xref: /aosp_15_r20/external/curl/lib/curl_sspi.c (revision 6236dae45794135f37c4eb022389c904c8b0090d)
1*6236dae4SAndroid Build Coastguard Worker /***************************************************************************
2*6236dae4SAndroid Build Coastguard Worker  *                                  _   _ ____  _
3*6236dae4SAndroid Build Coastguard Worker  *  Project                     ___| | | |  _ \| |
4*6236dae4SAndroid Build Coastguard Worker  *                             / __| | | | |_) | |
5*6236dae4SAndroid Build Coastguard Worker  *                            | (__| |_| |  _ <| |___
6*6236dae4SAndroid Build Coastguard Worker  *                             \___|\___/|_| \_\_____|
7*6236dae4SAndroid Build Coastguard Worker  *
8*6236dae4SAndroid Build Coastguard Worker  * Copyright (C) Daniel Stenberg, <[email protected]>, et al.
9*6236dae4SAndroid Build Coastguard Worker  *
10*6236dae4SAndroid Build Coastguard Worker  * This software is licensed as described in the file COPYING, which
11*6236dae4SAndroid Build Coastguard Worker  * you should have received as part of this distribution. The terms
12*6236dae4SAndroid Build Coastguard Worker  * are also available at https://curl.se/docs/copyright.html.
13*6236dae4SAndroid Build Coastguard Worker  *
14*6236dae4SAndroid Build Coastguard Worker  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15*6236dae4SAndroid Build Coastguard Worker  * copies of the Software, and permit persons to whom the Software is
16*6236dae4SAndroid Build Coastguard Worker  * furnished to do so, under the terms of the COPYING file.
17*6236dae4SAndroid Build Coastguard Worker  *
18*6236dae4SAndroid Build Coastguard Worker  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19*6236dae4SAndroid Build Coastguard Worker  * KIND, either express or implied.
20*6236dae4SAndroid Build Coastguard Worker  *
21*6236dae4SAndroid Build Coastguard Worker  * SPDX-License-Identifier: curl
22*6236dae4SAndroid Build Coastguard Worker  *
23*6236dae4SAndroid Build Coastguard Worker  ***************************************************************************/
24*6236dae4SAndroid Build Coastguard Worker 
25*6236dae4SAndroid Build Coastguard Worker #include "curl_setup.h"
26*6236dae4SAndroid Build Coastguard Worker 
27*6236dae4SAndroid Build Coastguard Worker #ifdef USE_WINDOWS_SSPI
28*6236dae4SAndroid Build Coastguard Worker 
29*6236dae4SAndroid Build Coastguard Worker #include <curl/curl.h>
30*6236dae4SAndroid Build Coastguard Worker #include "curl_sspi.h"
31*6236dae4SAndroid Build Coastguard Worker #include "curl_multibyte.h"
32*6236dae4SAndroid Build Coastguard Worker #include "system_win32.h"
33*6236dae4SAndroid Build Coastguard Worker #include "version_win32.h"
34*6236dae4SAndroid Build Coastguard Worker #include "warnless.h"
35*6236dae4SAndroid Build Coastguard Worker 
36*6236dae4SAndroid Build Coastguard Worker /* The last #include files should be: */
37*6236dae4SAndroid Build Coastguard Worker #include "curl_memory.h"
38*6236dae4SAndroid Build Coastguard Worker #include "memdebug.h"
39*6236dae4SAndroid Build Coastguard Worker 
40*6236dae4SAndroid Build Coastguard Worker /* We use our own typedef here since some headers might lack these */
41*6236dae4SAndroid Build Coastguard Worker typedef PSecurityFunctionTable (APIENTRY *INITSECURITYINTERFACE_FN)(VOID);
42*6236dae4SAndroid Build Coastguard Worker 
43*6236dae4SAndroid Build Coastguard Worker /* See definition of SECURITY_ENTRYPOINT in sspi.h */
44*6236dae4SAndroid Build Coastguard Worker #ifdef UNICODE
45*6236dae4SAndroid Build Coastguard Worker #  ifdef _WIN32_WCE
46*6236dae4SAndroid Build Coastguard Worker #    define SECURITYENTRYPOINT L"InitSecurityInterfaceW"
47*6236dae4SAndroid Build Coastguard Worker #  else
48*6236dae4SAndroid Build Coastguard Worker #    define SECURITYENTRYPOINT "InitSecurityInterfaceW"
49*6236dae4SAndroid Build Coastguard Worker #  endif
50*6236dae4SAndroid Build Coastguard Worker #else
51*6236dae4SAndroid Build Coastguard Worker #  define SECURITYENTRYPOINT "InitSecurityInterfaceA"
52*6236dae4SAndroid Build Coastguard Worker #endif
53*6236dae4SAndroid Build Coastguard Worker 
54*6236dae4SAndroid Build Coastguard Worker /* Handle of security.dll or secur32.dll, depending on Windows version */
55*6236dae4SAndroid Build Coastguard Worker HMODULE Curl_hSecDll = NULL;
56*6236dae4SAndroid Build Coastguard Worker 
57*6236dae4SAndroid Build Coastguard Worker /* Pointer to SSPI dispatch table */
58*6236dae4SAndroid Build Coastguard Worker PSecurityFunctionTable Curl_pSecFn = NULL;
59*6236dae4SAndroid Build Coastguard Worker 
60*6236dae4SAndroid Build Coastguard Worker /*
61*6236dae4SAndroid Build Coastguard Worker  * Curl_sspi_global_init()
62*6236dae4SAndroid Build Coastguard Worker  *
63*6236dae4SAndroid Build Coastguard Worker  * This is used to load the Security Service Provider Interface (SSPI)
64*6236dae4SAndroid Build Coastguard Worker  * dynamic link library portably across all Windows versions, without
65*6236dae4SAndroid Build Coastguard Worker  * the need to directly link libcurl, nor the application using it, at
66*6236dae4SAndroid Build Coastguard Worker  * build time.
67*6236dae4SAndroid Build Coastguard Worker  *
68*6236dae4SAndroid Build Coastguard Worker  * Once this function has been executed, Windows SSPI functions can be
69*6236dae4SAndroid Build Coastguard Worker  * called through the Security Service Provider Interface dispatch table.
70*6236dae4SAndroid Build Coastguard Worker  *
71*6236dae4SAndroid Build Coastguard Worker  * Parameters:
72*6236dae4SAndroid Build Coastguard Worker  *
73*6236dae4SAndroid Build Coastguard Worker  * None.
74*6236dae4SAndroid Build Coastguard Worker  *
75*6236dae4SAndroid Build Coastguard Worker  * Returns CURLE_OK on success.
76*6236dae4SAndroid Build Coastguard Worker  */
Curl_sspi_global_init(void)77*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_sspi_global_init(void)
78*6236dae4SAndroid Build Coastguard Worker {
79*6236dae4SAndroid Build Coastguard Worker   INITSECURITYINTERFACE_FN pInitSecurityInterface;
80*6236dae4SAndroid Build Coastguard Worker 
81*6236dae4SAndroid Build Coastguard Worker   /* If security interface is not yet initialized try to do this */
82*6236dae4SAndroid Build Coastguard Worker   if(!Curl_hSecDll) {
83*6236dae4SAndroid Build Coastguard Worker     /* Security Service Provider Interface (SSPI) functions are located in
84*6236dae4SAndroid Build Coastguard Worker      * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
85*6236dae4SAndroid Build Coastguard Worker      * have both these DLLs (security.dll forwards calls to secur32.dll) */
86*6236dae4SAndroid Build Coastguard Worker 
87*6236dae4SAndroid Build Coastguard Worker     /* Load SSPI dll into the address space of the calling process */
88*6236dae4SAndroid Build Coastguard Worker     if(curlx_verify_windows_version(4, 0, 0, PLATFORM_WINNT, VERSION_EQUAL))
89*6236dae4SAndroid Build Coastguard Worker       Curl_hSecDll = Curl_load_library(TEXT("security.dll"));
90*6236dae4SAndroid Build Coastguard Worker     else
91*6236dae4SAndroid Build Coastguard Worker       Curl_hSecDll = Curl_load_library(TEXT("secur32.dll"));
92*6236dae4SAndroid Build Coastguard Worker     if(!Curl_hSecDll)
93*6236dae4SAndroid Build Coastguard Worker       return CURLE_FAILED_INIT;
94*6236dae4SAndroid Build Coastguard Worker 
95*6236dae4SAndroid Build Coastguard Worker     /* Get address of the InitSecurityInterfaceA function from the SSPI dll */
96*6236dae4SAndroid Build Coastguard Worker     pInitSecurityInterface =
97*6236dae4SAndroid Build Coastguard Worker       CURLX_FUNCTION_CAST(INITSECURITYINTERFACE_FN,
98*6236dae4SAndroid Build Coastguard Worker                           (GetProcAddress(Curl_hSecDll, SECURITYENTRYPOINT)));
99*6236dae4SAndroid Build Coastguard Worker     if(!pInitSecurityInterface)
100*6236dae4SAndroid Build Coastguard Worker       return CURLE_FAILED_INIT;
101*6236dae4SAndroid Build Coastguard Worker 
102*6236dae4SAndroid Build Coastguard Worker     /* Get pointer to Security Service Provider Interface dispatch table */
103*6236dae4SAndroid Build Coastguard Worker     Curl_pSecFn = pInitSecurityInterface();
104*6236dae4SAndroid Build Coastguard Worker     if(!Curl_pSecFn)
105*6236dae4SAndroid Build Coastguard Worker       return CURLE_FAILED_INIT;
106*6236dae4SAndroid Build Coastguard Worker   }
107*6236dae4SAndroid Build Coastguard Worker 
108*6236dae4SAndroid Build Coastguard Worker   return CURLE_OK;
109*6236dae4SAndroid Build Coastguard Worker }
110*6236dae4SAndroid Build Coastguard Worker 
111*6236dae4SAndroid Build Coastguard Worker /*
112*6236dae4SAndroid Build Coastguard Worker  * Curl_sspi_global_cleanup()
113*6236dae4SAndroid Build Coastguard Worker  *
114*6236dae4SAndroid Build Coastguard Worker  * This deinitializes the Security Service Provider Interface from libcurl.
115*6236dae4SAndroid Build Coastguard Worker  *
116*6236dae4SAndroid Build Coastguard Worker  * Parameters:
117*6236dae4SAndroid Build Coastguard Worker  *
118*6236dae4SAndroid Build Coastguard Worker  * None.
119*6236dae4SAndroid Build Coastguard Worker  */
Curl_sspi_global_cleanup(void)120*6236dae4SAndroid Build Coastguard Worker void Curl_sspi_global_cleanup(void)
121*6236dae4SAndroid Build Coastguard Worker {
122*6236dae4SAndroid Build Coastguard Worker   if(Curl_hSecDll) {
123*6236dae4SAndroid Build Coastguard Worker     FreeLibrary(Curl_hSecDll);
124*6236dae4SAndroid Build Coastguard Worker     Curl_hSecDll = NULL;
125*6236dae4SAndroid Build Coastguard Worker     Curl_pSecFn = NULL;
126*6236dae4SAndroid Build Coastguard Worker   }
127*6236dae4SAndroid Build Coastguard Worker }
128*6236dae4SAndroid Build Coastguard Worker 
129*6236dae4SAndroid Build Coastguard Worker /*
130*6236dae4SAndroid Build Coastguard Worker  * Curl_create_sspi_identity()
131*6236dae4SAndroid Build Coastguard Worker  *
132*6236dae4SAndroid Build Coastguard Worker  * This is used to populate a SSPI identity structure based on the supplied
133*6236dae4SAndroid Build Coastguard Worker  * username and password.
134*6236dae4SAndroid Build Coastguard Worker  *
135*6236dae4SAndroid Build Coastguard Worker  * Parameters:
136*6236dae4SAndroid Build Coastguard Worker  *
137*6236dae4SAndroid Build Coastguard Worker  * userp    [in]     - The username in the format User or Domain\User.
138*6236dae4SAndroid Build Coastguard Worker  * passwdp  [in]     - The user's password.
139*6236dae4SAndroid Build Coastguard Worker  * identity [in/out] - The identity structure.
140*6236dae4SAndroid Build Coastguard Worker  *
141*6236dae4SAndroid Build Coastguard Worker  * Returns CURLE_OK on success.
142*6236dae4SAndroid Build Coastguard Worker  */
Curl_create_sspi_identity(const char * userp,const char * passwdp,SEC_WINNT_AUTH_IDENTITY * identity)143*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
144*6236dae4SAndroid Build Coastguard Worker                                    SEC_WINNT_AUTH_IDENTITY *identity)
145*6236dae4SAndroid Build Coastguard Worker {
146*6236dae4SAndroid Build Coastguard Worker   xcharp_u useranddomain;
147*6236dae4SAndroid Build Coastguard Worker   xcharp_u user, dup_user;
148*6236dae4SAndroid Build Coastguard Worker   xcharp_u domain, dup_domain;
149*6236dae4SAndroid Build Coastguard Worker   xcharp_u passwd, dup_passwd;
150*6236dae4SAndroid Build Coastguard Worker   size_t domlen = 0;
151*6236dae4SAndroid Build Coastguard Worker 
152*6236dae4SAndroid Build Coastguard Worker   domain.const_tchar_ptr = TEXT("");
153*6236dae4SAndroid Build Coastguard Worker 
154*6236dae4SAndroid Build Coastguard Worker   /* Initialize the identity */
155*6236dae4SAndroid Build Coastguard Worker   memset(identity, 0, sizeof(*identity));
156*6236dae4SAndroid Build Coastguard Worker 
157*6236dae4SAndroid Build Coastguard Worker   useranddomain.tchar_ptr = curlx_convert_UTF8_to_tchar((char *)userp);
158*6236dae4SAndroid Build Coastguard Worker   if(!useranddomain.tchar_ptr)
159*6236dae4SAndroid Build Coastguard Worker     return CURLE_OUT_OF_MEMORY;
160*6236dae4SAndroid Build Coastguard Worker 
161*6236dae4SAndroid Build Coastguard Worker   user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
162*6236dae4SAndroid Build Coastguard Worker   if(!user.const_tchar_ptr)
163*6236dae4SAndroid Build Coastguard Worker     user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));
164*6236dae4SAndroid Build Coastguard Worker 
165*6236dae4SAndroid Build Coastguard Worker   if(user.tchar_ptr) {
166*6236dae4SAndroid Build Coastguard Worker     domain.tchar_ptr = useranddomain.tchar_ptr;
167*6236dae4SAndroid Build Coastguard Worker     domlen = user.tchar_ptr - useranddomain.tchar_ptr;
168*6236dae4SAndroid Build Coastguard Worker     user.tchar_ptr++;
169*6236dae4SAndroid Build Coastguard Worker   }
170*6236dae4SAndroid Build Coastguard Worker   else {
171*6236dae4SAndroid Build Coastguard Worker     user.tchar_ptr = useranddomain.tchar_ptr;
172*6236dae4SAndroid Build Coastguard Worker     domain.const_tchar_ptr = TEXT("");
173*6236dae4SAndroid Build Coastguard Worker     domlen = 0;
174*6236dae4SAndroid Build Coastguard Worker   }
175*6236dae4SAndroid Build Coastguard Worker 
176*6236dae4SAndroid Build Coastguard Worker   /* Setup the identity's user and length */
177*6236dae4SAndroid Build Coastguard Worker   dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
178*6236dae4SAndroid Build Coastguard Worker   if(!dup_user.tchar_ptr) {
179*6236dae4SAndroid Build Coastguard Worker     curlx_unicodefree(useranddomain.tchar_ptr);
180*6236dae4SAndroid Build Coastguard Worker     return CURLE_OUT_OF_MEMORY;
181*6236dae4SAndroid Build Coastguard Worker   }
182*6236dae4SAndroid Build Coastguard Worker   identity->User = dup_user.tbyte_ptr;
183*6236dae4SAndroid Build Coastguard Worker   identity->UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
184*6236dae4SAndroid Build Coastguard Worker   dup_user.tchar_ptr = NULL;
185*6236dae4SAndroid Build Coastguard Worker 
186*6236dae4SAndroid Build Coastguard Worker   /* Setup the identity's domain and length */
187*6236dae4SAndroid Build Coastguard Worker   dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
188*6236dae4SAndroid Build Coastguard Worker   if(!dup_domain.tchar_ptr) {
189*6236dae4SAndroid Build Coastguard Worker     curlx_unicodefree(useranddomain.tchar_ptr);
190*6236dae4SAndroid Build Coastguard Worker     return CURLE_OUT_OF_MEMORY;
191*6236dae4SAndroid Build Coastguard Worker   }
192*6236dae4SAndroid Build Coastguard Worker   _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
193*6236dae4SAndroid Build Coastguard Worker   *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
194*6236dae4SAndroid Build Coastguard Worker   identity->Domain = dup_domain.tbyte_ptr;
195*6236dae4SAndroid Build Coastguard Worker   identity->DomainLength = curlx_uztoul(domlen);
196*6236dae4SAndroid Build Coastguard Worker   dup_domain.tchar_ptr = NULL;
197*6236dae4SAndroid Build Coastguard Worker 
198*6236dae4SAndroid Build Coastguard Worker   curlx_unicodefree(useranddomain.tchar_ptr);
199*6236dae4SAndroid Build Coastguard Worker 
200*6236dae4SAndroid Build Coastguard Worker   /* Setup the identity's password and length */
201*6236dae4SAndroid Build Coastguard Worker   passwd.tchar_ptr = curlx_convert_UTF8_to_tchar((char *)passwdp);
202*6236dae4SAndroid Build Coastguard Worker   if(!passwd.tchar_ptr)
203*6236dae4SAndroid Build Coastguard Worker     return CURLE_OUT_OF_MEMORY;
204*6236dae4SAndroid Build Coastguard Worker   dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
205*6236dae4SAndroid Build Coastguard Worker   if(!dup_passwd.tchar_ptr) {
206*6236dae4SAndroid Build Coastguard Worker     curlx_unicodefree(passwd.tchar_ptr);
207*6236dae4SAndroid Build Coastguard Worker     return CURLE_OUT_OF_MEMORY;
208*6236dae4SAndroid Build Coastguard Worker   }
209*6236dae4SAndroid Build Coastguard Worker   identity->Password = dup_passwd.tbyte_ptr;
210*6236dae4SAndroid Build Coastguard Worker   identity->PasswordLength = curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
211*6236dae4SAndroid Build Coastguard Worker   dup_passwd.tchar_ptr = NULL;
212*6236dae4SAndroid Build Coastguard Worker 
213*6236dae4SAndroid Build Coastguard Worker   curlx_unicodefree(passwd.tchar_ptr);
214*6236dae4SAndroid Build Coastguard Worker 
215*6236dae4SAndroid Build Coastguard Worker   /* Setup the identity's flags */
216*6236dae4SAndroid Build Coastguard Worker   identity->Flags = SECFLAG_WINNT_AUTH_IDENTITY;
217*6236dae4SAndroid Build Coastguard Worker 
218*6236dae4SAndroid Build Coastguard Worker   return CURLE_OK;
219*6236dae4SAndroid Build Coastguard Worker }
220*6236dae4SAndroid Build Coastguard Worker 
221*6236dae4SAndroid Build Coastguard Worker /*
222*6236dae4SAndroid Build Coastguard Worker  * Curl_sspi_free_identity()
223*6236dae4SAndroid Build Coastguard Worker  *
224*6236dae4SAndroid Build Coastguard Worker  * This is used to free the contents of a SSPI identifier structure.
225*6236dae4SAndroid Build Coastguard Worker  *
226*6236dae4SAndroid Build Coastguard Worker  * Parameters:
227*6236dae4SAndroid Build Coastguard Worker  *
228*6236dae4SAndroid Build Coastguard Worker  * identity [in/out] - The identity structure.
229*6236dae4SAndroid Build Coastguard Worker  */
Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY * identity)230*6236dae4SAndroid Build Coastguard Worker void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity)
231*6236dae4SAndroid Build Coastguard Worker {
232*6236dae4SAndroid Build Coastguard Worker   if(identity) {
233*6236dae4SAndroid Build Coastguard Worker     Curl_safefree(identity->User);
234*6236dae4SAndroid Build Coastguard Worker     Curl_safefree(identity->Password);
235*6236dae4SAndroid Build Coastguard Worker     Curl_safefree(identity->Domain);
236*6236dae4SAndroid Build Coastguard Worker   }
237*6236dae4SAndroid Build Coastguard Worker }
238*6236dae4SAndroid Build Coastguard Worker 
239*6236dae4SAndroid Build Coastguard Worker #endif /* USE_WINDOWS_SSPI */
240