archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/inetsrv/iis/iisrearc/iisplus/ulw3/basicprovider.cxx

583 lines
14 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  2. Copyright (c) 1999 Microsoft Corporation
  4. Module Name :
  5. basicprovider.cxx
  7. Abstract:
  8. Basic authentication provider
  10. Author:
  11. Bilal Alam (balam) 10-Jan-2000
  13. Environment:
  14. Win32 - User Mode
  16. Project:
  17. ULW3.DLL
  18. --*/
  20. #include "precomp.hxx"
  21. #include "basicprovider.hxx"
  22. #include "uuencode.hxx"
  24. HRESULT
  25. BASIC_AUTH_PROVIDER::DoesApply(
  26. W3_MAIN_CONTEXT * pMainContext,
  27. BOOL * pfApplies
  28. )
  29. /*++
  31. Routine Description:
  33. Does basic authentication apply to this request?
  35. Arguments:
  37. pMainContext - Main context representing request
  38. pfApplies - Set to true if SSPI is applicable
  40. Return Value:
  42. HRESULT
  44. --*/
  45. {
  46. STACK_STRA( strAuthType, 64 );
  47. HRESULT hr;
  49. if ( pMainContext == NULL ||
  50. pfApplies == NULL )
  51. {
  52. DBG_ASSERT( FALSE );
  53. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  54. }
  56. *pfApplies = FALSE;
  58. //
  59. // Get auth type
  60. //
  62. hr = pMainContext->QueryRequest()->GetAuthType( &strAuthType );
  63. if ( FAILED( hr ) )
  64. {
  65. return hr;
  66. }
  68. //
  69. // No package, no auth
  70. //
  72. if ( strAuthType.IsEmpty() )
  73. {
  74. return NO_ERROR;
  75. }
  77. //
  78. // Is it basic?
  79. //
  81. if ( _stricmp( strAuthType.QueryStr(), "Basic" ) == 0 )
  82. {
  83. *pfApplies = TRUE;
  84. }
  86. return NO_ERROR;
  87. }
  89. HRESULT
  90. BASIC_AUTH_PROVIDER::DoAuthenticate(
  91. W3_MAIN_CONTEXT * pMainContext
  92. )
  93. /*++
  95. Routine Description:
  97. Do the authentication thing!
  99. Arguments:
  101. pMainContext - main context
  103. Return Value:
  105. HRESULT
  107. --*/
  108. {
  109. CHAR * pszAuthHeader = NULL;
  110. HRESULT hr;
  111. BOOL fRet;
  112. BOOL fFinished = FALSE;
  113. STACK_BUFFER ( buffDecoded, 256 );
  114. CHAR * pszDecoded;
  115. CHAR * pszColon;
  116. // add 1 to strUserDomain for separator "\"
  117. STACK_STRA( strUserDomain, UNLEN + IIS_DNLEN + 1 + 1 );
  118. STACK_STRA( strUserName, UNLEN + 1 );
  119. STACK_STRA( strPassword, PWLEN + 1 );
  120. STACK_STRA( strDomainName, IIS_DNLEN + 1 );
  121. // add 1 to strUserDomainW for separator "\"
  122. STACK_STRU( strUserDomainW, UNLEN + IIS_DNLEN + 1 + 1 );
  123. STACK_STRU( strUserNameW, UNLEN + 1 );
  124. STACK_STRU( strPasswordW, PWLEN + 1 );
  125. STACK_STRU( strRemotePasswordW, PWLEN + 1 );
  126. STACK_STRU( strDomainNameW, IIS_DNLEN + 1 );
  127. // add 1 to strRemoteUserNameW for separator "\"
  128. STACK_STRU( strRemoteUserNameW, UNLEN + IIS_DNLEN + 1 );
  129. W3_METADATA * pMetaData = NULL;
  130. TOKEN_CACHE_ENTRY * pCachedToken = NULL;
  131. BASIC_USER_CONTEXT * pUserContext = NULL;
  132. DWORD dwLogonError = ERROR_SUCCESS;
  133. BOOL fPossibleUPNLogon = FALSE;
  135. if ( pMainContext == NULL )
  136. {
  137. DBG_ASSERT( FALSE );
  138. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  139. }
  141. //
  142. // Get the part after the auth type
  143. //
  145. pszAuthHeader = pMainContext->QueryRequest()->GetHeader( HttpHeaderAuthorization );
  146. DBG_ASSERT( pszAuthHeader != NULL );
  148. //
  149. // We better have an Authorization: Basic header if we got to here!
  150. //
  152. DBG_ASSERT( _strnicmp( pszAuthHeader, "Basic", 5 ) == 0 );
  154. //
  155. // Advance to good stuff
  156. //
  158. if ( pszAuthHeader[ 5 ] == '\0' )
  159. {
  160. DBG_ASSERT( FALSE );
  161. return HRESULT_FROM_WIN32( ERROR_INVALID_DATA );
  162. }
  163. pszAuthHeader = pszAuthHeader + 6;
  165. //
  166. // UUDecode the buffer
  167. //
  169. if ( !uudecode( pszAuthHeader,
  170. &buffDecoded ) )
  171. {
  172. hr = HRESULT_FROM_WIN32( GetLastError() );
  173. goto exit;
  174. }
  176. pszDecoded = (CHAR*) buffDecoded.QueryPtr();
  178. //
  179. // Now split out user:password
  180. //
  182. pszColon = strchr( pszDecoded, ':' );
  183. if ( pszColon == NULL )
  184. {
  185. //
  186. // Bad credentials
  187. //
  189. pMainContext->QueryResponse()->SetStatus( HttpStatusUnauthorized,
  190. Http401BadLogon );
  192. hr = NO_ERROR;
  193. goto exit;
  194. }
  196. //
  197. // Get user/password
  198. //
  200. hr = strUserDomain.Copy( pszDecoded,
  201. DIFF( pszColon - pszDecoded ) );
  202. if ( FAILED( hr ) )
  203. {
  204. goto exit;
  205. }
  207. hr = strPassword.Copy( pszColon + 1 );
  208. if ( FAILED( hr ) )
  209. {
  210. goto exit;
  211. }
  213. //
  214. // Copy the user name into the request
  215. //
  217. hr = pMainContext->QueryRequest()->SetRequestUserName( strUserDomain );
  218. if ( FAILED( hr ) )
  219. {
  220. goto exit;
  221. }
  223. //
  224. // Remember the unmapped user name and password
  225. //
  227. hr = strRemoteUserNameW.CopyA( strUserDomain.QueryStr() );
  228. if ( FAILED( hr ) )
  229. {
  230. goto exit;
  231. }
  233. hr = strRemotePasswordW.CopyA( strPassword.QueryStr() );
  234. if ( FAILED( hr ) )
  235. {
  236. goto exit;
  237. }
  239. //
  240. // Notify authentication filters
  241. //
  243. if ( pMainContext->IsNotificationNeeded( SF_NOTIFY_AUTHENTICATION ) )
  244. {
  245. HTTP_FILTER_AUTHENT filterAuthent;
  247. hr = strUserDomain.Resize( SF_MAX_USERNAME );
  248. if ( FAILED( hr ) )
  249. {
  250. goto exit;
  251. }
  253. hr = strPassword.Resize( SF_MAX_PASSWORD );
  254. if ( FAILED( hr ) )
  255. {
  256. goto exit;
  257. }
  259. filterAuthent.pszUser = strUserDomain.QueryStr();
  260. filterAuthent.cbUserBuff = SF_MAX_USERNAME;
  262. filterAuthent.pszPassword = strPassword.QueryStr();
  263. filterAuthent.cbPasswordBuff = SF_MAX_PASSWORD;
  265. fRet = pMainContext->NotifyFilters( SF_NOTIFY_AUTHENTICATION,
  266. &filterAuthent,
  267. &fFinished );
  269. if ( !fRet )
  270. {
  271. hr = HRESULT_FROM_WIN32( GetLastError() );
  272. goto exit;
  273. }
  275. if ( fFinished )
  276. {
  277. pMainContext->SetFinishedResponse();
  278. hr = NO_ERROR;
  279. goto exit;
  280. }
  282. strUserDomain.SetLen( strlen( strUserDomain.QueryStr() ) );
  283. strPassword.SetLen( strlen( strPassword.QueryStr() ) );
  284. }
  286. if( strUserDomain.IsEmpty() )
  287. {
  288. //
  289. // If user domain string is empty, then we will fall back to
  290. // anonymous authentication
  291. //
  293. AUTH_PROVIDER * pAnonymousProvider =
  294. W3_STATE_AUTHENTICATION::QueryAnonymousProvider();
  296. DBG_ASSERT( pAnonymousProvider != NULL );
  298. hr = pAnonymousProvider->DoAuthenticate( pMainContext );
  300. goto exit;
  301. }
  303. //
  304. // Convert to unicode
  305. //
  307. hr = strUserDomainW.CopyA( strUserDomain.QueryStr() );
  308. if ( FAILED( hr ) )
  309. {
  310. goto exit;
  311. }
  313. hr = strPasswordW.CopyA( strPassword.QueryStr() );
  314. if ( FAILED( hr ) )
  315. {
  316. goto exit;
  317. }
  319. //
  320. // Get username/domain out of domain\username
  321. //
  323. pMetaData = pMainContext->QueryUrlContext()->QueryMetaData();
  324. DBG_ASSERT( pMetaData != NULL );
  326. hr = W3_STATE_AUTHENTICATION::SplitUserDomain( strUserDomainW,
  327. &strUserNameW,
  328. &strDomainNameW,
  329. pMetaData->QueryDomainName(),
  330. &fPossibleUPNLogon );
  331. if ( FAILED( hr ) )
  332. {
  333. goto exit;
  334. }
  336. //
  337. // Try to get the token
  338. //
  340. DBG_ASSERT( g_pW3Server->QueryTokenCache() != NULL );
  342. hr = g_pW3Server->QueryTokenCache()->GetCachedToken(
  343. strUserNameW.QueryStr(),
  344. strDomainNameW.QueryStr(),
  345. strPasswordW.QueryStr(),
  346. pMetaData->QueryLogonMethod(),
  347. fPossibleUPNLogon,
  348. &pCachedToken,
  349. &dwLogonError );
  350. if ( FAILED( hr ) )
  351. {
  352. goto exit;
  353. }
  355. //
  356. // If pCachedToken is NULL, then logon failed
  357. //
  359. if ( pCachedToken == NULL )
  360. {
  361. DBG_ASSERT( dwLogonError != ERROR_SUCCESS );
  363. if( dwLogonError == ERROR_PASSWORD_MUST_CHANGE ||
  364. dwLogonError == ERROR_PASSWORD_EXPIRED )
  365. {
  366. hr = HRESULT_FROM_WIN32( dwLogonError );
  367. goto exit;
  368. }
  370. pMainContext->QueryResponse()->SetStatus(
  371. HttpStatusUnauthorized,
  372. Http401BadLogon );
  373. pMainContext->SetErrorStatus( HRESULT_FROM_WIN32( dwLogonError ) );
  375. hr = NO_ERROR;
  376. goto exit;
  377. }
  379. //
  380. // We have a token! Setup a W3_USER_CONTEXT and we're done
  381. //
  383. pUserContext = new BASIC_USER_CONTEXT( this );
  384. if ( FAILED( hr ) )
  385. {
  386. goto exit;
  387. }
  389. hr = pUserContext->Create( pCachedToken,
  390. strUserNameW,
  391. strDomainNameW,
  392. strRemotePasswordW,
  393. strRemoteUserNameW,
  394. strUserDomainW,
  395. pMetaData->QueryLogonMethod() );
  396. if ( FAILED( hr ) )
  397. {
  398. pUserContext->DereferenceUserContext();
  399. pUserContext = NULL;
  400. goto exit;
  401. }
  403. pMainContext->SetUserContext( pUserContext );
  405. exit:
  407. //
  408. // Zero out all copies of password in this routine
  409. //
  410. ZeroMemory( buffDecoded.QueryPtr(), buffDecoded.QuerySize() );
  412. if( strPassword.QueryCB() )
  413. {
  414. ZeroMemory( ( VOID * )strPassword.QueryStr(),
  415. strPassword.QueryCB() );
  416. }
  418. if( strPasswordW.QueryCB() )
  419. {
  420. ZeroMemory( ( VOID * )strPasswordW.QueryStr(),
  421. strPassword.QueryCB() );
  422. }
  424. if( strRemotePasswordW.QueryCB() )
  425. {
  426. ZeroMemory( ( VOID * )strRemotePasswordW.QueryStr(),
  427. strPassword.QueryCB() );
  428. }
  430. return hr;
  431. }
  433. HRESULT
  434. BASIC_AUTH_PROVIDER::OnAccessDenied(
  435. W3_MAIN_CONTEXT * pMainContext
  436. )
  437. /*++
  439. Routine Description:
  441. Add basic authentication header
  443. Arguments:
  445. pMainContext - Main context
  447. Return Value:
  449. HRESULT
  451. --*/
  452. {
  453. STACK_STRU( strAuthHeader, 256 );
  454. STACK_STRA( straAuthHeader, 256 );
  455. STACK_STRU( strHostAddr, 256 );
  456. HRESULT hr;
  457. W3_METADATA * pMetaData;
  459. if ( pMainContext == NULL )
  460. {
  461. DBG_ASSERT( FALSE );
  462. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  463. }
  465. hr = strAuthHeader.Copy( L"Basic realm=\"" );
  466. if ( FAILED( hr ) )
  467. {
  468. return hr;
  469. }
  471. pMetaData = pMainContext->QueryUrlContext()->QueryMetaData();
  472. DBG_ASSERT( pMetaData != NULL );
  474. //
  475. // If a realm is configured, use it. Otherwise use host address of
  476. // request
  477. //
  479. if ( pMetaData->QueryRealm() != NULL )
  480. {
  481. hr = strAuthHeader.Append( pMetaData->QueryRealm() );
  482. }
  483. else
  484. {
  485. hr = pMainContext->QueryRequest()->GetHostAddr( &strHostAddr );
  486. if ( FAILED( hr ) )
  487. {
  488. return hr;
  489. }
  491. hr = strAuthHeader.Append( strHostAddr );
  492. }
  494. if ( FAILED( hr ) )
  495. {
  496. return hr;
  497. }
  499. hr = strAuthHeader.Append( L"\"" );
  500. if ( FAILED( hr ) )
  501. {
  502. return hr;
  503. }
  505. if (FAILED(hr = straAuthHeader.CopyW(strAuthHeader.QueryStr())))
  506. {
  507. return hr;
  508. }
  510. return pMainContext->QueryResponse()->SetHeader( "WWW-Authenticate",
  511. 16,
  512. straAuthHeader.QueryStr(),
  513. straAuthHeader.QueryCCH() );
  514. }
  516. HRESULT
  517. BASIC_USER_CONTEXT::Create(
  518. TOKEN_CACHE_ENTRY * pCachedToken,
  519. STRU & strUserName,
  520. STRU & strDomainName,
  521. STRU & strPassword,
  522. STRU & strRemoteUserName,
  523. STRU & strMappedDomainUser,
  524. DWORD dwLogonMethod
  525. )
  526. /*++
  528. Routine Description:
  530. Initialize a basic user context
  532. Arguments:
  534. pCachedToken - The token
  535. strUserName - User name (without embedded domain)
  536. strDomainName - Domain name
  537. strPassword - Password
  538. strRemoteUserName - Unmapped user name
  539. strMappedDomainUser - Mapped domain user (may have embedded domain)
  540. dwLogonMethod - Logon method
  542. Return Value:
  544. HRESULT
  546. --*/
  547. {
  548. HRESULT hr;
  550. if ( pCachedToken == NULL )
  551. {
  552. DBG_ASSERT( FALSE );
  553. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  554. }
  556. hr = _strUserName.Copy( strMappedDomainUser );
  557. if ( FAILED( hr ) )
  558. {
  559. return hr;
  560. }
  562. hr = _strPassword.Append( strPassword );
  563. if ( FAILED( hr ) )
  564. {
  565. return hr;
  566. }
  568. hr = _strRemoteUserName.Append( strRemoteUserName );
  569. if ( FAILED( hr ) )
  570. {
  571. return hr;
  572. }
  574. if ( dwLogonMethod == LOGON32_LOGON_INTERACTIVE ||
  575. dwLogonMethod == LOGON32_LOGON_BATCH )
  576. {
  577. _fDelegatable = TRUE;
  578. }
  580. _pCachedToken = pCachedToken;
  582. return NO_ERROR;
  583. }