sasl: Re-factored mechanism constants in preparation for APOP work (0cd8c287) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/curl_sasl.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -491,7 +491,7 @@ void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
		{
		#ifdef USE_NTLM
		/* Cleanup the ntlm structure */
		if(authused == SASL_AUTH_NTLM) {
		if(authused == SASL_MECH_NTLM) {
		Curl_ntlm_sspi_cleanup(&conn->ntlm);
		}
		(void)conn;

lib/curl_sasl.h

+7 −7

Original line number	Diff line number	Diff line
		@@ -25,13 +25,13 @@
		#include "pingpong.h"

		/* Authentication mechanism flags */
		#define SASL_AUTH_LOGIN 0x0001
		#define SASL_AUTH_PLAIN 0x0002
		#define SASL_AUTH_CRAM_MD5 0x0004
		#define SASL_AUTH_DIGEST_MD5 0x0008
		#define SASL_AUTH_GSSAPI 0x0010
		#define SASL_AUTH_EXTERNAL 0x0020
		#define SASL_AUTH_NTLM 0x0040
		#define SASL_MECH_LOGIN 0x0001
		#define SASL_MECH_PLAIN 0x0002
		#define SASL_MECH_CRAM_MD5 0x0004
		#define SASL_MECH_DIGEST_MD5 0x0008
		#define SASL_MECH_GSSAPI 0x0010
		#define SASL_MECH_EXTERNAL 0x0020
		#define SASL_MECH_NTLM 0x0040

		/* This is used to generate a base64 encoded PLAIN authentication message */
		CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,

lib/pop3.c

+18 −18

Original line number	Diff line number	Diff line
		@@ -272,19 +272,19 @@ static int pop3_endofresp(struct pingpong pp, int resp)

		/* Test the word for a matching authentication mechanism */
		if(wordlen == 5 && !memcmp(line, "LOGIN", 5))
		pop3c->authmechs \|= SASL_AUTH_LOGIN;
		pop3c->authmechs \|= SASL_MECH_LOGIN;
		else if(wordlen == 5 && !memcmp(line, "PLAIN", 5))
		pop3c->authmechs \|= SASL_AUTH_PLAIN;
		pop3c->authmechs \|= SASL_MECH_PLAIN;
		else if(wordlen == 8 && !memcmp(line, "CRAM-MD5", 8))
		pop3c->authmechs \|= SASL_AUTH_CRAM_MD5;
		pop3c->authmechs \|= SASL_MECH_CRAM_MD5;
		else if(wordlen == 10 && !memcmp(line, "DIGEST-MD5", 10))
		pop3c->authmechs \|= SASL_AUTH_DIGEST_MD5;
		pop3c->authmechs \|= SASL_MECH_DIGEST_MD5;
		else if(wordlen == 6 && !memcmp(line, "GSSAPI", 6))
		pop3c->authmechs \|= SASL_AUTH_GSSAPI;
		pop3c->authmechs \|= SASL_MECH_GSSAPI;
		else if(wordlen == 8 && !memcmp(line, "EXTERNAL", 8))
		pop3c->authmechs \|= SASL_AUTH_EXTERNAL;
		pop3c->authmechs \|= SASL_MECH_EXTERNAL;
		else if(wordlen == 4 && !memcmp(line, "NTLM", 4))
		pop3c->authmechs \|= SASL_AUTH_NTLM;
		pop3c->authmechs \|= SASL_MECH_NTLM;

		line += wordlen;
		len -= wordlen;
		@@ -389,38 +389,38 @@ static CURLcode pop3_authenticate(struct connectdata *conn)
		/* Check supported authentication mechanisms by decreasing order of
		security */
		#ifndef CURL_DISABLE_CRYPTO_AUTH
		if(pop3c->authmechs & SASL_AUTH_DIGEST_MD5) {
		if(pop3c->authmechs & SASL_MECH_DIGEST_MD5) {
		mech = "DIGEST-MD5";
		authstate = POP3_AUTH_DIGESTMD5;
		pop3c->authused = SASL_AUTH_DIGEST_MD5;
		pop3c->authused = SASL_MECH_DIGEST_MD5;
		}
		else if(pop3c->authmechs & SASL_AUTH_CRAM_MD5) {
		else if(pop3c->authmechs & SASL_MECH_CRAM_MD5) {
		mech = "CRAM-MD5";
		authstate = POP3_AUTH_CRAMMD5;
		pop3c->authused = SASL_AUTH_CRAM_MD5;
		pop3c->authused = SASL_MECH_CRAM_MD5;
		}
		else
		#endif
		#ifdef USE_NTLM
		if(pop3c->authmechs & SASL_AUTH_NTLM) {
		if(pop3c->authmechs & SASL_MECH_NTLM) {
		mech = "NTLM";
		authstate = POP3_AUTH_NTLM;
		pop3c->authused = SASL_AUTH_NTLM;
		pop3c->authused = SASL_MECH_NTLM;
		}
		else
		#endif
		if(pop3c->authmechs & SASL_AUTH_LOGIN) {
		if(pop3c->authmechs & SASL_MECH_LOGIN) {
		mech = "LOGIN";
		authstate = POP3_AUTH_LOGIN;
		pop3c->authused = SASL_AUTH_LOGIN;
		pop3c->authused = SASL_MECH_LOGIN;
		}
		else if(pop3c->authmechs & SASL_AUTH_PLAIN) {
		else if(pop3c->authmechs & SASL_MECH_PLAIN) {
		mech = "PLAIN";
		authstate = POP3_AUTH_PLAIN;
		pop3c->authused = SASL_AUTH_PLAIN;
		pop3c->authused = SASL_MECH_PLAIN;
		}
		else {
		infof(conn->data, "No known SASL auth mechanisms supported!\n");
		infof(conn->data, "No known SASL authentication mechanisms supported!\n");
		result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported */
		}

lib/pop3.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -57,7 +57,7 @@ struct pop3_conn {
		have been received so far */
		size_t strip; /* Number of bytes from the start to ignore as
		non-body */
		unsigned int authmechs; /* Accepted authentication methods */
		unsigned int authmechs; /* Accepted SASL authentication mechanisms */
		unsigned int authused; /* Authentication method used for the connection */
		pop3state state; /* Always use pop3.c:state() to change state! */
		};

lib/smtp.c

+18 −18

Original line number	Diff line number	Diff line
		@@ -253,19 +253,19 @@ static int smtp_endofresp(struct pingpong pp, int resp)
		wordlen++;

		if(wordlen == 5 && !memcmp(line, "LOGIN", 5))
		smtpc->authmechs \|= SASL_AUTH_LOGIN;
		smtpc->authmechs \|= SASL_MECH_LOGIN;
		else if(wordlen == 5 && !memcmp(line, "PLAIN", 5))
		smtpc->authmechs \|= SASL_AUTH_PLAIN;
		smtpc->authmechs \|= SASL_MECH_PLAIN;
		else if(wordlen == 8 && !memcmp(line, "CRAM-MD5", 8))
		smtpc->authmechs \|= SASL_AUTH_CRAM_MD5;
		smtpc->authmechs \|= SASL_MECH_CRAM_MD5;
		else if(wordlen == 10 && !memcmp(line, "DIGEST-MD5", 10))
		smtpc->authmechs \|= SASL_AUTH_DIGEST_MD5;
		smtpc->authmechs \|= SASL_MECH_DIGEST_MD5;
		else if(wordlen == 6 && !memcmp(line, "GSSAPI", 6))
		smtpc->authmechs \|= SASL_AUTH_GSSAPI;
		smtpc->authmechs \|= SASL_MECH_GSSAPI;
		else if(wordlen == 8 && !memcmp(line, "EXTERNAL", 8))
		smtpc->authmechs \|= SASL_AUTH_EXTERNAL;
		smtpc->authmechs \|= SASL_MECH_EXTERNAL;
		else if(wordlen == 4 && !memcmp(line, "NTLM", 4))
		smtpc->authmechs \|= SASL_AUTH_NTLM;
		smtpc->authmechs \|= SASL_MECH_NTLM;

		line += wordlen;
		len -= wordlen;
		@@ -371,48 +371,48 @@ static CURLcode smtp_authenticate(struct connectdata *conn)
		/* Check supported authentication mechanisms by decreasing order of
		security */
		#ifndef CURL_DISABLE_CRYPTO_AUTH
		if(smtpc->authmechs & SASL_AUTH_DIGEST_MD5) {
		if(smtpc->authmechs & SASL_MECH_DIGEST_MD5) {
		mech = "DIGEST-MD5";
		state1 = SMTP_AUTH_DIGESTMD5;
		smtpc->authused = SASL_AUTH_DIGEST_MD5;
		smtpc->authused = SASL_MECH_DIGEST_MD5;
		}
		else if(smtpc->authmechs & SASL_AUTH_CRAM_MD5) {
		else if(smtpc->authmechs & SASL_MECH_CRAM_MD5) {
		mech = "CRAM-MD5";
		state1 = SMTP_AUTH_CRAMMD5;
		smtpc->authused = SASL_AUTH_CRAM_MD5;
		smtpc->authused = SASL_MECH_CRAM_MD5;
		}
		else
		#endif
		#ifdef USE_NTLM
		if(smtpc->authmechs & SASL_AUTH_NTLM) {
		if(smtpc->authmechs & SASL_MECH_NTLM) {
		mech = "NTLM";
		state1 = SMTP_AUTH_NTLM;
		state2 = SMTP_AUTH_NTLM_TYPE2MSG;
		smtpc->authused = SASL_AUTH_NTLM;
		smtpc->authused = SASL_MECH_NTLM;
		result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
		&conn->ntlm,
		&initresp, &len);
		}
		else
		#endif
		if(smtpc->authmechs & SASL_AUTH_LOGIN) {
		if(smtpc->authmechs & SASL_MECH_LOGIN) {
		mech = "LOGIN";
		state1 = SMTP_AUTH_LOGIN;
		state2 = SMTP_AUTH_PASSWD;
		smtpc->authused = SASL_AUTH_LOGIN;
		smtpc->authused = SASL_MECH_LOGIN;
		result = Curl_sasl_create_login_message(conn->data, conn->user,
		&initresp, &len);
		}
		else if(smtpc->authmechs & SASL_AUTH_PLAIN) {
		else if(smtpc->authmechs & SASL_MECH_PLAIN) {
		mech = "PLAIN";
		state1 = SMTP_AUTH_PLAIN;
		state2 = SMTP_AUTH;
		smtpc->authused = SASL_AUTH_PLAIN;
		smtpc->authused = SASL_MECH_PLAIN;
		result = Curl_sasl_create_plain_message(conn->data, conn->user,
		conn->passwd, &initresp, &len);
		}
		else {
		infof(conn->data, "No known auth mechanisms supported!\n");
		infof(conn->data, "No known authentication mechanisms supported!\n");
		result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported */
		}