1 | #ifndef HEADER_CURL_SASL_H |
2 | #define |
3 | /*************************************************************************** |
4 | * _ _ ____ _ |
5 | * Project ___| | | | _ \| | |
6 | * / __| | | | |_) | | |
7 | * | (__| |_| | _ <| |___ |
8 | * \___|\___/|_| \_\_____| |
9 | * |
10 | * Copyright (C) 2012 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. |
11 | * |
12 | * This software is licensed as described in the file COPYING, which |
13 | * you should have received as part of this distribution. The terms |
14 | * are also available at https://curl.haxx.se/docs/copyright.html. |
15 | * |
16 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
17 | * copies of the Software, and permit persons to whom the Software is |
18 | * furnished to do so, under the terms of the COPYING file. |
19 | * |
20 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
21 | * KIND, either express or implied. |
22 | * |
23 | ***************************************************************************/ |
24 | |
25 | #include <curl/curl.h> |
26 | |
27 | struct Curl_easy; |
28 | struct connectdata; |
29 | |
30 | /* Authentication mechanism flags */ |
31 | #define SASL_MECH_LOGIN (1 << 0) |
32 | #define SASL_MECH_PLAIN (1 << 1) |
33 | #define SASL_MECH_CRAM_MD5 (1 << 2) |
34 | #define SASL_MECH_DIGEST_MD5 (1 << 3) |
35 | #define SASL_MECH_GSSAPI (1 << 4) |
36 | #define SASL_MECH_EXTERNAL (1 << 5) |
37 | #define SASL_MECH_NTLM (1 << 6) |
38 | #define SASL_MECH_XOAUTH2 (1 << 7) |
39 | #define SASL_MECH_OAUTHBEARER (1 << 8) |
40 | |
41 | /* Authentication mechanism values */ |
42 | #define SASL_AUTH_NONE 0 |
43 | #define SASL_AUTH_ANY ~0U |
44 | #define SASL_AUTH_DEFAULT (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL) |
45 | |
46 | /* Authentication mechanism strings */ |
47 | #define SASL_MECH_STRING_LOGIN "LOGIN" |
48 | #define SASL_MECH_STRING_PLAIN "PLAIN" |
49 | #define SASL_MECH_STRING_CRAM_MD5 "CRAM-MD5" |
50 | #define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5" |
51 | #define SASL_MECH_STRING_GSSAPI "GSSAPI" |
52 | #define SASL_MECH_STRING_EXTERNAL "EXTERNAL" |
53 | #define SASL_MECH_STRING_NTLM "NTLM" |
54 | #define SASL_MECH_STRING_XOAUTH2 "XOAUTH2" |
55 | #define SASL_MECH_STRING_OAUTHBEARER "OAUTHBEARER" |
56 | |
57 | /* SASL machine states */ |
58 | typedef enum { |
59 | SASL_STOP, |
60 | SASL_PLAIN, |
61 | SASL_LOGIN, |
62 | SASL_LOGIN_PASSWD, |
63 | SASL_EXTERNAL, |
64 | SASL_CRAMMD5, |
65 | SASL_DIGESTMD5, |
66 | SASL_DIGESTMD5_RESP, |
67 | SASL_NTLM, |
68 | SASL_NTLM_TYPE2MSG, |
69 | SASL_GSSAPI, |
70 | SASL_GSSAPI_TOKEN, |
71 | SASL_GSSAPI_NO_DATA, |
72 | SASL_OAUTH2, |
73 | SASL_OAUTH2_RESP, |
74 | SASL_CANCEL, |
75 | SASL_FINAL |
76 | } saslstate; |
77 | |
78 | /* Progress indicator */ |
79 | typedef enum { |
80 | SASL_IDLE, |
81 | SASL_INPROGRESS, |
82 | SASL_DONE |
83 | } saslprogress; |
84 | |
85 | /* Protocol dependent SASL parameters */ |
86 | struct SASLproto { |
87 | const char *service; /* The service name */ |
88 | int contcode; /* Code to receive when continuation is expected */ |
89 | int finalcode; /* Code to receive upon authentication success */ |
90 | size_t maxirlen; /* Maximum initial response length */ |
91 | CURLcode (*sendauth)(struct connectdata *conn, |
92 | const char *mech, const char *ir); |
93 | /* Send authentication command */ |
94 | CURLcode (*sendcont)(struct connectdata *conn, const char *contauth); |
95 | /* Send authentication continuation */ |
96 | void (*getmessage)(char *buffer, char **outptr); |
97 | /* Get SASL response message */ |
98 | }; |
99 | |
100 | /* Per-connection parameters */ |
101 | struct SASL { |
102 | const struct SASLproto *params; /* Protocol dependent parameters */ |
103 | saslstate state; /* Current machine state */ |
104 | unsigned int authmechs; /* Accepted authentication mechanisms */ |
105 | unsigned int prefmech; /* Preferred authentication mechanism */ |
106 | unsigned int authused; /* Auth mechanism used for the connection */ |
107 | bool resetprefs; /* For URL auth option parsing. */ |
108 | bool mutual_auth; /* Mutual authentication enabled (GSSAPI only) */ |
109 | bool force_ir; /* Protocol always supports initial response */ |
110 | }; |
111 | |
112 | /* This is used to test whether the line starts with the given mechanism */ |
113 | #define sasl_mech_equal(line, wordlen, mech) \ |
114 | (wordlen == (sizeof(mech) - 1) / sizeof(char) && \ |
115 | !memcmp(line, mech, wordlen)) |
116 | |
117 | /* This is used to cleanup any libraries or curl modules used by the sasl |
118 | functions */ |
119 | void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused); |
120 | |
121 | /* Convert a mechanism name to a token */ |
122 | unsigned int Curl_sasl_decode_mech(const char *ptr, |
123 | size_t maxlen, size_t *len); |
124 | |
125 | /* Parse the URL login options */ |
126 | CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl, |
127 | const char *value, size_t len); |
128 | |
129 | /* Initializes an SASL structure */ |
130 | void Curl_sasl_init(struct SASL *sasl, const struct SASLproto *params); |
131 | |
132 | /* Check if we have enough auth data and capabilities to authenticate */ |
133 | bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn); |
134 | |
135 | /* Calculate the required login details for SASL authentication */ |
136 | CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn, |
137 | bool force_ir, saslprogress *progress); |
138 | |
139 | /* Continue an SASL authentication */ |
140 | CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn, |
141 | int code, saslprogress *progress); |
142 | |
143 | #endif /* HEADER_CURL_SASL_H */ |
144 | |