xref: /aosp_15_r20/external/curl/lib/curl_sasl.h (revision 6236dae45794135f37c4eb022389c904c8b0090d)
1*6236dae4SAndroid Build Coastguard Worker #ifndef HEADER_CURL_SASL_H
2*6236dae4SAndroid Build Coastguard Worker #define HEADER_CURL_SASL_H
3*6236dae4SAndroid Build Coastguard Worker /***************************************************************************
4*6236dae4SAndroid Build Coastguard Worker  *                                  _   _ ____  _
5*6236dae4SAndroid Build Coastguard Worker  *  Project                     ___| | | |  _ \| |
6*6236dae4SAndroid Build Coastguard Worker  *                             / __| | | | |_) | |
7*6236dae4SAndroid Build Coastguard Worker  *                            | (__| |_| |  _ <| |___
8*6236dae4SAndroid Build Coastguard Worker  *                             \___|\___/|_| \_\_____|
9*6236dae4SAndroid Build Coastguard Worker  *
10*6236dae4SAndroid Build Coastguard Worker  * Copyright (C) Daniel Stenberg, <[email protected]>, et al.
11*6236dae4SAndroid Build Coastguard Worker  *
12*6236dae4SAndroid Build Coastguard Worker  * This software is licensed as described in the file COPYING, which
13*6236dae4SAndroid Build Coastguard Worker  * you should have received as part of this distribution. The terms
14*6236dae4SAndroid Build Coastguard Worker  * are also available at https://curl.se/docs/copyright.html.
15*6236dae4SAndroid Build Coastguard Worker  *
16*6236dae4SAndroid Build Coastguard Worker  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
17*6236dae4SAndroid Build Coastguard Worker  * copies of the Software, and permit persons to whom the Software is
18*6236dae4SAndroid Build Coastguard Worker  * furnished to do so, under the terms of the COPYING file.
19*6236dae4SAndroid Build Coastguard Worker  *
20*6236dae4SAndroid Build Coastguard Worker  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
21*6236dae4SAndroid Build Coastguard Worker  * KIND, either express or implied.
22*6236dae4SAndroid Build Coastguard Worker  *
23*6236dae4SAndroid Build Coastguard Worker  * SPDX-License-Identifier: curl
24*6236dae4SAndroid Build Coastguard Worker  *
25*6236dae4SAndroid Build Coastguard Worker  ***************************************************************************/
26*6236dae4SAndroid Build Coastguard Worker 
27*6236dae4SAndroid Build Coastguard Worker #include <curl/curl.h>
28*6236dae4SAndroid Build Coastguard Worker 
29*6236dae4SAndroid Build Coastguard Worker #include "bufref.h"
30*6236dae4SAndroid Build Coastguard Worker 
31*6236dae4SAndroid Build Coastguard Worker struct Curl_easy;
32*6236dae4SAndroid Build Coastguard Worker struct connectdata;
33*6236dae4SAndroid Build Coastguard Worker 
34*6236dae4SAndroid Build Coastguard Worker /* Authentication mechanism flags */
35*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_LOGIN             (1 << 0)
36*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_PLAIN             (1 << 1)
37*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_CRAM_MD5          (1 << 2)
38*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_DIGEST_MD5        (1 << 3)
39*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_GSSAPI            (1 << 4)
40*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_EXTERNAL          (1 << 5)
41*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_NTLM              (1 << 6)
42*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_XOAUTH2           (1 << 7)
43*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_OAUTHBEARER       (1 << 8)
44*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_SCRAM_SHA_1       (1 << 9)
45*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_SCRAM_SHA_256     (1 << 10)
46*6236dae4SAndroid Build Coastguard Worker 
47*6236dae4SAndroid Build Coastguard Worker /* Authentication mechanism values */
48*6236dae4SAndroid Build Coastguard Worker #define SASL_AUTH_NONE          0
49*6236dae4SAndroid Build Coastguard Worker #define SASL_AUTH_ANY           0xffff
50*6236dae4SAndroid Build Coastguard Worker #define SASL_AUTH_DEFAULT       (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL)
51*6236dae4SAndroid Build Coastguard Worker 
52*6236dae4SAndroid Build Coastguard Worker /* Authentication mechanism strings */
53*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_LOGIN          "LOGIN"
54*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_PLAIN          "PLAIN"
55*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_CRAM_MD5       "CRAM-MD5"
56*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_DIGEST_MD5     "DIGEST-MD5"
57*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_GSSAPI         "GSSAPI"
58*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_EXTERNAL       "EXTERNAL"
59*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_NTLM           "NTLM"
60*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_XOAUTH2        "XOAUTH2"
61*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_OAUTHBEARER    "OAUTHBEARER"
62*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_SCRAM_SHA_1    "SCRAM-SHA-1"
63*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_SCRAM_SHA_256  "SCRAM-SHA-256"
64*6236dae4SAndroid Build Coastguard Worker 
65*6236dae4SAndroid Build Coastguard Worker /* SASL flags */
66*6236dae4SAndroid Build Coastguard Worker #define SASL_FLAG_BASE64        0x0001  /* Messages are base64-encoded */
67*6236dae4SAndroid Build Coastguard Worker 
68*6236dae4SAndroid Build Coastguard Worker /* SASL machine states */
69*6236dae4SAndroid Build Coastguard Worker typedef enum {
70*6236dae4SAndroid Build Coastguard Worker   SASL_STOP,
71*6236dae4SAndroid Build Coastguard Worker   SASL_PLAIN,
72*6236dae4SAndroid Build Coastguard Worker   SASL_LOGIN,
73*6236dae4SAndroid Build Coastguard Worker   SASL_LOGIN_PASSWD,
74*6236dae4SAndroid Build Coastguard Worker   SASL_EXTERNAL,
75*6236dae4SAndroid Build Coastguard Worker   SASL_CRAMMD5,
76*6236dae4SAndroid Build Coastguard Worker   SASL_DIGESTMD5,
77*6236dae4SAndroid Build Coastguard Worker   SASL_DIGESTMD5_RESP,
78*6236dae4SAndroid Build Coastguard Worker   SASL_NTLM,
79*6236dae4SAndroid Build Coastguard Worker   SASL_NTLM_TYPE2MSG,
80*6236dae4SAndroid Build Coastguard Worker   SASL_GSSAPI,
81*6236dae4SAndroid Build Coastguard Worker   SASL_GSSAPI_TOKEN,
82*6236dae4SAndroid Build Coastguard Worker   SASL_GSSAPI_NO_DATA,
83*6236dae4SAndroid Build Coastguard Worker   SASL_OAUTH2,
84*6236dae4SAndroid Build Coastguard Worker   SASL_OAUTH2_RESP,
85*6236dae4SAndroid Build Coastguard Worker   SASL_GSASL,
86*6236dae4SAndroid Build Coastguard Worker   SASL_CANCEL,
87*6236dae4SAndroid Build Coastguard Worker   SASL_FINAL
88*6236dae4SAndroid Build Coastguard Worker } saslstate;
89*6236dae4SAndroid Build Coastguard Worker 
90*6236dae4SAndroid Build Coastguard Worker /* Progress indicator */
91*6236dae4SAndroid Build Coastguard Worker typedef enum {
92*6236dae4SAndroid Build Coastguard Worker   SASL_IDLE,
93*6236dae4SAndroid Build Coastguard Worker   SASL_INPROGRESS,
94*6236dae4SAndroid Build Coastguard Worker   SASL_DONE
95*6236dae4SAndroid Build Coastguard Worker } saslprogress;
96*6236dae4SAndroid Build Coastguard Worker 
97*6236dae4SAndroid Build Coastguard Worker /* Protocol dependent SASL parameters */
98*6236dae4SAndroid Build Coastguard Worker struct SASLproto {
99*6236dae4SAndroid Build Coastguard Worker   const char *service;     /* The service name */
100*6236dae4SAndroid Build Coastguard Worker   CURLcode (*sendauth)(struct Curl_easy *data, const char *mech,
101*6236dae4SAndroid Build Coastguard Worker                        const struct bufref *ir);
102*6236dae4SAndroid Build Coastguard Worker                            /* Send authentication command */
103*6236dae4SAndroid Build Coastguard Worker   CURLcode (*contauth)(struct Curl_easy *data, const char *mech,
104*6236dae4SAndroid Build Coastguard Worker                        const struct bufref *contauth);
105*6236dae4SAndroid Build Coastguard Worker                            /* Send authentication continuation */
106*6236dae4SAndroid Build Coastguard Worker   CURLcode (*cancelauth)(struct Curl_easy *data, const char *mech);
107*6236dae4SAndroid Build Coastguard Worker                            /* Cancel authentication. */
108*6236dae4SAndroid Build Coastguard Worker   CURLcode (*getmessage)(struct Curl_easy *data, struct bufref *out);
109*6236dae4SAndroid Build Coastguard Worker                            /* Get SASL response message */
110*6236dae4SAndroid Build Coastguard Worker   size_t maxirlen;         /* Maximum initial response + mechanism length,
111*6236dae4SAndroid Build Coastguard Worker                               or zero if no max. This is normally the max
112*6236dae4SAndroid Build Coastguard Worker                               command length - other characters count.
113*6236dae4SAndroid Build Coastguard Worker                               This has to be zero for non-base64 protocols. */
114*6236dae4SAndroid Build Coastguard Worker   int contcode;            /* Code to receive when continuation is expected */
115*6236dae4SAndroid Build Coastguard Worker   int finalcode;           /* Code to receive upon authentication success */
116*6236dae4SAndroid Build Coastguard Worker   unsigned short defmechs; /* Mechanisms enabled by default */
117*6236dae4SAndroid Build Coastguard Worker   unsigned short flags;    /* Configuration flags. */
118*6236dae4SAndroid Build Coastguard Worker };
119*6236dae4SAndroid Build Coastguard Worker 
120*6236dae4SAndroid Build Coastguard Worker /* Per-connection parameters */
121*6236dae4SAndroid Build Coastguard Worker struct SASL {
122*6236dae4SAndroid Build Coastguard Worker   const struct SASLproto *params; /* Protocol dependent parameters */
123*6236dae4SAndroid Build Coastguard Worker   saslstate state;           /* Current machine state */
124*6236dae4SAndroid Build Coastguard Worker   const char *curmech;       /* Current mechanism id. */
125*6236dae4SAndroid Build Coastguard Worker   unsigned short authmechs;  /* Accepted authentication mechanisms */
126*6236dae4SAndroid Build Coastguard Worker   unsigned short prefmech;   /* Preferred authentication mechanism */
127*6236dae4SAndroid Build Coastguard Worker   unsigned short authused;   /* Auth mechanism used for the connection */
128*6236dae4SAndroid Build Coastguard Worker   BIT(resetprefs);           /* For URL auth option parsing. */
129*6236dae4SAndroid Build Coastguard Worker   BIT(mutual_auth);          /* Mutual authentication enabled (GSSAPI only) */
130*6236dae4SAndroid Build Coastguard Worker   BIT(force_ir);             /* Protocol always supports initial response */
131*6236dae4SAndroid Build Coastguard Worker };
132*6236dae4SAndroid Build Coastguard Worker 
133*6236dae4SAndroid Build Coastguard Worker /* This is used to test whether the line starts with the given mechanism */
134*6236dae4SAndroid Build Coastguard Worker #define sasl_mech_equal(line, wordlen, mech) \
135*6236dae4SAndroid Build Coastguard Worker   (wordlen == (sizeof(mech) - 1) / sizeof(char) && \
136*6236dae4SAndroid Build Coastguard Worker    !memcmp(line, mech, wordlen))
137*6236dae4SAndroid Build Coastguard Worker 
138*6236dae4SAndroid Build Coastguard Worker /* This is used to cleanup any libraries or curl modules used by the sasl
139*6236dae4SAndroid Build Coastguard Worker    functions */
140*6236dae4SAndroid Build Coastguard Worker void Curl_sasl_cleanup(struct connectdata *conn, unsigned short authused);
141*6236dae4SAndroid Build Coastguard Worker 
142*6236dae4SAndroid Build Coastguard Worker /* Convert a mechanism name to a token */
143*6236dae4SAndroid Build Coastguard Worker unsigned short Curl_sasl_decode_mech(const char *ptr,
144*6236dae4SAndroid Build Coastguard Worker                                      size_t maxlen, size_t *len);
145*6236dae4SAndroid Build Coastguard Worker 
146*6236dae4SAndroid Build Coastguard Worker /* Parse the URL login options */
147*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl,
148*6236dae4SAndroid Build Coastguard Worker                                          const char *value, size_t len);
149*6236dae4SAndroid Build Coastguard Worker 
150*6236dae4SAndroid Build Coastguard Worker /* Initializes an SASL structure */
151*6236dae4SAndroid Build Coastguard Worker void Curl_sasl_init(struct SASL *sasl, struct Curl_easy *data,
152*6236dae4SAndroid Build Coastguard Worker                     const struct SASLproto *params);
153*6236dae4SAndroid Build Coastguard Worker 
154*6236dae4SAndroid Build Coastguard Worker /* Check if we have enough auth data and capabilities to authenticate */
155*6236dae4SAndroid Build Coastguard Worker bool Curl_sasl_can_authenticate(struct SASL *sasl, struct Curl_easy *data);
156*6236dae4SAndroid Build Coastguard Worker 
157*6236dae4SAndroid Build Coastguard Worker /* Calculate the required login details for SASL authentication  */
158*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data,
159*6236dae4SAndroid Build Coastguard Worker                          bool force_ir, saslprogress *progress);
160*6236dae4SAndroid Build Coastguard Worker 
161*6236dae4SAndroid Build Coastguard Worker /* Continue an SASL authentication  */
162*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data,
163*6236dae4SAndroid Build Coastguard Worker                             int code, saslprogress *progress);
164*6236dae4SAndroid Build Coastguard Worker 
165*6236dae4SAndroid Build Coastguard Worker #endif /* HEADER_CURL_SASL_H */
166