aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2014-04-02 22:04:13 +0100
committerSteve Holme <steve_holme@hotmail.com>2014-04-06 00:35:22 +0100
commitc46994129374ab5f688f68b5d138570174ab1d20 (patch)
treefe1beb80ac1f16da26bfddb02513e65e8ea62f34 /lib
parentff853960bd7dcf6cfd0ea4ff6a91ea143e27fd4b (diff)
ntlm: Moved the identity generation into shared SSPI code
Diffstat (limited to 'lib')
-rw-r--r--lib/curl_ntlm_msgs.c88
-rw-r--r--lib/curl_ntlm_msgs.h8
-rw-r--r--lib/curl_sspi.c104
-rw-r--r--lib/curl_sspi.h15
4 files changed, 130 insertions, 85 deletions
diff --git a/lib/curl_ntlm_msgs.c b/lib/curl_ntlm_msgs.c
index 050ffe25d..e222b73b7 100644
--- a/lib/curl_ntlm_msgs.c
+++ b/lib/curl_ntlm_msgs.c
@@ -346,17 +346,15 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm)
{
Curl_safefree(ntlm->type_2);
+
if(ntlm->has_handles) {
s_pSecFn->DeleteSecurityContext(&ntlm->c_handle);
s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
ntlm->has_handles = 0;
}
- if(ntlm->p_identity) {
- Curl_safefree(ntlm->identity.User);
- Curl_safefree(ntlm->identity.Password);
- Curl_safefree(ntlm->identity.Domain);
- ntlm->p_identity = NULL;
- }
+
+ Curl_sspi_free_identity(ntlm->p_identity);
+ ntlm->p_identity = NULL;
}
#endif
@@ -420,84 +418,20 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
SecBufferDesc desc;
SECURITY_STATUS status;
unsigned long attrs;
- xcharp_u useranddomain;
- xcharp_u user, dup_user;
- xcharp_u domain, dup_domain;
- xcharp_u passwd, dup_passwd;
- size_t domlen = 0;
TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
- domain.const_tchar_ptr = TEXT("");
-
Curl_ntlm_sspi_cleanup(ntlm);
if(userp && *userp) {
+ CURLcode result;
- /* null initialize ntlm identity's data to allow proper cleanup */
- ntlm->p_identity = &ntlm->identity;
- memset(ntlm->p_identity, 0, sizeof(*ntlm->p_identity));
-
- useranddomain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)userp);
- if(!useranddomain.tchar_ptr)
- return CURLE_OUT_OF_MEMORY;
-
- user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
- if(!user.const_tchar_ptr)
- user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));
-
- if(user.tchar_ptr) {
- domain.tchar_ptr = useranddomain.tchar_ptr;
- domlen = user.tchar_ptr - useranddomain.tchar_ptr;
- user.tchar_ptr++;
- }
- else {
- user.tchar_ptr = useranddomain.tchar_ptr;
- domain.const_tchar_ptr = TEXT("");
- domlen = 0;
- }
+ /* Populate our identity structure */
+ result = Curl_create_sspi_identity(userp, passwdp, &ntlm->identity);
+ if(result)
+ return result;
- /* setup ntlm identity's user and length */
- dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
- if(!dup_user.tchar_ptr) {
- Curl_unicodefree(useranddomain.tchar_ptr);
- return CURLE_OUT_OF_MEMORY;
- }
- ntlm->identity.User = dup_user.tbyte_ptr;
- ntlm->identity.UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
- dup_user.tchar_ptr = NULL;
-
- /* setup ntlm identity's domain and length */
- dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
- if(!dup_domain.tchar_ptr) {
- Curl_unicodefree(useranddomain.tchar_ptr);
- return CURLE_OUT_OF_MEMORY;
- }
- _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
- *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
- ntlm->identity.Domain = dup_domain.tbyte_ptr;
- ntlm->identity.DomainLength = curlx_uztoul(domlen);
- dup_domain.tchar_ptr = NULL;
-
- Curl_unicodefree(useranddomain.tchar_ptr);
-
- /* setup ntlm identity's password and length */
- passwd.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)passwdp);
- if(!passwd.tchar_ptr)
- return CURLE_OUT_OF_MEMORY;
- dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
- if(!dup_passwd.tchar_ptr) {
- Curl_unicodefree(passwd.tchar_ptr);
- return CURLE_OUT_OF_MEMORY;
- }
- ntlm->identity.Password = dup_passwd.tbyte_ptr;
- ntlm->identity.PasswordLength =
- curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
- dup_passwd.tchar_ptr = NULL;
-
- Curl_unicodefree(passwd.tchar_ptr);
-
- /* setup ntlm identity's flags */
- ntlm->identity.Flags = SECFLAG_WINNT_AUTH_IDENTITY;
+ /* Allow proper cleanup of the identity structure */
+ ntlm->p_identity = &ntlm->identity;
}
else
ntlm->p_identity = NULL;
diff --git a/lib/curl_ntlm_msgs.h b/lib/curl_ntlm_msgs.h
index d8000b5fe..80413c885 100644
--- a/lib/curl_ntlm_msgs.h
+++ b/lib/curl_ntlm_msgs.h
@@ -170,14 +170,6 @@ void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm);
#define NTLMFLAG_NEGOTIATE_56 (1<<31)
/* Indicates that 56-bit encryption is supported. */
-#ifdef UNICODE
-# define SECFLAG_WINNT_AUTH_IDENTITY \
- (unsigned long)SEC_WINNT_AUTH_IDENTITY_UNICODE
-#else
-# define SECFLAG_WINNT_AUTH_IDENTITY \
- (unsigned long)SEC_WINNT_AUTH_IDENTITY_ANSI
-#endif
-
#endif /* BUILDING_CURL_NTLM_MSGS_C */
#endif /* USE_NTLM */
diff --git a/lib/curl_sspi.c b/lib/curl_sspi.c
index bb41a879c..f09d28827 100644
--- a/lib/curl_sspi.c
+++ b/lib/curl_sspi.c
@@ -32,6 +32,9 @@
#include <curl/mprintf.h>
#include "curl_memory.h"
+#include "curl_multibyte.h"
+#include "warnless.h"
+
/* The last #include file should be: */
#include "memdebug.h"
@@ -150,4 +153,105 @@ void Curl_sspi_global_cleanup(void)
}
}
+/*
+ * Curl_create_sspi_identity()
+ *
+ * This is used to populate a SSPI identity structure based on the supplied
+ * username and password.
+ *
+ * Parameters:
+ *
+ * userp [in] - The user name in the format User or Domain\User.
+ * passdwp [in] - The user's password.
+ * identity [in/out] - The identity structure.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
+ SEC_WINNT_AUTH_IDENTITY *identity)
+{
+ xcharp_u useranddomain;
+ xcharp_u user, dup_user;
+ xcharp_u domain, dup_domain;
+ xcharp_u passwd, dup_passwd;
+ size_t domlen = 0;
+
+ domain.const_tchar_ptr = TEXT("");
+
+ /* Initialize the identity */
+ memset(identity, 0, sizeof(*identity));
+
+ useranddomain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)userp);
+ if(!useranddomain.tchar_ptr)
+ return CURLE_OUT_OF_MEMORY;
+
+ user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
+ if(!user.const_tchar_ptr)
+ user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));
+
+ if(user.tchar_ptr) {
+ domain.tchar_ptr = useranddomain.tchar_ptr;
+ domlen = user.tchar_ptr - useranddomain.tchar_ptr;
+ user.tchar_ptr++;
+ }
+ else {
+ user.tchar_ptr = useranddomain.tchar_ptr;
+ domain.const_tchar_ptr = TEXT("");
+ domlen = 0;
+ }
+
+ /* Setup the identity's user and length */
+ dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
+ if(!dup_user.tchar_ptr) {
+ Curl_unicodefree(useranddomain.tchar_ptr);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ identity->User = dup_user.tbyte_ptr;
+ identity->UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
+ dup_user.tchar_ptr = NULL;
+
+ /* Setup the identity's domain and length */
+ dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
+ if(!dup_domain.tchar_ptr) {
+ Curl_unicodefree(useranddomain.tchar_ptr);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
+ *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
+ identity->Domain = dup_domain.tbyte_ptr;
+ identity->DomainLength = curlx_uztoul(domlen);
+ dup_domain.tchar_ptr = NULL;
+
+ Curl_unicodefree(useranddomain.tchar_ptr);
+
+ /* Setup ntlm identity's password and length */
+ passwd.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)passwdp);
+ if(!passwd.tchar_ptr)
+ return CURLE_OUT_OF_MEMORY;
+ dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
+ if(!dup_passwd.tchar_ptr) {
+ Curl_unicodefree(passwd.tchar_ptr);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ identity->Password = dup_passwd.tbyte_ptr;
+ identity->PasswordLength = curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
+ dup_passwd.tchar_ptr = NULL;
+
+ Curl_unicodefree(passwd.tchar_ptr);
+
+ /* Setup the identity's flags */
+ identity->Flags = SECFLAG_WINNT_AUTH_IDENTITY;
+
+ return CURLE_OK;
+}
+
+void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity)
+{
+ if(identity) {
+ Curl_safefree(identity->User);
+ Curl_safefree(identity->Password);
+ Curl_safefree(identity->Domain);
+ }
+}
+
#endif /* USE_WINDOWS_SSPI */
diff --git a/lib/curl_sspi.h b/lib/curl_sspi.h
index d52582856..812d7a849 100644
--- a/lib/curl_sspi.h
+++ b/lib/curl_sspi.h
@@ -43,6 +43,13 @@
CURLcode Curl_sspi_global_init(void);
void Curl_sspi_global_cleanup(void);
+/* This is used to generate an SSPI identity structure */
+CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
+ SEC_WINNT_AUTH_IDENTITY *identity);
+
+/* This is used to free an SSPI identity structure */
+void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity);
+
/* Forward-declaration of global variables defined in curl_sspi.c */
extern HMODULE s_hSecDll;
@@ -289,5 +296,13 @@ extern PSecurityFunctionTable s_pSecFn;
# define SEC_I_SIGNATURE_NEEDED ((HRESULT)0x0009035CL)
#endif
+#ifdef UNICODE
+# define SECFLAG_WINNT_AUTH_IDENTITY \
+ (unsigned long)SEC_WINNT_AUTH_IDENTITY_UNICODE
+#else
+# define SECFLAG_WINNT_AUTH_IDENTITY \
+ (unsigned long)SEC_WINNT_AUTH_IDENTITY_ANSI
+#endif
+
#endif /* USE_WINDOWS_SSPI */
#endif /* HEADER_CURL_SSPI_H */