1/***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 2020 - 2021, Simon Josefsson, <simon@josefsson.org>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * RFC5802 SCRAM-SHA-1 authentication
22 *
23 ***************************************************************************/
24
25#include "curl_setup.h"
26
27#ifdef USE_GSASL
28
29#include <curl/curl.h>
30
31#include "vauth/vauth.h"
32#include "urldata.h"
33#include "sendf.h"
34
35#include <gsasl.h>
36
37/* The last #include files should be: */
38#include "curl_memory.h"
39#include "memdebug.h"
40
41bool Curl_auth_gsasl_is_supported(struct Curl_easy *data,
42 const char *mech,
43 struct gsasldata *gsasl)
44{
45 int res;
46
47 res = gsasl_init(&gsasl->ctx);
48 if(res != GSASL_OK) {
49 failf(data, "gsasl init: %s\n", gsasl_strerror(res));
50 return FALSE;
51 }
52
53 res = gsasl_client_start(gsasl->ctx, mech, &gsasl->client);
54 if(res != GSASL_OK) {
55 gsasl_done(gsasl->ctx);
56 return FALSE;
57 }
58
59 return true;
60}
61
62CURLcode Curl_auth_gsasl_start(struct Curl_easy *data,
63 const char *userp,
64 const char *passwdp,
65 struct gsasldata *gsasl)
66{
67#if GSASL_VERSION_NUMBER >= 0x010b00
68 int res;
69 res =
70#endif
71 gsasl_property_set(gsasl->client, GSASL_AUTHID, userp);
72#if GSASL_VERSION_NUMBER >= 0x010b00
73 if(res != GSASL_OK) {
74 failf(data, "setting AUTHID failed: %s\n", gsasl_strerror(res));
75 return CURLE_OUT_OF_MEMORY;
76 }
77#endif
78
79#if GSASL_VERSION_NUMBER >= 0x010b00
80 res =
81#endif
82 gsasl_property_set(gsasl->client, GSASL_PASSWORD, passwdp);
83#if GSASL_VERSION_NUMBER >= 0x010b00
84 if(res != GSASL_OK) {
85 failf(data, "setting PASSWORD failed: %s\n", gsasl_strerror(res));
86 return CURLE_OUT_OF_MEMORY;
87 }
88#endif
89
90 (void)data;
91
92 return CURLE_OK;
93}
94
95CURLcode Curl_auth_gsasl_token(struct Curl_easy *data,
96 const struct bufref *chlg,
97 struct gsasldata *gsasl,
98 struct bufref *out)
99{
100 int res;
101 char *response;
102 size_t outlen;
103
104 res = gsasl_step(gsasl->client,
105 (const char *) Curl_bufref_ptr(chlg), Curl_bufref_len(chlg),
106 &response, &outlen);
107 if(res != GSASL_OK && res != GSASL_NEEDS_MORE) {
108 failf(data, "GSASL step: %s\n", gsasl_strerror(res));
109 return CURLE_BAD_CONTENT_ENCODING;
110 }
111
112 Curl_bufref_set(out, response, outlen, gsasl_free);
113 return CURLE_OK;
114}
115
116void Curl_auth_gsasl_cleanup(struct gsasldata *gsasl)
117{
118 gsasl_finish(gsasl->client);
119 gsasl->client = NULL;
120
121 gsasl_done(gsasl->ctx);
122 gsasl->ctx = NULL;
123}
124#endif
125