Commit febda2f3 authored by Steve Holme's avatar Steve Holme
Browse files

oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP 

OAUTHBEARER is now the official "registered" SASL mechanism name for
OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some
servers won't support the new mechanism yet.
parent ceb396c5

lib/curl_sasl.c

+34 −13
Original line number Diff line number Diff line
@@ -65,6 +65,7 @@ const struct { 
  { "EXTERNAL",     8,  SASL_MECH_EXTERNAL },

  { "NTLM",         4,  SASL_MECH_NTLM },

  { "XOAUTH2",      7,  SASL_MECH_XOAUTH2 },

  { "OAUTHBEARER",  11, SASL_MECH_OAUTHBEARER },

  { ZERO_NULL,      0,  0 }

};
@@ -1455,7 +1456,19 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn, 
      }

    else

#endif

    if((enabledmechs & SASL_MECH_XOAUTH2) && conn->oauth_bearer) {

    if((enabledmechs & SASL_MECH_OAUTHBEARER) && conn->oauth_bearer) {

      mech = SASL_MECH_STRING_OAUTHBEARER;

      state1 = SASL_OAUTH2;

      sasl->authused = SASL_MECH_OAUTHBEARER;



      if(force_ir || data->set.sasl_ir)

        result = sasl_create_oauth_bearer_message(data, conn->user,

                                                  conn->host.name,

                                                  conn->port,

                                                  conn->oauth_bearer,

                                                  &resp, &len);

    }

    else if((enabledmechs & SASL_MECH_XOAUTH2) && conn->oauth_bearer) {

      mech = SASL_MECH_STRING_XOAUTH2;

      state1 = SASL_OAUTH2;

      sasl->authused = SASL_MECH_XOAUTH2;
@@ -1641,9 +1654,17 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn, 


  case SASL_OAUTH2:

    /* Create the authorisation message */

    if(sasl->authused == SASL_MECH_OAUTHBEARER)

      result = sasl_create_oauth_bearer_message(data, conn->user,

                                                conn->host.name,

                                                conn->port,

                                                conn->oauth_bearer,

                                                &resp, &len);

    else

      result = sasl_create_oauth_bearer_message(data, conn->user,

                                                NULL, 0,

                                              conn->oauth_bearer, &resp, &len);

                                                conn->oauth_bearer,

                                                &resp, &len);

    break;

  case SASL_CANCEL:

    /* Remove the offending mechanism from the supported list */

lib/curl_sasl.h

+10 −8
Original line number Diff line number Diff line
@@ -48,6 +48,7 @@ struct kerberos5data; 
#define SASL_MECH_EXTERNAL          (1 << 5)

#define SASL_MECH_NTLM              (1 << 6)

#define SASL_MECH_XOAUTH2           (1 << 7)

#define SASL_MECH_OAUTHBEARER       (1 << 8)



/* Authentication mechanism values */

#define SASL_AUTH_NONE          0
@@ -63,6 +64,7 @@ struct kerberos5data; 
#define SASL_MECH_STRING_EXTERNAL     "EXTERNAL"

#define SASL_MECH_STRING_NTLM         "NTLM"

#define SASL_MECH_STRING_XOAUTH2      "XOAUTH2"

#define SASL_MECH_STRING_OAUTHBEARER  "OAUTHBEARER"



#if !defined(CURL_DISABLE_CRYPTO_AUTH)

#define DIGEST_MAX_VALUE_LENGTH           256