[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 70/220: sasl: Implement SASL authorisation identity
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 70/220: sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID |
|
Date: |
Thu, 12 Sep 2019 17:27:10 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 7c469fa537397c3b8307c92aa723e3af6d941e95
Author: Steve Holme <address@hidden>
AuthorDate: Wed Apr 17 23:47:51 2019 +0100
sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.
Fixes #3653
Closes #3790
NOTE: This commit was cherry-picked and is part of a series of commits
that added the authzid feature for upcoming 7.66.0. The series was
temporarily reverted in db8ec1f so that it would not ship in a 7.65.x
patch release.
Closes https://github.com/curl/curl/pull/4186
---
docs/libcurl/curl_easy_setopt.3 | 2 +
docs/libcurl/opts/CURLOPT_SASL_AUTHZID.3 | 64 ++++++++++++++++++++++++++++++++
docs/libcurl/opts/Makefile.inc | 1 +
docs/libcurl/symbols-in-versions | 1 +
include/curl/curl.h | 3 ++
include/curl/typecheck-gcc.h | 1 +
lib/curl_sasl.c | 10 +++--
lib/setopt.c | 6 +++
lib/url.c | 9 +++++
lib/urldata.h | 4 +-
packages/OS400/ccsidcurl.c | 1 +
packages/OS400/curl.inc.in | 2 +
12 files changed, 99 insertions(+), 5 deletions(-)
diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
index cb5c418fb..2d052f0a4 100644
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -256,6 +256,8 @@ TLS authentication methods. See
\fICURLOPT_TLSAUTH_TYPE(3)\fP
Proxy TLS authentication methods. See \fICURLOPT_PROXY_TLSAUTH_TYPE(3)\fP
.IP CURLOPT_PROXYAUTH
HTTP proxy authentication methods. See \fICURLOPT_PROXYAUTH(3)\fP
+.IP CURLOPT_SASL_AUTHZID
+SASL authorisation identity (identity to act as). See
\fICURLOPT_SASL_AUTHZID(3)\fP
.IP CURLOPT_SASL_IR
Enable SASL initial response. See \fICURLOPT_SASL_IR(3)\fP
.IP CURLOPT_XOAUTH2_BEARER
diff --git a/docs/libcurl/opts/CURLOPT_SASL_AUTHZID.3
b/docs/libcurl/opts/CURLOPT_SASL_AUTHZID.3
new file mode 100644
index 000000000..65445475d
--- /dev/null
+++ b/docs/libcurl/opts/CURLOPT_SASL_AUTHZID.3
@@ -0,0 +1,64 @@
+.\" **************************************************************************
+.\" * _ _ ____ _
+.\" * Project ___| | | | _ \| |
+.\" * / __| | | | |_) | |
+.\" * | (__| |_| | _ <| |___
+.\" * \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <address@hidden>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at https://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH CURLOPT_SASL_AUTHZID 3 "11 Sep 2019" "libcurl 7.66.0" "curl_easy_setopt
options"
+.SH NAME
+CURLOPT_SASL_AUTHZID \- authorisation identity (identity to act as)
+.SH SYNOPSIS
+#include <curl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SASL_AUTHZID, char *authzid);
+.SH DESCRIPTION
+Pass a char * as parameter, which should be pointing to the zero terminated
+authorisation identity (authzid) for the transfer. Only applicable to the PLAIN
+SASL authentication mechanism where it is optional.
+
+When not specified only the authentication identity (authcid) as specified by
+the username will be sent to the server, along with the password. The server
+will derive a authzid from the authcid when not provided, which it will then
+uses internally.
+
+When the authzid is specified, the use of which is server dependent, it can be
+used to access another user's inbox, that the user has been granted access to,
+or a shared mailbox for example.
+.SH DEFAULT
+blank
+.SH PROTOCOLS
+IMAP, POP3 and SMTP
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+ curl_easy_setopt(curl, CURLOPT_URL, "imap://example.com/");
+ curl_easy_setopt(curl, CURLOPT_USERNAME, "Kurt");
+ curl_easy_setopt(curl, CURLOPT_PASSWORD, "xipj3plmq");
+ curl_easy_setopt(curl, CURLOPT_SASL_AUTHZID, "Ursel");
+ ret = curl_easy_perform(curl);
+ curl_easy_cleanup(curl);
+}
+.fi
+.SH AVAILABILITY
+Added in 7.66.0
+.SH RETURN VALUE
+Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
+.SH "SEE ALSO"
+.BR CURLOPT_USERNAME "(3), " CURLOPT_PASSWORD "(3), ".BR CURLOPT_USERPWD "(3)"
diff --git a/docs/libcurl/opts/Makefile.inc b/docs/libcurl/opts/Makefile.inc
index 5460b2a57..094c58f42 100644
--- a/docs/libcurl/opts/Makefile.inc
+++ b/docs/libcurl/opts/Makefile.inc
@@ -273,6 +273,7 @@ man_MANS = \
CURLOPT_RTSP_SESSION_ID.3 \
CURLOPT_RTSP_STREAM_URI.3 \
CURLOPT_RTSP_TRANSPORT.3 \
+ CURLOPT_SASL_AUTHZID.3 \
CURLOPT_SASL_IR.3 \
CURLOPT_SEEKDATA.3 \
CURLOPT_SEEKFUNCTION.3 \
diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
index 1b452d245..1afe73b53 100644
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -556,6 +556,7 @@ CURLOPT_RTSP_SERVER_CSEQ 7.20.0
CURLOPT_RTSP_SESSION_ID 7.20.0
CURLOPT_RTSP_STREAM_URI 7.20.0
CURLOPT_RTSP_TRANSPORT 7.20.0
+CURLOPT_SASL_AUTHZID 7.66.0
CURLOPT_SASL_IR 7.31.0
CURLOPT_SEEKDATA 7.18.0
CURLOPT_SEEKFUNCTION 7.18.0
diff --git a/include/curl/curl.h b/include/curl/curl.h
index a3cdd8395..33aa047a7 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -1929,6 +1929,9 @@ typedef enum {
/* Bitmask to control HTTP/3 behavior. See CURLH3_* */
CINIT(H3, LONG, 289),
+ /* SASL authorisation identity */
+ CINIT(SASL_AUTHZID, STRINGPOINT, 290),
+
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;
diff --git a/include/curl/typecheck-gcc.h b/include/curl/typecheck-gcc.h
index eeb36abc0..dfd48b8a3 100644
--- a/include/curl/typecheck-gcc.h
+++ b/include/curl/typecheck-gcc.h
@@ -311,6 +311,7 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_off_t,
(option) == CURLOPT_RTSP_SESSION_ID || \
(option) == CURLOPT_RTSP_STREAM_URI || \
(option) == CURLOPT_RTSP_TRANSPORT || \
+ (option) == CURLOPT_SASL_AUTHZID || \
(option) == CURLOPT_SERVICE_NAME || \
(option) == CURLOPT_SOCKS5_GSSAPI_SERVICE || \
(option) == CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 || \
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index 018e4228b..0aa1f5bb7 100644
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -370,8 +370,9 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct
connectdata *conn,
sasl->authused = SASL_MECH_PLAIN;
if(force_ir || data->set.sasl_ir)
- result = Curl_auth_create_plain_message(data, NULL, conn->user,
- conn->passwd, &resp, &len);
+ result = Curl_auth_create_plain_message(data, conn->sasl_authzid,
+ conn->user, conn->passwd,
+ &resp, &len);
}
else if(enabledmechs & SASL_MECH_LOGIN) {
mech = SASL_MECH_STRING_LOGIN;
@@ -453,8 +454,9 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct
connectdata *conn,
*progress = SASL_DONE;
return result;
case SASL_PLAIN:
- result = Curl_auth_create_plain_message(data, NULL, conn->user,
- conn->passwd, &resp, &len);
+ result = Curl_auth_create_plain_message(data, conn->sasl_authzid,
+ conn->user, conn->passwd,
+ &resp, &len);
break;
case SASL_LOGIN:
result = Curl_auth_create_login_message(data, conn->user, &resp, &len);
diff --git a/lib/setopt.c b/lib/setopt.c
index 64a6b010d..91251bd7b 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -2402,6 +2402,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption
option, va_list param)
break;
#endif
+ case CURLOPT_SASL_AUTHZID:
+ /* Authorisation identity (identity to act as) */
+ result = Curl_setstropt(&data->set.str[STRING_SASL_AUTHZID],
+ va_arg(param, char *));
+ break;
+
case CURLOPT_SASL_IR:
/* Enable/disable SASL initial response */
data->set.sasl_ir = (0 != va_arg(param, long)) ? TRUE : FALSE;
diff --git a/lib/url.c b/lib/url.c
index 05fc0e50e..c61319b3b 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -715,6 +715,7 @@ static void conn_free(struct connectdata *conn)
Curl_safefree(conn->user);
Curl_safefree(conn->passwd);
Curl_safefree(conn->oauth_bearer);
+ Curl_safefree(conn->sasl_authzid);
Curl_safefree(conn->options);
Curl_safefree(conn->http_proxy.user);
Curl_safefree(conn->socks_proxy.user);
@@ -3492,6 +3493,14 @@ static CURLcode create_conn(struct Curl_easy *data,
}
}
+ if(data->set.str[STRING_SASL_AUTHZID]) {
+ conn->sasl_authzid = strdup(data->set.str[STRING_SASL_AUTHZID]);
+ if(!conn->sasl_authzid) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto out;
+ }
+ }
+
#ifdef USE_UNIX_SOCKETS
if(data->set.str[STRING_UNIX_SOCKET_PATH]) {
conn->unix_domain_socket = strdup(data->set.str[STRING_UNIX_SOCKET_PATH]);
diff --git a/lib/urldata.h b/lib/urldata.h
index b9daf12de..b3b1263c6 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -875,7 +875,8 @@ struct connectdata {
char *passwd; /* password string, allocated */
char *options; /* options string, allocated */
- char *oauth_bearer; /* bearer token for OAuth 2.0, allocated */
+ char *oauth_bearer; /* bearer token for OAuth 2.0, allocated */
+ char *sasl_authzid; /* authorisation identity string, allocated */
int httpversion; /* the HTTP version*10 reported by the server */
int rtspversion; /* the RTSP version*10 reported by the server */
@@ -1498,6 +1499,7 @@ enum dupstring {
#ifdef USE_ALTSVC
STRING_ALTSVC, /* CURLOPT_ALTSVC */
#endif
+ STRING_SASL_AUTHZID, /* CURLOPT_SASL_AUTHZID */
/* -- end of zero-terminated strings -- */
STRING_LASTZEROTERMINATED,
diff --git a/packages/OS400/ccsidcurl.c b/packages/OS400/ccsidcurl.c
index 4b462a273..a55cd5e10 100644
--- a/packages/OS400/ccsidcurl.c
+++ b/packages/OS400/ccsidcurl.c
@@ -1213,6 +1213,7 @@ curl_easy_setopt_ccsid(CURL *curl, CURLoption tag, ...)
case CURLOPT_RTSP_SESSION_ID:
case CURLOPT_RTSP_STREAM_URI:
case CURLOPT_RTSP_TRANSPORT:
+ case CURLOPT_SASL_AUTHZID:
case CURLOPT_SERVICE_NAME:
case CURLOPT_SOCKS5_GSSAPI_SERVICE:
case CURLOPT_SSH_HOST_PUBLIC_KEY_MD5:
diff --git a/packages/OS400/curl.inc.in b/packages/OS400/curl.inc.in
index 21da014e1..c9c046831 100644
--- a/packages/OS400/curl.inc.in
+++ b/packages/OS400/curl.inc.in
@@ -1425,6 +1425,8 @@
d c 00288
d CURLOPT_H3...
d c 00289
+ d CURLOPT_SASL_AUTHZID...
+ d c 10290
*
/if not defined(CURL_NO_OLDIES)
d CURLOPT_FILE c 10001
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [GNUnet-SVN] [gnurl] 51/220: md4: Use the Curl_md4it() function for OpenSSL based NTLM, (continued)
- [GNUnet-SVN] [gnurl] 51/220: md4: Use the Curl_md4it() function for OpenSSL based NTLM, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 56/220: md4: No need to include Curl_md4.h for each TLS library, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 53/220: md4: Move the WinCrypt implementation out of the NTLM code, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 54/220: md4: Move the mbed TLS MD4 implementation out of the NTLM code, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 59/220: altsvc: fix removal of expired cache entry, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 58/220: RELEASE-NOTES: synced, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 69/220: docs/HTTP3: refreshed as it is now in master and HTTP/3 can be tested, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 78/220: quiche: make POSTFIELDS posts work, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 77/220: quiche: improved error handling and memory cleanups, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 67/220: curl_multi_poll: a sister to curl_multi_wait() that waits more, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 70/220: sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID,
gnunet <=
- [GNUnet-SVN] [gnurl] 71/220: curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 99/220: curl_global_init_mem.3: mention it was added in 7.12.0, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 93/220: cleanup: s/curl_debug/curl_dbg_debug in comments and docs, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 94/220: quiche: add SSLKEYLOGFILE support, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 103/220: asyn-thread: issue CURL_POLL_REMOVE before closing socket, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 95/220: http3: make connection reuse work, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 105/220: nghttp3: initial h3 template code added, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 109/220: HTTP3: use ngtcp2's draft-22 branch, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 112/220: altsvc: make it use h3-22 with ngtcp2 as well, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 115/220: lib/quic.c: unused - removed, gnunet, 2019/09/12