1 /*************************************************************************** 2 * _ _ ____ _ 3 * Project ___| | | | _ \| | 4 * / __| | | | |_) | | 5 * | (__| |_| | _ <| |___ 6 * \___|\___/|_| \_\_____| 7 * 8 * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel (at) haxx.se>, et al. 9 * 10 * This software is licensed as described in the file COPYING, which 11 * you should have received as part of this distribution. The terms 12 * are also available at https://curl.haxx.se/docs/copyright.html. 13 * 14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 15 * copies of the Software, and permit persons to whom the Software is 16 * furnished to do so, under the terms of the COPYING file. 17 * 18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 19 * KIND, either express or implied. 20 * 21 * RFC4616 PLAIN authentication 22 * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt> 23 * 24 ***************************************************************************/ 25 26 #include "curl_setup.h" 27 28 #include <curl/curl.h> 29 #include "urldata.h" 30 31 #include "vauth/vauth.h" 32 #include "curl_base64.h" 33 #include "curl_md5.h" 34 #include "warnless.h" 35 #include "strtok.h" 36 #include "sendf.h" 37 #include "curl_printf.h" 38 39 /* The last #include files should be: */ 40 #include "curl_memory.h" 41 #include "memdebug.h" 42 43 /* 44 * Curl_auth_create_plain_message() 45 * 46 * This is used to generate an already encoded PLAIN message ready 47 * for sending to the recipient. 48 * 49 * Parameters: 50 * 51 * data [in] - The session handle. 52 * userp [in] - The user name. 53 * passdwp [in] - The user's password. 54 * outptr [in/out] - The address where a pointer to newly allocated memory 55 * holding the result will be stored upon completion. 56 * outlen [out] - The length of the output message. 57 * 58 * Returns CURLE_OK on success. 59 */ 60 CURLcode Curl_auth_create_plain_message(struct Curl_easy *data, 61 const char *userp, 62 const char *passwdp, 63 char **outptr, size_t *outlen) 64 { 65 CURLcode result; 66 char *plainauth; 67 size_t ulen; 68 size_t plen; 69 size_t plainlen; 70 71 *outlen = 0; 72 *outptr = NULL; 73 ulen = strlen(userp); 74 plen = strlen(passwdp); 75 76 /* Compute binary message length, checking for overflows. */ 77 plainlen = 2 * ulen; 78 if(plainlen < ulen) 79 return CURLE_OUT_OF_MEMORY; 80 plainlen += plen; 81 if(plainlen < plen) 82 return CURLE_OUT_OF_MEMORY; 83 plainlen += 2; 84 if(plainlen < 2) 85 return CURLE_OUT_OF_MEMORY; 86 87 plainauth = malloc(plainlen); 88 if(!plainauth) 89 return CURLE_OUT_OF_MEMORY; 90 91 /* Calculate the reply */ 92 memcpy(plainauth, userp, ulen); 93 plainauth[ulen] = '\0'; 94 memcpy(plainauth + ulen + 1, userp, ulen); 95 plainauth[2 * ulen + 1] = '\0'; 96 memcpy(plainauth + 2 * ulen + 2, passwdp, plen); 97 98 /* Base64 encode the reply */ 99 result = Curl_base64_encode(data, plainauth, plainlen, outptr, outlen); 100 free(plainauth); 101 102 return result; 103 } 104 105 /* 106 * Curl_auth_create_login_message() 107 * 108 * This is used to generate an already encoded LOGIN message containing the 109 * user name or password ready for sending to the recipient. 110 * 111 * Parameters: 112 * 113 * data [in] - The session handle. 114 * valuep [in] - The user name or user's password. 115 * outptr [in/out] - The address where a pointer to newly allocated memory 116 * holding the result will be stored upon completion. 117 * outlen [out] - The length of the output message. 118 * 119 * Returns CURLE_OK on success. 120 */ 121 CURLcode Curl_auth_create_login_message(struct Curl_easy *data, 122 const char *valuep, char **outptr, 123 size_t *outlen) 124 { 125 size_t vlen = strlen(valuep); 126 127 if(!vlen) { 128 /* Calculate an empty reply */ 129 *outptr = strdup("="); 130 if(*outptr) { 131 *outlen = (size_t) 1; 132 return CURLE_OK; 133 } 134 135 *outlen = 0; 136 return CURLE_OUT_OF_MEMORY; 137 } 138 139 /* Base64 encode the value */ 140 return Curl_base64_encode(data, valuep, vlen, outptr, outlen); 141 } 142 143 /* 144 * Curl_auth_create_external_message() 145 * 146 * This is used to generate an already encoded EXTERNAL message containing 147 * the user name ready for sending to the recipient. 148 * 149 * Parameters: 150 * 151 * data [in] - The session handle. 152 * user [in] - The user name. 153 * outptr [in/out] - The address where a pointer to newly allocated memory 154 * holding the result will be stored upon completion. 155 * outlen [out] - The length of the output message. 156 * 157 * Returns CURLE_OK on success. 158 */ 159 CURLcode Curl_auth_create_external_message(struct Curl_easy *data, 160 const char *user, char **outptr, 161 size_t *outlen) 162 { 163 /* This is the same formatting as the login message */ 164 return Curl_auth_create_login_message(data, user, outptr, outlen); 165 } 166