1 | /***************************************************************************
|
---|
2 | * _ _ ____ _
|
---|
3 | * Project ___| | | | _ \| |
|
---|
4 | * / __| | | | |_) | |
|
---|
5 | * | (__| |_| | _ <| |___
|
---|
6 | * \___|\___/|_| \_\_____|
|
---|
7 | *
|
---|
8 | * Copyright (C) 1998 - 2016, Daniel Stenberg, <[email protected]>, et al.
|
---|
9 | *
|
---|
10 | * This software is licensed as described in the file COPYING, which
|
---|
11 | * you should have received as part of this distribution. The terms
|
---|
12 | * are also available at https://curl.haxx.se/docs/copyright.html.
|
---|
13 | *
|
---|
14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
---|
15 | * copies of the Software, and permit persons to whom the Software is
|
---|
16 | * furnished to do so, under the terms of the COPYING file.
|
---|
17 | *
|
---|
18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
---|
19 | * KIND, either express or implied.
|
---|
20 | *
|
---|
21 | ***************************************************************************/
|
---|
22 |
|
---|
23 | #include "curl_setup.h"
|
---|
24 |
|
---|
25 | #ifdef USE_WINDOWS_SSPI
|
---|
26 |
|
---|
27 | #include <curl/curl.h>
|
---|
28 | #include "curl_sspi.h"
|
---|
29 | #include "curl_multibyte.h"
|
---|
30 | #include "system_win32.h"
|
---|
31 | #include "warnless.h"
|
---|
32 |
|
---|
33 | /* The last #include files should be: */
|
---|
34 | #include "curl_memory.h"
|
---|
35 | #include "memdebug.h"
|
---|
36 |
|
---|
37 | /* We use our own typedef here since some headers might lack these */
|
---|
38 | typedef PSecurityFunctionTable (APIENTRY *INITSECURITYINTERFACE_FN)(VOID);
|
---|
39 |
|
---|
40 | /* See definition of SECURITY_ENTRYPOINT in sspi.h */
|
---|
41 | #ifdef UNICODE
|
---|
42 | # ifdef _WIN32_WCE
|
---|
43 | # define SECURITYENTRYPOINT L"InitSecurityInterfaceW"
|
---|
44 | # else
|
---|
45 | # define SECURITYENTRYPOINT "InitSecurityInterfaceW"
|
---|
46 | # endif
|
---|
47 | #else
|
---|
48 | # define SECURITYENTRYPOINT "InitSecurityInterfaceA"
|
---|
49 | #endif
|
---|
50 |
|
---|
51 | /* Handle of security.dll or secur32.dll, depending on Windows version */
|
---|
52 | HMODULE s_hSecDll = NULL;
|
---|
53 |
|
---|
54 | /* Pointer to SSPI dispatch table */
|
---|
55 | PSecurityFunctionTable s_pSecFn = NULL;
|
---|
56 |
|
---|
57 | /*
|
---|
58 | * Curl_sspi_global_init()
|
---|
59 | *
|
---|
60 | * This is used to load the Security Service Provider Interface (SSPI)
|
---|
61 | * dynamic link library portably across all Windows versions, without
|
---|
62 | * the need to directly link libcurl, nor the application using it, at
|
---|
63 | * build time.
|
---|
64 | *
|
---|
65 | * Once this function has been executed, Windows SSPI functions can be
|
---|
66 | * called through the Security Service Provider Interface dispatch table.
|
---|
67 | *
|
---|
68 | * Parameters:
|
---|
69 | *
|
---|
70 | * None.
|
---|
71 | *
|
---|
72 | * Returns CURLE_OK on success.
|
---|
73 | */
|
---|
74 | CURLcode Curl_sspi_global_init(void)
|
---|
75 | {
|
---|
76 | INITSECURITYINTERFACE_FN pInitSecurityInterface;
|
---|
77 |
|
---|
78 | /* If security interface is not yet initialized try to do this */
|
---|
79 | if(!s_hSecDll) {
|
---|
80 | /* Security Service Provider Interface (SSPI) functions are located in
|
---|
81 | * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
|
---|
82 | * have both these DLLs (security.dll forwards calls to secur32.dll) */
|
---|
83 |
|
---|
84 | /* Load SSPI dll into the address space of the calling process */
|
---|
85 | if(Curl_verify_windows_version(4, 0, PLATFORM_WINNT, VERSION_EQUAL))
|
---|
86 | s_hSecDll = Curl_load_library(TEXT("security.dll"));
|
---|
87 | else
|
---|
88 | s_hSecDll = Curl_load_library(TEXT("secur32.dll"));
|
---|
89 | if(!s_hSecDll)
|
---|
90 | return CURLE_FAILED_INIT;
|
---|
91 |
|
---|
92 | /* Get address of the InitSecurityInterfaceA function from the SSPI dll */
|
---|
93 | pInitSecurityInterface =
|
---|
94 | CURLX_FUNCTION_CAST(INITSECURITYINTERFACE_FN,
|
---|
95 | (GetProcAddress(s_hSecDll, SECURITYENTRYPOINT)));
|
---|
96 | if(!pInitSecurityInterface)
|
---|
97 | return CURLE_FAILED_INIT;
|
---|
98 |
|
---|
99 | /* Get pointer to Security Service Provider Interface dispatch table */
|
---|
100 | s_pSecFn = pInitSecurityInterface();
|
---|
101 | if(!s_pSecFn)
|
---|
102 | return CURLE_FAILED_INIT;
|
---|
103 | }
|
---|
104 |
|
---|
105 | return CURLE_OK;
|
---|
106 | }
|
---|
107 |
|
---|
108 | /*
|
---|
109 | * Curl_sspi_global_cleanup()
|
---|
110 | *
|
---|
111 | * This deinitializes the Security Service Provider Interface from libcurl.
|
---|
112 | *
|
---|
113 | * Parameters:
|
---|
114 | *
|
---|
115 | * None.
|
---|
116 | */
|
---|
117 | void Curl_sspi_global_cleanup(void)
|
---|
118 | {
|
---|
119 | if(s_hSecDll) {
|
---|
120 | FreeLibrary(s_hSecDll);
|
---|
121 | s_hSecDll = NULL;
|
---|
122 | s_pSecFn = NULL;
|
---|
123 | }
|
---|
124 | }
|
---|
125 |
|
---|
126 | /*
|
---|
127 | * Curl_create_sspi_identity()
|
---|
128 | *
|
---|
129 | * This is used to populate a SSPI identity structure based on the supplied
|
---|
130 | * username and password.
|
---|
131 | *
|
---|
132 | * Parameters:
|
---|
133 | *
|
---|
134 | * userp [in] - The user name in the format User or Domain\User.
|
---|
135 | * passwdp [in] - The user's password.
|
---|
136 | * identity [in/out] - The identity structure.
|
---|
137 | *
|
---|
138 | * Returns CURLE_OK on success.
|
---|
139 | */
|
---|
140 | CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
|
---|
141 | SEC_WINNT_AUTH_IDENTITY *identity)
|
---|
142 | {
|
---|
143 | xcharp_u useranddomain;
|
---|
144 | xcharp_u user, dup_user;
|
---|
145 | xcharp_u domain, dup_domain;
|
---|
146 | xcharp_u passwd, dup_passwd;
|
---|
147 | size_t domlen = 0;
|
---|
148 |
|
---|
149 | domain.const_tchar_ptr = TEXT("");
|
---|
150 |
|
---|
151 | /* Initialize the identity */
|
---|
152 | memset(identity, 0, sizeof(*identity));
|
---|
153 |
|
---|
154 | useranddomain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)userp);
|
---|
155 | if(!useranddomain.tchar_ptr)
|
---|
156 | return CURLE_OUT_OF_MEMORY;
|
---|
157 |
|
---|
158 | user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
|
---|
159 | if(!user.const_tchar_ptr)
|
---|
160 | user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));
|
---|
161 |
|
---|
162 | if(user.tchar_ptr) {
|
---|
163 | domain.tchar_ptr = useranddomain.tchar_ptr;
|
---|
164 | domlen = user.tchar_ptr - useranddomain.tchar_ptr;
|
---|
165 | user.tchar_ptr++;
|
---|
166 | }
|
---|
167 | else {
|
---|
168 | user.tchar_ptr = useranddomain.tchar_ptr;
|
---|
169 | domain.const_tchar_ptr = TEXT("");
|
---|
170 | domlen = 0;
|
---|
171 | }
|
---|
172 |
|
---|
173 | /* Setup the identity's user and length */
|
---|
174 | dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
|
---|
175 | if(!dup_user.tchar_ptr) {
|
---|
176 | Curl_unicodefree(useranddomain.tchar_ptr);
|
---|
177 | return CURLE_OUT_OF_MEMORY;
|
---|
178 | }
|
---|
179 | identity->User = dup_user.tbyte_ptr;
|
---|
180 | identity->UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
|
---|
181 | dup_user.tchar_ptr = NULL;
|
---|
182 |
|
---|
183 | /* Setup the identity's domain and length */
|
---|
184 | dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
|
---|
185 | if(!dup_domain.tchar_ptr) {
|
---|
186 | Curl_unicodefree(useranddomain.tchar_ptr);
|
---|
187 | return CURLE_OUT_OF_MEMORY;
|
---|
188 | }
|
---|
189 | _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
|
---|
190 | *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
|
---|
191 | identity->Domain = dup_domain.tbyte_ptr;
|
---|
192 | identity->DomainLength = curlx_uztoul(domlen);
|
---|
193 | dup_domain.tchar_ptr = NULL;
|
---|
194 |
|
---|
195 | Curl_unicodefree(useranddomain.tchar_ptr);
|
---|
196 |
|
---|
197 | /* Setup the identity's password and length */
|
---|
198 | passwd.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)passwdp);
|
---|
199 | if(!passwd.tchar_ptr)
|
---|
200 | return CURLE_OUT_OF_MEMORY;
|
---|
201 | dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
|
---|
202 | if(!dup_passwd.tchar_ptr) {
|
---|
203 | Curl_unicodefree(passwd.tchar_ptr);
|
---|
204 | return CURLE_OUT_OF_MEMORY;
|
---|
205 | }
|
---|
206 | identity->Password = dup_passwd.tbyte_ptr;
|
---|
207 | identity->PasswordLength = curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
|
---|
208 | dup_passwd.tchar_ptr = NULL;
|
---|
209 |
|
---|
210 | Curl_unicodefree(passwd.tchar_ptr);
|
---|
211 |
|
---|
212 | /* Setup the identity's flags */
|
---|
213 | identity->Flags = SECFLAG_WINNT_AUTH_IDENTITY;
|
---|
214 |
|
---|
215 | return CURLE_OK;
|
---|
216 | }
|
---|
217 |
|
---|
218 | /*
|
---|
219 | * Curl_sspi_free_identity()
|
---|
220 | *
|
---|
221 | * This is used to free the contents of a SSPI identifier structure.
|
---|
222 | *
|
---|
223 | * Parameters:
|
---|
224 | *
|
---|
225 | * identity [in/out] - The identity structure.
|
---|
226 | */
|
---|
227 | void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity)
|
---|
228 | {
|
---|
229 | if(identity) {
|
---|
230 | Curl_safefree(identity->User);
|
---|
231 | Curl_safefree(identity->Password);
|
---|
232 | Curl_safefree(identity->Domain);
|
---|
233 | }
|
---|
234 | }
|
---|
235 |
|
---|
236 | #endif /* USE_WINDOWS_SSPI */
|
---|