xref: /third_party/curl/lib/vauth/gsasl.c (revision 13498266) 
1/***************************************************************************
2 *                                  _   _ ____  _
3 *  Project                     ___| | | |  _ \| |
4 *                             / __| | | | |_) | |
5 *                            | (__| |_| |  _ <| |___
6 *                             \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) Simon Josefsson, <simon@josefsson.org>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 * RFC5802 SCRAM-SHA-1 authentication
24 *
25 ***************************************************************************/
26
27#include "curl_setup.h"
28
29#ifdef USE_GSASL
30
31#include <curl/curl.h>
32
33#include "vauth/vauth.h"
34#include "urldata.h"
35#include "sendf.h"
36
37#include <gsasl.h>
38
39/* The last 3 #include files should be in this order */
40#include "curl_printf.h"
41#include "curl_memory.h"
42#include "memdebug.h"
43
44bool Curl_auth_gsasl_is_supported(struct Curl_easy *data,
45                                  const char *mech,
46                                  struct gsasldata *gsasl)
47{
48  int res;
49
50  res = gsasl_init(&gsasl->ctx);
51  if(res != GSASL_OK) {
52    failf(data, "gsasl init: %s\n", gsasl_strerror(res));
53    return FALSE;
54  }
55
56  res = gsasl_client_start(gsasl->ctx, mech, &gsasl->client);
57  if(res != GSASL_OK) {
58    gsasl_done(gsasl->ctx);
59    return FALSE;
60  }
61
62  return true;
63}
64
65CURLcode Curl_auth_gsasl_start(struct Curl_easy *data,
66                               const char *userp,
67                               const char *passwdp,
68                               struct gsasldata *gsasl)
69{
70#if GSASL_VERSION_NUMBER >= 0x010b00
71  int res;
72  res =
73#endif
74    gsasl_property_set(gsasl->client, GSASL_AUTHID, userp);
75#if GSASL_VERSION_NUMBER >= 0x010b00
76  if(res != GSASL_OK) {
77    failf(data, "setting AUTHID failed: %s\n", gsasl_strerror(res));
78    return CURLE_OUT_OF_MEMORY;
79  }
80#endif
81
82#if GSASL_VERSION_NUMBER >= 0x010b00
83  res =
84#endif
85    gsasl_property_set(gsasl->client, GSASL_PASSWORD, passwdp);
86#if GSASL_VERSION_NUMBER >= 0x010b00
87  if(res != GSASL_OK) {
88    failf(data, "setting PASSWORD failed: %s\n", gsasl_strerror(res));
89    return CURLE_OUT_OF_MEMORY;
90  }
91#endif
92
93  (void)data;
94
95  return CURLE_OK;
96}
97
98CURLcode Curl_auth_gsasl_token(struct Curl_easy *data,
99                               const struct bufref *chlg,
100                               struct gsasldata *gsasl,
101                               struct bufref *out)
102{
103  int res;
104  char *response;
105  size_t outlen;
106
107  res = gsasl_step(gsasl->client,
108                   (const char *) Curl_bufref_ptr(chlg), Curl_bufref_len(chlg),
109                   &response, &outlen);
110  if(res != GSASL_OK && res != GSASL_NEEDS_MORE) {
111    failf(data, "GSASL step: %s\n", gsasl_strerror(res));
112    return CURLE_BAD_CONTENT_ENCODING;
113  }
114
115  Curl_bufref_set(out, response, outlen, gsasl_free);
116  return CURLE_OK;
117}
118
119void Curl_auth_gsasl_cleanup(struct gsasldata *gsasl)
120{
121  gsasl_finish(gsasl->client);
122  gsasl->client = NULL;
123
124  gsasl_done(gsasl->ctx);
125  gsasl->ctx = NULL;
126}
127#endif
128