diff options
author | Steve Holme <steve_holme@hotmail.com> | 2019-04-18 21:54:35 +0100 |
---|---|---|
committer | Steve Holme <steve_holme@hotmail.com> | 2019-04-22 12:29:49 +0100 |
commit | eb84ca3ea8f793ecbedf7865c41a8d1b9f59efb7 (patch) | |
tree | bd8b0144d60fb1eb1634591428ff20f1a9824e21 | |
parent | b21701c54ba050145246e89c5137015479c65f7e (diff) | |
download | curl-eb84ca3ea8f793ecbedf7865c41a8d1b9f59efb7.tar.gz |
sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
RFC 4616 specifies the authzid is optional in the client authentication
message and that the server will derive the authorisation identity
(authzid) from the authentication identity (authcid) when not specified
by the client.
-rw-r--r-- | lib/curl_sasl.c | 4 | ||||
-rw-r--r-- | tests/data/test819 | 4 | ||||
-rw-r--r-- | tests/data/test825 | 2 | ||||
-rw-r--r-- | tests/data/test833 | 4 | ||||
-rw-r--r-- | tests/data/test834 | 4 | ||||
-rw-r--r-- | tests/data/test835 | 4 | ||||
-rw-r--r-- | tests/data/test865 | 4 | ||||
-rw-r--r-- | tests/data/test871 | 2 | ||||
-rw-r--r-- | tests/data/test879 | 4 | ||||
-rw-r--r-- | tests/data/test880 | 4 | ||||
-rw-r--r-- | tests/data/test881 | 4 | ||||
-rw-r--r-- | tests/data/test903 | 4 | ||||
-rw-r--r-- | tests/data/test919 | 2 | ||||
-rw-r--r-- | tests/data/test935 | 4 | ||||
-rw-r--r-- | tests/data/test936 | 4 | ||||
-rw-r--r-- | tests/data/test937 | 4 |
16 files changed, 29 insertions, 29 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index 94b51e541..c609b1ded 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -367,7 +367,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn, sasl->authused = SASL_MECH_PLAIN; if(force_ir || data->set.sasl_ir) - result = Curl_auth_create_plain_message(data, conn->user, conn->user, + result = Curl_auth_create_plain_message(data, NULL, conn->user, conn->passwd, &resp, &len); } else if(enabledmechs & SASL_MECH_LOGIN) { @@ -450,7 +450,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn, *progress = SASL_DONE; return result; case SASL_PLAIN: - result = Curl_auth_create_plain_message(data, conn->user, conn->user, + result = Curl_auth_create_plain_message(data, NULL, conn->user, conn->passwd, &resp, &len); break; case SASL_LOGIN: diff --git a/tests/data/test819 b/tests/data/test819 index b88e35055..4213e3ea6 100644 --- a/tests/data/test819 +++ b/tests/data/test819 @@ -14,7 +14,7 @@ RFC4616 <servercmd> AUTH PLAIN REPLY AUTHENTICATE + -REPLY dXNlcgB1c2VyAHNlY3JldA== A002 OK AUTHENTICATE completed +REPLY AHVzZXIAc2VjcmV0 A002 OK AUTHENTICATE completed </servercmd> <data> From: me@somewhere
@@ -47,7 +47,7 @@ IMAP plain authentication <protocol> A001 CAPABILITY
A002 AUTHENTICATE PLAIN
-dXNlcgB1c2VyAHNlY3JldA==
+AHVzZXIAc2VjcmV0
A003 SELECT 819
A004 FETCH 1 BODY[]
A005 LOGOUT
diff --git a/tests/data/test825 b/tests/data/test825 index b489e95de..d28b6a519 100644 --- a/tests/data/test825 +++ b/tests/data/test825 @@ -47,7 +47,7 @@ IMAP plain authentication with initial response <verify> <protocol> A001 CAPABILITY
-A002 AUTHENTICATE PLAIN dXNlcgB1c2VyAHNlY3JldA==
+A002 AUTHENTICATE PLAIN AHVzZXIAc2VjcmV0
A003 SELECT 825
A004 FETCH 1 BODY[]
A005 LOGOUT
diff --git a/tests/data/test833 b/tests/data/test833 index dc8214b8e..2c694adcc 100644 --- a/tests/data/test833 +++ b/tests/data/test833 @@ -18,7 +18,7 @@ AUTH CRAM-MD5 PLAIN REPLY "AUTHENTICATE CRAM-MD5" + Rubbish REPLY * A002 NO AUTH exchange cancelled by client REPLY "AUTHENTICATE PLAIN" + -REPLY dXNlcgB1c2VyAHNlY3JldA== A003 OK AUTHENTICATE completed +REPLY AHVzZXIAc2VjcmV0 A003 OK AUTHENTICATE completed </servercmd> <data> From: me@somewhere
@@ -56,7 +56,7 @@ A001 CAPABILITY A002 AUTHENTICATE CRAM-MD5
*
A003 AUTHENTICATE PLAIN
-dXNlcgB1c2VyAHNlY3JldA==
+AHVzZXIAc2VjcmV0
A004 SELECT 833
A005 FETCH 1 BODY[]
A006 LOGOUT
diff --git a/tests/data/test834 b/tests/data/test834 index fc131773b..35ab06aff 100644 --- a/tests/data/test834 +++ b/tests/data/test834 @@ -18,7 +18,7 @@ REPLY "AUTHENTICATE NTLM" + REPLY TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= + Rubbish REPLY * A002 NO AUTH exchange cancelled by client REPLY "AUTHENTICATE PLAIN" + -REPLY dXNlcgB1c2VyAHNlY3JldA== A003 OK AUTHENTICATE completed +REPLY AHVzZXIAc2VjcmV0 A003 OK AUTHENTICATE completed </servercmd> <data> From: me@somewhere
@@ -67,7 +67,7 @@ A002 AUTHENTICATE NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
*
A003 AUTHENTICATE PLAIN
-dXNlcgB1c2VyAHNlY3JldA==
+AHVzZXIAc2VjcmV0
A004 SELECT 834
A005 FETCH 1 BODY[]
A006 LOGOUT
diff --git a/tests/data/test835 b/tests/data/test835 index 400233c0c..b44e877ec 100644 --- a/tests/data/test835 +++ b/tests/data/test835 @@ -18,7 +18,7 @@ AUTH DIGEST-MD5 PLAIN REPLY "AUTHENTICATE DIGEST-MD5" + Rubbish REPLY * A002 NO AUTH exchange cancelled by client REPLY "AUTHENTICATE PLAIN" + -REPLY dXNlcgB1c2VyAHNlY3JldA== A003 OK AUTHENTICATE completed +REPLY AHVzZXIAc2VjcmV0 A003 OK AUTHENTICATE completed </servercmd> <data> From: me@somewhere
@@ -58,7 +58,7 @@ A001 CAPABILITY A002 AUTHENTICATE DIGEST-MD5
*
A003 AUTHENTICATE PLAIN
-dXNlcgB1c2VyAHNlY3JldA==
+AHVzZXIAc2VjcmV0
A004 SELECT 835
A005 FETCH 1 BODY[]
A006 LOGOUT
diff --git a/tests/data/test865 b/tests/data/test865 index 6f66f82d7..8a262fcc5 100644 --- a/tests/data/test865 +++ b/tests/data/test865 @@ -16,7 +16,7 @@ RFC5034 <servercmd> AUTH PLAIN REPLY AUTH + -REPLY dXNlcgB1c2VyAHNlY3JldA== +OK Login successful +REPLY AHVzZXIAc2VjcmV0 +OK Login successful </servercmd> <data> From: me@somewhere
@@ -49,7 +49,7 @@ pop3://%HOSTIP:%POP3PORT/865 -u user:secret <protocol> CAPA
AUTH PLAIN
-dXNlcgB1c2VyAHNlY3JldA==
+AHVzZXIAc2VjcmV0
RETR 865
QUIT
</protocol> diff --git a/tests/data/test871 b/tests/data/test871 index f4f236041..27cc2a4b3 100644 --- a/tests/data/test871 +++ b/tests/data/test871 @@ -48,7 +48,7 @@ pop3://%HOSTIP:%POP3PORT/871 -u user:secret --sasl-ir <verify> <protocol> CAPA
-AUTH PLAIN dXNlcgB1c2VyAHNlY3JldA==
+AUTH PLAIN AHVzZXIAc2VjcmV0
RETR 871
QUIT
</protocol> diff --git a/tests/data/test879 b/tests/data/test879 index 681d779b2..0d45aaa20 100644 --- a/tests/data/test879 +++ b/tests/data/test879 @@ -20,7 +20,7 @@ AUTH CRAM-MD5 PLAIN REPLY "AUTH CRAM-MD5" + Rubbish REPLY * -ERR AUTH exchange cancelled by client REPLY "AUTH PLAIN" + -REPLY dXNlcgB1c2VyAHNlY3JldA== +OK Login successful +REPLY AHVzZXIAc2VjcmV0 +OK Login successful </servercmd> <data> From: me@somewhere
@@ -58,7 +58,7 @@ CAPA AUTH CRAM-MD5
*
AUTH PLAIN
-dXNlcgB1c2VyAHNlY3JldA==
+AHVzZXIAc2VjcmV0
RETR 879
QUIT
</protocol> diff --git a/tests/data/test880 b/tests/data/test880 index f5eb69731..738817cd3 100644 --- a/tests/data/test880 +++ b/tests/data/test880 @@ -20,7 +20,7 @@ REPLY "AUTH NTLM" + REPLY TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= + Rubbish REPLY * -ERR AUTH exchange cancelled by client REPLY "AUTH PLAIN" + -REPLY dXNlcgB1c2VyAHNlY3JldA== +OK Login successful +REPLY AHVzZXIAc2VjcmV0 +OK Login successful </servercmd> <data> From: me@somewhere
@@ -69,7 +69,7 @@ AUTH NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
*
AUTH PLAIN
-dXNlcgB1c2VyAHNlY3JldA==
+AHVzZXIAc2VjcmV0
RETR 880
QUIT
</protocol> diff --git a/tests/data/test881 b/tests/data/test881 index 80eca500c..ccb906d9d 100644 --- a/tests/data/test881 +++ b/tests/data/test881 @@ -20,7 +20,7 @@ AUTH DIGEST-MD5 PLAIN REPLY "AUTH DIGEST-MD5" + Rubbish REPLY * -ERR AUTH exchange cancelled by client REPLY "AUTH PLAIN" + -REPLY dXNlcgB1c2VyAHNlY3JldA== +OK Login successful +REPLY AHVzZXIAc2VjcmV0 +OK Login successful </servercmd> <data> From: me@somewhere
@@ -60,7 +60,7 @@ CAPA AUTH DIGEST-MD5
*
AUTH PLAIN
-dXNlcgB1c2VyAHNlY3JldA==
+AHVzZXIAc2VjcmV0
RETR 881
QUIT
</protocol> diff --git a/tests/data/test903 b/tests/data/test903 index 2baf5e696..8a766e56d 100644 --- a/tests/data/test903 +++ b/tests/data/test903 @@ -15,7 +15,7 @@ RFC4954 <servercmd> AUTH PLAIN REPLY AUTH 334 PLAIN supported -REPLY dXNlcgB1c2VyAHNlY3JldA== 235 Authenticated +REPLY AHVzZXIAc2VjcmV0 235 Authenticated </servercmd> </reply> @@ -42,7 +42,7 @@ smtp://%HOSTIP:%SMTPPORT/903 --mail-rcpt recipient@example.com --mail-from sende <protocol> EHLO 903
AUTH PLAIN
-dXNlcgB1c2VyAHNlY3JldA==
+AHVzZXIAc2VjcmV0
MAIL FROM:<sender@example.com>
RCPT TO:<recipient@example.com>
DATA
diff --git a/tests/data/test919 b/tests/data/test919 index 3e74494cb..39794e30b 100644 --- a/tests/data/test919 +++ b/tests/data/test919 @@ -41,7 +41,7 @@ smtp://%HOSTIP:%SMTPPORT/919 --mail-rcpt recipient@example.com --mail-from sende <verify> <protocol> EHLO 919
-AUTH PLAIN dXNlcgB1c2VyAHNlY3JldA==
+AUTH PLAIN AHVzZXIAc2VjcmV0
MAIL FROM:<sender@example.com>
RCPT TO:<recipient@example.com>
DATA
diff --git a/tests/data/test935 b/tests/data/test935 index 3fd5c2e50..946611477 100644 --- a/tests/data/test935 +++ b/tests/data/test935 @@ -19,7 +19,7 @@ AUTH CRAM-MD5 PLAIN REPLY "AUTH CRAM-MD5" 334 Rubbish REPLY * 501 AUTH exchange cancelled by client REPLY "AUTH PLAIN" 334 PLAIN supported -REPLY dXNlcgB1c2VyAHNlY3JldA== 235 Authenticated +REPLY AHVzZXIAc2VjcmV0 235 Authenticated </servercmd> </reply> @@ -51,7 +51,7 @@ EHLO 935 AUTH CRAM-MD5
*
AUTH PLAIN
-dXNlcgB1c2VyAHNlY3JldA==
+AHVzZXIAc2VjcmV0
MAIL FROM:<sender@example.com>
RCPT TO:<recipient@example.com>
DATA
diff --git a/tests/data/test936 b/tests/data/test936 index 88c8a937e..5fde3c967 100644 --- a/tests/data/test936 +++ b/tests/data/test936 @@ -19,7 +19,7 @@ REPLY "AUTH NTLM" 334 NTLM supported REPLY TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= 334 Rubbish REPLY * 501 AUTH exchange cancelled by client REPLY "AUTH PLAIN" 334 PLAIN supported -REPLY dXNlcgB1c2VyAHNlY3JldA== 235 Authenticated +REPLY AHVzZXIAc2VjcmV0 235 Authenticated </servercmd> </reply> @@ -62,7 +62,7 @@ AUTH NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
*
AUTH PLAIN
-dXNlcgB1c2VyAHNlY3JldA==
+AHVzZXIAc2VjcmV0
MAIL FROM:<sender@example.com>
RCPT TO:<recipient@example.com>
DATA
diff --git a/tests/data/test937 b/tests/data/test937 index a2cb9b5c0..5e729e308 100644 --- a/tests/data/test937 +++ b/tests/data/test937 @@ -19,7 +19,7 @@ AUTH DIGEST-MD5 PLAIN REPLY "AUTH DIGEST-MD5" 334 Rubbish REPLY * 501 AUTH exchange cancelled by client REPLY "AUTH PLAIN" 334 PLAIN supported -REPLY dXNlcgB1c2VyAHNlY3JldA== 235 Authenticated +REPLY AHVzZXIAc2VjcmV0 235 Authenticated </servercmd> </reply> @@ -53,7 +53,7 @@ EHLO 937 AUTH DIGEST-MD5
*
AUTH PLAIN
-dXNlcgB1c2VyAHNlY3JldA==
+AHVzZXIAc2VjcmV0
MAIL FROM:<sender@example.com>
RCPT TO:<recipient@example.com>
DATA
|