curl_sspi.c 7.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * SPDX-License-Identifier: curl
  22. *
  23. ***************************************************************************/
  24. #include "curl_setup.h"
  25. #ifdef USE_WINDOWS_SSPI
  26. #include <curl/curl.h>
  27. #include "curl_sspi.h"
  28. #include "curl_multibyte.h"
  29. #include "system_win32.h"
  30. #include "version_win32.h"
  31. #include "warnless.h"
  32. /* The last #include files should be: */
  33. #include "curl_memory.h"
  34. #include "memdebug.h"
  35. /* We use our own typedef here since some headers might lack these */
  36. typedef PSecurityFunctionTable (APIENTRY *INITSECURITYINTERFACE_FN)(VOID);
  37. /* See definition of SECURITY_ENTRYPOINT in sspi.h */
  38. #ifdef UNICODE
  39. # ifdef _WIN32_WCE
  40. # define SECURITYENTRYPOINT L"InitSecurityInterfaceW"
  41. # else
  42. # define SECURITYENTRYPOINT "InitSecurityInterfaceW"
  43. # endif
  44. #else
  45. # define SECURITYENTRYPOINT "InitSecurityInterfaceA"
  46. #endif
  47. /* Handle of security.dll or secur32.dll, depending on Windows version */
  48. HMODULE s_hSecDll = NULL;
  49. /* Pointer to SSPI dispatch table */
  50. PSecurityFunctionTable s_pSecFn = NULL;
  51. /*
  52. * Curl_sspi_global_init()
  53. *
  54. * This is used to load the Security Service Provider Interface (SSPI)
  55. * dynamic link library portably across all Windows versions, without
  56. * the need to directly link libcurl, nor the application using it, at
  57. * build time.
  58. *
  59. * Once this function has been executed, Windows SSPI functions can be
  60. * called through the Security Service Provider Interface dispatch table.
  61. *
  62. * Parameters:
  63. *
  64. * None.
  65. *
  66. * Returns CURLE_OK on success.
  67. */
  68. CURLcode Curl_sspi_global_init(void)
  69. {
  70. INITSECURITYINTERFACE_FN pInitSecurityInterface;
  71. /* If security interface is not yet initialized try to do this */
  72. if(!s_hSecDll) {
  73. /* Security Service Provider Interface (SSPI) functions are located in
  74. * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
  75. * have both these DLLs (security.dll forwards calls to secur32.dll) */
  76. /* Load SSPI dll into the address space of the calling process */
  77. if(curlx_verify_windows_version(4, 0, 0, PLATFORM_WINNT, VERSION_EQUAL))
  78. s_hSecDll = Curl_load_library(TEXT("security.dll"));
  79. else
  80. s_hSecDll = Curl_load_library(TEXT("secur32.dll"));
  81. if(!s_hSecDll)
  82. return CURLE_FAILED_INIT;
  83. /* Get address of the InitSecurityInterfaceA function from the SSPI dll */
  84. pInitSecurityInterface =
  85. CURLX_FUNCTION_CAST(INITSECURITYINTERFACE_FN,
  86. (GetProcAddress(s_hSecDll, SECURITYENTRYPOINT)));
  87. if(!pInitSecurityInterface)
  88. return CURLE_FAILED_INIT;
  89. /* Get pointer to Security Service Provider Interface dispatch table */
  90. s_pSecFn = pInitSecurityInterface();
  91. if(!s_pSecFn)
  92. return CURLE_FAILED_INIT;
  93. }
  94. return CURLE_OK;
  95. }
  96. /*
  97. * Curl_sspi_global_cleanup()
  98. *
  99. * This deinitializes the Security Service Provider Interface from libcurl.
  100. *
  101. * Parameters:
  102. *
  103. * None.
  104. */
  105. void Curl_sspi_global_cleanup(void)
  106. {
  107. if(s_hSecDll) {
  108. FreeLibrary(s_hSecDll);
  109. s_hSecDll = NULL;
  110. s_pSecFn = NULL;
  111. }
  112. }
  113. /*
  114. * Curl_create_sspi_identity()
  115. *
  116. * This is used to populate a SSPI identity structure based on the supplied
  117. * username and password.
  118. *
  119. * Parameters:
  120. *
  121. * userp [in] - The username in the format User or Domain\User.
  122. * passwdp [in] - The user's password.
  123. * identity [in/out] - The identity structure.
  124. *
  125. * Returns CURLE_OK on success.
  126. */
  127. CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
  128. SEC_WINNT_AUTH_IDENTITY *identity)
  129. {
  130. xcharp_u useranddomain;
  131. xcharp_u user, dup_user;
  132. xcharp_u domain, dup_domain;
  133. xcharp_u passwd, dup_passwd;
  134. size_t domlen = 0;
  135. domain.const_tchar_ptr = TEXT("");
  136. /* Initialize the identity */
  137. memset(identity, 0, sizeof(*identity));
  138. useranddomain.tchar_ptr = curlx_convert_UTF8_to_tchar((char *)userp);
  139. if(!useranddomain.tchar_ptr)
  140. return CURLE_OUT_OF_MEMORY;
  141. user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
  142. if(!user.const_tchar_ptr)
  143. user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));
  144. if(user.tchar_ptr) {
  145. domain.tchar_ptr = useranddomain.tchar_ptr;
  146. domlen = user.tchar_ptr - useranddomain.tchar_ptr;
  147. user.tchar_ptr++;
  148. }
  149. else {
  150. user.tchar_ptr = useranddomain.tchar_ptr;
  151. domain.const_tchar_ptr = TEXT("");
  152. domlen = 0;
  153. }
  154. /* Setup the identity's user and length */
  155. dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
  156. if(!dup_user.tchar_ptr) {
  157. curlx_unicodefree(useranddomain.tchar_ptr);
  158. return CURLE_OUT_OF_MEMORY;
  159. }
  160. identity->User = dup_user.tbyte_ptr;
  161. identity->UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
  162. dup_user.tchar_ptr = NULL;
  163. /* Setup the identity's domain and length */
  164. dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
  165. if(!dup_domain.tchar_ptr) {
  166. curlx_unicodefree(useranddomain.tchar_ptr);
  167. return CURLE_OUT_OF_MEMORY;
  168. }
  169. _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
  170. *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
  171. identity->Domain = dup_domain.tbyte_ptr;
  172. identity->DomainLength = curlx_uztoul(domlen);
  173. dup_domain.tchar_ptr = NULL;
  174. curlx_unicodefree(useranddomain.tchar_ptr);
  175. /* Setup the identity's password and length */
  176. passwd.tchar_ptr = curlx_convert_UTF8_to_tchar((char *)passwdp);
  177. if(!passwd.tchar_ptr)
  178. return CURLE_OUT_OF_MEMORY;
  179. dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
  180. if(!dup_passwd.tchar_ptr) {
  181. curlx_unicodefree(passwd.tchar_ptr);
  182. return CURLE_OUT_OF_MEMORY;
  183. }
  184. identity->Password = dup_passwd.tbyte_ptr;
  185. identity->PasswordLength = curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
  186. dup_passwd.tchar_ptr = NULL;
  187. curlx_unicodefree(passwd.tchar_ptr);
  188. /* Setup the identity's flags */
  189. identity->Flags = SECFLAG_WINNT_AUTH_IDENTITY;
  190. return CURLE_OK;
  191. }
  192. /*
  193. * Curl_sspi_free_identity()
  194. *
  195. * This is used to free the contents of a SSPI identifier structure.
  196. *
  197. * Parameters:
  198. *
  199. * identity [in/out] - The identity structure.
  200. */
  201. void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity)
  202. {
  203. if(identity) {
  204. Curl_safefree(identity->User);
  205. Curl_safefree(identity->Password);
  206. Curl_safefree(identity->Domain);
  207. }
  208. }
  209. #endif /* USE_WINDOWS_SSPI */