sasl: implement EXTERNAL authentication mechanism.

  Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
by not setting the password.

1 files changed, 9 insertions, 4 deletions

diff --git a/lib/curl_sasl.h b/lib/curl_sasl.h
index e4a594c53..985ca416e 100644
--- a/lib/curl_sasl.h
+++ b/lib/curl_sasl.h
@@ -39,10 +39,6 @@ struct ntlmdata;
 struct kerberos5data;
 #endif
 
-/* Authentication mechanism values */
-#define SASL_AUTH_NONE          0
-#define SASL_AUTH_ANY           ~0U
-
 /* Authentication mechanism flags */
 #define SASL_MECH_LOGIN             (1 << 0)
 #define SASL_MECH_PLAIN             (1 << 1)
@@ -53,6 +49,11 @@ struct kerberos5data;
 #define SASL_MECH_NTLM              (1 << 6)
 #define SASL_MECH_XOAUTH2           (1 << 7)
 
+/* Authentication mechanism values */
+#define SASL_AUTH_NONE          0
+#define SASL_AUTH_ANY           ~0U
+#define SASL_AUTH_DEFAULT       (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL)
+
 /* Authentication mechanism strings */
 #define SASL_MECH_STRING_LOGIN      "LOGIN"
 #define SASL_MECH_STRING_PLAIN      "PLAIN"
@@ -74,6 +75,7 @@ typedef enum {
   SASL_PLAIN,
   SASL_LOGIN,
   SASL_LOGIN_PASSWD,
+  SASL_EXTERNAL,
   SASL_CRAMMD5,
   SASL_DIGESTMD5,
   SASL_DIGESTMD5_RESP,
@@ -228,6 +230,9 @@ CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl,
 /* Initializes an SASL structure */
 void Curl_sasl_init(struct SASL *sasl, const struct SASLproto *params);
 
+/* Check if we have enough auth data and capabilities to authenticate */
+bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn);
+
 /* Calculate the required login details for SASL authentication  */
 CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
                          bool force_ir, saslprogress *progress);