1 | /***************************************************************************
|
---|
2 | * _ _ ____ _
|
---|
3 | * Project ___| | | | _ \| |
|
---|
4 | * / __| | | | |_) | |
|
---|
5 | * | (__| |_| | _ <| |___
|
---|
6 | * \___|\___/|_| \_\_____|
|
---|
7 | *
|
---|
8 | * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
---|
9 | *
|
---|
10 | * This software is licensed as described in the file COPYING, which
|
---|
11 | * you should have received as part of this distribution. The terms
|
---|
12 | * are also available at https://curl.haxx.se/docs/copyright.html.
|
---|
13 | *
|
---|
14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
---|
15 | * copies of the Software, and permit persons to whom the Software is
|
---|
16 | * furnished to do so, under the terms of the COPYING file.
|
---|
17 | *
|
---|
18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
---|
19 | * KIND, either express or implied.
|
---|
20 | *
|
---|
21 | ***************************************************************************/
|
---|
22 |
|
---|
23 | #include "curl_setup.h"
|
---|
24 |
|
---|
25 | #ifdef USE_WINDOWS_SSPI
|
---|
26 |
|
---|
27 | #include <curl/curl.h>
|
---|
28 | #include "curl_sspi.h"
|
---|
29 | #include "curl_multibyte.h"
|
---|
30 | #include "system_win32.h"
|
---|
31 | #include "warnless.h"
|
---|
32 |
|
---|
33 | /* The last #include files should be: */
|
---|
34 | #include "curl_memory.h"
|
---|
35 | #include "memdebug.h"
|
---|
36 |
|
---|
37 | /* We use our own typedef here since some headers might lack these */
|
---|
38 | typedef PSecurityFunctionTable (APIENTRY *INITSECURITYINTERFACE_FN)(VOID);
|
---|
39 |
|
---|
40 | /* See definition of SECURITY_ENTRYPOINT in sspi.h */
|
---|
41 | #ifdef UNICODE
|
---|
42 | # ifdef _WIN32_WCE
|
---|
43 | # define SECURITYENTRYPOINT L"InitSecurityInterfaceW"
|
---|
44 | # else
|
---|
45 | # define SECURITYENTRYPOINT "InitSecurityInterfaceW"
|
---|
46 | # endif
|
---|
47 | #else
|
---|
48 | # define SECURITYENTRYPOINT "InitSecurityInterfaceA"
|
---|
49 | #endif
|
---|
50 |
|
---|
51 | /* Handle of security.dll or secur32.dll, depending on Windows version */
|
---|
52 | HMODULE s_hSecDll = NULL;
|
---|
53 |
|
---|
54 | /* Pointer to SSPI dispatch table */
|
---|
55 | PSecurityFunctionTable s_pSecFn = NULL;
|
---|
56 |
|
---|
57 | /*
|
---|
58 | * Curl_sspi_global_init()
|
---|
59 | *
|
---|
60 | * This is used to load the Security Service Provider Interface (SSPI)
|
---|
61 | * dynamic link library portably across all Windows versions, without
|
---|
62 | * the need to directly link libcurl, nor the application using it, at
|
---|
63 | * build time.
|
---|
64 | *
|
---|
65 | * Once this function has been executed, Windows SSPI functions can be
|
---|
66 | * called through the Security Service Provider Interface dispatch table.
|
---|
67 | *
|
---|
68 | * Parameters:
|
---|
69 | *
|
---|
70 | * None.
|
---|
71 | *
|
---|
72 | * Returns CURLE_OK on success.
|
---|
73 | */
|
---|
74 | CURLcode Curl_sspi_global_init(void)
|
---|
75 | {
|
---|
76 | INITSECURITYINTERFACE_FN pInitSecurityInterface;
|
---|
77 |
|
---|
78 | /* If security interface is not yet initialized try to do this */
|
---|
79 | if(!s_hSecDll) {
|
---|
80 | /* Security Service Provider Interface (SSPI) functions are located in
|
---|
81 | * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
|
---|
82 | * have both these DLLs (security.dll forwards calls to secur32.dll) */
|
---|
83 |
|
---|
84 | /* Load SSPI dll into the address space of the calling process */
|
---|
85 | if(Curl_verify_windows_version(4, 0, PLATFORM_WINNT, VERSION_EQUAL))
|
---|
86 | s_hSecDll = Curl_load_library(TEXT("security.dll"));
|
---|
87 | else
|
---|
88 | s_hSecDll = Curl_load_library(TEXT("secur32.dll"));
|
---|
89 | if(!s_hSecDll)
|
---|
90 | return CURLE_FAILED_INIT;
|
---|
91 |
|
---|
92 | /* Get address of the InitSecurityInterfaceA function from the SSPI dll */
|
---|
93 | pInitSecurityInterface = (INITSECURITYINTERFACE_FN)
|
---|
94 | GetProcAddress(s_hSecDll, SECURITYENTRYPOINT);
|
---|
95 | if(!pInitSecurityInterface)
|
---|
96 | return CURLE_FAILED_INIT;
|
---|
97 |
|
---|
98 | /* Get pointer to Security Service Provider Interface dispatch table */
|
---|
99 | s_pSecFn = pInitSecurityInterface();
|
---|
100 | if(!s_pSecFn)
|
---|
101 | return CURLE_FAILED_INIT;
|
---|
102 | }
|
---|
103 |
|
---|
104 | return CURLE_OK;
|
---|
105 | }
|
---|
106 |
|
---|
107 | /*
|
---|
108 | * Curl_sspi_global_cleanup()
|
---|
109 | *
|
---|
110 | * This deinitializes the Security Service Provider Interface from libcurl.
|
---|
111 | *
|
---|
112 | * Parameters:
|
---|
113 | *
|
---|
114 | * None.
|
---|
115 | */
|
---|
116 | void Curl_sspi_global_cleanup(void)
|
---|
117 | {
|
---|
118 | if(s_hSecDll) {
|
---|
119 | FreeLibrary(s_hSecDll);
|
---|
120 | s_hSecDll = NULL;
|
---|
121 | s_pSecFn = NULL;
|
---|
122 | }
|
---|
123 | }
|
---|
124 |
|
---|
125 | /*
|
---|
126 | * Curl_create_sspi_identity()
|
---|
127 | *
|
---|
128 | * This is used to populate a SSPI identity structure based on the supplied
|
---|
129 | * username and password.
|
---|
130 | *
|
---|
131 | * Parameters:
|
---|
132 | *
|
---|
133 | * userp [in] - The user name in the format User or Domain\User.
|
---|
134 | * passdwp [in] - The user's password.
|
---|
135 | * identity [in/out] - The identity structure.
|
---|
136 | *
|
---|
137 | * Returns CURLE_OK on success.
|
---|
138 | */
|
---|
139 | CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
|
---|
140 | SEC_WINNT_AUTH_IDENTITY *identity)
|
---|
141 | {
|
---|
142 | xcharp_u useranddomain;
|
---|
143 | xcharp_u user, dup_user;
|
---|
144 | xcharp_u domain, dup_domain;
|
---|
145 | xcharp_u passwd, dup_passwd;
|
---|
146 | size_t domlen = 0;
|
---|
147 |
|
---|
148 | domain.const_tchar_ptr = TEXT("");
|
---|
149 |
|
---|
150 | /* Initialize the identity */
|
---|
151 | memset(identity, 0, sizeof(*identity));
|
---|
152 |
|
---|
153 | useranddomain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)userp);
|
---|
154 | if(!useranddomain.tchar_ptr)
|
---|
155 | return CURLE_OUT_OF_MEMORY;
|
---|
156 |
|
---|
157 | user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
|
---|
158 | if(!user.const_tchar_ptr)
|
---|
159 | user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));
|
---|
160 |
|
---|
161 | if(user.tchar_ptr) {
|
---|
162 | domain.tchar_ptr = useranddomain.tchar_ptr;
|
---|
163 | domlen = user.tchar_ptr - useranddomain.tchar_ptr;
|
---|
164 | user.tchar_ptr++;
|
---|
165 | }
|
---|
166 | else {
|
---|
167 | user.tchar_ptr = useranddomain.tchar_ptr;
|
---|
168 | domain.const_tchar_ptr = TEXT("");
|
---|
169 | domlen = 0;
|
---|
170 | }
|
---|
171 |
|
---|
172 | /* Setup the identity's user and length */
|
---|
173 | dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
|
---|
174 | if(!dup_user.tchar_ptr) {
|
---|
175 | Curl_unicodefree(useranddomain.tchar_ptr);
|
---|
176 | return CURLE_OUT_OF_MEMORY;
|
---|
177 | }
|
---|
178 | identity->User = dup_user.tbyte_ptr;
|
---|
179 | identity->UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
|
---|
180 | dup_user.tchar_ptr = NULL;
|
---|
181 |
|
---|
182 | /* Setup the identity's domain and length */
|
---|
183 | dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
|
---|
184 | if(!dup_domain.tchar_ptr) {
|
---|
185 | Curl_unicodefree(useranddomain.tchar_ptr);
|
---|
186 | return CURLE_OUT_OF_MEMORY;
|
---|
187 | }
|
---|
188 | _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
|
---|
189 | *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
|
---|
190 | identity->Domain = dup_domain.tbyte_ptr;
|
---|
191 | identity->DomainLength = curlx_uztoul(domlen);
|
---|
192 | dup_domain.tchar_ptr = NULL;
|
---|
193 |
|
---|
194 | Curl_unicodefree(useranddomain.tchar_ptr);
|
---|
195 |
|
---|
196 | /* Setup the identity's password and length */
|
---|
197 | passwd.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)passwdp);
|
---|
198 | if(!passwd.tchar_ptr)
|
---|
199 | return CURLE_OUT_OF_MEMORY;
|
---|
200 | dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
|
---|
201 | if(!dup_passwd.tchar_ptr) {
|
---|
202 | Curl_unicodefree(passwd.tchar_ptr);
|
---|
203 | return CURLE_OUT_OF_MEMORY;
|
---|
204 | }
|
---|
205 | identity->Password = dup_passwd.tbyte_ptr;
|
---|
206 | identity->PasswordLength = curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
|
---|
207 | dup_passwd.tchar_ptr = NULL;
|
---|
208 |
|
---|
209 | Curl_unicodefree(passwd.tchar_ptr);
|
---|
210 |
|
---|
211 | /* Setup the identity's flags */
|
---|
212 | identity->Flags = SECFLAG_WINNT_AUTH_IDENTITY;
|
---|
213 |
|
---|
214 | return CURLE_OK;
|
---|
215 | }
|
---|
216 |
|
---|
217 | /*
|
---|
218 | * Curl_sspi_free_identity()
|
---|
219 | *
|
---|
220 | * This is used to free the contents of a SSPI identifier structure.
|
---|
221 | *
|
---|
222 | * Parameters:
|
---|
223 | *
|
---|
224 | * identity [in/out] - The identity structure.
|
---|
225 | */
|
---|
226 | void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity)
|
---|
227 | {
|
---|
228 | if(identity) {
|
---|
229 | Curl_safefree(identity->User);
|
---|
230 | Curl_safefree(identity->Password);
|
---|
231 | Curl_safefree(identity->Domain);
|
---|
232 | }
|
---|
233 | }
|
---|
234 |
|
---|
235 | #endif /* USE_WINDOWS_SSPI */
|
---|