[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 71/220: curl: --sasl-authzid added to support CURLO
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 71/220: curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool |
|
Date: |
Thu, 12 Sep 2019 17:27:11 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 1e08a7925830d7822f911165d9789e5e4f765534
Author: Steve Holme <address@hidden>
AuthorDate: Fri Apr 19 14:26:47 2019 +0100
curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
Ref: https://github.com/curl/curl/issues/3653
Ref: https://github.com/curl/curl/pull/3790
NOTE: This commit was cherry-picked and is part of a series of commits
that added the authzid feature for upcoming 7.66.0. The series was
temporarily reverted in db8ec1f so that it would not ship in a 7.65.x
patch release.
Closes https://github.com/curl/curl/pull/4186
---
docs/cmdline-opts/Makefile.inc | 1 +
docs/cmdline-opts/sasl-authzid.d | 11 ++++++++
src/tool_cfgable.c | 1 +
src/tool_cfgable.h | 1 +
src/tool_getparam.c | 6 ++++-
src/tool_help.c | 2 ++
src/tool_operate.c | 5 ++++
tests/data/Makefile.inc | 7 ++---
tests/data/test848 | 56 +++++++++++++++++++++++++++++++++++++++
tests/data/test849 | 51 +++++++++++++++++++++++++++++++++++
tests/data/test892 | 57 ++++++++++++++++++++++++++++++++++++++++
tests/data/test893 | 53 +++++++++++++++++++++++++++++++++++++
tests/data/test953 | 56 +++++++++++++++++++++++++++++++++++++++
tests/data/test954 | 55 ++++++++++++++++++++++++++++++++++++++
14 files changed, 358 insertions(+), 4 deletions(-)
diff --git a/docs/cmdline-opts/Makefile.inc b/docs/cmdline-opts/Makefile.inc
index d50a8bb26..1bdda9885 100644
--- a/docs/cmdline-opts/Makefile.inc
+++ b/docs/cmdline-opts/Makefile.inc
@@ -158,6 +158,7 @@ DPAGES = \
retry-delay.d \
retry-max-time.d \
retry.d \
+ sasl-authzid.d \
sasl-ir.d \
service-name.d \
show-error.d \
diff --git a/docs/cmdline-opts/sasl-authzid.d b/docs/cmdline-opts/sasl-authzid.d
new file mode 100644
index 000000000..b34db97fc
--- /dev/null
+++ b/docs/cmdline-opts/sasl-authzid.d
@@ -0,0 +1,11 @@
+Long: sasl-authzid
+Help: Use this identity to act as during SASL PLAIN authentication
+Added: 7.66.0
+---
+Use this authorisation identity (authzid), during SASL PLAIN authentication,
+in addition to the authentication identity (authcid) as specified by --user.
+
+If the option isn't specified, the server will derive the authzid from the
+authcid, but if specified, and depending on the server implementation, it may
+be used to access another user's inbox, that the user has been granted access
+to, or a shared mailbox for example.
diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c
index 76febc9c9..efa8c50b2 100644
--- a/src/tool_cfgable.c
+++ b/src/tool_cfgable.c
@@ -133,6 +133,7 @@ static void free_config_fields(struct OperationConfig
*config)
Curl_safefree(config->krblevel);
Curl_safefree(config->oauth_bearer);
+ Curl_safefree(config->sasl_authzid);
Curl_safefree(config->unix_socket_path);
Curl_safefree(config->writeout);
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index d43f03c40..f6248c20b 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -96,6 +96,7 @@ struct OperationConfig {
char *mail_from;
struct curl_slist *mail_rcpt;
char *mail_auth;
+ char *sasl_authzid; /* Authorisation identity (identity to use) */
bool sasl_ir; /* Enable/disable SASL initial response */
bool proxytunnel;
bool ftp_append; /* APPE on ftp */
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 77a77da70..952e602ed 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -178,7 +178,8 @@ static const struct LongShort aliases[]= {
{"$H", "mail-auth", ARG_STRING},
{"$I", "post303", ARG_BOOL},
{"$J", "metalink", ARG_BOOL},
- {"$K", "sasl-ir", ARG_BOOL},
+ {"$6", "sasl-authzid", ARG_STRING},
+ {"$K", "sasl-ir", ARG_BOOL },
{"$L", "test-event", ARG_BOOL},
{"$M", "unix-socket", ARG_FILENAME},
{"$N", "path-as-is", ARG_BOOL},
@@ -1103,6 +1104,9 @@ ParameterError getparameter(const char *flag, /* f or
-long-flag */
#endif
break;
}
+ case '6': /* --sasl-authzid */
+ GetStr(&config->sasl_authzid, nextarg);
+ break;
case 'K': /* --sasl-ir */
config->sasl_ir = toggle;
break;
diff --git a/src/tool_help.c b/src/tool_help.c
index a5b6e7204..86bd692d9 100644
--- a/src/tool_help.c
+++ b/src/tool_help.c
@@ -391,6 +391,8 @@ static const struct helptxt helptext[] = {
"Wait time between retries"},
{" --retry-max-time <seconds>",
"Retry only within this period"},
+ {" --sasl-authzid <identity> ",
+ "Use this identity to act as during SASL PLAIN authentication"},
{" --sasl-ir",
"Enable initial response in SASL authentication"},
{" --service-name <name>",
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 946dc7cca..8d526c328 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -1778,6 +1778,10 @@ static CURLcode create_transfers(struct GlobalConfig
*global,
if(config->mail_auth)
my_setopt_str(curl, CURLOPT_MAIL_AUTH, config->mail_auth);
+ /* new in 7.66.0 */
+ if(config->sasl_authzid)
+ my_setopt_str(curl, CURLOPT_SASL_AUTHZID, config->sasl_authzid);
+
/* new in 7.31.0 */
if(config->sasl_ir)
my_setopt(curl, CURLOPT_SASL_IR, 1L);
@@ -1801,6 +1805,7 @@ static CURLcode create_transfers(struct GlobalConfig
*global,
config->unix_socket_path);
}
}
+
/* new in 7.45.0 */
if(config->proto_default)
my_setopt_str(curl, CURLOPT_DEFAULT_PROTOCOL, config->proto_default);
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 6d19ed3c9..0657d2120 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -93,20 +93,21 @@ test809 test810 test811 test812 test813 test814 test815
test816 test817 \
test818 test819 test820 test821 test822 test823 test824 test825 test826 \
test827 test828 test829 test830 test831 test832 test833 test834 test835 \
test836 test837 test838 test839 test840 test841 test842 test843 test844 \
-test845 test846 test847 \
+test845 test846 test847 test848 test849 \
\
test850 test851 test852 test853 test854 test855 test856 test857 test858 \
test859 test860 test861 test862 test863 test864 test865 test866 test867 \
test868 test869 test870 test871 test872 test873 test874 test875 test876 \
test877 test878 test879 test880 test881 test882 test883 test884 test885 \
-test886 test887 test888 test889 test890 test891 \
+test886 test887 test888 test889 test890 test891 test892 test893 \
\
test900 test901 test902 test903 test904 test905 test906 test907 test908 \
test909 test910 test911 test912 test913 test914 test915 test916 test917 \
test918 test919 test920 test921 test922 test923 test924 test925 test926 \
test927 test928 test929 test930 test931 test932 test933 test934 test935 \
test936 test937 test938 test939 test940 test941 test942 test943 test944 \
-test945 test946 test947 test948 test949 test950 test951 test952 \
+test945 test946 test947 test948 test949 test950 test951 test952 test953 \
+test954 \
\
test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
diff --git a/tests/data/test848 b/tests/data/test848
new file mode 100644
index 000000000..bfea56898
--- /dev/null
+++ b/tests/data/test848
@@ -0,0 +1,56 @@
+<testcase>
+<info>
+<keywords>
+IMAP
+SASL
+SASL AUTH PLAIN
+RFC4616
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+AUTH PLAIN
+REPLY AUTHENTICATE +
+REPLY c2hhcmVkLW1haWxib3gAdXNlcgBzZWNyZXQ= A002 OK AUTHENTICATE completed
+</servercmd>
+<data>
+From: me@somewhere
+To: fake@nowhere
+
+body
+
+--
+ yours sincerely
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+imap
+</server>
+ <name>
+IMAP plain authentication with alternative authorization identity
+ </name>
+ <command>
+'imap://%HOSTIP:%IMAPPORT/848/;MAILINDEX=1' -u user:secret --sasl-authzid
shared-mailbox
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+A001 CAPABILITY
+A002 AUTHENTICATE PLAIN
+c2hhcmVkLW1haWxib3gAdXNlcgBzZWNyZXQ=
+A003 SELECT 848
+A004 FETCH 1 BODY[]
+A005 LOGOUT
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test849 b/tests/data/test849
new file mode 100644
index 000000000..65d5eacf7
--- /dev/null
+++ b/tests/data/test849
@@ -0,0 +1,51 @@
+<testcase>
+<info>
+<keywords>
+IMAP
+SASL
+SASL AUTH PLAIN
+RFC4616
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+AUTH PLAIN
+REPLY AUTHENTICATE +
+REPLY dXJzZWwAa3VydAB4aXBqM3BsbXE= A002 NO Not authorized
+</servercmd>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+imap
+</server>
+ <name>
+IMAP plain authentication with alternative authorization identity (Not
authorized)
+ </name>
+ <command>
+'imap://%HOSTIP:%IMAPPORT/849/;MAILINDEX=1' -u kurt:xipj3plmq --sasl-authzid
ursel
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# 67 - CURLE_LOGIN_DENIED
+<errorcode>
+67
+</errorcode>
+#
+# The multi interface considers a broken "CONNECT" as a prematurely broken
+# transfer and such a connection will not get a "LOGOUT"
+<protocol>
+A001 CAPABILITY
+A002 AUTHENTICATE PLAIN
+dXJzZWwAa3VydAB4aXBqM3BsbXE=
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test892 b/tests/data/test892
new file mode 100644
index 000000000..89a56fbc4
--- /dev/null
+++ b/tests/data/test892
@@ -0,0 +1,57 @@
+<testcase>
+<info>
+<keywords>
+POP3
+SASL
+SASL AUTH PLAIN
+RFC1734
+RFC4616
+RFC5034
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+AUTH PLAIN
+REPLY AUTH +
+REPLY c2hhcmVkLW1haWxib3gAdXNlcgBzZWNyZXQ= +OK Login successful
+</servercmd>
+<data>
+From: me@somewhere
+To: fake@nowhere
+
+body
+
+--
+ yours sincerely
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+pop3
+</server>
+ <name>
+POP3 plain authentication with alternative authorization identity
+ </name>
+ <command>
+pop3://%HOSTIP:%POP3PORT/892 -u user:secret --sasl-authzid shared-mailbox
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+CAPA
+AUTH PLAIN
+c2hhcmVkLW1haWxib3gAdXNlcgBzZWNyZXQ=
+RETR 892
+QUIT
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test893 b/tests/data/test893
new file mode 100644
index 000000000..982c2c897
--- /dev/null
+++ b/tests/data/test893
@@ -0,0 +1,53 @@
+<testcase>
+<info>
+<keywords>
+POP3
+SASL
+SASL AUTH PLAIN
+RFC1734
+RFC4616
+RFC5034
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+AUTH PLAIN
+REPLY AUTH +
+REPLY dXJzZWwAa3VydAB4aXBqM3BsbXE= -ERR Not authorized
+</servercmd>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+pop3
+</server>
+ <name>
+POP3 plain authentication with alternative authorization identity (Not
authorized)
+ </name>
+ <command>
+pop3://%HOSTIP:%POP3PORT/893 -u kurt:xipj3plmq --sasl-authzid ursel
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# 67 - CURLE_LOGIN_DENIED
+<errorcode>
+67
+</errorcode>
+#
+# The multi interface considers a broken "CONNECT" as a prematurely broken
+# transfer and such a connection will not get a "QUIT"
+<protocol>
+CAPA
+AUTH PLAIN
+dXJzZWwAa3VydAB4aXBqM3BsbXE=
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test953 b/tests/data/test953
new file mode 100644
index 000000000..a7636dc22
--- /dev/null
+++ b/tests/data/test953
@@ -0,0 +1,56 @@
+<testcase>
+<info>
+<keywords>
+SMTP
+SASL
+SASL AUTH PLAIN
+RFC4616
+RFC4954
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+AUTH PLAIN
+REPLY AUTH 334 PLAIN supported
+REPLY dXJzZWwAa3VydAB4aXBqM3BsbXE= 235 Authenticated
+</servercmd>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+smtp
+</server>
+ <name>
+SMTP plain authentication with alternative authorization identity
+ </name>
+<stdin>
+mail body
+</stdin>
+ <command>
+smtp://%HOSTIP:%SMTPPORT/953 --mail-rcpt address@hidden --mail-from
address@hidden -u kurt:xipj3plmq --sasl-authzid ursel -T -
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+EHLO 953
+AUTH PLAIN
+dXJzZWwAa3VydAB4aXBqM3BsbXE=
+MAIL FROM:<address@hidden>
+RCPT TO:<address@hidden>
+DATA
+QUIT
+</protocol>
+<upload>
+mail body
+.
+</upload>
+</verify>
+</testcase>
diff --git a/tests/data/test954 b/tests/data/test954
new file mode 100644
index 000000000..dcc0d2d0b
--- /dev/null
+++ b/tests/data/test954
@@ -0,0 +1,55 @@
+<testcase>
+<info>
+<keywords>
+SMTP
+SASL
+SASL AUTH PLAIN
+RFC4616
+RFC4954
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+AUTH PLAIN
+REPLY AUTH 334 PLAIN supported
+REPLY dXJzZWwAa3VydAB4aXBqM3BsbXE= 501 Not authorized
+</servercmd>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+smtp
+</server>
+ <name>
+SMTP plain authentication with alternative authorization identity (Not
authorized)
+ </name>
+<stdin>
+mail body
+</stdin>
+ <command>
+smtp://%HOSTIP:%SMTPPORT/954 --mail-rcpt address@hidden --mail-from
address@hidden -u kurt:xipj3plmq --sasl-authzid ursel -T -
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# 67 - CURLE_LOGIN_DENIED
+<errorcode>
+67
+</errorcode>
+#
+# The multi interface considers a broken "CONNECT" as a prematurely broken
+# transfer and such a connection will not get a "QUIT"
+<protocol>
+EHLO 954
+AUTH PLAIN
+dXJzZWwAa3VydAB4aXBqM3BsbXE=
+</protocol>
+</verify>
+</testcase>
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [GNUnet-SVN] [gnurl] 56/220: md4: No need to include Curl_md4.h for each TLS library, (continued)
- [GNUnet-SVN] [gnurl] 56/220: md4: No need to include Curl_md4.h for each TLS library, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 53/220: md4: Move the WinCrypt implementation out of the NTLM code, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 54/220: md4: Move the mbed TLS MD4 implementation out of the NTLM code, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 59/220: altsvc: fix removal of expired cache entry, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 58/220: RELEASE-NOTES: synced, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 69/220: docs/HTTP3: refreshed as it is now in master and HTTP/3 can be tested, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 78/220: quiche: make POSTFIELDS posts work, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 77/220: quiche: improved error handling and memory cleanups, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 67/220: curl_multi_poll: a sister to curl_multi_wait() that waits more, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 70/220: sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 71/220: curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool,
gnunet <=
- [GNUnet-SVN] [gnurl] 99/220: curl_global_init_mem.3: mention it was added in 7.12.0, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 93/220: cleanup: s/curl_debug/curl_dbg_debug in comments and docs, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 94/220: quiche: add SSLKEYLOGFILE support, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 103/220: asyn-thread: issue CURL_POLL_REMOVE before closing socket, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 95/220: http3: make connection reuse work, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 105/220: nghttp3: initial h3 template code added, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 109/220: HTTP3: use ngtcp2's draft-22 branch, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 112/220: altsvc: make it use h3-22 with ngtcp2 as well, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 115/220: lib/quic.c: unused - removed, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 123/220: curl_version: bump string buffer size to 250, gnunet, 2019/09/12