• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at https://curl.haxx.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  * RFC4616 PLAIN authentication
22  * Draft   LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
23  *
24  ***************************************************************************/
25 
26 #include "curl_setup.h"
27 
28 #include <curl/curl.h>
29 #include "urldata.h"
30 
31 #include "vauth/vauth.h"
32 #include "curl_base64.h"
33 #include "curl_md5.h"
34 #include "warnless.h"
35 #include "strtok.h"
36 #include "sendf.h"
37 #include "curl_printf.h"
38 
39 /* The last #include files should be: */
40 #include "curl_memory.h"
41 #include "memdebug.h"
42 
43 /*
44  * Curl_auth_create_plain_message()
45  *
46  * This is used to generate an already encoded PLAIN message ready
47  * for sending to the recipient.
48  *
49  * Parameters:
50  *
51  * data    [in]     - The session handle.
52  * userp   [in]     - The user name.
53  * passdwp [in]     - The user's password.
54  * outptr  [in/out] - The address where a pointer to newly allocated memory
55  *                    holding the result will be stored upon completion.
56  * outlen  [out]    - The length of the output message.
57  *
58  * Returns CURLE_OK on success.
59  */
Curl_auth_create_plain_message(struct Curl_easy * data,const char * userp,const char * passwdp,char ** outptr,size_t * outlen)60 CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
61                                         const char *userp,
62                                         const char *passwdp,
63                                         char **outptr, size_t *outlen)
64 {
65   CURLcode result;
66   char *plainauth;
67   size_t ulen;
68   size_t plen;
69   size_t plainlen;
70 
71   *outlen = 0;
72   *outptr = NULL;
73   ulen = strlen(userp);
74   plen = strlen(passwdp);
75 
76   /* Compute binary message length, checking for overflows. */
77   plainlen = 2 * ulen;
78   if(plainlen < ulen)
79     return CURLE_OUT_OF_MEMORY;
80   plainlen += plen;
81   if(plainlen < plen)
82     return CURLE_OUT_OF_MEMORY;
83   plainlen += 2;
84   if(plainlen < 2)
85     return CURLE_OUT_OF_MEMORY;
86 
87   plainauth = malloc(plainlen);
88   if(!plainauth)
89     return CURLE_OUT_OF_MEMORY;
90 
91   /* Calculate the reply */
92   memcpy(plainauth, userp, ulen);
93   plainauth[ulen] = '\0';
94   memcpy(plainauth + ulen + 1, userp, ulen);
95   plainauth[2 * ulen + 1] = '\0';
96   memcpy(plainauth + 2 * ulen + 2, passwdp, plen);
97 
98   /* Base64 encode the reply */
99   result = Curl_base64_encode(data, plainauth, plainlen, outptr, outlen);
100   free(plainauth);
101 
102   return result;
103 }
104 
105 /*
106  * Curl_auth_create_login_message()
107  *
108  * This is used to generate an already encoded LOGIN message containing the
109  * user name or password ready for sending to the recipient.
110  *
111  * Parameters:
112  *
113  * data    [in]     - The session handle.
114  * valuep  [in]     - The user name or user's password.
115  * outptr  [in/out] - The address where a pointer to newly allocated memory
116  *                    holding the result will be stored upon completion.
117  * outlen  [out]    - The length of the output message.
118  *
119  * Returns CURLE_OK on success.
120  */
Curl_auth_create_login_message(struct Curl_easy * data,const char * valuep,char ** outptr,size_t * outlen)121 CURLcode Curl_auth_create_login_message(struct Curl_easy *data,
122                                         const char *valuep, char **outptr,
123                                         size_t *outlen)
124 {
125   size_t vlen = strlen(valuep);
126 
127   if(!vlen) {
128     /* Calculate an empty reply */
129     *outptr = strdup("=");
130     if(*outptr) {
131       *outlen = (size_t) 1;
132       return CURLE_OK;
133     }
134 
135     *outlen = 0;
136     return CURLE_OUT_OF_MEMORY;
137   }
138 
139   /* Base64 encode the value */
140   return Curl_base64_encode(data, valuep, vlen, outptr, outlen);
141 }
142 
143 /*
144  * Curl_auth_create_external_message()
145  *
146  * This is used to generate an already encoded EXTERNAL message containing
147  * the user name ready for sending to the recipient.
148  *
149  * Parameters:
150  *
151  * data    [in]     - The session handle.
152  * user    [in]     - The user name.
153  * outptr  [in/out] - The address where a pointer to newly allocated memory
154  *                    holding the result will be stored upon completion.
155  * outlen  [out]    - The length of the output message.
156  *
157  * Returns CURLE_OK on success.
158  */
Curl_auth_create_external_message(struct Curl_easy * data,const char * user,char ** outptr,size_t * outlen)159 CURLcode Curl_auth_create_external_message(struct Curl_easy *data,
160                                            const char *user, char **outptr,
161                                            size_t *outlen)
162 {
163   /* This is the same formatting as the login message */
164   return Curl_auth_create_login_message(data, user, outptr, outlen);
165 }
166