• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at https://curl.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  * SPDX-License-Identifier: curl
22  *
23  * RFC4616 PLAIN authentication
24  * Draft   LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
25  *
26  ***************************************************************************/
27 
28 #include "curl_setup.h"
29 
30 #if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) ||       \
31   !defined(CURL_DISABLE_POP3) || \
32   (!defined(CURL_DISABLE_LDAP) && defined(USE_OPENLDAP))
33 
34 #include <curl/curl.h>
35 #include "urldata.h"
36 
37 #include "vauth/vauth.h"
38 #include "curl_md5.h"
39 #include "warnless.h"
40 #include "strtok.h"
41 #include "sendf.h"
42 #include "curl_printf.h"
43 
44 /* The last #include files should be: */
45 #include "curl_memory.h"
46 #include "memdebug.h"
47 
48 /*
49  * Curl_auth_create_plain_message()
50  *
51  * This is used to generate an already encoded PLAIN message ready
52  * for sending to the recipient.
53  *
54  * Parameters:
55  *
56  * authzid [in]     - The authorization identity.
57  * authcid [in]     - The authentication identity.
58  * passwd  [in]     - The password.
59  * out     [out]    - The result storage.
60  *
61  * Returns CURLE_OK on success.
62  */
Curl_auth_create_plain_message(const char * authzid,const char * authcid,const char * passwd,struct bufref * out)63 CURLcode Curl_auth_create_plain_message(const char *authzid,
64                                         const char *authcid,
65                                         const char *passwd,
66                                         struct bufref *out)
67 {
68   char *plainauth;
69   size_t plainlen;
70   size_t zlen;
71   size_t clen;
72   size_t plen;
73 
74   zlen = (authzid == NULL ? 0 : strlen(authzid));
75   clen = strlen(authcid);
76   plen = strlen(passwd);
77 
78   /* Compute binary message length. Check for overflows. */
79   if((zlen > SIZE_T_MAX/4) || (clen > SIZE_T_MAX/4) ||
80      (plen > (SIZE_T_MAX/2 - 2)))
81     return CURLE_OUT_OF_MEMORY;
82   plainlen = zlen + clen + plen + 2;
83 
84   plainauth = malloc(plainlen + 1);
85   if(!plainauth)
86     return CURLE_OUT_OF_MEMORY;
87 
88   /* Calculate the reply */
89   if(zlen)
90     memcpy(plainauth, authzid, zlen);
91   plainauth[zlen] = '\0';
92   memcpy(plainauth + zlen + 1, authcid, clen);
93   plainauth[zlen + clen + 1] = '\0';
94   memcpy(plainauth + zlen + clen + 2, passwd, plen);
95   plainauth[plainlen] = '\0';
96   Curl_bufref_set(out, plainauth, plainlen, curl_free);
97   return CURLE_OK;
98 }
99 
100 /*
101  * Curl_auth_create_login_message()
102  *
103  * This is used to generate an already encoded LOGIN message containing the
104  * user name or password ready for sending to the recipient.
105  *
106  * Parameters:
107  *
108  * valuep  [in]     - The user name or user's password.
109  * out     [out]    - The result storage.
110  *
111  * Returns CURLE_OK on success.
112  */
Curl_auth_create_login_message(const char * valuep,struct bufref * out)113 CURLcode Curl_auth_create_login_message(const char *valuep, struct bufref *out)
114 {
115   Curl_bufref_set(out, valuep, strlen(valuep), NULL);
116   return CURLE_OK;
117 }
118 
119 /*
120  * Curl_auth_create_external_message()
121  *
122  * This is used to generate an already encoded EXTERNAL message containing
123  * the user name ready for sending to the recipient.
124  *
125  * Parameters:
126  *
127  * user    [in]     - The user name.
128  * out     [out]    - The result storage.
129  *
130  * Returns CURLE_OK on success.
131  */
Curl_auth_create_external_message(const char * user,struct bufref * out)132 CURLcode Curl_auth_create_external_message(const char *user,
133                                            struct bufref *out)
134 {
135   /* This is the same formatting as the login message */
136   return Curl_auth_create_login_message(user, out);
137 }
138 
139 #endif /* if no users */
140