1 #ifndef HEADER_CURL_SASL_H
2 #define HEADER_CURL_SASL_H
3 /***************************************************************************
5 * Project ___| | | | _ \| |
7 * | (__| |_| | _ <| |___
8 * \___|\___/|_| \_\_____|
10 * Copyright (C) 2012 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
12 * This software is licensed as described in the file COPYING, which
13 * you should have received as part of this distribution. The terms
14 * are also available at https://curl.haxx.se/docs/copyright.html.
16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
17 * copies of the Software, and permit persons to whom the Software is
18 * furnished to do so, under the terms of the COPYING file.
20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
21 * KIND, either express or implied.
23 ***************************************************************************/
25 #include <curl/curl.h>
30 #if !defined(CURL_DISABLE_CRYPTO_AUTH)
38 #if defined(USE_KERBEROS5)
42 /* Authentication mechanism flags */
43 #define SASL_MECH_LOGIN (1 << 0)
44 #define SASL_MECH_PLAIN (1 << 1)
45 #define SASL_MECH_CRAM_MD5 (1 << 2)
46 #define SASL_MECH_DIGEST_MD5 (1 << 3)
47 #define SASL_MECH_GSSAPI (1 << 4)
48 #define SASL_MECH_EXTERNAL (1 << 5)
49 #define SASL_MECH_NTLM (1 << 6)
50 #define SASL_MECH_XOAUTH2 (1 << 7)
51 #define SASL_MECH_OAUTHBEARER (1 << 8)
53 /* Authentication mechanism values */
54 #define SASL_AUTH_NONE 0
55 #define SASL_AUTH_ANY ~0U
56 #define SASL_AUTH_DEFAULT (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL)
58 /* Authentication mechanism strings */
59 #define SASL_MECH_STRING_LOGIN "LOGIN"
60 #define SASL_MECH_STRING_PLAIN "PLAIN"
61 #define SASL_MECH_STRING_CRAM_MD5 "CRAM-MD5"
62 #define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5"
63 #define SASL_MECH_STRING_GSSAPI "GSSAPI"
64 #define SASL_MECH_STRING_EXTERNAL "EXTERNAL"
65 #define SASL_MECH_STRING_NTLM "NTLM"
66 #define SASL_MECH_STRING_XOAUTH2 "XOAUTH2"
67 #define SASL_MECH_STRING_OAUTHBEARER "OAUTHBEARER"
69 #if !defined(CURL_DISABLE_CRYPTO_AUTH)
70 #define DIGEST_MAX_VALUE_LENGTH 256
71 #define DIGEST_MAX_CONTENT_LENGTH 1024
76 CURLDIGESTALGO_MD5SESS
79 /* SASL machine states */
100 /* Progress indicator */
107 /* Protocol dependent SASL parameters */
109 const char *service; /* The service name */
110 int contcode; /* Code to receive when continuation is expected */
111 int finalcode; /* Code to receive upon authentication success */
112 size_t maxirlen; /* Maximum initial response length */
113 CURLcode (*sendauth)(struct connectdata *conn,
114 const char *mech, const char *ir);
115 /* Send authentication command */
116 CURLcode (*sendcont)(struct connectdata *conn, const char *contauth);
117 /* Send authentication continuation */
118 void (*getmessage)(char *buffer, char **outptr);
119 /* Get SASL response message */
122 /* Per-connection parameters */
124 const struct SASLproto *params; /* Protocol dependent parameters */
125 saslstate state; /* Current machine state */
126 unsigned int authmechs; /* Accepted authentication mechanisms */
127 unsigned int prefmech; /* Preferred authentication mechanism */
128 unsigned int authused; /* Auth mechanism used for the connection */
129 bool resetprefs; /* For URL auth option parsing. */
130 bool mutual_auth; /* Mutual authentication enabled (GSSAPI only) */
131 bool force_ir; /* Protocol always supports initial response */
134 /* This is used to test whether the line starts with the given mechanism */
135 #define sasl_mech_equal(line, wordlen, mech) \
136 (wordlen == (sizeof(mech) - 1) / sizeof(char) && \
137 !memcmp(line, mech, wordlen))
139 /* This is used to build a SPN string */
140 #if !defined(USE_WINDOWS_SSPI)
141 char *Curl_sasl_build_spn(const char *service, const char *instance);
143 TCHAR *Curl_sasl_build_spn(const char *service, const char *instance);
146 #if defined(HAVE_GSSAPI)
147 char *Curl_sasl_build_gssapi_spn(const char *service, const char *instance);
150 #ifndef CURL_DISABLE_CRYPTO_AUTH
151 /* This is used to extract the realm from a challenge message */
152 bool Curl_sasl_digest_get_pair(const char *str, char *value, char *content,
153 const char **endptr);
155 /* This is used to generate a base64 encoded DIGEST-MD5 response message */
156 CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
161 char **outptr, size_t *outlen);
163 /* This is used to decode a HTTP DIGEST challenge message */
164 CURLcode Curl_sasl_decode_digest_http_message(const char *chlg,
165 struct digestdata *digest);
167 /* This is used to generate a HTTP DIGEST response message */
168 CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data,
171 const unsigned char *request,
172 const unsigned char *uri,
173 struct digestdata *digest,
174 char **outptr, size_t *outlen);
176 /* This is used to clean up the digest specific data */
177 void Curl_sasl_digest_cleanup(struct digestdata *digest);
181 /* This is used to generate a base64 encoded NTLM type-1 message */
182 CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
184 struct ntlmdata *ntlm,
188 /* This is used to decode a base64 encoded NTLM type-2 message */
189 CURLcode Curl_sasl_decode_ntlm_type2_message(struct SessionHandle *data,
190 const char *type2msg,
191 struct ntlmdata *ntlm);
193 /* This is used to generate a base64 encoded NTLM type-3 message */
194 CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
197 struct ntlmdata *ntlm,
198 char **outptr, size_t *outlen);
200 /* This is used to clean up the ntlm specific data */
201 void Curl_sasl_ntlm_cleanup(struct ntlmdata *ntlm);
203 #endif /* USE_NTLM */
205 #if defined(USE_KERBEROS5)
206 /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token
208 CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data,
214 struct kerberos5data *krb5,
215 char **outptr, size_t *outlen);
217 /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) security
219 CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
221 struct kerberos5data *krb5,
225 /* This is used to clean up the gssapi specific data */
226 void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5);
227 #endif /* USE_KERBEROS5 */
229 /* This is used to cleanup any libraries or curl modules used by the sasl
231 void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused);
233 /* Convert a mechanism name to a token */
234 unsigned int Curl_sasl_decode_mech(const char *ptr,
235 size_t maxlen, size_t *len);
237 /* Parse the URL login options */
238 CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl,
239 const char *value, size_t len);
241 /* Initializes an SASL structure */
242 void Curl_sasl_init(struct SASL *sasl, const struct SASLproto *params);
244 /* Check if we have enough auth data and capabilities to authenticate */
245 bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn);
247 /* Calculate the required login details for SASL authentication */
248 CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
249 bool force_ir, saslprogress *progress);
251 /* Continue an SASL authentication */
252 CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
253 int code, saslprogress *progress);
255 #endif /* HEADER_CURL_SASL_H */