cleartext.c 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * RFC4616 PLAIN authentication
  22. * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
  23. *
  24. ***************************************************************************/
  25. #include "curl_setup.h"
  26. #if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \
  27. !defined(CURL_DISABLE_POP3)
  28. #include <curl/curl.h>
  29. #include "urldata.h"
  30. #include "vauth/vauth.h"
  31. #include "curl_base64.h"
  32. #include "curl_md5.h"
  33. #include "warnless.h"
  34. #include "strtok.h"
  35. #include "sendf.h"
  36. #include "curl_printf.h"
  37. /* The last #include files should be: */
  38. #include "curl_memory.h"
  39. #include "memdebug.h"
  40. /*
  41. * Curl_auth_create_plain_message()
  42. *
  43. * This is used to generate an already encoded PLAIN message ready
  44. * for sending to the recipient.
  45. *
  46. * Parameters:
  47. *
  48. * data [in] - The session handle.
  49. * authzid [in] - The authorization identity.
  50. * authcid [in] - The authentication identity.
  51. * passwd [in] - The password.
  52. * outptr [in/out] - The address where a pointer to newly allocated memory
  53. * holding the result will be stored upon completion.
  54. * outlen [out] - The length of the output message.
  55. *
  56. * Returns CURLE_OK on success.
  57. */
  58. CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
  59. const char *authzid,
  60. const char *authcid,
  61. const char *passwd,
  62. char **outptr, size_t *outlen)
  63. {
  64. CURLcode result;
  65. char *plainauth;
  66. size_t zlen;
  67. size_t clen;
  68. size_t plen;
  69. size_t plainlen;
  70. *outlen = 0;
  71. *outptr = NULL;
  72. zlen = (authzid == NULL ? 0 : strlen(authzid));
  73. clen = strlen(authcid);
  74. plen = strlen(passwd);
  75. /* Compute binary message length. Check for overflows. */
  76. if((zlen > SIZE_T_MAX/4) || (clen > SIZE_T_MAX/4) ||
  77. (plen > (SIZE_T_MAX/2 - 2)))
  78. return CURLE_OUT_OF_MEMORY;
  79. plainlen = zlen + clen + plen + 2;
  80. plainauth = malloc(plainlen);
  81. if(!plainauth)
  82. return CURLE_OUT_OF_MEMORY;
  83. /* Calculate the reply */
  84. if(zlen != 0)
  85. memcpy(plainauth, authzid, zlen);
  86. plainauth[zlen] = '\0';
  87. memcpy(plainauth + zlen + 1, authcid, clen);
  88. plainauth[zlen + clen + 1] = '\0';
  89. memcpy(plainauth + zlen + clen + 2, passwd, plen);
  90. /* Base64 encode the reply */
  91. result = Curl_base64_encode(data, plainauth, plainlen, outptr, outlen);
  92. free(plainauth);
  93. return result;
  94. }
  95. /*
  96. * Curl_auth_create_login_message()
  97. *
  98. * This is used to generate an already encoded LOGIN message containing the
  99. * user name or password ready for sending to the recipient.
  100. *
  101. * Parameters:
  102. *
  103. * data [in] - The session handle.
  104. * valuep [in] - The user name or user's password.
  105. * outptr [in/out] - The address where a pointer to newly allocated memory
  106. * holding the result will be stored upon completion.
  107. * outlen [out] - The length of the output message.
  108. *
  109. * Returns CURLE_OK on success.
  110. */
  111. CURLcode Curl_auth_create_login_message(struct Curl_easy *data,
  112. const char *valuep, char **outptr,
  113. size_t *outlen)
  114. {
  115. size_t vlen = strlen(valuep);
  116. if(!vlen) {
  117. /* Calculate an empty reply */
  118. *outptr = strdup("=");
  119. if(*outptr) {
  120. *outlen = (size_t) 1;
  121. return CURLE_OK;
  122. }
  123. *outlen = 0;
  124. return CURLE_OUT_OF_MEMORY;
  125. }
  126. /* Base64 encode the value */
  127. return Curl_base64_encode(data, valuep, vlen, outptr, outlen);
  128. }
  129. /*
  130. * Curl_auth_create_external_message()
  131. *
  132. * This is used to generate an already encoded EXTERNAL message containing
  133. * the user name ready for sending to the recipient.
  134. *
  135. * Parameters:
  136. *
  137. * data [in] - The session handle.
  138. * user [in] - The user name.
  139. * outptr [in/out] - The address where a pointer to newly allocated memory
  140. * holding the result will be stored upon completion.
  141. * outlen [out] - The length of the output message.
  142. *
  143. * Returns CURLE_OK on success.
  144. */
  145. CURLcode Curl_auth_create_external_message(struct Curl_easy *data,
  146. const char *user, char **outptr,
  147. size_t *outlen)
  148. {
  149. /* This is the same formatting as the login message */
  150. return Curl_auth_create_login_message(data, user, outptr, outlen);
  151. }
  152. #endif /* if no users */