1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.haxx.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * RFC4616 PLAIN authentication
22 * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
23 *
24 ***************************************************************************/
25
26 #include "curl_setup.h"
27
28 #if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \
29 !defined(CURL_DISABLE_POP3)
30
31 #include <curl/curl.h>
32 #include "urldata.h"
33
34 #include "vauth/vauth.h"
35 #include "curl_base64.h"
36 #include "curl_md5.h"
37 #include "warnless.h"
38 #include "strtok.h"
39 #include "sendf.h"
40 #include "curl_printf.h"
41
42 /* The last #include files should be: */
43 #include "curl_memory.h"
44 #include "memdebug.h"
45
46 /*
47 * Curl_auth_create_plain_message()
48 *
49 * This is used to generate an already encoded PLAIN message ready
50 * for sending to the recipient.
51 *
52 * Parameters:
53 *
54 * data [in] - The session handle.
55 * authzid [in] - The authorization identity.
56 * authcid [in] - The authentication identity.
57 * passwd [in] - The password.
58 * outptr [in/out] - The address where a pointer to newly allocated memory
59 * holding the result will be stored upon completion.
60 * outlen [out] - The length of the output message.
61 *
62 * Returns CURLE_OK on success.
63 */
Curl_auth_create_plain_message(struct Curl_easy * data,const char * authzid,const char * authcid,const char * passwd,char ** outptr,size_t * outlen)64 CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
65 const char *authzid,
66 const char *authcid,
67 const char *passwd,
68 char **outptr, size_t *outlen)
69 {
70 CURLcode result;
71 char *plainauth;
72 size_t zlen;
73 size_t clen;
74 size_t plen;
75 size_t plainlen;
76
77 *outlen = 0;
78 *outptr = NULL;
79 zlen = (authzid == NULL ? 0 : strlen(authzid));
80 clen = strlen(authcid);
81 plen = strlen(passwd);
82
83 /* Compute binary message length. Check for overflows. */
84 if(((zlen + clen) > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
85 return CURLE_OUT_OF_MEMORY;
86 plainlen = zlen + clen + plen + 2;
87
88 plainauth = malloc(plainlen);
89 if(!plainauth)
90 return CURLE_OUT_OF_MEMORY;
91
92 /* Calculate the reply */
93 if(zlen != 0)
94 memcpy(plainauth, authzid, zlen);
95 plainauth[zlen] = '\0';
96 memcpy(plainauth + zlen + 1, authcid, clen);
97 plainauth[zlen + clen + 1] = '\0';
98 memcpy(plainauth + zlen + clen + 2, passwd, plen);
99
100 /* Base64 encode the reply */
101 result = Curl_base64_encode(data, plainauth, plainlen, outptr, outlen);
102 free(plainauth);
103
104 return result;
105 }
106
107 /*
108 * Curl_auth_create_login_message()
109 *
110 * This is used to generate an already encoded LOGIN message containing the
111 * user name or password ready for sending to the recipient.
112 *
113 * Parameters:
114 *
115 * data [in] - The session handle.
116 * valuep [in] - The user name or user's password.
117 * outptr [in/out] - The address where a pointer to newly allocated memory
118 * holding the result will be stored upon completion.
119 * outlen [out] - The length of the output message.
120 *
121 * Returns CURLE_OK on success.
122 */
Curl_auth_create_login_message(struct Curl_easy * data,const char * valuep,char ** outptr,size_t * outlen)123 CURLcode Curl_auth_create_login_message(struct Curl_easy *data,
124 const char *valuep, char **outptr,
125 size_t *outlen)
126 {
127 size_t vlen = strlen(valuep);
128
129 if(!vlen) {
130 /* Calculate an empty reply */
131 *outptr = strdup("=");
132 if(*outptr) {
133 *outlen = (size_t) 1;
134 return CURLE_OK;
135 }
136
137 *outlen = 0;
138 return CURLE_OUT_OF_MEMORY;
139 }
140
141 /* Base64 encode the value */
142 return Curl_base64_encode(data, valuep, vlen, outptr, outlen);
143 }
144
145 /*
146 * Curl_auth_create_external_message()
147 *
148 * This is used to generate an already encoded EXTERNAL message containing
149 * the user name ready for sending to the recipient.
150 *
151 * Parameters:
152 *
153 * data [in] - The session handle.
154 * user [in] - The user name.
155 * outptr [in/out] - The address where a pointer to newly allocated memory
156 * holding the result will be stored upon completion.
157 * outlen [out] - The length of the output message.
158 *
159 * Returns CURLE_OK on success.
160 */
Curl_auth_create_external_message(struct Curl_easy * data,const char * user,char ** outptr,size_t * outlen)161 CURLcode Curl_auth_create_external_message(struct Curl_easy *data,
162 const char *user, char **outptr,
163 size_t *outlen)
164 {
165 /* This is the same formatting as the login message */
166 return Curl_auth_create_login_message(data, user, outptr, outlen);
167 }
168
169 #endif /* if no users */
170