1/***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 * RFC4616 PLAIN authentication
24 * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
25 *
26 ***************************************************************************/
27
28#include "curl_setup.h"
29
30#if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \
31 !defined(CURL_DISABLE_POP3) || \
32 (!defined(CURL_DISABLE_LDAP) && defined(USE_OPENLDAP))
33
34#include <curl/curl.h>
35#include "urldata.h"
36
37#include "vauth/vauth.h"
38#include "warnless.h"
39#include "strtok.h"
40#include "sendf.h"
41#include "curl_printf.h"
42
43/* The last #include files should be: */
44#include "curl_memory.h"
45#include "memdebug.h"
46
47/*
48 * Curl_auth_create_plain_message()
49 *
50 * This is used to generate an already encoded PLAIN message ready
51 * for sending to the recipient.
52 *
53 * Parameters:
54 *
55 * authzid [in] - The authorization identity.
56 * authcid [in] - The authentication identity.
57 * passwd [in] - The password.
58 * out [out] - The result storage.
59 *
60 * Returns CURLE_OK on success.
61 */
62CURLcode Curl_auth_create_plain_message(const char *authzid,
63 const char *authcid,
64 const char *passwd,
65 struct bufref *out)
66{
67 char *plainauth;
68 size_t plainlen;
69 size_t zlen;
70 size_t clen;
71 size_t plen;
72
73 zlen = (authzid == NULL ? 0 : strlen(authzid));
74 clen = strlen(authcid);
75 plen = strlen(passwd);
76
77 /* Compute binary message length. Check for overflows. */
78 if((zlen > SIZE_T_MAX/4) || (clen > SIZE_T_MAX/4) ||
79 (plen > (SIZE_T_MAX/2 - 2)))
80 return CURLE_OUT_OF_MEMORY;
81 plainlen = zlen + clen + plen + 2;
82
83 plainauth = malloc(plainlen + 1);
84 if(!plainauth)
85 return CURLE_OUT_OF_MEMORY;
86
87 /* Calculate the reply */
88 if(zlen)
89 memcpy(plainauth, authzid, zlen);
90 plainauth[zlen] = '\0';
91 memcpy(plainauth + zlen + 1, authcid, clen);
92 plainauth[zlen + clen + 1] = '\0';
93 memcpy(plainauth + zlen + clen + 2, passwd, plen);
94 plainauth[plainlen] = '\0';
95 Curl_bufref_set(out, plainauth, plainlen, curl_free);
96 return CURLE_OK;
97}
98
99/*
100 * Curl_auth_create_login_message()
101 *
102 * This is used to generate an already encoded LOGIN message containing the
103 * user name or password ready for sending to the recipient.
104 *
105 * Parameters:
106 *
107 * valuep [in] - The user name or user's password.
108 * out [out] - The result storage.
109 *
110 * Returns CURLE_OK on success.
111 */
112CURLcode Curl_auth_create_login_message(const char *valuep, struct bufref *out)
113{
114 Curl_bufref_set(out, valuep, strlen(valuep), NULL);
115 return CURLE_OK;
116}
117
118/*
119 * Curl_auth_create_external_message()
120 *
121 * This is used to generate an already encoded EXTERNAL message containing
122 * the user name ready for sending to the recipient.
123 *
124 * Parameters:
125 *
126 * user [in] - The user name.
127 * out [out] - The result storage.
128 *
129 * Returns CURLE_OK on success.
130 */
131CURLcode Curl_auth_create_external_message(const char *user,
132 struct bufref *out)
133{
134 /* This is the same formatting as the login message */
135 return Curl_auth_create_login_message(user, out);
136}
137
138#endif /* if no users */
139