#ifndef HEADER_CURL_SASL_H #define HEADER_CURL_SASL_H /*************************************************************************** * _ _ ____ _ * Project ___| | | | _ \| | * / __| | | | |_) | | * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * * Copyright (C) 2012 - 2014, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms * are also available at http://curl.haxx.se/docs/copyright.html. * * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is * furnished to do so, under the terms of the COPYING file. * * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * ***************************************************************************/ #include struct SessionHandle; struct connectdata; #if !defined(CURL_DISABLE_CRYPTO_AUTH) struct digestdata; #endif #if defined(USE_NTLM) struct ntlmdata; #endif #if defined(USE_KRB5) struct kerberos5data; #endif /* Authentication mechanism values */ #define SASL_AUTH_NONE 0 #define SASL_AUTH_ANY ~0U /* Authentication mechanism flags */ #define SASL_MECH_LOGIN (1 << 0) #define SASL_MECH_PLAIN (1 << 1) #define SASL_MECH_CRAM_MD5 (1 << 2) #define SASL_MECH_DIGEST_MD5 (1 << 3) #define SASL_MECH_GSSAPI (1 << 4) #define SASL_MECH_EXTERNAL (1 << 5) #define SASL_MECH_NTLM (1 << 6) #define SASL_MECH_XOAUTH2 (1 << 7) /* Authentication mechanism strings */ #define SASL_MECH_STRING_LOGIN "LOGIN" #define SASL_MECH_STRING_PLAIN "PLAIN" #define SASL_MECH_STRING_CRAM_MD5 "CRAM-MD5" #define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5" #define SASL_MECH_STRING_GSSAPI "GSSAPI" #define SASL_MECH_STRING_EXTERNAL "EXTERNAL" #define SASL_MECH_STRING_NTLM "NTLM" #define SASL_MECH_STRING_XOAUTH2 "XOAUTH2" enum { CURLDIGESTALGO_MD5, CURLDIGESTALGO_MD5SESS }; /* This is used to test whether the line starts with the given mechanism */ #define sasl_mech_equal(line, wordlen, mech) \ (wordlen == (sizeof(mech) - 1) / sizeof(char) && \ !memcmp(line, mech, wordlen)) /* This is used to build a SPN string */ #if !defined(USE_WINDOWS_SSPI) char *Curl_sasl_build_spn(const char *service, const char *instance); #else TCHAR *Curl_sasl_build_spn(const char *service, const char *instance); #endif /* This is used to generate a base64 encoded PLAIN authentication message */ CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data, const char *userp, const char *passwdp, char **outptr, size_t *outlen); /* This is used to generate a base64 encoded LOGIN authentication message containing either the user name or password details */ CURLcode Curl_sasl_create_login_message(struct SessionHandle *data, const char *valuep, char **outptr, size_t *outlen); #ifndef CURL_DISABLE_CRYPTO_AUTH /* This is used to decode a base64 encoded CRAM-MD5 challange message */ CURLcode Curl_sasl_decode_cram_md5_message(const char *chlg64, char **outptr, size_t *outlen); /* This is used to generate a base64 encoded CRAM-MD5 response message */ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data, const char *chlg, const char *user, const char *passwdp, char **outptr, size_t *outlen); /* This is used to generate a base64 encoded DIGEST-MD5 response message */ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, const char *chlg64, const char *userp, const char *passwdp, const char *service, char **outptr, size_t *outlen); /* This is used to decode a HTTP DIGEST challenge message */ CURLcode Curl_sasl_decode_digest_http_message(const char *chlg, struct digestdata *digest); /* This is used to generate a HTTP DIGEST response message */ CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data, const char *userp, const char *passwdp, const unsigned char *request, const unsigned char *uri, struct digestdata *digest, char **outptr, size_t *outlen); /* This is used to clean up the digest specific data */ void Curl_sasl_digest_cleanup(struct digestdata *digest); #endif #ifdef USE_NTLM /* This is used to generate a base64 encoded NTLM type-1 message */ CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp, const char *passwdp, struct ntlmdata *ntlm, char **outptr, size_t *outlen); /* This is used to decode a base64 encoded NTLM type-2 message */ CURLcode Curl_sasl_decode_ntlm_type2_message(struct SessionHandle *data, const char *type2msg, struct ntlmdata *ntlm); /* This is used to generate a base64 encoded NTLM type-3 message */ CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data, const char *userp, const char *passwdp, struct ntlmdata *ntlm, char **outptr, size_t *outlen); #if defined(USE_WINDOWS_SSPI) /* This is used to clean up the ntlm specific data */ void Curl_sasl_ntlm_cleanup(struct ntlmdata *ntlm); #endif #endif /* USE_NTLM */ #if defined(USE_KRB5) /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token message */ CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data, const char *userp, const char *passwdp, const char *service, const bool mutual, const char *chlg64, struct kerberos5data *krb5, char **outptr, size_t *outlen); /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) security token message */ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data, const char *input, struct kerberos5data *krb5, char **outptr, size_t *outlen); #endif /* USE_KRB5 */ /* This is used to generate a base64 encoded XOAUTH2 authentication message containing the user name and bearer token */ CURLcode Curl_sasl_create_xoauth2_message(struct SessionHandle *data, const char *user, const char *bearer, char **outptr, size_t *outlen); /* This is used to cleanup any libraries or curl modules used by the sasl functions */ void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused); #endif /* HEADER_CURL_SASL_H */