curl_sspi.c 7.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at http://curl.haxx.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. ***************************************************************************/
  22. #include "curl_setup.h"
  23. #ifdef USE_WINDOWS_SSPI
  24. #include <curl/curl.h>
  25. #include "curl_sspi.h"
  26. #define _MPRINTF_REPLACE /* use our functions only */
  27. #include <curl/mprintf.h>
  28. #include "curl_memory.h"
  29. #include "curl_multibyte.h"
  30. #include "warnless.h"
  31. /* The last #include file should be: */
  32. #include "memdebug.h"
  33. /* We use our own typedef here since some headers might lack these */
  34. typedef PSecurityFunctionTable (APIENTRY *INITSECURITYINTERFACE_FN)(VOID);
  35. /* See definition of SECURITY_ENTRYPOINT in sspi.h */
  36. #ifdef UNICODE
  37. # ifdef _WIN32_WCE
  38. # define SECURITYENTRYPOINT L"InitSecurityInterfaceW"
  39. # else
  40. # define SECURITYENTRYPOINT "InitSecurityInterfaceW"
  41. # endif
  42. #else
  43. # define SECURITYENTRYPOINT "InitSecurityInterfaceA"
  44. #endif
  45. /* Handle of security.dll or secur32.dll, depending on Windows version */
  46. HMODULE s_hSecDll = NULL;
  47. /* Pointer to SSPI dispatch table */
  48. PSecurityFunctionTable s_pSecFn = NULL;
  49. /*
  50. * Curl_sspi_global_init()
  51. *
  52. * This is used to load the Security Service Provider Interface (SSPI)
  53. * dynamic link library portably across all Windows versions, without
  54. * the need to directly link libcurl, nor the application using it, at
  55. * build time.
  56. *
  57. * Once this function has been executed, Windows SSPI functions can be
  58. * called through the Security Service Provider Interface dispatch table.
  59. */
  60. CURLcode Curl_sspi_global_init(void)
  61. {
  62. bool securityDll = FALSE;
  63. INITSECURITYINTERFACE_FN pInitSecurityInterface;
  64. /* If security interface is not yet initialized try to do this */
  65. if(!s_hSecDll) {
  66. /* Security Service Provider Interface (SSPI) functions are located in
  67. * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
  68. * have both these DLLs (security.dll forwards calls to secur32.dll) */
  69. DWORD majorVersion = 4;
  70. DWORD platformId = VER_PLATFORM_WIN32_NT;
  71. #if !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_WIN2K) || \
  72. (_WIN32_WINNT < _WIN32_WINNT_WIN2K)
  73. OSVERSIONINFO osver;
  74. memset(&osver, 0, sizeof(osver));
  75. osver.dwOSVersionInfoSize = sizeof(osver);
  76. /* Find out Windows version */
  77. if(!GetVersionEx(&osver))
  78. return CURLE_FAILED_INIT;
  79. /* Verify the major version number == 4 and platform id == WIN_NT */
  80. if(osver.dwMajorVersion == majorVersion &&
  81. osver.dwPlatformId == platformId)
  82. securityDll = TRUE;
  83. #else
  84. ULONGLONG majorVersionMask;
  85. ULONGLONG platformIdMask;
  86. OSVERSIONINFOEX osver;
  87. memset(&osver, 0, sizeof(osver));
  88. osver.dwOSVersionInfoSize = sizeof(osver);
  89. osver.dwMajorVersion = majorVersion;
  90. osver.dwPlatformId = platformId;
  91. majorVersionMask = VerSetConditionMask(0, VER_MAJORVERSION, VER_EQUAL);
  92. platformIdMask = VerSetConditionMask(0, VER_PLATFORMID, VER_EQUAL);
  93. /* Verify the major version number == 4 and platform id == WIN_NT */
  94. if(VerifyVersionInfo(&osver, VER_MAJORVERSION, majorVersionMask) &&
  95. VerifyVersionInfo(&osver, VER_PLATFORMID, platformIdMask))
  96. securityDll = TRUE;
  97. #endif
  98. /* Load SSPI dll into the address space of the calling process */
  99. if(securityDll)
  100. s_hSecDll = LoadLibrary(TEXT("security.dll"));
  101. else
  102. s_hSecDll = LoadLibrary(TEXT("secur32.dll"));
  103. if(!s_hSecDll)
  104. return CURLE_FAILED_INIT;
  105. /* Get address of the InitSecurityInterfaceA function from the SSPI dll */
  106. pInitSecurityInterface = (INITSECURITYINTERFACE_FN)
  107. GetProcAddress(s_hSecDll, SECURITYENTRYPOINT);
  108. if(!pInitSecurityInterface)
  109. return CURLE_FAILED_INIT;
  110. /* Get pointer to Security Service Provider Interface dispatch table */
  111. s_pSecFn = pInitSecurityInterface();
  112. if(!s_pSecFn)
  113. return CURLE_FAILED_INIT;
  114. }
  115. return CURLE_OK;
  116. }
  117. /*
  118. * Curl_sspi_global_cleanup()
  119. *
  120. * This deinitializes the Security Service Provider Interface from libcurl.
  121. */
  122. void Curl_sspi_global_cleanup(void)
  123. {
  124. if(s_hSecDll) {
  125. FreeLibrary(s_hSecDll);
  126. s_hSecDll = NULL;
  127. s_pSecFn = NULL;
  128. }
  129. }
  130. /*
  131. * Curl_create_sspi_identity()
  132. *
  133. * This is used to populate a SSPI identity structure based on the supplied
  134. * username and password.
  135. *
  136. * Parameters:
  137. *
  138. * userp [in] - The user name in the format User or Domain\User.
  139. * passdwp [in] - The user's password.
  140. * identity [in/out] - The identity structure.
  141. *
  142. * Returns CURLE_OK on success.
  143. */
  144. CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
  145. SEC_WINNT_AUTH_IDENTITY *identity)
  146. {
  147. xcharp_u useranddomain;
  148. xcharp_u user, dup_user;
  149. xcharp_u domain, dup_domain;
  150. xcharp_u passwd, dup_passwd;
  151. size_t domlen = 0;
  152. domain.const_tchar_ptr = TEXT("");
  153. /* Initialize the identity */
  154. memset(identity, 0, sizeof(*identity));
  155. useranddomain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)userp);
  156. if(!useranddomain.tchar_ptr)
  157. return CURLE_OUT_OF_MEMORY;
  158. user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
  159. if(!user.const_tchar_ptr)
  160. user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));
  161. if(user.tchar_ptr) {
  162. domain.tchar_ptr = useranddomain.tchar_ptr;
  163. domlen = user.tchar_ptr - useranddomain.tchar_ptr;
  164. user.tchar_ptr++;
  165. }
  166. else {
  167. user.tchar_ptr = useranddomain.tchar_ptr;
  168. domain.const_tchar_ptr = TEXT("");
  169. domlen = 0;
  170. }
  171. /* Setup the identity's user and length */
  172. dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
  173. if(!dup_user.tchar_ptr) {
  174. Curl_unicodefree(useranddomain.tchar_ptr);
  175. return CURLE_OUT_OF_MEMORY;
  176. }
  177. identity->User = dup_user.tbyte_ptr;
  178. identity->UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
  179. dup_user.tchar_ptr = NULL;
  180. /* Setup the identity's domain and length */
  181. dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
  182. if(!dup_domain.tchar_ptr) {
  183. Curl_unicodefree(useranddomain.tchar_ptr);
  184. return CURLE_OUT_OF_MEMORY;
  185. }
  186. _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
  187. *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
  188. identity->Domain = dup_domain.tbyte_ptr;
  189. identity->DomainLength = curlx_uztoul(domlen);
  190. dup_domain.tchar_ptr = NULL;
  191. Curl_unicodefree(useranddomain.tchar_ptr);
  192. /* Setup ntlm identity's password and length */
  193. passwd.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)passwdp);
  194. if(!passwd.tchar_ptr)
  195. return CURLE_OUT_OF_MEMORY;
  196. dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
  197. if(!dup_passwd.tchar_ptr) {
  198. Curl_unicodefree(passwd.tchar_ptr);
  199. return CURLE_OUT_OF_MEMORY;
  200. }
  201. identity->Password = dup_passwd.tbyte_ptr;
  202. identity->PasswordLength = curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
  203. dup_passwd.tchar_ptr = NULL;
  204. Curl_unicodefree(passwd.tchar_ptr);
  205. /* Setup the identity's flags */
  206. identity->Flags = SECFLAG_WINNT_AUTH_IDENTITY;
  207. return CURLE_OK;
  208. }
  209. void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity)
  210. {
  211. if(identity) {
  212. Curl_safefree(identity->User);
  213. Curl_safefree(identity->Password);
  214. Curl_safefree(identity->Domain);
  215. }
  216. }
  217. #endif /* USE_WINDOWS_SSPI */