Home | History | Annotate | Download | only in lib
      1 #ifndef HEADER_CURL_SASL_H
      2 #define HEADER_CURL_SASL_H
      3 /***************************************************************************
      4  *                                  _   _ ____  _
      5  *  Project                     ___| | | |  _ \| |
      6  *                             / __| | | | |_) | |
      7  *                            | (__| |_| |  _ <| |___
      8  *                             \___|\___/|_| \_\_____|
      9  *
     10  * Copyright (C) 2012 - 2016, Daniel Stenberg, <daniel (at) haxx.se>, et al.
     11  *
     12  * This software is licensed as described in the file COPYING, which
     13  * you should have received as part of this distribution. The terms
     14  * are also available at https://curl.haxx.se/docs/copyright.html.
     15  *
     16  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
     17  * copies of the Software, and permit persons to whom the Software is
     18  * furnished to do so, under the terms of the COPYING file.
     19  *
     20  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
     21  * KIND, either express or implied.
     22  *
     23  ***************************************************************************/
     24 
     25 #include <curl/curl.h>
     26 
     27 struct Curl_easy;
     28 struct connectdata;
     29 
     30 /* Authentication mechanism flags */
     31 #define SASL_MECH_LOGIN             (1 << 0)
     32 #define SASL_MECH_PLAIN             (1 << 1)
     33 #define SASL_MECH_CRAM_MD5          (1 << 2)
     34 #define SASL_MECH_DIGEST_MD5        (1 << 3)
     35 #define SASL_MECH_GSSAPI            (1 << 4)
     36 #define SASL_MECH_EXTERNAL          (1 << 5)
     37 #define SASL_MECH_NTLM              (1 << 6)
     38 #define SASL_MECH_XOAUTH2           (1 << 7)
     39 #define SASL_MECH_OAUTHBEARER       (1 << 8)
     40 
     41 /* Authentication mechanism values */
     42 #define SASL_AUTH_NONE          0
     43 #define SASL_AUTH_ANY           ~0U
     44 #define SASL_AUTH_DEFAULT       (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL)
     45 
     46 /* Authentication mechanism strings */
     47 #define SASL_MECH_STRING_LOGIN        "LOGIN"
     48 #define SASL_MECH_STRING_PLAIN        "PLAIN"
     49 #define SASL_MECH_STRING_CRAM_MD5     "CRAM-MD5"
     50 #define SASL_MECH_STRING_DIGEST_MD5   "DIGEST-MD5"
     51 #define SASL_MECH_STRING_GSSAPI       "GSSAPI"
     52 #define SASL_MECH_STRING_EXTERNAL     "EXTERNAL"
     53 #define SASL_MECH_STRING_NTLM         "NTLM"
     54 #define SASL_MECH_STRING_XOAUTH2      "XOAUTH2"
     55 #define SASL_MECH_STRING_OAUTHBEARER  "OAUTHBEARER"
     56 
     57 /* SASL machine states */
     58 typedef enum {
     59   SASL_STOP,
     60   SASL_PLAIN,
     61   SASL_LOGIN,
     62   SASL_LOGIN_PASSWD,
     63   SASL_EXTERNAL,
     64   SASL_CRAMMD5,
     65   SASL_DIGESTMD5,
     66   SASL_DIGESTMD5_RESP,
     67   SASL_NTLM,
     68   SASL_NTLM_TYPE2MSG,
     69   SASL_GSSAPI,
     70   SASL_GSSAPI_TOKEN,
     71   SASL_GSSAPI_NO_DATA,
     72   SASL_OAUTH2,
     73   SASL_OAUTH2_RESP,
     74   SASL_CANCEL,
     75   SASL_FINAL
     76 } saslstate;
     77 
     78 /* Progress indicator */
     79 typedef enum {
     80   SASL_IDLE,
     81   SASL_INPROGRESS,
     82   SASL_DONE
     83 } saslprogress;
     84 
     85 /* Protocol dependent SASL parameters */
     86 struct SASLproto {
     87   const char *service;     /* The service name */
     88   int contcode;            /* Code to receive when continuation is expected */
     89   int finalcode;           /* Code to receive upon authentication success */
     90   size_t maxirlen;         /* Maximum initial response length */
     91   CURLcode (*sendauth)(struct connectdata *conn,
     92                        const char *mech, const char *ir);
     93                            /* Send authentication command */
     94   CURLcode (*sendcont)(struct connectdata *conn, const char *contauth);
     95                            /* Send authentication continuation */
     96   void (*getmessage)(char *buffer, char **outptr);
     97                            /* Get SASL response message */
     98 };
     99 
    100 /* Per-connection parameters */
    101 struct SASL {
    102   const struct SASLproto *params; /* Protocol dependent parameters */
    103   saslstate state;         /* Current machine state */
    104   unsigned int authmechs;  /* Accepted authentication mechanisms */
    105   unsigned int prefmech;   /* Preferred authentication mechanism */
    106   unsigned int authused;   /* Auth mechanism used for the connection */
    107   bool resetprefs;         /* For URL auth option parsing. */
    108   bool mutual_auth;        /* Mutual authentication enabled (GSSAPI only) */
    109   bool force_ir;           /* Protocol always supports initial response */
    110 };
    111 
    112 /* This is used to test whether the line starts with the given mechanism */
    113 #define sasl_mech_equal(line, wordlen, mech) \
    114   (wordlen == (sizeof(mech) - 1) / sizeof(char) && \
    115    !memcmp(line, mech, wordlen))
    116 
    117 /* This is used to cleanup any libraries or curl modules used by the sasl
    118    functions */
    119 void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused);
    120 
    121 /* Convert a mechanism name to a token */
    122 unsigned int Curl_sasl_decode_mech(const char *ptr,
    123                                    size_t maxlen, size_t *len);
    124 
    125 /* Parse the URL login options */
    126 CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl,
    127                                          const char *value, size_t len);
    128 
    129 /* Initializes an SASL structure */
    130 void Curl_sasl_init(struct SASL *sasl, const struct SASLproto *params);
    131 
    132 /* Check if we have enough auth data and capabilities to authenticate */
    133 bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn);
    134 
    135 /* Calculate the required login details for SASL authentication  */
    136 CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
    137                          bool force_ir, saslprogress *progress);
    138 
    139 /* Continue an SASL authentication  */
    140 CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
    141                             int code, saslprogress *progress);
    142 
    143 #endif /* HEADER_CURL_SASL_H */
    144