mirror of
https://github.com/curl/curl.git
synced 2026-04-14 22:21:41 +03:00
f4e23950c7
The issues found fell into these categories, with the applied fixes:
- const was accidentally stripped.
Adjust code to not cast or cast with const.
- const/volatile missing from arguments, local variables.
Constify arguments or variables, adjust/delete casts. Small code
changes in a few places.
- const must be stripped because an API dependency requires it.
Strip `const` with `CURL_UNCONST()` macro to silence the warning out
of our control. These happen at API boundaries. Sometimes they depend
on dependency version, which this patch handles as necessary. Also
enable const support for the zlib API, using `ZLIB_CONST`. Supported
by zlib 1.2.5.2 and newer.
- const must be stripped because a curl API requires it.
Strip `const` with `CURL_UNCONST()` macro to silence the warning out
of our immediate control. For example we promise to send a non-const
argument to a callback, though the data is const internally.
- other cases where we may avoid const stripping by code changes.
Also silenced with `CURL_UNCONST()`.
- there are 3 places where `CURL_UNCONST()` is cast again to const.
To silence this type of warning:
```
lib/vquic/curl_osslq.c:1015:29: error: to be safe all intermediate
pointers in cast from 'unsigned char **' to 'const unsigned char **'
must be 'const' qualified [-Werror=cast-qual]
lib/cf-socket.c:734:32: error: to be safe all intermediate pointers in
cast from 'char **' to 'const char **' must be 'const' qualified
[-Werror=cast-qual]
```
There may be a better solution, but I couldn't find it.
These cases are handled in separate subcommits, but without further
markup.
If you see a `-Wcast-qual` warning in curl, we appreciate your report
about it.
Closes #16142
239 lines
7 KiB
C
239 lines
7 KiB
C
/***************************************************************************
|
|
* _ _ ____ _
|
|
* Project ___| | | | _ \| |
|
|
* / __| | | | |_) | |
|
|
* | (__| |_| | _ <| |___
|
|
* \___|\___/|_| \_\_____|
|
|
*
|
|
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
*
|
|
* This software is licensed as described in the file COPYING, which
|
|
* you should have received as part of this distribution. The terms
|
|
* are also available at https://curl.se/docs/copyright.html.
|
|
*
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
* copies of the Software, and permit persons to whom the Software is
|
|
* furnished to do so, under the terms of the COPYING file.
|
|
*
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
* KIND, either express or implied.
|
|
*
|
|
* SPDX-License-Identifier: curl
|
|
*
|
|
***************************************************************************/
|
|
|
|
#include "curl_setup.h"
|
|
|
|
#ifdef USE_WINDOWS_SSPI
|
|
|
|
#include <curl/curl.h>
|
|
#include "curl_sspi.h"
|
|
#include "curl_multibyte.h"
|
|
#include "system_win32.h"
|
|
#include "version_win32.h"
|
|
#include "warnless.h"
|
|
|
|
/* The last #include files should be: */
|
|
#include "curl_memory.h"
|
|
#include "memdebug.h"
|
|
|
|
/* We use our own typedef here since some headers might lack these */
|
|
typedef PSecurityFunctionTable (APIENTRY *INITSECURITYINTERFACE_FN)(VOID);
|
|
|
|
/* See definition of SECURITY_ENTRYPOINT in sspi.h */
|
|
#ifdef UNICODE
|
|
# ifdef UNDER_CE
|
|
# define SECURITYENTRYPOINT L"InitSecurityInterfaceW"
|
|
# else
|
|
# define SECURITYENTRYPOINT "InitSecurityInterfaceW"
|
|
# endif
|
|
#else
|
|
# define SECURITYENTRYPOINT "InitSecurityInterfaceA"
|
|
#endif
|
|
|
|
/* Handle of security.dll or secur32.dll, depending on Windows version */
|
|
HMODULE Curl_hSecDll = NULL;
|
|
|
|
/* Pointer to SSPI dispatch table */
|
|
PSecurityFunctionTable Curl_pSecFn = NULL;
|
|
|
|
/*
|
|
* Curl_sspi_global_init()
|
|
*
|
|
* This is used to load the Security Service Provider Interface (SSPI)
|
|
* dynamic link library portably across all Windows versions, without
|
|
* the need to directly link libcurl, nor the application using it, at
|
|
* build time.
|
|
*
|
|
* Once this function has been executed, Windows SSPI functions can be
|
|
* called through the Security Service Provider Interface dispatch table.
|
|
*
|
|
* Parameters:
|
|
*
|
|
* None.
|
|
*
|
|
* Returns CURLE_OK on success.
|
|
*/
|
|
CURLcode Curl_sspi_global_init(void)
|
|
{
|
|
INITSECURITYINTERFACE_FN pInitSecurityInterface;
|
|
|
|
/* If security interface is not yet initialized try to do this */
|
|
if(!Curl_hSecDll) {
|
|
/* Security Service Provider Interface (SSPI) functions are located in
|
|
* security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
|
|
* have both these DLLs (security.dll forwards calls to secur32.dll) */
|
|
|
|
/* Load SSPI dll into the address space of the calling process */
|
|
if(curlx_verify_windows_version(4, 0, 0, PLATFORM_WINNT, VERSION_EQUAL))
|
|
Curl_hSecDll = Curl_load_library(TEXT("security.dll"));
|
|
else
|
|
Curl_hSecDll = Curl_load_library(TEXT("secur32.dll"));
|
|
if(!Curl_hSecDll)
|
|
return CURLE_FAILED_INIT;
|
|
|
|
/* Get address of the InitSecurityInterfaceA function from the SSPI dll */
|
|
pInitSecurityInterface =
|
|
CURLX_FUNCTION_CAST(INITSECURITYINTERFACE_FN,
|
|
(GetProcAddress(Curl_hSecDll, SECURITYENTRYPOINT)));
|
|
if(!pInitSecurityInterface)
|
|
return CURLE_FAILED_INIT;
|
|
|
|
/* Get pointer to Security Service Provider Interface dispatch table */
|
|
Curl_pSecFn = pInitSecurityInterface();
|
|
if(!Curl_pSecFn)
|
|
return CURLE_FAILED_INIT;
|
|
}
|
|
|
|
return CURLE_OK;
|
|
}
|
|
|
|
/*
|
|
* Curl_sspi_global_cleanup()
|
|
*
|
|
* This deinitializes the Security Service Provider Interface from libcurl.
|
|
*
|
|
* Parameters:
|
|
*
|
|
* None.
|
|
*/
|
|
void Curl_sspi_global_cleanup(void)
|
|
{
|
|
if(Curl_hSecDll) {
|
|
FreeLibrary(Curl_hSecDll);
|
|
Curl_hSecDll = NULL;
|
|
Curl_pSecFn = NULL;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Curl_create_sspi_identity()
|
|
*
|
|
* This is used to populate a SSPI identity structure based on the supplied
|
|
* username and password.
|
|
*
|
|
* Parameters:
|
|
*
|
|
* userp [in] - The username in the format User or Domain\User.
|
|
* passwdp [in] - The user's password.
|
|
* identity [in/out] - The identity structure.
|
|
*
|
|
* Returns CURLE_OK on success.
|
|
*/
|
|
CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
|
|
SEC_WINNT_AUTH_IDENTITY *identity)
|
|
{
|
|
xcharp_u useranddomain;
|
|
xcharp_u user, dup_user;
|
|
xcharp_u domain, dup_domain;
|
|
xcharp_u passwd, dup_passwd;
|
|
size_t domlen = 0;
|
|
|
|
domain.const_tchar_ptr = TEXT("");
|
|
|
|
/* Initialize the identity */
|
|
memset(identity, 0, sizeof(*identity));
|
|
|
|
useranddomain.tchar_ptr = curlx_convert_UTF8_to_tchar(userp);
|
|
if(!useranddomain.tchar_ptr)
|
|
return CURLE_OUT_OF_MEMORY;
|
|
|
|
user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
|
|
if(!user.const_tchar_ptr)
|
|
user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));
|
|
|
|
if(user.tchar_ptr) {
|
|
domain.tchar_ptr = useranddomain.tchar_ptr;
|
|
domlen = user.tchar_ptr - useranddomain.tchar_ptr;
|
|
user.tchar_ptr++;
|
|
}
|
|
else {
|
|
user.tchar_ptr = useranddomain.tchar_ptr;
|
|
domain.const_tchar_ptr = TEXT("");
|
|
domlen = 0;
|
|
}
|
|
|
|
/* Setup the identity's user and length */
|
|
dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
|
|
if(!dup_user.tchar_ptr) {
|
|
curlx_unicodefree(useranddomain.tchar_ptr);
|
|
return CURLE_OUT_OF_MEMORY;
|
|
}
|
|
identity->User = dup_user.tbyte_ptr;
|
|
identity->UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
|
|
dup_user.tchar_ptr = NULL;
|
|
|
|
/* Setup the identity's domain and length */
|
|
dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
|
|
if(!dup_domain.tchar_ptr) {
|
|
curlx_unicodefree(useranddomain.tchar_ptr);
|
|
return CURLE_OUT_OF_MEMORY;
|
|
}
|
|
_tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
|
|
*(dup_domain.tchar_ptr + domlen) = TEXT('\0');
|
|
identity->Domain = dup_domain.tbyte_ptr;
|
|
identity->DomainLength = curlx_uztoul(domlen);
|
|
dup_domain.tchar_ptr = NULL;
|
|
|
|
curlx_unicodefree(useranddomain.tchar_ptr);
|
|
|
|
/* Setup the identity's password and length */
|
|
passwd.tchar_ptr = curlx_convert_UTF8_to_tchar(passwdp);
|
|
if(!passwd.tchar_ptr)
|
|
return CURLE_OUT_OF_MEMORY;
|
|
dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
|
|
if(!dup_passwd.tchar_ptr) {
|
|
curlx_unicodefree(passwd.tchar_ptr);
|
|
return CURLE_OUT_OF_MEMORY;
|
|
}
|
|
identity->Password = dup_passwd.tbyte_ptr;
|
|
identity->PasswordLength = curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
|
|
dup_passwd.tchar_ptr = NULL;
|
|
|
|
curlx_unicodefree(passwd.tchar_ptr);
|
|
|
|
/* Setup the identity's flags */
|
|
identity->Flags = SECFLAG_WINNT_AUTH_IDENTITY;
|
|
|
|
return CURLE_OK;
|
|
}
|
|
|
|
/*
|
|
* Curl_sspi_free_identity()
|
|
*
|
|
* This is used to free the contents of a SSPI identifier structure.
|
|
*
|
|
* Parameters:
|
|
*
|
|
* identity [in/out] - The identity structure.
|
|
*/
|
|
void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity)
|
|
{
|
|
if(identity) {
|
|
Curl_safefree(identity->User);
|
|
Curl_safefree(identity->Password);
|
|
Curl_safefree(identity->Domain);
|
|
}
|
|
}
|
|
|
|
#endif /* USE_WINDOWS_SSPI */
|