/src/curl/lib/vauth/cleartext.c
Line | Count | Source (jump to first uncovered line) |
1 | | /*************************************************************************** |
2 | | * _ _ ____ _ |
3 | | * Project ___| | | | _ \| | |
4 | | * / __| | | | |_) | | |
5 | | * | (__| |_| | _ <| |___ |
6 | | * \___|\___/|_| \_\_____| |
7 | | * |
8 | | * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. |
9 | | * |
10 | | * This software is licensed as described in the file COPYING, which |
11 | | * you should have received as part of this distribution. The terms |
12 | | * are also available at https://curl.se/docs/copyright.html. |
13 | | * |
14 | | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
15 | | * copies of the Software, and permit persons to whom the Software is |
16 | | * furnished to do so, under the terms of the COPYING file. |
17 | | * |
18 | | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
19 | | * KIND, either express or implied. |
20 | | * |
21 | | * SPDX-License-Identifier: curl |
22 | | * |
23 | | * RFC4616 PLAIN authentication |
24 | | * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt> |
25 | | * |
26 | | ***************************************************************************/ |
27 | | |
28 | | #include "curl_setup.h" |
29 | | |
30 | | #if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \ |
31 | | !defined(CURL_DISABLE_POP3) || \ |
32 | | (!defined(CURL_DISABLE_LDAP) && defined(USE_OPENLDAP)) |
33 | | |
34 | | #include <curl/curl.h> |
35 | | #include "urldata.h" |
36 | | |
37 | | #include "vauth/vauth.h" |
38 | | #include "curl_md5.h" |
39 | | #include "warnless.h" |
40 | | #include "strtok.h" |
41 | | #include "sendf.h" |
42 | | #include "curl_printf.h" |
43 | | |
44 | | /* The last #include files should be: */ |
45 | | #include "curl_memory.h" |
46 | | #include "memdebug.h" |
47 | | |
48 | | /* |
49 | | * Curl_auth_create_plain_message() |
50 | | * |
51 | | * This is used to generate an already encoded PLAIN message ready |
52 | | * for sending to the recipient. |
53 | | * |
54 | | * Parameters: |
55 | | * |
56 | | * authzid [in] - The authorization identity. |
57 | | * authcid [in] - The authentication identity. |
58 | | * passwd [in] - The password. |
59 | | * out [out] - The result storage. |
60 | | * |
61 | | * Returns CURLE_OK on success. |
62 | | */ |
63 | | CURLcode Curl_auth_create_plain_message(const char *authzid, |
64 | | const char *authcid, |
65 | | const char *passwd, |
66 | | struct bufref *out) |
67 | 0 | { |
68 | 0 | char *plainauth; |
69 | 0 | size_t plainlen; |
70 | 0 | size_t zlen; |
71 | 0 | size_t clen; |
72 | 0 | size_t plen; |
73 | |
|
74 | 0 | zlen = (authzid == NULL ? 0 : strlen(authzid)); |
75 | 0 | clen = strlen(authcid); |
76 | 0 | plen = strlen(passwd); |
77 | | |
78 | | /* Compute binary message length. Check for overflows. */ |
79 | 0 | if((zlen > SIZE_T_MAX/4) || (clen > SIZE_T_MAX/4) || |
80 | 0 | (plen > (SIZE_T_MAX/2 - 2))) |
81 | 0 | return CURLE_OUT_OF_MEMORY; |
82 | 0 | plainlen = zlen + clen + plen + 2; |
83 | |
|
84 | 0 | plainauth = malloc(plainlen + 1); |
85 | 0 | if(!plainauth) |
86 | 0 | return CURLE_OUT_OF_MEMORY; |
87 | | |
88 | | /* Calculate the reply */ |
89 | 0 | if(zlen) |
90 | 0 | memcpy(plainauth, authzid, zlen); |
91 | 0 | plainauth[zlen] = '\0'; |
92 | 0 | memcpy(plainauth + zlen + 1, authcid, clen); |
93 | 0 | plainauth[zlen + clen + 1] = '\0'; |
94 | 0 | memcpy(plainauth + zlen + clen + 2, passwd, plen); |
95 | 0 | plainauth[plainlen] = '\0'; |
96 | 0 | Curl_bufref_set(out, plainauth, plainlen, curl_free); |
97 | 0 | return CURLE_OK; |
98 | 0 | } |
99 | | |
100 | | /* |
101 | | * Curl_auth_create_login_message() |
102 | | * |
103 | | * This is used to generate an already encoded LOGIN message containing the |
104 | | * user name or password ready for sending to the recipient. |
105 | | * |
106 | | * Parameters: |
107 | | * |
108 | | * valuep [in] - The user name or user's password. |
109 | | * out [out] - The result storage. |
110 | | * |
111 | | * Returns CURLE_OK on success. |
112 | | */ |
113 | | CURLcode Curl_auth_create_login_message(const char *valuep, struct bufref *out) |
114 | 0 | { |
115 | 0 | Curl_bufref_set(out, valuep, strlen(valuep), NULL); |
116 | 0 | return CURLE_OK; |
117 | 0 | } |
118 | | |
119 | | /* |
120 | | * Curl_auth_create_external_message() |
121 | | * |
122 | | * This is used to generate an already encoded EXTERNAL message containing |
123 | | * the user name ready for sending to the recipient. |
124 | | * |
125 | | * Parameters: |
126 | | * |
127 | | * user [in] - The user name. |
128 | | * out [out] - The result storage. |
129 | | * |
130 | | * Returns CURLE_OK on success. |
131 | | */ |
132 | | CURLcode Curl_auth_create_external_message(const char *user, |
133 | | struct bufref *out) |
134 | 0 | { |
135 | | /* This is the same formatting as the login message */ |
136 | 0 | return Curl_auth_create_login_message(user, out); |
137 | 0 | } |
138 | | |
139 | | #endif /* if no users */ |