archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
3.3 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/inetsrv/iis/iisrearc/iisplus/ulw3/anonymousprovider.cxx

318 lines
8.0 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  2. Copyright (c) 1999 Microsoft Corporation
  4. Module Name :
  5. anonymousprovider.cxx
  7. Abstract:
  8. Anonymous authentication provider
  10. Author:
  11. Bilal Alam (balam) 10-Jan-2000
  13. Environment:
  14. Win32 - User Mode
  16. Project:
  17. ULW3.DLL
  18. --*/
  20. #include "precomp.hxx"
  21. #include "anonymousprovider.hxx"
  23. HRESULT
  24. ANONYMOUS_AUTH_PROVIDER::DoesApply(
  25. W3_MAIN_CONTEXT * pMainContext,
  26. BOOL * pfApplies
  27. )
  28. /*++
  30. Routine Description:
  32. Does anonymous apply to this request?
  34. Arguments:
  36. pMainContext - Main context representing request
  37. pfApplies - Set to true if SSPI is applicable
  39. Return Value:
  41. HRESULT
  43. --*/
  44. {
  45. UNREFERENCED_PARAMETER( pMainContext );
  47. if ( pfApplies == NULL )
  48. {
  49. DBG_ASSERT( FALSE );
  50. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  51. }
  53. //
  54. // Anonymous ALWAYS applies!
  55. //
  57. *pfApplies = TRUE;
  58. return NO_ERROR;
  59. }
  61. HRESULT
  62. ANONYMOUS_AUTH_PROVIDER::DoAuthenticate(
  63. W3_MAIN_CONTEXT * pMainContext,
  64. BOOL * pfFilterFinished
  65. )
  66. /*++
  68. Routine Description:
  70. Do anonymous authentication (trivial)
  72. Arguments:
  74. pMainContext - Main context representing request
  75. pfFilterFinished - Set to TRUE if filter wants out
  77. Return Value:
  79. HRESULT
  81. --*/
  82. {
  83. W3_METADATA * pMetaData = NULL;
  84. TOKEN_CACHE_ENTRY * pCachedToken = NULL;
  85. HRESULT hr;
  86. ANONYMOUS_USER_CONTEXT* pUserContext = NULL;
  87. BOOL fRet;
  88. DWORD dwLogonError;
  89. BOOL fPossibleUPNLogon = FALSE;
  90. BOOL fFilterSetUser = FALSE;
  91. // add 1 to strUserDomain for separator "\"
  92. STACK_STRA( strUserDomain, UNLEN + IIS_DNLEN + 1 + 1 );
  95. if ( pMainContext == NULL )
  96. {
  97. DBG_ASSERT( FALSE );
  98. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  99. }
  101. pMetaData = pMainContext->QueryUrlContext()->QueryMetaData();
  102. DBG_ASSERT( pMetaData != NULL );
  104. //
  105. // Notify authentication filters
  106. //
  108. if ( pMainContext->IsNotificationNeeded( SF_NOTIFY_AUTHENTICATION ) )
  109. {
  110. HTTP_FILTER_AUTHENT filterAuthent;
  111. STACK_STRA( strPassword, PWLEN + 1 );
  112. // add 1 to strUserDomainW for separator "\"
  113. STACK_STRU( strUserDomainW, UNLEN + IIS_DNLEN + 1 + 1 );
  114. STACK_STRU( strPasswordW, PWLEN + 1 );
  115. STACK_STRU( strDomainNameW, IIS_DNLEN + 1 );
  116. STACK_STRU( strUserNameW, UNLEN + 1 );
  119. DBG_ASSERT( strUserDomain.IsEmpty() );
  120. hr = strUserDomain.Resize( SF_MAX_USERNAME );
  121. if ( FAILED( hr ) )
  122. {
  123. return hr;
  124. }
  126. DBG_ASSERT( strPassword.IsEmpty() );
  127. hr = strPassword.Resize( SF_MAX_PASSWORD );
  128. if ( FAILED( hr ) )
  129. {
  130. return hr;
  131. }
  133. filterAuthent.pszUser = strUserDomain.QueryStr();
  134. filterAuthent.cbUserBuff = SF_MAX_USERNAME;
  136. filterAuthent.pszPassword = strPassword.QueryStr();
  137. filterAuthent.cbPasswordBuff = SF_MAX_PASSWORD;
  139. fRet = pMainContext->NotifyFilters( SF_NOTIFY_AUTHENTICATION,
  140. &filterAuthent,
  141. pfFilterFinished );
  143. if ( !fRet )
  144. {
  145. return HRESULT_FROM_WIN32( GetLastError() );
  146. }
  148. if ( *pfFilterFinished )
  149. {
  150. return NO_ERROR;
  151. }
  153. strUserDomain.SetLen( strlen( strUserDomain.QueryStr() ) );
  154. strPassword.SetLen( strlen( strPassword.QueryStr() ) );
  157. //
  158. // If the filter set a user/password, then use it
  159. //
  161. if ( strUserDomain.QueryCCH() > 0 )
  162. {
  163. fFilterSetUser = TRUE;
  164. //
  165. // Convert to unicode
  166. //
  168. hr = strUserDomainW.CopyA( strUserDomain.QueryStr() );
  169. if ( FAILED( hr ) )
  170. {
  171. return hr;
  172. }
  174. hr = strPasswordW.CopyA( strPassword.QueryStr() );
  175. if ( FAILED( hr ) )
  176. {
  177. return hr;
  178. }
  180. //
  181. // Get username/domain out of domain\username
  182. //
  184. hr = W3_STATE_AUTHENTICATION::SplitUserDomain( strUserDomainW,
  185. &strUserNameW,
  186. &strDomainNameW,
  187. NULL,
  188. &fPossibleUPNLogon );
  189. if ( FAILED( hr ) )
  190. {
  191. return hr;
  192. }
  194. //
  195. // Try to get the token
  196. //
  198. DBG_ASSERT( g_pW3Server->QueryTokenCache() != NULL );
  200. hr = g_pW3Server->QueryTokenCache()->GetCachedToken(
  201. strUserNameW.QueryStr(),
  202. strDomainNameW.QueryStr(),
  203. strPasswordW.QueryStr(),
  204. pMetaData->QueryLogonMethod(),
  205. FALSE,
  206. fPossibleUPNLogon,
  207. NULL,
  208. &pCachedToken,
  209. &dwLogonError );
  210. if ( FAILED( hr ) )
  211. {
  212. return hr;
  213. }
  214. }
  215. }
  218. if ( !fFilterSetUser )
  219. {
  220. //
  221. // If anonymous is not allowed, and a filter didn't
  222. // set credentials, then we need to fail.
  223. //
  225. if ( pMainContext->QueryCheckAnonAuthTypeSupported() &&
  226. !pMetaData->QueryAuthTypeSupported( MD_AUTH_ANONYMOUS ) )
  227. {
  228. return SEC_E_NO_CREDENTIALS;
  229. }
  231. //
  232. // Use the IUSR account
  233. //
  235. hr = pMetaData->GetAndRefAnonymousToken( &pCachedToken );
  236. if( FAILED( hr ) )
  237. {
  238. return hr;
  239. }
  240. }
  242. if ( pCachedToken == NULL )
  243. {
  244. //
  245. // Bogus anonymous account
  246. //
  248. pMainContext->QueryResponse()->SetStatus( HttpStatusUnauthorized,
  249. Http401BadLogon );
  251. return NO_ERROR;
  252. }
  254. //
  255. // For perf reasons, the anonymous user context is inline
  256. //
  258. pUserContext = new (pMainContext) ANONYMOUS_USER_CONTEXT( this );
  259. DBG_ASSERT( pUserContext != NULL );
  261. hr = pUserContext->Create( pCachedToken );
  262. if ( FAILED( hr ) )
  263. {
  264. return hr;
  265. }
  267. if ( fFilterSetUser )
  268. {
  269. //
  270. // Store the new username set by the filter
  271. //
  273. hr = pUserContext->SetUserNameA( strUserDomain.QueryStr() );
  275. if ( FAILED( hr ) )
  276. {
  277. return hr;
  278. }
  279. }
  281. pMainContext->SetUserContext( pUserContext );
  283. return NO_ERROR;
  284. }
  286. HRESULT
  287. ANONYMOUS_USER_CONTEXT::Create(
  288. TOKEN_CACHE_ENTRY * pCachedToken
  289. )
  290. /*++
  292. Routine Description:
  294. Initialize anonymous context
  296. Arguments:
  298. pCachedToken - anonymous user token
  300. Return Value:
  302. HRESULT
  304. --*/
  305. {
  306. if ( pCachedToken == NULL )
  307. {
  308. DBG_ASSERT( FALSE );
  309. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  310. }
  312. _pCachedToken = pCachedToken;
  314. SetCachedToken( TRUE );
  316. return _strUserName.Copy( L"" );
  317. }