1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.haxx.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * RFC4616 PLAIN authentication
22 * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
23 *
24 ***************************************************************************/
25
26 #include "curl_setup.h"
27
28 #include <curl/curl.h>
29 #include "urldata.h"
30
31 #include "vauth/vauth.h"
32 #include "curl_base64.h"
33 #include "curl_md5.h"
34 #include "warnless.h"
35 #include "strtok.h"
36 #include "sendf.h"
37 #include "curl_printf.h"
38
39 /* The last #include files should be: */
40 #include "curl_memory.h"
41 #include "memdebug.h"
42
43 /*
44 * Curl_auth_create_plain_message()
45 *
46 * This is used to generate an already encoded PLAIN message ready
47 * for sending to the recipient.
48 *
49 * Parameters:
50 *
51 * data [in] - The session handle.
52 * userp [in] - The user name.
53 * passdwp [in] - The user's password.
54 * outptr [in/out] - The address where a pointer to newly allocated memory
55 * holding the result will be stored upon completion.
56 * outlen [out] - The length of the output message.
57 *
58 * Returns CURLE_OK on success.
59 */
Curl_auth_create_plain_message(struct Curl_easy * data,const char * userp,const char * passwdp,char ** outptr,size_t * outlen)60 CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
61 const char *userp,
62 const char *passwdp,
63 char **outptr, size_t *outlen)
64 {
65 CURLcode result;
66 char *plainauth;
67 size_t ulen;
68 size_t plen;
69 size_t plainlen;
70
71 *outlen = 0;
72 *outptr = NULL;
73 ulen = strlen(userp);
74 plen = strlen(passwdp);
75
76 /* Compute binary message length, checking for overflows. */
77 plainlen = 2 * ulen;
78 if(plainlen < ulen)
79 return CURLE_OUT_OF_MEMORY;
80 plainlen += plen;
81 if(plainlen < plen)
82 return CURLE_OUT_OF_MEMORY;
83 plainlen += 2;
84 if(plainlen < 2)
85 return CURLE_OUT_OF_MEMORY;
86
87 plainauth = malloc(plainlen);
88 if(!plainauth)
89 return CURLE_OUT_OF_MEMORY;
90
91 /* Calculate the reply */
92 memcpy(plainauth, userp, ulen);
93 plainauth[ulen] = '\0';
94 memcpy(plainauth + ulen + 1, userp, ulen);
95 plainauth[2 * ulen + 1] = '\0';
96 memcpy(plainauth + 2 * ulen + 2, passwdp, plen);
97
98 /* Base64 encode the reply */
99 result = Curl_base64_encode(data, plainauth, plainlen, outptr, outlen);
100 free(plainauth);
101
102 return result;
103 }
104
105 /*
106 * Curl_auth_create_login_message()
107 *
108 * This is used to generate an already encoded LOGIN message containing the
109 * user name or password ready for sending to the recipient.
110 *
111 * Parameters:
112 *
113 * data [in] - The session handle.
114 * valuep [in] - The user name or user's password.
115 * outptr [in/out] - The address where a pointer to newly allocated memory
116 * holding the result will be stored upon completion.
117 * outlen [out] - The length of the output message.
118 *
119 * Returns CURLE_OK on success.
120 */
Curl_auth_create_login_message(struct Curl_easy * data,const char * valuep,char ** outptr,size_t * outlen)121 CURLcode Curl_auth_create_login_message(struct Curl_easy *data,
122 const char *valuep, char **outptr,
123 size_t *outlen)
124 {
125 size_t vlen = strlen(valuep);
126
127 if(!vlen) {
128 /* Calculate an empty reply */
129 *outptr = strdup("=");
130 if(*outptr) {
131 *outlen = (size_t) 1;
132 return CURLE_OK;
133 }
134
135 *outlen = 0;
136 return CURLE_OUT_OF_MEMORY;
137 }
138
139 /* Base64 encode the value */
140 return Curl_base64_encode(data, valuep, vlen, outptr, outlen);
141 }
142
143 /*
144 * Curl_auth_create_external_message()
145 *
146 * This is used to generate an already encoded EXTERNAL message containing
147 * the user name ready for sending to the recipient.
148 *
149 * Parameters:
150 *
151 * data [in] - The session handle.
152 * user [in] - The user name.
153 * outptr [in/out] - The address where a pointer to newly allocated memory
154 * holding the result will be stored upon completion.
155 * outlen [out] - The length of the output message.
156 *
157 * Returns CURLE_OK on success.
158 */
Curl_auth_create_external_message(struct Curl_easy * data,const char * user,char ** outptr,size_t * outlen)159 CURLcode Curl_auth_create_external_message(struct Curl_easy *data,
160 const char *user, char **outptr,
161 size_t *outlen)
162 {
163 /* This is the same formatting as the login message */
164 return Curl_auth_create_login_message(data, user, outptr, outlen);
165 }
166