archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/inetsrv/iis/iisrearc/iisplus/ulw3/basicprovider.cxx

597 lines
15 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  2. Copyright (c) 1999 Microsoft Corporation
  4. Module Name :
  5. basicprovider.cxx
  7. Abstract:
  8. Basic authentication provider
  10. Author:
  11. Bilal Alam (balam) 10-Jan-2000
  13. Environment:
  14. Win32 - User Mode
  16. Project:
  17. ULW3.DLL
  18. --*/
  20. #include "precomp.hxx"
  21. #include "basicprovider.hxx"
  22. #include "uuencode.hxx"
  24. HRESULT
  25. BASIC_AUTH_PROVIDER::DoesApply(
  26. W3_MAIN_CONTEXT * pMainContext,
  27. BOOL * pfApplies
  28. )
  29. /*++
  31. Routine Description:
  33. Does basic authentication apply to this request?
  35. Arguments:
  37. pMainContext - Main context representing request
  38. pfApplies - Set to true if SSPI is applicable
  40. Return Value:
  42. HRESULT
  44. --*/
  45. {
  46. LPCSTR pszAuthHeader;
  48. if ( pMainContext == NULL ||
  49. pfApplies == NULL )
  50. {
  51. DBG_ASSERT( FALSE );
  52. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  53. }
  55. *pfApplies = FALSE;
  57. //
  58. // Get auth type
  59. //
  61. pszAuthHeader = pMainContext->QueryRequest()->GetHeader( HttpHeaderAuthorization );
  63. //
  64. // No package, no auth
  65. //
  67. if ( pszAuthHeader == NULL )
  68. {
  69. return NO_ERROR;
  70. }
  72. //
  73. // Is it basic?
  74. //
  76. if ( _strnicmp( pszAuthHeader, "Basic", sizeof("Basic") - 1 ) == 0 )
  77. {
  78. *pfApplies = TRUE;
  79. }
  81. return NO_ERROR;
  82. }
  84. HRESULT
  85. BASIC_AUTH_PROVIDER::DoAuthenticate(
  86. W3_MAIN_CONTEXT * pMainContext,
  87. BOOL * pfFilterFinished
  88. )
  89. /*++
  91. Routine Description:
  93. Do the authentication thing!
  95. Arguments:
  97. pMainContext - main context
  98. pfFilterFinished - Set to TRUE if filter wants out
  100. Return Value:
  102. HRESULT
  104. --*/
  105. {
  106. CHAR * pszAuthHeader = NULL;
  107. HRESULT hr;
  108. BOOL fRet;
  109. STACK_BUFFER ( buffDecoded, 256 );
  110. CHAR * pszDecoded;
  111. CHAR * pszColon;
  112. // add 1 to strUserDomain for separator "\"
  113. STACK_STRA( strUserDomain, UNLEN + IIS_DNLEN + 1 + 1 );
  114. STACK_STRA( strUserName, UNLEN + 1 );
  115. STACK_STRA( strPassword, PWLEN + 1 );
  116. STACK_STRA( strDomainName, IIS_DNLEN + 1 );
  117. // add 1 to strUserDomainW for separator "\"
  118. STACK_STRU( strUserDomainW, UNLEN + IIS_DNLEN + 1 + 1 );
  119. STACK_STRU( strUserNameW, UNLEN + 1 );
  120. STACK_STRU( strPasswordW, PWLEN + 1 );
  121. STACK_STRU( strRemotePasswordW, PWLEN + 1 );
  122. STACK_STRU( strDomainNameW, IIS_DNLEN + 1 );
  123. // add 1 to strRemoteUserNameW for separator "\"
  124. STACK_STRU( strRemoteUserNameW, UNLEN + IIS_DNLEN + 1 );
  125. W3_METADATA * pMetaData = NULL;
  126. TOKEN_CACHE_ENTRY * pCachedToken = NULL;
  127. BASIC_USER_CONTEXT * pUserContext = NULL;
  128. DWORD dwLogonError = ERROR_SUCCESS;
  129. BOOL fPossibleUPNLogon = FALSE;
  131. if ( pMainContext == NULL )
  132. {
  133. DBG_ASSERT( FALSE );
  134. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  135. }
  137. //
  138. // Get the part after the auth type
  139. //
  141. pszAuthHeader = (PSTR) pMainContext->QueryRequest()->GetHeader( HttpHeaderAuthorization );
  142. DBG_ASSERT( pszAuthHeader != NULL );
  144. //
  145. // We better have an Authorization: Basic header if we got to here!
  146. //
  148. DBG_ASSERT( _strnicmp( pszAuthHeader, "Basic", 5 ) == 0 );
  150. //
  151. // Advance to good stuff
  152. //
  154. if ( pszAuthHeader[ 5 ] == '\0' )
  155. {
  156. pMainContext->QueryResponse()->SetStatus( HttpStatusUnauthorized,
  157. Http401BadLogon );
  159. hr = NO_ERROR;
  160. goto exit;
  161. }
  162. pszAuthHeader = pszAuthHeader + 6;
  164. //
  165. // UUDecode the buffer
  166. //
  168. if ( !uudecode( pszAuthHeader,
  169. &buffDecoded ) )
  170. {
  171. hr = HRESULT_FROM_WIN32( GetLastError() );
  172. goto exit;
  173. }
  175. pszDecoded = (CHAR*) buffDecoded.QueryPtr();
  177. //
  178. // Now split out user:password
  179. //
  181. pszColon = strchr( pszDecoded, ':' );
  182. if ( pszColon == NULL )
  183. {
  184. //
  185. // Bad credentials
  186. //
  188. pMainContext->QueryResponse()->SetStatus( HttpStatusUnauthorized,
  189. Http401BadLogon );
  191. hr = NO_ERROR;
  192. goto exit;
  193. }
  195. //
  196. // Get user/password
  197. //
  199. hr = strUserDomain.Copy( pszDecoded,
  200. DIFF( pszColon - pszDecoded ) );
  201. if ( FAILED( hr ) )
  202. {
  203. goto exit;
  204. }
  206. hr = strPassword.Copy( pszColon + 1 );
  207. if ( FAILED( hr ) )
  208. {
  209. goto exit;
  210. }
  212. //
  213. // Copy the user name into the request
  214. //
  216. hr = pMainContext->QueryRequest()->SetRequestUserName( strUserDomain );
  217. if ( FAILED( hr ) )
  218. {
  219. goto exit;
  220. }
  222. //
  223. // Copy the password into the request (filters suck)
  224. //
  226. hr = pMainContext->QueryRequest()->SetRequestPassword( strPassword );
  227. if ( FAILED( hr ) )
  228. {
  229. goto exit;
  230. }
  232. //
  233. // Remember the unmapped user name and password
  234. //
  236. hr = strRemoteUserNameW.CopyA( strUserDomain.QueryStr() );
  237. if ( FAILED( hr ) )
  238. {
  239. goto exit;
  240. }
  242. hr = strRemotePasswordW.CopyA( strPassword.QueryStr() );
  243. if ( FAILED( hr ) )
  244. {
  245. goto exit;
  246. }
  248. //
  249. // Notify authentication filters
  250. //
  252. if ( pMainContext->IsNotificationNeeded( SF_NOTIFY_AUTHENTICATION ) )
  253. {
  254. HTTP_FILTER_AUTHENT filterAuthent;
  256. hr = strUserDomain.Resize( SF_MAX_USERNAME );
  257. if ( FAILED( hr ) )
  258. {
  259. goto exit;
  260. }
  262. hr = strPassword.Resize( SF_MAX_PASSWORD );
  263. if ( FAILED( hr ) )
  264. {
  265. goto exit;
  266. }
  268. filterAuthent.pszUser = strUserDomain.QueryStr();
  269. filterAuthent.cbUserBuff = SF_MAX_USERNAME;
  271. filterAuthent.pszPassword = strPassword.QueryStr();
  272. filterAuthent.cbPasswordBuff = SF_MAX_PASSWORD;
  274. fRet = pMainContext->NotifyFilters( SF_NOTIFY_AUTHENTICATION,
  275. &filterAuthent,
  276. pfFilterFinished );
  278. if ( !fRet )
  279. {
  280. hr = HRESULT_FROM_WIN32( GetLastError() );
  281. goto exit;
  282. }
  284. if ( *pfFilterFinished )
  285. {
  286. pMainContext->SetDone();
  287. goto exit;
  288. }
  290. strUserDomain.SetLen( strlen( strUserDomain.QueryStr() ) );
  291. strPassword.SetLen( strlen( strPassword.QueryStr() ) );
  292. }
  294. pMetaData = pMainContext->QueryUrlContext()->QueryMetaData();
  295. DBG_ASSERT( pMetaData != NULL );
  297. if( pMetaData->QueryAuthTypeSupported( MD_AUTH_ANONYMOUS ) &&
  298. strUserDomain.IsEmpty() &&
  299. strPassword.IsEmpty() )
  300. {
  301. //
  302. // If user domain and password strings are empty, then we will
  303. // fall back to anonymous authentication
  304. //
  306. AUTH_PROVIDER * pAnonymousProvider =
  307. W3_STATE_AUTHENTICATION::QueryAnonymousProvider();
  309. DBG_ASSERT( pAnonymousProvider != NULL );
  311. hr = pAnonymousProvider->DoAuthenticate( pMainContext,
  312. pfFilterFinished );
  314. goto exit;
  315. }
  317. //
  318. // Convert to unicode
  319. //
  321. hr = strUserDomainW.CopyA( strUserDomain.QueryStr() );
  322. if ( FAILED( hr ) )
  323. {
  324. goto exit;
  325. }
  327. hr = strPasswordW.CopyA( strPassword.QueryStr() );
  328. if ( FAILED( hr ) )
  329. {
  330. goto exit;
  331. }
  333. //
  334. // Get username/domain out of domain\username
  335. //
  337. hr = W3_STATE_AUTHENTICATION::SplitUserDomain( strUserDomainW,
  338. &strUserNameW,
  339. &strDomainNameW,
  340. pMetaData->QueryDomainName(),
  341. &fPossibleUPNLogon );
  342. if ( FAILED( hr ) )
  343. {
  344. goto exit;
  345. }
  347. //
  348. // Try to get the token
  349. //
  351. DBG_ASSERT( g_pW3Server->QueryTokenCache() != NULL );
  353. hr = g_pW3Server->QueryTokenCache()->GetCachedToken(
  354. strUserNameW.QueryStr(),
  355. strDomainNameW.QueryStr(),
  356. strPasswordW.QueryStr(),
  357. pMetaData->QueryLogonMethod(),
  358. FALSE,
  359. fPossibleUPNLogon,
  360. pMainContext->QueryRequest()->
  361. QueryRemoteSockAddress(),
  362. &pCachedToken,
  363. &dwLogonError );
  364. if ( FAILED( hr ) )
  365. {
  366. goto exit;
  367. }
  369. //
  370. // If pCachedToken is NULL, then logon failed
  371. //
  373. if ( pCachedToken == NULL )
  374. {
  375. DBG_ASSERT( dwLogonError != ERROR_SUCCESS );
  377. if( dwLogonError == ERROR_PASSWORD_MUST_CHANGE ||
  378. dwLogonError == ERROR_PASSWORD_EXPIRED )
  379. {
  380. hr = HRESULT_FROM_WIN32( dwLogonError );
  381. goto exit;
  382. }
  384. pMainContext->QueryResponse()->SetStatus(
  385. HttpStatusUnauthorized,
  386. Http401BadLogon );
  387. pMainContext->SetErrorStatus( HRESULT_FROM_WIN32( dwLogonError ) );
  389. hr = NO_ERROR;
  390. goto exit;
  391. }
  393. //
  394. // We have a token! Setup a W3_USER_CONTEXT and we're done
  395. //
  397. pUserContext = new BASIC_USER_CONTEXT( this );
  398. if ( FAILED( hr ) )
  399. {
  400. goto exit;
  401. }
  403. hr = pUserContext->Create( pCachedToken,
  404. strUserNameW,
  405. strDomainNameW,
  406. strRemotePasswordW,
  407. strRemoteUserNameW,
  408. strUserDomainW,
  409. pMetaData->QueryLogonMethod() );
  410. if ( FAILED( hr ) )
  411. {
  412. pUserContext->DereferenceUserContext();
  413. pUserContext = NULL;
  414. goto exit;
  415. }
  417. pMainContext->SetUserContext( pUserContext );
  419. exit:
  421. //
  422. // Zero out all copies of password in this routine
  423. //
  424. ZeroMemory( buffDecoded.QueryPtr(), buffDecoded.QuerySize() );
  426. if( strPassword.QueryCB() )
  427. {
  428. SecureZeroMemory( ( VOID * )strPassword.QueryStr(),
  429. strPassword.QueryCB() );
  430. }
  432. if( strPasswordW.QueryCB() )
  433. {
  434. SecureZeroMemory( ( VOID * )strPasswordW.QueryStr(),
  435. strPassword.QueryCB() );
  436. }
  438. if( strRemotePasswordW.QueryCB() )
  439. {
  440. SecureZeroMemory( ( VOID * )strRemotePasswordW.QueryStr(),
  441. strPassword.QueryCB() );
  442. }
  444. return hr;
  445. }
  447. HRESULT
  448. BASIC_AUTH_PROVIDER::OnAccessDenied(
  449. W3_MAIN_CONTEXT * pMainContext
  450. )
  451. /*++
  453. Routine Description:
  455. Add basic authentication header
  457. Arguments:
  459. pMainContext - Main context
  461. Return Value:
  463. HRESULT
  465. --*/
  466. {
  467. STACK_STRU( strAuthHeader, 256 );
  468. STACK_STRA( straAuthHeader, 256 );
  469. STACK_STRU( strHostAddr, 256 );
  470. HRESULT hr;
  471. W3_METADATA * pMetaData;
  473. if ( pMainContext == NULL )
  474. {
  475. DBG_ASSERT( FALSE );
  476. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  477. }
  479. hr = strAuthHeader.Copy( L"Basic realm=\"" );
  480. if ( FAILED( hr ) )
  481. {
  482. return hr;
  483. }
  485. pMetaData = pMainContext->QueryUrlContext()->QueryMetaData();
  486. DBG_ASSERT( pMetaData != NULL );
  488. //
  489. // If a realm is configured, use it. Otherwise use host address of
  490. // request
  491. //
  493. if ( pMetaData->QueryRealm() != NULL )
  494. {
  495. hr = strAuthHeader.Append( pMetaData->QueryRealm() );
  496. }
  497. else
  498. {
  499. hr = pMainContext->QueryRequest()->GetHostAddr( &strHostAddr );
  500. if ( FAILED( hr ) )
  501. {
  502. return hr;
  503. }
  505. hr = strAuthHeader.Append( strHostAddr );
  506. }
  508. if ( FAILED( hr ) )
  509. {
  510. return hr;
  511. }
  513. hr = strAuthHeader.Append( L"\"" );
  514. if ( FAILED( hr ) )
  515. {
  516. return hr;
  517. }
  519. if (FAILED(hr = straAuthHeader.CopyW(strAuthHeader.QueryStr())))
  520. {
  521. return hr;
  522. }
  524. return pMainContext->QueryResponse()->SetHeader( "WWW-Authenticate",
  525. 16,
  526. straAuthHeader.QueryStr(),
  527. (USHORT)straAuthHeader.QueryCCH() );
  528. }
  530. HRESULT
  531. BASIC_USER_CONTEXT::Create(
  532. TOKEN_CACHE_ENTRY * pCachedToken,
  533. STRU & strUserName,
  534. STRU & strDomainName,
  535. STRU & strPassword,
  536. STRU & strRemoteUserName,
  537. STRU & strMappedDomainUser,
  538. DWORD dwLogonMethod
  539. )
  540. /*++
  542. Routine Description:
  544. Initialize a basic user context
  546. Arguments:
  548. pCachedToken - The token
  549. strUserName - User name (without embedded domain)
  550. strDomainName - Domain name
  551. strPassword - Password
  552. strRemoteUserName - Unmapped user name
  553. strMappedDomainUser - Mapped domain user (may have embedded domain)
  554. dwLogonMethod - Logon method
  556. Return Value:
  558. HRESULT
  560. --*/
  561. {
  562. HRESULT hr;
  564. UNREFERENCED_PARAMETER( strUserName );
  565. UNREFERENCED_PARAMETER( strDomainName );
  566. UNREFERENCED_PARAMETER( dwLogonMethod );
  568. if ( pCachedToken == NULL )
  569. {
  570. DBG_ASSERT( FALSE );
  571. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  572. }
  574. hr = _strUserName.Copy( strMappedDomainUser );
  575. if ( FAILED( hr ) )
  576. {
  577. return hr;
  578. }
  580. hr = _strPassword.Append( strPassword );
  581. if ( FAILED( hr ) )
  582. {
  583. return hr;
  584. }
  586. hr = _strRemoteUserName.Append( strRemoteUserName );
  587. if ( FAILED( hr ) )
  588. {
  589. return hr;
  590. }
  592. _pCachedToken = pCachedToken;
  594. SetCachedToken( TRUE );
  596. return NO_ERROR;
  597. }