Lines Matching refs:SASL
24 * RFC4422 Simple Authentication and Security Layer (SASL)
27 * RFC7628 A Set of SASL Mechanisms for OAuth
28 * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
75 * This is used to cleanup any libraries or curl modules used by the sasl
109 * Convert a SASL mechanism name into a token.
117 * Returns the SASL mechanism token or 0 if no match.
147 CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl,
157 if(sasl->resetprefs) {
158 sasl->resetprefs = FALSE;
159 sasl->prefmech = SASL_AUTH_NONE;
163 sasl->prefmech = SASL_AUTH_DEFAULT;
167 sasl->prefmech |= mechbit;
178 * Initializes the SASL structure.
180 void Curl_sasl_init(struct SASL *sasl, const struct SASLproto *params)
182 sasl->params = params; /* Set protocol dependent parameters */
183 sasl->state = SASL_STOP; /* Not yet running */
184 sasl->authmechs = SASL_AUTH_NONE; /* No known authentication mechanism yet */
185 sasl->prefmech = SASL_AUTH_DEFAULT; /* Prefer all mechanisms */
186 sasl->authused = SASL_AUTH_NONE; /* No the authentication mechanism used */
187 sasl->resetprefs = TRUE; /* Reset prefmech upon AUTH parsing. */
188 sasl->mutual_auth = FALSE; /* No mutual authentication (GSSAPI only) */
189 sasl->force_ir = FALSE; /* Respect external option */
195 * This is the ONLY way to change SASL state!
197 static void state(struct SASL *sasl, struct connectdata *conn,
223 if(sasl->state != newstate)
224 infof(conn->data, "SASL %p state change from %s to %s\n",
225 (void *)sasl, names[sasl->state], names[newstate]);
230 sasl->state = newstate;
238 bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn)
245 if(sasl->authmechs & sasl->prefmech & SASL_MECH_EXTERNAL)
254 * Calculate the required login details for SASL authentication.
256 CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
270 sasl->params->service;
273 sasl->force_ir = force_ir; /* Latch for future use */
274 sasl->authused = 0; /* No mechanism used yet */
275 enabledmechs = sasl->authmechs & sasl->prefmech;
283 sasl->authused = SASL_MECH_EXTERNAL;
292 sasl->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
296 sasl->authused = SASL_MECH_GSSAPI;
304 sasl->mutual_auth,
314 sasl->authused = SASL_MECH_DIGEST_MD5;
319 sasl->authused = SASL_MECH_CRAM_MD5;
328 sasl->authused = SASL_MECH_NTLM;
340 sasl->authused = SASL_MECH_OAUTHBEARER;
352 sasl->authused = SASL_MECH_XOAUTH2;
364 sasl->authused = SASL_MECH_LOGIN;
372 sasl->authused = SASL_MECH_PLAIN;
381 if(resp && sasl->params->maxirlen &&
382 strlen(mech) + len > sasl->params->maxirlen) {
387 result = sasl->params->sendauth(conn, mech, resp);
390 state(sasl, conn, resp ? state2 : state1);
404 CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
419 sasl->params->service;
425 if(sasl->state == SASL_FINAL) {
426 if(code != sasl->params->finalcode)
429 state(sasl, conn, SASL_STOP);
433 if(sasl->state != SASL_CANCEL && sasl->state != SASL_OAUTH2_RESP &&
434 code != sasl->params->contcode) {
436 state(sasl, conn, SASL_STOP);
440 switch(sasl->state) {
462 sasl->params->getmessage(data->state.buffer, &serverdata);
470 sasl->params->getmessage(data->state.buffer, &serverdata);
493 sasl->params->getmessage(data->state.buffer, &serverdata);
509 sasl->mutual_auth, NULL,
515 sasl->params->getmessage(data->state.buffer, &serverdata);
516 if(sasl->mutual_auth) {
521 sasl->mutual_auth,
533 sasl->params->getmessage(data->state.buffer, &serverdata);
543 if(sasl->authused == SASL_MECH_OAUTHBEARER) {
562 if(code == sasl->params->finalcode) {
565 state(sasl, conn, SASL_STOP);
568 else if(code == sasl->params->contcode) {
578 state(sasl, conn, SASL_STOP);
584 sasl->authmechs ^= sasl->authused;
586 /* Start an alternative SASL authentication */
587 result = Curl_sasl_start(sasl, conn, sasl->force_ir, progress);
588 newstate = sasl->state; /* Use state from Curl_sasl_start() */
591 failf(data, "Unsupported SASL authentication mechanism");
599 result = sasl->params->sendcont(conn, "*");
604 result = sasl->params->sendcont(conn, resp);
614 state(sasl, conn, newstate);
