Use "Unicode" versions of SSPI functions

Start making it "Unicode"-clean. Admittedly this is largely theoretical
in this patch because it's vanishingly unlikely that the hostname will
be non-ASCII, but it's a good place to start.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

ntlm.c

@@ -72,10 +72,15 @@ static int ntlm_sspi(struct openconnect_info *vpninfo, struct oc_text_buf *buf,
         out_token.cbBuffer = 0;
         out_token.pvBuffer = NULL;
 
-	status = InitializeSecurityContext(&vpninfo->ntlm_sspi_cred, challenge ? &vpninfo->ntlm_sspi_ctx : NULL, (SEC_CHAR *)"",
-					   ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_CONFIDENTIALITY | ISC_REQ_REPLAY_DETECT | ISC_REQ_CONNECTION,
-					   0, SECURITY_NETWORK_DREP, challenge ? &input_desc : NULL, 0, &vpninfo->ntlm_sspi_ctx,
-					   &output_desc, &ret_flags, NULL);
+	status = InitializeSecurityContextW(&vpninfo->ntlm_sspi_cred,
+					    challenge ? &vpninfo->ntlm_sspi_ctx : NULL,
+					    (SEC_WCHAR *)L"",
+					    ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_CONFIDENTIALITY | ISC_REQ_REPLAY_DETECT | ISC_REQ_CONNECTION,
+					    0, SECURITY_NETWORK_DREP,
+					    challenge ? &input_desc : NULL,
+					    0, &vpninfo->ntlm_sspi_ctx,
+					    &output_desc, &ret_flags, NULL);
+
 	if (status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
 		vpn_progress(vpninfo, PRG_ERR,
 			     _("InitializeSecurityContext() failed: %lx\n"), status);
@@ -96,8 +101,10 @@ static int ntlm_helper_spawn(struct openconnect_info *vpninfo, struct oc_text_bu
         SECURITY_STATUS status;
 	int ret;
 
-	status = AcquireCredentialsHandle(NULL, (SEC_CHAR *)"NTLM", SECPKG_CRED_OUTBOUND,
-					  NULL, NULL, NULL, NULL, &vpninfo->ntlm_sspi_cred, NULL);
+	status = AcquireCredentialsHandleW(NULL, (SEC_WCHAR *)L"NTLM",
+					   SECPKG_CRED_OUTBOUND, NULL, NULL,
+					   NULL, NULL,
+					   &vpninfo->ntlm_sspi_cred, NULL);
 	if (status != SEC_E_OK) {
 		vpn_progress(vpninfo, PRG_ERR,
 			     _("AcquireCredentialsHandle() failed: %lx\n"), status);

openconnect-internal.h

@@ -217,7 +217,7 @@ struct openconnect_info {
 	CtxtHandle ntlm_sspi_ctx;
 	CredHandle sspi_cred;
 	CtxtHandle sspi_ctx;
-	char *sspi_target_name;
+	SEC_WCHAR *sspi_target_name;
 #else
 	int ntlm_helper_fd;
 #endif

sspi.c

@@ -26,12 +26,23 @@
 static int sspi_setup(struct openconnect_info *vpninfo, const char *service)
 {
 	SECURITY_STATUS status;
+	struct oc_text_buf *buf = buf_alloc();
 
-	if (asprintf(&vpninfo->sspi_target_name, "%s/%s", service, vpninfo->proxy) == -1)
-		return -ENOMEM;
+	buf_append_utf16le(buf, service);
+	buf_append_utf16le(buf, "/");
+	buf_append_utf16le(buf, vpninfo->proxy);
+
+	if (buf_error(buf))
+		return buf_free(buf);
+
+	vpninfo->sspi_target_name = (wchar_t *)buf->data;
+	buf->data = NULL;
+	buf_free(buf);
 
-	status = AcquireCredentialsHandle(NULL, (SEC_CHAR *)"Negotiate", SECPKG_CRED_OUTBOUND,
-					  NULL, NULL, NULL, NULL, &vpninfo->sspi_cred, NULL);
+	status = AcquireCredentialsHandleW(NULL, (SEC_WCHAR *)L"Negotiate",
+					   SECPKG_CRED_OUTBOUND, NULL, NULL,
+					   NULL, NULL, &vpninfo->sspi_cred,
+					   NULL);
 	if (status != SEC_E_OK) {
 		vpn_progress(vpninfo, PRG_ERR,
 			     _("AcquireCredentialsHandle() failed: %lx\n"), status);
@@ -89,11 +100,14 @@ int gssapi_authorization(struct openconnect_info *vpninfo, struct oc_text_buf *h
 	out_token.cbBuffer = 0;
 	out_token.pvBuffer = NULL;
 
-	status = InitializeSecurityContext(&vpninfo->sspi_cred, first ? NULL : &vpninfo->sspi_ctx,
-					   (SEC_CHAR *)vpninfo->sspi_target_name,
-					   ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_CONFIDENTIALITY | ISC_REQ_REPLAY_DETECT | ISC_REQ_CONNECTION,
-					   0, SECURITY_NETWORK_DREP, first ? NULL : &input_desc, 0, &vpninfo->sspi_ctx,
-					   &output_desc, &ret_flags, NULL);
+	status = InitializeSecurityContextW(&vpninfo->sspi_cred,
+					    first ? NULL : &vpninfo->sspi_ctx,
+					    vpninfo->sspi_target_name,
+					    ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_CONFIDENTIALITY | ISC_REQ_REPLAY_DETECT | ISC_REQ_CONNECTION,
+					    0, SECURITY_NETWORK_DREP,
+					    first ? NULL : &input_desc,
+					    0, &vpninfo->sspi_ctx,
+					    &output_desc, &ret_flags, NULL);
 	if (status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
 		vpn_progress(vpninfo, PRG_ERR,
 			     _("InitializeSecurityContext() failed: %lx\n"), status);
@@ -158,11 +172,13 @@ int socks_gssapi_auth(struct openconnect_info *vpninfo)
 	out_token.pvBuffer = NULL;
 
 	while (1) {
-		status = InitializeSecurityContext(&vpninfo->sspi_cred, first ? NULL : &vpninfo->sspi_ctx,
-						   (SEC_CHAR *)vpninfo->sspi_target_name,
-						   ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_CONFIDENTIALITY | ISC_REQ_REPLAY_DETECT | ISC_REQ_CONNECTION,
-						   0, SECURITY_NETWORK_DREP, first ? NULL : &input_desc, 0, &vpninfo->sspi_ctx,
-						   &output_desc, &ret_flags, NULL);
+		status = InitializeSecurityContextW(&vpninfo->sspi_cred, first ? NULL : &vpninfo->sspi_ctx,
+						    vpninfo->sspi_target_name,
+						    ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_CONFIDENTIALITY | ISC_REQ_REPLAY_DETECT | ISC_REQ_CONNECTION,
+						    0, SECURITY_NETWORK_DREP,
+						    first ? NULL : &input_desc,
+						    0, &vpninfo->sspi_ctx,
+						    &output_desc, &ret_flags, NULL);
 		if (status == SEC_E_OK) {
 			vpn_progress(vpninfo, PRG_DEBUG,
 				     _("GSSAPI authentication completed\n"));