65 const WCHAR *config_file = NULL;
66 const WCHAR *config_dir = NULL;
69 if (PathIsRelativeW(fname) )
71 swprintf(tmp, _countof(tmp), L
"%ls\\%ls", workdir, fname);
81 if (wcsncmp(config_dir, config_file, wcslen(config_dir)) == 0
82 && wcsstr(config_file + wcslen(config_dir), L
"..") == NULL)
119 PSID admin_sid = NULL;
120 DWORD sid_size = SECURITY_MAX_SID_SIZE;
124 DWORD dlen = _countof(domain);
126 admin_sid = malloc(sid_size);
132 b = CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, admin_sid, &sid_size);
135 b = LookupAccountSidW(NULL, admin_sid, name, &nlen, domain, &dlen, &snu);
144IsAuthorizedUser(PSID sid,
const HANDLE token,
const WCHAR *ovpn_admin_group,
const WCHAR *ovpn_service_user)
146 const WCHAR *admin_group[2];
152 SID_NAME_USE sid_type;
155 if (!LookupAccountSidW(NULL, sid, username, &len, domain, &len, &sid_type))
164 if ((wcscmp(username, ovpn_service_user) == 0) && (wcscmp(domain, L
"NT SERVICE") == 0))
171 admin_group[0] = sysadmin_group;
179 admin_group[1] = ovpn_admin_group;
182 for (
int i = 0; i < 2; ++i)
187 MsgToEventLog(
M_INFO, L
"Authorizing user '%ls@%ls' by virtue of membership in group '%ls'",
188 username, domain, admin_group[i]);
206 PTOKEN_GROUPS groups = NULL;
209 if (!GetTokenInformation(token, TokenGroups, groups, buf_size, &buf_size)
210 && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
212 groups = malloc(buf_size);
218 else if (!GetTokenInformation(token, TokenGroups, groups, buf_size, &buf_size))
238 DWORD dlen = _countof(domain);
240 if (!LookupAccountName(NULL, name, sid, &sid_size, domain, &dlen, &su))
260IsUserInGroup(PSID sid,
const PTOKEN_GROUPS token_groups,
const WCHAR *group_name)
263 DWORD_PTR resume = 0;
265 BYTE grp_sid[SECURITY_MAX_SID_SIZE];
269 if (token_groups &&
LookupSID(group_name, (PSID) grp_sid, _countof(grp_sid)))
271 for (DWORD i = 0; i < token_groups->GroupCount; ++i)
273 if (EqualSid((PSID) grp_sid, token_groups->Groups[i].Sid))
288 LOCALGROUP_MEMBERS_INFO_0 *members = NULL;
289 err = NetLocalGroupGetMembers(NULL, group_name, 0, (LPBYTE *) &members,
290 MAX_PREFERRED_LENGTH, &nread, &nmax, &resume);
291 if ((err != NERR_Success && err != ERROR_MORE_DATA))
296 for (DWORD i = 0; i < nread && !ret; ++i)
298 ret = EqualSid(members[i].lgrmi0_sid, sid);
300 NetApiBufferFree(members);
302 }
while (err == ERROR_MORE_DATA && nloop++ < 100);
304 if (err != NERR_Success && err != NERR_GroupNotFound)
static BOOL IsUserInGroup(PSID sid, const PTOKEN_GROUPS groups, const WCHAR *group_name)
User is in group if the token groups contain the SID of the group of if the user is a direct member o...