1 #ifndef HEADER_CURL_VAUTH_H 2 #define HEADER_CURL_VAUTH_H 3 /*************************************************************************** 4 * _ _ ____ _ 5 * Project ___| | | | _ \| | 6 * / __| | | | |_) | | 7 * | (__| |_| | _ <| |___ 8 * \___|\___/|_| \_\_____| 9 * 10 * Copyright (C) Steve Holme, <steve_holme@hotmail.com>. 11 * 12 * This software is licensed as described in the file COPYING, which 13 * you should have received as part of this distribution. The terms 14 * are also available at https://curl.se/docs/copyright.html. 15 * 16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17 * copies of the Software, and permit persons to whom the Software is 18 * furnished to do so, under the terms of the COPYING file. 19 * 20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21 * KIND, either express or implied. 22 * 23 * SPDX-License-Identifier: curl 24 * 25 ***************************************************************************/ 26 27 #include <curl/curl.h> 28 29 #include "bufref.h" 30 31 struct Curl_easy; 32 33 #if !defined(CURL_DISABLE_DIGEST_AUTH) 34 struct digestdata; 35 #endif 36 37 #if defined(USE_NTLM) 38 struct ntlmdata; 39 #endif 40 41 #if defined(USE_KERBEROS5) 42 struct kerberos5data; 43 #endif 44 45 #if (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)) && defined(USE_SPNEGO) 46 struct negotiatedata; 47 #endif 48 49 #if defined(USE_GSASL) 50 struct gsasldata; 51 #endif 52 53 #if defined(USE_WINDOWS_SSPI) 54 #define GSS_ERROR(status) ((status) & 0x80000000) 55 #endif 56 57 /* 58 * Curl_auth_allowed_to_host() tells if authentication, cookies or other 59 * "sensitive data" can (still) be sent to this host. 60 */ 61 bool Curl_auth_allowed_to_host(struct Curl_easy *data); 62 63 /* This is used to build a SPN string */ 64 #if !defined(USE_WINDOWS_SSPI) 65 char *Curl_auth_build_spn(const char *service, const char *host, 66 const char *realm); 67 #else 68 TCHAR *Curl_auth_build_spn(const char *service, const char *host, 69 const char *realm); 70 #endif 71 72 /* This is used to test if the user contains a Windows domain name */ 73 bool Curl_auth_user_contains_domain(const char *user); 74 75 /* This is used to generate a PLAIN cleartext message */ 76 CURLcode Curl_auth_create_plain_message(const char *authzid, 77 const char *authcid, 78 const char *passwd, 79 struct bufref *out); 80 81 /* This is used to generate a LOGIN cleartext message */ 82 CURLcode Curl_auth_create_login_message(const char *value, 83 struct bufref *out); 84 85 /* This is used to generate an EXTERNAL cleartext message */ 86 CURLcode Curl_auth_create_external_message(const char *user, 87 struct bufref *out); 88 89 #ifndef CURL_DISABLE_DIGEST_AUTH 90 /* This is used to generate a CRAM-MD5 response message */ 91 CURLcode Curl_auth_create_cram_md5_message(const struct bufref *chlg, 92 const char *userp, 93 const char *passwdp, 94 struct bufref *out); 95 96 /* This is used to evaluate if DIGEST is supported */ 97 bool Curl_auth_is_digest_supported(void); 98 99 /* This is used to generate a base64 encoded DIGEST-MD5 response message */ 100 CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, 101 const struct bufref *chlg, 102 const char *userp, 103 const char *passwdp, 104 const char *service, 105 struct bufref *out); 106 107 /* This is used to decode an HTTP DIGEST challenge message */ 108 CURLcode Curl_auth_decode_digest_http_message(const char *chlg, 109 struct digestdata *digest); 110 111 /* This is used to generate an HTTP DIGEST response message */ 112 CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, 113 const char *userp, 114 const char *passwdp, 115 const unsigned char *request, 116 const unsigned char *uri, 117 struct digestdata *digest, 118 char **outptr, size_t *outlen); 119 120 /* This is used to clean up the digest specific data */ 121 void Curl_auth_digest_cleanup(struct digestdata *digest); 122 #endif /* !CURL_DISABLE_DIGEST_AUTH */ 123 124 #ifdef USE_GSASL 125 /* This is used to evaluate if MECH is supported by gsasl */ 126 bool Curl_auth_gsasl_is_supported(struct Curl_easy *data, 127 const char *mech, 128 struct gsasldata *gsasl); 129 /* This is used to start a gsasl method */ 130 CURLcode Curl_auth_gsasl_start(struct Curl_easy *data, 131 const char *userp, 132 const char *passwdp, 133 struct gsasldata *gsasl); 134 135 /* This is used to process and generate a new SASL token */ 136 CURLcode Curl_auth_gsasl_token(struct Curl_easy *data, 137 const struct bufref *chlg, 138 struct gsasldata *gsasl, 139 struct bufref *out); 140 141 /* This is used to clean up the gsasl specific data */ 142 void Curl_auth_gsasl_cleanup(struct gsasldata *digest); 143 #endif 144 145 #if defined(USE_NTLM) 146 /* This is used to evaluate if NTLM is supported */ 147 bool Curl_auth_is_ntlm_supported(void); 148 149 /* This is used to generate a base64 encoded NTLM type-1 message */ 150 CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, 151 const char *userp, 152 const char *passwdp, 153 const char *service, 154 const char *host, 155 struct ntlmdata *ntlm, 156 struct bufref *out); 157 158 /* This is used to decode a base64 encoded NTLM type-2 message */ 159 CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data, 160 const struct bufref *type2, 161 struct ntlmdata *ntlm); 162 163 /* This is used to generate a base64 encoded NTLM type-3 message */ 164 CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, 165 const char *userp, 166 const char *passwdp, 167 struct ntlmdata *ntlm, 168 struct bufref *out); 169 170 /* This is used to clean up the NTLM specific data */ 171 void Curl_auth_cleanup_ntlm(struct ntlmdata *ntlm); 172 #endif /* USE_NTLM */ 173 174 /* This is used to generate a base64 encoded OAuth 2.0 message */ 175 CURLcode Curl_auth_create_oauth_bearer_message(const char *user, 176 const char *host, 177 const long port, 178 const char *bearer, 179 struct bufref *out); 180 181 /* This is used to generate a base64 encoded XOAuth 2.0 message */ 182 CURLcode Curl_auth_create_xoauth_bearer_message(const char *user, 183 const char *bearer, 184 struct bufref *out); 185 186 #if defined(USE_KERBEROS5) 187 /* This is used to evaluate if GSSAPI (Kerberos V5) is supported */ 188 bool Curl_auth_is_gssapi_supported(void); 189 190 /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token 191 message */ 192 CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, 193 const char *userp, 194 const char *passwdp, 195 const char *service, 196 const char *host, 197 const bool mutual, 198 const struct bufref *chlg, 199 struct kerberos5data *krb5, 200 struct bufref *out); 201 202 /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) security 203 token message */ 204 CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, 205 const char *authzid, 206 const struct bufref *chlg, 207 struct kerberos5data *krb5, 208 struct bufref *out); 209 210 /* This is used to clean up the GSSAPI specific data */ 211 void Curl_auth_cleanup_gssapi(struct kerberos5data *krb5); 212 #endif /* USE_KERBEROS5 */ 213 214 #if defined(USE_SPNEGO) 215 /* This is used to evaluate if SPNEGO (Negotiate) is supported */ 216 bool Curl_auth_is_spnego_supported(void); 217 218 /* This is used to decode a base64 encoded SPNEGO (Negotiate) challenge 219 message */ 220 CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, 221 const char *user, 222 const char *password, 223 const char *service, 224 const char *host, 225 const char *chlg64, 226 struct negotiatedata *nego); 227 228 /* This is used to generate a base64 encoded SPNEGO (Negotiate) response 229 message */ 230 CURLcode Curl_auth_create_spnego_message(struct negotiatedata *nego, 231 char **outptr, size_t *outlen); 232 233 /* This is used to clean up the SPNEGO specific data */ 234 void Curl_auth_cleanup_spnego(struct negotiatedata *nego); 235 236 #endif /* USE_SPNEGO */ 237 238 #endif /* HEADER_CURL_VAUTH_H */ 239