http: move "oauth_bearer" from connectdata to Curl_easy
Fixes the bug where oauth_bearer gets deallocated when we re-use a connection. Closes #4824
This commit is contained in:
nao
Daniel Stenberg
parent
1774dbd74c
commit
dea17b519d
@ -272,6 +272,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
|
|||||||
data->set.str[STRING_SERVICE_NAME] :
|
data->set.str[STRING_SERVICE_NAME] :
|
||||||
sasl->params->service;
|
sasl->params->service;
|
||||||
#endif
|
#endif
|
||||||
|
const char *oauth_bearer = data->set.str[STRING_BEARER];
|
||||||
|
|
||||||
sasl->force_ir = force_ir; /* Latch for future use */
|
sasl->force_ir = force_ir; /* Latch for future use */
|
||||||
sasl->authused = 0; /* No mechanism used yet */
|
sasl->authused = 0; /* No mechanism used yet */
|
||||||
@ -341,7 +342,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
if((enabledmechs & SASL_MECH_OAUTHBEARER) && conn->oauth_bearer) {
|
if((enabledmechs & SASL_MECH_OAUTHBEARER) && oauth_bearer) {
|
||||||
mech = SASL_MECH_STRING_OAUTHBEARER;
|
mech = SASL_MECH_STRING_OAUTHBEARER;
|
||||||
state1 = SASL_OAUTH2;
|
state1 = SASL_OAUTH2;
|
||||||
state2 = SASL_OAUTH2_RESP;
|
state2 = SASL_OAUTH2_RESP;
|
||||||
@ -351,17 +352,17 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
|
|||||||
result = Curl_auth_create_oauth_bearer_message(data, conn->user,
|
result = Curl_auth_create_oauth_bearer_message(data, conn->user,
|
||||||
hostname,
|
hostname,
|
||||||
port,
|
port,
|
||||||
conn->oauth_bearer,
|
oauth_bearer,
|
||||||
&resp, &len);
|
&resp, &len);
|
||||||
}
|
}
|
||||||
else if((enabledmechs & SASL_MECH_XOAUTH2) && conn->oauth_bearer) {
|
else if((enabledmechs & SASL_MECH_XOAUTH2) && oauth_bearer) {
|
||||||
mech = SASL_MECH_STRING_XOAUTH2;
|
mech = SASL_MECH_STRING_XOAUTH2;
|
||||||
state1 = SASL_OAUTH2;
|
state1 = SASL_OAUTH2;
|
||||||
sasl->authused = SASL_MECH_XOAUTH2;
|
sasl->authused = SASL_MECH_XOAUTH2;
|
||||||
|
|
||||||
if(force_ir || data->set.sasl_ir)
|
if(force_ir || data->set.sasl_ir)
|
||||||
result = Curl_auth_create_xoauth_bearer_message(data, conn->user,
|
result = Curl_auth_create_xoauth_bearer_message(data, conn->user,
|
||||||
conn->oauth_bearer,
|
oauth_bearer,
|
||||||
&resp, &len);
|
&resp, &len);
|
||||||
}
|
}
|
||||||
else if(enabledmechs & SASL_MECH_PLAIN) {
|
else if(enabledmechs & SASL_MECH_PLAIN) {
|
||||||
@ -431,6 +432,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
|
|||||||
char *serverdata;
|
char *serverdata;
|
||||||
#endif
|
#endif
|
||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
|
const char *oauth_bearer = data->set.str[STRING_BEARER];
|
||||||
|
|
||||||
*progress = SASL_INPROGRESS;
|
*progress = SASL_INPROGRESS;
|
||||||
|
|
||||||
@ -558,7 +560,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
|
|||||||
result = Curl_auth_create_oauth_bearer_message(data, conn->user,
|
result = Curl_auth_create_oauth_bearer_message(data, conn->user,
|
||||||
hostname,
|
hostname,
|
||||||
port,
|
port,
|
||||||
conn->oauth_bearer,
|
oauth_bearer,
|
||||||
&resp, &len);
|
&resp, &len);
|
||||||
|
|
||||||
/* Failures maybe sent by the server as continuations for OAUTHBEARER */
|
/* Failures maybe sent by the server as continuations for OAUTHBEARER */
|
||||||
@ -566,7 +568,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
result = Curl_auth_create_xoauth_bearer_message(data, conn->user,
|
result = Curl_auth_create_xoauth_bearer_message(data, conn->user,
|
||||||
conn->oauth_bearer,
|
oauth_bearer,
|
||||||
&resp, &len);
|
&resp, &len);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|||||||
12
lib/http.c
12
lib/http.c
@ -344,7 +344,7 @@ static CURLcode http_output_bearer(struct connectdata *conn)
|
|||||||
userp = &conn->allocptr.userpwd;
|
userp = &conn->allocptr.userpwd;
|
||||||
free(*userp);
|
free(*userp);
|
||||||
*userp = aprintf("Authorization: Bearer %s\r\n",
|
*userp = aprintf("Authorization: Bearer %s\r\n",
|
||||||
conn->oauth_bearer);
|
conn->data->set.str[STRING_BEARER]);
|
||||||
|
|
||||||
if(!*userp) {
|
if(!*userp) {
|
||||||
result = CURLE_OUT_OF_MEMORY;
|
result = CURLE_OUT_OF_MEMORY;
|
||||||
@ -555,7 +555,7 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
|
|||||||
CURLcode result = CURLE_OK;
|
CURLcode result = CURLE_OK;
|
||||||
unsigned long authmask = ~0ul;
|
unsigned long authmask = ~0ul;
|
||||||
|
|
||||||
if(!conn->oauth_bearer)
|
if(!data->set.str[STRING_BEARER])
|
||||||
authmask &= (unsigned long)~CURLAUTH_BEARER;
|
authmask &= (unsigned long)~CURLAUTH_BEARER;
|
||||||
|
|
||||||
if(100 <= data->req.httpcode && 199 >= data->req.httpcode)
|
if(100 <= data->req.httpcode && 199 >= data->req.httpcode)
|
||||||
@ -565,7 +565,7 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
|
|||||||
if(data->state.authproblem)
|
if(data->state.authproblem)
|
||||||
return data->set.http_fail_on_error?CURLE_HTTP_RETURNED_ERROR:CURLE_OK;
|
return data->set.http_fail_on_error?CURLE_HTTP_RETURNED_ERROR:CURLE_OK;
|
||||||
|
|
||||||
if((conn->bits.user_passwd || conn->oauth_bearer) &&
|
if((conn->bits.user_passwd || data->set.str[STRING_BEARER]) &&
|
||||||
((data->req.httpcode == 401) ||
|
((data->req.httpcode == 401) ||
|
||||||
(conn->bits.authneg && data->req.httpcode < 300))) {
|
(conn->bits.authneg && data->req.httpcode < 300))) {
|
||||||
pickhost = pickoneauth(&data->state.authhost, authmask);
|
pickhost = pickoneauth(&data->state.authhost, authmask);
|
||||||
@ -641,9 +641,7 @@ output_auth_headers(struct connectdata *conn,
|
|||||||
{
|
{
|
||||||
const char *auth = NULL;
|
const char *auth = NULL;
|
||||||
CURLcode result = CURLE_OK;
|
CURLcode result = CURLE_OK;
|
||||||
#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
|
|
||||||
struct Curl_easy *data = conn->data;
|
struct Curl_easy *data = conn->data;
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef CURL_DISABLE_CRYPTO_AUTH
|
#ifdef CURL_DISABLE_CRYPTO_AUTH
|
||||||
(void)request;
|
(void)request;
|
||||||
@ -707,7 +705,7 @@ output_auth_headers(struct connectdata *conn,
|
|||||||
}
|
}
|
||||||
if(authstatus->picked == CURLAUTH_BEARER) {
|
if(authstatus->picked == CURLAUTH_BEARER) {
|
||||||
/* Bearer */
|
/* Bearer */
|
||||||
if((!proxy && conn->oauth_bearer &&
|
if((!proxy && data->set.str[STRING_BEARER] &&
|
||||||
!Curl_checkheaders(conn, "Authorization:"))) {
|
!Curl_checkheaders(conn, "Authorization:"))) {
|
||||||
auth = "Bearer";
|
auth = "Bearer";
|
||||||
result = http_output_bearer(conn);
|
result = http_output_bearer(conn);
|
||||||
@ -765,7 +763,7 @@ Curl_http_output_auth(struct connectdata *conn,
|
|||||||
authproxy = &data->state.authproxy;
|
authproxy = &data->state.authproxy;
|
||||||
|
|
||||||
if((conn->bits.httpproxy && conn->bits.proxy_user_passwd) ||
|
if((conn->bits.httpproxy && conn->bits.proxy_user_passwd) ||
|
||||||
conn->bits.user_passwd || conn->oauth_bearer)
|
conn->bits.user_passwd || data->set.str[STRING_BEARER])
|
||||||
/* continue please */;
|
/* continue please */;
|
||||||
else {
|
else {
|
||||||
authhost->done = TRUE;
|
authhost->done = TRUE;
|
||||||
|
|||||||
@ -721,7 +721,6 @@ static void conn_free(struct connectdata *conn)
|
|||||||
|
|
||||||
Curl_safefree(conn->user);
|
Curl_safefree(conn->user);
|
||||||
Curl_safefree(conn->passwd);
|
Curl_safefree(conn->passwd);
|
||||||
Curl_safefree(conn->oauth_bearer);
|
|
||||||
Curl_safefree(conn->sasl_authzid);
|
Curl_safefree(conn->sasl_authzid);
|
||||||
Curl_safefree(conn->options);
|
Curl_safefree(conn->options);
|
||||||
Curl_safefree(conn->http_proxy.user);
|
Curl_safefree(conn->http_proxy.user);
|
||||||
@ -3343,14 +3342,6 @@ static CURLcode create_conn(struct Curl_easy *data,
|
|||||||
if(result)
|
if(result)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
if(data->set.str[STRING_BEARER]) {
|
|
||||||
conn->oauth_bearer = strdup(data->set.str[STRING_BEARER]);
|
|
||||||
if(!conn->oauth_bearer) {
|
|
||||||
result = CURLE_OUT_OF_MEMORY;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if(data->set.str[STRING_SASL_AUTHZID]) {
|
if(data->set.str[STRING_SASL_AUTHZID]) {
|
||||||
conn->sasl_authzid = strdup(data->set.str[STRING_SASL_AUTHZID]);
|
conn->sasl_authzid = strdup(data->set.str[STRING_SASL_AUTHZID]);
|
||||||
if(!conn->sasl_authzid) {
|
if(!conn->sasl_authzid) {
|
||||||
|
|||||||
@ -906,7 +906,6 @@ struct connectdata {
|
|||||||
char *passwd; /* password string, allocated */
|
char *passwd; /* password string, allocated */
|
||||||
char *options; /* options string, allocated */
|
char *options; /* options string, allocated */
|
||||||
|
|
||||||
char *oauth_bearer; /* bearer token for OAuth 2.0, allocated */
|
|
||||||
char *sasl_authzid; /* authorisation identity string, allocated */
|
char *sasl_authzid; /* authorisation identity string, allocated */
|
||||||
|
|
||||||
int httpversion; /* the HTTP version*10 reported by the server */
|
int httpversion; /* the HTTP version*10 reported by the server */
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user