1 /***************************************************************************
3 * Project ___| | | | _ \| |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
8 * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at http://curl.haxx.se/docs/copyright.html.
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
21 ***************************************************************************/
23 #include "curl_setup.h"
25 #ifdef USE_WINDOWS_SSPI
27 #include <curl/curl.h>
29 #include "curl_sspi.h"
31 #define _MPRINTF_REPLACE /* use our functions only */
32 #include <curl/mprintf.h>
34 #include "curl_memory.h"
35 #include "curl_multibyte.h"
38 /* The last #include file should be: */
41 /* We use our own typedef here since some headers might lack these */
42 typedef PSecurityFunctionTable (APIENTRY *INITSECURITYINTERFACE_FN)(VOID);
44 /* See definition of SECURITY_ENTRYPOINT in sspi.h */
47 # define SECURITYENTRYPOINT L"InitSecurityInterfaceW"
49 # define SECURITYENTRYPOINT "InitSecurityInterfaceW"
52 # define SECURITYENTRYPOINT "InitSecurityInterfaceA"
55 /* Handle of security.dll or secur32.dll, depending on Windows version */
56 HMODULE s_hSecDll = NULL;
58 /* Pointer to SSPI dispatch table */
59 PSecurityFunctionTable s_pSecFn = NULL;
62 * Curl_sspi_global_init()
64 * This is used to load the Security Service Provider Interface (SSPI)
65 * dynamic link library portably across all Windows versions, without
66 * the need to directly link libcurl, nor the application using it, at
69 * Once this function has been executed, Windows SSPI functions can be
70 * called through the Security Service Provider Interface dispatch table.
72 CURLcode Curl_sspi_global_init(void)
74 bool securityDll = FALSE;
75 INITSECURITYINTERFACE_FN pInitSecurityInterface;
77 /* If security interface is not yet initialized try to do this */
79 /* Security Service Provider Interface (SSPI) functions are located in
80 * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
81 * have both these DLLs (security.dll forwards calls to secur32.dll) */
82 DWORD majorVersion = 4;
83 DWORD platformId = VER_PLATFORM_WIN32_NT;
85 #if !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_WIN2K) || \
86 (_WIN32_WINNT < _WIN32_WINNT_WIN2K)
89 memset(&osver, 0, sizeof(osver));
90 osver.dwOSVersionInfoSize = sizeof(osver);
92 /* Find out Windows version */
93 if(!GetVersionEx(&osver))
94 return CURLE_FAILED_INIT;
96 /* Verify the major version number == 4 and platform id == WIN_NT */
97 if(osver.dwMajorVersion == majorVersion &&
98 osver.dwPlatformId == platformId)
101 ULONGLONG majorVersionMask;
102 ULONGLONG platformIdMask;
103 OSVERSIONINFOEX osver;
105 memset(&osver, 0, sizeof(osver));
106 osver.dwOSVersionInfoSize = sizeof(osver);
107 osver.dwMajorVersion = majorVersion;
108 osver.dwPlatformId = platformId;
109 majorVersionMask = VerSetConditionMask(0, VER_MAJORVERSION, VER_EQUAL);
110 platformIdMask = VerSetConditionMask(0, VER_PLATFORMID, VER_EQUAL);
112 /* Verify the major version number == 4 and platform id == WIN_NT */
113 if(VerifyVersionInfo(&osver, VER_MAJORVERSION, majorVersionMask) &&
114 VerifyVersionInfo(&osver, VER_PLATFORMID, platformIdMask))
118 /* Load SSPI dll into the address space of the calling process */
120 s_hSecDll = LoadLibrary(TEXT("security.dll"));
122 s_hSecDll = LoadLibrary(TEXT("secur32.dll"));
124 return CURLE_FAILED_INIT;
126 /* Get address of the InitSecurityInterfaceA function from the SSPI dll */
127 pInitSecurityInterface = (INITSECURITYINTERFACE_FN)
128 GetProcAddress(s_hSecDll, SECURITYENTRYPOINT);
129 if(!pInitSecurityInterface)
130 return CURLE_FAILED_INIT;
132 /* Get pointer to Security Service Provider Interface dispatch table */
133 s_pSecFn = pInitSecurityInterface();
135 return CURLE_FAILED_INIT;
142 * Curl_sspi_global_cleanup()
144 * This deinitializes the Security Service Provider Interface from libcurl.
147 void Curl_sspi_global_cleanup(void)
150 FreeLibrary(s_hSecDll);
157 * Curl_create_sspi_identity()
159 * This is used to populate a SSPI identity structure based on the supplied
160 * username and password.
164 * userp [in] - The user name in the format User or Domain\User.
165 * passdwp [in] - The user's password.
166 * identity [in/out] - The identity structure.
168 * Returns CURLE_OK on success.
170 CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
171 SEC_WINNT_AUTH_IDENTITY *identity)
173 xcharp_u useranddomain;
174 xcharp_u user, dup_user;
175 xcharp_u domain, dup_domain;
176 xcharp_u passwd, dup_passwd;
179 domain.const_tchar_ptr = TEXT("");
181 /* Initialize the identity */
182 memset(identity, 0, sizeof(*identity));
184 useranddomain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)userp);
185 if(!useranddomain.tchar_ptr)
186 return CURLE_OUT_OF_MEMORY;
188 user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
189 if(!user.const_tchar_ptr)
190 user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));
193 domain.tchar_ptr = useranddomain.tchar_ptr;
194 domlen = user.tchar_ptr - useranddomain.tchar_ptr;
198 user.tchar_ptr = useranddomain.tchar_ptr;
199 domain.const_tchar_ptr = TEXT("");
203 /* Setup the identity's user and length */
204 dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
205 if(!dup_user.tchar_ptr) {
206 Curl_unicodefree(useranddomain.tchar_ptr);
207 return CURLE_OUT_OF_MEMORY;
209 identity->User = dup_user.tbyte_ptr;
210 identity->UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
211 dup_user.tchar_ptr = NULL;
213 /* Setup the identity's domain and length */
214 dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
215 if(!dup_domain.tchar_ptr) {
216 Curl_unicodefree(useranddomain.tchar_ptr);
217 return CURLE_OUT_OF_MEMORY;
219 _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
220 *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
221 identity->Domain = dup_domain.tbyte_ptr;
222 identity->DomainLength = curlx_uztoul(domlen);
223 dup_domain.tchar_ptr = NULL;
225 Curl_unicodefree(useranddomain.tchar_ptr);
227 /* Setup ntlm identity's password and length */
228 passwd.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)passwdp);
229 if(!passwd.tchar_ptr)
230 return CURLE_OUT_OF_MEMORY;
231 dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
232 if(!dup_passwd.tchar_ptr) {
233 Curl_unicodefree(passwd.tchar_ptr);
234 return CURLE_OUT_OF_MEMORY;
236 identity->Password = dup_passwd.tbyte_ptr;
237 identity->PasswordLength = curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
238 dup_passwd.tchar_ptr = NULL;
240 Curl_unicodefree(passwd.tchar_ptr);
242 /* Setup the identity's flags */
243 identity->Flags = SECFLAG_WINNT_AUTH_IDENTITY;
248 void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity)
251 Curl_safefree(identity->User);
252 Curl_safefree(identity->Password);
253 Curl_safefree(identity->Domain);
257 #endif /* USE_WINDOWS_SSPI */