1 /***************************************************************************
3 * Project ___| | | | _ \| |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
8 * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at http://curl.haxx.se/docs/copyright.html.
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
21 ***************************************************************************/
25 #ifdef USE_WINDOWS_SSPI
27 #include <curl/curl.h>
29 #include "curl_sspi.h"
31 #define _MPRINTF_REPLACE /* use our functions only */
32 #include <curl/mprintf.h>
34 #include "curl_memory.h"
35 /* The last #include file should be: */
39 /* We use our own typedef here since some headers might lack these */
40 typedef PSecurityFunctionTableA (APIENTRY *INITSECURITYINTERFACE_FN_A)(VOID);
42 /* Handle of security.dll or secur32.dll, depending on Windows version */
43 HMODULE s_hSecDll = NULL;
45 /* Pointer to SSPI dispatch table */
46 PSecurityFunctionTableA s_pSecFn = NULL;
50 * Curl_sspi_global_init()
52 * This is used to load the Security Service Provider Interface (SSPI)
53 * dynamic link library portably across all Windows versions, without
54 * the need to directly link libcurl, nor the application using it, at
57 * Once this function has been executed, Windows SSPI functions can be
58 * called through the Security Service Provider Interface dispatch table.
62 Curl_sspi_global_init(void)
65 INITSECURITYINTERFACE_FN_A pInitSecurityInterface;
67 /* If security interface is not yet initialized try to do this */
68 if(s_hSecDll == NULL) {
70 /* Find out Windows version */
71 memset(&osver, 0, sizeof(osver));
72 osver.dwOSVersionInfoSize = sizeof(osver);
73 if(! GetVersionEx(&osver))
74 return CURLE_FAILED_INIT;
76 /* Security Service Provider Interface (SSPI) functions are located in
77 * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
78 * have both these DLLs (security.dll forwards calls to secur32.dll) */
80 /* Load SSPI dll into the address space of the calling process */
81 if(osver.dwPlatformId == VER_PLATFORM_WIN32_NT
82 && osver.dwMajorVersion == 4)
83 s_hSecDll = LoadLibrary("security.dll");
85 s_hSecDll = LoadLibrary("secur32.dll");
87 return CURLE_FAILED_INIT;
89 /* Get address of the InitSecurityInterfaceA function from the SSPI dll */
90 pInitSecurityInterface = (INITSECURITYINTERFACE_FN_A)
91 GetProcAddress(s_hSecDll, "InitSecurityInterfaceA");
92 if(! pInitSecurityInterface)
93 return CURLE_FAILED_INIT;
95 /* Get pointer to Security Service Provider Interface dispatch table */
96 s_pSecFn = pInitSecurityInterface();
98 return CURLE_FAILED_INIT;
106 * Curl_sspi_global_cleanup()
108 * This deinitializes the Security Service Provider Interface from libcurl.
112 Curl_sspi_global_cleanup(void)
115 FreeLibrary(s_hSecDll);
123 * Curl_sspi_version()
125 * This function returns a string representing the SSPI library version.
126 * It will in any case return a usable string pointer which needs to be freed.
131 VS_FIXEDFILEINFO *version_info = NULL;
132 LPTSTR version = NULL;
138 path = malloc(MAX_PATH);
140 if(GetModuleFileName(s_hSecDll, path, MAX_PATH)) {
141 size = GetFileVersionInfoSize(path, &handle);
145 if(GetFileVersionInfo(path, handle, size, data)) {
146 if(VerQueryValue(data, "\\", &version_info, &handle)) {
147 version = curl_maprintf("SSPI/%d.%d.%d.%d",
148 (version_info->dwProductVersionMS>>16)&0xffff,
149 (version_info->dwProductVersionMS>>0)&0xffff,
150 (version_info->dwProductVersionLS>>16)&0xffff,
151 (version_info->dwProductVersionLS>>0)&0xffff);
161 version = strdup("SSPI/Unknown");
165 version = strdup("");
172 * Curl_sspi_status(SECURIY_STATUS status)
174 * This function returns a string representing an SSPI status.
175 * It will in any case return a usable string pointer which needs to be freed.
178 Curl_sspi_status(SECURITY_STATUS status)
180 const char* status_const;
183 case SEC_I_COMPLETE_AND_CONTINUE:
184 status_const = "SEC_I_COMPLETE_AND_CONTINUE";
186 case SEC_I_COMPLETE_NEEDED:
187 status_const = "SEC_I_COMPLETE_NEEDED";
189 case SEC_I_CONTINUE_NEEDED:
190 status_const = "SEC_I_CONTINUE_NEEDED";
192 case SEC_I_CONTEXT_EXPIRED:
193 status_const = "SEC_I_CONTEXT_EXPIRED";
195 case SEC_I_INCOMPLETE_CREDENTIALS:
196 status_const = "SEC_I_INCOMPLETE_CREDENTIALS";
198 case SEC_I_RENEGOTIATE:
199 status_const = "SEC_I_RENEGOTIATE";
201 case SEC_E_BUFFER_TOO_SMALL:
202 status_const = "SEC_E_BUFFER_TOO_SMALL";
204 case SEC_E_CONTEXT_EXPIRED:
205 status_const = "SEC_E_CONTEXT_EXPIRED";
207 case SEC_E_CRYPTO_SYSTEM_INVALID:
208 status_const = "SEC_E_CRYPTO_SYSTEM_INVALID";
210 case SEC_E_INCOMPLETE_MESSAGE:
211 status_const = "SEC_E_INCOMPLETE_MESSAGE";
213 case SEC_E_INSUFFICIENT_MEMORY:
214 status_const = "SEC_E_INSUFFICIENT_MEMORY";
216 case SEC_E_INTERNAL_ERROR:
217 status_const = "SEC_E_INTERNAL_ERROR";
219 case SEC_E_INVALID_HANDLE:
220 status_const = "SEC_E_INVALID_HANDLE";
222 case SEC_E_INVALID_TOKEN:
223 status_const = "SEC_E_INVALID_TOKEN";
225 case SEC_E_LOGON_DENIED:
226 status_const = "SEC_E_LOGON_DENIED";
228 case SEC_E_MESSAGE_ALTERED:
229 status_const = "SEC_E_MESSAGE_ALTERED";
231 case SEC_E_NO_AUTHENTICATING_AUTHORITY:
232 status_const = "SEC_E_NO_AUTHENTICATING_AUTHORITY";
234 case SEC_E_NO_CREDENTIALS:
235 status_const = "SEC_E_NO_CREDENTIALS";
237 case SEC_E_NOT_OWNER:
238 status_const = "SEC_E_NOT_OWNER";
241 status_const = "SEC_E_OK";
243 case SEC_E_OUT_OF_SEQUENCE:
244 status_const = "SEC_E_OUT_OF_SEQUENCE";
246 case SEC_E_QOP_NOT_SUPPORTED:
247 status_const = "SEC_E_QOP_NOT_SUPPORTED";
249 case SEC_E_SECPKG_NOT_FOUND:
250 status_const = "SEC_E_SECPKG_NOT_FOUND";
252 case SEC_E_TARGET_UNKNOWN:
253 status_const = "SEC_E_TARGET_UNKNOWN";
255 case SEC_E_UNKNOWN_CREDENTIALS:
256 status_const = "SEC_E_UNKNOWN_CREDENTIALS";
258 case SEC_E_UNSUPPORTED_FUNCTION:
259 status_const = "SEC_E_UNSUPPORTED_FUNCTION";
261 case SEC_E_WRONG_PRINCIPAL:
262 status_const = "SEC_E_WRONG_PRINCIPAL";
265 status_const = "Unknown error";
268 return curl_maprintf("%s (0x%08X)", status_const, status);
273 * Curl_sspi_status_msg(SECURITY_STATUS status)
275 * This function returns a message representing an SSPI status.
276 * It will in any case return a usable string pointer which needs to be freed.
280 Curl_sspi_status_msg(SECURITY_STATUS status)
282 LPSTR format_msg = NULL;
283 char *status_msg = NULL, *status_const = NULL;
286 status_len = FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
287 FORMAT_MESSAGE_FROM_SYSTEM |
288 FORMAT_MESSAGE_IGNORE_INSERTS,
289 NULL, status, 0, (LPTSTR)&format_msg, 0, NULL);
291 if(status_len > 0 && format_msg) {
292 status_msg = strdup(format_msg);
293 LocalFree(format_msg);
295 /* remove trailing CR+LF */
297 if(status_msg[status_len-1] == '\n') {
298 status_msg[status_len-1] = '\0';
300 if(status_msg[status_len-2] == '\r') {
301 status_msg[status_len-2] = '\0';
308 status_const = Curl_sspi_status(status);
310 status_msg = curl_maprintf("%s [%s]", status_msg, status_const);
314 status_msg = status_const;
320 #endif /* USE_WINDOWS_SSPI */