diff options
| author | Steve Holme <steve_holme@hotmail.com> | 2013-09-24 20:12:48 +0100 |
|---|---|---|
| committer | Steve Holme <steve_holme@hotmail.com> | 2013-09-24 20:12:50 +0100 |
| commit | 733a4419d0b519e54e74cc6187580138bfae3db7 (patch) | |
| tree | f8c54cf32bc258f26ab695b8ab3e400a31b3f471 | |
| parent | 77dc4ba87793a02d283bd3d2db81d0e60f3fec50 (diff) | |
sasl: Centralised the authentication mechanism strings
Moved the standard SASL mechanism strings into curl_sasl.h rather than
hard coding the same values over and over again in the protocols that
use SASL authentication.
For more information about the mechanism strings see:
http://www.iana.org/assignments/sasl-mechanisms
| -rw-r--r-- | lib/curl_sasl.h | 35 | ||||
| -rw-r--r-- | lib/imap.c | 42 | ||||
| -rw-r--r-- | lib/pop3.c | 42 | ||||
| -rw-r--r-- | lib/smtp.c | 42 |
4 files changed, 88 insertions, 73 deletions
diff --git a/lib/curl_sasl.h b/lib/curl_sasl.h index 1cac8fd63..2b6a5a26a 100644 --- a/lib/curl_sasl.h +++ b/lib/curl_sasl.h @@ -24,20 +24,35 @@ #include "pingpong.h" -/* Authentication mechanism flags */ -#define SASL_MECH_LOGIN (1 << 0) -#define SASL_MECH_PLAIN (1 << 1) -#define SASL_MECH_CRAM_MD5 (1 << 2) -#define SASL_MECH_DIGEST_MD5 (1 << 3) -#define SASL_MECH_GSSAPI (1 << 4) -#define SASL_MECH_EXTERNAL (1 << 5) -#define SASL_MECH_NTLM (1 << 6) -#define SASL_MECH_XOAUTH2 (1 << 7) - /* Authentication mechanism values */ #define SASL_AUTH_NONE 0 #define SASL_AUTH_ANY ~0U +/* Authentication mechanism flags */ +#define SASL_MECH_LOGIN (1 << 0) +#define SASL_MECH_PLAIN (1 << 1) +#define SASL_MECH_CRAM_MD5 (1 << 2) +#define SASL_MECH_DIGEST_MD5 (1 << 3) +#define SASL_MECH_GSSAPI (1 << 4) +#define SASL_MECH_EXTERNAL (1 << 5) +#define SASL_MECH_NTLM (1 << 6) +#define SASL_MECH_XOAUTH2 (1 << 7) + +/* Authentication mechanism strings */ +#define SASL_MECH_STRING_LOGIN "LOGIN" +#define SASL_MECH_STRING_PLAIN "PLAIN" +#define SASL_MECH_STRING_CRAM_MD5 "CRAM-MD5" +#define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5" +#define SASL_MECH_STRING_GSSAPI "GSSAPI" +#define SASL_MECH_STRING_EXTERNAL "EXTERNAL" +#define SASL_MECH_STRING_NTLM "NTLM" +#define SASL_MECH_STRING_XOAUTH2 "XOAUTH2" + +/* This is used to test whether the line starts with the given mechanism */ +#define sasl_mech_equal(line, wordlen, mech) \ + (wordlen == (sizeof(mech) - 1) / sizeof(char) && \ + !memcmp(line, mech, wordlen)) + /* This is used to generate a base64 encoded PLAIN authentication message */ CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data, const char *userp, diff --git a/lib/imap.c b/lib/imap.c index 7c0bf5c0e..5d3a1a17e 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -555,13 +555,13 @@ static CURLcode imap_perform_authenticate(struct connectdata *conn) #ifndef CURL_DISABLE_CRYPTO_AUTH if((imapc->authmechs & SASL_MECH_DIGEST_MD5) && (imapc->prefmech & SASL_MECH_DIGEST_MD5)) { - mech = "DIGEST-MD5"; + mech = SASL_MECH_STRING_DIGEST_MD5; state1 = IMAP_AUTHENTICATE_DIGESTMD5; imapc->authused = SASL_MECH_DIGEST_MD5; } else if((imapc->authmechs & SASL_MECH_CRAM_MD5) && (imapc->prefmech & SASL_MECH_CRAM_MD5)) { - mech = "CRAM-MD5"; + mech = SASL_MECH_STRING_CRAM_MD5; state1 = IMAP_AUTHENTICATE_CRAMMD5; imapc->authused = SASL_MECH_CRAM_MD5; } @@ -570,7 +570,7 @@ static CURLcode imap_perform_authenticate(struct connectdata *conn) #ifdef USE_NTLM if((imapc->authmechs & SASL_MECH_NTLM) && (imapc->prefmech & SASL_MECH_NTLM)) { - mech = "NTLM"; + mech = SASL_MECH_STRING_NTLM; state1 = IMAP_AUTHENTICATE_NTLM; state2 = IMAP_AUTHENTICATE_NTLM_TYPE2MSG; imapc->authused = SASL_MECH_NTLM; @@ -585,7 +585,7 @@ static CURLcode imap_perform_authenticate(struct connectdata *conn) if(((imapc->authmechs & SASL_MECH_XOAUTH2) && (imapc->prefmech & SASL_MECH_XOAUTH2) && (imapc->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) { - mech = "XOAUTH2"; + mech = SASL_MECH_STRING_XOAUTH2; state1 = IMAP_AUTHENTICATE_XOAUTH2; state2 = IMAP_AUTHENTICATE_FINAL; imapc->authused = SASL_MECH_XOAUTH2; @@ -597,7 +597,7 @@ static CURLcode imap_perform_authenticate(struct connectdata *conn) } else if((imapc->authmechs & SASL_MECH_LOGIN) && (imapc->prefmech & SASL_MECH_LOGIN)) { - mech = "LOGIN"; + mech = SASL_MECH_STRING_LOGIN; state1 = IMAP_AUTHENTICATE_LOGIN; state2 = IMAP_AUTHENTICATE_LOGIN_PASSWD; imapc->authused = SASL_MECH_LOGIN; @@ -608,7 +608,7 @@ static CURLcode imap_perform_authenticate(struct connectdata *conn) } else if((imapc->authmechs & SASL_MECH_PLAIN) && (imapc->prefmech & SASL_MECH_PLAIN)) { - mech = "PLAIN"; + mech = SASL_MECH_STRING_PLAIN; state1 = IMAP_AUTHENTICATE_PLAIN; state2 = IMAP_AUTHENTICATE_FINAL; imapc->authused = SASL_MECH_PLAIN; @@ -885,21 +885,21 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn, wordlen -= 5; /* Test the word for a matching authentication mechanism */ - if(wordlen == 5 && !memcmp(line, "LOGIN", 5)) + if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN)) imapc->authmechs |= SASL_MECH_LOGIN; - if(wordlen == 5 && !memcmp(line, "PLAIN", 5)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN)) imapc->authmechs |= SASL_MECH_PLAIN; - else if(wordlen == 8 && !memcmp(line, "CRAM-MD5", 8)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5)) imapc->authmechs |= SASL_MECH_CRAM_MD5; - else if(wordlen == 10 && !memcmp(line, "DIGEST-MD5", 10)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5)) imapc->authmechs |= SASL_MECH_DIGEST_MD5; - else if(wordlen == 6 && !memcmp(line, "GSSAPI", 6)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI)) imapc->authmechs |= SASL_MECH_GSSAPI; - else if(wordlen == 8 && !memcmp(line, "EXTERNAL", 8)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL)) imapc->authmechs |= SASL_MECH_EXTERNAL; - else if(wordlen == 4 && !memcmp(line, "NTLM", 4)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM)) imapc->authmechs |= SASL_MECH_NTLM; - else if(wordlen == 7 && !memcmp(line, "XOAUTH2", 7)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2)) imapc->authmechs |= SASL_MECH_XOAUTH2; } @@ -2275,19 +2275,19 @@ static CURLcode imap_parse_url_options(struct connectdata *conn) if(strequal(value, "*")) imapc->prefmech = SASL_AUTH_ANY; - else if(strequal(value, "LOGIN")) + else if(strequal(value, SASL_MECH_STRING_LOGIN)) imapc->prefmech = SASL_MECH_LOGIN; - else if(strequal(value, "PLAIN")) + else if(strequal(value, SASL_MECH_STRING_PLAIN)) imapc->prefmech = SASL_MECH_PLAIN; - else if(strequal(value, "CRAM-MD5")) + else if(strequal(value, SASL_MECH_STRING_CRAM_MD5)) imapc->prefmech = SASL_MECH_CRAM_MD5; - else if(strequal(value, "DIGEST-MD5")) + else if(strequal(value, SASL_MECH_STRING_DIGEST_MD5)) imapc->prefmech = SASL_MECH_DIGEST_MD5; - else if(strequal(value, "GSSAPI")) + else if(strequal(value, SASL_MECH_STRING_GSSAPI)) imapc->prefmech = SASL_MECH_GSSAPI; - else if(strequal(value, "NTLM")) + else if(strequal(value, SASL_MECH_STRING_NTLM)) imapc->prefmech = SASL_MECH_NTLM; - else if(strequal(value, "XOAUTH2")) + else if(strequal(value, SASL_MECH_STRING_XOAUTH2)) imapc->prefmech = SASL_MECH_XOAUTH2; else imapc->prefmech = SASL_AUTH_NONE; diff --git a/lib/pop3.c b/lib/pop3.c index bb3ed31cc..a77193384 100644 --- a/lib/pop3.c +++ b/lib/pop3.c @@ -313,21 +313,21 @@ static bool pop3_endofresp(struct connectdata *conn, char *line, size_t len, wordlen++; /* Test the word for a matching authentication mechanism */ - if(wordlen == 5 && !memcmp(line, "LOGIN", 5)) + if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN)) pop3c->authmechs |= SASL_MECH_LOGIN; - else if(wordlen == 5 && !memcmp(line, "PLAIN", 5)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN)) pop3c->authmechs |= SASL_MECH_PLAIN; - else if(wordlen == 8 && !memcmp(line, "CRAM-MD5", 8)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5)) pop3c->authmechs |= SASL_MECH_CRAM_MD5; - else if(wordlen == 10 && !memcmp(line, "DIGEST-MD5", 10)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5)) pop3c->authmechs |= SASL_MECH_DIGEST_MD5; - else if(wordlen == 6 && !memcmp(line, "GSSAPI", 6)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI)) pop3c->authmechs |= SASL_MECH_GSSAPI; - else if(wordlen == 8 && !memcmp(line, "EXTERNAL", 8)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL)) pop3c->authmechs |= SASL_MECH_EXTERNAL; - else if(wordlen == 4 && !memcmp(line, "NTLM", 4)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM)) pop3c->authmechs |= SASL_MECH_NTLM; - else if(wordlen == 7 && !memcmp(line, "XOAUTH2", 7)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2)) pop3c->authmechs |= SASL_MECH_XOAUTH2; line += wordlen; @@ -576,13 +576,13 @@ static CURLcode pop3_perform_authenticate(struct connectdata *conn) #ifndef CURL_DISABLE_CRYPTO_AUTH if((pop3c->authmechs & SASL_MECH_DIGEST_MD5) && (pop3c->prefmech & SASL_MECH_DIGEST_MD5)) { - mech = "DIGEST-MD5"; + mech = SASL_MECH_STRING_DIGEST_MD5; state1 = POP3_AUTH_DIGESTMD5; pop3c->authused = SASL_MECH_DIGEST_MD5; } else if((pop3c->authmechs & SASL_MECH_CRAM_MD5) && (pop3c->prefmech & SASL_MECH_CRAM_MD5)) { - mech = "CRAM-MD5"; + mech = SASL_MECH_STRING_CRAM_MD5; state1 = POP3_AUTH_CRAMMD5; pop3c->authused = SASL_MECH_CRAM_MD5; } @@ -591,7 +591,7 @@ static CURLcode pop3_perform_authenticate(struct connectdata *conn) #ifdef USE_NTLM if((pop3c->authmechs & SASL_MECH_NTLM) && (pop3c->prefmech & SASL_MECH_NTLM)) { - mech = "NTLM"; + mech = SASL_MECH_STRING_NTLM; state1 = POP3_AUTH_NTLM; state2 = POP3_AUTH_NTLM_TYPE2MSG; pop3c->authused = SASL_MECH_NTLM; @@ -606,7 +606,7 @@ static CURLcode pop3_perform_authenticate(struct connectdata *conn) if(((pop3c->authmechs & SASL_MECH_XOAUTH2) && (pop3c->prefmech & SASL_MECH_XOAUTH2) && (pop3c->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) { - mech = "XOAUTH2"; + mech = SASL_MECH_STRING_XOAUTH2; state1 = POP3_AUTH_XOAUTH2; state2 = POP3_AUTH_FINAL; pop3c->authused = SASL_MECH_XOAUTH2; @@ -618,7 +618,7 @@ static CURLcode pop3_perform_authenticate(struct connectdata *conn) } else if((pop3c->authmechs & SASL_MECH_LOGIN) && (pop3c->prefmech & SASL_MECH_LOGIN)) { - mech = "LOGIN"; + mech = SASL_MECH_STRING_LOGIN; state1 = POP3_AUTH_LOGIN; state2 = POP3_AUTH_LOGIN_PASSWD; pop3c->authused = SASL_MECH_LOGIN; @@ -629,7 +629,7 @@ static CURLcode pop3_perform_authenticate(struct connectdata *conn) } else if((pop3c->authmechs & SASL_MECH_PLAIN) && (pop3c->prefmech & SASL_MECH_PLAIN)) { - mech = "PLAIN"; + mech = SASL_MECH_STRING_PLAIN; state1 = POP3_AUTH_PLAIN; state2 = POP3_AUTH_FINAL; pop3c->authused = SASL_MECH_PLAIN; @@ -1788,31 +1788,31 @@ static CURLcode pop3_parse_url_options(struct connectdata *conn) pop3c->preftype = POP3_TYPE_APOP; pop3c->prefmech = SASL_AUTH_NONE; } - else if(strequal(value, "LOGIN")) { + else if(strequal(value, SASL_MECH_STRING_LOGIN)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech = SASL_MECH_LOGIN; } - else if(strequal(value, "PLAIN")) { + else if(strequal(value, SASL_MECH_STRING_PLAIN)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech = SASL_MECH_PLAIN; } - else if(strequal(value, "CRAM-MD5")) { + else if(strequal(value, SASL_MECH_STRING_CRAM_MD5)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech = SASL_MECH_CRAM_MD5; } - else if(strequal(value, "DIGEST-MD5")) { + else if(strequal(value, SASL_MECH_STRING_DIGEST_MD5)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech = SASL_MECH_DIGEST_MD5; } - else if(strequal(value, "GSSAPI")) { + else if(strequal(value, SASL_MECH_STRING_GSSAPI)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech = SASL_MECH_GSSAPI; } - else if(strequal(value, "NTLM")) { + else if(strequal(value, SASL_MECH_STRING_NTLM)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech = SASL_MECH_NTLM; } - else if(strequal(value, "XOAUTH2")) { + else if(strequal(value, SASL_MECH_STRING_XOAUTH2)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech = SASL_MECH_XOAUTH2; } diff --git a/lib/smtp.c b/lib/smtp.c index 2d4055c24..9626a30d8 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -277,21 +277,21 @@ static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len, wordlen++; /* Test the word for a matching authentication mechanism */ - if(wordlen == 5 && !memcmp(line, "LOGIN", 5)) + if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN)) smtpc->authmechs |= SASL_MECH_LOGIN; - else if(wordlen == 5 && !memcmp(line, "PLAIN", 5)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN)) smtpc->authmechs |= SASL_MECH_PLAIN; - else if(wordlen == 8 && !memcmp(line, "CRAM-MD5", 8)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5)) smtpc->authmechs |= SASL_MECH_CRAM_MD5; - else if(wordlen == 10 && !memcmp(line, "DIGEST-MD5", 10)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5)) smtpc->authmechs |= SASL_MECH_DIGEST_MD5; - else if(wordlen == 6 && !memcmp(line, "GSSAPI", 6)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI)) smtpc->authmechs |= SASL_MECH_GSSAPI; - else if(wordlen == 8 && !memcmp(line, "EXTERNAL", 8)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL)) smtpc->authmechs |= SASL_MECH_EXTERNAL; - else if(wordlen == 4 && !memcmp(line, "NTLM", 4)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM)) smtpc->authmechs |= SASL_MECH_NTLM; - else if(wordlen == 7 && !memcmp(line, "XOAUTH2", 7)) + else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2)) smtpc->authmechs |= SASL_MECH_XOAUTH2; line += wordlen; @@ -473,13 +473,13 @@ static CURLcode smtp_perform_authenticate(struct connectdata *conn) #ifndef CURL_DISABLE_CRYPTO_AUTH if((smtpc->authmechs & SASL_MECH_DIGEST_MD5) && (smtpc->prefmech & SASL_MECH_DIGEST_MD5)) { - mech = "DIGEST-MD5"; + mech = SASL_MECH_STRING_DIGEST_MD5; state1 = SMTP_AUTH_DIGESTMD5; smtpc->authused = SASL_MECH_DIGEST_MD5; } else if((smtpc->authmechs & SASL_MECH_CRAM_MD5) && (smtpc->prefmech & SASL_MECH_CRAM_MD5)) { - mech = "CRAM-MD5"; + mech = SASL_MECH_STRING_CRAM_MD5; state1 = SMTP_AUTH_CRAMMD5; smtpc->authused = SASL_MECH_CRAM_MD5; } @@ -488,7 +488,7 @@ static CURLcode smtp_perform_authenticate(struct connectdata *conn) #ifdef USE_NTLM if((smtpc->authmechs & SASL_MECH_NTLM) && (smtpc->prefmech & SASL_MECH_NTLM)) { - mech = "NTLM"; + mech = SASL_MECH_STRING_NTLM; state1 = SMTP_AUTH_NTLM; state2 = SMTP_AUTH_NTLM_TYPE2MSG; smtpc->authused = SASL_MECH_NTLM; @@ -503,7 +503,7 @@ static CURLcode smtp_perform_authenticate(struct connectdata *conn) if(((smtpc->authmechs & SASL_MECH_XOAUTH2) && (smtpc->prefmech & SASL_MECH_XOAUTH2) && (smtpc->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) { - mech = "XOAUTH2"; + mech = SASL_MECH_STRING_XOAUTH2; state1 = SMTP_AUTH_XOAUTH2; state2 = SMTP_AUTH_FINAL; smtpc->authused = SASL_MECH_XOAUTH2; @@ -515,7 +515,7 @@ static CURLcode smtp_perform_authenticate(struct connectdata *conn) } else if((smtpc->authmechs & SASL_MECH_LOGIN) && (smtpc->prefmech & SASL_MECH_LOGIN)) { - mech = "LOGIN"; + mech = SASL_MECH_STRING_LOGIN; state1 = SMTP_AUTH_LOGIN; state2 = SMTP_AUTH_LOGIN_PASSWD; smtpc->authused = SASL_MECH_LOGIN; @@ -526,7 +526,7 @@ static CURLcode smtp_perform_authenticate(struct connectdata *conn) } else if((smtpc->authmechs & SASL_MECH_PLAIN) && (smtpc->prefmech & SASL_MECH_PLAIN)) { - mech = "PLAIN"; + mech = SASL_MECH_STRING_PLAIN; state1 = SMTP_AUTH_PLAIN; state2 = SMTP_AUTH_FINAL; smtpc->authused = SASL_MECH_PLAIN; @@ -1786,19 +1786,19 @@ static CURLcode smtp_parse_url_options(struct connectdata *conn) if(strequal(value, "*")) smtpc->prefmech = SASL_AUTH_ANY; - else if(strequal(value, "LOGIN")) + else if(strequal(value, SASL_MECH_STRING_LOGIN)) smtpc->prefmech = SASL_MECH_LOGIN; - else if(strequal(value, "PLAIN")) + else if(strequal(value, SASL_MECH_STRING_PLAIN)) smtpc->prefmech = SASL_MECH_PLAIN; - else if(strequal(value, "CRAM-MD5")) + else if(strequal(value, SASL_MECH_STRING_CRAM_MD5)) smtpc->prefmech = SASL_MECH_CRAM_MD5; - else if(strequal(value, "DIGEST-MD5")) + else if(strequal(value, SASL_MECH_STRING_DIGEST_MD5)) smtpc->prefmech = SASL_MECH_DIGEST_MD5; - else if(strequal(value, "GSSAPI")) + else if(strequal(value, SASL_MECH_STRING_GSSAPI)) smtpc->prefmech = SASL_MECH_GSSAPI; - else if(strequal(value, "NTLM")) + else if(strequal(value, SASL_MECH_STRING_NTLM)) smtpc->prefmech = SASL_MECH_NTLM; - else if(strequal(value, "XOAUTH2")) + else if(strequal(value, SASL_MECH_STRING_XOAUTH2)) smtpc->prefmech = SASL_MECH_XOAUTH2; else smtpc->prefmech = SASL_AUTH_NONE; |