1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00

Dmitry Bartsevich discovered some issues in compatibilty of SSPI-enabled

version of libcurl with different Windows versions. Current version of
libcurl imports SSPI functions from secur32.dll. However, under Windows NT
4.0 these functions are located in security.dll, under Windows 9x - in
secur32.dll and Windows 2000 and XP contains both these DLLs (security.dll
just forwards calls to secur32.dll).

Dmitry's patch loads proper library dynamically depending on Windows
version. Function InitSecurityInterface() is used to obtain pointers to all
of SSPI function in one structure.
: ----------------------------------------------------------------------
This commit is contained in:
Daniel Stenberg 2005-11-08 14:15:34 +00:00
parent e00216581e
commit 175335808b
5 changed files with 58 additions and 21 deletions

12
CHANGES
View File

@ -8,6 +8,18 @@
Daniel (8 November 2005)
- Dmitry Bartsevich discovered some issues in compatibilty of SSPI-enabled
version of libcurl with different Windows versions. Current version of
libcurl imports SSPI functions from secur32.dll. However, under Windows NT
4.0 these functions are located in security.dll, under Windows 9x - in
secur32.dll and Windows 2000 and XP contains both these DLLs (security.dll
just forwards calls to secur32.dll).
Dmitry's patch loads proper library dynamically depending on Windows
version. Function InitSecurityInterface() is used to obtain pointers to all
of SSPI function in one structure.
Daniel (31 October 2005) Daniel (31 October 2005)
- Vilmos Nebehaj improved libcurl's LDAP abilities: - Vilmos Nebehaj improved libcurl's LDAP abilities:

View File

@ -1784,7 +1784,6 @@ AC_HELP_STRING([--disable-sspi],[Disable SSPI]),
AC_MSG_RESULT(yes) AC_MSG_RESULT(yes)
AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support]) AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support])
AC_SUBST(USE_WINDOWS_SSPI) AC_SUBST(USE_WINDOWS_SSPI)
LIBS="$LIBS -lsecur32"
curl_sspi_msg="yes" curl_sspi_msg="yes"
;; ;;
*) *)

View File

@ -89,7 +89,6 @@ CFGSET = FALSE
!IFDEF WINDOWS_SSPI !IFDEF WINDOWS_SSPI
CFLAGS = $(CFLAGS) /DUSE_WINDOWS_SSPI /I$(WINDOWS_SDK_PATH)\include CFLAGS = $(CFLAGS) /DUSE_WINDOWS_SSPI /I$(WINDOWS_SDK_PATH)\include
LFLAGS = $(LFLAGS) $(WINDOWS_SDK_PATH)\lib\secur32.lib
!ENDIF !ENDIF
############################################################## ##############################################################

View File

@ -76,6 +76,11 @@
#include <rpc.h> #include <rpc.h>
/* Handle of security.dll or secur32.dll, depending on Windows version */
static HMODULE s_hSecDll = NULL;
/* Pointer to SSPI dispatch table */
static PSecurityFunctionTable s_pSecFn = NULL;
#endif #endif
/* The last #include file should be: */ /* The last #include file should be: */
@ -305,8 +310,8 @@ ntlm_sspi_cleanup(struct ntlmdata *ntlm)
ntlm->type_2 = NULL; ntlm->type_2 = NULL;
} }
if (ntlm->has_handles) { if (ntlm->has_handles) {
DeleteSecurityContext(&ntlm->c_handle); s_pSecFn->DeleteSecurityContext(&ntlm->c_handle);
FreeCredentialsHandle(&ntlm->handle); s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
ntlm->has_handles = 0; ntlm->has_handles = 0;
} }
if (ntlm->p_identity) { if (ntlm->p_identity) {
@ -376,6 +381,35 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
if(!passwdp) if(!passwdp)
passwdp=(char *)""; passwdp=(char *)"";
#ifdef USE_WINDOWS_SSPI
/* If security interface is not yet initialized try to do this */
if (s_hSecDll == NULL) {
/* Determine Windows version. Security functions are located in
* security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
* contain both these DLLs (security.dll just forwards calls to
* secur32.dll)
*/
OSVERSIONINFO osver;
osver.dwOSVersionInfoSize = sizeof(osver);
GetVersionEx(&osver);
if (osver.dwPlatformId == VER_PLATFORM_WIN32_NT
&& osver.dwMajorVersion == 4)
s_hSecDll = LoadLibrary("security.dll");
else
s_hSecDll = LoadLibrary("secur32.dll");
if (s_hSecDll != NULL) {
INIT_SECURITY_INTERFACE pInitSecurityInterface;
pInitSecurityInterface =
(INIT_SECURITY_INTERFACE)GetProcAddress(s_hSecDll,
"InitSecurityInterfaceA");
if (pInitSecurityInterface != NULL)
s_pSecFn = pInitSecurityInterface();
}
}
if (s_pSecFn == NULL)
return CURLE_RECV_ERROR;
#endif
switch(ntlm->state) { switch(ntlm->state) {
case NTLMSTATE_TYPE1: case NTLMSTATE_TYPE1:
default: /* for the weird cases we (re)start here */ default: /* for the weird cases we (re)start here */
@ -429,7 +463,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
ntlm->p_identity = NULL; ntlm->p_identity = NULL;
} }
if (AcquireCredentialsHandle( if (s_pSecFn->AcquireCredentialsHandle(
NULL, (char *)"NTLM", SECPKG_CRED_OUTBOUND, NULL, ntlm->p_identity, NULL, (char *)"NTLM", SECPKG_CRED_OUTBOUND, NULL, ntlm->p_identity,
NULL, NULL, &ntlm->handle, &tsDummy NULL, NULL, &ntlm->handle, &tsDummy
) != SEC_E_OK) { ) != SEC_E_OK) {
@ -443,7 +477,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
buf.BufferType = SECBUFFER_TOKEN; buf.BufferType = SECBUFFER_TOKEN;
buf.pvBuffer = ntlmbuf; buf.pvBuffer = ntlmbuf;
status = InitializeSecurityContext(&ntlm->handle, NULL, (char *) host, status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, NULL, (char *) host,
ISC_REQ_CONFIDENTIALITY | ISC_REQ_CONFIDENTIALITY |
ISC_REQ_REPLAY_DETECT | ISC_REQ_REPLAY_DETECT |
ISC_REQ_CONNECTION, ISC_REQ_CONNECTION,
@ -453,21 +487,10 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
if (status == SEC_I_COMPLETE_AND_CONTINUE || if (status == SEC_I_COMPLETE_AND_CONTINUE ||
status == SEC_I_CONTINUE_NEEDED) { status == SEC_I_CONTINUE_NEEDED) {
/* CompleteAuthToken() is not present in Win9x, so load it dynamically */ s_pSecFn->CompleteAuthToken(&ntlm->c_handle, &desc);
SECURITY_STATUS (__stdcall * pCompleteAuthToken)
(PCtxtHandle,PSecBufferDesc);
HMODULE hSecur32 = GetModuleHandle("secur32.dll");
if (hSecur32 != NULL) {
pCompleteAuthToken =
(SECURITY_STATUS (__stdcall *)(PCtxtHandle,PSecBufferDesc))
GetProcAddress(hSecur32, "CompleteAuthToken");
if( pCompleteAuthToken != NULL ) {
pCompleteAuthToken(&ntlm->c_handle, &desc);
}
}
} }
else if (status != SEC_E_OK) { else if (status != SEC_E_OK) {
FreeCredentialsHandle(&ntlm->handle); s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
return CURLE_RECV_ERROR; return CURLE_RECV_ERROR;
} }
@ -579,7 +602,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
type_3.pvBuffer = ntlmbuf; type_3.pvBuffer = ntlmbuf;
type_3.cbBuffer = sizeof(ntlmbuf); type_3.cbBuffer = sizeof(ntlmbuf);
status = InitializeSecurityContext(&ntlm->handle, &ntlm->c_handle, status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, &ntlm->c_handle,
(char *) host, (char *) host,
ISC_REQ_CONFIDENTIALITY | ISC_REQ_CONFIDENTIALITY |
ISC_REQ_REPLAY_DETECT | ISC_REQ_REPLAY_DETECT |
@ -783,6 +806,11 @@ Curl_ntlm_cleanup(struct connectdata *conn)
#ifdef USE_WINDOWS_SSPI #ifdef USE_WINDOWS_SSPI
ntlm_sspi_cleanup(&conn->ntlm); ntlm_sspi_cleanup(&conn->ntlm);
ntlm_sspi_cleanup(&conn->proxyntlm); ntlm_sspi_cleanup(&conn->proxyntlm);
if (s_hSecDll != NULL) {
FreeLibrary(s_hSecDll);
s_hSecDll = NULL;
s_pSecFn = NULL;
}
#else #else
(void)conn; (void)conn;
#endif #endif

View File

@ -69,7 +69,6 @@ RESFLAGS = /i../include
!IFDEF WINDOWS_SSPI !IFDEF WINDOWS_SSPI
CFLAGS = $(CFLAGS) /DUSE_WINDOWS_SSPI /I$(WINDOWS_SDK_PATH)\include CFLAGS = $(CFLAGS) /DUSE_WINDOWS_SSPI /I$(WINDOWS_SDK_PATH)\include
LFLAGS = $(LFLAGS) $(WINDOWS_SDK_PATH)\lib\secur32.lib
!ENDIF !ENDIF
RELEASE_OBJS= \ RELEASE_OBJS= \