quickjs-tart

quickjs-based runtime for wallet-core logic
Log | Files | Refs | README | LICENSE

curl_sasl.h (6350B)

      1 #ifndef HEADER_CURL_SASL_H
      2 #define HEADER_CURL_SASL_H
      3 /***************************************************************************
      4  *                                  _   _ ____  _
      5  *  Project                     ___| | | |  _ \| |
      6  *                             / __| | | | |_) | |
      7  *                            | (__| |_| |  _ <| |___
      8  *                             \___|\___/|_| \_\_____|
      9  *
     10  * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
     11  *
     12  * This software is licensed as described in the file COPYING, which
     13  * you should have received as part of this distribution. The terms
     14  * are also available at https://curl.se/docs/copyright.html.
     15  *
     16  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
     17  * copies of the Software, and permit persons to whom the Software is
     18  * furnished to do so, under the terms of the COPYING file.
     19  *
     20  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
     21  * KIND, either express or implied.
     22  *
     23  * SPDX-License-Identifier: curl
     24  *
     25  ***************************************************************************/
     26 
     27 #include <curl/curl.h>
     28 
     29 #include "bufref.h"
     30 
     31 struct Curl_easy;
     32 struct connectdata;
     33 
     34 /* Authentication mechanism flags */
     35 #define SASL_MECH_LOGIN             (1 << 0)
     36 #define SASL_MECH_PLAIN             (1 << 1)
     37 #define SASL_MECH_CRAM_MD5          (1 << 2)
     38 #define SASL_MECH_DIGEST_MD5        (1 << 3)
     39 #define SASL_MECH_GSSAPI            (1 << 4)
     40 #define SASL_MECH_EXTERNAL          (1 << 5)
     41 #define SASL_MECH_NTLM              (1 << 6)
     42 #define SASL_MECH_XOAUTH2           (1 << 7)
     43 #define SASL_MECH_OAUTHBEARER       (1 << 8)
     44 #define SASL_MECH_SCRAM_SHA_1       (1 << 9)
     45 #define SASL_MECH_SCRAM_SHA_256     (1 << 10)
     46 
     47 /* Authentication mechanism values */
     48 #define SASL_AUTH_NONE          0
     49 #define SASL_AUTH_ANY           0xffff
     50 #define SASL_AUTH_DEFAULT       (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL)
     51 
     52 /* Authentication mechanism strings */
     53 #define SASL_MECH_STRING_LOGIN          "LOGIN"
     54 #define SASL_MECH_STRING_PLAIN          "PLAIN"
     55 #define SASL_MECH_STRING_CRAM_MD5       "CRAM-MD5"
     56 #define SASL_MECH_STRING_DIGEST_MD5     "DIGEST-MD5"
     57 #define SASL_MECH_STRING_GSSAPI         "GSSAPI"
     58 #define SASL_MECH_STRING_EXTERNAL       "EXTERNAL"
     59 #define SASL_MECH_STRING_NTLM           "NTLM"
     60 #define SASL_MECH_STRING_XOAUTH2        "XOAUTH2"
     61 #define SASL_MECH_STRING_OAUTHBEARER    "OAUTHBEARER"
     62 #define SASL_MECH_STRING_SCRAM_SHA_1    "SCRAM-SHA-1"
     63 #define SASL_MECH_STRING_SCRAM_SHA_256  "SCRAM-SHA-256"
     64 
     65 /* SASL flags */
     66 #define SASL_FLAG_BASE64        0x0001  /* Messages are base64-encoded */
     67 
     68 /* SASL machine states */
     69 typedef enum {
     70   SASL_STOP,
     71   SASL_PLAIN,
     72   SASL_LOGIN,
     73   SASL_LOGIN_PASSWD,
     74   SASL_EXTERNAL,
     75   SASL_CRAMMD5,
     76   SASL_DIGESTMD5,
     77   SASL_DIGESTMD5_RESP,
     78   SASL_NTLM,
     79   SASL_NTLM_TYPE2MSG,
     80   SASL_GSSAPI,
     81   SASL_GSSAPI_TOKEN,
     82   SASL_GSSAPI_NO_DATA,
     83   SASL_OAUTH2,
     84   SASL_OAUTH2_RESP,
     85   SASL_GSASL,
     86   SASL_CANCEL,
     87   SASL_FINAL
     88 } saslstate;
     89 
     90 /* Progress indicator */
     91 typedef enum {
     92   SASL_IDLE,
     93   SASL_INPROGRESS,
     94   SASL_DONE
     95 } saslprogress;
     96 
     97 /* Protocol dependent SASL parameters */
     98 struct SASLproto {
     99   const char *service;     /* The service name */
    100   CURLcode (*sendauth)(struct Curl_easy *data, const char *mech,
    101                        const struct bufref *ir);
    102                            /* Send authentication command */
    103   CURLcode (*contauth)(struct Curl_easy *data, const char *mech,
    104                        const struct bufref *contauth);
    105                            /* Send authentication continuation */
    106   CURLcode (*cancelauth)(struct Curl_easy *data, const char *mech);
    107                            /* Cancel authentication. */
    108   CURLcode (*getmessage)(struct Curl_easy *data, struct bufref *out);
    109                            /* Get SASL response message */
    110   size_t maxirlen;         /* Maximum initial response + mechanism length,
    111                               or zero if no max. This is normally the max
    112                               command length - other characters count.
    113                               This has to be zero for non-base64 protocols. */
    114   int contcode;            /* Code to receive when continuation is expected */
    115   int finalcode;           /* Code to receive upon authentication success */
    116   unsigned short defmechs; /* Mechanisms enabled by default */
    117   unsigned short flags;    /* Configuration flags. */
    118 };
    119 
    120 /* Per-connection parameters */
    121 struct SASL {
    122   const struct SASLproto *params; /* Protocol dependent parameters */
    123   saslstate state;           /* Current machine state */
    124   const char *curmech;       /* Current mechanism id. */
    125   unsigned short authmechs;  /* Accepted authentication mechanisms */
    126   unsigned short prefmech;   /* Preferred authentication mechanism */
    127   unsigned short authused;   /* Auth mechanism used for the connection */
    128   BIT(resetprefs);           /* For URL auth option parsing. */
    129   BIT(mutual_auth);          /* Mutual authentication enabled (GSSAPI only) */
    130   BIT(force_ir);             /* Protocol always supports initial response */
    131 };
    132 
    133 /* This is used to test whether the line starts with the given mechanism */
    134 #define sasl_mech_equal(line, wordlen, mech) \
    135   (wordlen == (sizeof(mech) - 1) / sizeof(char) && \
    136    !memcmp(line, mech, wordlen))
    137 
    138 /* Convert a mechanism name to a token */
    139 unsigned short Curl_sasl_decode_mech(const char *ptr,
    140                                      size_t maxlen, size_t *len);
    141 
    142 /* Parse the URL login options */
    143 CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl,
    144                                          const char *value, size_t len);
    145 
    146 /* Initializes an SASL structure */
    147 void Curl_sasl_init(struct SASL *sasl, struct Curl_easy *data,
    148                     const struct SASLproto *params);
    149 
    150 /* Check if we have enough auth data and capabilities to authenticate */
    151 bool Curl_sasl_can_authenticate(struct SASL *sasl, struct Curl_easy *data);
    152 
    153 /* Calculate the required login details for SASL authentication  */
    154 CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data,
    155                          bool force_ir, saslprogress *progress);
    156 
    157 /* Continue an SASL authentication  */
    158 CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data,
    159                             int code, saslprogress *progress);
    160 
    161 CURLcode Curl_sasl_is_blocked(struct SASL *sasl, struct Curl_easy *data);
    162 
    163 #endif /* HEADER_CURL_SASL_H */