Implement SASL authorisation identity

docs/cmdline-opts/Makefile.inc

@@ -154,6 +154,7 @@ DPAGES =					\
   retry-delay.d					\
   retry-max-time.d				\
   retry.d					\
+  sasl-authzid.d					\
   sasl-ir.d					\
   service-name.d				\
   show-error.d					\

docs/cmdline-opts/sasl-authzid.d

@@ -0,0 +1,11 @@
+Long: sasl-authzid
+Help: Use this identity to act as during SASL PLAIN authentication
+Added: 7.66.0
+---
+Use this authorisation identity (authzid), during SASL PLAIN authentication,
+in addition to the authentication identity (authcid) as specified by --user.
+
+If the option isn't specified, the server will derive the authzid from the
+authcid, but if specified, and depending on the server implementation, it may
+be used to access another user's inbox, that the user has been granted access
+to, or a shared mailbox for example.

docs/examples/Makefile.inc

@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -35,7 +35,7 @@ check_PROGRAMS = 10-at-a-time anyauthput cookie_interface debug fileupload \
   http2-upload http2-serverpush getredirect ftpuploadfrommem               \
   ftpuploadresume sslbackend postit2-formadd multi-formadd                 \
   shared-connection-cache sftpuploadresume http2-pushinmemory parseurl     \
-  urlapi
+  urlapi imap-authzid pop3-authzid smtp-authzid
 
 # These examples require external dependencies that may not be commonly
 # available on POSIX systems, so don't bother attempting to compile them here.

docs/examples/imap-authzid.c

@@ -0,0 +1,71 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* <DESC>
+ * IMAP example showing how to retreieve e-mails from a shared mailed box
+ * </DESC>
+ */
+
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to fetch mail using libcurl's IMAP
+ * capabilities.
+ *
+ * Note that this example requires libcurl 7.66.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set the username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* Set the authorisation identity (identity to act as) */
+    curl_easy_setopt(curl, CURLOPT_SASL_AUTHZID, "shared-mailbox");
+
+    /* Force PLAIN authentication */
+    curl_easy_setopt(curl, CURLOPT_LOGIN_OPTIONS, "AUTH=PLAIN");
+
+    /* This will fetch message 1 from the user's inbox */
+    curl_easy_setopt(curl, CURLOPT_URL,
+                     "imap://imap.example.com/INBOX/;UID=1");
+
+    /* Perform the fetch */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}

docs/examples/pop3-authzid.c

@@ -0,0 +1,70 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* <DESC>
+ * POP3 example showing how to retrieve e-mails from a shared mailbox
+ * </DESC>
+ */
+
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to retrieve mail using libcurl's POP3
+ * capabilities.
+ *
+ * Note that this example requires libcurl 7.66.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set the username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* Set the authorisation identity (identity to act as) */
+    curl_easy_setopt(curl, CURLOPT_SASL_AUTHZID, "shared-mailbox");
+
+    /* Force PLAIN authentication */
+    curl_easy_setopt(curl, CURLOPT_LOGIN_OPTIONS, "AUTH=PLAIN");
+
+    /* This will retrieve message 1 from the user's mailbox */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1");
+
+    /* Perform the retr */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}

docs/examples/smtp-authzid.c

@@ -0,0 +1,161 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* <DESC>
+ * Send e-mail on behalf of another user with SMTP
+ * </DESC>
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <curl/curl.h>
+
+/*
+ * This is a simple example show how to send an email using libcurl's SMTP
+ * capabilities.
+ *
+ * Note that this example requires libcurl 7.66.0 or above.
+ */
+
+/* The libcurl options want plain addresses, the viewable headers in the mail
+ * can very well get a full name as well.
+ */
+#define FROM_ADDR    "<ursel@example.org>"
+#define SENDER_ADDR  "<kurt@example.org>"
+#define TO_ADDR      "<addressee@example.net>"
+
+#define FROM_MAIL    "Ursel " FROM_ADDR
+#define SENDER_MAIL  "Kurt " SENDER_ADDR
+#define TO_MAIL      "A Receiver " TO_ADDR
+
+static const char *payload_text[] = {
+  "Date: Mon, 29 Nov 2010 21:54:29 +1100\r\n",
+  "To: " TO_MAIL "\r\n",
+  "From: " FROM_MAIL "\r\n",
+  "Sender: " SENDER_MAIL "\r\n",
+  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@"
+  "rfcpedant.example.org>\r\n",
+  "Subject: SMTP example message\r\n",
+  "\r\n", /* empty line to divide headers from body, see RFC5322 */
+  "The body of the message starts here.\r\n",
+  "\r\n",
+  "It could be a lot of lines, could be MIME encoded, whatever.\r\n",
+  "Check RFC5322.\r\n",
+  NULL
+};
+
+struct upload_status {
+  int lines_read;
+};
+
+static size_t payload_source(void *ptr, size_t size, size_t nmemb, void *userp)
+{
+  struct upload_status *upload_ctx = (struct upload_status *)userp;
+  const char *data;
+
+  if((size == 0) || (nmemb == 0) || ((size*nmemb) < 1)) {
+    return 0;
+  }
+
+  data = payload_text[upload_ctx->lines_read];
+
+  if(data) {
+    size_t len = strlen(data);
+    memcpy(ptr, data, len);
+    upload_ctx->lines_read++;
+
+    return len;
+  }
+
+  return 0;
+}
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+  struct curl_slist *recipients = NULL;
+  struct upload_status upload_ctx;
+
+  upload_ctx.lines_read = 0;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* This is the URL for your mailserver. In this example we connect to the
+       smtp-submission port as we require an authenticated connection. */
+    curl_easy_setopt(curl, CURLOPT_URL, "smtp://mail.example.com:587");
+
+    /* Set the username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "kurt");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "xipj3plmq");
+
+    /* Set the authorisation identity (identity to act as) */
+    curl_easy_setopt(curl, CURLOPT_SASL_AUTHZID, "ursel");
+
+    /* Force PLAIN authentication */
+    curl_easy_setopt(curl, CURLOPT_LOGIN_OPTIONS, "AUTH=PLAIN");
+
+    /* Note that this option isn't strictly required, omitting it will result
+     * in libcurl sending the MAIL FROM command with empty sender data. All
+     * autoresponses should have an empty reverse-path, and should be directed
+     * to the address in the reverse-path which triggered them. Otherwise,
+     * they could cause an endless loop. See RFC 5321 Section 4.5.5 for more
+     * details.
+     */
+    curl_easy_setopt(curl, CURLOPT_MAIL_FROM, FROM_ADDR);
+
+    /* Add a recipient, in this particular case it corresponds to the
+     * To: addressee in the header. */
+    recipients = curl_slist_append(recipients, TO_ADDR);
+    curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);
+
+    /* We're using a callback function to specify the payload (the headers and
+     * body of the message). You could just use the CURLOPT_READDATA option to
+     * specify a FILE pointer to read from. */
+    curl_easy_setopt(curl, CURLOPT_READFUNCTION, payload_source);
+    curl_easy_setopt(curl, CURLOPT_READDATA, &upload_ctx);
+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
+
+    /* Send the message */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Free the list of recipients */
+    curl_slist_free_all(recipients);
+
+    /* curl won't send the QUIT command until you call cleanup, so you should
+     * be able to re-use this connection for additional messages (setting
+     * CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT as required, and calling
+     * curl_easy_perform() again. It may not be a good idea to keep the
+     * connection open for a very long time though (more than a few minutes
+     * may result in the server timing out the connection), and you do want to
+     * clean up in the end.
+     */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}

docs/libcurl/curl_easy_setopt.3

@@ -256,6 +256,8 @@ TLS authentication methods. See \fICURLOPT_TLSAUTH_TYPE(3)\fP
 Proxy TLS authentication methods. See \fICURLOPT_PROXY_TLSAUTH_TYPE(3)\fP
 .IP CURLOPT_PROXYAUTH
 HTTP proxy authentication methods. See \fICURLOPT_PROXYAUTH(3)\fP
+.IP CURLOPT_SASL_AUTHZID
+SASL authorisation identity (identity to act as). See \fICURLOPT_SASL_AUTHZID(3)\fP 
 .IP CURLOPT_SASL_IR
 Enable SASL initial response. See \fICURLOPT_SASL_IR(3)\fP
 .IP CURLOPT_XOAUTH2_BEARER