From: Amos Jeffries Date: Wed, 28 Jun 2023 21:14:28 +0000 (+0000) Subject: Update libsspwin32 (#1348) X-Git-Tag: SQUID_7_0_1~413 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b9ce9676475028c99e057770f4b6321e51f41d4f;p=thirdparty%2Fsquid.git Update libsspwin32 (#1348) Move library files to lib/sspi/ for better modularity. Add SQUID_CHECK_WIN32_SSPI autoconf test for dependency checking by helpers. Add missing HAVE_FOO_H wrappers around includes. Fixes Squid coding style compliance. Remove unnecessary __cplusplus protections. Remove many redundant includes from helpers code. Remove CygWin hack which is unreachable with precompiler conditions. Fix several structure initialization compiler errors. --- diff --git a/acinclude/win32-sspi.m4 b/acinclude/win32-sspi.m4 new file mode 100644 index 0000000000..36ada85337 --- /dev/null +++ b/acinclude/win32-sspi.m4 @@ -0,0 +1,36 @@ +## Copyright (C) 1996-2023 The Squid Software Foundation and contributors +## +## Squid software is distributed under GPLv2+ license and includes +## contributions from numerous individuals and organizations. +## Please see the COPYING and CONTRIBUTORS files for details. +## + +# Checks whether the Windows SSPI requirements are available and work. +# Sets squid_cv_win32_sspi to "yes" or "no". +# The argument is the commands to run on success. +AC_DEFUN([SQUID_CHECK_WIN32_SSPI],[ + AC_CHECK_HEADERS([w32api/windows.h windows.h],[ + squid_cv_win32_sspi=yes + # optional headers + AC_CHECK_HEADERS([wchar.h tchar.h]) + # required headers + AC_CHECK_HEADERS([ntsecapi.h security.h sspi.h],,[squid_cv_win32_sspi=no],[ +#define SECURITY_WIN32 +#if HAVE_WINDOWS_H +#include +#elif HAVE_W32API_WINDOWS_H +#include +#endif +#if HAVE_NTSECAPI_H +#include +#endif +#if HAVE_SECURITY_H +#include +#endif +#if HAVE_SSPI_H +#include +#endif + ]) + ]) + AS_IF([test "x$squid_cv_win32_sspi" = "xyes"],[$1]) +]) diff --git a/configure.ac b/configure.ac index 128c7b2503..df97988bab 100644 --- a/configure.ac +++ b/configure.ac @@ -28,6 +28,7 @@ m4_include([acinclude/pkg.m4]) m4_include([acinclude/tdb.m4]) m4_include([acinclude/lib-checks.m4]) m4_include([acinclude/ax_cxx_compile_stdcxx.m4]) +m4_include([acinclude/win32-sspi.m4]) PRESET_CFLAGS="$CFLAGS" PRESET_CXXFLAGS="$CXXFLAGS" @@ -2032,6 +2033,7 @@ SQUID_DEFINE_BOOL(USE_AUTH,$enable_auth,[Enable support for authentication]) AM_CONDITIONAL(ENABLE_AUTH, test "x$enable_auth" != "xno") AUTH_MODULES="" require_smblib="no" +require_sspi="no" AC_ARG_ENABLE(auth-basic, AS_HELP_STRING([--enable-auth-basic="list of helpers"], @@ -2092,6 +2094,7 @@ done AC_SUBST(AUTH_MODULES) AC_SUBST(AUTH_LIBS_TO_BUILD) AM_CONDITIONAL(ENABLE_SMBLIB, test "x$require_smblib" = "xyes") +AM_CONDITIONAL(ENABLE_SSPI, test "x$require_sspi" = "xyes") dnl Select logging daemon helpers to build AC_ARG_ENABLE(log-daemon-helpers, @@ -3080,6 +3083,7 @@ AC_CONFIG_FILES([ lib/rfcnb/Makefile lib/smblib/Makefile lib/snmplib/Makefile + lib/sspi/Makefile scripts/Makefile src/Makefile src/acl/Makefile diff --git a/lib/Makefile.am b/lib/Makefile.am index 976cdae2ac..edcb0de81a 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -16,6 +16,9 @@ endif if ENABLE_SNMP SUBDIRS += snmplib endif +if ENABLE_SSPI +SUBDIRS += sspi +endif install: all install-strip: all @@ -25,16 +28,6 @@ noinst_LTLIBRARIES = \ libmisccontainers.la \ libmiscutil.la -# -# Some libraries are only available on Windows -# and others are unable to be built. -# -if ENABLE_WIN32SPECIFIC -noinst_LTLIBRARIES += libsspwin32.la -libsspwin32_la_SOURCES = sspwin32.cc -else -EXTRA_DIST += sspwin32.cc -endif if ENABLE_SMBLIB # smblib is the only user of the rfcnb library SUBDIRS += rfcnb smblib diff --git a/lib/sspi/Makefile.am b/lib/sspi/Makefile.am new file mode 100644 index 0000000000..cfd3453426 --- /dev/null +++ b/lib/sspi/Makefile.am @@ -0,0 +1,15 @@ +## Copyright (C) 1996-2023 The Squid Software Foundation and contributors +## +## Squid software is distributed under GPLv2+ license and includes +## contributions from numerous individuals and organizations. +## Please see the COPYING and CONTRIBUTORS files for details. +## + +include $(top_srcdir)/src/Common.am +include $(top_srcdir)/src/TestHeaders.am + +noinst_LTLIBRARIES = libsspwin32.la + +libsspwin32_la_SOURCES = \ + sspwin32.cc \ + sspwin32.h diff --git a/lib/sspwin32.cc b/lib/sspi/sspwin32.cc similarity index 88% rename from lib/sspwin32.cc rename to lib/sspi/sspwin32.cc index d7f092fffa..3006809bb6 100644 --- a/lib/sspwin32.cc +++ b/lib/sspi/sspwin32.cc @@ -8,10 +8,28 @@ #include "squid.h" #include "base64.h" +#if HAVE_AUTH_MODULE_NTLM #include "ntlmauth/ntlmauth.h" -#include "sspwin32.h" +#endif +#include "sspi/sspwin32.h" #include "util.h" +// FARPROC is an exception on Windows to the -Wcast-function-type sanity check. +// suppress the warning only when casting FARPROC +template +T +farproc_cast(FARPROC in) +{ +#if defined(__GNUC__) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wcast-function-type" + return reinterpret_cast(in); +#pragma GCC diagnostic pop +#else + return reinterpret_cast(in); +#endif +} + typedef struct _AUTH_SEQ { BOOL fInitialized; BOOL fHaveCredHandle; @@ -34,10 +52,12 @@ static DWORD cbMaxToken = 0; static uint8_t * pClientBuf = NULL; static uint8_t * pServerBuf = NULL; -static AUTH_SEQ NTLM_asServer = {0}; +static AUTH_SEQ NTLM_asServer = {}; BOOL Use_Unicode = FALSE; +#if HAVE_AUTH_MODULE_NTLM BOOL NTLM_LocalCall = FALSE; +#endif /* Function pointers */ ACCEPT_SECURITY_CONTEXT_FN _AcceptSecurityContext = NULL; @@ -111,59 +131,50 @@ HMODULE LoadSecurityDll(int mode, const char * SSP_Package) hModule = LoadLibrary(lpszDLL); if (!hModule) return hModule; - _AcceptSecurityContext = (ACCEPT_SECURITY_CONTEXT_FN) - GetProcAddress(hModule, "AcceptSecurityContext"); + _AcceptSecurityContext = farproc_cast(GetProcAddress(hModule, "AcceptSecurityContext")); if (!_AcceptSecurityContext) { UnloadSecurityDll(); hModule = NULL; return hModule; } #ifdef UNICODE - _AcquireCredentialsHandle = (ACQUIRE_CREDENTIALS_HANDLE_FN) - GetProcAddress(hModule, "AcquireCredentialsHandleW"); + _AcquireCredentialsHandle = farproc_cast(GetProcAddress(hModule, "AcquireCredentialsHandleW")); #else - _AcquireCredentialsHandle = (ACQUIRE_CREDENTIALS_HANDLE_FN) - GetProcAddress(hModule, "AcquireCredentialsHandleA"); + _AcquireCredentialsHandle = farproc_cast(GetProcAddress(hModule, "AcquireCredentialsHandleA")); #endif if (!_AcquireCredentialsHandle) { UnloadSecurityDll(); hModule = NULL; return hModule; } - _CompleteAuthToken = (COMPLETE_AUTH_TOKEN_FN) - GetProcAddress(hModule, "CompleteAuthToken"); + _CompleteAuthToken = farproc_cast(GetProcAddress(hModule, "CompleteAuthToken")); if (!_CompleteAuthToken) { UnloadSecurityDll(); hModule = NULL; return hModule; } - _DeleteSecurityContext = (DELETE_SECURITY_CONTEXT_FN) - GetProcAddress(hModule, "DeleteSecurityContext"); + _DeleteSecurityContext = farproc_cast(GetProcAddress(hModule, "DeleteSecurityContext")); if (!_DeleteSecurityContext) { UnloadSecurityDll(); hModule = NULL; return hModule; } - _FreeContextBuffer = (FREE_CONTEXT_BUFFER_FN) - GetProcAddress(hModule, "FreeContextBuffer"); + _FreeContextBuffer = farproc_cast(GetProcAddress(hModule, "FreeContextBuffer")); if (!_FreeContextBuffer) { UnloadSecurityDll(); hModule = NULL; return hModule; } - _FreeCredentialsHandle = (FREE_CREDENTIALS_HANDLE_FN) - GetProcAddress(hModule, "FreeCredentialsHandle"); + _FreeCredentialsHandle = farproc_cast(GetProcAddress(hModule, "FreeCredentialsHandle")); if (!_FreeCredentialsHandle) { UnloadSecurityDll(); hModule = NULL; return hModule; } #ifdef UNICODE - _InitializeSecurityContext = (INITIALIZE_SECURITY_CONTEXT_FN) - GetProcAddress(hModule, "InitializeSecurityContextW"); + _InitializeSecurityContext = farproc_cast(GetProcAddress(hModule, "InitializeSecurityContextW")); #else - _InitializeSecurityContext = (INITIALIZE_SECURITY_CONTEXT_FN) - GetProcAddress(hModule, "InitializeSecurityContextA"); + _InitializeSecurityContext = farproc_cast(GetProcAddress(hModule, "InitializeSecurityContextA")); #endif if (!_InitializeSecurityContext) { UnloadSecurityDll(); @@ -171,11 +182,9 @@ HMODULE LoadSecurityDll(int mode, const char * SSP_Package) return hModule; } #ifdef UNICODE - _QuerySecurityPackageInfo = (QUERY_SECURITY_PACKAGE_INFO_FN) - GetProcAddress(hModule, "QuerySecurityPackageInfoW"); + _QuerySecurityPackageInfo = farproc_cast(GetProcAddress(hModule, "QuerySecurityPackageInfoW")); #else - _QuerySecurityPackageInfo = (QUERY_SECURITY_PACKAGE_INFO_FN) - GetProcAddress(hModule, "QuerySecurityPackageInfoA"); + _QuerySecurityPackageInfo = farproc_cast(GetProcAddress(hModule, "QuerySecurityPackageInfoA")); #endif if (!_QuerySecurityPackageInfo) { UnloadSecurityDll(); @@ -183,11 +192,9 @@ HMODULE LoadSecurityDll(int mode, const char * SSP_Package) } #ifdef UNICODE - _QueryContextAttributes = (QUERY_CONTEXT_ATTRIBUTES_FN_W) - GetProcAddress(hModule, "QueryContextAttributesW"); + _QueryContextAttributes = farproc_cast(GetProcAddress(hModule, "QueryContextAttributesW")); #else - _QueryContextAttributes = (QUERY_CONTEXT_ATTRIBUTES_FN_A) - GetProcAddress(hModule, "QueryContextAttributesA"); + _QueryContextAttributes = farproc_cast(GetProcAddress(hModule, "QueryContextAttributesA")); #endif if (!_QueryContextAttributes) { UnloadSecurityDll(); @@ -382,8 +389,8 @@ BOOL GenServerContext(PAUTH_SEQ pAS, PVOID pIn, DWORD cbIn, PVOID pOut, BOOL WINAPI SSP_LogonUser(PTSTR szUser, PTSTR szPassword, PTSTR szDomain) { - AUTH_SEQ asServer = {0}; - AUTH_SEQ asClient = {0}; + AUTH_SEQ asServer = {}; + AUTH_SEQ asClient = {}; BOOL fDone = FALSE; BOOL fResult = FALSE; DWORD cbOut = 0; @@ -455,6 +462,7 @@ BOOL WINAPI SSP_LogonUser(PTSTR szUser, PTSTR szPassword, PTSTR szDomain) return fResult; } +#if HAVE_AUTH_MODULE_NTLM const char * WINAPI SSP_MakeChallenge(PVOID PNegotiateBuf, int NegotiateLen) { BOOL fDone = FALSE; @@ -526,7 +534,9 @@ BOOL WINAPI SSP_ValidateNTLMCredentials(PVOID PAutenticateBuf, int AutenticateLe return fResult; } +#endif /* HAVE_AUTH_MODULE_NTLM */ +#if HAVE_AUTH_MODULE_NEGOTIATE const char * WINAPI SSP_MakeNegotiateBlob(PVOID PNegotiateBuf, int NegotiateLen, PBOOL fDone, int * Status, char * credentials) { DWORD cbOut = 0; @@ -602,4 +612,4 @@ const char * WINAPI SSP_ValidateNegotiateCredentials(PVOID PAutenticateBuf, int } return NULL; } - +#endif /* HAVE_AUTH_MODULE_NEGOTIATE */ diff --git a/include/sspwin32.h b/lib/sspi/sspwin32.h similarity index 86% rename from include/sspwin32.h rename to lib/sspi/sspwin32.h index d61050065f..750082eff0 100644 --- a/include/sspwin32.h +++ b/lib/sspi/sspwin32.h @@ -14,26 +14,25 @@ #ifndef _LIBSSPWIN32_H_ #define _LIBSSPWIN32_H_ -#if _SQUID_WINDOWS_ - -#if defined(__cplusplus) -extern "C" { -#endif - #define SECURITY_WIN32 #define NTLM_PACKAGE_NAME "NTLM" #define NEGOTIATE_PACKAGE_NAME "Negotiate" -#if _SQUID_CYGWIN_ -#include -#define _T(x) TEXT(x) -#else +#if HAVE_TCHAR_H #include #endif +#if HAVE_WINDOWS_H #include +#endif +#if HAVE_NTSECAPI_H #include +#endif +#if HAVE_SECURITY_H #include +#endif +#if HAVE_SSPI_H #include +#endif typedef char * SSP_blobP; @@ -52,19 +51,21 @@ typedef char * SSP_blobP; HMODULE LoadSecurityDll(int, const char *); void UnloadSecurityDll(void); + +#if HAVE_AUTH_MODULE_BASIC BOOL WINAPI SSP_LogonUser(PTSTR, PTSTR, PTSTR); -BOOL WINAPI SSP_ValidateNTLMCredentials(PVOID, int, char *); -const char * WINAPI SSP_ValidateNegotiateCredentials(PVOID, int, PBOOL, int *, char *); -const char * WINAPI SSP_MakeChallenge(PVOID, int); -const char * WINAPI SSP_MakeNegotiateBlob(PVOID, int, PBOOL, int *, char *); +#endif -extern BOOL Use_Unicode; +#if HAVE_AUTH_MODULE_NTLM +const char * WINAPI SSP_MakeChallenge(PVOID, int); +BOOL WINAPI SSP_ValidateNTLMCredentials(PVOID, int, char *); extern BOOL NTLM_LocalCall; +#endif -#if defined(__cplusplus) -} +#if HAVE_AUTH_MODULE_NEGOTIATE +const char * WINAPI SSP_MakeNegotiateBlob(PVOID, int, PBOOL, int *, char *); +const char * WINAPI SSP_ValidateNegotiateCredentials(PVOID, int, PBOOL, int *, char *); #endif -#endif /* _SQUID_WINDOWS_ */ #endif /* LIBSSPWIN32_H_ */ diff --git a/src/auth/basic/SSPI/Makefile.am b/src/auth/basic/SSPI/Makefile.am index b60423f5a3..e454808b18 100644 --- a/src/auth/basic/SSPI/Makefile.am +++ b/src/auth/basic/SSPI/Makefile.am @@ -7,9 +7,7 @@ include $(top_srcdir)/src/Common.am -if ENABLE_WIN32SPECIFIC libexec_PROGRAMS = basic_sspi_auth -endif basic_sspi_auth_SOURCES = \ basic_sspi_auth.cc \ @@ -19,7 +17,7 @@ basic_sspi_auth_CXXFLAGS = \ $(AM_CXXFLAGS) \ -Wl,--enable-auto-import basic_sspi_auth_LDADD = \ - $(top_builddir)/lib/libsspwin32.la \ + $(top_builddir)/lib/sspi/libsspwin32.la \ $(top_builddir)/lib/libmiscencoding.la \ $(COMPAT_LIB) \ -lnetapi32 -ladvapi32 \ diff --git a/src/auth/basic/SSPI/required.m4 b/src/auth/basic/SSPI/required.m4 index da72a14d8c..98282af070 100755 --- a/src/auth/basic/SSPI/required.m4 +++ b/src/auth/basic/SSPI/required.m4 @@ -5,5 +5,7 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -# Only build this helper on Windows -AC_CHECK_HEADERS([w32api/windows.h windows.h],[BUILD_HELPER="SSPI"]) +SQUID_CHECK_WIN32_SSPI([ + BUILD_HELPER="SSPI" + require_sspi="yes" +]) diff --git a/src/auth/basic/SSPI/valid.h b/src/auth/basic/SSPI/valid.h index 3ba0d49988..f852337522 100644 --- a/src/auth/basic/SSPI/valid.h +++ b/src/auth/basic/SSPI/valid.h @@ -36,11 +36,8 @@ #ifndef _VALID_H_ #define _VALID_H_ -#include "sspwin32.h" +#include "sspi/sspwin32.h" -#if HAVE_WINDOWS_H -#include -#endif #include #include #undef debug diff --git a/src/auth/negotiate/SSPI/Makefile.am b/src/auth/negotiate/SSPI/Makefile.am index bc1c327ad3..beb23f5241 100644 --- a/src/auth/negotiate/SSPI/Makefile.am +++ b/src/auth/negotiate/SSPI/Makefile.am @@ -14,7 +14,7 @@ man_MANS = negotiate_sspi_auth.8 negotiate_sspi_auth_SOURCES = \ negotiate_sspi_auth.cc negotiate_sspi_auth_LDADD = \ - $(top_builddir)/lib/libsspwin32.la \ + $(top_builddir)/lib/sspi/libsspwin32.la \ $(top_builddir)/lib/libmiscencoding.la \ $(COMPAT_LIB) \ -ladvapi32 \ diff --git a/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc b/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc index 77a3f238e0..d88d7a541e 100644 --- a/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc +++ b/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc @@ -48,16 +48,13 @@ #include "helper/protocol_defines.h" #include "ntlmauth/ntlmauth.h" #include "ntlmauth/support_bits.cci" -#include "sspwin32.h" +#include "sspi/sspwin32.h" #include "util.h" #include #if HAVE_GETOPT_H #include #endif -#include -#include -#include int Negotiate_packet_debug_enabled = 0; static int have_serverblob; diff --git a/src/auth/negotiate/SSPI/required.m4 b/src/auth/negotiate/SSPI/required.m4 index 72b4a71518..98282af070 100755 --- a/src/auth/negotiate/SSPI/required.m4 +++ b/src/auth/negotiate/SSPI/required.m4 @@ -5,7 +5,7 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -# -# Only build this helper on Windows -# -AC_CHECK_HEADERS([w32api/windows.h windows.h],[BUILD_HELPER="SSPI"]) +SQUID_CHECK_WIN32_SSPI([ + BUILD_HELPER="SSPI" + require_sspi="yes" +]) diff --git a/src/auth/ntlm/SSPI/Makefile.am b/src/auth/ntlm/SSPI/Makefile.am index 82754c997c..d9d1b603cb 100644 --- a/src/auth/ntlm/SSPI/Makefile.am +++ b/src/auth/ntlm/SSPI/Makefile.am @@ -13,7 +13,7 @@ libexec_PROGRAMS= ntlm_sspi_auth ntlm_sspi_auth_SOURCES = ntlm_sspi_auth.cc ntlm_sspi_auth_LDADD= \ $(top_builddir)/lib/ntlmauth/libntlmauth.la \ - $(top_builddir)/lib/libsspwin32.la \ + $(top_builddir)/lib/sspi/libsspwin32.la \ $(top_builddir)/lib/libmiscencoding.la \ $(COMPAT_LIB) \ -lnetapi32 \ diff --git a/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc b/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc index 701d7ebca3..85e2cb670c 100644 --- a/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc +++ b/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc @@ -76,18 +76,14 @@ #include "helper/protocol_defines.h" #include "ntlmauth/ntlmauth.h" #include "ntlmauth/support_bits.cci" -#include "sspwin32.h" +#include "sspi/sspwin32.h" #include "util.h" #include #include -#include -#include -#include #if HAVE_GETOPT_H #include #endif -#include int NTLM_packet_debug_enabled = 0; static int have_challenge; diff --git a/src/auth/ntlm/SSPI/required.m4 b/src/auth/ntlm/SSPI/required.m4 index 72b4a71518..98282af070 100755 --- a/src/auth/ntlm/SSPI/required.m4 +++ b/src/auth/ntlm/SSPI/required.m4 @@ -5,7 +5,7 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -# -# Only build this helper on Windows -# -AC_CHECK_HEADERS([w32api/windows.h windows.h],[BUILD_HELPER="SSPI"]) +SQUID_CHECK_WIN32_SSPI([ + BUILD_HELPER="SSPI" + require_sspi="yes" +])