1 #ifndef HEADER_CURL_VAUTH_H 2 #define HEADER_CURL_VAUTH_H 3 /*************************************************************************** 4 * _ _ ____ _ 5 * Project ___| | | | _ \| | 6 * / __| | | | |_) | | 7 * | (__| |_| | _ <| |___ 8 * \___|\___/|_| \_\_____| 9 * 10 * Copyright (C) Steve Holme, <steve_holme@hotmail.com>. 11 * 12 * This software is licensed as described in the file COPYING, which 13 * you should have received as part of this distribution. The terms 14 * are also available at https://curl.se/docs/copyright.html. 15 * 16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17 * copies of the Software, and permit persons to whom the Software is 18 * furnished to do so, under the terms of the COPYING file. 19 * 20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21 * KIND, either express or implied. 22 * 23 * SPDX-License-Identifier: curl 24 * 25 ***************************************************************************/ 26 27 #include <curl/curl.h> 28 29 #include "bufref.h" 30 31 struct Curl_easy; 32 33 #if !defined(CURL_DISABLE_DIGEST_AUTH) 34 struct digestdata; 35 #endif 36 37 #if defined(USE_NTLM) 38 struct ntlmdata; 39 #endif 40 41 #if defined(USE_KERBEROS5) 42 struct kerberos5data; 43 #endif 44 45 #if (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)) && defined(USE_SPNEGO) 46 struct negotiatedata; 47 #endif 48 49 #if defined(USE_GSASL) 50 struct gsasldata; 51 #endif 52 53 #if defined(USE_WINDOWS_SSPI) 54 #define GSS_ERROR(status) ((status) & 0x80000000) 55 #endif 56 57 /* 58 * Curl_auth_allowed_to_host() tells if authentication, cookies or other 59 * "sensitive data" can (still) be sent to this host. 60 */ 61 bool Curl_auth_allowed_to_host(struct Curl_easy *data); 62 63 /* This is used to build a SPN string */ 64 #if !defined(USE_WINDOWS_SSPI) 65 char *Curl_auth_build_spn(const char *service, const char *host, 66 const char *realm); 67 #else 68 TCHAR *Curl_auth_build_spn(const char *service, const char *host, 69 const char *realm); 70 #endif 71 72 /* This is used to test if the user contains a Windows domain name */ 73 bool Curl_auth_user_contains_domain(const char *user); 74 75 /* This is used to generate a PLAIN cleartext message */ 76 CURLcode Curl_auth_create_plain_message(const char *authzid, 77 const char *authcid, 78 const char *passwd, 79 struct bufref *out); 80 81 /* This is used to generate a LOGIN cleartext message */ 82 void Curl_auth_create_login_message(const char *value, struct bufref *out); 83 84 /* This is used to generate an EXTERNAL cleartext message */ 85 void Curl_auth_create_external_message(const char *user, struct bufref *out); 86 87 #ifndef CURL_DISABLE_DIGEST_AUTH 88 /* This is used to generate a CRAM-MD5 response message */ 89 CURLcode Curl_auth_create_cram_md5_message(const struct bufref *chlg, 90 const char *userp, 91 const char *passwdp, 92 struct bufref *out); 93 94 /* This is used to evaluate if DIGEST is supported */ 95 bool Curl_auth_is_digest_supported(void); 96 97 /* This is used to generate a base64 encoded DIGEST-MD5 response message */ 98 CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, 99 const struct bufref *chlg, 100 const char *userp, 101 const char *passwdp, 102 const char *service, 103 struct bufref *out); 104 105 /* This is used to decode an HTTP DIGEST challenge message */ 106 CURLcode Curl_auth_decode_digest_http_message(const char *chlg, 107 struct digestdata *digest); 108 109 /* This is used to generate an HTTP DIGEST response message */ 110 CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, 111 const char *userp, 112 const char *passwdp, 113 const unsigned char *request, 114 const unsigned char *uri, 115 struct digestdata *digest, 116 char **outptr, size_t *outlen); 117 118 /* This is used to clean up the digest specific data */ 119 void Curl_auth_digest_cleanup(struct digestdata *digest); 120 #endif /* !CURL_DISABLE_DIGEST_AUTH */ 121 122 #ifdef USE_GSASL 123 /* This is used to evaluate if MECH is supported by gsasl */ 124 bool Curl_auth_gsasl_is_supported(struct Curl_easy *data, 125 const char *mech, 126 struct gsasldata *gsasl); 127 /* This is used to start a gsasl method */ 128 CURLcode Curl_auth_gsasl_start(struct Curl_easy *data, 129 const char *userp, 130 const char *passwdp, 131 struct gsasldata *gsasl); 132 133 /* This is used to process and generate a new SASL token */ 134 CURLcode Curl_auth_gsasl_token(struct Curl_easy *data, 135 const struct bufref *chlg, 136 struct gsasldata *gsasl, 137 struct bufref *out); 138 139 /* This is used to clean up the gsasl specific data */ 140 void Curl_auth_gsasl_cleanup(struct gsasldata *digest); 141 #endif 142 143 #if defined(USE_NTLM) 144 /* This is used to evaluate if NTLM is supported */ 145 bool Curl_auth_is_ntlm_supported(void); 146 147 /* This is used to generate a base64 encoded NTLM type-1 message */ 148 CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, 149 const char *userp, 150 const char *passwdp, 151 const char *service, 152 const char *host, 153 struct ntlmdata *ntlm, 154 struct bufref *out); 155 156 /* This is used to decode a base64 encoded NTLM type-2 message */ 157 CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data, 158 const struct bufref *type2, 159 struct ntlmdata *ntlm); 160 161 /* This is used to generate a base64 encoded NTLM type-3 message */ 162 CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, 163 const char *userp, 164 const char *passwdp, 165 struct ntlmdata *ntlm, 166 struct bufref *out); 167 168 /* This is used to clean up the NTLM specific data */ 169 void Curl_auth_cleanup_ntlm(struct ntlmdata *ntlm); 170 #endif /* USE_NTLM */ 171 172 /* This is used to generate a base64 encoded OAuth 2.0 message */ 173 CURLcode Curl_auth_create_oauth_bearer_message(const char *user, 174 const char *host, 175 const long port, 176 const char *bearer, 177 struct bufref *out); 178 179 /* This is used to generate a base64 encoded XOAuth 2.0 message */ 180 CURLcode Curl_auth_create_xoauth_bearer_message(const char *user, 181 const char *bearer, 182 struct bufref *out); 183 184 #if defined(USE_KERBEROS5) 185 /* This is used to evaluate if GSSAPI (Kerberos V5) is supported */ 186 bool Curl_auth_is_gssapi_supported(void); 187 188 /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token 189 message */ 190 CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, 191 const char *userp, 192 const char *passwdp, 193 const char *service, 194 const char *host, 195 const bool mutual, 196 const struct bufref *chlg, 197 struct kerberos5data *krb5, 198 struct bufref *out); 199 200 /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) security 201 token message */ 202 CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, 203 const char *authzid, 204 const struct bufref *chlg, 205 struct kerberos5data *krb5, 206 struct bufref *out); 207 208 /* This is used to clean up the GSSAPI specific data */ 209 void Curl_auth_cleanup_gssapi(struct kerberos5data *krb5); 210 #endif /* USE_KERBEROS5 */ 211 212 #if defined(USE_SPNEGO) 213 /* This is used to evaluate if SPNEGO (Negotiate) is supported */ 214 bool Curl_auth_is_spnego_supported(void); 215 216 /* This is used to decode a base64 encoded SPNEGO (Negotiate) challenge 217 message */ 218 CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, 219 const char *user, 220 const char *password, 221 const char *service, 222 const char *host, 223 const char *chlg64, 224 struct negotiatedata *nego); 225 226 /* This is used to generate a base64 encoded SPNEGO (Negotiate) response 227 message */ 228 CURLcode Curl_auth_create_spnego_message(struct negotiatedata *nego, 229 char **outptr, size_t *outlen); 230 231 /* This is used to clean up the SPNEGO specific data */ 232 void Curl_auth_cleanup_spnego(struct negotiatedata *nego); 233 234 #endif /* USE_SPNEGO */ 235 236 #endif /* HEADER_CURL_VAUTH_H */ 237
