1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.haxx.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * RFC4616 PLAIN authentication
22 * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
23 *
24 ***************************************************************************/
25
26 #include "curl_setup.h"
27
28 #include <curl/curl.h>
29 #include "urldata.h"
30
31 #include "vauth/vauth.h"
32 #include "curl_base64.h"
33 #include "curl_md5.h"
34 #include "warnless.h"
35 #include "strtok.h"
36 #include "strequal.h"
37 #include "rawstr.h"
38 #include "sendf.h"
39 #include "curl_printf.h"
40
41 /* The last #include files should be: */
42 #include "curl_memory.h"
43 #include "memdebug.h"
44
45 /*
46 * Curl_auth_create_plain_message()
47 *
48 * This is used to generate an already encoded PLAIN message ready
49 * for sending to the recipient.
50 *
51 * Parameters:
52 *
53 * data [in] - The session handle.
54 * userp [in] - The user name.
55 * passdwp [in] - The user's password.
56 * outptr [in/out] - The address where a pointer to newly allocated memory
57 * holding the result will be stored upon completion.
58 * outlen [out] - The length of the output message.
59 *
60 * Returns CURLE_OK on success.
61 */
Curl_auth_create_plain_message(struct Curl_easy * data,const char * userp,const char * passwdp,char ** outptr,size_t * outlen)62 CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
63 const char *userp,
64 const char *passwdp,
65 char **outptr, size_t *outlen)
66 {
67 CURLcode result;
68 char *plainauth;
69 size_t ulen;
70 size_t plen;
71
72 ulen = strlen(userp);
73 plen = strlen(passwdp);
74
75 plainauth = malloc(2 * ulen + plen + 2);
76 if(!plainauth) {
77 *outlen = 0;
78 *outptr = NULL;
79 return CURLE_OUT_OF_MEMORY;
80 }
81
82 /* Calculate the reply */
83 memcpy(plainauth, userp, ulen);
84 plainauth[ulen] = '\0';
85 memcpy(plainauth + ulen + 1, userp, ulen);
86 plainauth[2 * ulen + 1] = '\0';
87 memcpy(plainauth + 2 * ulen + 2, passwdp, plen);
88
89 /* Base64 encode the reply */
90 result = Curl_base64_encode(data, plainauth, 2 * ulen + plen + 2, outptr,
91 outlen);
92 free(plainauth);
93
94 return result;
95 }
96
97 /*
98 * Curl_auth_create_login_message()
99 *
100 * This is used to generate an already encoded LOGIN message containing the
101 * user name or password ready for sending to the recipient.
102 *
103 * Parameters:
104 *
105 * data [in] - The session handle.
106 * valuep [in] - The user name or user's password.
107 * outptr [in/out] - The address where a pointer to newly allocated memory
108 * holding the result will be stored upon completion.
109 * outlen [out] - The length of the output message.
110 *
111 * Returns CURLE_OK on success.
112 */
Curl_auth_create_login_message(struct Curl_easy * data,const char * valuep,char ** outptr,size_t * outlen)113 CURLcode Curl_auth_create_login_message(struct Curl_easy *data,
114 const char *valuep, char **outptr,
115 size_t *outlen)
116 {
117 size_t vlen = strlen(valuep);
118
119 if(!vlen) {
120 /* Calculate an empty reply */
121 *outptr = strdup("=");
122 if(*outptr) {
123 *outlen = (size_t) 1;
124 return CURLE_OK;
125 }
126
127 *outlen = 0;
128 return CURLE_OUT_OF_MEMORY;
129 }
130
131 /* Base64 encode the value */
132 return Curl_base64_encode(data, valuep, vlen, outptr, outlen);
133 }
134
135 /*
136 * Curl_auth_create_external_message()
137 *
138 * This is used to generate an already encoded EXTERNAL message containing
139 * the user name ready for sending to the recipient.
140 *
141 * Parameters:
142 *
143 * data [in] - The session handle.
144 * user [in] - The user name.
145 * outptr [in/out] - The address where a pointer to newly allocated memory
146 * holding the result will be stored upon completion.
147 * outlen [out] - The length of the output message.
148 *
149 * Returns CURLE_OK on success.
150 */
Curl_auth_create_external_message(struct Curl_easy * data,const char * user,char ** outptr,size_t * outlen)151 CURLcode Curl_auth_create_external_message(struct Curl_easy *data,
152 const char *user, char **outptr,
153 size_t *outlen)
154 {
155 /* This is the same formatting as the login message */
156 return Curl_auth_create_login_message(data, user, outptr, outlen);
157 }
158