archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/inetcore/winhttp/v5/auth/plug.cxx

659 lines
20 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. #include <wininetp.h>
  2. #include <splugin.hxx>
  3. #include "auth.h"
  4. #include "sspspm.h"
  5. #include "winctxt.h"
  7. extern SspData *g_pSspData;
  8. /*-----------------------------------------------------------------------------
  9. PLUG_CTX
  10. -----------------------------------------------------------------------------*/
  12. /*---------------------------------------------------------------------------
  13. Load
  14. ---------------------------------------------------------------------------*/
  15. DWORD PLUG_CTX::Load()
  16. {
  17. INET_ASSERT(_pSPMData == _pCreds->pSPM);
  19. DWORD_PTR dwAuthCode = 0;
  21. dwAuthCode = SSPI_InitScheme (GetScheme());
  23. if (!dwAuthCode)
  24. {
  25. _pSPMData->eState = STATE_ERROR;
  26. return ERROR_WINHTTP_INTERNAL_ERROR;
  27. }
  29. _pSPMData->eState = STATE_LOADED;
  30. return ERROR_SUCCESS;
  31. }
  34. /*---------------------------------------------------------------------------
  35. ClearAuthUser
  36. ---------------------------------------------------------------------------*/
  37. DWORD PLUG_CTX::ClearAuthUser(LPVOID *ppvContext, LPSTR szServer)
  38. {
  39. if (GetState() == AUTHCTX::STATE_LOADED)
  40. {
  41. __try
  42. {
  43. UnloadAuthenticateUser(ppvContext, szServer, GetScheme());
  44. }
  45. __except (EXCEPTION_EXECUTE_HANDLER)
  46. {
  47. DEBUG_PRINT(HTTP, ERROR,
  48. ("UnloadAuthenticateUser call down faulted\n"));
  49. }
  50. ENDEXCEPT
  51. }
  52. *ppvContext = 0;
  53. return ERROR_SUCCESS;
  54. }
  56. /*-----------------------------------------------------------------------------
  57. wQueryHeadersAlloc
  59. Routine Description:
  61. Allocates a HTTP Header String, and queries the HTTP handle for it.
  63. Arguments:
  65. hRequestMapped - An open HTTP request handle
  66. where headers can be quiered
  67. dwQuery - The Query Type to pass to HttpQueryHeaders
  68. lpdwQueryIndex - The Index of the header to pass to HttpQueryHeaders,
  69. make sure to inialize to 0.
  70. lppszOutStr - On success, a pointer to Allocated string with header string,
  71. lpdwSize - size of the string returned in lppszOutStr
  73. Return Value:
  75. DWORD
  76. Success - ERROR_SUCCESS
  78. Failure - One of Several Error codes defined in winerror.h or wininet.w
  80. Comments:
  82. On Error, lppszOutStr may still contain an allocated string that will need to be
  83. freed.
  84. -----------------------------------------------------------------------------*/
  85. DWORD PLUG_CTX::wQueryHeadersAlloc
  86. (
  87. IN HINTERNET hRequestMapped,
  88. IN DWORD dwQuery,
  89. OUT LPDWORD lpdwQueryIndex,
  90. OUT LPSTR *lppszOutStr,
  91. OUT LPDWORD lpdwSize
  92. )
  93. {
  94. LPSTR lpszRawHeaderBuf = NULL;
  95. DWORD dwcbRawHeaderBuf = 0;
  96. DWORD error;
  97. DWORD length;
  98. HTTP_REQUEST_HANDLE_OBJECT * pHttpRequest;
  100. INET_ASSERT(lppszOutStr);
  101. INET_ASSERT(hRequestMapped);
  102. INET_ASSERT(lpdwSize);
  103. INET_ASSERT((dwQuery & HTTP_QUERY_HEADER_MASK) != HTTP_QUERY_CUSTOM);
  105. *lppszOutStr = NULL;
  106. error = ERROR_SUCCESS;
  107. pHttpRequest = (HTTP_REQUEST_HANDLE_OBJECT *) hRequestMapped;
  109. // Attempt to determine whether our header is there.
  110. length = 0;
  111. if (pHttpRequest->QueryInfo(dwQuery, NULL, NULL, &length, lpdwQueryIndex)
  112. != ERROR_INSUFFICIENT_BUFFER)
  113. {
  114. // no authentication happening, we're done
  115. error = ERROR_HTTP_HEADER_NOT_FOUND;
  116. goto quit;
  117. }
  119. // Allocate a Fixed Size Buffer
  120. lpszRawHeaderBuf = (LPSTR) ALLOCATE_MEMORY(LPTR, length);
  121. dwcbRawHeaderBuf = length;
  123. if ( lpszRawHeaderBuf == NULL )
  124. {
  125. error = ERROR_NOT_ENOUGH_MEMORY;
  126. goto quit;
  127. }
  129. error = pHttpRequest->QueryInfo
  130. (dwQuery, NULL, lpszRawHeaderBuf, &dwcbRawHeaderBuf, lpdwQueryIndex);
  132. INET_ASSERT(error != ERROR_INSUFFICIENT_BUFFER );
  133. INET_ASSERT(error != ERROR_HTTP_HEADER_NOT_FOUND );
  135. quit:
  137. if ( error != ERROR_SUCCESS )
  138. {
  139. dwcbRawHeaderBuf = 0;
  141. if ( lpszRawHeaderBuf )
  142. *lpszRawHeaderBuf = '\0';
  143. }
  145. *lppszOutStr = lpszRawHeaderBuf;
  146. *lpdwSize = dwcbRawHeaderBuf;
  148. return error;
  149. }
  151. /*-----------------------------------------------------------------------------
  152. CrackAuthenticationHeader
  154. Routine Description:
  156. Attempts to decode a HTTP 1.1 Authentication header into its
  157. components.
  159. Arguments:
  161. hRequestMapped - Mapped Request handle
  162. fIsProxy - Whether proxy or server auth
  163. lpdwAuthenticationIndex - Index of current HTTP header. ( initally called with 0 )
  164. lppszAuthHeader - allocated pointer which should be freed by client
  165. lppszAuthScheme - Pointer to Authentication scheme string.
  166. lppszRealm - Pointer to Realm string,
  167. lpExtra - Pointer to any Extra String data in the header that is not
  168. part of the Realm
  169. lpdwExtra - Pointer to Size of Extra data.
  170. lppszAuthScheme
  172. Return Value:
  174. DWORD
  175. Success - ERROR_SUCCESS
  177. Failure - ERROR_NOT_ENOUGH_MEMORY,
  178. ERROR_HTTP_HEADER_NOT_FOUND
  180. Comments:
  181. -----------------------------------------------------------------------------*/
  182. DWORD PLUG_CTX::CrackAuthenticationHeader
  183. (
  184. IN HINTERNET hRequestMapped,
  185. IN BOOL fIsProxy,
  186. IN DWORD dwAuthenticationIndex,
  187. IN OUT LPSTR *lppszAuthHeader,
  188. IN OUT LPSTR *lppszExtra,
  189. IN OUT DWORD *lpdwExtra,
  190. OUT LPSTR *lppszAuthScheme
  191. )
  192. {
  193. DWORD error = ERROR_SUCCESS;
  195. LPSTR lpszAuthHeader = NULL;
  196. DWORD cbAuthHeader = 0;
  197. LPSTR lpszExtra = NULL;
  198. LPSTR lpszAuthScheme = NULL;
  200. LPDWORD lpdwAuthenticationIndex = &dwAuthenticationIndex;
  201. INET_ASSERT(lpdwExtra);
  202. INET_ASSERT(lppszExtra);
  203. INET_ASSERT(lpdwAuthenticationIndex);
  205. DWORD dwQuery = fIsProxy?
  206. HTTP_QUERY_PROXY_AUTHENTICATE : HTTP_QUERY_WWW_AUTHENTICATE;
  208. error = wQueryHeadersAlloc (hRequestMapped, dwQuery,
  209. lpdwAuthenticationIndex, &lpszAuthHeader, &cbAuthHeader);
  211. if ( error != ERROR_SUCCESS )
  212. {
  213. INET_ASSERT(*lpdwAuthenticationIndex
  214. || error == ERROR_HTTP_HEADER_NOT_FOUND );
  215. goto quit;
  216. }
  219. //
  220. // Parse Header for Scheme type
  221. //
  222. lpszAuthScheme = lpszAuthHeader;
  224. while ( *lpszAuthScheme == ' ' ) // strip spaces
  225. lpszAuthScheme++;
  227. lpszExtra = strchr(lpszAuthScheme, ' ');
  229. if (lpszExtra)
  230. *lpszExtra++ = '\0';
  232. if (lstrcmpi(GetScheme(), lpszAuthScheme))
  233. {
  234. DEBUG_PRINT(HTTP, ERROR,
  235. ("Authentication: HTTP Scheme has changed!: Scheme=%q\n",
  236. lpszAuthScheme));
  237. goto quit;
  239. }
  242. DEBUG_PRINT (HTTP, INFO,
  243. ("Authentication: found in headers: Scheme=%q, Extra=%q\n",
  244. lpszAuthScheme, lpszExtra));
  246. quit:
  247. *lppszExtra = lpszExtra;
  248. *lpdwExtra = lpszExtra ? lstrlen(lpszExtra) : 0;
  249. *lppszAuthHeader = lpszAuthHeader;
  250. *lppszAuthScheme = lpszAuthScheme;
  251. return error;
  252. }
  255. /*---------------------------------------------------------------------------
  256. ResolveProtocol
  257. ---------------------------------------------------------------------------*/
  258. VOID PLUG_CTX::ResolveProtocol()
  259. {
  260. SECURITY_STATUS ssResult;
  261. PWINCONTEXT pWinContext;
  262. SecPkgContext_NegotiationInfo SecPkgCtxtInfo;
  264. INET_ASSERT(GetSchemeType() == WINHTTP_AUTH_SCHEME_NEGOTIATE);
  266. SecPkgCtxtInfo.PackageInfo = NULL;
  268. // Call QueryContextAttributes on the context handle.
  269. pWinContext = (PWINCONTEXT) (_pvContext);
  270. ssResult = (*(g_pSspData->pFuncTbl->QueryContextAttributes))
  271. (pWinContext->pSspContextHandle, SECPKG_ATTR_NEGOTIATION_INFO, &SecPkgCtxtInfo);
  273. if (ssResult == SEC_E_OK
  274. && (SecPkgCtxtInfo.NegotiationState == SECPKG_NEGOTIATION_COMPLETE
  275. || (SecPkgCtxtInfo.NegotiationState == SECPKG_NEGOTIATION_OPTIMISTIC)))
  276. {
  277. // Resolve actual auth protocol from package name.
  278. // update both the auth context and Creds entry.
  279. if (!lstrcmpi(SecPkgCtxtInfo.PackageInfo->Name, "NTLM"))
  280. {
  281. _eSubScheme = WINHTTP_AUTH_SCHEME_NTLM;
  282. _dwSubFlags = PLUGIN_AUTH_FLAGS_NO_REALM;
  283. }
  284. else if (!lstrcmpi(SecPkgCtxtInfo.PackageInfo->Name, "Kerberos"))
  285. {
  286. _eSubScheme = WINHTTP_AUTH_SCHEME_KERBEROS;
  287. _dwSubFlags = PLUGIN_AUTH_FLAGS_KEEP_ALIVE_NOT_REQUIRED | PLUGIN_AUTH_FLAGS_NO_REALM;
  288. }
  290. // BUGBUG - This faults.
  291. //
  293. }
  295. if (SecPkgCtxtInfo.PackageInfo)
  296. {
  297. (*(g_pSspData->pFuncTbl->FreeContextBuffer))(SecPkgCtxtInfo.PackageInfo);
  298. }
  299. }
  302. /*---------------------------------------------------------------------------
  303. Constructor
  304. ---------------------------------------------------------------------------*/
  305. PLUG_CTX::PLUG_CTX(HTTP_REQUEST_HANDLE_OBJECT *pRequest, BOOL fIsProxy,
  306. SPMData *pSPM, AUTH_CREDS* pCreds)
  307. : AUTHCTX(pSPM, pCreds)
  308. {
  309. _fIsProxy = fIsProxy;
  310. _pRequest = pRequest;
  311. _szAlloc = NULL;
  312. _szData = NULL;
  313. _cbData = 0;
  314. _pRequest->SetAuthState(AUTHSTATE_NONE);
  315. _fNTLMProxyAuth = _fIsProxy && (GetSchemeType() == WINHTTP_AUTH_SCHEME_NTLM);
  317. _pszFQDN = NULL;
  318. }
  320. /*---------------------------------------------------------------------------
  321. Destructor
  322. ---------------------------------------------------------------------------*/
  323. PLUG_CTX::~PLUG_CTX()
  324. {
  325. if (GetState() == AUTHCTX::STATE_LOADED)
  326. {
  327. if (_pCreds)
  328. {
  329. if (_CtxCriSec.Lock())
  330. {
  331. ClearAuthUser(&_pvContext, _pCreds->lpszHost);
  333. _CtxCriSec.Unlock();
  334. }
  335. }
  336. }
  337. if (_pRequest)
  338. {
  339. _pRequest->SetAuthState(AUTHSTATE_NONE);
  340. }
  342. if (_pszFQDN)
  343. {
  344. FREE_MEMORY(_pszFQDN);
  345. }
  346. }
  349. /*---------------------------------------------------------------------------
  350. PreAuthUser
  351. ---------------------------------------------------------------------------*/
  352. DWORD PLUG_CTX::PreAuthUser(OUT LPSTR pBuf, IN OUT LPDWORD pcbBuf)
  353. {
  354. if (!_CtxCriSec.Lock())
  355. {
  356. return ERROR_NOT_ENOUGH_MEMORY;
  357. }
  359. INET_ASSERT(_pSPMData == _pCreds->pSPM);
  361. DWORD dwError;
  362. SECURITY_STATUS ssResult;
  364. // Make sure the auth provider is loaded.
  365. if (GetState() != AUTHCTX::STATE_LOADED)
  366. {
  367. if (GetState() != AUTHCTX::STATE_ERROR )
  368. Load();
  369. if (GetState() != AUTHCTX::STATE_LOADED)
  370. {
  371. dwError = ERROR_WINHTTP_INTERNAL_ERROR;
  372. goto exit;
  373. }
  374. }
  376. BOOL fCanUseLogon = _fIsProxy
  377. || _pRequest->SilentLogonOK(_pCreds->lpszHost);
  379. LPSTR lpszFQDN = GetFQDN(_pCreds->lpszHost);
  380. LPSTR lpszHostName = lpszFQDN ? lpszFQDN : _pCreds->lpszHost;
  382. __try
  383. {
  384. ssResult = SEC_E_INTERNAL_ERROR;
  385. dwError = PreAuthenticateUser(&_pvContext,
  386. lpszHostName,
  387. GetScheme(),
  388. fCanUseLogon,
  389. 0, // dwFlags
  390. pBuf,
  391. pcbBuf,
  392. _pCreds->lpszUser,
  393. _pCreds->lpszPass,
  394. &ssResult);
  397. // Transit to the correct auth state.
  398. if (ssResult == SEC_E_OK || ssResult == SEC_I_CONTINUE_NEEDED)
  399. {
  400. if (GetSchemeType() == WINHTTP_AUTH_SCHEME_NEGOTIATE)
  401. ResolveProtocol();
  403. // Kerberos + SEC_E_OK or SEC_I_CONTINUE_NEEDED transits to challenge.
  404. // Negotiate does not transit to challenge.
  405. // Any other protocol + SEC_E_OK only transits to challenge.
  406. if ((GetSchemeType() == WINHTTP_AUTH_SCHEME_KERBEROS
  407. && (ssResult == SEC_E_OK || ssResult == SEC_I_CONTINUE_NEEDED))
  408. || (GetSchemeType() != WINHTTP_AUTH_SCHEME_NEGOTIATE && ssResult == SEC_E_OK))
  409. {
  410. _pRequest->SetAuthState(AUTHSTATE_CHALLENGE);
  411. }
  412. }
  413. }
  415. __except(EXCEPTION_EXECUTE_HANDLER)
  416. {
  417. DEBUG_PRINT (HTTP, ERROR, ("preAuthenticateUser call down faulted\n"));
  418. _pSPMData->eState = STATE_ERROR;
  419. dwError = ERROR_WINHTTP_INTERNAL_ERROR;
  420. }
  422. ENDEXCEPT
  424. exit:
  425. _CtxCriSec.Unlock();
  426. return dwError;
  427. }
  430. /*---------------------------------------------------------------------------
  431. UpdateFromHeaders
  432. ---------------------------------------------------------------------------*/
  433. DWORD PLUG_CTX::UpdateFromHeaders(HTTP_REQUEST_HANDLE_OBJECT *pRequest, BOOL fIsProxy)
  434. {
  435. DWORD dwError, cbExtra, dwAuthIdx;
  436. LPSTR szAuthHeader, szExtra, szScheme;
  438. // Get the auth header index corresponding to the scheme of this ctx.
  439. if ((dwError = FindHdrIdxFromScheme(&dwAuthIdx)) != ERROR_SUCCESS)
  440. goto quit;
  442. // Get the scheme and any extra data.
  443. if ((dwError = CrackAuthenticationHeader(pRequest, fIsProxy, dwAuthIdx,
  444. &szAuthHeader, &szExtra, &cbExtra, &szScheme)) != ERROR_SUCCESS)
  445. goto quit;
  447. if (!cbExtra)
  448. _pRequest->SetAuthState(AUTHSTATE_NEGOTIATE);
  450. // Check if auth scheme requires keep-alive.
  451. if (!(GetFlags() & PLUGIN_AUTH_FLAGS_KEEP_ALIVE_NOT_REQUIRED))
  452. {
  453. // if in negotiate phase check if we are going via proxy.
  454. if (pRequest->GetAuthState() == AUTHSTATE_NEGOTIATE)
  455. {
  456. // BUGBUG: if via proxy, we are not going to get keep-alive
  457. // connection to the server. It would be nice if we knew
  458. // a priori the whether proxy would allow us to tunnel to
  459. // http port on the server. Otherwise if we try and fail,
  460. // we look bad vs. other browsers who are ignorant of ntlm
  461. // and fall back to basic.
  462. CHAR szBuffer[64];
  463. DWORD dwBufferLength = sizeof(szBuffer);
  464. DWORD dwIndex = 0;
  465. BOOL fSessionBasedAuth = FALSE;
  466. if (pRequest->QueryResponseHeader(HTTP_QUERY_PROXY_SUPPORT,
  467. szBuffer, &dwBufferLength,
  468. 0, &dwIndex) == ERROR_SUCCESS)
  469. {
  470. if (!_stricmp(szBuffer, "Session-Based-Authentication"))
  471. {
  472. fSessionBasedAuth = TRUE;
  473. }
  474. }
  475. if (!fIsProxy && pRequest->IsRequestUsingProxy()
  476. && !pRequest->IsTalkingToSecureServerViaProxy() && !fSessionBasedAuth)
  477. {
  478. // Ignore NTLM via proxy since we won't get k-a to server.
  479. dwError = ERROR_HTTP_HEADER_NOT_FOUND;
  480. goto quit;
  481. }
  482. }
  484. // Else if in challenge phase, we require a persistent connection.
  485. else
  486. {
  487. // If we don't have a keep-alive connection ...
  488. if (!(pRequest->IsPersistentConnection (fIsProxy)))
  489. {
  490. dwError = ERROR_HTTP_HEADER_NOT_FOUND;
  491. goto quit;
  492. }
  493. }
  495. } // end if keep-alive required
  497. quit:
  499. if (dwError == ERROR_SUCCESS)
  500. {
  501. // If no password cache is set in the auth context,
  502. // find or create one and set it in the handle.
  503. if (!_pCreds)
  504. {
  505. _pCreds = CreateCreds(pRequest, fIsProxy, _pSPMData, NULL);
  507. if (!_pCreds)
  508. {
  509. INET_ASSERT(FALSE);
  510. dwError = ERROR_WINHTTP_INTERNAL_ERROR;
  511. }
  512. else
  513. {
  514. INET_ASSERT(_pCreds->pSPM == _pSPMData);
  515. }
  516. }
  517. }
  519. if (dwError == ERROR_SUCCESS)
  520. {
  521. // Point to allocated data.
  522. _szAlloc = szAuthHeader;
  523. _szData = szExtra;
  524. _cbData = cbExtra;
  525. }
  526. else
  527. {
  528. // Free allocated data.
  529. if (_szAlloc)
  530. delete _szAlloc;
  531. _szAlloc = NULL;
  532. _szData = NULL;
  533. _cbData = 0;
  534. }
  536. // Return of non-success will cancel auth session.
  537. return dwError;
  538. }
  542. /*---------------------------------------------------------------------------
  543. PostAuthUser
  544. ---------------------------------------------------------------------------*/
  545. DWORD PLUG_CTX::PostAuthUser()
  546. {
  547. if (!_CtxCriSec.Lock())
  548. {
  549. return ERROR_NOT_ENOUGH_MEMORY;
  550. }
  552. INET_ASSERT(_pSPMData == _pCreds->pSPM);
  553. DWORD dwError;
  555. // Make sure the auth provider is loaded.
  556. if (GetState() != AUTHCTX::STATE_LOADED)
  557. {
  558. if (GetState() != AUTHCTX::STATE_ERROR )
  559. Load();
  560. if (GetState() != AUTHCTX::STATE_LOADED)
  561. {
  562. dwError = ERROR_WINHTTP_INTERNAL_ERROR;
  563. goto exit;
  564. }
  565. }
  567. BOOL fCanUseLogon = _fIsProxy
  568. || _pRequest->SilentLogonOK(_pCreds->lpszHost);
  570. LPSTR lpszFQDN = GetFQDN(_pCreds->lpszHost);
  571. LPSTR lpszHostName = lpszFQDN ? lpszFQDN : _pCreds->lpszHost;
  573. SECURITY_STATUS ssResult;
  574. __try
  575. {
  576. ssResult = SEC_E_INTERNAL_ERROR;
  577. dwError = AuthenticateUser(&_pvContext,
  578. lpszHostName,
  579. GetScheme(),
  580. fCanUseLogon,
  581. _szData,
  582. _cbData,
  583. _pCreds->lpszUser,
  584. _pCreds->lpszPass,
  585. &ssResult);
  589. // Kerberos package can get into a bad state.
  590. if (GetSchemeType() == WINHTTP_AUTH_SCHEME_KERBEROS && ssResult == SEC_E_WRONG_PRINCIPAL)
  591. dwError = ERROR_WINHTTP_INCORRECT_PASSWORD;
  593. // Transit to the correct auth state.
  594. if (ssResult == SEC_E_OK || ssResult == SEC_I_CONTINUE_NEEDED)
  595. {
  596. if (GetSchemeType() == WINHTTP_AUTH_SCHEME_NEGOTIATE)
  597. ResolveProtocol();
  599. // Kerberos + SEC_E_OK or SEC_I_CONTINUE_NEEDED transits to challenge.
  600. // Negotiate does not transit to challenge.
  601. // Any other protocol + SEC_E_OK only transits to challenge.
  602. if ((GetSchemeType() == WINHTTP_AUTH_SCHEME_KERBEROS
  603. && (ssResult == SEC_E_OK || ssResult == SEC_I_CONTINUE_NEEDED))
  604. || (GetSchemeType() != WINHTTP_AUTH_SCHEME_NEGOTIATE && ssResult == SEC_E_OK))
  605. {
  606. _pRequest->SetAuthState(AUTHSTATE_CHALLENGE);
  607. }
  608. }
  609. }
  610. __except (EXCEPTION_EXECUTE_HANDLER)
  611. {
  612. DEBUG_PRINT (HTTP, ERROR, ("AuthenticateUser faulted!\n"));
  613. dwError = ERROR_BAD_FORMAT;
  614. _pSPMData->eState = STATE_ERROR;
  615. }
  616. ENDEXCEPT
  618. if (_szAlloc)
  619. {
  620. delete _szAlloc;
  621. _szAlloc = NULL;
  622. _szData = NULL;
  623. }
  625. _cbData = 0;
  627. exit:
  628. _CtxCriSec.Unlock();
  629. return dwError;
  630. }
  632. LPSTR PLUG_CTX::GetFQDN(LPSTR lpszHostName)
  633. {
  634. if (lstrcmpi(GetScheme(), "Negotiate")) // only need to get FQDN for Kerberos
  635. {
  636. return NULL;
  637. }
  639. if (_pszFQDN)
  640. {
  641. return _pszFQDN;
  642. }
  644. SERIALIZED_LIST* pResolverCache = GetRootHandle(_pRequest)->GetResolverCache()->GetResolverCacheList();
  645. LPHOSTENT lpHostent;
  646. DWORD TTL;
  647. if (QueryHostentCache(pResolverCache,
  648. (LPSTR)lpszHostName,
  649. NULL,
  650. &lpHostent,
  651. &TTL))
  652. {
  653. _pszFQDN = (lpHostent->h_name ? NewString(lpHostent->h_name) : NULL);
  654. ReleaseHostentCacheEntry(pResolverCache, lpHostent);
  655. return _pszFQDN;
  656. }
  658. return NULL;
  659. }