1 /***************************************************************************
3 * Project ___| | | | _ \| |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
8 * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at http://curl.haxx.se/docs/copyright.html.
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
21 * RFC2195 CRAM-MD5 authentication
22 * RFC2831 DIGEST-MD5 authentication
23 * RFC4422 Simple Authentication and Security Layer (SASL)
24 * RFC4616 PLAIN authentication
25 * RFC6749 OAuth 2.0 Authorization Framework
26 * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
28 ***************************************************************************/
30 #include "curl_setup.h"
32 #include <curl/curl.h>
35 #include "curl_base64.h"
37 #include "vtls/vtls.h"
38 #include "curl_hmac.h"
39 #include "curl_ntlm_msgs.h"
40 #include "curl_sasl.h"
42 #include "curl_memory.h"
45 #include "vtls/nssg.h" /* for Curl_nss_force_init() */
48 #define _MPRINTF_REPLACE /* use our functions only */
49 #include <curl/mprintf.h>
51 /* The last #include file should be: */
54 #ifndef CURL_DISABLE_CRYPTO_AUTH
55 /* Retrieves the value for a corresponding key from the challenge string
56 * returns TRUE if the key could be found, FALSE if it does not exists
58 static bool sasl_digest_get_key_value(const char *chlg,
67 find_pos = strstr(chlg, key);
71 find_pos += strlen(key);
73 for(i = 0; *find_pos && *find_pos != end_char && i < max_val_len - 1; ++i)
74 value[i] = *find_pos++;
82 * Curl_sasl_create_plain_message()
84 * This is used to generate an already encoded PLAIN message ready
85 * for sending to the recipient.
89 * data [in] - The session handle.
90 * userp [in] - The user name.
91 * passdwp [in] - The user's password.
92 * outptr [in/out] - The address where a pointer to newly allocated memory
93 * holding the result will be stored upon completion.
94 * outlen [out] - The length of the output message.
96 * Returns CURLE_OK on success.
98 CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,
101 char **outptr, size_t *outlen)
108 ulen = strlen(userp);
109 plen = strlen(passwdp);
111 plainauth = malloc(2 * ulen + plen + 2);
115 return CURLE_OUT_OF_MEMORY;
118 /* Calculate the reply */
119 memcpy(plainauth, userp, ulen);
120 plainauth[ulen] = '\0';
121 memcpy(plainauth + ulen + 1, userp, ulen);
122 plainauth[2 * ulen + 1] = '\0';
123 memcpy(plainauth + 2 * ulen + 2, passwdp, plen);
125 /* Base64 encode the reply */
126 result = Curl_base64_encode(data, plainauth, 2 * ulen + plen + 2, outptr,
128 Curl_safefree(plainauth);
133 * Curl_sasl_create_login_message()
135 * This is used to generate an already encoded LOGIN message containing the
136 * user name or password ready for sending to the recipient.
140 * data [in] - The session handle.
141 * valuep [in] - The user name or user's password.
142 * outptr [in/out] - The address where a pointer to newly allocated memory
143 * holding the result will be stored upon completion.
144 * outlen [out] - The length of the output message.
146 * Returns CURLE_OK on success.
148 CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
149 const char *valuep, char **outptr,
152 size_t vlen = strlen(valuep);
155 /* Calculate an empty reply */
156 *outptr = strdup("=");
158 *outlen = (size_t) 1;
163 return CURLE_OUT_OF_MEMORY;
166 /* Base64 encode the value */
167 return Curl_base64_encode(data, valuep, vlen, outptr, outlen);
170 #ifndef CURL_DISABLE_CRYPTO_AUTH
172 * Curl_sasl_decode_cram_md5_message()
174 * This is used to decode an already encoded CRAM-MD5 challenge message.
178 * chlg64 [in] - Pointer to the base64 encoded challenge message.
179 * outptr [in/out] - The address where a pointer to newly allocated memory
180 * holding the result will be stored upon completion.
181 * outlen [out] - The length of the output message.
183 * Returns CURLE_OK on success.
185 CURLcode Curl_sasl_decode_cram_md5_message(const char *chlg64, char **outptr,
188 CURLcode result = CURLE_OK;
189 size_t chlg64len = strlen(chlg64);
194 /* Decode the challenge if necessary */
195 if(chlg64len && *chlg64 != '=')
196 result = Curl_base64_decode(chlg64, (unsigned char **) outptr, outlen);
202 * Curl_sasl_create_cram_md5_message()
204 * This is used to generate an already encoded CRAM-MD5 response message ready
205 * for sending to the recipient.
209 * data [in] - The session handle.
210 * chlg [in] - The challenge.
211 * userp [in] - The user name.
212 * passdwp [in] - The user's password.
213 * outptr [in/out] - The address where a pointer to newly allocated memory
214 * holding the result will be stored upon completion.
215 * outlen [out] - The length of the output message.
217 * Returns CURLE_OK on success.
219 CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
223 char **outptr, size_t *outlen)
225 CURLcode result = CURLE_OK;
228 unsigned char digest[MD5_DIGEST_LEN];
232 chlglen = strlen(chlg);
234 /* Compute the digest using the password as the key */
235 ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
236 (const unsigned char *) passwdp,
237 curlx_uztoui(strlen(passwdp)));
239 return CURLE_OUT_OF_MEMORY;
241 /* Update the digest with the given challenge */
243 Curl_HMAC_update(ctxt, (const unsigned char *) chlg,
244 curlx_uztoui(chlglen));
246 /* Finalise the digest */
247 Curl_HMAC_final(ctxt, digest);
249 /* Generate the response */
251 "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
252 userp, digest[0], digest[1], digest[2], digest[3], digest[4],
253 digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
254 digest[11], digest[12], digest[13], digest[14], digest[15]);
256 return CURLE_OUT_OF_MEMORY;
258 /* Base64 encode the response */
259 result = Curl_base64_encode(data, response, 0, outptr, outlen);
261 Curl_safefree(response);
266 #ifndef USE_WINDOWS_SSPI
268 * sasl_decode_digest_md5_message()
270 * This is used internally to decode an already encoded DIGEST-MD5 challenge
271 * message into the seperate attributes.
275 * chlg64 [in] - Pointer to the base64 encoded challenge message.
276 * nonce [in/out] - The buffer where the nonce will be stored.
277 * nlen [in] - The length of the nonce buffer.
278 * realm [in/out] - The buffer where the realm will be stored.
279 * rlen [in] - The length of the realm buffer.
280 * alg [in/out] - The buffer where the algorithm will be stored.
281 * alen [in] - The length of the algorithm buffer.
283 * Returns CURLE_OK on success.
285 static CURLcode sasl_decode_digest_md5_message(const char *chlg64,
286 char *nonce, size_t nlen,
287 char *realm, size_t rlen,
288 char *alg, size_t alen)
290 CURLcode result = CURLE_OK;
291 unsigned char *chlg = NULL;
293 size_t chlg64len = strlen(chlg64);
295 /* Decode the base-64 encoded challenge message */
296 if(chlg64len && *chlg64 != '=') {
297 result = Curl_base64_decode(chlg64, &chlg, &chlglen);
302 /* Ensure we have a valid challenge message */
304 return CURLE_BAD_CONTENT_ENCODING;
306 /* Retrieve nonce string from the challenge */
307 if(!sasl_digest_get_key_value((char *)chlg, "nonce=\"", nonce, nlen, '\"')) {
309 return CURLE_BAD_CONTENT_ENCODING;
312 /* Retrieve realm string from the challenge */
313 if(!sasl_digest_get_key_value((char *)chlg, "realm=\"", realm, rlen, '\"')) {
314 /* Challenge does not have a realm, set empty string [RFC2831] page 6 */
318 /* Retrieve algorithm string from the challenge */
319 if(!sasl_digest_get_key_value((char *)chlg, "algorithm=", alg, alen, ',')) {
321 return CURLE_BAD_CONTENT_ENCODING;
330 * Curl_sasl_create_digest_md5_message()
332 * This is used to generate an already encoded DIGEST-MD5 response message
333 * ready for sending to the recipient.
337 * data [in] - The session handle.
338 * chlg64 [in] - Pointer to the base64 encoded challenge message.
339 * userp [in] - The user name.
340 * passdwp [in] - The user's password.
341 * service [in] - The service type such as www, smtp, pop or imap.
342 * outptr [in/out] - The address where a pointer to newly allocated memory
343 * holding the result will be stored upon completion.
344 * outlen [out] - The length of the output message.
346 * Returns CURLE_OK on success.
348 CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
353 char **outptr, size_t *outlen)
356 static const char table16[] = "0123456789abcdef";
358 CURLcode result = CURLE_OK;
361 char *response = NULL;
362 unsigned char digest[MD5_DIGEST_LEN];
363 char HA1_hex[2 * MD5_DIGEST_LEN + 1];
364 char HA2_hex[2 * MD5_DIGEST_LEN + 1];
365 char resp_hash_hex[2 * MD5_DIGEST_LEN + 1];
370 char nonceCount[] = "00000001";
371 char cnonce[] = "12345678"; /* will be changed */
372 char method[] = "AUTHENTICATE";
376 /* Decode the challange message */
377 result = sasl_decode_digest_md5_message(chlg64, nonce, sizeof(nonce),
378 realm, sizeof(realm),
379 algorithm, sizeof(algorithm));
383 /* We only support md5 sessions */
384 if(strcmp(algorithm, "md5-sess") != 0)
385 return CURLE_BAD_CONTENT_ENCODING;
388 /* Generate 64 bits of random data */
389 for(i = 0; i < 8; i++)
390 cnonce[i] = table16[Curl_rand(data)%16];
393 /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */
394 ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
396 return CURLE_OUT_OF_MEMORY;
398 Curl_MD5_update(ctxt, (const unsigned char *) userp,
399 curlx_uztoui(strlen(userp)));
400 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
401 Curl_MD5_update(ctxt, (const unsigned char *) realm,
402 curlx_uztoui(strlen(realm)));
403 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
404 Curl_MD5_update(ctxt, (const unsigned char *) passwdp,
405 curlx_uztoui(strlen(passwdp)));
406 Curl_MD5_final(ctxt, digest);
408 ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
410 return CURLE_OUT_OF_MEMORY;
412 Curl_MD5_update(ctxt, (const unsigned char *) digest, MD5_DIGEST_LEN);
413 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
414 Curl_MD5_update(ctxt, (const unsigned char *) nonce,
415 curlx_uztoui(strlen(nonce)));
416 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
417 Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
418 curlx_uztoui(strlen(cnonce)));
419 Curl_MD5_final(ctxt, digest);
421 /* Convert calculated 16 octet hex into 32 bytes string */
422 for(i = 0; i < MD5_DIGEST_LEN; i++)
423 snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]);
425 /* Prepare the URL string */
426 snprintf(uri, sizeof(uri), "%s/%s", service, realm);
428 /* Calculate H(A2) */
429 ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
431 return CURLE_OUT_OF_MEMORY;
433 Curl_MD5_update(ctxt, (const unsigned char *) method,
434 curlx_uztoui(strlen(method)));
435 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
436 Curl_MD5_update(ctxt, (const unsigned char *) uri,
437 curlx_uztoui(strlen(uri)));
438 Curl_MD5_final(ctxt, digest);
440 for(i = 0; i < MD5_DIGEST_LEN; i++)
441 snprintf(&HA2_hex[2 * i], 3, "%02x", digest[i]);
443 /* Now calculate the response hash */
444 ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
446 return CURLE_OUT_OF_MEMORY;
448 Curl_MD5_update(ctxt, (const unsigned char *) HA1_hex, 2 * MD5_DIGEST_LEN);
449 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
450 Curl_MD5_update(ctxt, (const unsigned char *) nonce,
451 curlx_uztoui(strlen(nonce)));
452 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
454 Curl_MD5_update(ctxt, (const unsigned char *) nonceCount,
455 curlx_uztoui(strlen(nonceCount)));
456 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
457 Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
458 curlx_uztoui(strlen(cnonce)));
459 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
460 Curl_MD5_update(ctxt, (const unsigned char *) qop,
461 curlx_uztoui(strlen(qop)));
462 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
464 Curl_MD5_update(ctxt, (const unsigned char *) HA2_hex, 2 * MD5_DIGEST_LEN);
465 Curl_MD5_final(ctxt, digest);
467 for(i = 0; i < MD5_DIGEST_LEN; i++)
468 snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]);
470 /* Generate the response */
471 response = aprintf("username=\"%s\",realm=\"%s\",nonce=\"%s\","
472 "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s",
474 cnonce, nonceCount, uri, resp_hash_hex);
476 return CURLE_OUT_OF_MEMORY;
478 /* Base64 encode the response */
479 result = Curl_base64_encode(data, response, 0, outptr, outlen);
481 Curl_safefree(response);
485 #endif /* USE_WINDOWS_SSPI */
487 #endif /* CURL_DISABLE_CRYPTO_AUTH */
491 * Curl_sasl_create_ntlm_type1_message()
493 * This is used to generate an already encoded NTLM type-1 message ready for
494 * sending to the recipient.
496 * Note: This is a simple wrapper of the NTLM function which means that any
497 * SASL based protocols don't have to include the NTLM functions directly.
501 * userp [in] - The user name in the format User or Domain\User.
502 * passdwp [in] - The user's password.
503 * ntlm [in/out] - The ntlm data struct being used and modified.
504 * outptr [in/out] - The address where a pointer to newly allocated memory
505 * holding the result will be stored upon completion.
506 * outlen [out] - The length of the output message.
508 * Returns CURLE_OK on success.
510 CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
512 struct ntlmdata *ntlm,
513 char **outptr, size_t *outlen)
515 return Curl_ntlm_create_type1_message(userp, passwdp, ntlm, outptr, outlen);
519 * Curl_sasl_decode_ntlm_type2_message()
521 * This is used to decode an already encoded NTLM type-2 message.
525 * data [in] - Pointer to session handle.
526 * type2msg [in] - Pointer to the base64 encoded type-2 message.
527 * ntlm [in/out] - The ntlm data struct being used and modified.
529 * Returns CURLE_OK on success.
531 CURLcode Curl_sasl_decode_ntlm_type2_message(struct SessionHandle *data,
532 const char *type2msg,
533 struct ntlmdata *ntlm)
538 /* make sure the crypto backend is initialized */
539 result = Curl_nss_force_init(data);
544 return Curl_ntlm_decode_type2_message(data, type2msg, ntlm);
548 * Curl_sasl_create_ntlm_type3_message()
550 * This is used to generate an already encoded NTLM type-3 message ready for
551 * sending to the recipient.
555 * data [in] - Pointer to session handle.
556 * userp [in] - The user name in the format User or Domain\User.
557 * passdwp [in] - The user's password.
558 * ntlm [in/out] - The ntlm data struct being used and modified.
559 * outptr [in/out] - The address where a pointer to newly allocated memory
560 * holding the result will be stored upon completion.
561 * outlen [out] - The length of the output message.
563 * Returns CURLE_OK on success.
565 CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
568 struct ntlmdata *ntlm,
569 char **outptr, size_t *outlen)
571 return Curl_ntlm_create_type3_message(data, userp, passwdp, ntlm, outptr,
574 #endif /* USE_NTLM */
577 * Curl_sasl_create_xoauth2_message()
579 * This is used to generate an already encoded OAuth 2.0 message ready for
580 * sending to the recipient.
584 * data [in] - The session handle.
585 * user [in] - The user name.
586 * bearer [in] - The bearer token.
587 * outptr [in/out] - The address where a pointer to newly allocated memory
588 * holding the result will be stored upon completion.
589 * outlen [out] - The length of the output message.
591 * Returns CURLE_OK on success.
593 CURLcode Curl_sasl_create_xoauth2_message(struct SessionHandle *data,
596 char **outptr, size_t *outlen)
598 CURLcode result = CURLE_OK;
601 /* Generate the message */
602 xoauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer);
604 return CURLE_OUT_OF_MEMORY;
606 /* Base64 encode the reply */
607 result = Curl_base64_encode(data, xoauth, strlen(xoauth), outptr, outlen);
609 Curl_safefree(xoauth);
615 * Curl_sasl_cleanup()
617 * This is used to cleanup any libraries or curl modules used by the sasl
622 * conn [in] - Pointer to the connection data.
623 * authused [in] - The authentication mechanism used.
625 void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
628 /* Cleanup the ntlm structure */
629 if(authused == SASL_MECH_NTLM) {
630 Curl_ntlm_sspi_cleanup(&conn->ntlm);
634 /* Reserved for future use */