Dmitry Bartsevich discovered some issues in compatibilty of SSPI-enabled

version of libcurl with different Windows versions. Current version of libcurl imports SSPI functions from secur32.dll. However, under Windows NT 4.0 these functions are located in security.dll, under Windows 9x - in secur32.dll and Windows 2000 and XP contains both these DLLs (security.dll just forwards calls to secur32.dll). Dmitry's patch loads proper library dynamically depending on Windows version. Function InitSecurityInterface() is used to obtain pointers to all of SSPI function in one structure. : ----------------------------------------------------------------------
author: Daniel Stenberg <daniel@haxx.se> 2005-11-08 14:15:34 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2005-11-08 14:15:34 +0000
commit: 175335808b38afdd4aacbbee72eb0a8601f77296 (patch)
tree: eac52b6e31d04de61ae28946bddb95664c06ae63
parent: e00216581e82e93a445ab4a19fb43ff9c7fc9234 (diff)
5 files changed, 58 insertions, 21 deletions
diff --git a/CHANGES b/CHANGES
index c6e46d924..2ae152d41 100644
--- a/CHANGES
+++ b/CHANGES
@@ -8,6 +8,18 @@
 
 
 
+Daniel (8 November 2005)
+- Dmitry Bartsevich discovered some issues in compatibilty of SSPI-enabled
+  version of libcurl with different Windows versions. Current version of
+  libcurl imports SSPI functions from secur32.dll. However, under Windows NT
+  4.0 these functions are located in security.dll, under Windows 9x - in
+  secur32.dll and Windows 2000 and XP contains both these DLLs (security.dll
+  just forwards calls to secur32.dll).
+
+  Dmitry's patch loads proper library dynamically depending on Windows
+  version. Function InitSecurityInterface() is used to obtain pointers to all
+  of SSPI function in one structure.
+
 Daniel (31 October 2005)
 - Vilmos Nebehaj improved libcurl's LDAP abilities:
 
diff --git a/configure.ac b/configure.ac
index 40c95a0ea..629f0ba28 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1784,7 +1784,6 @@ AC_HELP_STRING([--disable-sspi],[Disable SSPI]),
        AC_MSG_RESULT(yes)
        AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support])
        AC_SUBST(USE_WINDOWS_SSPI)
-       LIBS="$LIBS -lsecur32"
        curl_sspi_msg="yes"
        ;;
   *)
diff --git a/lib/Makefile.vc6 b/lib/Makefile.vc6
index 304703ec3..18cb2aefb 100644
--- a/lib/Makefile.vc6
+++ b/lib/Makefile.vc6
@@ -89,7 +89,6 @@ CFGSET     = FALSE
 
 !IFDEF WINDOWS_SSPI
 CFLAGS = $(CFLAGS) /DUSE_WINDOWS_SSPI /I$(WINDOWS_SDK_PATH)\include
-LFLAGS = $(LFLAGS) $(WINDOWS_SDK_PATH)\lib\secur32.lib
 !ENDIF
 
 ##############################################################
diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c
index a64f61170..1d404345a 100644
--- a/lib/http_ntlm.c
+++ b/lib/http_ntlm.c
@@ -76,6 +76,11 @@
 
 #include <rpc.h>
 
+/* Handle of security.dll or secur32.dll, depending on Windows version */
+static HMODULE s_hSecDll = NULL;
+/* Pointer to SSPI dispatch table */
+static PSecurityFunctionTable s_pSecFn = NULL;
+
 #endif
 
 /* The last #include file should be: */
@@ -305,8 +310,8 @@ ntlm_sspi_cleanup(struct ntlmdata *ntlm)
     ntlm->type_2 = NULL;
   }
   if (ntlm->has_handles) {
-    DeleteSecurityContext(&ntlm->c_handle);
-    FreeCredentialsHandle(&ntlm->handle);
+    s_pSecFn->DeleteSecurityContext(&ntlm->c_handle);
+    s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
     ntlm->has_handles = 0;
   }
   if (ntlm->p_identity) {
@@ -376,6 +381,35 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
   if(!passwdp)
     passwdp=(char *)"";
 
+#ifdef USE_WINDOWS_SSPI
+  /* If security interface is not yet initialized try to do this */
+  if (s_hSecDll == NULL) {
+    /* Determine Windows version. Security functions are located in
+     * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
+     * contain both these DLLs (security.dll just forwards calls to
+     * secur32.dll)
+     */
+    OSVERSIONINFO osver;
+    osver.dwOSVersionInfoSize = sizeof(osver);
+    GetVersionEx(&osver);
+    if (osver.dwPlatformId == VER_PLATFORM_WIN32_NT
+      && osver.dwMajorVersion == 4)
+      s_hSecDll = LoadLibrary("security.dll");
+    else
+      s_hSecDll = LoadLibrary("secur32.dll");
+    if (s_hSecDll != NULL) {
+      INIT_SECURITY_INTERFACE pInitSecurityInterface;
+  	pInitSecurityInterface =
+  	  (INIT_SECURITY_INTERFACE)GetProcAddress(s_hSecDll,
+                                                  "InitSecurityInterfaceA");
+  	if (pInitSecurityInterface != NULL)
+  	  s_pSecFn = pInitSecurityInterface();
+    }
+  }
+  if (s_pSecFn == NULL)
+    return CURLE_RECV_ERROR;
+#endif
+
   switch(ntlm->state) {
   case NTLMSTATE_TYPE1:
   default: /* for the weird cases we (re)start here */
@@ -429,7 +463,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
       ntlm->p_identity = NULL;
     }
 
-    if (AcquireCredentialsHandle(
+    if (s_pSecFn->AcquireCredentialsHandle(
           NULL, (char *)"NTLM", SECPKG_CRED_OUTBOUND, NULL, ntlm->p_identity,
           NULL, NULL, &ntlm->handle, &tsDummy
           ) != SEC_E_OK) {
@@ -443,7 +477,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
     buf.BufferType = SECBUFFER_TOKEN;
     buf.pvBuffer   = ntlmbuf;
 
-    status = InitializeSecurityContext(&ntlm->handle, NULL, (char *) host,
+    status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, NULL, (char *) host,
                                        ISC_REQ_CONFIDENTIALITY |
                                        ISC_REQ_REPLAY_DETECT |
                                        ISC_REQ_CONNECTION,
@@ -453,21 +487,10 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
 
     if (status == SEC_I_COMPLETE_AND_CONTINUE ||
         status == SEC_I_CONTINUE_NEEDED) {
-      /* CompleteAuthToken() is not present in Win9x, so load it dynamically */
-      SECURITY_STATUS (__stdcall * pCompleteAuthToken)
-        (PCtxtHandle,PSecBufferDesc);
-      HMODULE hSecur32 = GetModuleHandle("secur32.dll");
-      if (hSecur32 != NULL) {
-        pCompleteAuthToken =
-          (SECURITY_STATUS (__stdcall *)(PCtxtHandle,PSecBufferDesc))
-            GetProcAddress(hSecur32, "CompleteAuthToken");
-        if( pCompleteAuthToken != NULL ) {
-          pCompleteAuthToken(&ntlm->c_handle, &desc);
-        }
-      }
+      s_pSecFn->CompleteAuthToken(&ntlm->c_handle, &desc);
     }
     else if (status != SEC_E_OK) {
-      FreeCredentialsHandle(&ntlm->handle);
+      s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
       return CURLE_RECV_ERROR;
     }
 
@@ -579,7 +602,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
     type_3.pvBuffer   = ntlmbuf;
     type_3.cbBuffer   = sizeof(ntlmbuf);
 
-    status = InitializeSecurityContext(&ntlm->handle, &ntlm->c_handle,
+    status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, &ntlm->c_handle,
                                        (char *) host,
                                        ISC_REQ_CONFIDENTIALITY |
                                        ISC_REQ_REPLAY_DETECT |
@@ -783,6 +806,11 @@ Curl_ntlm_cleanup(struct connectdata *conn)
 #ifdef USE_WINDOWS_SSPI
   ntlm_sspi_cleanup(&conn->ntlm);
   ntlm_sspi_cleanup(&conn->proxyntlm);
+  if (s_hSecDll != NULL) {
+    FreeLibrary(s_hSecDll);
+	s_hSecDll = NULL;
+	s_pSecFn = NULL;
+  }
 #else
   (void)conn;
 #endif
diff --git a/src/Makefile.vc6 b/src/Makefile.vc6
index 60874442e..b7ea2d8b1 100644
--- a/src/Makefile.vc6
+++ b/src/Makefile.vc6
@@ -69,7 +69,6 @@ RESFLAGS = /i../include
 
 !IFDEF WINDOWS_SSPI
 CFLAGS = $(CFLAGS) /DUSE_WINDOWS_SSPI /I$(WINDOWS_SDK_PATH)\include
-LFLAGS = $(LFLAGS) $(WINDOWS_SDK_PATH)\lib\secur32.lib
 !ENDIF
 
 RELEASE_OBJS= \
author	Daniel Stenberg <daniel@haxx.se>	2005-11-08 14:15:34 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2005-11-08 14:15:34 +0000
commit	175335808b38afdd4aacbbee72eb0a8601f77296 (patch)
tree	eac52b6e31d04de61ae28946bddb95664c06ae63
parent	e00216581e82e93a445ab4a19fb43ff9c7fc9234 (diff)