1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) Simon Josefsson, <simon@josefsson.org>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 * RFC5802 SCRAM-SHA-1 authentication
24 *
25 ***************************************************************************/
26
27 #include "curl_setup.h"
28
29 #ifdef USE_GSASL
30
31 #include <curl/curl.h>
32
33 #include "vauth/vauth.h"
34 #include "urldata.h"
35 #include "sendf.h"
36
37 #include <gsasl.h>
38
39 /* The last 3 #include files should be in this order */
40 #include "curl_printf.h"
41 #include "curl_memory.h"
42 #include "memdebug.h"
43
Curl_auth_gsasl_is_supported(struct Curl_easy * data,const char * mech,struct gsasldata * gsasl)44 bool Curl_auth_gsasl_is_supported(struct Curl_easy *data,
45 const char *mech,
46 struct gsasldata *gsasl)
47 {
48 int res;
49
50 res = gsasl_init(&gsasl->ctx);
51 if(res != GSASL_OK) {
52 failf(data, "gsasl init: %s\n", gsasl_strerror(res));
53 return FALSE;
54 }
55
56 res = gsasl_client_start(gsasl->ctx, mech, &gsasl->client);
57 if(res != GSASL_OK) {
58 gsasl_done(gsasl->ctx);
59 return FALSE;
60 }
61
62 return TRUE;
63 }
64
Curl_auth_gsasl_start(struct Curl_easy * data,const char * userp,const char * passwdp,struct gsasldata * gsasl)65 CURLcode Curl_auth_gsasl_start(struct Curl_easy *data,
66 const char *userp,
67 const char *passwdp,
68 struct gsasldata *gsasl)
69 {
70 #if GSASL_VERSION_NUMBER >= 0x010b00
71 int res;
72 res =
73 #endif
74 gsasl_property_set(gsasl->client, GSASL_AUTHID, userp);
75 #if GSASL_VERSION_NUMBER >= 0x010b00
76 if(res != GSASL_OK) {
77 failf(data, "setting AUTHID failed: %s\n", gsasl_strerror(res));
78 return CURLE_OUT_OF_MEMORY;
79 }
80 #endif
81
82 #if GSASL_VERSION_NUMBER >= 0x010b00
83 res =
84 #endif
85 gsasl_property_set(gsasl->client, GSASL_PASSWORD, passwdp);
86 #if GSASL_VERSION_NUMBER >= 0x010b00
87 if(res != GSASL_OK) {
88 failf(data, "setting PASSWORD failed: %s\n", gsasl_strerror(res));
89 return CURLE_OUT_OF_MEMORY;
90 }
91 #endif
92
93 (void)data;
94
95 return CURLE_OK;
96 }
97
Curl_auth_gsasl_token(struct Curl_easy * data,const struct bufref * chlg,struct gsasldata * gsasl,struct bufref * out)98 CURLcode Curl_auth_gsasl_token(struct Curl_easy *data,
99 const struct bufref *chlg,
100 struct gsasldata *gsasl,
101 struct bufref *out)
102 {
103 int res;
104 char *response;
105 size_t outlen;
106
107 res = gsasl_step(gsasl->client,
108 (const char *) Curl_bufref_ptr(chlg), Curl_bufref_len(chlg),
109 &response, &outlen);
110 if(res != GSASL_OK && res != GSASL_NEEDS_MORE) {
111 failf(data, "GSASL step: %s\n", gsasl_strerror(res));
112 return CURLE_BAD_CONTENT_ENCODING;
113 }
114
115 Curl_bufref_set(out, response, outlen, gsasl_free);
116 return CURLE_OK;
117 }
118
Curl_auth_gsasl_cleanup(struct gsasldata * gsasl)119 void Curl_auth_gsasl_cleanup(struct gsasldata *gsasl)
120 {
121 gsasl_finish(gsasl->client);
122 gsasl->client = NULL;
123
124 gsasl_done(gsasl->ctx);
125 gsasl->ctx = NULL;
126 }
127 #endif
128