My Project
curl_sasl.h
1 #ifndef HEADER_CURL_SASL_H
2 #define HEADER_CURL_SASL_H
3 /***************************************************************************
4  * _ _ ____ _
5  * Project ___| | | | _ \| |
6  * / __| | | | |_) | |
7  * | (__| |_| | _ <| |___
8  * \___|\___/|_| \_\_____|
9  *
10  * Copyright (C) 2012 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
11  *
12  * This software is licensed as described in the file COPYING, which
13  * you should have received as part of this distribution. The terms
14  * are also available at https://curl.haxx.se/docs/copyright.html.
15  *
16  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
17  * copies of the Software, and permit persons to whom the Software is
18  * furnished to do so, under the terms of the COPYING file.
19  *
20  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
21  * KIND, either express or implied.
22  *
23  ***************************************************************************/
24 
25 #include <curl/curl.h>
26 
27 struct SessionHandle;
28 struct connectdata;
29 
30 #if !defined(CURL_DISABLE_CRYPTO_AUTH)
31 struct digestdata;
32 #endif
33 
34 #if defined(USE_NTLM)
35 struct ntlmdata;
36 #endif
37 
38 #if defined(USE_KERBEROS5)
39 struct kerberos5data;
40 #endif
41 
42 /* Authentication mechanism flags */
43 #define SASL_MECH_LOGIN (1 << 0)
44 #define SASL_MECH_PLAIN (1 << 1)
45 #define SASL_MECH_CRAM_MD5 (1 << 2)
46 #define SASL_MECH_DIGEST_MD5 (1 << 3)
47 #define SASL_MECH_GSSAPI (1 << 4)
48 #define SASL_MECH_EXTERNAL (1 << 5)
49 #define SASL_MECH_NTLM (1 << 6)
50 #define SASL_MECH_XOAUTH2 (1 << 7)
51 #define SASL_MECH_OAUTHBEARER (1 << 8)
52 
53 /* Authentication mechanism values */
54 #define SASL_AUTH_NONE 0
55 #define SASL_AUTH_ANY ~0U
56 #define SASL_AUTH_DEFAULT (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL)
57 
58 /* Authentication mechanism strings */
59 #define SASL_MECH_STRING_LOGIN "LOGIN"
60 #define SASL_MECH_STRING_PLAIN "PLAIN"
61 #define SASL_MECH_STRING_CRAM_MD5 "CRAM-MD5"
62 #define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5"
63 #define SASL_MECH_STRING_GSSAPI "GSSAPI"
64 #define SASL_MECH_STRING_EXTERNAL "EXTERNAL"
65 #define SASL_MECH_STRING_NTLM "NTLM"
66 #define SASL_MECH_STRING_XOAUTH2 "XOAUTH2"
67 #define SASL_MECH_STRING_OAUTHBEARER "OAUTHBEARER"
68 
69 #if !defined(CURL_DISABLE_CRYPTO_AUTH)
70 #define DIGEST_MAX_VALUE_LENGTH 256
71 #define DIGEST_MAX_CONTENT_LENGTH 1024
72 #endif
73 
74 enum {
75  CURLDIGESTALGO_MD5,
76  CURLDIGESTALGO_MD5SESS
77 };
78 
79 /* SASL machine states */
80 typedef enum {
81  SASL_STOP,
82  SASL_PLAIN,
83  SASL_LOGIN,
84  SASL_LOGIN_PASSWD,
85  SASL_EXTERNAL,
86  SASL_CRAMMD5,
87  SASL_DIGESTMD5,
88  SASL_DIGESTMD5_RESP,
89  SASL_NTLM,
90  SASL_NTLM_TYPE2MSG,
91  SASL_GSSAPI,
92  SASL_GSSAPI_TOKEN,
93  SASL_GSSAPI_NO_DATA,
94  SASL_OAUTH2,
95  SASL_OAUTH2_RESP,
96  SASL_CANCEL,
97  SASL_FINAL
98 } saslstate;
99 
100 /* Progress indicator */
101 typedef enum {
102  SASL_IDLE,
103  SASL_INPROGRESS,
104  SASL_DONE
105 } saslprogress;
106 
107 /* Protocol dependent SASL parameters */
108 struct SASLproto {
109  const char *service; /* The service name */
110  int contcode; /* Code to receive when continuation is expected */
111  int finalcode; /* Code to receive upon authentication success */
112  size_t maxirlen; /* Maximum initial response length */
113  CURLcode (*sendauth)(struct connectdata *conn,
114  const char *mech, const char *ir);
115  /* Send authentication command */
116  CURLcode (*sendcont)(struct connectdata *conn, const char *contauth);
117  /* Send authentication continuation */
118  void (*getmessage)(char *buffer, char **outptr);
119  /* Get SASL response message */
120 };
121 
122 /* Per-connection parameters */
123 struct SASL {
124  const struct SASLproto *params; /* Protocol dependent parameters */
125  saslstate state; /* Current machine state */
126  unsigned int authmechs; /* Accepted authentication mechanisms */
127  unsigned int prefmech; /* Preferred authentication mechanism */
128  unsigned int authused; /* Auth mechanism used for the connection */
129  bool resetprefs; /* For URL auth option parsing. */
130  bool mutual_auth; /* Mutual authentication enabled (GSSAPI only) */
131  bool force_ir; /* Protocol always supports initial response */
132 };
133 
134 /* This is used to test whether the line starts with the given mechanism */
135 #define sasl_mech_equal(line, wordlen, mech) \
136  (wordlen == (sizeof(mech) - 1) / sizeof(char) && \
137  !memcmp(line, mech, wordlen))
138 
139 /* This is used to build a SPN string */
140 #if !defined(USE_WINDOWS_SSPI)
141 char *Curl_sasl_build_spn(const char *service, const char *instance);
142 #else
143 TCHAR *Curl_sasl_build_spn(const char *service, const char *instance);
144 #endif
145 
146 #if defined(HAVE_GSSAPI)
147 char *Curl_sasl_build_gssapi_spn(const char *service, const char *instance);
148 #endif
149 
150 #ifndef CURL_DISABLE_CRYPTO_AUTH
151 /* This is used to extract the realm from a challenge message */
152 int Curl_sasl_digest_get_pair(const char *str, char *value, char *content,
153  const char **endptr);
154 
155 /* This is used to generate a base64 encoded DIGEST-MD5 response message */
156 CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
157  const char *chlg64,
158  const char *userp,
159  const char *passwdp,
160  const char *service,
161  char **outptr, size_t *outlen);
162 
163 /* This is used to decode a HTTP DIGEST challenge message */
164 CURLcode Curl_sasl_decode_digest_http_message(const char *chlg,
165  struct digestdata *digest);
166 
167 /* This is used to generate a HTTP DIGEST response message */
168 CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data,
169  const char *userp,
170  const char *passwdp,
171  const unsigned char *request,
172  const unsigned char *uri,
173  struct digestdata *digest,
174  char **outptr, size_t *outlen);
175 
176 /* This is used to clean up the digest specific data */
177 void Curl_sasl_digest_cleanup(struct digestdata *digest);
178 #endif
179 
180 #ifdef USE_NTLM
181 /* This is used to generate a base64 encoded NTLM type-1 message */
182 CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
183  const char *passwdp,
184  struct ntlmdata *ntlm,
185  char **outptr,
186  size_t *outlen);
187 
188 /* This is used to decode a base64 encoded NTLM type-2 message */
189 CURLcode Curl_sasl_decode_ntlm_type2_message(struct SessionHandle *data,
190  const char *type2msg,
191  struct ntlmdata *ntlm);
192 
193 /* This is used to generate a base64 encoded NTLM type-3 message */
194 CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
195  const char *userp,
196  const char *passwdp,
197  struct ntlmdata *ntlm,
198  char **outptr, size_t *outlen);
199 
200 /* This is used to clean up the ntlm specific data */
201 void Curl_sasl_ntlm_cleanup(struct ntlmdata *ntlm);
202 
203 #endif /* USE_NTLM */
204 
205 #if defined(USE_KERBEROS5)
206 /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token
207  message */
208 CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data,
209  const char *userp,
210  const char *passwdp,
211  const char *service,
212  const bool mutual,
213  const char *chlg64,
214  struct kerberos5data *krb5,
215  char **outptr, size_t *outlen);
216 
217 /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) security
218  token message */
219 CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data,
220  const char *input,
221  struct kerberos5data *krb5,
222  char **outptr,
223  size_t *outlen);
224 
225 /* This is used to clean up the gssapi specific data */
226 void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5);
227 #endif /* USE_KERBEROS5 */
228 
229 /* This is used to cleanup any libraries or curl modules used by the sasl
230  functions */
231 void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused);
232 
233 /* Convert a mechanism name to a token */
234 unsigned int Curl_sasl_decode_mech(const char *ptr,
235  size_t maxlen, size_t *len);
236 
237 /* Parse the URL login options */
238 CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl,
239  const char *value, size_t len);
240 
241 /* Initializes an SASL structure */
242 void Curl_sasl_init(struct SASL *sasl, const struct SASLproto *params);
243 
244 /* Check if we have enough auth data and capabilities to authenticate */
245 bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn);
246 
247 /* Calculate the required login details for SASL authentication */
248 CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
249  bool force_ir, saslprogress *progress);
250 
251 /* Continue an SASL authentication */
252 CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
253  int code, saslprogress *progress);
254 
255 #endif /* HEADER_CURL_SASL_H */
SessionHandle
Definition: urldata.h:1670
SASLproto
Definition: curl_sasl.h:108
digestdata
Definition: urldata.h:385
code
Definition: inftrees.h:24
SASL
Definition: curl_sasl.h:123
connectdata
Definition: urldata.h:831
Generated by   doxygen 1.8.12