1
0
mirror of https://github.com/moparisthebest/curl synced 2025-01-11 14:08:07 -05:00

curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool

This commit is contained in:
Steve Holme 2019-04-19 14:26:47 +01:00
parent a14d72ca2f
commit a9499ff136
No known key found for this signature in database
GPG Key ID: 4059CB85CA7E8F19
14 changed files with 358 additions and 4 deletions

View File

@ -154,6 +154,7 @@ DPAGES = \
retry-delay.d \ retry-delay.d \
retry-max-time.d \ retry-max-time.d \
retry.d \ retry.d \
sasl-authzid.d \
sasl-ir.d \ sasl-ir.d \
service-name.d \ service-name.d \
show-error.d \ show-error.d \

View File

@ -0,0 +1,11 @@
Long: sasl-authzid
Help: Use this identity to act as during SASL PLAIN authentication
Added: 7.66.0
---
Use this authorisation identity (authzid), during SASL PLAIN authentication,
in addition to the authentication identity (authcid) as specified by --user.
If the option isn't specified, the server will derive the authzid from the
authcid, but if specified, and depending on the server implementation, it may
be used to access another user's inbox, that the user has been granted access
to, or a shared mailbox for example.

View File

@ -133,6 +133,7 @@ static void free_config_fields(struct OperationConfig *config)
Curl_safefree(config->krblevel); Curl_safefree(config->krblevel);
Curl_safefree(config->oauth_bearer); Curl_safefree(config->oauth_bearer);
Curl_safefree(config->sasl_authzid);
Curl_safefree(config->unix_socket_path); Curl_safefree(config->unix_socket_path);
Curl_safefree(config->writeout); Curl_safefree(config->writeout);

View File

@ -97,6 +97,7 @@ struct OperationConfig {
char *mail_from; char *mail_from;
struct curl_slist *mail_rcpt; struct curl_slist *mail_rcpt;
char *mail_auth; char *mail_auth;
char *sasl_authzid; /* Authorisation identity (identity to use) */
bool sasl_ir; /* Enable/disable SASL initial response */ bool sasl_ir; /* Enable/disable SASL initial response */
bool proxytunnel; bool proxytunnel;
bool ftp_append; /* APPE on ftp */ bool ftp_append; /* APPE on ftp */

View File

@ -177,7 +177,8 @@ static const struct LongShort aliases[]= {
{"$H", "mail-auth", ARG_STRING}, {"$H", "mail-auth", ARG_STRING},
{"$I", "post303", ARG_BOOL}, {"$I", "post303", ARG_BOOL},
{"$J", "metalink", ARG_BOOL}, {"$J", "metalink", ARG_BOOL},
{"$K", "sasl-ir", ARG_BOOL}, {"$6", "sasl-authzid", ARG_STRING},
{"$K", "sasl-ir", ARG_BOOL },
{"$L", "test-event", ARG_BOOL}, {"$L", "test-event", ARG_BOOL},
{"$M", "unix-socket", ARG_FILENAME}, {"$M", "unix-socket", ARG_FILENAME},
{"$N", "path-as-is", ARG_BOOL}, {"$N", "path-as-is", ARG_BOOL},
@ -1099,6 +1100,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
#endif #endif
break; break;
} }
case '6': /* --sasl-authzid */
GetStr(&config->sasl_authzid, nextarg);
break;
case 'K': /* --sasl-ir */ case 'K': /* --sasl-ir */
config->sasl_ir = toggle; config->sasl_ir = toggle;
break; break;

View File

@ -385,6 +385,8 @@ static const struct helptxt helptext[] = {
"Wait time between retries"}, "Wait time between retries"},
{" --retry-max-time <seconds>", {" --retry-max-time <seconds>",
"Retry only within this period"}, "Retry only within this period"},
{" --sasl-authzid <identity> ",
"Use this identity to act as during SASL PLAIN authentication"},
{" --sasl-ir", {" --sasl-ir",
"Enable initial response in SASL authentication"}, "Enable initial response in SASL authentication"},
{" --service-name <name>", {" --service-name <name>",

View File

@ -1501,6 +1501,10 @@ static CURLcode operate_do(struct GlobalConfig *global,
if(config->mail_auth) if(config->mail_auth)
my_setopt_str(curl, CURLOPT_MAIL_AUTH, config->mail_auth); my_setopt_str(curl, CURLOPT_MAIL_AUTH, config->mail_auth);
/* new in 7.66.0 */
if(config->sasl_authzid)
my_setopt_str(curl, CURLOPT_SASL_AUTHZID, config->sasl_authzid);
/* new in 7.31.0 */ /* new in 7.31.0 */
if(config->sasl_ir) if(config->sasl_ir)
my_setopt(curl, CURLOPT_SASL_IR, 1L); my_setopt(curl, CURLOPT_SASL_IR, 1L);
@ -1524,6 +1528,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
config->unix_socket_path); config->unix_socket_path);
} }
} }
/* new in 7.45.0 */ /* new in 7.45.0 */
if(config->proto_default) if(config->proto_default)
my_setopt_str(curl, CURLOPT_DEFAULT_PROTOCOL, config->proto_default); my_setopt_str(curl, CURLOPT_DEFAULT_PROTOCOL, config->proto_default);

View File

@ -93,20 +93,21 @@ test809 test810 test811 test812 test813 test814 test815 test816 test817 \
test818 test819 test820 test821 test822 test823 test824 test825 test826 \ test818 test819 test820 test821 test822 test823 test824 test825 test826 \
test827 test828 test829 test830 test831 test832 test833 test834 test835 \ test827 test828 test829 test830 test831 test832 test833 test834 test835 \
test836 test837 test838 test839 test840 test841 test842 test843 test844 \ test836 test837 test838 test839 test840 test841 test842 test843 test844 \
test845 test846 test847 \ test845 test846 test847 test848 test849 \
\ \
test850 test851 test852 test853 test854 test855 test856 test857 test858 \ test850 test851 test852 test853 test854 test855 test856 test857 test858 \
test859 test860 test861 test862 test863 test864 test865 test866 test867 \ test859 test860 test861 test862 test863 test864 test865 test866 test867 \
test868 test869 test870 test871 test872 test873 test874 test875 test876 \ test868 test869 test870 test871 test872 test873 test874 test875 test876 \
test877 test878 test879 test880 test881 test882 test883 test884 test885 \ test877 test878 test879 test880 test881 test882 test883 test884 test885 \
test886 test887 test888 test889 test890 test891 \ test886 test887 test888 test889 test890 test891 test892 test893 \
\ \
test900 test901 test902 test903 test904 test905 test906 test907 test908 \ test900 test901 test902 test903 test904 test905 test906 test907 test908 \
test909 test910 test911 test912 test913 test914 test915 test916 test917 \ test909 test910 test911 test912 test913 test914 test915 test916 test917 \
test918 test919 test920 test921 test922 test923 test924 test925 test926 \ test918 test919 test920 test921 test922 test923 test924 test925 test926 \
test927 test928 test929 test930 test931 test932 test933 test934 test935 \ test927 test928 test929 test930 test931 test932 test933 test934 test935 \
test936 test937 test938 test939 test940 test941 test942 test943 test944 \ test936 test937 test938 test939 test940 test941 test942 test943 test944 \
test945 test946 test947 test948 test949 test950 test951 test952 \ test945 test946 test947 test948 test949 test950 test951 test952 test953 \
test954 \
\ \
test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \

56
tests/data/test848 Normal file
View File

@ -0,0 +1,56 @@
<testcase>
<info>
<keywords>
IMAP
SASL
SASL AUTH PLAIN
RFC4616
</keywords>
</info>
#
# Server-side
<reply>
<servercmd>
AUTH PLAIN
REPLY AUTHENTICATE +
REPLY c2hhcmVkLW1haWxib3gAdXNlcgBzZWNyZXQ= A002 OK AUTHENTICATE completed
</servercmd>
<data>
From: me@somewhere
To: fake@nowhere
body
--
yours sincerely
</data>
</reply>
#
# Client-side
<client>
<server>
imap
</server>
<name>
IMAP plain authentication with alternative authorization identity
</name>
<command>
'imap://%HOSTIP:%IMAPPORT/848/;MAILINDEX=1' -u user:secret --sasl-authzid shared-mailbox
</command>
</client>
#
# Verify data after the test has been "shot"
<verify>
<protocol>
A001 CAPABILITY
A002 AUTHENTICATE PLAIN
c2hhcmVkLW1haWxib3gAdXNlcgBzZWNyZXQ=
A003 SELECT 848
A004 FETCH 1 BODY[]
A005 LOGOUT
</protocol>
</verify>
</testcase>

51
tests/data/test849 Normal file
View File

@ -0,0 +1,51 @@
<testcase>
<info>
<keywords>
IMAP
SASL
SASL AUTH PLAIN
RFC4616
</keywords>
</info>
#
# Server-side
<reply>
<servercmd>
AUTH PLAIN
REPLY AUTHENTICATE +
REPLY dXJzZWwAa3VydAB4aXBqM3BsbXE= A002 NO Not authorized
</servercmd>
</reply>
#
# Client-side
<client>
<server>
imap
</server>
<name>
IMAP plain authentication with alternative authorization identity (Not authorized)
</name>
<command>
'imap://%HOSTIP:%IMAPPORT/849/;MAILINDEX=1' -u kurt:xipj3plmq --sasl-authzid ursel
</command>
</client>
#
# Verify data after the test has been "shot"
<verify>
# 67 - CURLE_LOGIN_DENIED
<errorcode>
67
</errorcode>
#
# The multi interface considers a broken "CONNECT" as a prematurely broken
# transfer and such a connection will not get a "LOGOUT"
<protocol>
A001 CAPABILITY
A002 AUTHENTICATE PLAIN
dXJzZWwAa3VydAB4aXBqM3BsbXE=
</protocol>
</verify>
</testcase>

57
tests/data/test892 Normal file
View File

@ -0,0 +1,57 @@
<testcase>
<info>
<keywords>
POP3
SASL
SASL AUTH PLAIN
RFC1734
RFC4616
RFC5034
</keywords>
</info>
#
# Server-side
<reply>
<servercmd>
AUTH PLAIN
REPLY AUTH +
REPLY c2hhcmVkLW1haWxib3gAdXNlcgBzZWNyZXQ= +OK Login successful
</servercmd>
<data>
From: me@somewhere
To: fake@nowhere
body
--
yours sincerely
</data>
</reply>
#
# Client-side
<client>
<server>
pop3
</server>
<name>
POP3 plain authentication with alternative authorization identity
</name>
<command>
pop3://%HOSTIP:%POP3PORT/892 -u user:secret --sasl-authzid shared-mailbox
</command>
</client>
#
# Verify data after the test has been "shot"
<verify>
<protocol>
CAPA
AUTH PLAIN
c2hhcmVkLW1haWxib3gAdXNlcgBzZWNyZXQ=
RETR 892
QUIT
</protocol>
</verify>
</testcase>

53
tests/data/test893 Normal file
View File

@ -0,0 +1,53 @@
<testcase>
<info>
<keywords>
POP3
SASL
SASL AUTH PLAIN
RFC1734
RFC4616
RFC5034
</keywords>
</info>
#
# Server-side
<reply>
<servercmd>
AUTH PLAIN
REPLY AUTH +
REPLY dXJzZWwAa3VydAB4aXBqM3BsbXE= -ERR Not authorized
</servercmd>
</reply>
#
# Client-side
<client>
<server>
pop3
</server>
<name>
POP3 plain authentication with alternative authorization identity (Not authorized)
</name>
<command>
pop3://%HOSTIP:%POP3PORT/893 -u kurt:xipj3plmq --sasl-authzid ursel
</command>
</client>
#
# Verify data after the test has been "shot"
<verify>
# 67 - CURLE_LOGIN_DENIED
<errorcode>
67
</errorcode>
#
# The multi interface considers a broken "CONNECT" as a prematurely broken
# transfer and such a connection will not get a "QUIT"
<protocol>
CAPA
AUTH PLAIN
dXJzZWwAa3VydAB4aXBqM3BsbXE=
</protocol>
</verify>
</testcase>

56
tests/data/test953 Normal file
View File

@ -0,0 +1,56 @@
<testcase>
<info>
<keywords>
SMTP
SASL
SASL AUTH PLAIN
RFC4616
RFC4954
</keywords>
</info>
#
# Server-side
<reply>
<servercmd>
AUTH PLAIN
REPLY AUTH 334 PLAIN supported
REPLY dXJzZWwAa3VydAB4aXBqM3BsbXE= 235 Authenticated
</servercmd>
</reply>
#
# Client-side
<client>
<server>
smtp
</server>
<name>
SMTP plain authentication with alternative authorization identity
</name>
<stdin>
mail body
</stdin>
<command>
smtp://%HOSTIP:%SMTPPORT/953 --mail-rcpt recipient@example.com --mail-from sender@example.com -u kurt:xipj3plmq --sasl-authzid ursel -T -
</command>
</client>
#
# Verify data after the test has been "shot"
<verify>
<protocol>
EHLO 953
AUTH PLAIN
dXJzZWwAa3VydAB4aXBqM3BsbXE=
MAIL FROM:<sender@example.com>
RCPT TO:<recipient@example.com>
DATA
QUIT
</protocol>
<upload>
mail body
.
</upload>
</verify>
</testcase>

55
tests/data/test954 Normal file
View File

@ -0,0 +1,55 @@
<testcase>
<info>
<keywords>
SMTP
SASL
SASL AUTH PLAIN
RFC4616
RFC4954
</keywords>
</info>
#
# Server-side
<reply>
<servercmd>
AUTH PLAIN
REPLY AUTH 334 PLAIN supported
REPLY dXJzZWwAa3VydAB4aXBqM3BsbXE= 501 Not authorized
</servercmd>
</reply>
#
# Client-side
<client>
<server>
smtp
</server>
<name>
SMTP plain authentication with alternative authorization identity (Not authorized)
</name>
<stdin>
mail body
</stdin>
<command>
smtp://%HOSTIP:%SMTPPORT/954 --mail-rcpt recipient@example.com --mail-from sender@example.com -u kurt:xipj3plmq --sasl-authzid ursel -T -
</command>
</client>
#
# Verify data after the test has been "shot"
<verify>
# 67 - CURLE_LOGIN_DENIED
<errorcode>
67
</errorcode>
#
# The multi interface considers a broken "CONNECT" as a prematurely broken
# transfer and such a connection will not get a "QUIT"
<protocol>
EHLO 954
AUTH PLAIN
dXJzZWwAa3VydAB4aXBqM3BsbXE=
</protocol>
</verify>
</testcase>