From eb84ca3ea8f793ecbedf7865c41a8d1b9f59efb7 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Thu, 18 Apr 2019 21:54:35 +0100 Subject: sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616 RFC 4616 specifies the authzid is optional in the client authentication message and that the server will derive the authorisation identity (authzid) from the authentication identity (authcid) when not specified by the client. --- lib/curl_sasl.c | 4 ++-- tests/data/test819 | 4 ++-- tests/data/test825 | 2 +- tests/data/test833 | 4 ++-- tests/data/test834 | 4 ++-- tests/data/test835 | 4 ++-- tests/data/test865 | 4 ++-- tests/data/test871 | 2 +- tests/data/test879 | 4 ++-- tests/data/test880 | 4 ++-- tests/data/test881 | 4 ++-- tests/data/test903 | 4 ++-- tests/data/test919 | 2 +- tests/data/test935 | 4 ++-- tests/data/test936 | 4 ++-- tests/data/test937 | 4 ++-- 16 files changed, 29 insertions(+), 29 deletions(-) diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index 94b51e541..c609b1ded 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -367,7 +367,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn, sasl->authused = SASL_MECH_PLAIN; if(force_ir || data->set.sasl_ir) - result = Curl_auth_create_plain_message(data, conn->user, conn->user, + result = Curl_auth_create_plain_message(data, NULL, conn->user, conn->passwd, &resp, &len); } else if(enabledmechs & SASL_MECH_LOGIN) { @@ -450,7 +450,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn, *progress = SASL_DONE; return result; case SASL_PLAIN: - result = Curl_auth_create_plain_message(data, conn->user, conn->user, + result = Curl_auth_create_plain_message(data, NULL, conn->user, conn->passwd, &resp, &len); break; case SASL_LOGIN: diff --git a/tests/data/test819 b/tests/data/test819 index b88e35055..4213e3ea6 100644 --- a/tests/data/test819 +++ b/tests/data/test819 @@ -14,7 +14,7 @@ RFC4616 AUTH PLAIN REPLY AUTHENTICATE + -REPLY dXNlcgB1c2VyAHNlY3JldA== A002 OK AUTHENTICATE completed +REPLY AHVzZXIAc2VjcmV0 A002 OK AUTHENTICATE completed From: me@somewhere @@ -47,7 +47,7 @@ IMAP plain authentication A001 CAPABILITY A002 AUTHENTICATE PLAIN -dXNlcgB1c2VyAHNlY3JldA== +AHVzZXIAc2VjcmV0 A003 SELECT 819 A004 FETCH 1 BODY[] A005 LOGOUT diff --git a/tests/data/test825 b/tests/data/test825 index b489e95de..d28b6a519 100644 --- a/tests/data/test825 +++ b/tests/data/test825 @@ -47,7 +47,7 @@ IMAP plain authentication with initial response A001 CAPABILITY -A002 AUTHENTICATE PLAIN dXNlcgB1c2VyAHNlY3JldA== +A002 AUTHENTICATE PLAIN AHVzZXIAc2VjcmV0 A003 SELECT 825 A004 FETCH 1 BODY[] A005 LOGOUT diff --git a/tests/data/test833 b/tests/data/test833 index dc8214b8e..2c694adcc 100644 --- a/tests/data/test833 +++ b/tests/data/test833 @@ -18,7 +18,7 @@ AUTH CRAM-MD5 PLAIN REPLY "AUTHENTICATE CRAM-MD5" + Rubbish REPLY * A002 NO AUTH exchange cancelled by client REPLY "AUTHENTICATE PLAIN" + -REPLY dXNlcgB1c2VyAHNlY3JldA== A003 OK AUTHENTICATE completed +REPLY AHVzZXIAc2VjcmV0 A003 OK AUTHENTICATE completed From: me@somewhere @@ -56,7 +56,7 @@ A001 CAPABILITY A002 AUTHENTICATE CRAM-MD5 * A003 AUTHENTICATE PLAIN -dXNlcgB1c2VyAHNlY3JldA== +AHVzZXIAc2VjcmV0 A004 SELECT 833 A005 FETCH 1 BODY[] A006 LOGOUT diff --git a/tests/data/test834 b/tests/data/test834 index fc131773b..35ab06aff 100644 --- a/tests/data/test834 +++ b/tests/data/test834 @@ -18,7 +18,7 @@ REPLY "AUTHENTICATE NTLM" + REPLY TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= + Rubbish REPLY * A002 NO AUTH exchange cancelled by client REPLY "AUTHENTICATE PLAIN" + -REPLY dXNlcgB1c2VyAHNlY3JldA== A003 OK AUTHENTICATE completed +REPLY AHVzZXIAc2VjcmV0 A003 OK AUTHENTICATE completed From: me@somewhere @@ -67,7 +67,7 @@ A002 AUTHENTICATE NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= * A003 AUTHENTICATE PLAIN -dXNlcgB1c2VyAHNlY3JldA== +AHVzZXIAc2VjcmV0 A004 SELECT 834 A005 FETCH 1 BODY[] A006 LOGOUT diff --git a/tests/data/test835 b/tests/data/test835 index 400233c0c..b44e877ec 100644 --- a/tests/data/test835 +++ b/tests/data/test835 @@ -18,7 +18,7 @@ AUTH DIGEST-MD5 PLAIN REPLY "AUTHENTICATE DIGEST-MD5" + Rubbish REPLY * A002 NO AUTH exchange cancelled by client REPLY "AUTHENTICATE PLAIN" + -REPLY dXNlcgB1c2VyAHNlY3JldA== A003 OK AUTHENTICATE completed +REPLY AHVzZXIAc2VjcmV0 A003 OK AUTHENTICATE completed From: me@somewhere @@ -58,7 +58,7 @@ A001 CAPABILITY A002 AUTHENTICATE DIGEST-MD5 * A003 AUTHENTICATE PLAIN -dXNlcgB1c2VyAHNlY3JldA== +AHVzZXIAc2VjcmV0 A004 SELECT 835 A005 FETCH 1 BODY[] A006 LOGOUT diff --git a/tests/data/test865 b/tests/data/test865 index 6f66f82d7..8a262fcc5 100644 --- a/tests/data/test865 +++ b/tests/data/test865 @@ -16,7 +16,7 @@ RFC5034 AUTH PLAIN REPLY AUTH + -REPLY dXNlcgB1c2VyAHNlY3JldA== +OK Login successful +REPLY AHVzZXIAc2VjcmV0 +OK Login successful From: me@somewhere @@ -49,7 +49,7 @@ pop3://%HOSTIP:%POP3PORT/865 -u user:secret CAPA AUTH PLAIN -dXNlcgB1c2VyAHNlY3JldA== +AHVzZXIAc2VjcmV0 RETR 865 QUIT diff --git a/tests/data/test871 b/tests/data/test871 index f4f236041..27cc2a4b3 100644 --- a/tests/data/test871 +++ b/tests/data/test871 @@ -48,7 +48,7 @@ pop3://%HOSTIP:%POP3PORT/871 -u user:secret --sasl-ir CAPA -AUTH PLAIN dXNlcgB1c2VyAHNlY3JldA== +AUTH PLAIN AHVzZXIAc2VjcmV0 RETR 871 QUIT diff --git a/tests/data/test879 b/tests/data/test879 index 681d779b2..0d45aaa20 100644 --- a/tests/data/test879 +++ b/tests/data/test879 @@ -20,7 +20,7 @@ AUTH CRAM-MD5 PLAIN REPLY "AUTH CRAM-MD5" + Rubbish REPLY * -ERR AUTH exchange cancelled by client REPLY "AUTH PLAIN" + -REPLY dXNlcgB1c2VyAHNlY3JldA== +OK Login successful +REPLY AHVzZXIAc2VjcmV0 +OK Login successful From: me@somewhere @@ -58,7 +58,7 @@ CAPA AUTH CRAM-MD5 * AUTH PLAIN -dXNlcgB1c2VyAHNlY3JldA== +AHVzZXIAc2VjcmV0 RETR 879 QUIT diff --git a/tests/data/test880 b/tests/data/test880 index f5eb69731..738817cd3 100644 --- a/tests/data/test880 +++ b/tests/data/test880 @@ -20,7 +20,7 @@ REPLY "AUTH NTLM" + REPLY TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= + Rubbish REPLY * -ERR AUTH exchange cancelled by client REPLY "AUTH PLAIN" + -REPLY dXNlcgB1c2VyAHNlY3JldA== +OK Login successful +REPLY AHVzZXIAc2VjcmV0 +OK Login successful From: me@somewhere @@ -69,7 +69,7 @@ AUTH NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= * AUTH PLAIN -dXNlcgB1c2VyAHNlY3JldA== +AHVzZXIAc2VjcmV0 RETR 880 QUIT diff --git a/tests/data/test881 b/tests/data/test881 index 80eca500c..ccb906d9d 100644 --- a/tests/data/test881 +++ b/tests/data/test881 @@ -20,7 +20,7 @@ AUTH DIGEST-MD5 PLAIN REPLY "AUTH DIGEST-MD5" + Rubbish REPLY * -ERR AUTH exchange cancelled by client REPLY "AUTH PLAIN" + -REPLY dXNlcgB1c2VyAHNlY3JldA== +OK Login successful +REPLY AHVzZXIAc2VjcmV0 +OK Login successful From: me@somewhere @@ -60,7 +60,7 @@ CAPA AUTH DIGEST-MD5 * AUTH PLAIN -dXNlcgB1c2VyAHNlY3JldA== +AHVzZXIAc2VjcmV0 RETR 881 QUIT diff --git a/tests/data/test903 b/tests/data/test903 index 2baf5e696..8a766e56d 100644 --- a/tests/data/test903 +++ b/tests/data/test903 @@ -15,7 +15,7 @@ RFC4954 AUTH PLAIN REPLY AUTH 334 PLAIN supported -REPLY dXNlcgB1c2VyAHNlY3JldA== 235 Authenticated +REPLY AHVzZXIAc2VjcmV0 235 Authenticated @@ -42,7 +42,7 @@ smtp://%HOSTIP:%SMTPPORT/903 --mail-rcpt recipient@example.com --mail-from sende EHLO 903 AUTH PLAIN -dXNlcgB1c2VyAHNlY3JldA== +AHVzZXIAc2VjcmV0 MAIL FROM: RCPT TO: DATA diff --git a/tests/data/test919 b/tests/data/test919 index 3e74494cb..39794e30b 100644 --- a/tests/data/test919 +++ b/tests/data/test919 @@ -41,7 +41,7 @@ smtp://%HOSTIP:%SMTPPORT/919 --mail-rcpt recipient@example.com --mail-from sende EHLO 919 -AUTH PLAIN dXNlcgB1c2VyAHNlY3JldA== +AUTH PLAIN AHVzZXIAc2VjcmV0 MAIL FROM: RCPT TO: DATA diff --git a/tests/data/test935 b/tests/data/test935 index 3fd5c2e50..946611477 100644 --- a/tests/data/test935 +++ b/tests/data/test935 @@ -19,7 +19,7 @@ AUTH CRAM-MD5 PLAIN REPLY "AUTH CRAM-MD5" 334 Rubbish REPLY * 501 AUTH exchange cancelled by client REPLY "AUTH PLAIN" 334 PLAIN supported -REPLY dXNlcgB1c2VyAHNlY3JldA== 235 Authenticated +REPLY AHVzZXIAc2VjcmV0 235 Authenticated @@ -51,7 +51,7 @@ EHLO 935 AUTH CRAM-MD5 * AUTH PLAIN -dXNlcgB1c2VyAHNlY3JldA== +AHVzZXIAc2VjcmV0 MAIL FROM: RCPT TO: DATA diff --git a/tests/data/test936 b/tests/data/test936 index 88c8a937e..5fde3c967 100644 --- a/tests/data/test936 +++ b/tests/data/test936 @@ -19,7 +19,7 @@ REPLY "AUTH NTLM" 334 NTLM supported REPLY TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= 334 Rubbish REPLY * 501 AUTH exchange cancelled by client REPLY "AUTH PLAIN" 334 PLAIN supported -REPLY dXNlcgB1c2VyAHNlY3JldA== 235 Authenticated +REPLY AHVzZXIAc2VjcmV0 235 Authenticated @@ -62,7 +62,7 @@ AUTH NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= * AUTH PLAIN -dXNlcgB1c2VyAHNlY3JldA== +AHVzZXIAc2VjcmV0 MAIL FROM: RCPT TO: DATA diff --git a/tests/data/test937 b/tests/data/test937 index a2cb9b5c0..5e729e308 100644 --- a/tests/data/test937 +++ b/tests/data/test937 @@ -19,7 +19,7 @@ AUTH DIGEST-MD5 PLAIN REPLY "AUTH DIGEST-MD5" 334 Rubbish REPLY * 501 AUTH exchange cancelled by client REPLY "AUTH PLAIN" 334 PLAIN supported -REPLY dXNlcgB1c2VyAHNlY3JldA== 235 Authenticated +REPLY AHVzZXIAc2VjcmV0 235 Authenticated @@ -53,7 +53,7 @@ EHLO 937 AUTH DIGEST-MD5 * AUTH PLAIN -dXNlcgB1c2VyAHNlY3JldA== +AHVzZXIAc2VjcmV0 MAIL FROM: RCPT TO: DATA -- cgit v1.2.3