archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
3.3 GiB
 
 
 
 
 
 
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/inetsrv/iis/iisrearc/iisplus/ulw3/anonymousprovider.cxx

318 lines
8.0 KiB
Raw Blame History

/*++
Copyright (c) 1999 Microsoft Corporation
Module Name :
anonymousprovider.cxx
Abstract:
Anonymous authentication provider
Author:
Bilal Alam (balam) 10-Jan-2000
Environment:
Win32 - User Mode
Project:
ULW3.DLL
--*/
#include "precomp.hxx"
#include "anonymousprovider.hxx"
HRESULT
ANONYMOUS_AUTH_PROVIDER::DoesApply(
W3_MAIN_CONTEXT * pMainContext,
BOOL * pfApplies
)
/*++
Routine Description:
Does anonymous apply to this request?
Arguments:
pMainContext - Main context representing request
pfApplies - Set to true if SSPI is applicable
Return Value:
HRESULT
--*/
{
UNREFERENCED_PARAMETER( pMainContext );
if ( pfApplies == NULL )
{
DBG_ASSERT( FALSE );
return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
}
//
// Anonymous ALWAYS applies!
//
*pfApplies = TRUE;
return NO_ERROR;
}
HRESULT
ANONYMOUS_AUTH_PROVIDER::DoAuthenticate(
W3_MAIN_CONTEXT * pMainContext,
BOOL * pfFilterFinished
)
/*++
Routine Description:
Do anonymous authentication (trivial)
Arguments:
pMainContext - Main context representing request
pfFilterFinished - Set to TRUE if filter wants out
Return Value:
HRESULT
--*/
{
W3_METADATA * pMetaData = NULL;
TOKEN_CACHE_ENTRY * pCachedToken = NULL;
HRESULT hr;
ANONYMOUS_USER_CONTEXT* pUserContext = NULL;
BOOL fRet;
DWORD dwLogonError;
BOOL fPossibleUPNLogon = FALSE;
BOOL fFilterSetUser = FALSE;
// add 1 to strUserDomain for separator "\"
STACK_STRA( strUserDomain, UNLEN + IIS_DNLEN + 1 + 1 );
if ( pMainContext == NULL )
{
DBG_ASSERT( FALSE );
return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
}
pMetaData = pMainContext->QueryUrlContext()->QueryMetaData();
DBG_ASSERT( pMetaData != NULL );
//
// Notify authentication filters
//
if ( pMainContext->IsNotificationNeeded( SF_NOTIFY_AUTHENTICATION ) )
{
HTTP_FILTER_AUTHENT filterAuthent;
STACK_STRA( strPassword, PWLEN + 1 );
// add 1 to strUserDomainW for separator "\"
STACK_STRU( strUserDomainW, UNLEN + IIS_DNLEN + 1 + 1 );
STACK_STRU( strPasswordW, PWLEN + 1 );
STACK_STRU( strDomainNameW, IIS_DNLEN + 1 );
STACK_STRU( strUserNameW, UNLEN + 1 );
DBG_ASSERT( strUserDomain.IsEmpty() );
hr = strUserDomain.Resize( SF_MAX_USERNAME );
if ( FAILED( hr ) )
{
return hr;
}
DBG_ASSERT( strPassword.IsEmpty() );
hr = strPassword.Resize( SF_MAX_PASSWORD );
if ( FAILED( hr ) )
{
return hr;
}
filterAuthent.pszUser = strUserDomain.QueryStr();
filterAuthent.cbUserBuff = SF_MAX_USERNAME;
filterAuthent.pszPassword = strPassword.QueryStr();
filterAuthent.cbPasswordBuff = SF_MAX_PASSWORD;
fRet = pMainContext->NotifyFilters( SF_NOTIFY_AUTHENTICATION,
&filterAuthent,
pfFilterFinished );
if ( !fRet )
{
return HRESULT_FROM_WIN32( GetLastError() );
}
if ( *pfFilterFinished )
{
return NO_ERROR;
}
strUserDomain.SetLen( strlen( strUserDomain.QueryStr() ) );
strPassword.SetLen( strlen( strPassword.QueryStr() ) );
//
// If the filter set a user/password, then use it
//
if ( strUserDomain.QueryCCH() > 0 )
{
fFilterSetUser = TRUE;
//
// Convert to unicode
//
hr = strUserDomainW.CopyA( strUserDomain.QueryStr() );
if ( FAILED( hr ) )
{
return hr;
}
hr = strPasswordW.CopyA( strPassword.QueryStr() );
if ( FAILED( hr ) )
{
return hr;
}
//
// Get username/domain out of domain\username
//
hr = W3_STATE_AUTHENTICATION::SplitUserDomain( strUserDomainW,
&strUserNameW,
&strDomainNameW,
NULL,
&fPossibleUPNLogon );
if ( FAILED( hr ) )
{
return hr;
}
//
// Try to get the token
//
DBG_ASSERT( g_pW3Server->QueryTokenCache() != NULL );
hr = g_pW3Server->QueryTokenCache()->GetCachedToken(
strUserNameW.QueryStr(),
strDomainNameW.QueryStr(),
strPasswordW.QueryStr(),
pMetaData->QueryLogonMethod(),
FALSE,
fPossibleUPNLogon,
NULL,
&pCachedToken,
&dwLogonError );
if ( FAILED( hr ) )
{
return hr;
}
}
}
if ( !fFilterSetUser )
{
//
// If anonymous is not allowed, and a filter didn't
// set credentials, then we need to fail.
//
if ( pMainContext->QueryCheckAnonAuthTypeSupported() &&
!pMetaData->QueryAuthTypeSupported( MD_AUTH_ANONYMOUS ) )
{
return SEC_E_NO_CREDENTIALS;
}
//
// Use the IUSR account
//
hr = pMetaData->GetAndRefAnonymousToken( &pCachedToken );
if( FAILED( hr ) )
{
return hr;
}
}
if ( pCachedToken == NULL )
{
//
// Bogus anonymous account
//
pMainContext->QueryResponse()->SetStatus( HttpStatusUnauthorized,
Http401BadLogon );
return NO_ERROR;
}
//
// For perf reasons, the anonymous user context is inline
//
pUserContext = new (pMainContext) ANONYMOUS_USER_CONTEXT( this );
DBG_ASSERT( pUserContext != NULL );
hr = pUserContext->Create( pCachedToken );
if ( FAILED( hr ) )
{
return hr;
}
if ( fFilterSetUser )
{
//
// Store the new username set by the filter
//
hr = pUserContext->SetUserNameA( strUserDomain.QueryStr() );
if ( FAILED( hr ) )
{
return hr;
}
}
pMainContext->SetUserContext( pUserContext );
return NO_ERROR;
}
HRESULT
ANONYMOUS_USER_CONTEXT::Create(
TOKEN_CACHE_ENTRY * pCachedToken
)
/*++
Routine Description:
Initialize anonymous context
Arguments:
pCachedToken - anonymous user token
Return Value:
HRESULT
--*/
{
if ( pCachedToken == NULL )
{
DBG_ASSERT( FALSE );
return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
}
_pCachedToken = pCachedToken;
SetCachedToken( TRUE );
return _strUserName.Copy( L"" );
}