diff options
author | Mert Yazıcıoğlu <mert@mertyazicioglu.com> | 2018-12-16 15:45:40 +0300 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2019-04-02 15:52:12 -0400 |
commit | 6227e2bd07246de7a751b8de8cece6020802c264 (patch) | |
tree | 88884a9f188bcdb816ae5e7e31182999c4be3530 /lib/vauth | |
parent | d110d96b981fb0d0df54ded3f7fc876be891e2e3 (diff) | |
download | curl-6227e2bd07246de7a751b8de8cece6020802c264.tar.gz |
vauth/oauth2: Fix OAUTHBEARER token generation
OAUTHBEARER tokens were incorrectly generated in a format similar to
XOAUTH2 tokens. These changes make OAUTHBEARER tokens conform to the
RFC7628.
Fixes: #2487
Reported-by: Paolo Mossino
Closes https://github.com/curl/curl/pull/3377
Diffstat (limited to 'lib/vauth')
-rw-r--r-- | lib/vauth/oauth2.c | 51 | ||||
-rw-r--r-- | lib/vauth/vauth.h | 7 |
2 files changed, 50 insertions, 8 deletions
diff --git a/lib/vauth/oauth2.c b/lib/vauth/oauth2.c index 6288f89a3..bedc6e3e6 100644 --- a/lib/vauth/oauth2.c +++ b/lib/vauth/oauth2.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -46,8 +46,8 @@ * * data[in] - The session handle. * user[in] - The user name. - * host[in] - The host name(for OAUTHBEARER). - * port[in] - The port(for OAUTHBEARER when not Port 80). + * host[in] - The host name. + * port[in] - The port(when not Port 80). * bearer[in] - The bearer token. * outptr[in / out] - The address where a pointer to newly allocated memory * holding the result will be stored upon completion. @@ -66,13 +66,11 @@ CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data, char *oauth = NULL; /* Generate the message */ - if(host == NULL && (port == 0 || port == 80)) - oauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer); - else if(port == 0 || port == 80) - oauth = aprintf("user=%s\1host=%s\1auth=Bearer %s\1\1", user, host, + if(port == 0 || port == 80) + oauth = aprintf("n,a=%s,\1host=%s\1auth=Bearer %s\1\1", user, host, bearer); else - oauth = aprintf("user=%s\1host=%s\1port=%ld\1auth=Bearer %s\1\1", user, + oauth = aprintf("n,a=%s,\1host=%s\1port=%ld\1auth=Bearer %s\1\1", user, host, port, bearer); if(!oauth) return CURLE_OUT_OF_MEMORY; @@ -84,3 +82,40 @@ CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data, return result; } + +/* + * Curl_auth_create_xoauth_bearer_message() + * + * This is used to generate an already encoded XOAuth 2.0 message ready for + * sending to the recipient. + * + * Parameters: + * + * data[in] - The session handle. + * user[in] - The user name. + * bearer[in] - The bearer token. + * outptr[in / out] - The address where a pointer to newly allocated memory + * holding the result will be stored upon completion. + * outlen[out] - The length of the output message. + * + * Returns CURLE_OK on success. + */ +CURLcode Curl_auth_create_xoauth_bearer_message(struct Curl_easy *data, + const char *user, + const char *bearer, + char **outptr, size_t *outlen) +{ + CURLcode result = CURLE_OK; + + /* Generate the message */ + char *xoauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer); + if(!xoauth) + return CURLE_OUT_OF_MEMORY; + + /* Base64 encode the reply */ + result = Curl_base64_encode(data, xoauth, strlen(xoauth), outptr, outlen); + + free(xoauth); + + return result; +} diff --git a/lib/vauth/vauth.h b/lib/vauth/vauth.h index f43064211..13ddc41f7 100644 --- a/lib/vauth/vauth.h +++ b/lib/vauth/vauth.h @@ -151,6 +151,13 @@ CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data, const long port, const char *bearer, char **outptr, size_t *outlen); + +/* This is used to generate a base64 encoded XOAuth 2.0 message */ +CURLcode Curl_auth_create_xoauth_bearer_message(struct Curl_easy *data, + const char *user, + const char *bearer, + char **outptr, size_t *outlen); + #if defined(USE_KERBEROS5) /* This is used to evaluate if GSSAPI (Kerberos V5) is supported */ bool Curl_auth_is_gssapi_supported(void); |