Commit 733a4419 authored by Steve Holme's avatar Steve Holme
Browse files

sasl: Centralised the authentication mechanism strings 

Moved the standard SASL mechanism strings into curl_sasl.h rather than
hard coding the same values over and over again in the protocols that
use SASL authentication.

For more information about the mechanism strings see:

http://www.iana.org/assignments/sasl-mechanisms
parent 77dc4ba8

lib/curl_sasl.h

+25 −10
Original line number Diff line number Diff line
@@ -24,6 +24,10 @@ 


#include "pingpong.h"



/* Authentication mechanism values */

#define SASL_AUTH_NONE          0

#define SASL_AUTH_ANY           ~0U



/* Authentication mechanism flags */

#define SASL_MECH_LOGIN             (1 << 0)

#define SASL_MECH_PLAIN             (1 << 1)
@@ -34,9 +38,20 @@ 
#define SASL_MECH_NTLM              (1 << 6)

#define SASL_MECH_XOAUTH2           (1 << 7)



/* Authentication mechanism values */

#define SASL_AUTH_NONE          0

#define SASL_AUTH_ANY           ~0U

/* Authentication mechanism strings */

#define SASL_MECH_STRING_LOGIN      "LOGIN"

#define SASL_MECH_STRING_PLAIN      "PLAIN"

#define SASL_MECH_STRING_CRAM_MD5   "CRAM-MD5"

#define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5"

#define SASL_MECH_STRING_GSSAPI     "GSSAPI"

#define SASL_MECH_STRING_EXTERNAL   "EXTERNAL"

#define SASL_MECH_STRING_NTLM       "NTLM"

#define SASL_MECH_STRING_XOAUTH2    "XOAUTH2"



/* This is used to test whether the line starts with the given mechanism */

#define sasl_mech_equal(line, wordlen, mech) \

  (wordlen == (sizeof(mech) - 1) / sizeof(char) && \

   !memcmp(line, mech, wordlen))



/* This is used to generate a base64 encoded PLAIN authentication message */

CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,

lib/imap.c

+21 −21
Original line number Diff line number Diff line
@@ -555,13 +555,13 @@ static CURLcode imap_perform_authenticate(struct connectdata *conn) 
#ifndef CURL_DISABLE_CRYPTO_AUTH

  if((imapc->authmechs & SASL_MECH_DIGEST_MD5) &&

     (imapc->prefmech & SASL_MECH_DIGEST_MD5)) {

    mech = "DIGEST-MD5";

    mech = SASL_MECH_STRING_DIGEST_MD5;

    state1 = IMAP_AUTHENTICATE_DIGESTMD5;

    imapc->authused = SASL_MECH_DIGEST_MD5;

  }

  else if((imapc->authmechs & SASL_MECH_CRAM_MD5) &&

          (imapc->prefmech & SASL_MECH_CRAM_MD5)) {

    mech = "CRAM-MD5";

    mech = SASL_MECH_STRING_CRAM_MD5;

    state1 = IMAP_AUTHENTICATE_CRAMMD5;

    imapc->authused = SASL_MECH_CRAM_MD5;

  }
@@ -570,7 +570,7 @@ static CURLcode imap_perform_authenticate(struct connectdata *conn) 
#ifdef USE_NTLM

    if((imapc->authmechs & SASL_MECH_NTLM) &&

       (imapc->prefmech & SASL_MECH_NTLM)) {

    mech = "NTLM";

    mech = SASL_MECH_STRING_NTLM;

    state1 = IMAP_AUTHENTICATE_NTLM;

    state2 = IMAP_AUTHENTICATE_NTLM_TYPE2MSG;

    imapc->authused = SASL_MECH_NTLM;
@@ -585,7 +585,7 @@ static CURLcode imap_perform_authenticate(struct connectdata *conn) 
  if(((imapc->authmechs & SASL_MECH_XOAUTH2) &&

      (imapc->prefmech & SASL_MECH_XOAUTH2) &&

      (imapc->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) {

    mech = "XOAUTH2";

    mech = SASL_MECH_STRING_XOAUTH2;

    state1 = IMAP_AUTHENTICATE_XOAUTH2;

    state2 = IMAP_AUTHENTICATE_FINAL;

    imapc->authused = SASL_MECH_XOAUTH2;
@@ -597,7 +597,7 @@ static CURLcode imap_perform_authenticate(struct connectdata *conn) 
  }

  else if((imapc->authmechs & SASL_MECH_LOGIN) &&

     (imapc->prefmech & SASL_MECH_LOGIN)) {

    mech = "LOGIN";

    mech = SASL_MECH_STRING_LOGIN;

    state1 = IMAP_AUTHENTICATE_LOGIN;

    state2 = IMAP_AUTHENTICATE_LOGIN_PASSWD;

    imapc->authused = SASL_MECH_LOGIN;
@@ -608,7 +608,7 @@ static CURLcode imap_perform_authenticate(struct connectdata *conn) 
  }

  else if((imapc->authmechs & SASL_MECH_PLAIN) &&

          (imapc->prefmech & SASL_MECH_PLAIN)) {

    mech = "PLAIN";

    mech = SASL_MECH_STRING_PLAIN;

    state1 = IMAP_AUTHENTICATE_PLAIN;

    state2 = IMAP_AUTHENTICATE_FINAL;

    imapc->authused = SASL_MECH_PLAIN;
@@ -885,21 +885,21 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn, 
        wordlen -= 5;



        /* Test the word for a matching authentication mechanism */

        if(wordlen == 5 && !memcmp(line, "LOGIN", 5))

        if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN))

          imapc->authmechs |= SASL_MECH_LOGIN;

        if(wordlen == 5 && !memcmp(line, "PLAIN", 5))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN))

          imapc->authmechs |= SASL_MECH_PLAIN;

        else if(wordlen == 8 && !memcmp(line, "CRAM-MD5", 8))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5))

          imapc->authmechs |= SASL_MECH_CRAM_MD5;

        else if(wordlen == 10 && !memcmp(line, "DIGEST-MD5", 10))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5))

          imapc->authmechs |= SASL_MECH_DIGEST_MD5;

        else if(wordlen == 6 && !memcmp(line, "GSSAPI", 6))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI))

          imapc->authmechs |= SASL_MECH_GSSAPI;

        else if(wordlen == 8 && !memcmp(line, "EXTERNAL", 8))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL))

          imapc->authmechs |= SASL_MECH_EXTERNAL;

        else if(wordlen == 4 && !memcmp(line, "NTLM", 4))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM))

          imapc->authmechs |= SASL_MECH_NTLM;

        else if(wordlen == 7 && !memcmp(line, "XOAUTH2", 7))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2))

          imapc->authmechs |= SASL_MECH_XOAUTH2;

      }
@@ -2275,19 +2275,19 @@ static CURLcode imap_parse_url_options(struct connectdata *conn) 


      if(strequal(value, "*"))

        imapc->prefmech = SASL_AUTH_ANY;

      else if(strequal(value, "LOGIN"))

      else if(strequal(value, SASL_MECH_STRING_LOGIN))

        imapc->prefmech = SASL_MECH_LOGIN;

      else if(strequal(value, "PLAIN"))

      else if(strequal(value, SASL_MECH_STRING_PLAIN))

        imapc->prefmech = SASL_MECH_PLAIN;

      else if(strequal(value, "CRAM-MD5"))

      else if(strequal(value, SASL_MECH_STRING_CRAM_MD5))

        imapc->prefmech = SASL_MECH_CRAM_MD5;

      else if(strequal(value, "DIGEST-MD5"))

      else if(strequal(value, SASL_MECH_STRING_DIGEST_MD5))

        imapc->prefmech = SASL_MECH_DIGEST_MD5;

      else if(strequal(value, "GSSAPI"))

      else if(strequal(value, SASL_MECH_STRING_GSSAPI))

        imapc->prefmech = SASL_MECH_GSSAPI;

      else if(strequal(value, "NTLM"))

      else if(strequal(value, SASL_MECH_STRING_NTLM))

        imapc->prefmech = SASL_MECH_NTLM;

      else if(strequal(value, "XOAUTH2"))

      else if(strequal(value, SASL_MECH_STRING_XOAUTH2))

        imapc->prefmech = SASL_MECH_XOAUTH2;

      else

        imapc->prefmech = SASL_AUTH_NONE;

lib/pop3.c

+21 −21
Original line number Diff line number Diff line
@@ -313,21 +313,21 @@ static bool pop3_endofresp(struct connectdata *conn, char *line, size_t len, 
          wordlen++;



        /* Test the word for a matching authentication mechanism */

        if(wordlen == 5 && !memcmp(line, "LOGIN", 5))

        if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN))

          pop3c->authmechs |= SASL_MECH_LOGIN;

        else if(wordlen == 5 && !memcmp(line, "PLAIN", 5))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN))

          pop3c->authmechs |= SASL_MECH_PLAIN;

        else if(wordlen == 8 && !memcmp(line, "CRAM-MD5", 8))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5))

          pop3c->authmechs |= SASL_MECH_CRAM_MD5;

        else if(wordlen == 10 && !memcmp(line, "DIGEST-MD5", 10))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5))

          pop3c->authmechs |= SASL_MECH_DIGEST_MD5;

        else if(wordlen == 6 && !memcmp(line, "GSSAPI", 6))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI))

          pop3c->authmechs |= SASL_MECH_GSSAPI;

        else if(wordlen == 8 && !memcmp(line, "EXTERNAL", 8))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL))

          pop3c->authmechs |= SASL_MECH_EXTERNAL;

        else if(wordlen == 4 && !memcmp(line, "NTLM", 4))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM))

          pop3c->authmechs |= SASL_MECH_NTLM;

        else if(wordlen == 7 && !memcmp(line, "XOAUTH2", 7))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2))

          pop3c->authmechs |= SASL_MECH_XOAUTH2;



        line += wordlen;
@@ -576,13 +576,13 @@ static CURLcode pop3_perform_authenticate(struct connectdata *conn) 
#ifndef CURL_DISABLE_CRYPTO_AUTH

    if((pop3c->authmechs & SASL_MECH_DIGEST_MD5) &&

       (pop3c->prefmech & SASL_MECH_DIGEST_MD5)) {

      mech = "DIGEST-MD5";

      mech = SASL_MECH_STRING_DIGEST_MD5;

      state1 = POP3_AUTH_DIGESTMD5;

      pop3c->authused = SASL_MECH_DIGEST_MD5;

    }

    else if((pop3c->authmechs & SASL_MECH_CRAM_MD5) &&

            (pop3c->prefmech & SASL_MECH_CRAM_MD5)) {

      mech = "CRAM-MD5";

      mech = SASL_MECH_STRING_CRAM_MD5;

      state1 = POP3_AUTH_CRAMMD5;

      pop3c->authused = SASL_MECH_CRAM_MD5;

    }
@@ -591,7 +591,7 @@ static CURLcode pop3_perform_authenticate(struct connectdata *conn) 
#ifdef USE_NTLM

    if((pop3c->authmechs & SASL_MECH_NTLM) &&

       (pop3c->prefmech & SASL_MECH_NTLM)) {

      mech = "NTLM";

      mech = SASL_MECH_STRING_NTLM;

      state1 = POP3_AUTH_NTLM;

      state2 = POP3_AUTH_NTLM_TYPE2MSG;

      pop3c->authused = SASL_MECH_NTLM;
@@ -606,7 +606,7 @@ static CURLcode pop3_perform_authenticate(struct connectdata *conn) 
    if(((pop3c->authmechs & SASL_MECH_XOAUTH2) &&

        (pop3c->prefmech & SASL_MECH_XOAUTH2) &&

        (pop3c->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) {

      mech = "XOAUTH2";

      mech = SASL_MECH_STRING_XOAUTH2;

      state1 = POP3_AUTH_XOAUTH2;

      state2 = POP3_AUTH_FINAL;

      pop3c->authused = SASL_MECH_XOAUTH2;
@@ -618,7 +618,7 @@ static CURLcode pop3_perform_authenticate(struct connectdata *conn) 
    }

    else if((pop3c->authmechs & SASL_MECH_LOGIN) &&

       (pop3c->prefmech & SASL_MECH_LOGIN)) {

      mech = "LOGIN";

      mech = SASL_MECH_STRING_LOGIN;

      state1 = POP3_AUTH_LOGIN;

      state2 = POP3_AUTH_LOGIN_PASSWD;

      pop3c->authused = SASL_MECH_LOGIN;
@@ -629,7 +629,7 @@ static CURLcode pop3_perform_authenticate(struct connectdata *conn) 
    }

    else if((pop3c->authmechs & SASL_MECH_PLAIN) &&

            (pop3c->prefmech & SASL_MECH_PLAIN)) {

      mech = "PLAIN";

      mech = SASL_MECH_STRING_PLAIN;

      state1 = POP3_AUTH_PLAIN;

      state2 = POP3_AUTH_FINAL;

      pop3c->authused = SASL_MECH_PLAIN;
@@ -1788,31 +1788,31 @@ static CURLcode pop3_parse_url_options(struct connectdata *conn) 
        pop3c->preftype = POP3_TYPE_APOP;

        pop3c->prefmech = SASL_AUTH_NONE;

      }

      else if(strequal(value, "LOGIN")) {

      else if(strequal(value, SASL_MECH_STRING_LOGIN)) {

        pop3c->preftype = POP3_TYPE_SASL;

        pop3c->prefmech = SASL_MECH_LOGIN;

      }

      else if(strequal(value, "PLAIN")) {

      else if(strequal(value, SASL_MECH_STRING_PLAIN)) {

        pop3c->preftype = POP3_TYPE_SASL;

        pop3c->prefmech = SASL_MECH_PLAIN;

      }

      else if(strequal(value, "CRAM-MD5")) {

      else if(strequal(value, SASL_MECH_STRING_CRAM_MD5)) {

        pop3c->preftype = POP3_TYPE_SASL;

        pop3c->prefmech = SASL_MECH_CRAM_MD5;

      }

      else if(strequal(value, "DIGEST-MD5")) {

      else if(strequal(value, SASL_MECH_STRING_DIGEST_MD5)) {

        pop3c->preftype = POP3_TYPE_SASL;

        pop3c->prefmech = SASL_MECH_DIGEST_MD5;

      }

      else if(strequal(value, "GSSAPI")) {

      else if(strequal(value, SASL_MECH_STRING_GSSAPI)) {

        pop3c->preftype = POP3_TYPE_SASL;

        pop3c->prefmech = SASL_MECH_GSSAPI;

      }

      else if(strequal(value, "NTLM")) {

      else if(strequal(value, SASL_MECH_STRING_NTLM)) {

        pop3c->preftype = POP3_TYPE_SASL;

        pop3c->prefmech = SASL_MECH_NTLM;

      }

      else if(strequal(value, "XOAUTH2")) {

      else if(strequal(value, SASL_MECH_STRING_XOAUTH2)) {

        pop3c->preftype = POP3_TYPE_SASL;

        pop3c->prefmech = SASL_MECH_XOAUTH2;

      }

lib/smtp.c

+21 −21
Original line number Diff line number Diff line
@@ -277,21 +277,21 @@ static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len, 
          wordlen++;



        /* Test the word for a matching authentication mechanism */

        if(wordlen == 5 && !memcmp(line, "LOGIN", 5))

        if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN))

          smtpc->authmechs |= SASL_MECH_LOGIN;

        else if(wordlen == 5 && !memcmp(line, "PLAIN", 5))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN))

          smtpc->authmechs |= SASL_MECH_PLAIN;

        else if(wordlen == 8 && !memcmp(line, "CRAM-MD5", 8))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5))

          smtpc->authmechs |= SASL_MECH_CRAM_MD5;

        else if(wordlen == 10 && !memcmp(line, "DIGEST-MD5", 10))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5))

          smtpc->authmechs |= SASL_MECH_DIGEST_MD5;

        else if(wordlen == 6 && !memcmp(line, "GSSAPI", 6))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI))

          smtpc->authmechs |= SASL_MECH_GSSAPI;

        else if(wordlen == 8 && !memcmp(line, "EXTERNAL", 8))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL))

          smtpc->authmechs |= SASL_MECH_EXTERNAL;

        else if(wordlen == 4 && !memcmp(line, "NTLM", 4))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM))

          smtpc->authmechs |= SASL_MECH_NTLM;

        else if(wordlen == 7 && !memcmp(line, "XOAUTH2", 7))

        else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2))

          smtpc->authmechs |= SASL_MECH_XOAUTH2;



        line += wordlen;
@@ -473,13 +473,13 @@ static CURLcode smtp_perform_authenticate(struct connectdata *conn) 
#ifndef CURL_DISABLE_CRYPTO_AUTH

  if((smtpc->authmechs & SASL_MECH_DIGEST_MD5) &&

     (smtpc->prefmech & SASL_MECH_DIGEST_MD5)) {

    mech = "DIGEST-MD5";

    mech = SASL_MECH_STRING_DIGEST_MD5;

    state1 = SMTP_AUTH_DIGESTMD5;

    smtpc->authused = SASL_MECH_DIGEST_MD5;

  }

  else if((smtpc->authmechs & SASL_MECH_CRAM_MD5) &&

          (smtpc->prefmech & SASL_MECH_CRAM_MD5)) {

    mech = "CRAM-MD5";

    mech = SASL_MECH_STRING_CRAM_MD5;

    state1 = SMTP_AUTH_CRAMMD5;

    smtpc->authused = SASL_MECH_CRAM_MD5;

  }
@@ -488,7 +488,7 @@ static CURLcode smtp_perform_authenticate(struct connectdata *conn) 
#ifdef USE_NTLM

  if((smtpc->authmechs & SASL_MECH_NTLM) &&

     (smtpc->prefmech & SASL_MECH_NTLM)) {

    mech = "NTLM";

    mech = SASL_MECH_STRING_NTLM;

    state1 = SMTP_AUTH_NTLM;

    state2 = SMTP_AUTH_NTLM_TYPE2MSG;

    smtpc->authused = SASL_MECH_NTLM;
@@ -503,7 +503,7 @@ static CURLcode smtp_perform_authenticate(struct connectdata *conn) 
  if(((smtpc->authmechs & SASL_MECH_XOAUTH2) &&

      (smtpc->prefmech & SASL_MECH_XOAUTH2) &&

      (smtpc->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) {

    mech = "XOAUTH2";

    mech = SASL_MECH_STRING_XOAUTH2;

    state1 = SMTP_AUTH_XOAUTH2;

    state2 = SMTP_AUTH_FINAL;

    smtpc->authused = SASL_MECH_XOAUTH2;
@@ -515,7 +515,7 @@ static CURLcode smtp_perform_authenticate(struct connectdata *conn) 
  }

  else if((smtpc->authmechs & SASL_MECH_LOGIN) &&

     (smtpc->prefmech & SASL_MECH_LOGIN)) {

    mech = "LOGIN";

    mech = SASL_MECH_STRING_LOGIN;

    state1 = SMTP_AUTH_LOGIN;

    state2 = SMTP_AUTH_LOGIN_PASSWD;

    smtpc->authused = SASL_MECH_LOGIN;
@@ -526,7 +526,7 @@ static CURLcode smtp_perform_authenticate(struct connectdata *conn) 
  }

  else if((smtpc->authmechs & SASL_MECH_PLAIN) &&

          (smtpc->prefmech & SASL_MECH_PLAIN)) {

    mech = "PLAIN";

    mech = SASL_MECH_STRING_PLAIN;

    state1 = SMTP_AUTH_PLAIN;

    state2 = SMTP_AUTH_FINAL;

    smtpc->authused = SASL_MECH_PLAIN;
@@ -1786,19 +1786,19 @@ static CURLcode smtp_parse_url_options(struct connectdata *conn) 


      if(strequal(value, "*"))

        smtpc->prefmech = SASL_AUTH_ANY;

      else if(strequal(value, "LOGIN"))

      else if(strequal(value, SASL_MECH_STRING_LOGIN))

        smtpc->prefmech = SASL_MECH_LOGIN;

      else if(strequal(value, "PLAIN"))

      else if(strequal(value, SASL_MECH_STRING_PLAIN))

        smtpc->prefmech = SASL_MECH_PLAIN;

      else if(strequal(value, "CRAM-MD5"))

      else if(strequal(value, SASL_MECH_STRING_CRAM_MD5))

        smtpc->prefmech = SASL_MECH_CRAM_MD5;

      else if(strequal(value, "DIGEST-MD5"))

      else if(strequal(value, SASL_MECH_STRING_DIGEST_MD5))

        smtpc->prefmech = SASL_MECH_DIGEST_MD5;

      else if(strequal(value, "GSSAPI"))

      else if(strequal(value, SASL_MECH_STRING_GSSAPI))

        smtpc->prefmech = SASL_MECH_GSSAPI;

      else if(strequal(value, "NTLM"))

      else if(strequal(value, SASL_MECH_STRING_NTLM))

        smtpc->prefmech = SASL_MECH_NTLM;

      else if(strequal(value, "XOAUTH2"))

      else if(strequal(value, SASL_MECH_STRING_XOAUTH2))

        smtpc->prefmech = SASL_MECH_XOAUTH2;

      else

        smtpc->prefmech = SASL_AUTH_NONE;