generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP

Browse Source 
OAUTHBEARER is now the official "registered" SASL mechanism name for
OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some
servers won't support the new mechanism yet.
This commit is contained in:
Steve Holme
2015-09-05 18:09:40 +01:00
parent ceb396c54a
commit febda2f305
2 changed files with 44 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
lib/curl_sasl.c
View File

@@ -57,15 +57,16 @@ const struct {
size_t len; /* Name length */
unsigned int bit; /* Flag bit */
} mechtable[] = {
{ "LOGIN", 5, SASL_MECH_LOGIN },
{ "PLAIN", 5, SASL_MECH_PLAIN },
{ "CRAM-MD5", 8, SASL_MECH_CRAM_MD5 },
{ "DIGEST-MD5", 10, SASL_MECH_DIGEST_MD5 },
{ "GSSAPI", 6, SASL_MECH_GSSAPI },
{ "EXTERNAL", 8, SASL_MECH_EXTERNAL },
{ "NTLM", 4, SASL_MECH_NTLM },
{ "XOAUTH2", 7, SASL_MECH_XOAUTH2 },
{ ZERO_NULL, 0, 0 }
{ "LOGIN", 5, SASL_MECH_LOGIN },
{ "PLAIN", 5, SASL_MECH_PLAIN },
{ "CRAM-MD5", 8, SASL_MECH_CRAM_MD5 },
{ "DIGEST-MD5", 10, SASL_MECH_DIGEST_MD5 },
{ "GSSAPI", 6, SASL_MECH_GSSAPI },
{ "EXTERNAL", 8, SASL_MECH_EXTERNAL },
{ "NTLM", 4, SASL_MECH_NTLM },
{ "XOAUTH2", 7, SASL_MECH_XOAUTH2 },
{ "OAUTHBEARER", 11, SASL_MECH_OAUTHBEARER },
{ ZERO_NULL, 0, 0 }
};
#if !defined(CURL_DISABLE_CRYPTO_AUTH) && !defined(USE_WINDOWS_SSPI)
@@ -1455,7 +1456,19 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
}
else
#endif
if((enabledmechs & SASL_MECH_XOAUTH2) && conn->oauth_bearer) {
if((enabledmechs & SASL_MECH_OAUTHBEARER) && conn->oauth_bearer) {
mech = SASL_MECH_STRING_OAUTHBEARER;
state1 = SASL_OAUTH2;
sasl->authused = SASL_MECH_OAUTHBEARER;
if(force_ir || data->set.sasl_ir)
result = sasl_create_oauth_bearer_message(data, conn->user,
conn->host.name,
conn->port,
conn->oauth_bearer,
&resp, &len);
}
else if((enabledmechs & SASL_MECH_XOAUTH2) && conn->oauth_bearer) {
mech = SASL_MECH_STRING_XOAUTH2;
state1 = SASL_OAUTH2;
sasl->authused = SASL_MECH_XOAUTH2;
@@ -1641,9 +1654,17 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
case SASL_OAUTH2:
/* Create the authorisation message */
result = sasl_create_oauth_bearer_message(data, conn->user,
NULL, 0,
conn->oauth_bearer, &resp, &len);
if(sasl->authused == SASL_MECH_OAUTHBEARER)
result = sasl_create_oauth_bearer_message(data, conn->user,
conn->host.name,
conn->port,
conn->oauth_bearer,
&resp, &len);
else
result = sasl_create_oauth_bearer_message(data, conn->user,
NULL, 0,
conn->oauth_bearer,
&resp, &len);
break;
case SASL_CANCEL:
/* Remove the offending mechanism from the supported list */

18
lib/curl_sasl.h
View File

@@ -48,6 +48,7 @@ struct kerberos5data;
#define SASL_MECH_EXTERNAL (1 << 5)
#define SASL_MECH_NTLM (1 << 6)
#define SASL_MECH_XOAUTH2 (1 << 7)
#define SASL_MECH_OAUTHBEARER (1 << 8)
/* Authentication mechanism values */
#define SASL_AUTH_NONE 0
@@ -55,14 +56,15 @@ struct kerberos5data;
#define SASL_AUTH_DEFAULT (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL)
/* Authentication mechanism strings */
#define SASL_MECH_STRING_LOGIN "LOGIN"
#define SASL_MECH_STRING_PLAIN "PLAIN"
#define SASL_MECH_STRING_CRAM_MD5 "CRAM-MD5"
#define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5"
#define SASL_MECH_STRING_GSSAPI "GSSAPI"
#define SASL_MECH_STRING_EXTERNAL "EXTERNAL"
#define SASL_MECH_STRING_NTLM "NTLM"
#define SASL_MECH_STRING_XOAUTH2 "XOAUTH2"
#define SASL_MECH_STRING_LOGIN "LOGIN"
#define SASL_MECH_STRING_PLAIN "PLAIN"
#define SASL_MECH_STRING_CRAM_MD5 "CRAM-MD5"
#define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5"
#define SASL_MECH_STRING_GSSAPI "GSSAPI"
#define SASL_MECH_STRING_EXTERNAL "EXTERNAL"
#define SASL_MECH_STRING_NTLM "NTLM"
#define SASL_MECH_STRING_XOAUTH2 "XOAUTH2"
#define SASL_MECH_STRING_OAUTHBEARER "OAUTHBEARER"
#if !defined(CURL_DISABLE_CRYPTO_AUTH)
#define DIGEST_MAX_VALUE_LENGTH 256