1 | /***************************************************************************
|
---|
2 | * _ _ ____ _
|
---|
3 | * Project ___| | | | _ \| |
|
---|
4 | * / __| | | | |_) | |
|
---|
5 | * | (__| |_| | _ <| |___
|
---|
6 | * \___|\___/|_| \_\_____|
|
---|
7 | *
|
---|
8 | * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
|
---|
9 | *
|
---|
10 | * This software is licensed as described in the file COPYING, which
|
---|
11 | * you should have received as part of this distribution. The terms
|
---|
12 | * are also available at https://curl.haxx.se/docs/copyright.html.
|
---|
13 | *
|
---|
14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
---|
15 | * copies of the Software, and permit persons to whom the Software is
|
---|
16 | * furnished to do so, under the terms of the COPYING file.
|
---|
17 | *
|
---|
18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
---|
19 | * KIND, either express or implied.
|
---|
20 | *
|
---|
21 | ***************************************************************************/
|
---|
22 |
|
---|
23 | #include "curl_setup.h"
|
---|
24 |
|
---|
25 | #ifdef USE_WINDOWS_SSPI
|
---|
26 |
|
---|
27 | #include <curl/curl.h>
|
---|
28 | #include "curl_sspi.h"
|
---|
29 | #include "curl_multibyte.h"
|
---|
30 | #include "warnless.h"
|
---|
31 |
|
---|
32 | /* The last #include files should be: */
|
---|
33 | #include "curl_memory.h"
|
---|
34 | #include "memdebug.h"
|
---|
35 |
|
---|
36 | /* We use our own typedef here since some headers might lack these */
|
---|
37 | typedef PSecurityFunctionTable (APIENTRY *INITSECURITYINTERFACE_FN)(VOID);
|
---|
38 |
|
---|
39 | /* See definition of SECURITY_ENTRYPOINT in sspi.h */
|
---|
40 | #ifdef UNICODE
|
---|
41 | # ifdef _WIN32_WCE
|
---|
42 | # define SECURITYENTRYPOINT L"InitSecurityInterfaceW"
|
---|
43 | # else
|
---|
44 | # define SECURITYENTRYPOINT "InitSecurityInterfaceW"
|
---|
45 | # endif
|
---|
46 | #else
|
---|
47 | # define SECURITYENTRYPOINT "InitSecurityInterfaceA"
|
---|
48 | #endif
|
---|
49 |
|
---|
50 | /* Handle of security.dll or secur32.dll, depending on Windows version */
|
---|
51 | HMODULE s_hSecDll = NULL;
|
---|
52 |
|
---|
53 | /* Pointer to SSPI dispatch table */
|
---|
54 | PSecurityFunctionTable s_pSecFn = NULL;
|
---|
55 |
|
---|
56 | /*
|
---|
57 | * Curl_sspi_global_init()
|
---|
58 | *
|
---|
59 | * This is used to load the Security Service Provider Interface (SSPI)
|
---|
60 | * dynamic link library portably across all Windows versions, without
|
---|
61 | * the need to directly link libcurl, nor the application using it, at
|
---|
62 | * build time.
|
---|
63 | *
|
---|
64 | * Once this function has been executed, Windows SSPI functions can be
|
---|
65 | * called through the Security Service Provider Interface dispatch table.
|
---|
66 | */
|
---|
67 | CURLcode Curl_sspi_global_init(void)
|
---|
68 | {
|
---|
69 | bool securityDll = FALSE;
|
---|
70 | INITSECURITYINTERFACE_FN pInitSecurityInterface;
|
---|
71 |
|
---|
72 | /* If security interface is not yet initialized try to do this */
|
---|
73 | if(!s_hSecDll) {
|
---|
74 | /* Security Service Provider Interface (SSPI) functions are located in
|
---|
75 | * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
|
---|
76 | * have both these DLLs (security.dll forwards calls to secur32.dll) */
|
---|
77 | DWORD majorVersion = 4;
|
---|
78 | DWORD platformId = VER_PLATFORM_WIN32_NT;
|
---|
79 |
|
---|
80 | #if !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_WIN2K) || \
|
---|
81 | (_WIN32_WINNT < _WIN32_WINNT_WIN2K)
|
---|
82 | OSVERSIONINFO osver;
|
---|
83 |
|
---|
84 | memset(&osver, 0, sizeof(osver));
|
---|
85 | osver.dwOSVersionInfoSize = sizeof(osver);
|
---|
86 |
|
---|
87 | /* Find out Windows version */
|
---|
88 | if(!GetVersionEx(&osver))
|
---|
89 | return CURLE_FAILED_INIT;
|
---|
90 |
|
---|
91 | /* Verify the major version number == 4 and platform id == WIN_NT */
|
---|
92 | if(osver.dwMajorVersion == majorVersion &&
|
---|
93 | osver.dwPlatformId == platformId)
|
---|
94 | securityDll = TRUE;
|
---|
95 | #else
|
---|
96 | ULONGLONG cm;
|
---|
97 | OSVERSIONINFOEX osver;
|
---|
98 |
|
---|
99 | memset(&osver, 0, sizeof(osver));
|
---|
100 | osver.dwOSVersionInfoSize = sizeof(osver);
|
---|
101 | osver.dwMajorVersion = majorVersion;
|
---|
102 | osver.dwPlatformId = platformId;
|
---|
103 |
|
---|
104 | cm = VerSetConditionMask(0, VER_MAJORVERSION, VER_EQUAL);
|
---|
105 | cm = VerSetConditionMask(cm, VER_MINORVERSION, VER_GREATER_EQUAL);
|
---|
106 | cm = VerSetConditionMask(cm, VER_SERVICEPACKMAJOR, VER_GREATER_EQUAL);
|
---|
107 | cm = VerSetConditionMask(cm, VER_SERVICEPACKMINOR, VER_GREATER_EQUAL);
|
---|
108 | cm = VerSetConditionMask(cm, VER_PLATFORMID, VER_EQUAL);
|
---|
109 |
|
---|
110 | /* Verify the major version number == 4 and platform id == WIN_NT */
|
---|
111 | if(VerifyVersionInfo(&osver, (VER_MAJORVERSION | VER_MINORVERSION |
|
---|
112 | VER_SERVICEPACKMAJOR | VER_SERVICEPACKMINOR |
|
---|
113 | VER_PLATFORMID),
|
---|
114 | cm))
|
---|
115 | securityDll = TRUE;
|
---|
116 | #endif
|
---|
117 |
|
---|
118 | /* Load SSPI dll into the address space of the calling process */
|
---|
119 | if(securityDll)
|
---|
120 | s_hSecDll = LoadLibrary(TEXT("security.dll"));
|
---|
121 | else
|
---|
122 | s_hSecDll = LoadLibrary(TEXT("secur32.dll"));
|
---|
123 | if(!s_hSecDll)
|
---|
124 | return CURLE_FAILED_INIT;
|
---|
125 |
|
---|
126 | /* Get address of the InitSecurityInterfaceA function from the SSPI dll */
|
---|
127 | pInitSecurityInterface = (INITSECURITYINTERFACE_FN)
|
---|
128 | GetProcAddress(s_hSecDll, SECURITYENTRYPOINT);
|
---|
129 | if(!pInitSecurityInterface)
|
---|
130 | return CURLE_FAILED_INIT;
|
---|
131 |
|
---|
132 | /* Get pointer to Security Service Provider Interface dispatch table */
|
---|
133 | s_pSecFn = pInitSecurityInterface();
|
---|
134 | if(!s_pSecFn)
|
---|
135 | return CURLE_FAILED_INIT;
|
---|
136 | }
|
---|
137 |
|
---|
138 | return CURLE_OK;
|
---|
139 | }
|
---|
140 |
|
---|
141 | /*
|
---|
142 | * Curl_sspi_global_cleanup()
|
---|
143 | *
|
---|
144 | * This deinitializes the Security Service Provider Interface from libcurl.
|
---|
145 | */
|
---|
146 |
|
---|
147 | void Curl_sspi_global_cleanup(void)
|
---|
148 | {
|
---|
149 | if(s_hSecDll) {
|
---|
150 | FreeLibrary(s_hSecDll);
|
---|
151 | s_hSecDll = NULL;
|
---|
152 | s_pSecFn = NULL;
|
---|
153 | }
|
---|
154 | }
|
---|
155 |
|
---|
156 | /*
|
---|
157 | * Curl_create_sspi_identity()
|
---|
158 | *
|
---|
159 | * This is used to populate a SSPI identity structure based on the supplied
|
---|
160 | * username and password.
|
---|
161 | *
|
---|
162 | * Parameters:
|
---|
163 | *
|
---|
164 | * userp [in] - The user name in the format User or Domain\User.
|
---|
165 | * passdwp [in] - The user's password.
|
---|
166 | * identity [in/out] - The identity structure.
|
---|
167 | *
|
---|
168 | * Returns CURLE_OK on success.
|
---|
169 | */
|
---|
170 | CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
|
---|
171 | SEC_WINNT_AUTH_IDENTITY *identity)
|
---|
172 | {
|
---|
173 | xcharp_u useranddomain;
|
---|
174 | xcharp_u user, dup_user;
|
---|
175 | xcharp_u domain, dup_domain;
|
---|
176 | xcharp_u passwd, dup_passwd;
|
---|
177 | size_t domlen = 0;
|
---|
178 |
|
---|
179 | domain.const_tchar_ptr = TEXT("");
|
---|
180 |
|
---|
181 | /* Initialize the identity */
|
---|
182 | memset(identity, 0, sizeof(*identity));
|
---|
183 |
|
---|
184 | useranddomain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)userp);
|
---|
185 | if(!useranddomain.tchar_ptr)
|
---|
186 | return CURLE_OUT_OF_MEMORY;
|
---|
187 |
|
---|
188 | user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
|
---|
189 | if(!user.const_tchar_ptr)
|
---|
190 | user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));
|
---|
191 |
|
---|
192 | if(user.tchar_ptr) {
|
---|
193 | domain.tchar_ptr = useranddomain.tchar_ptr;
|
---|
194 | domlen = user.tchar_ptr - useranddomain.tchar_ptr;
|
---|
195 | user.tchar_ptr++;
|
---|
196 | }
|
---|
197 | else {
|
---|
198 | user.tchar_ptr = useranddomain.tchar_ptr;
|
---|
199 | domain.const_tchar_ptr = TEXT("");
|
---|
200 | domlen = 0;
|
---|
201 | }
|
---|
202 |
|
---|
203 | /* Setup the identity's user and length */
|
---|
204 | dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
|
---|
205 | if(!dup_user.tchar_ptr) {
|
---|
206 | Curl_unicodefree(useranddomain.tchar_ptr);
|
---|
207 | return CURLE_OUT_OF_MEMORY;
|
---|
208 | }
|
---|
209 | identity->User = dup_user.tbyte_ptr;
|
---|
210 | identity->UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
|
---|
211 | dup_user.tchar_ptr = NULL;
|
---|
212 |
|
---|
213 | /* Setup the identity's domain and length */
|
---|
214 | dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
|
---|
215 | if(!dup_domain.tchar_ptr) {
|
---|
216 | Curl_unicodefree(useranddomain.tchar_ptr);
|
---|
217 | return CURLE_OUT_OF_MEMORY;
|
---|
218 | }
|
---|
219 | _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
|
---|
220 | *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
|
---|
221 | identity->Domain = dup_domain.tbyte_ptr;
|
---|
222 | identity->DomainLength = curlx_uztoul(domlen);
|
---|
223 | dup_domain.tchar_ptr = NULL;
|
---|
224 |
|
---|
225 | Curl_unicodefree(useranddomain.tchar_ptr);
|
---|
226 |
|
---|
227 | /* Setup the identity's password and length */
|
---|
228 | passwd.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)passwdp);
|
---|
229 | if(!passwd.tchar_ptr)
|
---|
230 | return CURLE_OUT_OF_MEMORY;
|
---|
231 | dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
|
---|
232 | if(!dup_passwd.tchar_ptr) {
|
---|
233 | Curl_unicodefree(passwd.tchar_ptr);
|
---|
234 | return CURLE_OUT_OF_MEMORY;
|
---|
235 | }
|
---|
236 | identity->Password = dup_passwd.tbyte_ptr;
|
---|
237 | identity->PasswordLength = curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
|
---|
238 | dup_passwd.tchar_ptr = NULL;
|
---|
239 |
|
---|
240 | Curl_unicodefree(passwd.tchar_ptr);
|
---|
241 |
|
---|
242 | /* Setup the identity's flags */
|
---|
243 | identity->Flags = SECFLAG_WINNT_AUTH_IDENTITY;
|
---|
244 |
|
---|
245 | return CURLE_OK;
|
---|
246 | }
|
---|
247 |
|
---|
248 | void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity)
|
---|
249 | {
|
---|
250 | if(identity) {
|
---|
251 | Curl_safefree(identity->User);
|
---|
252 | Curl_safefree(identity->Password);
|
---|
253 | Curl_safefree(identity->Domain);
|
---|
254 | }
|
---|
255 | }
|
---|
256 |
|
---|
257 | #endif /* USE_WINDOWS_SSPI */
|
---|