1#ifndef HEADER_CURL_VAUTH_H 2#define HEADER_CURL_VAUTH_H 3/*************************************************************************** 4 * _ _ ____ _ 5 * Project ___| | | | _ \| | 6 * / __| | | | |_) | | 7 * | (__| |_| | _ <| |___ 8 * \___|\___/|_| \_\_____| 9 * 10 * Copyright (C) Steve Holme, <steve_holme@hotmail.com>. 11 * 12 * This software is licensed as described in the file COPYING, which 13 * you should have received as part of this distribution. The terms 14 * are also available at https://curl.se/docs/copyright.html. 15 * 16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17 * copies of the Software, and permit persons to whom the Software is 18 * furnished to do so, under the terms of the COPYING file. 19 * 20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21 * KIND, either express or implied. 22 * 23 * SPDX-License-Identifier: curl 24 * 25 ***************************************************************************/ 26 27#include <curl/curl.h> 28 29#include "bufref.h" 30 31struct Curl_easy; 32 33#if !defined(CURL_DISABLE_DIGEST_AUTH) 34struct digestdata; 35#endif 36 37#if defined(USE_NTLM) 38struct ntlmdata; 39#endif 40 41#if defined(USE_KERBEROS5) 42struct kerberos5data; 43#endif 44 45#if (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)) && defined(USE_SPNEGO) 46struct negotiatedata; 47#endif 48 49#if defined(USE_GSASL) 50struct gsasldata; 51#endif 52 53#if defined(USE_WINDOWS_SSPI) 54#define GSS_ERROR(status) ((status) & 0x80000000) 55#endif 56 57/* 58 * Curl_auth_allowed_to_host() tells if authentication, cookies or other 59 * "sensitive data" can (still) be sent to this host. 60 */ 61bool Curl_auth_allowed_to_host(struct Curl_easy *data); 62 63/* This is used to build a SPN string */ 64#if !defined(USE_WINDOWS_SSPI) 65char *Curl_auth_build_spn(const char *service, const char *host, 66 const char *realm); 67#else 68TCHAR *Curl_auth_build_spn(const char *service, const char *host, 69 const char *realm); 70#endif 71 72/* This is used to test if the user contains a Windows domain name */ 73bool Curl_auth_user_contains_domain(const char *user); 74 75/* This is used to generate a PLAIN cleartext message */ 76CURLcode Curl_auth_create_plain_message(const char *authzid, 77 const char *authcid, 78 const char *passwd, 79 struct bufref *out); 80 81/* This is used to generate a LOGIN cleartext message */ 82CURLcode Curl_auth_create_login_message(const char *value, 83 struct bufref *out); 84 85/* This is used to generate an EXTERNAL cleartext message */ 86CURLcode Curl_auth_create_external_message(const char *user, 87 struct bufref *out); 88 89#ifndef CURL_DISABLE_DIGEST_AUTH 90/* This is used to generate a CRAM-MD5 response message */ 91CURLcode Curl_auth_create_cram_md5_message(const struct bufref *chlg, 92 const char *userp, 93 const char *passwdp, 94 struct bufref *out); 95 96/* This is used to evaluate if DIGEST is supported */ 97bool Curl_auth_is_digest_supported(void); 98 99/* This is used to generate a base64 encoded DIGEST-MD5 response message */ 100CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, 101 const struct bufref *chlg, 102 const char *userp, 103 const char *passwdp, 104 const char *service, 105 struct bufref *out); 106 107/* This is used to decode an HTTP DIGEST challenge message */ 108CURLcode Curl_auth_decode_digest_http_message(const char *chlg, 109 struct digestdata *digest); 110 111/* This is used to generate an HTTP DIGEST response message */ 112CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, 113 const char *userp, 114 const char *passwdp, 115 const unsigned char *request, 116 const unsigned char *uri, 117 struct digestdata *digest, 118 char **outptr, size_t *outlen); 119 120/* This is used to clean up the digest specific data */ 121void Curl_auth_digest_cleanup(struct digestdata *digest); 122#endif /* !CURL_DISABLE_DIGEST_AUTH */ 123 124#ifdef USE_GSASL 125/* This is used to evaluate if MECH is supported by gsasl */ 126bool Curl_auth_gsasl_is_supported(struct Curl_easy *data, 127 const char *mech, 128 struct gsasldata *gsasl); 129/* This is used to start a gsasl method */ 130CURLcode Curl_auth_gsasl_start(struct Curl_easy *data, 131 const char *userp, 132 const char *passwdp, 133 struct gsasldata *gsasl); 134 135/* This is used to process and generate a new SASL token */ 136CURLcode Curl_auth_gsasl_token(struct Curl_easy *data, 137 const struct bufref *chlg, 138 struct gsasldata *gsasl, 139 struct bufref *out); 140 141/* This is used to clean up the gsasl specific data */ 142void Curl_auth_gsasl_cleanup(struct gsasldata *digest); 143#endif 144 145#if defined(USE_NTLM) 146/* This is used to evaluate if NTLM is supported */ 147bool Curl_auth_is_ntlm_supported(void); 148 149/* This is used to generate a base64 encoded NTLM type-1 message */ 150CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, 151 const char *userp, 152 const char *passwdp, 153 const char *service, 154 const char *host, 155 struct ntlmdata *ntlm, 156 struct bufref *out); 157 158/* This is used to decode a base64 encoded NTLM type-2 message */ 159CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data, 160 const struct bufref *type2, 161 struct ntlmdata *ntlm); 162 163/* This is used to generate a base64 encoded NTLM type-3 message */ 164CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, 165 const char *userp, 166 const char *passwdp, 167 struct ntlmdata *ntlm, 168 struct bufref *out); 169 170/* This is used to clean up the NTLM specific data */ 171void Curl_auth_cleanup_ntlm(struct ntlmdata *ntlm); 172#endif /* USE_NTLM */ 173 174/* This is used to generate a base64 encoded OAuth 2.0 message */ 175CURLcode Curl_auth_create_oauth_bearer_message(const char *user, 176 const char *host, 177 const long port, 178 const char *bearer, 179 struct bufref *out); 180 181/* This is used to generate a base64 encoded XOAuth 2.0 message */ 182CURLcode Curl_auth_create_xoauth_bearer_message(const char *user, 183 const char *bearer, 184 struct bufref *out); 185 186#if defined(USE_KERBEROS5) 187/* This is used to evaluate if GSSAPI (Kerberos V5) is supported */ 188bool Curl_auth_is_gssapi_supported(void); 189 190/* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token 191 message */ 192CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, 193 const char *userp, 194 const char *passwdp, 195 const char *service, 196 const char *host, 197 const bool mutual, 198 const struct bufref *chlg, 199 struct kerberos5data *krb5, 200 struct bufref *out); 201 202/* This is used to generate a base64 encoded GSSAPI (Kerberos V5) security 203 token message */ 204CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, 205 const char *authzid, 206 const struct bufref *chlg, 207 struct kerberos5data *krb5, 208 struct bufref *out); 209 210/* This is used to clean up the GSSAPI specific data */ 211void Curl_auth_cleanup_gssapi(struct kerberos5data *krb5); 212#endif /* USE_KERBEROS5 */ 213 214#if defined(USE_SPNEGO) 215/* This is used to evaluate if SPNEGO (Negotiate) is supported */ 216bool Curl_auth_is_spnego_supported(void); 217 218/* This is used to decode a base64 encoded SPNEGO (Negotiate) challenge 219 message */ 220CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, 221 const char *user, 222 const char *password, 223 const char *service, 224 const char *host, 225 const char *chlg64, 226 struct negotiatedata *nego); 227 228/* This is used to generate a base64 encoded SPNEGO (Negotiate) response 229 message */ 230CURLcode Curl_auth_create_spnego_message(struct negotiatedata *nego, 231 char **outptr, size_t *outlen); 232 233/* This is used to clean up the SPNEGO specific data */ 234void Curl_auth_cleanup_spnego(struct negotiatedata *nego); 235 236#endif /* USE_SPNEGO */ 237 238#endif /* HEADER_CURL_VAUTH_H */ 239