1/***************************************************************************
2 *                                  _   _ ____  _
3 *  Project                     ___| | | |  _ \| |
4 *                             / __| | | | |_) | |
5 *                            | (__| |_| |  _ <| |___
6 *                             \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.haxx.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ***************************************************************************/
22
23#include "curl_setup.h"
24
25#ifdef USE_WINDOWS_SSPI
26
27#include <curl/curl.h>
28#include "curl_sspi.h"
29#include "curl_multibyte.h"
30#include "system_win32.h"
31#include "warnless.h"
32
33/* The last #include files should be: */
34#include "curl_memory.h"
35#include "memdebug.h"
36
37/* We use our own typedef here since some headers might lack these */
38typedef PSecurityFunctionTable (APIENTRY *INITSECURITYINTERFACE_FN)(VOID);
39
40/* See definition of SECURITY_ENTRYPOINT in sspi.h */
41#ifdef UNICODE
42#  ifdef _WIN32_WCE
43#    define SECURITYENTRYPOINT L"InitSecurityInterfaceW"
44#  else
45#    define SECURITYENTRYPOINT "InitSecurityInterfaceW"
46#  endif
47#else
48#  define SECURITYENTRYPOINT "InitSecurityInterfaceA"
49#endif
50
51/* Handle of security.dll or secur32.dll, depending on Windows version */
52HMODULE s_hSecDll = NULL;
53
54/* Pointer to SSPI dispatch table */
55PSecurityFunctionTable s_pSecFn = NULL;
56
57/*
58 * Curl_sspi_global_init()
59 *
60 * This is used to load the Security Service Provider Interface (SSPI)
61 * dynamic link library portably across all Windows versions, without
62 * the need to directly link libcurl, nor the application using it, at
63 * build time.
64 *
65 * Once this function has been executed, Windows SSPI functions can be
66 * called through the Security Service Provider Interface dispatch table.
67 */
68CURLcode Curl_sspi_global_init(void)
69{
70  INITSECURITYINTERFACE_FN pInitSecurityInterface;
71
72  /* If security interface is not yet initialized try to do this */
73  if(!s_hSecDll) {
74    /* Security Service Provider Interface (SSPI) functions are located in
75     * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
76     * have both these DLLs (security.dll forwards calls to secur32.dll) */
77
78    /* Load SSPI dll into the address space of the calling process */
79    if(Curl_verify_windows_version(4, 0, PLATFORM_WINNT, VERSION_EQUAL))
80      s_hSecDll = Curl_load_library(TEXT("security.dll"));
81    else
82      s_hSecDll = Curl_load_library(TEXT("secur32.dll"));
83    if(!s_hSecDll)
84      return CURLE_FAILED_INIT;
85
86    /* Get address of the InitSecurityInterfaceA function from the SSPI dll */
87    pInitSecurityInterface = (INITSECURITYINTERFACE_FN)
88      GetProcAddress(s_hSecDll, SECURITYENTRYPOINT);
89    if(!pInitSecurityInterface)
90      return CURLE_FAILED_INIT;
91
92    /* Get pointer to Security Service Provider Interface dispatch table */
93    s_pSecFn = pInitSecurityInterface();
94    if(!s_pSecFn)
95      return CURLE_FAILED_INIT;
96  }
97
98  return CURLE_OK;
99}
100
101/*
102 * Curl_sspi_global_cleanup()
103 *
104 * This deinitializes the Security Service Provider Interface from libcurl.
105 */
106
107void Curl_sspi_global_cleanup(void)
108{
109  if(s_hSecDll) {
110    FreeLibrary(s_hSecDll);
111    s_hSecDll = NULL;
112    s_pSecFn = NULL;
113  }
114}
115
116/*
117 * Curl_create_sspi_identity()
118 *
119 * This is used to populate a SSPI identity structure based on the supplied
120 * username and password.
121 *
122 * Parameters:
123 *
124 * userp    [in]     - The user name in the format User or Domain\User.
125 * passdwp  [in]     - The user's password.
126 * identity [in/out] - The identity structure.
127 *
128 * Returns CURLE_OK on success.
129 */
130CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
131                                   SEC_WINNT_AUTH_IDENTITY *identity)
132{
133  xcharp_u useranddomain;
134  xcharp_u user, dup_user;
135  xcharp_u domain, dup_domain;
136  xcharp_u passwd, dup_passwd;
137  size_t domlen = 0;
138
139  domain.const_tchar_ptr = TEXT("");
140
141  /* Initialize the identity */
142  memset(identity, 0, sizeof(*identity));
143
144  useranddomain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)userp);
145  if(!useranddomain.tchar_ptr)
146    return CURLE_OUT_OF_MEMORY;
147
148  user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
149  if(!user.const_tchar_ptr)
150    user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));
151
152  if(user.tchar_ptr) {
153    domain.tchar_ptr = useranddomain.tchar_ptr;
154    domlen = user.tchar_ptr - useranddomain.tchar_ptr;
155    user.tchar_ptr++;
156  }
157  else {
158    user.tchar_ptr = useranddomain.tchar_ptr;
159    domain.const_tchar_ptr = TEXT("");
160    domlen = 0;
161  }
162
163  /* Setup the identity's user and length */
164  dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
165  if(!dup_user.tchar_ptr) {
166    Curl_unicodefree(useranddomain.tchar_ptr);
167    return CURLE_OUT_OF_MEMORY;
168  }
169  identity->User = dup_user.tbyte_ptr;
170  identity->UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
171  dup_user.tchar_ptr = NULL;
172
173  /* Setup the identity's domain and length */
174  dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
175  if(!dup_domain.tchar_ptr) {
176    Curl_unicodefree(useranddomain.tchar_ptr);
177    return CURLE_OUT_OF_MEMORY;
178  }
179  _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
180  *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
181  identity->Domain = dup_domain.tbyte_ptr;
182  identity->DomainLength = curlx_uztoul(domlen);
183  dup_domain.tchar_ptr = NULL;
184
185  Curl_unicodefree(useranddomain.tchar_ptr);
186
187  /* Setup the identity's password and length */
188  passwd.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)passwdp);
189  if(!passwd.tchar_ptr)
190    return CURLE_OUT_OF_MEMORY;
191  dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
192  if(!dup_passwd.tchar_ptr) {
193    Curl_unicodefree(passwd.tchar_ptr);
194    return CURLE_OUT_OF_MEMORY;
195  }
196  identity->Password = dup_passwd.tbyte_ptr;
197  identity->PasswordLength = curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
198  dup_passwd.tchar_ptr = NULL;
199
200  Curl_unicodefree(passwd.tchar_ptr);
201
202  /* Setup the identity's flags */
203  identity->Flags = SECFLAG_WINNT_AUTH_IDENTITY;
204
205  return CURLE_OK;
206}
207
208void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity)
209{
210  if(identity) {
211    Curl_safefree(identity->User);
212    Curl_safefree(identity->Password);
213    Curl_safefree(identity->Domain);
214  }
215}
216
217#endif /* USE_WINDOWS_SSPI */
218