1 #ifndef HEADER_CURL_SASL_H 2 #define HEADER_CURL_SASL_H 3 /*************************************************************************** 4 * _ _ ____ _ 5 * Project ___| | | | _ \| | 6 * / __| | | | |_) | | 7 * | (__| |_| | _ <| |___ 8 * \___|\___/|_| \_\_____| 9 * 10 * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. 11 * 12 * This software is licensed as described in the file COPYING, which 13 * you should have received as part of this distribution. The terms 14 * are also available at https://curl.se/docs/copyright.html. 15 * 16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17 * copies of the Software, and permit persons to whom the Software is 18 * furnished to do so, under the terms of the COPYING file. 19 * 20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21 * KIND, either express or implied. 22 * 23 ***************************************************************************/ 24 25 #include <curl/curl.h> 26 27 #include "bufref.h" 28 29 struct Curl_easy; 30 struct connectdata; 31 32 /* Authentication mechanism flags */ 33 #define SASL_MECH_LOGIN (1 << 0) 34 #define SASL_MECH_PLAIN (1 << 1) 35 #define SASL_MECH_CRAM_MD5 (1 << 2) 36 #define SASL_MECH_DIGEST_MD5 (1 << 3) 37 #define SASL_MECH_GSSAPI (1 << 4) 38 #define SASL_MECH_EXTERNAL (1 << 5) 39 #define SASL_MECH_NTLM (1 << 6) 40 #define SASL_MECH_XOAUTH2 (1 << 7) 41 #define SASL_MECH_OAUTHBEARER (1 << 8) 42 #define SASL_MECH_SCRAM_SHA_1 (1 << 9) 43 #define SASL_MECH_SCRAM_SHA_256 (1 << 10) 44 45 /* Authentication mechanism values */ 46 #define SASL_AUTH_NONE 0 47 #define SASL_AUTH_ANY 0xffff 48 #define SASL_AUTH_DEFAULT (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL) 49 50 /* Authentication mechanism strings */ 51 #define SASL_MECH_STRING_LOGIN "LOGIN" 52 #define SASL_MECH_STRING_PLAIN "PLAIN" 53 #define SASL_MECH_STRING_CRAM_MD5 "CRAM-MD5" 54 #define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5" 55 #define SASL_MECH_STRING_GSSAPI "GSSAPI" 56 #define SASL_MECH_STRING_EXTERNAL "EXTERNAL" 57 #define SASL_MECH_STRING_NTLM "NTLM" 58 #define SASL_MECH_STRING_XOAUTH2 "XOAUTH2" 59 #define SASL_MECH_STRING_OAUTHBEARER "OAUTHBEARER" 60 #define SASL_MECH_STRING_SCRAM_SHA_1 "SCRAM-SHA-1" 61 #define SASL_MECH_STRING_SCRAM_SHA_256 "SCRAM-SHA-256" 62 63 /* SASL flags */ 64 #define SASL_FLAG_BASE64 0x0001 /* Messages are base64-encoded */ 65 66 /* SASL machine states */ 67 typedef enum { 68 SASL_STOP, 69 SASL_PLAIN, 70 SASL_LOGIN, 71 SASL_LOGIN_PASSWD, 72 SASL_EXTERNAL, 73 SASL_CRAMMD5, 74 SASL_DIGESTMD5, 75 SASL_DIGESTMD5_RESP, 76 SASL_NTLM, 77 SASL_NTLM_TYPE2MSG, 78 SASL_GSSAPI, 79 SASL_GSSAPI_TOKEN, 80 SASL_GSSAPI_NO_DATA, 81 SASL_OAUTH2, 82 SASL_OAUTH2_RESP, 83 SASL_GSASL, 84 SASL_CANCEL, 85 SASL_FINAL 86 } saslstate; 87 88 /* Progress indicator */ 89 typedef enum { 90 SASL_IDLE, 91 SASL_INPROGRESS, 92 SASL_DONE 93 } saslprogress; 94 95 /* Protocol dependent SASL parameters */ 96 struct SASLproto { 97 const char *service; /* The service name */ 98 CURLcode (*sendauth)(struct Curl_easy *data, const char *mech, 99 const struct bufref *ir); 100 /* Send authentication command */ 101 CURLcode (*contauth)(struct Curl_easy *data, const char *mech, 102 const struct bufref *contauth); 103 /* Send authentication continuation */ 104 CURLcode (*cancelauth)(struct Curl_easy *data, const char *mech); 105 /* Cancel authentication. */ 106 CURLcode (*getmessage)(struct Curl_easy *data, struct bufref *out); 107 /* Get SASL response message */ 108 size_t maxirlen; /* Maximum initial response + mechanism length, 109 or zero if no max. This is normally the max 110 command length - other characters count. 111 This has to be zero for non-base64 protocols. */ 112 int contcode; /* Code to receive when continuation is expected */ 113 int finalcode; /* Code to receive upon authentication success */ 114 unsigned short defmechs; /* Mechanisms enabled by default */ 115 unsigned short flags; /* Configuration flags. */ 116 }; 117 118 /* Per-connection parameters */ 119 struct SASL { 120 const struct SASLproto *params; /* Protocol dependent parameters */ 121 saslstate state; /* Current machine state */ 122 const char *curmech; /* Current mechanism id. */ 123 unsigned short authmechs; /* Accepted authentication mechanisms */ 124 unsigned short prefmech; /* Preferred authentication mechanism */ 125 unsigned short authused; /* Auth mechanism used for the connection */ 126 bool resetprefs; /* For URL auth option parsing. */ 127 bool mutual_auth; /* Mutual authentication enabled (GSSAPI only) */ 128 bool force_ir; /* Protocol always supports initial response */ 129 }; 130 131 /* This is used to test whether the line starts with the given mechanism */ 132 #define sasl_mech_equal(line, wordlen, mech) \ 133 (wordlen == (sizeof(mech) - 1) / sizeof(char) && \ 134 !memcmp(line, mech, wordlen)) 135 136 /* This is used to cleanup any libraries or curl modules used by the sasl 137 functions */ 138 void Curl_sasl_cleanup(struct connectdata *conn, unsigned short authused); 139 140 /* Convert a mechanism name to a token */ 141 unsigned short Curl_sasl_decode_mech(const char *ptr, 142 size_t maxlen, size_t *len); 143 144 /* Parse the URL login options */ 145 CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl, 146 const char *value, size_t len); 147 148 /* Initializes an SASL structure */ 149 void Curl_sasl_init(struct SASL *sasl, struct Curl_easy *data, 150 const struct SASLproto *params); 151 152 /* Check if we have enough auth data and capabilities to authenticate */ 153 bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn); 154 155 /* Calculate the required login details for SASL authentication */ 156 CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data, 157 bool force_ir, saslprogress *progress); 158 159 /* Continue an SASL authentication */ 160 CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, 161 int code, saslprogress *progress); 162 163 #endif /* HEADER_CURL_SASL_H */ 164