diff options
-rw-r--r-- | lib/curl_sasl.c | 14 | ||||
-rw-r--r-- | lib/vauth/oauth2.c | 51 | ||||
-rw-r--r-- | lib/vauth/vauth.h | 7 | ||||
-rw-r--r-- | tests/data/test842 | 4 | ||||
-rw-r--r-- | tests/data/test843 | 2 | ||||
-rw-r--r-- | tests/data/test844 | 5 | ||||
-rw-r--r-- | tests/data/test845 | 2 | ||||
-rw-r--r-- | tests/data/test887 | 4 | ||||
-rw-r--r-- | tests/data/test888 | 2 | ||||
-rw-r--r-- | tests/data/test889 | 4 | ||||
-rw-r--r-- | tests/data/test890 | 2 | ||||
-rw-r--r-- | tests/data/test946 | 4 | ||||
-rw-r--r-- | tests/data/test947 | 2 | ||||
-rw-r--r-- | tests/data/test948 | 4 | ||||
-rw-r--r-- | tests/data/test949 | 2 |
15 files changed, 75 insertions, 34 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index 9e1a72e5e..456e08325 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -357,10 +357,9 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn, sasl->authused = SASL_MECH_XOAUTH2; if(force_ir || data->set.sasl_ir) - result = Curl_auth_create_oauth_bearer_message(data, conn->user, - NULL, 0, - conn->oauth_bearer, - &resp, &len); + result = Curl_auth_create_xoauth_bearer_message(data, conn->user, + conn->oauth_bearer, + &resp, &len); } else if(enabledmechs & SASL_MECH_PLAIN) { mech = SASL_MECH_STRING_PLAIN; @@ -562,10 +561,9 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn, newstate = SASL_OAUTH2_RESP; } else - result = Curl_auth_create_oauth_bearer_message(data, conn->user, - NULL, 0, - conn->oauth_bearer, - &resp, &len); + result = Curl_auth_create_xoauth_bearer_message(data, conn->user, + conn->oauth_bearer, + &resp, &len); break; case SASL_OAUTH2_RESP: diff --git a/lib/vauth/oauth2.c b/lib/vauth/oauth2.c index 6288f89a3..bedc6e3e6 100644 --- a/lib/vauth/oauth2.c +++ b/lib/vauth/oauth2.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -46,8 +46,8 @@ * * data[in] - The session handle. * user[in] - The user name. - * host[in] - The host name(for OAUTHBEARER). - * port[in] - The port(for OAUTHBEARER when not Port 80). + * host[in] - The host name. + * port[in] - The port(when not Port 80). * bearer[in] - The bearer token. * outptr[in / out] - The address where a pointer to newly allocated memory * holding the result will be stored upon completion. @@ -66,13 +66,11 @@ CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data, char *oauth = NULL; /* Generate the message */ - if(host == NULL && (port == 0 || port == 80)) - oauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer); - else if(port == 0 || port == 80) - oauth = aprintf("user=%s\1host=%s\1auth=Bearer %s\1\1", user, host, + if(port == 0 || port == 80) + oauth = aprintf("n,a=%s,\1host=%s\1auth=Bearer %s\1\1", user, host, bearer); else - oauth = aprintf("user=%s\1host=%s\1port=%ld\1auth=Bearer %s\1\1", user, + oauth = aprintf("n,a=%s,\1host=%s\1port=%ld\1auth=Bearer %s\1\1", user, host, port, bearer); if(!oauth) return CURLE_OUT_OF_MEMORY; @@ -84,3 +82,40 @@ CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data, return result; } + +/* + * Curl_auth_create_xoauth_bearer_message() + * + * This is used to generate an already encoded XOAuth 2.0 message ready for + * sending to the recipient. + * + * Parameters: + * + * data[in] - The session handle. + * user[in] - The user name. + * bearer[in] - The bearer token. + * outptr[in / out] - The address where a pointer to newly allocated memory + * holding the result will be stored upon completion. + * outlen[out] - The length of the output message. + * + * Returns CURLE_OK on success. + */ +CURLcode Curl_auth_create_xoauth_bearer_message(struct Curl_easy *data, + const char *user, + const char *bearer, + char **outptr, size_t *outlen) +{ + CURLcode result = CURLE_OK; + + /* Generate the message */ + char *xoauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer); + if(!xoauth) + return CURLE_OUT_OF_MEMORY; + + /* Base64 encode the reply */ + result = Curl_base64_encode(data, xoauth, strlen(xoauth), outptr, outlen); + + free(xoauth); + + return result; +} diff --git a/lib/vauth/vauth.h b/lib/vauth/vauth.h index f43064211..13ddc41f7 100644 --- a/lib/vauth/vauth.h +++ b/lib/vauth/vauth.h @@ -151,6 +151,13 @@ CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data, const long port, const char *bearer, char **outptr, size_t *outlen); + +/* This is used to generate a base64 encoded XOAuth 2.0 message */ +CURLcode Curl_auth_create_xoauth_bearer_message(struct Curl_easy *data, + const char *user, + const char *bearer, + char **outptr, size_t *outlen); + #if defined(USE_KERBEROS5) /* This is used to evaluate if GSSAPI (Kerberos V5) is supported */ bool Curl_auth_is_gssapi_supported(void); diff --git a/tests/data/test842 b/tests/data/test842 index e86abd430..1d9181e17 100644 --- a/tests/data/test842 +++ b/tests/data/test842 @@ -15,7 +15,7 @@ RFC7628 <servercmd> AUTH OAUTHBEARER REPLY AUTHENTICATE + -REPLY dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ== A002 OK AUTHENTICATE completed +REPLY bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ== A002 OK AUTHENTICATE completed </servercmd> <data> From: me@somewhere
@@ -53,7 +53,7 @@ perl -e "print 'Test requires default test server host and port' if ( '%HOSTIP' <protocol> A001 CAPABILITY
A002 AUTHENTICATE OAUTHBEARER
-dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
+bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
A003 SELECT 842
A004 FETCH 1 BODY[]
A005 LOGOUT
diff --git a/tests/data/test843 b/tests/data/test843 index e286fd93f..bd39dd907 100644 --- a/tests/data/test843 +++ b/tests/data/test843 @@ -53,7 +53,7 @@ perl -e "print 'Test requires default test server host and port' if ( '%HOSTIP' <verify> <protocol> A001 CAPABILITY
-A002 AUTHENTICATE OAUTHBEARER dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
+A002 AUTHENTICATE OAUTHBEARER bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
A003 SELECT 843
A004 FETCH 1 BODY[]
A005 LOGOUT
diff --git a/tests/data/test844 b/tests/data/test844 index 2cdb265fa..c5093d2b8 100644 --- a/tests/data/test844 +++ b/tests/data/test844 @@ -15,7 +15,8 @@ RFC7628 <servercmd> AUTH OAUTHBEARER REPLY AUTHENTICATE + -REPLY dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ== + eyJzdGF0dXMiOiJpbnZhbGlkX3Rva2VuIiwic2NvcGUiOiJleGFtcGxlX3Njb3BlIiwib3BlbmlkLWNvbmZpZ3VyYXRpb24iOiJodHRwczovL2V4YW1wbGUuY29tLy53ZWxsLWtub3duL29wZW5pZC1jb25maWd1cmF0aW9uIn0= +REPLY bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ== + +eyJzdGF0dXMiOiJpbnZhbGlkX3Rva2VuIiwic2NvcGUiOiJleGFtcGxlX3Njb3BlIiwib3BlbmlkLWNvbmZpZ3VyYXRpb24iOiJodHRwczovL2V4YW1wbGUuY29tLy53ZWxsLWtub3duL29wZW5pZC1jb25maWd1cmF0aW9uIn0= REPLY AQ== A002 NO Authentication failed </servercmd> </reply> @@ -52,7 +53,7 @@ perl -e "print 'Test requires default test server host and port' if ( '%HOSTIP' <protocol> A001 CAPABILITY
A002 AUTHENTICATE OAUTHBEARER
-dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
+bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
AQ==
</protocol> </verify> diff --git a/tests/data/test845 b/tests/data/test845 index d8b557488..70562c7ab 100644 --- a/tests/data/test845 +++ b/tests/data/test845 @@ -52,7 +52,7 @@ perl -e "print 'Test requires default test server host and port' if ( '%HOSTIP' # transfer and such a connection will not get a "LOGOUT" <protocol> A001 CAPABILITY
-A002 AUTHENTICATE OAUTHBEARER dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
+A002 AUTHENTICATE OAUTHBEARER bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
AQ==
</protocol> </verify> diff --git a/tests/data/test887 b/tests/data/test887 index fed4e3d92..35419b502 100644 --- a/tests/data/test887 +++ b/tests/data/test887 @@ -17,7 +17,7 @@ RFC7628 <servercmd> AUTH OAUTHBEARER REPLY AUTH + -REPLY dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ== +OK Login successful +REPLY bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ== +OK Login successful </servercmd> <data> From: me@somewhere
@@ -55,7 +55,7 @@ perl -e "print 'Test requires default test server host and port' if ( '%HOSTIP' <protocol> CAPA
AUTH OAUTHBEARER
-dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
+bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
RETR 887
QUIT
</protocol> diff --git a/tests/data/test888 b/tests/data/test888 index c52974f19..78463feaa 100644 --- a/tests/data/test888 +++ b/tests/data/test888 @@ -54,7 +54,7 @@ perl -e "print 'Test requires default test server host and port' if ( '%HOSTIP' <verify> <protocol> CAPA
-AUTH OAUTHBEARER dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
+AUTH OAUTHBEARER bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
RETR 888
QUIT
</protocol> diff --git a/tests/data/test889 b/tests/data/test889 index da26a3729..2edb371e9 100644 --- a/tests/data/test889 +++ b/tests/data/test889 @@ -17,7 +17,7 @@ RFC7628 <servercmd> AUTH OAUTHBEARER REPLY AUTH + -REPLY dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ== + eyJzdGF0dXMiOiJpbnZhbGlkX3Rva2VuIiwic2NvcGUiOiJleGFtcGxlX3Njb3BlIiwib3BlbmlkLWNvbmZpZ3VyYXRpb24iOiJodHRwczovL2V4YW1wbGUuY29tLy53ZWxsLWtub3duL29wZW5pZC1jb25maWd1cmF0aW9uIn0 +REPLY bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ== + eyJzdGF0dXMiOiJpbnZhbGlkX3Rva2VuIiwic2NvcGUiOiJleGFtcGxlX3Njb3BlIiwib3BlbmlkLWNvbmZpZ3VyYXRpb24iOiJodHRwczovL2V4YW1wbGUuY29tLy53ZWxsLWtub3duL29wZW5pZC1jb25maWd1cmF0aW9uIn0 REPLY AQ== -ERR Authentication failed </servercmd> </reply> @@ -54,7 +54,7 @@ perl -e "print 'Test requires default test server host and port' if ( '%HOSTIP' <protocol> CAPA
AUTH OAUTHBEARER
-dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
+bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
AQ==
</protocol> </verify> diff --git a/tests/data/test890 b/tests/data/test890 index 30aa0b232..ca0ccc7b5 100644 --- a/tests/data/test890 +++ b/tests/data/test890 @@ -53,7 +53,7 @@ perl -e "print 'Test requires default test server host and port' if ( '%HOSTIP' # transfer and such a connection will not get a "QUIT" <protocol> CAPA
-AUTH OAUTHBEARER dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
+AUTH OAUTHBEARER bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
AQ==
</protocol> </verify> diff --git a/tests/data/test946 b/tests/data/test946 index da4b924f9..c6753dc1e 100644 --- a/tests/data/test946 +++ b/tests/data/test946 @@ -16,7 +16,7 @@ RFC7628 <servercmd> AUTH OAUTHBEARER REPLY AUTH 334 OAUTHBEARER supported -REPLY dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwNQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ== 235 Authenticated +REPLY bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwNQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ== 235 Authenticated </servercmd> </reply> @@ -48,7 +48,7 @@ perl -e "print 'Test requires default test server host and port' if ( '%HOSTIP' <protocol> EHLO 946
AUTH OAUTHBEARER
-dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwNQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
+bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwNQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
MAIL FROM:<sender@example.com>
RCPT TO:<recipient@example.com>
DATA
diff --git a/tests/data/test947 b/tests/data/test947 index d33a55931..03c3fbe37 100644 --- a/tests/data/test947 +++ b/tests/data/test947 @@ -47,7 +47,7 @@ perl -e "print 'Test requires default test server host and port' if ( '%HOSTIP' <verify> <protocol> EHLO 947
-AUTH OAUTHBEARER dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwNQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
+AUTH OAUTHBEARER bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwNQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
MAIL FROM:<sender@example.com>
RCPT TO:<recipient@example.com>
DATA
diff --git a/tests/data/test948 b/tests/data/test948 index 9c1e31deb..8385f0cd2 100644 --- a/tests/data/test948 +++ b/tests/data/test948 @@ -16,7 +16,7 @@ RFC7628 <servercmd> AUTH OAUTHBEARER REPLY AUTH 334 OAUTHBEARER supported -REPLY dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwNQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ== 334 eyJzdGF0dXMiOiJpbnZhbGlkX3Rva2VuIiwic2NvcGUiOiJleGFtcGxlX3Njb3BlIiwib3BlbmlkLWNvbmZpZ3VyYXRpb24iOiJodHRwczovL2V4YW1wbGUuY29tLy53ZWxsLWtub3duL29wZW5pZC1jb25maWd1cmF0aW9uIn0 +REPLY bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwNQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ== 334 eyJzdGF0dXMiOiJpbnZhbGlkX3Rva2VuIiwic2NvcGUiOiJleGFtcGxlX3Njb3BlIiwib3BlbmlkLWNvbmZpZ3VyYXRpb24iOiJodHRwczovL2V4YW1wbGUuY29tLy53ZWxsLWtub3duL29wZW5pZC1jb25maWd1cmF0aW9uIn0 REPLY AQ== 535 Username and Password not accepted. Learn more at\r\n535 http://support.example.com/mail/oauth </servercmd> </reply> @@ -56,7 +56,7 @@ perl -e "print 'Test requires default test server host and port' if ( '%HOSTIP' <protocol> EHLO 948
AUTH OAUTHBEARER
-dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwNQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
+bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwNQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
AQ==
</protocol> </verify> diff --git a/tests/data/test949 b/tests/data/test949 index 9145d61e9..345940077 100644 --- a/tests/data/test949 +++ b/tests/data/test949 @@ -55,7 +55,7 @@ perl -e "print 'Test requires default test server host and port' if ( '%HOSTIP' # transfer and such a connection will not get a "QUIT" <protocol> EHLO 949
-AUTH OAUTHBEARER dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwNQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
+AUTH OAUTHBEARER bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwNQFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
AQ==
</protocol> </verify> |