Return to vauth.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / lib / vauth |
1.1 ! misho 1: /*************************************************************************** ! 2: * _ _ ____ _ ! 3: * Project ___| | | | _ \| | ! 4: * / __| | | | |_) | | ! 5: * | (__| |_| | _ <| |___ ! 6: * \___|\___/|_| \_\_____| ! 7: * ! 8: * Copyright (C) 2014 - 2019, Steve Holme, <steve_holme@hotmail.com>. ! 9: * ! 10: * This software is licensed as described in the file COPYING, which ! 11: * you should have received as part of this distribution. The terms ! 12: * are also available at https://curl.haxx.se/docs/copyright.html. ! 13: * ! 14: * You may opt to use, copy, modify, merge, publish, distribute and/or sell ! 15: * copies of the Software, and permit persons to whom the Software is ! 16: * furnished to do so, under the terms of the COPYING file. ! 17: * ! 18: * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY ! 19: * KIND, either express or implied. ! 20: * ! 21: ***************************************************************************/ ! 22: ! 23: #include "curl_setup.h" ! 24: ! 25: #include <curl/curl.h> ! 26: ! 27: #include "vauth.h" ! 28: #include "curl_multibyte.h" ! 29: #include "curl_printf.h" ! 30: ! 31: /* The last #include files should be: */ ! 32: #include "curl_memory.h" ! 33: #include "memdebug.h" ! 34: ! 35: /* ! 36: * Curl_auth_build_spn() ! 37: * ! 38: * This is used to build a SPN string in the following formats: ! 39: * ! 40: * service/host@realm (Not currently used) ! 41: * service/host (Not used by GSS-API) ! 42: * service@realm (Not used by Windows SSPI) ! 43: * ! 44: * Parameters: ! 45: * ! 46: * service [in] - The service type such as http, smtp, pop or imap. ! 47: * host [in] - The host name. ! 48: * realm [in] - The realm. ! 49: * ! 50: * Returns a pointer to the newly allocated SPN. ! 51: */ ! 52: #if !defined(USE_WINDOWS_SSPI) ! 53: char *Curl_auth_build_spn(const char *service, const char *host, ! 54: const char *realm) ! 55: { ! 56: char *spn = NULL; ! 57: ! 58: /* Generate our SPN */ ! 59: if(host && realm) ! 60: spn = aprintf("%s/%s@%s", service, host, realm); ! 61: else if(host) ! 62: spn = aprintf("%s/%s", service, host); ! 63: else if(realm) ! 64: spn = aprintf("%s@%s", service, realm); ! 65: ! 66: /* Return our newly allocated SPN */ ! 67: return spn; ! 68: } ! 69: #else ! 70: TCHAR *Curl_auth_build_spn(const char *service, const char *host, ! 71: const char *realm) ! 72: { ! 73: char *utf8_spn = NULL; ! 74: TCHAR *tchar_spn = NULL; ! 75: ! 76: (void) realm; ! 77: ! 78: /* Note: We could use DsMakeSPN() or DsClientMakeSpnForTargetServer() rather ! 79: than doing this ourselves but the first is only available in Windows XP ! 80: and Windows Server 2003 and the latter is only available in Windows 2000 ! 81: but not Windows95/98/ME or Windows NT4.0 unless the Active Directory ! 82: Client Extensions are installed. As such it is far simpler for us to ! 83: formulate the SPN instead. */ ! 84: ! 85: /* Generate our UTF8 based SPN */ ! 86: utf8_spn = aprintf("%s/%s", service, host); ! 87: if(!utf8_spn) { ! 88: return NULL; ! 89: } ! 90: ! 91: /* Allocate our TCHAR based SPN */ ! 92: tchar_spn = Curl_convert_UTF8_to_tchar(utf8_spn); ! 93: if(!tchar_spn) { ! 94: free(utf8_spn); ! 95: ! 96: return NULL; ! 97: } ! 98: ! 99: /* Release the UTF8 variant when operating with Unicode */ ! 100: Curl_unicodefree(utf8_spn); ! 101: ! 102: /* Return our newly allocated SPN */ ! 103: return tchar_spn; ! 104: } ! 105: #endif /* USE_WINDOWS_SSPI */ ! 106: ! 107: /* ! 108: * Curl_auth_user_contains_domain() ! 109: * ! 110: * This is used to test if the specified user contains a Windows domain name as ! 111: * follows: ! 112: * ! 113: * Domain\User (Down-level Logon Name) ! 114: * Domain/User (curl Down-level format - for compatibility with existing code) ! 115: * User@Domain (User Principal Name) ! 116: * ! 117: * Note: The user name may be empty when using a GSS-API library or Windows ! 118: * SSPI as the user and domain are either obtained from the credentials cache ! 119: * when using GSS-API or via the currently logged in user's credentials when ! 120: * using Windows SSPI. ! 121: * ! 122: * Parameters: ! 123: * ! 124: * user [in] - The user name. ! 125: * ! 126: * Returns TRUE on success; otherwise FALSE. ! 127: */ ! 128: bool Curl_auth_user_contains_domain(const char *user) ! 129: { ! 130: bool valid = FALSE; ! 131: ! 132: if(user && *user) { ! 133: /* Check we have a domain name or UPN present */ ! 134: char *p = strpbrk(user, "\\/@"); ! 135: ! 136: valid = (p != NULL && p > user && p < user + strlen(user) - 1 ? TRUE : ! 137: FALSE); ! 138: } ! 139: #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) ! 140: else ! 141: /* User and domain are obtained from the GSS-API credentials cache or the ! 142: currently logged in user from Windows */ ! 143: valid = TRUE; ! 144: #endif ! 145: ! 146: return valid; ! 147: }