mirror of
https://github.com/curl/curl.git
synced 2026-05-16 22:16:20 +03:00
8f71d0fde5
Authorizdation credentials are kept in `struct Curl_creds`. This contains: * `user`: the username, maybe the empty string * `passwd`: the password, maybe the empty string * `sasl_authzid`: the SASL authz value, maybe the empty string * `oauth_bearer`: the OAUTH bearer token, maybe the empty string * `source`: where the credentials from from * `refcount`: a reference counter to link/unkink creds A `creds` with all values empty is equivalent to NULL, e.g. no `creds` instance. With reference counting, `creds` can be linked/unlinked in several places. See docs/internals/CREDENTIALS.md for use. Closes #21548
183 lines
5.4 KiB
C
183 lines
5.4 KiB
C
/***************************************************************************
|
|
* _ _ ____ _
|
|
* Project ___| | | | _ \| |
|
|
* / __| | | | |_) | |
|
|
* | (__| |_| | _ <| |___
|
|
* \___|\___/|_| \_\_____|
|
|
*
|
|
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
*
|
|
* This software is licensed as described in the file COPYING, which
|
|
* you should have received as part of this distribution. The terms
|
|
* are also available at https://curl.se/docs/copyright.html.
|
|
*
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
* copies of the Software, and permit persons to whom the Software is
|
|
* furnished to do so, under the terms of the COPYING file.
|
|
*
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
* KIND, either express or implied.
|
|
*
|
|
* SPDX-License-Identifier: curl
|
|
*
|
|
***************************************************************************/
|
|
#include "curl_setup.h"
|
|
|
|
#include <stddef.h> /* for offsetof() */
|
|
|
|
#include "creds.h"
|
|
#include "curl_trc.h"
|
|
#include "strcase.h"
|
|
#include "urldata.h"
|
|
|
|
|
|
CURLcode Curl_creds_create(const char *user,
|
|
const char *passwd,
|
|
const char *sasl_authzid,
|
|
const char *oauth_bearer,
|
|
uint8_t source,
|
|
struct Curl_creds **pcreds)
|
|
{
|
|
struct Curl_creds *creds = NULL;
|
|
size_t ulen = user ? strlen(user) : 0;
|
|
size_t plen = passwd ? strlen(passwd) : 0;
|
|
size_t salen = sasl_authzid ? strlen(sasl_authzid) : 0;
|
|
size_t olen = oauth_bearer ? strlen(oauth_bearer) : 0;
|
|
char *s, *buf;
|
|
CURLcode result = CURLE_OK;
|
|
|
|
Curl_creds_unlink(pcreds);
|
|
|
|
/* Everything empty/NULL, this is the NULL credential */
|
|
if(!ulen && !plen && !salen && !olen)
|
|
goto out;
|
|
|
|
if((ulen > CURL_MAX_INPUT_LENGTH) ||
|
|
(plen > CURL_MAX_INPUT_LENGTH) ||
|
|
(salen > CURL_MAX_INPUT_LENGTH) ||
|
|
(olen > CURL_MAX_INPUT_LENGTH)) {
|
|
result = CURLE_BAD_FUNCTION_ARGUMENT;
|
|
goto out;
|
|
}
|
|
|
|
/* NUL terminator for user already part of struct */
|
|
creds = curlx_calloc(1, sizeof(*creds) +
|
|
ulen + plen + 1 + salen + 1 + olen + 1);
|
|
if(!creds) {
|
|
result = CURLE_OUT_OF_MEMORY;
|
|
goto out;
|
|
}
|
|
|
|
creds->refcount = 1;
|
|
creds->source = source;
|
|
/* Some compilers try to be too smart about our dynamic struct size */
|
|
buf = ((char *)creds) + offsetof(struct Curl_creds, buf);
|
|
creds->user = s = buf;
|
|
if(ulen)
|
|
memcpy(s, CURL_UNCONST(user), ulen + 1);
|
|
creds->passwd = s = buf + ulen + 1;
|
|
if(plen)
|
|
memcpy(s, CURL_UNCONST(passwd), plen + 1);
|
|
creds->sasl_authzid = s = buf + ulen + 1 + plen + 1;
|
|
if(salen)
|
|
memcpy(s, CURL_UNCONST(sasl_authzid), salen + 1);
|
|
creds->oauth_bearer = s = buf + ulen + 1 + plen + 1 + salen + 1;
|
|
if(olen)
|
|
memcpy(s, CURL_UNCONST(oauth_bearer), olen + 1);
|
|
|
|
out:
|
|
if(!result)
|
|
*pcreds = creds;
|
|
else
|
|
Curl_creds_unlink(&creds);
|
|
return result;
|
|
}
|
|
|
|
CURLcode Curl_creds_merge(const char *user,
|
|
const char *passwd,
|
|
struct Curl_creds *creds_in,
|
|
uint8_t source,
|
|
struct Curl_creds **pcreds_out)
|
|
{
|
|
struct Curl_creds *creds_out = NULL;
|
|
CURLcode result;
|
|
|
|
if(!user || !user[0])
|
|
user = Curl_creds_user(creds_in);
|
|
if(!passwd || !passwd[0])
|
|
passwd = Curl_creds_passwd(creds_in);
|
|
result = Curl_creds_create(user, passwd,
|
|
Curl_creds_sasl_authzid(creds_in),
|
|
Curl_creds_oauth_bearer(creds_in),
|
|
source, &creds_out);
|
|
Curl_creds_link(pcreds_out, creds_out);
|
|
Curl_creds_unlink(&creds_out);
|
|
return result;
|
|
}
|
|
|
|
void Curl_creds_link(struct Curl_creds **pdest, struct Curl_creds *src)
|
|
{
|
|
if(*pdest != src) {
|
|
Curl_creds_unlink(pdest);
|
|
*pdest = src;
|
|
if(src) {
|
|
DEBUGASSERT(src->refcount < UINT32_MAX);
|
|
src->refcount++;
|
|
}
|
|
}
|
|
}
|
|
|
|
void Curl_creds_unlink(struct Curl_creds **pcreds)
|
|
{
|
|
if(*pcreds) {
|
|
struct Curl_creds *creds = *pcreds;
|
|
|
|
DEBUGASSERT(creds->refcount);
|
|
*pcreds = NULL;
|
|
if(creds->refcount)
|
|
creds->refcount--;
|
|
if(!creds->refcount) {
|
|
curlx_free(creds);
|
|
}
|
|
}
|
|
}
|
|
|
|
bool Curl_creds_same_user(struct Curl_creds *creds, const char *user)
|
|
{
|
|
return creds && !Curl_timestrcmp(creds->user, user);
|
|
}
|
|
|
|
bool Curl_creds_same_passwd(struct Curl_creds *creds, const char *passwd)
|
|
{
|
|
return creds && !Curl_timestrcmp(creds->passwd, passwd);
|
|
}
|
|
|
|
bool Curl_creds_same(struct Curl_creds *c1, struct Curl_creds *c2)
|
|
{
|
|
return (c1 == c2) ||
|
|
(c1 && c2 &&
|
|
!Curl_timestrcmp(c1->user, c2->user) &&
|
|
!Curl_timestrcmp(c1->passwd, c2->passwd) &&
|
|
!Curl_timestrcmp(c1->sasl_authzid, c2->sasl_authzid) &&
|
|
!Curl_timestrcmp(c1->oauth_bearer, c2->oauth_bearer));
|
|
}
|
|
|
|
#ifdef CURLVERBOSE
|
|
void Curl_creds_trace(struct Curl_easy *data, struct Curl_creds *creds,
|
|
const char *msg)
|
|
{
|
|
if(creds) {
|
|
CURL_TRC_M(data, "%s: user=%s, passwd=%s, "
|
|
"sasl_authzid=%s, oauth_bearer=%s, source=%d",
|
|
msg,
|
|
Curl_creds_user(creds),
|
|
Curl_creds_has_passwd(creds) ? "***" : "",
|
|
Curl_creds_sasl_authzid(creds),
|
|
Curl_creds_oauth_bearer(creds),
|
|
creds->source);
|
|
}
|
|
else
|
|
CURL_TRC_M(data, "%s: -", msg);
|
|
}
|
|
|
|
#endif
|