sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616

RFC 4616 specifies the authzid is optional in the client authentication
message and that the server will derive the authorisation identity
(authzid) from the authentication identity (authcid) when not specified
by the client.

16 files changed, 29 insertions, 29 deletions

diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index 94b51e541..c609b1ded 100644
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -367,7 +367,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
       sasl->authused = SASL_MECH_PLAIN;
 
       if(force_ir || data->set.sasl_ir)
-        result = Curl_auth_create_plain_message(data, conn->user, conn->user,
+        result = Curl_auth_create_plain_message(data, NULL, conn->user,
                                                 conn->passwd, &resp, &len);
     }
     else if(enabledmechs & SASL_MECH_LOGIN) {
@@ -450,7 +450,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
     *progress = SASL_DONE;
     return result;
   case SASL_PLAIN:
-    result = Curl_auth_create_plain_message(data, conn->user, conn->user,
+    result = Curl_auth_create_plain_message(data, NULL, conn->user,
                                             conn->passwd, &resp, &len);
     break;
   case SASL_LOGIN:
diff --git a/tests/data/test819 b/tests/data/test819
index b88e35055..4213e3ea6 100644
--- a/tests/data/test819
+++ b/tests/data/test819
@@ -14,7 +14,7 @@ RFC4616
 <servercmd>
 AUTH PLAIN
 REPLY AUTHENTICATE +
-REPLY dXNlcgB1c2VyAHNlY3JldA== A002 OK AUTHENTICATE completed
+REPLY AHVzZXIAc2VjcmV0 A002 OK AUTHENTICATE completed
 </servercmd>
 <data>
 From: me@somewhere

@@ -47,7 +47,7 @@ IMAP plain authentication
 <protocol>
 A001 CAPABILITY

 A002 AUTHENTICATE PLAIN

-dXNlcgB1c2VyAHNlY3JldA==

+AHVzZXIAc2VjcmV0

 A003 SELECT 819

 A004 FETCH 1 BODY[]

 A005 LOGOUT

diff --git a/tests/data/test825 b/tests/data/test825
index b489e95de..d28b6a519 100644
--- a/tests/data/test825
+++ b/tests/data/test825
@@ -47,7 +47,7 @@ IMAP plain authentication with initial response
 <verify>
 <protocol>
 A001 CAPABILITY

-A002 AUTHENTICATE PLAIN dXNlcgB1c2VyAHNlY3JldA==

+A002 AUTHENTICATE PLAIN AHVzZXIAc2VjcmV0

 A003 SELECT 825

 A004 FETCH 1 BODY[]

 A005 LOGOUT

diff --git a/tests/data/test833 b/tests/data/test833
index dc8214b8e..2c694adcc 100644
--- a/tests/data/test833
+++ b/tests/data/test833
@@ -18,7 +18,7 @@ AUTH CRAM-MD5 PLAIN
 REPLY "AUTHENTICATE CRAM-MD5" + Rubbish
 REPLY * A002 NO AUTH exchange cancelled by client
 REPLY "AUTHENTICATE PLAIN" +
-REPLY dXNlcgB1c2VyAHNlY3JldA== A003 OK AUTHENTICATE completed
+REPLY AHVzZXIAc2VjcmV0 A003 OK AUTHENTICATE completed
 </servercmd>
 <data>
 From: me@somewhere

@@ -56,7 +56,7 @@ A001 CAPABILITY
 A002 AUTHENTICATE CRAM-MD5

 *

 A003 AUTHENTICATE PLAIN

-dXNlcgB1c2VyAHNlY3JldA==

+AHVzZXIAc2VjcmV0

 A004 SELECT 833

 A005 FETCH 1 BODY[]

 A006 LOGOUT

diff --git a/tests/data/test834 b/tests/data/test834
index fc131773b..35ab06aff 100644
--- a/tests/data/test834
+++ b/tests/data/test834
@@ -18,7 +18,7 @@ REPLY "AUTHENTICATE NTLM" +
 REPLY TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= + Rubbish
 REPLY * A002 NO AUTH exchange cancelled by client
 REPLY "AUTHENTICATE PLAIN" +
-REPLY dXNlcgB1c2VyAHNlY3JldA== A003 OK AUTHENTICATE completed
+REPLY AHVzZXIAc2VjcmV0 A003 OK AUTHENTICATE completed
 </servercmd>
 <data>
 From: me@somewhere

@@ -67,7 +67,7 @@ A002 AUTHENTICATE NTLM
 TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=

 *

 A003 AUTHENTICATE PLAIN

-dXNlcgB1c2VyAHNlY3JldA==

+AHVzZXIAc2VjcmV0

 A004 SELECT 834

 A005 FETCH 1 BODY[]

 A006 LOGOUT

diff --git a/tests/data/test835 b/tests/data/test835
index 400233c0c..b44e877ec 100644
--- a/tests/data/test835
+++ b/tests/data/test835
@@ -18,7 +18,7 @@ AUTH DIGEST-MD5 PLAIN
 REPLY "AUTHENTICATE DIGEST-MD5" + Rubbish
 REPLY * A002 NO AUTH exchange cancelled by client
 REPLY "AUTHENTICATE PLAIN" +
-REPLY dXNlcgB1c2VyAHNlY3JldA== A003 OK AUTHENTICATE completed
+REPLY AHVzZXIAc2VjcmV0 A003 OK AUTHENTICATE completed
 </servercmd>
 <data>
 From: me@somewhere

@@ -58,7 +58,7 @@ A001 CAPABILITY
 A002 AUTHENTICATE DIGEST-MD5

 *

 A003 AUTHENTICATE PLAIN

-dXNlcgB1c2VyAHNlY3JldA==

+AHVzZXIAc2VjcmV0

 A004 SELECT 835

 A005 FETCH 1 BODY[]

 A006 LOGOUT

diff --git a/tests/data/test865 b/tests/data/test865
index 6f66f82d7..8a262fcc5 100644
--- a/tests/data/test865
+++ b/tests/data/test865
@@ -16,7 +16,7 @@ RFC5034
 <servercmd>
 AUTH PLAIN
 REPLY AUTH +
-REPLY dXNlcgB1c2VyAHNlY3JldA== +OK Login successful
+REPLY AHVzZXIAc2VjcmV0 +OK Login successful
 </servercmd>
 <data>
 From: me@somewhere

@@ -49,7 +49,7 @@ pop3://%HOSTIP:%POP3PORT/865 -u user:secret
 <protocol>
 CAPA

 AUTH PLAIN

-dXNlcgB1c2VyAHNlY3JldA==

+AHVzZXIAc2VjcmV0

 RETR 865

 QUIT

 </protocol>
diff --git a/tests/data/test871 b/tests/data/test871
index f4f236041..27cc2a4b3 100644
--- a/tests/data/test871
+++ b/tests/data/test871
@@ -48,7 +48,7 @@ pop3://%HOSTIP:%POP3PORT/871 -u user:secret --sasl-ir
 <verify>
 <protocol>
 CAPA

-AUTH PLAIN dXNlcgB1c2VyAHNlY3JldA==

+AUTH PLAIN AHVzZXIAc2VjcmV0

 RETR 871

 QUIT

 </protocol>
diff --git a/tests/data/test879 b/tests/data/test879
index 681d779b2..0d45aaa20 100644
--- a/tests/data/test879
+++ b/tests/data/test879
@@ -20,7 +20,7 @@ AUTH CRAM-MD5 PLAIN
 REPLY "AUTH CRAM-MD5" + Rubbish
 REPLY * -ERR AUTH exchange cancelled by client
 REPLY "AUTH PLAIN" +
-REPLY dXNlcgB1c2VyAHNlY3JldA== +OK Login successful
+REPLY AHVzZXIAc2VjcmV0 +OK Login successful
 </servercmd>
 <data>
 From: me@somewhere

@@ -58,7 +58,7 @@ CAPA
 AUTH CRAM-MD5

 *

 AUTH PLAIN

-dXNlcgB1c2VyAHNlY3JldA==

+AHVzZXIAc2VjcmV0

 RETR 879

 QUIT

 </protocol>
diff --git a/tests/data/test880 b/tests/data/test880
index f5eb69731..738817cd3 100644
--- a/tests/data/test880
+++ b/tests/data/test880
@@ -20,7 +20,7 @@ REPLY "AUTH NTLM" +
 REPLY TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= + Rubbish
 REPLY * -ERR AUTH exchange cancelled by client
 REPLY "AUTH PLAIN" +
-REPLY dXNlcgB1c2VyAHNlY3JldA== +OK Login successful
+REPLY AHVzZXIAc2VjcmV0 +OK Login successful
 </servercmd>
 <data>
 From: me@somewhere

@@ -69,7 +69,7 @@ AUTH NTLM
 TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=

 *

 AUTH PLAIN

-dXNlcgB1c2VyAHNlY3JldA==

+AHVzZXIAc2VjcmV0

 RETR 880

 QUIT

 </protocol>
diff --git a/tests/data/test881 b/tests/data/test881
index 80eca500c..ccb906d9d 100644
--- a/tests/data/test881
+++ b/tests/data/test881
@@ -20,7 +20,7 @@ AUTH DIGEST-MD5 PLAIN
 REPLY "AUTH DIGEST-MD5" + Rubbish
 REPLY * -ERR AUTH exchange cancelled by client
 REPLY "AUTH PLAIN" +
-REPLY dXNlcgB1c2VyAHNlY3JldA== +OK Login successful
+REPLY AHVzZXIAc2VjcmV0 +OK Login successful
 </servercmd>
 <data>
 From: me@somewhere

@@ -60,7 +60,7 @@ CAPA
 AUTH DIGEST-MD5

 *

 AUTH PLAIN

-dXNlcgB1c2VyAHNlY3JldA==

+AHVzZXIAc2VjcmV0

 RETR 881

 QUIT

 </protocol>
diff --git a/tests/data/test903 b/tests/data/test903
index 2baf5e696..8a766e56d 100644
--- a/tests/data/test903
+++ b/tests/data/test903
@@ -15,7 +15,7 @@ RFC4954
 <servercmd>
 AUTH PLAIN
 REPLY AUTH 334 PLAIN supported
-REPLY dXNlcgB1c2VyAHNlY3JldA== 235 Authenticated
+REPLY AHVzZXIAc2VjcmV0 235 Authenticated
 </servercmd>
 </reply>
 
@@ -42,7 +42,7 @@ smtp://%HOSTIP:%SMTPPORT/903 --mail-rcpt recipient@example.com --mail-from sende
 <protocol>
 EHLO 903

 AUTH PLAIN

-dXNlcgB1c2VyAHNlY3JldA==

+AHVzZXIAc2VjcmV0

 MAIL FROM:<sender@example.com>

 RCPT TO:<recipient@example.com>

 DATA

diff --git a/tests/data/test919 b/tests/data/test919
index 3e74494cb..39794e30b 100644
--- a/tests/data/test919
+++ b/tests/data/test919
@@ -41,7 +41,7 @@ smtp://%HOSTIP:%SMTPPORT/919 --mail-rcpt recipient@example.com --mail-from sende
 <verify>
 <protocol>
 EHLO 919

-AUTH PLAIN dXNlcgB1c2VyAHNlY3JldA==

+AUTH PLAIN AHVzZXIAc2VjcmV0

 MAIL FROM:<sender@example.com>

 RCPT TO:<recipient@example.com>

 DATA

diff --git a/tests/data/test935 b/tests/data/test935
index 3fd5c2e50..946611477 100644
--- a/tests/data/test935
+++ b/tests/data/test935
@@ -19,7 +19,7 @@ AUTH CRAM-MD5 PLAIN
 REPLY "AUTH CRAM-MD5" 334 Rubbish
 REPLY * 501 AUTH exchange cancelled by client
 REPLY "AUTH PLAIN" 334 PLAIN supported
-REPLY dXNlcgB1c2VyAHNlY3JldA== 235 Authenticated
+REPLY AHVzZXIAc2VjcmV0 235 Authenticated
 </servercmd>
 </reply>
 
@@ -51,7 +51,7 @@ EHLO 935
 AUTH CRAM-MD5

 *

 AUTH PLAIN

-dXNlcgB1c2VyAHNlY3JldA==

+AHVzZXIAc2VjcmV0

 MAIL FROM:<sender@example.com>

 RCPT TO:<recipient@example.com>

 DATA

diff --git a/tests/data/test936 b/tests/data/test936
index 88c8a937e..5fde3c967 100644
--- a/tests/data/test936
+++ b/tests/data/test936
@@ -19,7 +19,7 @@ REPLY "AUTH NTLM" 334 NTLM supported
 REPLY TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= 334 Rubbish
 REPLY * 501 AUTH exchange cancelled by client
 REPLY "AUTH PLAIN" 334 PLAIN supported
-REPLY dXNlcgB1c2VyAHNlY3JldA== 235 Authenticated
+REPLY AHVzZXIAc2VjcmV0 235 Authenticated
 </servercmd>
 </reply>
 
@@ -62,7 +62,7 @@ AUTH NTLM
 TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=

 *

 AUTH PLAIN

-dXNlcgB1c2VyAHNlY3JldA==

+AHVzZXIAc2VjcmV0

 MAIL FROM:<sender@example.com>

 RCPT TO:<recipient@example.com>

 DATA

diff --git a/tests/data/test937 b/tests/data/test937
index a2cb9b5c0..5e729e308 100644
--- a/tests/data/test937
+++ b/tests/data/test937
@@ -19,7 +19,7 @@ AUTH DIGEST-MD5 PLAIN
 REPLY "AUTH DIGEST-MD5" 334 Rubbish
 REPLY * 501 AUTH exchange cancelled by client
 REPLY "AUTH PLAIN" 334 PLAIN supported
-REPLY dXNlcgB1c2VyAHNlY3JldA== 235 Authenticated
+REPLY AHVzZXIAc2VjcmV0 235 Authenticated
 </servercmd>
 </reply>
 
@@ -53,7 +53,7 @@ EHLO 937
 AUTH DIGEST-MD5

 *

 AUTH PLAIN

-dXNlcgB1c2VyAHNlY3JldA==

+AHVzZXIAc2VjcmV0

 MAIL FROM:<sender@example.com>

 RCPT TO:<recipient@example.com>

 DATA