1*6236dae4SAndroid Build Coastguard Worker /***************************************************************************
2*6236dae4SAndroid Build Coastguard Worker * _ _ ____ _
3*6236dae4SAndroid Build Coastguard Worker * Project ___| | | | _ \| |
4*6236dae4SAndroid Build Coastguard Worker * / __| | | | |_) | |
5*6236dae4SAndroid Build Coastguard Worker * | (__| |_| | _ <| |___
6*6236dae4SAndroid Build Coastguard Worker * \___|\___/|_| \_\_____|
7*6236dae4SAndroid Build Coastguard Worker *
8*6236dae4SAndroid Build Coastguard Worker * Copyright (C) Daniel Stenberg, <[email protected]>, et al.
9*6236dae4SAndroid Build Coastguard Worker *
10*6236dae4SAndroid Build Coastguard Worker * This software is licensed as described in the file COPYING, which
11*6236dae4SAndroid Build Coastguard Worker * you should have received as part of this distribution. The terms
12*6236dae4SAndroid Build Coastguard Worker * are also available at https://curl.se/docs/copyright.html.
13*6236dae4SAndroid Build Coastguard Worker *
14*6236dae4SAndroid Build Coastguard Worker * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15*6236dae4SAndroid Build Coastguard Worker * copies of the Software, and permit persons to whom the Software is
16*6236dae4SAndroid Build Coastguard Worker * furnished to do so, under the terms of the COPYING file.
17*6236dae4SAndroid Build Coastguard Worker *
18*6236dae4SAndroid Build Coastguard Worker * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19*6236dae4SAndroid Build Coastguard Worker * KIND, either express or implied.
20*6236dae4SAndroid Build Coastguard Worker *
21*6236dae4SAndroid Build Coastguard Worker * SPDX-License-Identifier: curl
22*6236dae4SAndroid Build Coastguard Worker *
23*6236dae4SAndroid Build Coastguard Worker ***************************************************************************/
24*6236dae4SAndroid Build Coastguard Worker
25*6236dae4SAndroid Build Coastguard Worker #include "curl_setup.h"
26*6236dae4SAndroid Build Coastguard Worker
27*6236dae4SAndroid Build Coastguard Worker #ifdef USE_WINDOWS_SSPI
28*6236dae4SAndroid Build Coastguard Worker
29*6236dae4SAndroid Build Coastguard Worker #include <curl/curl.h>
30*6236dae4SAndroid Build Coastguard Worker #include "curl_sspi.h"
31*6236dae4SAndroid Build Coastguard Worker #include "curl_multibyte.h"
32*6236dae4SAndroid Build Coastguard Worker #include "system_win32.h"
33*6236dae4SAndroid Build Coastguard Worker #include "version_win32.h"
34*6236dae4SAndroid Build Coastguard Worker #include "warnless.h"
35*6236dae4SAndroid Build Coastguard Worker
36*6236dae4SAndroid Build Coastguard Worker /* The last #include files should be: */
37*6236dae4SAndroid Build Coastguard Worker #include "curl_memory.h"
38*6236dae4SAndroid Build Coastguard Worker #include "memdebug.h"
39*6236dae4SAndroid Build Coastguard Worker
40*6236dae4SAndroid Build Coastguard Worker /* We use our own typedef here since some headers might lack these */
41*6236dae4SAndroid Build Coastguard Worker typedef PSecurityFunctionTable (APIENTRY *INITSECURITYINTERFACE_FN)(VOID);
42*6236dae4SAndroid Build Coastguard Worker
43*6236dae4SAndroid Build Coastguard Worker /* See definition of SECURITY_ENTRYPOINT in sspi.h */
44*6236dae4SAndroid Build Coastguard Worker #ifdef UNICODE
45*6236dae4SAndroid Build Coastguard Worker # ifdef _WIN32_WCE
46*6236dae4SAndroid Build Coastguard Worker # define SECURITYENTRYPOINT L"InitSecurityInterfaceW"
47*6236dae4SAndroid Build Coastguard Worker # else
48*6236dae4SAndroid Build Coastguard Worker # define SECURITYENTRYPOINT "InitSecurityInterfaceW"
49*6236dae4SAndroid Build Coastguard Worker # endif
50*6236dae4SAndroid Build Coastguard Worker #else
51*6236dae4SAndroid Build Coastguard Worker # define SECURITYENTRYPOINT "InitSecurityInterfaceA"
52*6236dae4SAndroid Build Coastguard Worker #endif
53*6236dae4SAndroid Build Coastguard Worker
54*6236dae4SAndroid Build Coastguard Worker /* Handle of security.dll or secur32.dll, depending on Windows version */
55*6236dae4SAndroid Build Coastguard Worker HMODULE Curl_hSecDll = NULL;
56*6236dae4SAndroid Build Coastguard Worker
57*6236dae4SAndroid Build Coastguard Worker /* Pointer to SSPI dispatch table */
58*6236dae4SAndroid Build Coastguard Worker PSecurityFunctionTable Curl_pSecFn = NULL;
59*6236dae4SAndroid Build Coastguard Worker
60*6236dae4SAndroid Build Coastguard Worker /*
61*6236dae4SAndroid Build Coastguard Worker * Curl_sspi_global_init()
62*6236dae4SAndroid Build Coastguard Worker *
63*6236dae4SAndroid Build Coastguard Worker * This is used to load the Security Service Provider Interface (SSPI)
64*6236dae4SAndroid Build Coastguard Worker * dynamic link library portably across all Windows versions, without
65*6236dae4SAndroid Build Coastguard Worker * the need to directly link libcurl, nor the application using it, at
66*6236dae4SAndroid Build Coastguard Worker * build time.
67*6236dae4SAndroid Build Coastguard Worker *
68*6236dae4SAndroid Build Coastguard Worker * Once this function has been executed, Windows SSPI functions can be
69*6236dae4SAndroid Build Coastguard Worker * called through the Security Service Provider Interface dispatch table.
70*6236dae4SAndroid Build Coastguard Worker *
71*6236dae4SAndroid Build Coastguard Worker * Parameters:
72*6236dae4SAndroid Build Coastguard Worker *
73*6236dae4SAndroid Build Coastguard Worker * None.
74*6236dae4SAndroid Build Coastguard Worker *
75*6236dae4SAndroid Build Coastguard Worker * Returns CURLE_OK on success.
76*6236dae4SAndroid Build Coastguard Worker */
Curl_sspi_global_init(void)77*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_sspi_global_init(void)
78*6236dae4SAndroid Build Coastguard Worker {
79*6236dae4SAndroid Build Coastguard Worker INITSECURITYINTERFACE_FN pInitSecurityInterface;
80*6236dae4SAndroid Build Coastguard Worker
81*6236dae4SAndroid Build Coastguard Worker /* If security interface is not yet initialized try to do this */
82*6236dae4SAndroid Build Coastguard Worker if(!Curl_hSecDll) {
83*6236dae4SAndroid Build Coastguard Worker /* Security Service Provider Interface (SSPI) functions are located in
84*6236dae4SAndroid Build Coastguard Worker * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
85*6236dae4SAndroid Build Coastguard Worker * have both these DLLs (security.dll forwards calls to secur32.dll) */
86*6236dae4SAndroid Build Coastguard Worker
87*6236dae4SAndroid Build Coastguard Worker /* Load SSPI dll into the address space of the calling process */
88*6236dae4SAndroid Build Coastguard Worker if(curlx_verify_windows_version(4, 0, 0, PLATFORM_WINNT, VERSION_EQUAL))
89*6236dae4SAndroid Build Coastguard Worker Curl_hSecDll = Curl_load_library(TEXT("security.dll"));
90*6236dae4SAndroid Build Coastguard Worker else
91*6236dae4SAndroid Build Coastguard Worker Curl_hSecDll = Curl_load_library(TEXT("secur32.dll"));
92*6236dae4SAndroid Build Coastguard Worker if(!Curl_hSecDll)
93*6236dae4SAndroid Build Coastguard Worker return CURLE_FAILED_INIT;
94*6236dae4SAndroid Build Coastguard Worker
95*6236dae4SAndroid Build Coastguard Worker /* Get address of the InitSecurityInterfaceA function from the SSPI dll */
96*6236dae4SAndroid Build Coastguard Worker pInitSecurityInterface =
97*6236dae4SAndroid Build Coastguard Worker CURLX_FUNCTION_CAST(INITSECURITYINTERFACE_FN,
98*6236dae4SAndroid Build Coastguard Worker (GetProcAddress(Curl_hSecDll, SECURITYENTRYPOINT)));
99*6236dae4SAndroid Build Coastguard Worker if(!pInitSecurityInterface)
100*6236dae4SAndroid Build Coastguard Worker return CURLE_FAILED_INIT;
101*6236dae4SAndroid Build Coastguard Worker
102*6236dae4SAndroid Build Coastguard Worker /* Get pointer to Security Service Provider Interface dispatch table */
103*6236dae4SAndroid Build Coastguard Worker Curl_pSecFn = pInitSecurityInterface();
104*6236dae4SAndroid Build Coastguard Worker if(!Curl_pSecFn)
105*6236dae4SAndroid Build Coastguard Worker return CURLE_FAILED_INIT;
106*6236dae4SAndroid Build Coastguard Worker }
107*6236dae4SAndroid Build Coastguard Worker
108*6236dae4SAndroid Build Coastguard Worker return CURLE_OK;
109*6236dae4SAndroid Build Coastguard Worker }
110*6236dae4SAndroid Build Coastguard Worker
111*6236dae4SAndroid Build Coastguard Worker /*
112*6236dae4SAndroid Build Coastguard Worker * Curl_sspi_global_cleanup()
113*6236dae4SAndroid Build Coastguard Worker *
114*6236dae4SAndroid Build Coastguard Worker * This deinitializes the Security Service Provider Interface from libcurl.
115*6236dae4SAndroid Build Coastguard Worker *
116*6236dae4SAndroid Build Coastguard Worker * Parameters:
117*6236dae4SAndroid Build Coastguard Worker *
118*6236dae4SAndroid Build Coastguard Worker * None.
119*6236dae4SAndroid Build Coastguard Worker */
Curl_sspi_global_cleanup(void)120*6236dae4SAndroid Build Coastguard Worker void Curl_sspi_global_cleanup(void)
121*6236dae4SAndroid Build Coastguard Worker {
122*6236dae4SAndroid Build Coastguard Worker if(Curl_hSecDll) {
123*6236dae4SAndroid Build Coastguard Worker FreeLibrary(Curl_hSecDll);
124*6236dae4SAndroid Build Coastguard Worker Curl_hSecDll = NULL;
125*6236dae4SAndroid Build Coastguard Worker Curl_pSecFn = NULL;
126*6236dae4SAndroid Build Coastguard Worker }
127*6236dae4SAndroid Build Coastguard Worker }
128*6236dae4SAndroid Build Coastguard Worker
129*6236dae4SAndroid Build Coastguard Worker /*
130*6236dae4SAndroid Build Coastguard Worker * Curl_create_sspi_identity()
131*6236dae4SAndroid Build Coastguard Worker *
132*6236dae4SAndroid Build Coastguard Worker * This is used to populate a SSPI identity structure based on the supplied
133*6236dae4SAndroid Build Coastguard Worker * username and password.
134*6236dae4SAndroid Build Coastguard Worker *
135*6236dae4SAndroid Build Coastguard Worker * Parameters:
136*6236dae4SAndroid Build Coastguard Worker *
137*6236dae4SAndroid Build Coastguard Worker * userp [in] - The username in the format User or Domain\User.
138*6236dae4SAndroid Build Coastguard Worker * passwdp [in] - The user's password.
139*6236dae4SAndroid Build Coastguard Worker * identity [in/out] - The identity structure.
140*6236dae4SAndroid Build Coastguard Worker *
141*6236dae4SAndroid Build Coastguard Worker * Returns CURLE_OK on success.
142*6236dae4SAndroid Build Coastguard Worker */
Curl_create_sspi_identity(const char * userp,const char * passwdp,SEC_WINNT_AUTH_IDENTITY * identity)143*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
144*6236dae4SAndroid Build Coastguard Worker SEC_WINNT_AUTH_IDENTITY *identity)
145*6236dae4SAndroid Build Coastguard Worker {
146*6236dae4SAndroid Build Coastguard Worker xcharp_u useranddomain;
147*6236dae4SAndroid Build Coastguard Worker xcharp_u user, dup_user;
148*6236dae4SAndroid Build Coastguard Worker xcharp_u domain, dup_domain;
149*6236dae4SAndroid Build Coastguard Worker xcharp_u passwd, dup_passwd;
150*6236dae4SAndroid Build Coastguard Worker size_t domlen = 0;
151*6236dae4SAndroid Build Coastguard Worker
152*6236dae4SAndroid Build Coastguard Worker domain.const_tchar_ptr = TEXT("");
153*6236dae4SAndroid Build Coastguard Worker
154*6236dae4SAndroid Build Coastguard Worker /* Initialize the identity */
155*6236dae4SAndroid Build Coastguard Worker memset(identity, 0, sizeof(*identity));
156*6236dae4SAndroid Build Coastguard Worker
157*6236dae4SAndroid Build Coastguard Worker useranddomain.tchar_ptr = curlx_convert_UTF8_to_tchar((char *)userp);
158*6236dae4SAndroid Build Coastguard Worker if(!useranddomain.tchar_ptr)
159*6236dae4SAndroid Build Coastguard Worker return CURLE_OUT_OF_MEMORY;
160*6236dae4SAndroid Build Coastguard Worker
161*6236dae4SAndroid Build Coastguard Worker user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
162*6236dae4SAndroid Build Coastguard Worker if(!user.const_tchar_ptr)
163*6236dae4SAndroid Build Coastguard Worker user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));
164*6236dae4SAndroid Build Coastguard Worker
165*6236dae4SAndroid Build Coastguard Worker if(user.tchar_ptr) {
166*6236dae4SAndroid Build Coastguard Worker domain.tchar_ptr = useranddomain.tchar_ptr;
167*6236dae4SAndroid Build Coastguard Worker domlen = user.tchar_ptr - useranddomain.tchar_ptr;
168*6236dae4SAndroid Build Coastguard Worker user.tchar_ptr++;
169*6236dae4SAndroid Build Coastguard Worker }
170*6236dae4SAndroid Build Coastguard Worker else {
171*6236dae4SAndroid Build Coastguard Worker user.tchar_ptr = useranddomain.tchar_ptr;
172*6236dae4SAndroid Build Coastguard Worker domain.const_tchar_ptr = TEXT("");
173*6236dae4SAndroid Build Coastguard Worker domlen = 0;
174*6236dae4SAndroid Build Coastguard Worker }
175*6236dae4SAndroid Build Coastguard Worker
176*6236dae4SAndroid Build Coastguard Worker /* Setup the identity's user and length */
177*6236dae4SAndroid Build Coastguard Worker dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
178*6236dae4SAndroid Build Coastguard Worker if(!dup_user.tchar_ptr) {
179*6236dae4SAndroid Build Coastguard Worker curlx_unicodefree(useranddomain.tchar_ptr);
180*6236dae4SAndroid Build Coastguard Worker return CURLE_OUT_OF_MEMORY;
181*6236dae4SAndroid Build Coastguard Worker }
182*6236dae4SAndroid Build Coastguard Worker identity->User = dup_user.tbyte_ptr;
183*6236dae4SAndroid Build Coastguard Worker identity->UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
184*6236dae4SAndroid Build Coastguard Worker dup_user.tchar_ptr = NULL;
185*6236dae4SAndroid Build Coastguard Worker
186*6236dae4SAndroid Build Coastguard Worker /* Setup the identity's domain and length */
187*6236dae4SAndroid Build Coastguard Worker dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
188*6236dae4SAndroid Build Coastguard Worker if(!dup_domain.tchar_ptr) {
189*6236dae4SAndroid Build Coastguard Worker curlx_unicodefree(useranddomain.tchar_ptr);
190*6236dae4SAndroid Build Coastguard Worker return CURLE_OUT_OF_MEMORY;
191*6236dae4SAndroid Build Coastguard Worker }
192*6236dae4SAndroid Build Coastguard Worker _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
193*6236dae4SAndroid Build Coastguard Worker *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
194*6236dae4SAndroid Build Coastguard Worker identity->Domain = dup_domain.tbyte_ptr;
195*6236dae4SAndroid Build Coastguard Worker identity->DomainLength = curlx_uztoul(domlen);
196*6236dae4SAndroid Build Coastguard Worker dup_domain.tchar_ptr = NULL;
197*6236dae4SAndroid Build Coastguard Worker
198*6236dae4SAndroid Build Coastguard Worker curlx_unicodefree(useranddomain.tchar_ptr);
199*6236dae4SAndroid Build Coastguard Worker
200*6236dae4SAndroid Build Coastguard Worker /* Setup the identity's password and length */
201*6236dae4SAndroid Build Coastguard Worker passwd.tchar_ptr = curlx_convert_UTF8_to_tchar((char *)passwdp);
202*6236dae4SAndroid Build Coastguard Worker if(!passwd.tchar_ptr)
203*6236dae4SAndroid Build Coastguard Worker return CURLE_OUT_OF_MEMORY;
204*6236dae4SAndroid Build Coastguard Worker dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
205*6236dae4SAndroid Build Coastguard Worker if(!dup_passwd.tchar_ptr) {
206*6236dae4SAndroid Build Coastguard Worker curlx_unicodefree(passwd.tchar_ptr);
207*6236dae4SAndroid Build Coastguard Worker return CURLE_OUT_OF_MEMORY;
208*6236dae4SAndroid Build Coastguard Worker }
209*6236dae4SAndroid Build Coastguard Worker identity->Password = dup_passwd.tbyte_ptr;
210*6236dae4SAndroid Build Coastguard Worker identity->PasswordLength = curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
211*6236dae4SAndroid Build Coastguard Worker dup_passwd.tchar_ptr = NULL;
212*6236dae4SAndroid Build Coastguard Worker
213*6236dae4SAndroid Build Coastguard Worker curlx_unicodefree(passwd.tchar_ptr);
214*6236dae4SAndroid Build Coastguard Worker
215*6236dae4SAndroid Build Coastguard Worker /* Setup the identity's flags */
216*6236dae4SAndroid Build Coastguard Worker identity->Flags = SECFLAG_WINNT_AUTH_IDENTITY;
217*6236dae4SAndroid Build Coastguard Worker
218*6236dae4SAndroid Build Coastguard Worker return CURLE_OK;
219*6236dae4SAndroid Build Coastguard Worker }
220*6236dae4SAndroid Build Coastguard Worker
221*6236dae4SAndroid Build Coastguard Worker /*
222*6236dae4SAndroid Build Coastguard Worker * Curl_sspi_free_identity()
223*6236dae4SAndroid Build Coastguard Worker *
224*6236dae4SAndroid Build Coastguard Worker * This is used to free the contents of a SSPI identifier structure.
225*6236dae4SAndroid Build Coastguard Worker *
226*6236dae4SAndroid Build Coastguard Worker * Parameters:
227*6236dae4SAndroid Build Coastguard Worker *
228*6236dae4SAndroid Build Coastguard Worker * identity [in/out] - The identity structure.
229*6236dae4SAndroid Build Coastguard Worker */
Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY * identity)230*6236dae4SAndroid Build Coastguard Worker void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity)
231*6236dae4SAndroid Build Coastguard Worker {
232*6236dae4SAndroid Build Coastguard Worker if(identity) {
233*6236dae4SAndroid Build Coastguard Worker Curl_safefree(identity->User);
234*6236dae4SAndroid Build Coastguard Worker Curl_safefree(identity->Password);
235*6236dae4SAndroid Build Coastguard Worker Curl_safefree(identity->Domain);
236*6236dae4SAndroid Build Coastguard Worker }
237*6236dae4SAndroid Build Coastguard Worker }
238*6236dae4SAndroid Build Coastguard Worker
239*6236dae4SAndroid Build Coastguard Worker #endif /* USE_WINDOWS_SSPI */
240