oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP

OAUTHBEARER is now the official "registered" SASL mechanism name for OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some servers won't support the new mechanism yet.
author: Steve Holme <steve_holme@hotmail.com> 2015-09-05 18:09:40 +0100
committer: Steve Holme <steve_holme@hotmail.com> 2015-11-14 10:28:05 +0000
commit: febda2f3058b6a29562183b6fd514f8acd9d4e75 (patch)
tree: 01b075f8e3a1df57065e0cc2840574f51d85d8e3
parent: ceb396c54a90ca37f94621acb68f9ce5610b23a3 (diff)
2 files changed, 44 insertions, 21 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index ad6b6090f..956801b71 100644
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -57,15 +57,16 @@ const struct {
   size_t        len;   /* Name length */
   unsigned int  bit;   /* Flag bit */
 } mechtable[] = {
-  { "LOGIN",      5,  SASL_MECH_LOGIN },
-  { "PLAIN",      5,  SASL_MECH_PLAIN },
-  { "CRAM-MD5",   8,  SASL_MECH_CRAM_MD5 },
-  { "DIGEST-MD5", 10, SASL_MECH_DIGEST_MD5 },
-  { "GSSAPI",     6,  SASL_MECH_GSSAPI },
-  { "EXTERNAL",   8,  SASL_MECH_EXTERNAL },
-  { "NTLM",       4,  SASL_MECH_NTLM },
-  { "XOAUTH2",    7,  SASL_MECH_XOAUTH2 },
-  { ZERO_NULL,    0,  0 }
+  { "LOGIN",        5,  SASL_MECH_LOGIN },
+  { "PLAIN",        5,  SASL_MECH_PLAIN },
+  { "CRAM-MD5",     8,  SASL_MECH_CRAM_MD5 },
+  { "DIGEST-MD5",   10, SASL_MECH_DIGEST_MD5 },
+  { "GSSAPI",       6,  SASL_MECH_GSSAPI },
+  { "EXTERNAL",     8,  SASL_MECH_EXTERNAL },
+  { "NTLM",         4,  SASL_MECH_NTLM },
+  { "XOAUTH2",      7,  SASL_MECH_XOAUTH2 },
+  { "OAUTHBEARER",  11, SASL_MECH_OAUTHBEARER },
+  { ZERO_NULL,      0,  0 }
 };
 
 #if !defined(CURL_DISABLE_CRYPTO_AUTH) && !defined(USE_WINDOWS_SSPI)
@@ -1455,7 +1456,19 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
       }
     else
 #endif
-    if((enabledmechs & SASL_MECH_XOAUTH2) && conn->oauth_bearer) {
+    if((enabledmechs & SASL_MECH_OAUTHBEARER) && conn->oauth_bearer) {
+      mech = SASL_MECH_STRING_OAUTHBEARER;
+      state1 = SASL_OAUTH2;
+      sasl->authused = SASL_MECH_OAUTHBEARER;
+
+      if(force_ir || data->set.sasl_ir)
+        result = sasl_create_oauth_bearer_message(data, conn->user,
+                                                  conn->host.name,
+                                                  conn->port,
+                                                  conn->oauth_bearer,
+                                                  &resp, &len);
+    }
+    else if((enabledmechs & SASL_MECH_XOAUTH2) && conn->oauth_bearer) {
       mech = SASL_MECH_STRING_XOAUTH2;
       state1 = SASL_OAUTH2;
       sasl->authused = SASL_MECH_XOAUTH2;
@@ -1641,9 +1654,17 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
 
   case SASL_OAUTH2:
     /* Create the authorisation message */
-    result = sasl_create_oauth_bearer_message(data, conn->user,
-                                              NULL, 0,
-                                              conn->oauth_bearer, &resp, &len);
+    if(sasl->authused == SASL_MECH_OAUTHBEARER)
+      result = sasl_create_oauth_bearer_message(data, conn->user,
+                                                conn->host.name,
+                                                conn->port,
+                                                conn->oauth_bearer,
+                                                &resp, &len);
+    else
+      result = sasl_create_oauth_bearer_message(data, conn->user,
+                                                NULL, 0,
+                                                conn->oauth_bearer,
+                                                &resp, &len);
     break;
   case SASL_CANCEL:
     /* Remove the offending mechanism from the supported list */
diff --git a/lib/curl_sasl.h b/lib/curl_sasl.h
index ddf73f8f0..fb44ac265 100644
--- a/lib/curl_sasl.h
+++ b/lib/curl_sasl.h
@@ -48,6 +48,7 @@ struct kerberos5data;
 #define SASL_MECH_EXTERNAL          (1 << 5)
 #define SASL_MECH_NTLM              (1 << 6)
 #define SASL_MECH_XOAUTH2           (1 << 7)
+#define SASL_MECH_OAUTHBEARER       (1 << 8)
 
 /* Authentication mechanism values */
 #define SASL_AUTH_NONE          0
@@ -55,14 +56,15 @@ struct kerberos5data;
 #define SASL_AUTH_DEFAULT       (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL)
 
 /* Authentication mechanism strings */
-#define SASL_MECH_STRING_LOGIN      "LOGIN"
-#define SASL_MECH_STRING_PLAIN      "PLAIN"
-#define SASL_MECH_STRING_CRAM_MD5   "CRAM-MD5"
-#define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5"
-#define SASL_MECH_STRING_GSSAPI     "GSSAPI"
-#define SASL_MECH_STRING_EXTERNAL   "EXTERNAL"
-#define SASL_MECH_STRING_NTLM       "NTLM"
-#define SASL_MECH_STRING_XOAUTH2    "XOAUTH2"
+#define SASL_MECH_STRING_LOGIN        "LOGIN"
+#define SASL_MECH_STRING_PLAIN        "PLAIN"
+#define SASL_MECH_STRING_CRAM_MD5     "CRAM-MD5"
+#define SASL_MECH_STRING_DIGEST_MD5   "DIGEST-MD5"
+#define SASL_MECH_STRING_GSSAPI       "GSSAPI"
+#define SASL_MECH_STRING_EXTERNAL     "EXTERNAL"
+#define SASL_MECH_STRING_NTLM         "NTLM"
+#define SASL_MECH_STRING_XOAUTH2      "XOAUTH2"
+#define SASL_MECH_STRING_OAUTHBEARER  "OAUTHBEARER"
 
 #if !defined(CURL_DISABLE_CRYPTO_AUTH)
 #define DIGEST_MAX_VALUE_LENGTH           256
author	Steve Holme <steve_holme@hotmail.com>	2015-09-05 18:09:40 +0100
committer	Steve Holme <steve_holme@hotmail.com>	2015-11-14 10:28:05 +0000
commit	febda2f3058b6a29562183b6fd514f8acd9d4e75 (patch)
tree	01b075f8e3a1df57065e0cc2840574f51d85d8e3
parent	ceb396c54a90ca37f94621acb68f9ce5610b23a3 (diff)