vauth/oauth2: Fix OAUTHBEARER token generation (6227e2bd) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/curl_sasl.c

+6 −8

Original line number	Diff line number	Diff line
		@@ -357,8 +357,7 @@ CURLcode Curl_sasl_start(struct SASL sasl, struct connectdata conn,
		sasl->authused = SASL_MECH_XOAUTH2;

		if(force_ir \|\| data->set.sasl_ir)
		result = Curl_auth_create_oauth_bearer_message(data, conn->user,
		NULL, 0,
		result = Curl_auth_create_xoauth_bearer_message(data, conn->user,
		conn->oauth_bearer,
		&resp, &len);
		}
		@@ -562,8 +561,7 @@ CURLcode Curl_sasl_continue(struct SASL sasl, struct connectdata conn,
		newstate = SASL_OAUTH2_RESP;
		}
		else
		result = Curl_auth_create_oauth_bearer_message(data, conn->user,
		NULL, 0,
		result = Curl_auth_create_xoauth_bearer_message(data, conn->user,
		conn->oauth_bearer,
		&resp, &len);
		break;

lib/vauth/oauth2.c

+43 −8

Original line number	Diff line number	Diff line
		@@ -5,7 +5,7 @@
		* \| (__\| \|_\| \| _ <\| \|___
		* \___\|\___/\|_\| \_\_____\|
		*
		* Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
		* Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
		*
		* This software is licensed as described in the file COPYING, which
		* you should have received as part of this distribution. The terms
		@@ -46,8 +46,8 @@
		*
		* data[in] - The session handle.
		* user[in] - The user name.
		* host[in] - The host name(for OAUTHBEARER).
		* port[in] - The port(for OAUTHBEARER when not Port 80).
		* host[in] - The host name.
		* port[in] - The port(when not Port 80).
		* bearer[in] - The bearer token.
		* outptr[in / out] - The address where a pointer to newly allocated memory
		* holding the result will be stored upon completion.
		@@ -66,13 +66,11 @@ CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data,
		char *oauth = NULL;

		/* Generate the message */
		if(host == NULL && (port == 0 \|\| port == 80))
		oauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer);
		else if(port == 0 \|\| port == 80)
		oauth = aprintf("user=%s\1host=%s\1auth=Bearer %s\1\1", user, host,
		if(port == 0 \|\| port == 80)
		oauth = aprintf("n,a=%s,\1host=%s\1auth=Bearer %s\1\1", user, host,
		bearer);
		else
		oauth = aprintf("user=%s\1host=%s\1port=%ld\1auth=Bearer %s\1\1", user,
		oauth = aprintf("n,a=%s,\1host=%s\1port=%ld\1auth=Bearer %s\1\1", user,
		host, port, bearer);
		if(!oauth)
		return CURLE_OUT_OF_MEMORY;
		@@ -84,3 +82,40 @@ CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data,

		return result;
		}

		/*
		* Curl_auth_create_xoauth_bearer_message()
		*
		* This is used to generate an already encoded XOAuth 2.0 message ready for
		* sending to the recipient.
		*
		* Parameters:
		*
		* data[in] - The session handle.
		* user[in] - The user name.
		* bearer[in] - The bearer token.
		* outptr[in / out] - The address where a pointer to newly allocated memory
		* holding the result will be stored upon completion.
		* outlen[out] - The length of the output message.
		*
		* Returns CURLE_OK on success.
		*/
		CURLcode Curl_auth_create_xoauth_bearer_message(struct Curl_easy *data,
		const char *user,
		const char *bearer,
		char *outptr, size_t outlen)
		{
		CURLcode result = CURLE_OK;

		/* Generate the message */
		char *xoauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer);
		if(!xoauth)
		return CURLE_OUT_OF_MEMORY;

		/* Base64 encode the reply */
		result = Curl_base64_encode(data, xoauth, strlen(xoauth), outptr, outlen);

		free(xoauth);

		return result;
		}

lib/vauth/vauth.h

+7 −0

Original line number	Diff line number	Diff line
		@@ -151,6 +151,13 @@ CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data,
		const long port,
		const char *bearer,
		char *outptr, size_t outlen);

		/* This is used to generate a base64 encoded XOAuth 2.0 message */
		CURLcode Curl_auth_create_xoauth_bearer_message(struct Curl_easy *data,
		const char *user,
		const char *bearer,
		char *outptr, size_t outlen);

		#if defined(USE_KERBEROS5)
		/* This is used to evaluate if GSSAPI (Kerberos V5) is supported */
		bool Curl_auth_is_gssapi_supported(void);

tests/data/test842

+2 −2

Original line number	Diff line number	Diff line
		@@ -15,7 +15,7 @@ RFC7628
		<servercmd>
		AUTH OAUTHBEARER
		REPLY AUTHENTICATE +
		REPLY dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ== A002 OK AUTHENTICATE completed
		REPLY bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ== A002 OK AUTHENTICATE completed
		</servercmd>
		<data>
		From: me@somewhere
		@@ -53,7 +53,7 @@ perl -e "print 'Test requires default test server host and port' if ( '%HOSTIP'
		<protocol>
		A001 CAPABILITY
		A002 AUTHENTICATE OAUTHBEARER
		dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
		bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
		A003 SELECT 842
		A004 FETCH 1 BODY[]
		A005 LOGOUT

tests/data/test843

+1 −1

Original line number	Diff line number	Diff line
		@@ -53,7 +53,7 @@ perl -e "print 'Test requires default test server host and port' if ( '%HOSTIP'
		<verify>
		<protocol>
		A001 CAPABILITY
		A002 AUTHENTICATE OAUTHBEARER dXNlcj11c2VyAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
		A002 AUTHENTICATE OAUTHBEARER bixhPXVzZXIsAWhvc3Q9MTI3LjAuMC4xAXBvcnQ9OTAwMwFhdXRoPUJlYXJlciBtRl85LkI1Zi00LjFKcU0BAQ==
		A003 SELECT 843
		A004 FETCH 1 BODY[]
		A005 LOGOUT