[337] | 1 | /***************************************************************************
|
---|
| 2 | * _ _ ____ _
|
---|
| 3 | * Project ___| | | | _ \| |
|
---|
| 4 | * / __| | | | |_) | |
|
---|
| 5 | * | (__| |_| | _ <| |___
|
---|
| 6 | * \___|\___/|_| \_\_____|
|
---|
| 7 | *
|
---|
| 8 | * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
|
---|
| 9 | *
|
---|
| 10 | * This software is licensed as described in the file COPYING, which
|
---|
| 11 | * you should have received as part of this distribution. The terms
|
---|
| 12 | * are also available at https://curl.haxx.se/docs/copyright.html.
|
---|
| 13 | *
|
---|
| 14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
---|
| 15 | * copies of the Software, and permit persons to whom the Software is
|
---|
| 16 | * furnished to do so, under the terms of the COPYING file.
|
---|
| 17 | *
|
---|
| 18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
---|
| 19 | * KIND, either express or implied.
|
---|
| 20 | *
|
---|
| 21 | * RFC4616 PLAIN authentication
|
---|
| 22 | * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
|
---|
| 23 | *
|
---|
| 24 | ***************************************************************************/
|
---|
| 25 |
|
---|
| 26 | #include "curl_setup.h"
|
---|
| 27 |
|
---|
| 28 | #include <curl/curl.h>
|
---|
| 29 | #include "urldata.h"
|
---|
| 30 |
|
---|
| 31 | #include "vauth/vauth.h"
|
---|
| 32 | #include "curl_base64.h"
|
---|
| 33 | #include "curl_md5.h"
|
---|
| 34 | #include "warnless.h"
|
---|
| 35 | #include "strtok.h"
|
---|
| 36 | #include "sendf.h"
|
---|
| 37 | #include "curl_printf.h"
|
---|
| 38 |
|
---|
| 39 | /* The last #include files should be: */
|
---|
| 40 | #include "curl_memory.h"
|
---|
| 41 | #include "memdebug.h"
|
---|
| 42 |
|
---|
| 43 | /*
|
---|
| 44 | * Curl_auth_create_plain_message()
|
---|
| 45 | *
|
---|
| 46 | * This is used to generate an already encoded PLAIN message ready
|
---|
| 47 | * for sending to the recipient.
|
---|
| 48 | *
|
---|
| 49 | * Parameters:
|
---|
| 50 | *
|
---|
| 51 | * data [in] - The session handle.
|
---|
| 52 | * userp [in] - The user name.
|
---|
| 53 | * passdwp [in] - The user's password.
|
---|
| 54 | * outptr [in/out] - The address where a pointer to newly allocated memory
|
---|
| 55 | * holding the result will be stored upon completion.
|
---|
| 56 | * outlen [out] - The length of the output message.
|
---|
| 57 | *
|
---|
| 58 | * Returns CURLE_OK on success.
|
---|
| 59 | */
|
---|
| 60 | CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
|
---|
| 61 | const char *userp,
|
---|
| 62 | const char *passwdp,
|
---|
| 63 | char **outptr, size_t *outlen)
|
---|
| 64 | {
|
---|
| 65 | CURLcode result;
|
---|
| 66 | char *plainauth;
|
---|
| 67 | size_t ulen;
|
---|
| 68 | size_t plen;
|
---|
| 69 | size_t plainlen;
|
---|
| 70 |
|
---|
| 71 | *outlen = 0;
|
---|
| 72 | *outptr = NULL;
|
---|
| 73 | ulen = strlen(userp);
|
---|
| 74 | plen = strlen(passwdp);
|
---|
| 75 |
|
---|
| 76 | /* Compute binary message length, checking for overflows. */
|
---|
| 77 | plainlen = 2 * ulen;
|
---|
| 78 | if(plainlen < ulen)
|
---|
| 79 | return CURLE_OUT_OF_MEMORY;
|
---|
| 80 | plainlen += plen;
|
---|
| 81 | if(plainlen < plen)
|
---|
| 82 | return CURLE_OUT_OF_MEMORY;
|
---|
| 83 | plainlen += 2;
|
---|
| 84 | if(plainlen < 2)
|
---|
| 85 | return CURLE_OUT_OF_MEMORY;
|
---|
| 86 |
|
---|
| 87 | plainauth = malloc(plainlen);
|
---|
| 88 | if(!plainauth)
|
---|
| 89 | return CURLE_OUT_OF_MEMORY;
|
---|
| 90 |
|
---|
| 91 | /* Calculate the reply */
|
---|
| 92 | memcpy(plainauth, userp, ulen);
|
---|
| 93 | plainauth[ulen] = '\0';
|
---|
| 94 | memcpy(plainauth + ulen + 1, userp, ulen);
|
---|
| 95 | plainauth[2 * ulen + 1] = '\0';
|
---|
| 96 | memcpy(plainauth + 2 * ulen + 2, passwdp, plen);
|
---|
| 97 |
|
---|
| 98 | /* Base64 encode the reply */
|
---|
| 99 | result = Curl_base64_encode(data, plainauth, plainlen, outptr, outlen);
|
---|
| 100 | free(plainauth);
|
---|
| 101 |
|
---|
| 102 | return result;
|
---|
| 103 | }
|
---|
| 104 |
|
---|
| 105 | /*
|
---|
| 106 | * Curl_auth_create_login_message()
|
---|
| 107 | *
|
---|
| 108 | * This is used to generate an already encoded LOGIN message containing the
|
---|
| 109 | * user name or password ready for sending to the recipient.
|
---|
| 110 | *
|
---|
| 111 | * Parameters:
|
---|
| 112 | *
|
---|
| 113 | * data [in] - The session handle.
|
---|
| 114 | * valuep [in] - The user name or user's password.
|
---|
| 115 | * outptr [in/out] - The address where a pointer to newly allocated memory
|
---|
| 116 | * holding the result will be stored upon completion.
|
---|
| 117 | * outlen [out] - The length of the output message.
|
---|
| 118 | *
|
---|
| 119 | * Returns CURLE_OK on success.
|
---|
| 120 | */
|
---|
| 121 | CURLcode Curl_auth_create_login_message(struct Curl_easy *data,
|
---|
| 122 | const char *valuep, char **outptr,
|
---|
| 123 | size_t *outlen)
|
---|
| 124 | {
|
---|
| 125 | size_t vlen = strlen(valuep);
|
---|
| 126 |
|
---|
| 127 | if(!vlen) {
|
---|
| 128 | /* Calculate an empty reply */
|
---|
| 129 | *outptr = strdup("=");
|
---|
| 130 | if(*outptr) {
|
---|
| 131 | *outlen = (size_t) 1;
|
---|
| 132 | return CURLE_OK;
|
---|
| 133 | }
|
---|
| 134 |
|
---|
| 135 | *outlen = 0;
|
---|
| 136 | return CURLE_OUT_OF_MEMORY;
|
---|
| 137 | }
|
---|
| 138 |
|
---|
| 139 | /* Base64 encode the value */
|
---|
| 140 | return Curl_base64_encode(data, valuep, vlen, outptr, outlen);
|
---|
| 141 | }
|
---|
| 142 |
|
---|
| 143 | /*
|
---|
| 144 | * Curl_auth_create_external_message()
|
---|
| 145 | *
|
---|
| 146 | * This is used to generate an already encoded EXTERNAL message containing
|
---|
| 147 | * the user name ready for sending to the recipient.
|
---|
| 148 | *
|
---|
| 149 | * Parameters:
|
---|
| 150 | *
|
---|
| 151 | * data [in] - The session handle.
|
---|
| 152 | * user [in] - The user name.
|
---|
| 153 | * outptr [in/out] - The address where a pointer to newly allocated memory
|
---|
| 154 | * holding the result will be stored upon completion.
|
---|
| 155 | * outlen [out] - The length of the output message.
|
---|
| 156 | *
|
---|
| 157 | * Returns CURLE_OK on success.
|
---|
| 158 | */
|
---|
| 159 | CURLcode Curl_auth_create_external_message(struct Curl_easy *data,
|
---|
| 160 | const char *user, char **outptr,
|
---|
| 161 | size_t *outlen)
|
---|
| 162 | {
|
---|
| 163 | /* This is the same formatting as the login message */
|
---|
| 164 | return Curl_auth_create_login_message(data, user, outptr, outlen);
|
---|
| 165 | }
|
---|