Commit eb84ca3e authored Apr 18, 2019 by Steve Holme

sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616

RFC 4616 specifies the authzid is optional in the client authentication
message and that the server will derive the authorisation identity
(authzid) from the authentication identity (authcid) when not specified
by the client.

parent b21701c5

lib/curl_sasl.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -367,7 +367,7 @@ CURLcode Curl_sasl_start(struct SASL sasl, struct connectdata conn,
		sasl->authused = SASL_MECH_PLAIN;

		if(force_ir \|\| data->set.sasl_ir)
		result = Curl_auth_create_plain_message(data, conn->user, conn->user,
		result = Curl_auth_create_plain_message(data, NULL, conn->user,
		conn->passwd, &resp, &len);
		}
		else if(enabledmechs & SASL_MECH_LOGIN) {
		@@ -450,7 +450,7 @@ CURLcode Curl_sasl_continue(struct SASL sasl, struct connectdata conn,
		*progress = SASL_DONE;
		return result;
		case SASL_PLAIN:
		result = Curl_auth_create_plain_message(data, conn->user, conn->user,
		result = Curl_auth_create_plain_message(data, NULL, conn->user,
		conn->passwd, &resp, &len);
		break;
		case SASL_LOGIN:

tests/data/test819

+2 −2

Original line number	Diff line number	Diff line
		@@ -14,7 +14,7 @@ RFC4616
		<servercmd>
		AUTH PLAIN
		REPLY AUTHENTICATE +
		REPLY dXNlcgB1c2VyAHNlY3JldA== A002 OK AUTHENTICATE completed
		REPLY AHVzZXIAc2VjcmV0 A002 OK AUTHENTICATE completed
		</servercmd>
		<data>
		From: me@somewhere
		@@ -47,7 +47,7 @@ IMAP plain authentication
		<protocol>
		A001 CAPABILITY
		A002 AUTHENTICATE PLAIN
		dXNlcgB1c2VyAHNlY3JldA==
		AHVzZXIAc2VjcmV0
		A003 SELECT 819
		A004 FETCH 1 BODY[]
		A005 LOGOUT

tests/data/test825

+1 −1

Original line number	Diff line number	Diff line
		@@ -47,7 +47,7 @@ IMAP plain authentication with initial response
		<verify>
		<protocol>
		A001 CAPABILITY
		A002 AUTHENTICATE PLAIN dXNlcgB1c2VyAHNlY3JldA==
		A002 AUTHENTICATE PLAIN AHVzZXIAc2VjcmV0
		A003 SELECT 825
		A004 FETCH 1 BODY[]
		A005 LOGOUT

tests/data/test833

+2 −2

Original line number	Diff line number	Diff line
		@@ -18,7 +18,7 @@ AUTH CRAM-MD5 PLAIN
		REPLY "AUTHENTICATE CRAM-MD5" + Rubbish
		REPLY * A002 NO AUTH exchange cancelled by client
		REPLY "AUTHENTICATE PLAIN" +
		REPLY dXNlcgB1c2VyAHNlY3JldA== A003 OK AUTHENTICATE completed
		REPLY AHVzZXIAc2VjcmV0 A003 OK AUTHENTICATE completed
		</servercmd>
		<data>
		From: me@somewhere
		@@ -56,7 +56,7 @@ A001 CAPABILITY
		A002 AUTHENTICATE CRAM-MD5
		*
		A003 AUTHENTICATE PLAIN
		dXNlcgB1c2VyAHNlY3JldA==
		AHVzZXIAc2VjcmV0
		A004 SELECT 833
		A005 FETCH 1 BODY[]
		A006 LOGOUT

tests/data/test834

+2 −2

Original line number	Diff line number	Diff line
		@@ -18,7 +18,7 @@ REPLY "AUTHENTICATE NTLM" +
		REPLY TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= + Rubbish
		REPLY * A002 NO AUTH exchange cancelled by client
		REPLY "AUTHENTICATE PLAIN" +
		REPLY dXNlcgB1c2VyAHNlY3JldA== A003 OK AUTHENTICATE completed
		REPLY AHVzZXIAc2VjcmV0 A003 OK AUTHENTICATE completed
		</servercmd>
		<data>
		From: me@somewhere
		@@ -67,7 +67,7 @@ A002 AUTHENTICATE NTLM
		TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
		*
		A003 AUTHENTICATE PLAIN
		dXNlcgB1c2VyAHNlY3JldA==
		AHVzZXIAc2VjcmV0
		A004 SELECT 834
		A005 FETCH 1 BODY[]
		A006 LOGOUT