1*6236dae4SAndroid Build Coastguard Worker #ifndef HEADER_CURL_SASL_H 2*6236dae4SAndroid Build Coastguard Worker #define HEADER_CURL_SASL_H 3*6236dae4SAndroid Build Coastguard Worker /*************************************************************************** 4*6236dae4SAndroid Build Coastguard Worker * _ _ ____ _ 5*6236dae4SAndroid Build Coastguard Worker * Project ___| | | | _ \| | 6*6236dae4SAndroid Build Coastguard Worker * / __| | | | |_) | | 7*6236dae4SAndroid Build Coastguard Worker * | (__| |_| | _ <| |___ 8*6236dae4SAndroid Build Coastguard Worker * \___|\___/|_| \_\_____| 9*6236dae4SAndroid Build Coastguard Worker * 10*6236dae4SAndroid Build Coastguard Worker * Copyright (C) Daniel Stenberg, <[email protected]>, et al. 11*6236dae4SAndroid Build Coastguard Worker * 12*6236dae4SAndroid Build Coastguard Worker * This software is licensed as described in the file COPYING, which 13*6236dae4SAndroid Build Coastguard Worker * you should have received as part of this distribution. The terms 14*6236dae4SAndroid Build Coastguard Worker * are also available at https://curl.se/docs/copyright.html. 15*6236dae4SAndroid Build Coastguard Worker * 16*6236dae4SAndroid Build Coastguard Worker * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17*6236dae4SAndroid Build Coastguard Worker * copies of the Software, and permit persons to whom the Software is 18*6236dae4SAndroid Build Coastguard Worker * furnished to do so, under the terms of the COPYING file. 19*6236dae4SAndroid Build Coastguard Worker * 20*6236dae4SAndroid Build Coastguard Worker * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21*6236dae4SAndroid Build Coastguard Worker * KIND, either express or implied. 22*6236dae4SAndroid Build Coastguard Worker * 23*6236dae4SAndroid Build Coastguard Worker * SPDX-License-Identifier: curl 24*6236dae4SAndroid Build Coastguard Worker * 25*6236dae4SAndroid Build Coastguard Worker ***************************************************************************/ 26*6236dae4SAndroid Build Coastguard Worker 27*6236dae4SAndroid Build Coastguard Worker #include <curl/curl.h> 28*6236dae4SAndroid Build Coastguard Worker 29*6236dae4SAndroid Build Coastguard Worker #include "bufref.h" 30*6236dae4SAndroid Build Coastguard Worker 31*6236dae4SAndroid Build Coastguard Worker struct Curl_easy; 32*6236dae4SAndroid Build Coastguard Worker struct connectdata; 33*6236dae4SAndroid Build Coastguard Worker 34*6236dae4SAndroid Build Coastguard Worker /* Authentication mechanism flags */ 35*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_LOGIN (1 << 0) 36*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_PLAIN (1 << 1) 37*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_CRAM_MD5 (1 << 2) 38*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_DIGEST_MD5 (1 << 3) 39*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_GSSAPI (1 << 4) 40*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_EXTERNAL (1 << 5) 41*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_NTLM (1 << 6) 42*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_XOAUTH2 (1 << 7) 43*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_OAUTHBEARER (1 << 8) 44*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_SCRAM_SHA_1 (1 << 9) 45*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_SCRAM_SHA_256 (1 << 10) 46*6236dae4SAndroid Build Coastguard Worker 47*6236dae4SAndroid Build Coastguard Worker /* Authentication mechanism values */ 48*6236dae4SAndroid Build Coastguard Worker #define SASL_AUTH_NONE 0 49*6236dae4SAndroid Build Coastguard Worker #define SASL_AUTH_ANY 0xffff 50*6236dae4SAndroid Build Coastguard Worker #define SASL_AUTH_DEFAULT (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL) 51*6236dae4SAndroid Build Coastguard Worker 52*6236dae4SAndroid Build Coastguard Worker /* Authentication mechanism strings */ 53*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_LOGIN "LOGIN" 54*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_PLAIN "PLAIN" 55*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_CRAM_MD5 "CRAM-MD5" 56*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5" 57*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_GSSAPI "GSSAPI" 58*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_EXTERNAL "EXTERNAL" 59*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_NTLM "NTLM" 60*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_XOAUTH2 "XOAUTH2" 61*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_OAUTHBEARER "OAUTHBEARER" 62*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_SCRAM_SHA_1 "SCRAM-SHA-1" 63*6236dae4SAndroid Build Coastguard Worker #define SASL_MECH_STRING_SCRAM_SHA_256 "SCRAM-SHA-256" 64*6236dae4SAndroid Build Coastguard Worker 65*6236dae4SAndroid Build Coastguard Worker /* SASL flags */ 66*6236dae4SAndroid Build Coastguard Worker #define SASL_FLAG_BASE64 0x0001 /* Messages are base64-encoded */ 67*6236dae4SAndroid Build Coastguard Worker 68*6236dae4SAndroid Build Coastguard Worker /* SASL machine states */ 69*6236dae4SAndroid Build Coastguard Worker typedef enum { 70*6236dae4SAndroid Build Coastguard Worker SASL_STOP, 71*6236dae4SAndroid Build Coastguard Worker SASL_PLAIN, 72*6236dae4SAndroid Build Coastguard Worker SASL_LOGIN, 73*6236dae4SAndroid Build Coastguard Worker SASL_LOGIN_PASSWD, 74*6236dae4SAndroid Build Coastguard Worker SASL_EXTERNAL, 75*6236dae4SAndroid Build Coastguard Worker SASL_CRAMMD5, 76*6236dae4SAndroid Build Coastguard Worker SASL_DIGESTMD5, 77*6236dae4SAndroid Build Coastguard Worker SASL_DIGESTMD5_RESP, 78*6236dae4SAndroid Build Coastguard Worker SASL_NTLM, 79*6236dae4SAndroid Build Coastguard Worker SASL_NTLM_TYPE2MSG, 80*6236dae4SAndroid Build Coastguard Worker SASL_GSSAPI, 81*6236dae4SAndroid Build Coastguard Worker SASL_GSSAPI_TOKEN, 82*6236dae4SAndroid Build Coastguard Worker SASL_GSSAPI_NO_DATA, 83*6236dae4SAndroid Build Coastguard Worker SASL_OAUTH2, 84*6236dae4SAndroid Build Coastguard Worker SASL_OAUTH2_RESP, 85*6236dae4SAndroid Build Coastguard Worker SASL_GSASL, 86*6236dae4SAndroid Build Coastguard Worker SASL_CANCEL, 87*6236dae4SAndroid Build Coastguard Worker SASL_FINAL 88*6236dae4SAndroid Build Coastguard Worker } saslstate; 89*6236dae4SAndroid Build Coastguard Worker 90*6236dae4SAndroid Build Coastguard Worker /* Progress indicator */ 91*6236dae4SAndroid Build Coastguard Worker typedef enum { 92*6236dae4SAndroid Build Coastguard Worker SASL_IDLE, 93*6236dae4SAndroid Build Coastguard Worker SASL_INPROGRESS, 94*6236dae4SAndroid Build Coastguard Worker SASL_DONE 95*6236dae4SAndroid Build Coastguard Worker } saslprogress; 96*6236dae4SAndroid Build Coastguard Worker 97*6236dae4SAndroid Build Coastguard Worker /* Protocol dependent SASL parameters */ 98*6236dae4SAndroid Build Coastguard Worker struct SASLproto { 99*6236dae4SAndroid Build Coastguard Worker const char *service; /* The service name */ 100*6236dae4SAndroid Build Coastguard Worker CURLcode (*sendauth)(struct Curl_easy *data, const char *mech, 101*6236dae4SAndroid Build Coastguard Worker const struct bufref *ir); 102*6236dae4SAndroid Build Coastguard Worker /* Send authentication command */ 103*6236dae4SAndroid Build Coastguard Worker CURLcode (*contauth)(struct Curl_easy *data, const char *mech, 104*6236dae4SAndroid Build Coastguard Worker const struct bufref *contauth); 105*6236dae4SAndroid Build Coastguard Worker /* Send authentication continuation */ 106*6236dae4SAndroid Build Coastguard Worker CURLcode (*cancelauth)(struct Curl_easy *data, const char *mech); 107*6236dae4SAndroid Build Coastguard Worker /* Cancel authentication. */ 108*6236dae4SAndroid Build Coastguard Worker CURLcode (*getmessage)(struct Curl_easy *data, struct bufref *out); 109*6236dae4SAndroid Build Coastguard Worker /* Get SASL response message */ 110*6236dae4SAndroid Build Coastguard Worker size_t maxirlen; /* Maximum initial response + mechanism length, 111*6236dae4SAndroid Build Coastguard Worker or zero if no max. This is normally the max 112*6236dae4SAndroid Build Coastguard Worker command length - other characters count. 113*6236dae4SAndroid Build Coastguard Worker This has to be zero for non-base64 protocols. */ 114*6236dae4SAndroid Build Coastguard Worker int contcode; /* Code to receive when continuation is expected */ 115*6236dae4SAndroid Build Coastguard Worker int finalcode; /* Code to receive upon authentication success */ 116*6236dae4SAndroid Build Coastguard Worker unsigned short defmechs; /* Mechanisms enabled by default */ 117*6236dae4SAndroid Build Coastguard Worker unsigned short flags; /* Configuration flags. */ 118*6236dae4SAndroid Build Coastguard Worker }; 119*6236dae4SAndroid Build Coastguard Worker 120*6236dae4SAndroid Build Coastguard Worker /* Per-connection parameters */ 121*6236dae4SAndroid Build Coastguard Worker struct SASL { 122*6236dae4SAndroid Build Coastguard Worker const struct SASLproto *params; /* Protocol dependent parameters */ 123*6236dae4SAndroid Build Coastguard Worker saslstate state; /* Current machine state */ 124*6236dae4SAndroid Build Coastguard Worker const char *curmech; /* Current mechanism id. */ 125*6236dae4SAndroid Build Coastguard Worker unsigned short authmechs; /* Accepted authentication mechanisms */ 126*6236dae4SAndroid Build Coastguard Worker unsigned short prefmech; /* Preferred authentication mechanism */ 127*6236dae4SAndroid Build Coastguard Worker unsigned short authused; /* Auth mechanism used for the connection */ 128*6236dae4SAndroid Build Coastguard Worker BIT(resetprefs); /* For URL auth option parsing. */ 129*6236dae4SAndroid Build Coastguard Worker BIT(mutual_auth); /* Mutual authentication enabled (GSSAPI only) */ 130*6236dae4SAndroid Build Coastguard Worker BIT(force_ir); /* Protocol always supports initial response */ 131*6236dae4SAndroid Build Coastguard Worker }; 132*6236dae4SAndroid Build Coastguard Worker 133*6236dae4SAndroid Build Coastguard Worker /* This is used to test whether the line starts with the given mechanism */ 134*6236dae4SAndroid Build Coastguard Worker #define sasl_mech_equal(line, wordlen, mech) \ 135*6236dae4SAndroid Build Coastguard Worker (wordlen == (sizeof(mech) - 1) / sizeof(char) && \ 136*6236dae4SAndroid Build Coastguard Worker !memcmp(line, mech, wordlen)) 137*6236dae4SAndroid Build Coastguard Worker 138*6236dae4SAndroid Build Coastguard Worker /* This is used to cleanup any libraries or curl modules used by the sasl 139*6236dae4SAndroid Build Coastguard Worker functions */ 140*6236dae4SAndroid Build Coastguard Worker void Curl_sasl_cleanup(struct connectdata *conn, unsigned short authused); 141*6236dae4SAndroid Build Coastguard Worker 142*6236dae4SAndroid Build Coastguard Worker /* Convert a mechanism name to a token */ 143*6236dae4SAndroid Build Coastguard Worker unsigned short Curl_sasl_decode_mech(const char *ptr, 144*6236dae4SAndroid Build Coastguard Worker size_t maxlen, size_t *len); 145*6236dae4SAndroid Build Coastguard Worker 146*6236dae4SAndroid Build Coastguard Worker /* Parse the URL login options */ 147*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl, 148*6236dae4SAndroid Build Coastguard Worker const char *value, size_t len); 149*6236dae4SAndroid Build Coastguard Worker 150*6236dae4SAndroid Build Coastguard Worker /* Initializes an SASL structure */ 151*6236dae4SAndroid Build Coastguard Worker void Curl_sasl_init(struct SASL *sasl, struct Curl_easy *data, 152*6236dae4SAndroid Build Coastguard Worker const struct SASLproto *params); 153*6236dae4SAndroid Build Coastguard Worker 154*6236dae4SAndroid Build Coastguard Worker /* Check if we have enough auth data and capabilities to authenticate */ 155*6236dae4SAndroid Build Coastguard Worker bool Curl_sasl_can_authenticate(struct SASL *sasl, struct Curl_easy *data); 156*6236dae4SAndroid Build Coastguard Worker 157*6236dae4SAndroid Build Coastguard Worker /* Calculate the required login details for SASL authentication */ 158*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data, 159*6236dae4SAndroid Build Coastguard Worker bool force_ir, saslprogress *progress); 160*6236dae4SAndroid Build Coastguard Worker 161*6236dae4SAndroid Build Coastguard Worker /* Continue an SASL authentication */ 162*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, 163*6236dae4SAndroid Build Coastguard Worker int code, saslprogress *progress); 164*6236dae4SAndroid Build Coastguard Worker 165*6236dae4SAndroid Build Coastguard Worker #endif /* HEADER_CURL_SASL_H */ 166