mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 16:48:49 -05:00
curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
This commit is contained in:
parent
a14d72ca2f
commit
a9499ff136
@ -154,6 +154,7 @@ DPAGES = \
|
||||
retry-delay.d \
|
||||
retry-max-time.d \
|
||||
retry.d \
|
||||
sasl-authzid.d \
|
||||
sasl-ir.d \
|
||||
service-name.d \
|
||||
show-error.d \
|
||||
|
11
docs/cmdline-opts/sasl-authzid.d
Normal file
11
docs/cmdline-opts/sasl-authzid.d
Normal file
@ -0,0 +1,11 @@
|
||||
Long: sasl-authzid
|
||||
Help: Use this identity to act as during SASL PLAIN authentication
|
||||
Added: 7.66.0
|
||||
---
|
||||
Use this authorisation identity (authzid), during SASL PLAIN authentication,
|
||||
in addition to the authentication identity (authcid) as specified by --user.
|
||||
|
||||
If the option isn't specified, the server will derive the authzid from the
|
||||
authcid, but if specified, and depending on the server implementation, it may
|
||||
be used to access another user's inbox, that the user has been granted access
|
||||
to, or a shared mailbox for example.
|
@ -133,6 +133,7 @@ static void free_config_fields(struct OperationConfig *config)
|
||||
Curl_safefree(config->krblevel);
|
||||
|
||||
Curl_safefree(config->oauth_bearer);
|
||||
Curl_safefree(config->sasl_authzid);
|
||||
|
||||
Curl_safefree(config->unix_socket_path);
|
||||
Curl_safefree(config->writeout);
|
||||
|
@ -97,6 +97,7 @@ struct OperationConfig {
|
||||
char *mail_from;
|
||||
struct curl_slist *mail_rcpt;
|
||||
char *mail_auth;
|
||||
char *sasl_authzid; /* Authorisation identity (identity to use) */
|
||||
bool sasl_ir; /* Enable/disable SASL initial response */
|
||||
bool proxytunnel;
|
||||
bool ftp_append; /* APPE on ftp */
|
||||
|
@ -177,7 +177,8 @@ static const struct LongShort aliases[]= {
|
||||
{"$H", "mail-auth", ARG_STRING},
|
||||
{"$I", "post303", ARG_BOOL},
|
||||
{"$J", "metalink", ARG_BOOL},
|
||||
{"$K", "sasl-ir", ARG_BOOL},
|
||||
{"$6", "sasl-authzid", ARG_STRING},
|
||||
{"$K", "sasl-ir", ARG_BOOL },
|
||||
{"$L", "test-event", ARG_BOOL},
|
||||
{"$M", "unix-socket", ARG_FILENAME},
|
||||
{"$N", "path-as-is", ARG_BOOL},
|
||||
@ -1099,6 +1100,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
|
||||
#endif
|
||||
break;
|
||||
}
|
||||
case '6': /* --sasl-authzid */
|
||||
GetStr(&config->sasl_authzid, nextarg);
|
||||
break;
|
||||
case 'K': /* --sasl-ir */
|
||||
config->sasl_ir = toggle;
|
||||
break;
|
||||
|
@ -385,6 +385,8 @@ static const struct helptxt helptext[] = {
|
||||
"Wait time between retries"},
|
||||
{" --retry-max-time <seconds>",
|
||||
"Retry only within this period"},
|
||||
{" --sasl-authzid <identity> ",
|
||||
"Use this identity to act as during SASL PLAIN authentication"},
|
||||
{" --sasl-ir",
|
||||
"Enable initial response in SASL authentication"},
|
||||
{" --service-name <name>",
|
||||
|
@ -1501,6 +1501,10 @@ static CURLcode operate_do(struct GlobalConfig *global,
|
||||
if(config->mail_auth)
|
||||
my_setopt_str(curl, CURLOPT_MAIL_AUTH, config->mail_auth);
|
||||
|
||||
/* new in 7.66.0 */
|
||||
if(config->sasl_authzid)
|
||||
my_setopt_str(curl, CURLOPT_SASL_AUTHZID, config->sasl_authzid);
|
||||
|
||||
/* new in 7.31.0 */
|
||||
if(config->sasl_ir)
|
||||
my_setopt(curl, CURLOPT_SASL_IR, 1L);
|
||||
@ -1524,6 +1528,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
|
||||
config->unix_socket_path);
|
||||
}
|
||||
}
|
||||
|
||||
/* new in 7.45.0 */
|
||||
if(config->proto_default)
|
||||
my_setopt_str(curl, CURLOPT_DEFAULT_PROTOCOL, config->proto_default);
|
||||
|
@ -93,20 +93,21 @@ test809 test810 test811 test812 test813 test814 test815 test816 test817 \
|
||||
test818 test819 test820 test821 test822 test823 test824 test825 test826 \
|
||||
test827 test828 test829 test830 test831 test832 test833 test834 test835 \
|
||||
test836 test837 test838 test839 test840 test841 test842 test843 test844 \
|
||||
test845 test846 test847 \
|
||||
test845 test846 test847 test848 test849 \
|
||||
\
|
||||
test850 test851 test852 test853 test854 test855 test856 test857 test858 \
|
||||
test859 test860 test861 test862 test863 test864 test865 test866 test867 \
|
||||
test868 test869 test870 test871 test872 test873 test874 test875 test876 \
|
||||
test877 test878 test879 test880 test881 test882 test883 test884 test885 \
|
||||
test886 test887 test888 test889 test890 test891 \
|
||||
test886 test887 test888 test889 test890 test891 test892 test893 \
|
||||
\
|
||||
test900 test901 test902 test903 test904 test905 test906 test907 test908 \
|
||||
test909 test910 test911 test912 test913 test914 test915 test916 test917 \
|
||||
test918 test919 test920 test921 test922 test923 test924 test925 test926 \
|
||||
test927 test928 test929 test930 test931 test932 test933 test934 test935 \
|
||||
test936 test937 test938 test939 test940 test941 test942 test943 test944 \
|
||||
test945 test946 test947 test948 test949 test950 test951 test952 \
|
||||
test945 test946 test947 test948 test949 test950 test951 test952 test953 \
|
||||
test954 \
|
||||
\
|
||||
test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
|
||||
test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
|
||||
|
56
tests/data/test848
Normal file
56
tests/data/test848
Normal file
@ -0,0 +1,56 @@
|
||||
<testcase>
|
||||
<info>
|
||||
<keywords>
|
||||
IMAP
|
||||
SASL
|
||||
SASL AUTH PLAIN
|
||||
RFC4616
|
||||
</keywords>
|
||||
</info>
|
||||
|
||||
#
|
||||
# Server-side
|
||||
<reply>
|
||||
<servercmd>
|
||||
AUTH PLAIN
|
||||
REPLY AUTHENTICATE +
|
||||
REPLY c2hhcmVkLW1haWxib3gAdXNlcgBzZWNyZXQ= A002 OK AUTHENTICATE completed
|
||||
</servercmd>
|
||||
<data>
|
||||
From: me@somewhere
|
||||
To: fake@nowhere
|
||||
|
||||
body
|
||||
|
||||
--
|
||||
yours sincerely
|
||||
</data>
|
||||
</reply>
|
||||
|
||||
#
|
||||
# Client-side
|
||||
<client>
|
||||
<server>
|
||||
imap
|
||||
</server>
|
||||
<name>
|
||||
IMAP plain authentication with alternative authorization identity
|
||||
</name>
|
||||
<command>
|
||||
'imap://%HOSTIP:%IMAPPORT/848/;MAILINDEX=1' -u user:secret --sasl-authzid shared-mailbox
|
||||
</command>
|
||||
</client>
|
||||
|
||||
#
|
||||
# Verify data after the test has been "shot"
|
||||
<verify>
|
||||
<protocol>
|
||||
A001 CAPABILITY
|
||||
A002 AUTHENTICATE PLAIN
|
||||
c2hhcmVkLW1haWxib3gAdXNlcgBzZWNyZXQ=
|
||||
A003 SELECT 848
|
||||
A004 FETCH 1 BODY[]
|
||||
A005 LOGOUT
|
||||
</protocol>
|
||||
</verify>
|
||||
</testcase>
|
51
tests/data/test849
Normal file
51
tests/data/test849
Normal file
@ -0,0 +1,51 @@
|
||||
<testcase>
|
||||
<info>
|
||||
<keywords>
|
||||
IMAP
|
||||
SASL
|
||||
SASL AUTH PLAIN
|
||||
RFC4616
|
||||
</keywords>
|
||||
</info>
|
||||
|
||||
#
|
||||
# Server-side
|
||||
<reply>
|
||||
<servercmd>
|
||||
AUTH PLAIN
|
||||
REPLY AUTHENTICATE +
|
||||
REPLY dXJzZWwAa3VydAB4aXBqM3BsbXE= A002 NO Not authorized
|
||||
</servercmd>
|
||||
</reply>
|
||||
|
||||
#
|
||||
# Client-side
|
||||
<client>
|
||||
<server>
|
||||
imap
|
||||
</server>
|
||||
<name>
|
||||
IMAP plain authentication with alternative authorization identity (Not authorized)
|
||||
</name>
|
||||
<command>
|
||||
'imap://%HOSTIP:%IMAPPORT/849/;MAILINDEX=1' -u kurt:xipj3plmq --sasl-authzid ursel
|
||||
</command>
|
||||
</client>
|
||||
|
||||
#
|
||||
# Verify data after the test has been "shot"
|
||||
<verify>
|
||||
# 67 - CURLE_LOGIN_DENIED
|
||||
<errorcode>
|
||||
67
|
||||
</errorcode>
|
||||
#
|
||||
# The multi interface considers a broken "CONNECT" as a prematurely broken
|
||||
# transfer and such a connection will not get a "LOGOUT"
|
||||
<protocol>
|
||||
A001 CAPABILITY
|
||||
A002 AUTHENTICATE PLAIN
|
||||
dXJzZWwAa3VydAB4aXBqM3BsbXE=
|
||||
</protocol>
|
||||
</verify>
|
||||
</testcase>
|
57
tests/data/test892
Normal file
57
tests/data/test892
Normal file
@ -0,0 +1,57 @@
|
||||
<testcase>
|
||||
<info>
|
||||
<keywords>
|
||||
POP3
|
||||
SASL
|
||||
SASL AUTH PLAIN
|
||||
RFC1734
|
||||
RFC4616
|
||||
RFC5034
|
||||
</keywords>
|
||||
</info>
|
||||
|
||||
#
|
||||
# Server-side
|
||||
<reply>
|
||||
<servercmd>
|
||||
AUTH PLAIN
|
||||
REPLY AUTH +
|
||||
REPLY c2hhcmVkLW1haWxib3gAdXNlcgBzZWNyZXQ= +OK Login successful
|
||||
</servercmd>
|
||||
<data>
|
||||
From: me@somewhere
|
||||
To: fake@nowhere
|
||||
|
||||
body
|
||||
|
||||
--
|
||||
yours sincerely
|
||||
</data>
|
||||
</reply>
|
||||
|
||||
#
|
||||
# Client-side
|
||||
<client>
|
||||
<server>
|
||||
pop3
|
||||
</server>
|
||||
<name>
|
||||
POP3 plain authentication with alternative authorization identity
|
||||
</name>
|
||||
<command>
|
||||
pop3://%HOSTIP:%POP3PORT/892 -u user:secret --sasl-authzid shared-mailbox
|
||||
</command>
|
||||
</client>
|
||||
|
||||
#
|
||||
# Verify data after the test has been "shot"
|
||||
<verify>
|
||||
<protocol>
|
||||
CAPA
|
||||
AUTH PLAIN
|
||||
c2hhcmVkLW1haWxib3gAdXNlcgBzZWNyZXQ=
|
||||
RETR 892
|
||||
QUIT
|
||||
</protocol>
|
||||
</verify>
|
||||
</testcase>
|
53
tests/data/test893
Normal file
53
tests/data/test893
Normal file
@ -0,0 +1,53 @@
|
||||
<testcase>
|
||||
<info>
|
||||
<keywords>
|
||||
POP3
|
||||
SASL
|
||||
SASL AUTH PLAIN
|
||||
RFC1734
|
||||
RFC4616
|
||||
RFC5034
|
||||
</keywords>
|
||||
</info>
|
||||
|
||||
#
|
||||
# Server-side
|
||||
<reply>
|
||||
<servercmd>
|
||||
AUTH PLAIN
|
||||
REPLY AUTH +
|
||||
REPLY dXJzZWwAa3VydAB4aXBqM3BsbXE= -ERR Not authorized
|
||||
</servercmd>
|
||||
</reply>
|
||||
|
||||
#
|
||||
# Client-side
|
||||
<client>
|
||||
<server>
|
||||
pop3
|
||||
</server>
|
||||
<name>
|
||||
POP3 plain authentication with alternative authorization identity (Not authorized)
|
||||
</name>
|
||||
<command>
|
||||
pop3://%HOSTIP:%POP3PORT/893 -u kurt:xipj3plmq --sasl-authzid ursel
|
||||
</command>
|
||||
</client>
|
||||
|
||||
#
|
||||
# Verify data after the test has been "shot"
|
||||
<verify>
|
||||
# 67 - CURLE_LOGIN_DENIED
|
||||
<errorcode>
|
||||
67
|
||||
</errorcode>
|
||||
#
|
||||
# The multi interface considers a broken "CONNECT" as a prematurely broken
|
||||
# transfer and such a connection will not get a "QUIT"
|
||||
<protocol>
|
||||
CAPA
|
||||
AUTH PLAIN
|
||||
dXJzZWwAa3VydAB4aXBqM3BsbXE=
|
||||
</protocol>
|
||||
</verify>
|
||||
</testcase>
|
56
tests/data/test953
Normal file
56
tests/data/test953
Normal file
@ -0,0 +1,56 @@
|
||||
<testcase>
|
||||
<info>
|
||||
<keywords>
|
||||
SMTP
|
||||
SASL
|
||||
SASL AUTH PLAIN
|
||||
RFC4616
|
||||
RFC4954
|
||||
</keywords>
|
||||
</info>
|
||||
|
||||
#
|
||||
# Server-side
|
||||
<reply>
|
||||
<servercmd>
|
||||
AUTH PLAIN
|
||||
REPLY AUTH 334 PLAIN supported
|
||||
REPLY dXJzZWwAa3VydAB4aXBqM3BsbXE= 235 Authenticated
|
||||
</servercmd>
|
||||
</reply>
|
||||
|
||||
#
|
||||
# Client-side
|
||||
<client>
|
||||
<server>
|
||||
smtp
|
||||
</server>
|
||||
<name>
|
||||
SMTP plain authentication with alternative authorization identity
|
||||
</name>
|
||||
<stdin>
|
||||
mail body
|
||||
</stdin>
|
||||
<command>
|
||||
smtp://%HOSTIP:%SMTPPORT/953 --mail-rcpt recipient@example.com --mail-from sender@example.com -u kurt:xipj3plmq --sasl-authzid ursel -T -
|
||||
</command>
|
||||
</client>
|
||||
|
||||
#
|
||||
# Verify data after the test has been "shot"
|
||||
<verify>
|
||||
<protocol>
|
||||
EHLO 953
|
||||
AUTH PLAIN
|
||||
dXJzZWwAa3VydAB4aXBqM3BsbXE=
|
||||
MAIL FROM:<sender@example.com>
|
||||
RCPT TO:<recipient@example.com>
|
||||
DATA
|
||||
QUIT
|
||||
</protocol>
|
||||
<upload>
|
||||
mail body
|
||||
.
|
||||
</upload>
|
||||
</verify>
|
||||
</testcase>
|
55
tests/data/test954
Normal file
55
tests/data/test954
Normal file
@ -0,0 +1,55 @@
|
||||
<testcase>
|
||||
<info>
|
||||
<keywords>
|
||||
SMTP
|
||||
SASL
|
||||
SASL AUTH PLAIN
|
||||
RFC4616
|
||||
RFC4954
|
||||
</keywords>
|
||||
</info>
|
||||
|
||||
#
|
||||
# Server-side
|
||||
<reply>
|
||||
<servercmd>
|
||||
AUTH PLAIN
|
||||
REPLY AUTH 334 PLAIN supported
|
||||
REPLY dXJzZWwAa3VydAB4aXBqM3BsbXE= 501 Not authorized
|
||||
</servercmd>
|
||||
</reply>
|
||||
|
||||
#
|
||||
# Client-side
|
||||
<client>
|
||||
<server>
|
||||
smtp
|
||||
</server>
|
||||
<name>
|
||||
SMTP plain authentication with alternative authorization identity (Not authorized)
|
||||
</name>
|
||||
<stdin>
|
||||
mail body
|
||||
</stdin>
|
||||
<command>
|
||||
smtp://%HOSTIP:%SMTPPORT/954 --mail-rcpt recipient@example.com --mail-from sender@example.com -u kurt:xipj3plmq --sasl-authzid ursel -T -
|
||||
</command>
|
||||
</client>
|
||||
|
||||
#
|
||||
# Verify data after the test has been "shot"
|
||||
<verify>
|
||||
# 67 - CURLE_LOGIN_DENIED
|
||||
<errorcode>
|
||||
67
|
||||
</errorcode>
|
||||
#
|
||||
# The multi interface considers a broken "CONNECT" as a prematurely broken
|
||||
# transfer and such a connection will not get a "QUIT"
|
||||
<protocol>
|
||||
EHLO 954
|
||||
AUTH PLAIN
|
||||
dXJzZWwAa3VydAB4aXBqM3BsbXE=
|
||||
</protocol>
|
||||
</verify>
|
||||
</testcase>
|
Loading…
Reference in New Issue
Block a user