Home | History | Annotate | Download | only in vauth 
      1 /***************************************************************************
      2  *                                  _   _ ____  _
      3  *  Project                     ___| | | |  _ \| |
      4  *                             / __| | | | |_) | |
      5  *                            | (__| |_| |  _ <| |___
      6  *                             \___|\___/|_| \_\_____|
      7  *
      8  * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel (at) haxx.se>, et al.
      9  *
     10  * This software is licensed as described in the file COPYING, which
     11  * you should have received as part of this distribution. The terms
     12  * are also available at https://curl.haxx.se/docs/copyright.html.
     13  *
     14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
     15  * copies of the Software, and permit persons to whom the Software is
     16  * furnished to do so, under the terms of the COPYING file.
     17  *
     18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
     19  * KIND, either express or implied.
     20  *
     21  * RFC4616 PLAIN authentication
     22  * Draft   LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
     23  *
     24  ***************************************************************************/
     25 
     26 #include "curl_setup.h"
     27 
     28 #include <curl/curl.h>
     29 #include "urldata.h"
     30 
     31 #include "vauth/vauth.h"
     32 #include "curl_base64.h"
     33 #include "curl_md5.h"
     34 #include "warnless.h"
     35 #include "strtok.h"
     36 #include "strequal.h"
     37 #include "rawstr.h"
     38 #include "sendf.h"
     39 #include "curl_printf.h"
     40 
     41 /* The last #include files should be: */
     42 #include "curl_memory.h"
     43 #include "memdebug.h"
     44 
     45 /*
     46  * Curl_auth_create_plain_message()
     47  *
     48  * This is used to generate an already encoded PLAIN message ready
     49  * for sending to the recipient.
     50  *
     51  * Parameters:
     52  *
     53  * data    [in]     - The session handle.
     54  * userp   [in]     - The user name.
     55  * passdwp [in]     - The user's password.
     56  * outptr  [in/out] - The address where a pointer to newly allocated memory
     57  *                    holding the result will be stored upon completion.
     58  * outlen  [out]    - The length of the output message.
     59  *
     60  * Returns CURLE_OK on success.
     61  */
     62 CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
     63                                         const char *userp,
     64                                         const char *passwdp,
     65                                         char **outptr, size_t *outlen)
     66 {
     67   CURLcode result;
     68   char *plainauth;
     69   size_t ulen;
     70   size_t plen;
     71 
     72   ulen = strlen(userp);
     73   plen = strlen(passwdp);
     74 
     75   plainauth = malloc(2 * ulen + plen + 2);
     76   if(!plainauth) {
     77     *outlen = 0;
     78     *outptr = NULL;
     79     return CURLE_OUT_OF_MEMORY;
     80   }
     81 
     82   /* Calculate the reply */
     83   memcpy(plainauth, userp, ulen);
     84   plainauth[ulen] = '\0';
     85   memcpy(plainauth + ulen + 1, userp, ulen);
     86   plainauth[2 * ulen + 1] = '\0';
     87   memcpy(plainauth + 2 * ulen + 2, passwdp, plen);
     88 
     89   /* Base64 encode the reply */
     90   result = Curl_base64_encode(data, plainauth, 2 * ulen + plen + 2, outptr,
     91                               outlen);
     92   free(plainauth);
     93 
     94   return result;
     95 }
     96 
     97 /*
     98  * Curl_auth_create_login_message()
     99  *
    100  * This is used to generate an already encoded LOGIN message containing the
    101  * user name or password ready for sending to the recipient.
    102  *
    103  * Parameters:
    104  *
    105  * data    [in]     - The session handle.
    106  * valuep  [in]     - The user name or user's password.
    107  * outptr  [in/out] - The address where a pointer to newly allocated memory
    108  *                    holding the result will be stored upon completion.
    109  * outlen  [out]    - The length of the output message.
    110  *
    111  * Returns CURLE_OK on success.
    112  */
    113 CURLcode Curl_auth_create_login_message(struct Curl_easy *data,
    114                                         const char *valuep, char **outptr,
    115                                         size_t *outlen)
    116 {
    117   size_t vlen = strlen(valuep);
    118 
    119   if(!vlen) {
    120     /* Calculate an empty reply */
    121     *outptr = strdup("=");
    122     if(*outptr) {
    123       *outlen = (size_t) 1;
    124       return CURLE_OK;
    125     }
    126 
    127     *outlen = 0;
    128     return CURLE_OUT_OF_MEMORY;
    129   }
    130 
    131   /* Base64 encode the value */
    132   return Curl_base64_encode(data, valuep, vlen, outptr, outlen);
    133 }
    134 
    135 /*
    136  * Curl_auth_create_external_message()
    137  *
    138  * This is used to generate an already encoded EXTERNAL message containing
    139  * the user name ready for sending to the recipient.
    140  *
    141  * Parameters:
    142  *
    143  * data    [in]     - The session handle.
    144  * user    [in]     - The user name.
    145  * outptr  [in/out] - The address where a pointer to newly allocated memory
    146  *                    holding the result will be stored upon completion.
    147  * outlen  [out]    - The length of the output message.
    148  *
    149  * Returns CURLE_OK on success.
    150  */
    151 CURLcode Curl_auth_create_external_message(struct Curl_easy *data,
    152                                            const char *user, char **outptr,
    153                                            size_t *outlen)
    154 {
    155   /* This is the same formatting as the login message */
    156   return Curl_auth_create_login_message(data, user, outptr, outlen);
    157 }
    158