diff options
| author | Steve Holme <steve_holme@hotmail.com> | 2019-04-17 23:47:51 +0100 |
|---|---|---|
| committer | Steve Holme <steve_holme@hotmail.com> | 2019-05-22 22:55:05 +0100 |
| commit | a14d72ca2fec5d4eb5a043936e4f7ce08015c177 (patch) | |
| tree | ad856028203028c20e1ba9c30bb3b74d64a7f41c /lib | |
| parent | 081d374f4949b7fabfa76a0fb14daa02d47b5050 (diff) | |
sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.
Fixed #3653
Closes #3790
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/curl_sasl.c | 10 | ||||
| -rw-r--r-- | lib/setopt.c | 6 | ||||
| -rw-r--r-- | lib/url.c | 9 | ||||
| -rw-r--r-- | lib/urldata.h | 4 |
4 files changed, 24 insertions, 5 deletions
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index 018e4228b..0aa1f5bb7 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -370,8 +370,9 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn, sasl->authused = SASL_MECH_PLAIN; if(force_ir || data->set.sasl_ir) - result = Curl_auth_create_plain_message(data, NULL, conn->user, - conn->passwd, &resp, &len); + result = Curl_auth_create_plain_message(data, conn->sasl_authzid, + conn->user, conn->passwd, + &resp, &len); } else if(enabledmechs & SASL_MECH_LOGIN) { mech = SASL_MECH_STRING_LOGIN; @@ -453,8 +454,9 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn, *progress = SASL_DONE; return result; case SASL_PLAIN: - result = Curl_auth_create_plain_message(data, NULL, conn->user, - conn->passwd, &resp, &len); + result = Curl_auth_create_plain_message(data, conn->sasl_authzid, + conn->user, conn->passwd, + &resp, &len); break; case SASL_LOGIN: result = Curl_auth_create_login_message(data, conn->user, &resp, &len); diff --git a/lib/setopt.c b/lib/setopt.c index 92cd5b271..ff68788e5 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -2400,6 +2400,12 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option, break; #endif + case CURLOPT_SASL_AUTHZID: + /* Authorisation identity (identity to act as) */ + result = Curl_setstropt(&data->set.str[STRING_SASL_AUTHZID], + va_arg(param, char *)); + break; + case CURLOPT_SASL_IR: /* Enable/disable SASL initial response */ data->set.sasl_ir = (0 != va_arg(param, long)) ? TRUE : FALSE; @@ -713,6 +713,7 @@ static void conn_free(struct connectdata *conn) Curl_safefree(conn->user); Curl_safefree(conn->passwd); Curl_safefree(conn->oauth_bearer); + Curl_safefree(conn->sasl_authzid); Curl_safefree(conn->options); Curl_safefree(conn->http_proxy.user); Curl_safefree(conn->socks_proxy.user); @@ -3461,6 +3462,14 @@ static CURLcode create_conn(struct Curl_easy *data, } } + if(data->set.str[STRING_SASL_AUTHZID]) { + conn->sasl_authzid = strdup(data->set.str[STRING_SASL_AUTHZID]); + if(!conn->sasl_authzid) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } + } + #ifdef USE_UNIX_SOCKETS if(data->set.str[STRING_UNIX_SOCKET_PATH]) { conn->unix_domain_socket = strdup(data->set.str[STRING_UNIX_SOCKET_PATH]); diff --git a/lib/urldata.h b/lib/urldata.h index d759592d9..48b664063 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -870,7 +870,8 @@ struct connectdata { char *passwd; /* password string, allocated */ char *options; /* options string, allocated */ - char *oauth_bearer; /* bearer token for OAuth 2.0, allocated */ + char *oauth_bearer; /* bearer token for OAuth 2.0, allocated */ + char *sasl_authzid; /* authorisation identity string, allocated */ int httpversion; /* the HTTP version*10 reported by the server */ int rtspversion; /* the RTSP version*10 reported by the server */ @@ -1492,6 +1493,7 @@ enum dupstring { #ifdef USE_ALTSVC STRING_ALTSVC, /* CURLOPT_ALTSVC */ #endif + STRING_SASL_AUTHZID, /* CURLOPT_SASL_AUTHZID */ /* -- end of zero-terminated strings -- */ STRING_LASTZEROTERMINATED, |