1 /***************************************************************************
3 * Project ___| | | | _ \| |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
8 * Copyright (C) 2012 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at http://curl.haxx.se/docs/copyright.html.
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
21 * RFC2195 CRAM-MD5 authentication
22 * RFC2831 DIGEST-MD5 authentication
23 * RFC4422 Simple Authentication and Security Layer (SASL)
24 * RFC4616 PLAIN authentication
26 ***************************************************************************/
28 #include "curl_setup.h"
30 #include <curl/curl.h>
33 #include "curl_base64.h"
36 #include "curl_hmac.h"
37 #include "curl_ntlm_msgs.h"
38 #include "curl_sasl.h"
40 #include "curl_memory.h"
42 #define _MPRINTF_REPLACE /* use our functions only */
43 #include <curl/mprintf.h>
45 /* The last #include file should be: */
48 #ifndef CURL_DISABLE_CRYPTO_AUTH
49 /* Retrieves the value for a corresponding key from the challenge string
50 * returns TRUE if the key could be found, FALSE if it does not exists
52 static bool sasl_digest_get_key_value(const unsigned char *chlg,
61 find_pos = strstr((const char *) chlg, key);
65 find_pos += strlen(key);
67 for(i = 0; *find_pos && *find_pos != end_char && i < max_val_len - 1; ++i)
68 value[i] = *find_pos++;
76 * Curl_sasl_create_plain_message()
78 * This is used to generate an already encoded PLAIN message ready
79 * for sending to the recipient.
83 * data [in] - The session handle.
84 * userp [in] - The user name.
85 * passdwp [in] - The user's password.
86 * outptr [in/out] - The address where a pointer to newly allocated memory
87 * holding the result will be stored upon completion.
88 * outlen [out] - The length of the output message.
90 * Returns CURLE_OK on success.
92 CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,
95 char **outptr, size_t *outlen)
97 char plainauth[2 * MAX_CURL_USER_LENGTH + MAX_CURL_PASSWORD_LENGTH];
101 ulen = strlen(userp);
102 plen = strlen(passwdp);
104 if(2 * ulen + plen + 2 > sizeof(plainauth)) {
108 /* Plainauth too small */
109 return CURLE_OUT_OF_MEMORY;
112 /* Calculate the reply */
113 memcpy(plainauth, userp, ulen);
114 plainauth[ulen] = '\0';
115 memcpy(plainauth + ulen + 1, userp, ulen);
116 plainauth[2 * ulen + 1] = '\0';
117 memcpy(plainauth + 2 * ulen + 2, passwdp, plen);
119 /* Base64 encode the reply */
120 return Curl_base64_encode(data, plainauth, 2 * ulen + plen + 2, outptr,
125 * Curl_sasl_create_login_message()
127 * This is used to generate an already encoded LOGIN message containing the
128 * user name or password ready for sending to the recipient.
132 * data [in] - The session handle.
133 * valuep [in] - The user name or user's password.
134 * outptr [in/out] - The address where a pointer to newly allocated memory
135 * holding the result will be stored upon completion.
136 * outlen [out] - The length of the output message.
138 * Returns CURLE_OK on success.
140 CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
141 const char *valuep, char **outptr,
144 size_t vlen = strlen(valuep);
147 /* Calculate an empty reply */
148 *outptr = strdup("=");
150 *outlen = (size_t) 1;
155 return CURLE_OUT_OF_MEMORY;
158 /* Base64 encode the value */
159 return Curl_base64_encode(data, valuep, vlen, outptr, outlen);
162 #ifndef CURL_DISABLE_CRYPTO_AUTH
164 * Curl_sasl_create_cram_md5_message()
166 * This is used to generate an already encoded CRAM-MD5 response message ready
167 * for sending to the recipient.
171 * data [in] - The session handle.
172 * chlg64 [in] - Pointer to the base64 encoded challenge buffer.
173 * userp [in] - The user name.
174 * passdwp [in] - The user's password.
175 * outptr [in/out] - The address where a pointer to newly allocated memory
176 * holding the result will be stored upon completion.
177 * outlen [out] - The length of the output message.
179 * Returns CURLE_OK on success.
181 CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
185 char **outptr, size_t *outlen)
187 CURLcode result = CURLE_OK;
188 size_t chlg64len = strlen(chlg64);
189 unsigned char *chlg = (unsigned char *) NULL;
192 unsigned char digest[MD5_DIGEST_LEN];
193 char response[MAX_CURL_USER_LENGTH + 2 * MD5_DIGEST_LEN + 1];
195 /* Decode the challenge if necessary */
196 if(chlg64len && *chlg64 != '=') {
197 result = Curl_base64_decode(chlg64, &chlg, &chlglen);
203 /* Compute the digest using the password as the key */
204 ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
205 (const unsigned char *) passwdp,
206 curlx_uztoui(strlen(passwdp)));
210 return CURLE_OUT_OF_MEMORY;
213 /* Update the digest with the given challenge */
215 Curl_HMAC_update(ctxt, chlg, curlx_uztoui(chlglen));
219 /* Finalise the digest */
220 Curl_HMAC_final(ctxt, digest);
222 /* Prepare the response */
223 snprintf(response, sizeof(response),
224 "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
225 userp, digest[0], digest[1], digest[2], digest[3], digest[4],
226 digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
227 digest[11], digest[12], digest[13], digest[14], digest[15]);
229 /* Base64 encode the reply */
230 return Curl_base64_encode(data, response, 0, outptr, outlen);
234 * Curl_sasl_create_digest_md5_message()
236 * This is used to generate an already encoded DIGEST-MD5 response message
237 * ready for sending to the recipient.
241 * data [in] - The session handle.
242 * chlg64 [in] - Pointer to the base64 encoded challenge buffer.
243 * userp [in] - The user name.
244 * passdwp [in] - The user's password.
245 * service [in] - The service type such as www, smtp or pop
246 * outptr [in/out] - The address where a pointer to newly allocated memory
247 * holding the result will be stored upon completion.
248 * outlen [out] - The length of the output message.
250 * Returns CURLE_OK on success.
252 CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
257 char **outptr, size_t *outlen)
259 static const char table16[] = "0123456789abcdef";
261 CURLcode result = CURLE_OK;
262 unsigned char *chlg = (unsigned char *) NULL;
266 unsigned char digest[MD5_DIGEST_LEN];
267 char HA1_hex[2 * MD5_DIGEST_LEN + 1];
268 char HA2_hex[2 * MD5_DIGEST_LEN + 1];
269 char resp_hash_hex[2 * MD5_DIGEST_LEN + 1];
274 char nonceCount[] = "00000001";
275 char cnonce[] = "12345678"; /* will be changed */
276 char method[] = "AUTHENTICATE";
281 result = Curl_base64_decode(chlg64, &chlg, &chlglen);
287 return CURLE_LOGIN_DENIED;
289 /* Retrieve nonce string from the challenge */
290 if(!sasl_digest_get_key_value(chlg, "nonce=\"", nonce,
291 sizeof(nonce), '\"')) {
293 return CURLE_LOGIN_DENIED;
296 /* Retrieve realm string from the challenge */
297 if(!sasl_digest_get_key_value(chlg, "realm=\"", realm,
298 sizeof(realm), '\"')) {
299 /* Challenge does not have a realm, set empty string [RFC2831] page 6 */
303 /* Retrieve algorithm string from the challenge */
304 if(!sasl_digest_get_key_value(chlg, "algorithm=", alg, sizeof(alg), ',')) {
306 return CURLE_LOGIN_DENIED;
311 /* We do not support other algorithms */
312 if(strcmp(alg, "md5-sess") != 0)
313 return CURLE_LOGIN_DENIED;
315 /* Generate 64 bits of random data */
316 for(i = 0; i < 8; i++)
317 cnonce[i] = table16[Curl_rand(data)%16];
319 /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */
320 ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
322 return CURLE_OUT_OF_MEMORY;
324 Curl_MD5_update(ctxt, (const unsigned char *) userp,
325 curlx_uztoui(strlen(userp)));
326 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
327 Curl_MD5_update(ctxt, (const unsigned char *) realm,
328 curlx_uztoui(strlen(realm)));
329 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
330 Curl_MD5_update(ctxt, (const unsigned char *) passwdp,
331 curlx_uztoui(strlen(passwdp)));
332 Curl_MD5_final(ctxt, digest);
334 ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
336 return CURLE_OUT_OF_MEMORY;
338 Curl_MD5_update(ctxt, (const unsigned char *) digest, MD5_DIGEST_LEN);
339 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
340 Curl_MD5_update(ctxt, (const unsigned char *) nonce,
341 curlx_uztoui(strlen(nonce)));
342 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
343 Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
344 curlx_uztoui(strlen(cnonce)));
345 Curl_MD5_final(ctxt, digest);
347 /* Convert calculated 16 octet hex into 32 bytes string */
348 for(i = 0; i < MD5_DIGEST_LEN; i++)
349 snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]);
351 /* Prepare the URL string */
352 snprintf(uri, sizeof(uri), "%s/%s", service, realm);
354 /* Calculate H(A2) */
355 ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
357 return CURLE_OUT_OF_MEMORY;
359 Curl_MD5_update(ctxt, (const unsigned char *) method,
360 curlx_uztoui(strlen(method)));
361 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
362 Curl_MD5_update(ctxt, (const unsigned char *) uri,
363 curlx_uztoui(strlen(uri)));
364 Curl_MD5_final(ctxt, digest);
366 for(i = 0; i < MD5_DIGEST_LEN; i++)
367 snprintf(&HA2_hex[2 * i], 3, "%02x", digest[i]);
369 /* Now calculate the response hash */
370 ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
372 return CURLE_OUT_OF_MEMORY;
374 Curl_MD5_update(ctxt, (const unsigned char *) HA1_hex, 2 * MD5_DIGEST_LEN);
375 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
376 Curl_MD5_update(ctxt, (const unsigned char *) nonce,
377 curlx_uztoui(strlen(nonce)));
378 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
380 Curl_MD5_update(ctxt, (const unsigned char *) nonceCount,
381 curlx_uztoui(strlen(nonceCount)));
382 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
383 Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
384 curlx_uztoui(strlen(cnonce)));
385 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
386 Curl_MD5_update(ctxt, (const unsigned char *) qop,
387 curlx_uztoui(strlen(qop)));
388 Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
390 Curl_MD5_update(ctxt, (const unsigned char *) HA2_hex, 2 * MD5_DIGEST_LEN);
391 Curl_MD5_final(ctxt, digest);
393 for(i = 0; i < MD5_DIGEST_LEN; i++)
394 snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]);
396 snprintf(response, sizeof(response),
397 "username=\"%s\",realm=\"%s\",nonce=\"%s\","
398 "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s",
400 cnonce, nonceCount, uri, resp_hash_hex);
402 /* Base64 encode the reply */
403 return Curl_base64_encode(data, response, 0, outptr, outlen);
409 * Curl_sasl_create_ntlm_type1_message()
411 * This is used to generate an already encoded NTLM type-1 message ready for
412 * sending to the recipient.
414 * Note: This is a simple wrapper of the NTLM function which means that any
415 * SASL based protocols don't have to include the NTLM functions directly.
419 * userp [in] - The user name in the format User or Domain\User.
420 * passdwp [in] - The user's password.
421 * ntlm [in/out] - The ntlm data struct being used and modified.
422 * outptr [in/out] - The address where a pointer to newly allocated memory
423 * holding the result will be stored upon completion.
424 * outlen [out] - The length of the output message.
426 * Returns CURLE_OK on success.
428 CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
430 struct ntlmdata *ntlm,
431 char **outptr, size_t *outlen)
433 return Curl_ntlm_create_type1_message(userp, passwdp, ntlm, outptr,
438 * Curl_sasl_create_ntlm_type3_message()
440 * This is used to generate an already encoded NTLM type-3 message ready for
441 * sending to the recipient.
445 * data [in] - Pointer to session handle.
446 * header [in] - Pointer to the base64 encoded type-2 message buffer.
447 * userp [in] - The user name in the format User or Domain\User.
448 * passdwp [in] - The user's password.
449 * ntlm [in/out] - The ntlm data struct being used and modified.
450 * outptr [in/out] - The address where a pointer to newly allocated memory
451 * holding the result will be stored upon completion.
452 * outlen [out] - The length of the output message.
454 * Returns CURLE_OK on success.
456 CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
460 struct ntlmdata *ntlm,
461 char **outptr, size_t *outlen)
463 CURLcode result = Curl_ntlm_decode_type2_message(data, header, ntlm);
466 result = Curl_ntlm_create_type3_message(data, userp, passwdp, ntlm,
471 #endif /* USE_NTLM */
474 * Curl_sasl_cleanup()
476 * This is used to cleanup any libraries or curl modules used by the sasl
481 * conn [in] - Pointer to the connection data.
482 * authused [in] - The authentication mechanism used.
484 void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
487 /* Cleanup the ntlm structure */
488 if(authused == SASL_MECH_NTLM) {
489 Curl_ntlm_sspi_cleanup(&conn->ntlm);
493 /* Reserved for future use */