1 #ifndef HEADER_CURL_SASL_H 2 #define HEADER_CURL_SASL_H 3 /*************************************************************************** 4 * _ _ ____ _ 5 * Project ___| | | | _ \| | 6 * / __| | | | |_) | | 7 * | (__| |_| | _ <| |___ 8 * \___|\___/|_| \_\_____| 9 * 10 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 11 * 12 * This software is licensed as described in the file COPYING, which 13 * you should have received as part of this distribution. The terms 14 * are also available at https://curl.se/docs/copyright.html. 15 * 16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17 * copies of the Software, and permit persons to whom the Software is 18 * furnished to do so, under the terms of the COPYING file. 19 * 20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21 * KIND, either express or implied. 22 * 23 * SPDX-License-Identifier: curl 24 * 25 ***************************************************************************/ 26 27 #include <curl/curl.h> 28 29 #include "bufref.h" 30 31 struct Curl_easy; 32 struct connectdata; 33 34 /* Authentication mechanism flags */ 35 #define SASL_MECH_LOGIN (1 << 0) 36 #define SASL_MECH_PLAIN (1 << 1) 37 #define SASL_MECH_CRAM_MD5 (1 << 2) 38 #define SASL_MECH_DIGEST_MD5 (1 << 3) 39 #define SASL_MECH_GSSAPI (1 << 4) 40 #define SASL_MECH_EXTERNAL (1 << 5) 41 #define SASL_MECH_NTLM (1 << 6) 42 #define SASL_MECH_XOAUTH2 (1 << 7) 43 #define SASL_MECH_OAUTHBEARER (1 << 8) 44 #define SASL_MECH_SCRAM_SHA_1 (1 << 9) 45 #define SASL_MECH_SCRAM_SHA_256 (1 << 10) 46 47 /* Authentication mechanism values */ 48 #define SASL_AUTH_NONE 0 49 #define SASL_AUTH_ANY 0xffff 50 #define SASL_AUTH_DEFAULT (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL) 51 52 /* Authentication mechanism strings */ 53 #define SASL_MECH_STRING_LOGIN "LOGIN" 54 #define SASL_MECH_STRING_PLAIN "PLAIN" 55 #define SASL_MECH_STRING_CRAM_MD5 "CRAM-MD5" 56 #define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5" 57 #define SASL_MECH_STRING_GSSAPI "GSSAPI" 58 #define SASL_MECH_STRING_EXTERNAL "EXTERNAL" 59 #define SASL_MECH_STRING_NTLM "NTLM" 60 #define SASL_MECH_STRING_XOAUTH2 "XOAUTH2" 61 #define SASL_MECH_STRING_OAUTHBEARER "OAUTHBEARER" 62 #define SASL_MECH_STRING_SCRAM_SHA_1 "SCRAM-SHA-1" 63 #define SASL_MECH_STRING_SCRAM_SHA_256 "SCRAM-SHA-256" 64 65 /* SASL flags */ 66 #define SASL_FLAG_BASE64 0x0001 /* Messages are base64-encoded */ 67 68 /* SASL machine states */ 69 typedef enum { 70 SASL_STOP, 71 SASL_PLAIN, 72 SASL_LOGIN, 73 SASL_LOGIN_PASSWD, 74 SASL_EXTERNAL, 75 SASL_CRAMMD5, 76 SASL_DIGESTMD5, 77 SASL_DIGESTMD5_RESP, 78 SASL_NTLM, 79 SASL_NTLM_TYPE2MSG, 80 SASL_GSSAPI, 81 SASL_GSSAPI_TOKEN, 82 SASL_GSSAPI_NO_DATA, 83 SASL_OAUTH2, 84 SASL_OAUTH2_RESP, 85 SASL_GSASL, 86 SASL_CANCEL, 87 SASL_FINAL 88 } saslstate; 89 90 /* Progress indicator */ 91 typedef enum { 92 SASL_IDLE, 93 SASL_INPROGRESS, 94 SASL_DONE 95 } saslprogress; 96 97 /* Protocol dependent SASL parameters */ 98 struct SASLproto { 99 const char *service; /* The service name */ 100 CURLcode (*sendauth)(struct Curl_easy *data, const char *mech, 101 const struct bufref *ir); 102 /* Send authentication command */ 103 CURLcode (*contauth)(struct Curl_easy *data, const char *mech, 104 const struct bufref *contauth); 105 /* Send authentication continuation */ 106 CURLcode (*cancelauth)(struct Curl_easy *data, const char *mech); 107 /* Cancel authentication. */ 108 CURLcode (*getmessage)(struct Curl_easy *data, struct bufref *out); 109 /* Get SASL response message */ 110 size_t maxirlen; /* Maximum initial response + mechanism length, 111 or zero if no max. This is normally the max 112 command length - other characters count. 113 This has to be zero for non-base64 protocols. */ 114 int contcode; /* Code to receive when continuation is expected */ 115 int finalcode; /* Code to receive upon authentication success */ 116 unsigned short defmechs; /* Mechanisms enabled by default */ 117 unsigned short flags; /* Configuration flags. */ 118 }; 119 120 /* Per-connection parameters */ 121 struct SASL { 122 const struct SASLproto *params; /* Protocol dependent parameters */ 123 saslstate state; /* Current machine state */ 124 const char *curmech; /* Current mechanism id. */ 125 unsigned short authmechs; /* Accepted authentication mechanisms */ 126 unsigned short prefmech; /* Preferred authentication mechanism */ 127 unsigned short authused; /* Auth mechanism used for the connection */ 128 BIT(resetprefs); /* For URL auth option parsing. */ 129 BIT(mutual_auth); /* Mutual authentication enabled (GSSAPI only) */ 130 BIT(force_ir); /* Protocol always supports initial response */ 131 }; 132 133 /* This is used to test whether the line starts with the given mechanism */ 134 #define sasl_mech_equal(line, wordlen, mech) \ 135 (wordlen == (sizeof(mech) - 1) / sizeof(char) && \ 136 !memcmp(line, mech, wordlen)) 137 138 /* This is used to cleanup any libraries or curl modules used by the sasl 139 functions */ 140 void Curl_sasl_cleanup(struct connectdata *conn, unsigned short authused); 141 142 /* Convert a mechanism name to a token */ 143 unsigned short Curl_sasl_decode_mech(const char *ptr, 144 size_t maxlen, size_t *len); 145 146 /* Parse the URL login options */ 147 CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl, 148 const char *value, size_t len); 149 150 /* Initializes an SASL structure */ 151 void Curl_sasl_init(struct SASL *sasl, struct Curl_easy *data, 152 const struct SASLproto *params); 153 154 /* Check if we have enough auth data and capabilities to authenticate */ 155 bool Curl_sasl_can_authenticate(struct SASL *sasl, struct Curl_easy *data); 156 157 /* Calculate the required login details for SASL authentication */ 158 CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data, 159 bool force_ir, saslprogress *progress); 160 161 /* Continue an SASL authentication */ 162 CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, 163 int code, saslprogress *progress); 164 165 #endif /* HEADER_CURL_SASL_H */ 166