mirror of
https://github.com/moparisthebest/curl
synced 2025-01-11 14:08:07 -05:00
curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
This commit is contained in:
parent
a14d72ca2f
commit
a9499ff136
@ -154,6 +154,7 @@ DPAGES = \
|
|||||||
retry-delay.d \
|
retry-delay.d \
|
||||||
retry-max-time.d \
|
retry-max-time.d \
|
||||||
retry.d \
|
retry.d \
|
||||||
|
sasl-authzid.d \
|
||||||
sasl-ir.d \
|
sasl-ir.d \
|
||||||
service-name.d \
|
service-name.d \
|
||||||
show-error.d \
|
show-error.d \
|
||||||
|
11
docs/cmdline-opts/sasl-authzid.d
Normal file
11
docs/cmdline-opts/sasl-authzid.d
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
Long: sasl-authzid
|
||||||
|
Help: Use this identity to act as during SASL PLAIN authentication
|
||||||
|
Added: 7.66.0
|
||||||
|
---
|
||||||
|
Use this authorisation identity (authzid), during SASL PLAIN authentication,
|
||||||
|
in addition to the authentication identity (authcid) as specified by --user.
|
||||||
|
|
||||||
|
If the option isn't specified, the server will derive the authzid from the
|
||||||
|
authcid, but if specified, and depending on the server implementation, it may
|
||||||
|
be used to access another user's inbox, that the user has been granted access
|
||||||
|
to, or a shared mailbox for example.
|
@ -133,6 +133,7 @@ static void free_config_fields(struct OperationConfig *config)
|
|||||||
Curl_safefree(config->krblevel);
|
Curl_safefree(config->krblevel);
|
||||||
|
|
||||||
Curl_safefree(config->oauth_bearer);
|
Curl_safefree(config->oauth_bearer);
|
||||||
|
Curl_safefree(config->sasl_authzid);
|
||||||
|
|
||||||
Curl_safefree(config->unix_socket_path);
|
Curl_safefree(config->unix_socket_path);
|
||||||
Curl_safefree(config->writeout);
|
Curl_safefree(config->writeout);
|
||||||
|
@ -97,6 +97,7 @@ struct OperationConfig {
|
|||||||
char *mail_from;
|
char *mail_from;
|
||||||
struct curl_slist *mail_rcpt;
|
struct curl_slist *mail_rcpt;
|
||||||
char *mail_auth;
|
char *mail_auth;
|
||||||
|
char *sasl_authzid; /* Authorisation identity (identity to use) */
|
||||||
bool sasl_ir; /* Enable/disable SASL initial response */
|
bool sasl_ir; /* Enable/disable SASL initial response */
|
||||||
bool proxytunnel;
|
bool proxytunnel;
|
||||||
bool ftp_append; /* APPE on ftp */
|
bool ftp_append; /* APPE on ftp */
|
||||||
|
@ -177,7 +177,8 @@ static const struct LongShort aliases[]= {
|
|||||||
{"$H", "mail-auth", ARG_STRING},
|
{"$H", "mail-auth", ARG_STRING},
|
||||||
{"$I", "post303", ARG_BOOL},
|
{"$I", "post303", ARG_BOOL},
|
||||||
{"$J", "metalink", ARG_BOOL},
|
{"$J", "metalink", ARG_BOOL},
|
||||||
{"$K", "sasl-ir", ARG_BOOL},
|
{"$6", "sasl-authzid", ARG_STRING},
|
||||||
|
{"$K", "sasl-ir", ARG_BOOL },
|
||||||
{"$L", "test-event", ARG_BOOL},
|
{"$L", "test-event", ARG_BOOL},
|
||||||
{"$M", "unix-socket", ARG_FILENAME},
|
{"$M", "unix-socket", ARG_FILENAME},
|
||||||
{"$N", "path-as-is", ARG_BOOL},
|
{"$N", "path-as-is", ARG_BOOL},
|
||||||
@ -1099,6 +1100,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
|
|||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
case '6': /* --sasl-authzid */
|
||||||
|
GetStr(&config->sasl_authzid, nextarg);
|
||||||
|
break;
|
||||||
case 'K': /* --sasl-ir */
|
case 'K': /* --sasl-ir */
|
||||||
config->sasl_ir = toggle;
|
config->sasl_ir = toggle;
|
||||||
break;
|
break;
|
||||||
|
@ -385,6 +385,8 @@ static const struct helptxt helptext[] = {
|
|||||||
"Wait time between retries"},
|
"Wait time between retries"},
|
||||||
{" --retry-max-time <seconds>",
|
{" --retry-max-time <seconds>",
|
||||||
"Retry only within this period"},
|
"Retry only within this period"},
|
||||||
|
{" --sasl-authzid <identity> ",
|
||||||
|
"Use this identity to act as during SASL PLAIN authentication"},
|
||||||
{" --sasl-ir",
|
{" --sasl-ir",
|
||||||
"Enable initial response in SASL authentication"},
|
"Enable initial response in SASL authentication"},
|
||||||
{" --service-name <name>",
|
{" --service-name <name>",
|
||||||
|
@ -1501,6 +1501,10 @@ static CURLcode operate_do(struct GlobalConfig *global,
|
|||||||
if(config->mail_auth)
|
if(config->mail_auth)
|
||||||
my_setopt_str(curl, CURLOPT_MAIL_AUTH, config->mail_auth);
|
my_setopt_str(curl, CURLOPT_MAIL_AUTH, config->mail_auth);
|
||||||
|
|
||||||
|
/* new in 7.66.0 */
|
||||||
|
if(config->sasl_authzid)
|
||||||
|
my_setopt_str(curl, CURLOPT_SASL_AUTHZID, config->sasl_authzid);
|
||||||
|
|
||||||
/* new in 7.31.0 */
|
/* new in 7.31.0 */
|
||||||
if(config->sasl_ir)
|
if(config->sasl_ir)
|
||||||
my_setopt(curl, CURLOPT_SASL_IR, 1L);
|
my_setopt(curl, CURLOPT_SASL_IR, 1L);
|
||||||
@ -1524,6 +1528,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
|
|||||||
config->unix_socket_path);
|
config->unix_socket_path);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* new in 7.45.0 */
|
/* new in 7.45.0 */
|
||||||
if(config->proto_default)
|
if(config->proto_default)
|
||||||
my_setopt_str(curl, CURLOPT_DEFAULT_PROTOCOL, config->proto_default);
|
my_setopt_str(curl, CURLOPT_DEFAULT_PROTOCOL, config->proto_default);
|
||||||
|
@ -93,20 +93,21 @@ test809 test810 test811 test812 test813 test814 test815 test816 test817 \
|
|||||||
test818 test819 test820 test821 test822 test823 test824 test825 test826 \
|
test818 test819 test820 test821 test822 test823 test824 test825 test826 \
|
||||||
test827 test828 test829 test830 test831 test832 test833 test834 test835 \
|
test827 test828 test829 test830 test831 test832 test833 test834 test835 \
|
||||||
test836 test837 test838 test839 test840 test841 test842 test843 test844 \
|
test836 test837 test838 test839 test840 test841 test842 test843 test844 \
|
||||||
test845 test846 test847 \
|
test845 test846 test847 test848 test849 \
|
||||||
\
|
\
|
||||||
test850 test851 test852 test853 test854 test855 test856 test857 test858 \
|
test850 test851 test852 test853 test854 test855 test856 test857 test858 \
|
||||||
test859 test860 test861 test862 test863 test864 test865 test866 test867 \
|
test859 test860 test861 test862 test863 test864 test865 test866 test867 \
|
||||||
test868 test869 test870 test871 test872 test873 test874 test875 test876 \
|
test868 test869 test870 test871 test872 test873 test874 test875 test876 \
|
||||||
test877 test878 test879 test880 test881 test882 test883 test884 test885 \
|
test877 test878 test879 test880 test881 test882 test883 test884 test885 \
|
||||||
test886 test887 test888 test889 test890 test891 \
|
test886 test887 test888 test889 test890 test891 test892 test893 \
|
||||||
\
|
\
|
||||||
test900 test901 test902 test903 test904 test905 test906 test907 test908 \
|
test900 test901 test902 test903 test904 test905 test906 test907 test908 \
|
||||||
test909 test910 test911 test912 test913 test914 test915 test916 test917 \
|
test909 test910 test911 test912 test913 test914 test915 test916 test917 \
|
||||||
test918 test919 test920 test921 test922 test923 test924 test925 test926 \
|
test918 test919 test920 test921 test922 test923 test924 test925 test926 \
|
||||||
test927 test928 test929 test930 test931 test932 test933 test934 test935 \
|
test927 test928 test929 test930 test931 test932 test933 test934 test935 \
|
||||||
test936 test937 test938 test939 test940 test941 test942 test943 test944 \
|
test936 test937 test938 test939 test940 test941 test942 test943 test944 \
|
||||||
test945 test946 test947 test948 test949 test950 test951 test952 \
|
test945 test946 test947 test948 test949 test950 test951 test952 test953 \
|
||||||
|
test954 \
|
||||||
\
|
\
|
||||||
test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
|
test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
|
||||||
test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
|
test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
|
||||||
|
56
tests/data/test848
Normal file
56
tests/data/test848
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
<testcase>
|
||||||
|
<info>
|
||||||
|
<keywords>
|
||||||
|
IMAP
|
||||||
|
SASL
|
||||||
|
SASL AUTH PLAIN
|
||||||
|
RFC4616
|
||||||
|
</keywords>
|
||||||
|
</info>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Server-side
|
||||||
|
<reply>
|
||||||
|
<servercmd>
|
||||||
|
AUTH PLAIN
|
||||||
|
REPLY AUTHENTICATE +
|
||||||
|
REPLY c2hhcmVkLW1haWxib3gAdXNlcgBzZWNyZXQ= A002 OK AUTHENTICATE completed
|
||||||
|
</servercmd>
|
||||||
|
<data>
|
||||||
|
From: me@somewhere
|
||||||
|
To: fake@nowhere
|
||||||
|
|
||||||
|
body
|
||||||
|
|
||||||
|
--
|
||||||
|
yours sincerely
|
||||||
|
</data>
|
||||||
|
</reply>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Client-side
|
||||||
|
<client>
|
||||||
|
<server>
|
||||||
|
imap
|
||||||
|
</server>
|
||||||
|
<name>
|
||||||
|
IMAP plain authentication with alternative authorization identity
|
||||||
|
</name>
|
||||||
|
<command>
|
||||||
|
'imap://%HOSTIP:%IMAPPORT/848/;MAILINDEX=1' -u user:secret --sasl-authzid shared-mailbox
|
||||||
|
</command>
|
||||||
|
</client>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Verify data after the test has been "shot"
|
||||||
|
<verify>
|
||||||
|
<protocol>
|
||||||
|
A001 CAPABILITY
|
||||||
|
A002 AUTHENTICATE PLAIN
|
||||||
|
c2hhcmVkLW1haWxib3gAdXNlcgBzZWNyZXQ=
|
||||||
|
A003 SELECT 848
|
||||||
|
A004 FETCH 1 BODY[]
|
||||||
|
A005 LOGOUT
|
||||||
|
</protocol>
|
||||||
|
</verify>
|
||||||
|
</testcase>
|
51
tests/data/test849
Normal file
51
tests/data/test849
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
<testcase>
|
||||||
|
<info>
|
||||||
|
<keywords>
|
||||||
|
IMAP
|
||||||
|
SASL
|
||||||
|
SASL AUTH PLAIN
|
||||||
|
RFC4616
|
||||||
|
</keywords>
|
||||||
|
</info>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Server-side
|
||||||
|
<reply>
|
||||||
|
<servercmd>
|
||||||
|
AUTH PLAIN
|
||||||
|
REPLY AUTHENTICATE +
|
||||||
|
REPLY dXJzZWwAa3VydAB4aXBqM3BsbXE= A002 NO Not authorized
|
||||||
|
</servercmd>
|
||||||
|
</reply>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Client-side
|
||||||
|
<client>
|
||||||
|
<server>
|
||||||
|
imap
|
||||||
|
</server>
|
||||||
|
<name>
|
||||||
|
IMAP plain authentication with alternative authorization identity (Not authorized)
|
||||||
|
</name>
|
||||||
|
<command>
|
||||||
|
'imap://%HOSTIP:%IMAPPORT/849/;MAILINDEX=1' -u kurt:xipj3plmq --sasl-authzid ursel
|
||||||
|
</command>
|
||||||
|
</client>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Verify data after the test has been "shot"
|
||||||
|
<verify>
|
||||||
|
# 67 - CURLE_LOGIN_DENIED
|
||||||
|
<errorcode>
|
||||||
|
67
|
||||||
|
</errorcode>
|
||||||
|
#
|
||||||
|
# The multi interface considers a broken "CONNECT" as a prematurely broken
|
||||||
|
# transfer and such a connection will not get a "LOGOUT"
|
||||||
|
<protocol>
|
||||||
|
A001 CAPABILITY
|
||||||
|
A002 AUTHENTICATE PLAIN
|
||||||
|
dXJzZWwAa3VydAB4aXBqM3BsbXE=
|
||||||
|
</protocol>
|
||||||
|
</verify>
|
||||||
|
</testcase>
|
57
tests/data/test892
Normal file
57
tests/data/test892
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
<testcase>
|
||||||
|
<info>
|
||||||
|
<keywords>
|
||||||
|
POP3
|
||||||
|
SASL
|
||||||
|
SASL AUTH PLAIN
|
||||||
|
RFC1734
|
||||||
|
RFC4616
|
||||||
|
RFC5034
|
||||||
|
</keywords>
|
||||||
|
</info>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Server-side
|
||||||
|
<reply>
|
||||||
|
<servercmd>
|
||||||
|
AUTH PLAIN
|
||||||
|
REPLY AUTH +
|
||||||
|
REPLY c2hhcmVkLW1haWxib3gAdXNlcgBzZWNyZXQ= +OK Login successful
|
||||||
|
</servercmd>
|
||||||
|
<data>
|
||||||
|
From: me@somewhere
|
||||||
|
To: fake@nowhere
|
||||||
|
|
||||||
|
body
|
||||||
|
|
||||||
|
--
|
||||||
|
yours sincerely
|
||||||
|
</data>
|
||||||
|
</reply>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Client-side
|
||||||
|
<client>
|
||||||
|
<server>
|
||||||
|
pop3
|
||||||
|
</server>
|
||||||
|
<name>
|
||||||
|
POP3 plain authentication with alternative authorization identity
|
||||||
|
</name>
|
||||||
|
<command>
|
||||||
|
pop3://%HOSTIP:%POP3PORT/892 -u user:secret --sasl-authzid shared-mailbox
|
||||||
|
</command>
|
||||||
|
</client>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Verify data after the test has been "shot"
|
||||||
|
<verify>
|
||||||
|
<protocol>
|
||||||
|
CAPA
|
||||||
|
AUTH PLAIN
|
||||||
|
c2hhcmVkLW1haWxib3gAdXNlcgBzZWNyZXQ=
|
||||||
|
RETR 892
|
||||||
|
QUIT
|
||||||
|
</protocol>
|
||||||
|
</verify>
|
||||||
|
</testcase>
|
53
tests/data/test893
Normal file
53
tests/data/test893
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
<testcase>
|
||||||
|
<info>
|
||||||
|
<keywords>
|
||||||
|
POP3
|
||||||
|
SASL
|
||||||
|
SASL AUTH PLAIN
|
||||||
|
RFC1734
|
||||||
|
RFC4616
|
||||||
|
RFC5034
|
||||||
|
</keywords>
|
||||||
|
</info>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Server-side
|
||||||
|
<reply>
|
||||||
|
<servercmd>
|
||||||
|
AUTH PLAIN
|
||||||
|
REPLY AUTH +
|
||||||
|
REPLY dXJzZWwAa3VydAB4aXBqM3BsbXE= -ERR Not authorized
|
||||||
|
</servercmd>
|
||||||
|
</reply>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Client-side
|
||||||
|
<client>
|
||||||
|
<server>
|
||||||
|
pop3
|
||||||
|
</server>
|
||||||
|
<name>
|
||||||
|
POP3 plain authentication with alternative authorization identity (Not authorized)
|
||||||
|
</name>
|
||||||
|
<command>
|
||||||
|
pop3://%HOSTIP:%POP3PORT/893 -u kurt:xipj3plmq --sasl-authzid ursel
|
||||||
|
</command>
|
||||||
|
</client>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Verify data after the test has been "shot"
|
||||||
|
<verify>
|
||||||
|
# 67 - CURLE_LOGIN_DENIED
|
||||||
|
<errorcode>
|
||||||
|
67
|
||||||
|
</errorcode>
|
||||||
|
#
|
||||||
|
# The multi interface considers a broken "CONNECT" as a prematurely broken
|
||||||
|
# transfer and such a connection will not get a "QUIT"
|
||||||
|
<protocol>
|
||||||
|
CAPA
|
||||||
|
AUTH PLAIN
|
||||||
|
dXJzZWwAa3VydAB4aXBqM3BsbXE=
|
||||||
|
</protocol>
|
||||||
|
</verify>
|
||||||
|
</testcase>
|
56
tests/data/test953
Normal file
56
tests/data/test953
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
<testcase>
|
||||||
|
<info>
|
||||||
|
<keywords>
|
||||||
|
SMTP
|
||||||
|
SASL
|
||||||
|
SASL AUTH PLAIN
|
||||||
|
RFC4616
|
||||||
|
RFC4954
|
||||||
|
</keywords>
|
||||||
|
</info>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Server-side
|
||||||
|
<reply>
|
||||||
|
<servercmd>
|
||||||
|
AUTH PLAIN
|
||||||
|
REPLY AUTH 334 PLAIN supported
|
||||||
|
REPLY dXJzZWwAa3VydAB4aXBqM3BsbXE= 235 Authenticated
|
||||||
|
</servercmd>
|
||||||
|
</reply>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Client-side
|
||||||
|
<client>
|
||||||
|
<server>
|
||||||
|
smtp
|
||||||
|
</server>
|
||||||
|
<name>
|
||||||
|
SMTP plain authentication with alternative authorization identity
|
||||||
|
</name>
|
||||||
|
<stdin>
|
||||||
|
mail body
|
||||||
|
</stdin>
|
||||||
|
<command>
|
||||||
|
smtp://%HOSTIP:%SMTPPORT/953 --mail-rcpt recipient@example.com --mail-from sender@example.com -u kurt:xipj3plmq --sasl-authzid ursel -T -
|
||||||
|
</command>
|
||||||
|
</client>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Verify data after the test has been "shot"
|
||||||
|
<verify>
|
||||||
|
<protocol>
|
||||||
|
EHLO 953
|
||||||
|
AUTH PLAIN
|
||||||
|
dXJzZWwAa3VydAB4aXBqM3BsbXE=
|
||||||
|
MAIL FROM:<sender@example.com>
|
||||||
|
RCPT TO:<recipient@example.com>
|
||||||
|
DATA
|
||||||
|
QUIT
|
||||||
|
</protocol>
|
||||||
|
<upload>
|
||||||
|
mail body
|
||||||
|
.
|
||||||
|
</upload>
|
||||||
|
</verify>
|
||||||
|
</testcase>
|
55
tests/data/test954
Normal file
55
tests/data/test954
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
<testcase>
|
||||||
|
<info>
|
||||||
|
<keywords>
|
||||||
|
SMTP
|
||||||
|
SASL
|
||||||
|
SASL AUTH PLAIN
|
||||||
|
RFC4616
|
||||||
|
RFC4954
|
||||||
|
</keywords>
|
||||||
|
</info>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Server-side
|
||||||
|
<reply>
|
||||||
|
<servercmd>
|
||||||
|
AUTH PLAIN
|
||||||
|
REPLY AUTH 334 PLAIN supported
|
||||||
|
REPLY dXJzZWwAa3VydAB4aXBqM3BsbXE= 501 Not authorized
|
||||||
|
</servercmd>
|
||||||
|
</reply>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Client-side
|
||||||
|
<client>
|
||||||
|
<server>
|
||||||
|
smtp
|
||||||
|
</server>
|
||||||
|
<name>
|
||||||
|
SMTP plain authentication with alternative authorization identity (Not authorized)
|
||||||
|
</name>
|
||||||
|
<stdin>
|
||||||
|
mail body
|
||||||
|
</stdin>
|
||||||
|
<command>
|
||||||
|
smtp://%HOSTIP:%SMTPPORT/954 --mail-rcpt recipient@example.com --mail-from sender@example.com -u kurt:xipj3plmq --sasl-authzid ursel -T -
|
||||||
|
</command>
|
||||||
|
</client>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Verify data after the test has been "shot"
|
||||||
|
<verify>
|
||||||
|
# 67 - CURLE_LOGIN_DENIED
|
||||||
|
<errorcode>
|
||||||
|
67
|
||||||
|
</errorcode>
|
||||||
|
#
|
||||||
|
# The multi interface considers a broken "CONNECT" as a prematurely broken
|
||||||
|
# transfer and such a connection will not get a "QUIT"
|
||||||
|
<protocol>
|
||||||
|
EHLO 954
|
||||||
|
AUTH PLAIN
|
||||||
|
dXJzZWwAa3VydAB4aXBqM3BsbXE=
|
||||||
|
</protocol>
|
||||||
|
</verify>
|
||||||
|
</testcase>
|
Loading…
Reference in New Issue
Block a user