_group/readme.txt =================================================================== RCS file: /cvsroot/squid-sf//squid/helpers/external_acl/win32_group/Attic/readme.txt,v retrieving revision 1.1.8.10 retrieving revision 1.1.8.11 diff -u -r1.1.8.10 -r1.1.8.11 --- squid/helpers/external_acl/win32_group/readme.txt 25 Apr 2005 13:28:29 -0000 1.1.8.10 +++ squid/helpers/external_acl/win32_group/readme.txt 8 Jul 2005 09:20:59 -0000 1.1.8.11 @@ -14,10 +14,11 @@ Program Syntax ============== -win32_check_group [-G][-D domain][-c][-d][-h] +win32_check_group [-D domain]{-g][-P][-c][-d][-h] --G start helper in Global Group mode -D domain specify the default user's domain +-G start helper in Domain Global Group mode +-P use ONLY PDCs for group validation -c use case insensitive compare -d enable debugging -h this message Index: squid/helpers/external_acl/win32_group/win32_check_group.c =================================================================== RCS file: /cvsroot/squid-sf//squid/helpers/external_acl/win32_group/Attic/win32_check_group.c,v retrieving revision 1.1.8.19 retrieving revision 1.1.8.20 diff -u -r1.1.8.19 -r1.1.8.20 --- squid/helpers/external_acl/win32_group/win32_check_group.c 29 Jun 2005 19:51:00 -0000 1.1.8.19 +++ squid/helpers/external_acl/win32_group/win32_check_group.c 8 Jul 2005 09:20:59 -0000 1.1.8.20 @@ -30,6 +30,11 @@ * * History: * + * Version 1.22 + * 08-07-2005 Guido Serassio + * Added -P option for force usage of PDCs for group validation. + * Added support for '/' char as domain separator. + * Fixed Bugzilla #1336. * Version 1.21 * 23-04-2005 Guido Serassio * Added -D option for specify default user's domain. @@ -85,13 +90,14 @@ #define BUFSIZE 8192 /* the stdin buffer size */ int use_global = 0; +int use_PDC_only = 0; char debug_enabled = 0; char *myname; pid_t mypid; char * machinedomain; int use_case_insensitive_compare = 0; char * DefaultDomain = NULL; - +const char NTV_VALID_DOMAIN_SEPARATOR[] = "\\/"; #include "win32_check_group.h" @@ -272,6 +278,7 @@ Valid_Local_Groups(char *UserName, const char **Groups) { int result = 0; + char * Domain_Separator; WCHAR wszUserName[UNLEN+1]; // Unicode user name LPLOCALGROUP_USERS_INFO_0 pBuf = NULL; @@ -287,6 +294,11 @@ /* Convert ANSI User Name and Group to Unicode */ + if ((Domain_Separator = strchr(UserName, '/')) != NULL) + *Domain_Separator = '\\'; + + debug("Valid_Local_Groups: checking group membership of '%s'.\n", UserName); + MultiByteToWideChar(CP_ACP, 0, UserName, strlen(UserName) + 1, wszUserName, sizeof(wszUserName) / sizeof(wszUserName[0])); @@ -349,6 +361,7 @@ char NTDomain[DNLEN+UNLEN+2]; char *domain_qualify; char User[UNLEN+1]; + size_t j; LPWSTR LclDCptr = NULL; LPWSTR UsrDCptr = NULL; @@ -363,10 +376,15 @@ DWORD i; DWORD dwTotalCount = 0; - strcpy(NTDomain, UserName); - if ((domain_qualify = strchr(NTDomain, '\\')) == NULL) { - strcpy(User, UserName); - strcpy(NTDomain, DefaultDomain); + strncpy(NTDomain, UserName, sizeof(NTDomain)); + + for (j=0; j < strlen(NTV_VALID_DOMAIN_SEPARATOR); j++) { + if ((domain_qualify = strchr(NTDomain, NTV_VALID_DOMAIN_SEPARATOR[j])) != NULL) + break; + } + if (domain_qualify == NULL) { + strcpy(User, NTDomain); + strcpy(NTDomain, DefaultDomain); } else { strcpy(User, domain_qualify + 1); domain_qualify[0] = '\0'; @@ -398,7 +416,7 @@ debug("Running on a DC.\n"); } else - nStatus = NetGetAnyDCName(NULL, wszLocalDomain, (LPBYTE *) & LclDCptr); + nStatus = (use_PDC_only ? NetGetDCName(NULL, wszLocalDomain, (LPBYTE *) & LclDCptr) : NetGetAnyDCName(NULL, wszLocalDomain, (LPBYTE *) & LclDCptr)); } else { fprintf(stderr, "%s NetServerGetInfo() failed.'\n", myname); if (pSrvBuf != NULL) @@ -412,10 +430,7 @@ if (strcmp(NTDomain, machinedomain) != 0) { MultiByteToWideChar(CP_ACP, 0, NTDomain, strlen(NTDomain) + 1, wszUserDomain, sizeof(wszUserDomain) / sizeof(wszUserDomain[0])); - nStatus = NetGetAnyDCName( - LclDCptr, - wszUserDomain, - (LPBYTE *) & UsrDCptr); + nStatus = (use_PDC_only ? NetGetDCName(LclDCptr, wszUserDomain, (LPBYTE *) & UsrDCptr) : NetGetAnyDCName(LclDCptr, wszUserDomain, (LPBYTE *) & UsrDCptr)); if (nStatus != NERR_Success) { fprintf(stderr, "%s Can't find DC for user's domain '%s'\n", myname, NTDomain); if (pSrvBuf != NULL) @@ -485,9 +500,10 @@ static void usage(char *program) { - fprintf(stderr,"Usage: %s [-G][-D domain][-c][-d][-h]\n" + fprintf(stderr,"Usage: %s [-D domain][-G][-P][-c][-d][-h]\n" " -D default user Domain\n" " -G enable Domain Global group mode\n" + " -P use ONLY PDCs for group validation\n" " -c use case insensitive compare\n" " -d enable debugging\n" " -h this message\n", @@ -500,7 +516,7 @@ int opt; opterr = 0; - while (-1 != (opt = getopt(argc, argv, "D:Gcdh"))) { + while (-1 != (opt = getopt(argc, argv, "D:GPcdh"))) { switch (opt) { case 'D': DefaultDomain = xstrndup(optarg, DNLEN + 1); @@ -509,6 +525,9 @@ case 'G': use_global = 1; break; + case 'P': + use_PDC_only = 1; + break; case 'c': use_case_insensitive_compare = 1; break; @@ -574,6 +593,8 @@ debug("Domain Global group mode enabled using '%s' as default domain.\n", DefaultDomain); if (use_case_insensitive_compare) debug("Warning: running in case insensitive mode !!!\n"); + if (use_PDC_only) + debug("Warning: using only PDCs for group validation !!!\n"); /* Main Loop */ while (fgets (buf, sizeof(buf), stdin))