1/***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * RFC4616 PLAIN authentication
22 * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
23 *
24 ***************************************************************************/
25
26#include "curl_setup.h"
27
28#if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \
29 !defined(CURL_DISABLE_POP3)
30
31#include <curl/curl.h>
32#include "urldata.h"
33
34#include "vauth/vauth.h"
35#include "curl_md5.h"
36#include "warnless.h"
37#include "strtok.h"
38#include "sendf.h"
39#include "curl_printf.h"
40
41/* The last #include files should be: */
42#include "curl_memory.h"
43#include "memdebug.h"
44
45/*
46 * Curl_auth_create_plain_message()
47 *
48 * This is used to generate an already encoded PLAIN message ready
49 * for sending to the recipient.
50 *
51 * Parameters:
52 *
53 * authzid [in] - The authorization identity.
54 * authcid [in] - The authentication identity.
55 * passwd [in] - The password.
56 * out [out] - The result storage.
57 *
58 * Returns CURLE_OK on success.
59 */
60CURLcode Curl_auth_create_plain_message(const char *authzid,
61 const char *authcid,
62 const char *passwd,
63 struct bufref *out)
64{
65 char *plainauth;
66 size_t plainlen;
67 size_t zlen;
68 size_t clen;
69 size_t plen;
70
71 zlen = (authzid == NULL ? 0 : strlen(authzid));
72 clen = strlen(authcid);
73 plen = strlen(passwd);
74
75 /* Compute binary message length. Check for overflows. */
76 if((zlen > SIZE_T_MAX/4) || (clen > SIZE_T_MAX/4) ||
77 (plen > (SIZE_T_MAX/2 - 2)))
78 return CURLE_OUT_OF_MEMORY;
79 plainlen = zlen + clen + plen + 2;
80
81 plainauth = malloc(plainlen + 1);
82 if(!plainauth)
83 return CURLE_OUT_OF_MEMORY;
84
85 /* Calculate the reply */
86 if(zlen)
87 memcpy(plainauth, authzid, zlen);
88 plainauth[zlen] = '\0';
89 memcpy(plainauth + zlen + 1, authcid, clen);
90 plainauth[zlen + clen + 1] = '\0';
91 memcpy(plainauth + zlen + clen + 2, passwd, plen);
92 plainauth[plainlen] = '\0';
93 Curl_bufref_set(out, plainauth, plainlen, curl_free);
94 return CURLE_OK;
95}
96
97/*
98 * Curl_auth_create_login_message()
99 *
100 * This is used to generate an already encoded LOGIN message containing the
101 * user name or password ready for sending to the recipient.
102 *
103 * Parameters:
104 *
105 * valuep [in] - The user name or user's password.
106 * out [out] - The result storage.
107 *
108 * Returns CURLE_OK on success.
109 */
110CURLcode Curl_auth_create_login_message(const char *valuep, struct bufref *out)
111{
112 Curl_bufref_set(out, valuep, strlen(valuep), NULL);
113 return CURLE_OK;
114}
115
116/*
117 * Curl_auth_create_external_message()
118 *
119 * This is used to generate an already encoded EXTERNAL message containing
120 * the user name ready for sending to the recipient.
121 *
122 * Parameters:
123 *
124 * user [in] - The user name.
125 * out [out] - The result storage.
126 *
127 * Returns CURLE_OK on success.
128 */
129CURLcode Curl_auth_create_external_message(const char *user,
130 struct bufref *out)
131{
132 /* This is the same formatting as the login message */
133 return Curl_auth_create_login_message(user, out);
134}
135
136#endif /* if no users */
137