* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
#include "strtoofft.h"
#include "strequal.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
#include "connect.h"
#include "strerror.h"
#include "select.h"
static CURLcode pop3_parse_url_options(struct connectdata *conn);
static CURLcode pop3_parse_url_path(struct connectdata *conn);
static CURLcode pop3_parse_custom_request(struct connectdata *conn);
+static CURLcode pop3_calc_sasl_details(struct connectdata *conn,
+ const char **mech,
+ char **initresp, size_t *len,
+ pop3state *state1, pop3state *state2);
/*
* POP3 protocol handler.
pop3_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
PORT_POP3S, /* defport */
- CURLPROTO_POP3 | CURLPROTO_POP3S, /* protocol */
+ CURLPROTO_POP3S, /* protocol */
PROTOPT_CLOSEACTION | PROTOPT_SSL
| PROTOPT_NOURLQUERY /* flags */
};
int *resp)
{
struct pop3_conn *pop3c = &conn->proto.pop3c;
- size_t wordlen;
- size_t i;
/* Do we have an error response? */
if(len >= 4 && !memcmp("-ERR", line, 4)) {
return TRUE;
}
- /* Are we processing servergreet responses? */
- if(pop3c->state == POP3_SERVERGREET) {
- /* Look for the APOP timestamp */
- if(len >= 3 && line[len - 3] == '>') {
- for(i = 0; i < len - 3; ++i) {
- if(line[i] == '<') {
- /* Calculate the length of the timestamp */
- size_t timestamplen = len - 2 - i;
-
- /* Allocate some memory for the timestamp */
- pop3c->apoptimestamp = (char *)calloc(1, timestamplen + 1);
-
- if(!pop3c->apoptimestamp)
- break;
-
- /* Copy the timestamp */
- memcpy(pop3c->apoptimestamp, line + i, timestamplen);
- pop3c->apoptimestamp[timestamplen] = '\0';
- break;
- }
- }
- }
- }
/* Are we processing CAPA command responses? */
- else if(pop3c->state == POP3_CAPA) {
+ if(pop3c->state == POP3_CAPA) {
/* Do we have the terminating line? */
- if(len >= 1 && !memcmp(line, ".", 1)) {
+ if(len >= 1 && !memcmp(line, ".", 1))
*resp = '+';
+ else
+ *resp = '*';
- return TRUE;
- }
-
- /* Does the server support the STLS capability? */
- if(len >= 4 && !memcmp(line, "STLS", 4))
- pop3c->tls_supported = TRUE;
-
- /* Does the server support clear text authentication? */
- else if(len >= 4 && !memcmp(line, "USER", 4))
- pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
-
- /* Does the server support APOP authentication? */
- else if(len >= 4 && !memcmp(line, "APOP", 4))
- pop3c->authtypes |= POP3_TYPE_APOP;
-
- /* Does the server support SASL based authentication? */
- else if(len >= 5 && !memcmp(line, "SASL ", 5)) {
- pop3c->authtypes |= POP3_TYPE_SASL;
-
- /* Advance past the SASL keyword */
- line += 5;
- len -= 5;
-
- /* Loop through the data line */
- for(;;) {
- while(len &&
- (*line == ' ' || *line == '\t' ||
- *line == '\r' || *line == '\n')) {
-
- line++;
- len--;
- }
-
- if(!len)
- break;
-
- /* Extract the word */
- for(wordlen = 0; wordlen < len && line[wordlen] != ' ' &&
- line[wordlen] != '\t' && line[wordlen] != '\r' &&
- line[wordlen] != '\n';)
- wordlen++;
-
- /* Test the word for a matching authentication mechanism */
- if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN))
- pop3c->authmechs |= SASL_MECH_LOGIN;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN))
- pop3c->authmechs |= SASL_MECH_PLAIN;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5))
- pop3c->authmechs |= SASL_MECH_CRAM_MD5;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5))
- pop3c->authmechs |= SASL_MECH_DIGEST_MD5;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI))
- pop3c->authmechs |= SASL_MECH_GSSAPI;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL))
- pop3c->authmechs |= SASL_MECH_EXTERNAL;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM))
- pop3c->authmechs |= SASL_MECH_NTLM;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2))
- pop3c->authmechs |= SASL_MECH_XOAUTH2;
-
- line += wordlen;
- len -= wordlen;
- }
- }
-
- return FALSE;
+ return TRUE;
}
/* Do we have a command or continuation response? */
message[len] != '\t')
break;
- /* Terminate the challenge */
+ /* Terminate the message */
if(++len) {
message[len] = '\0';
}
/***********************************************************************
*
- * pop3_perform_authenticate()
+ * pop3_perform_auth()
+ *
+ * Sends an AUTH command allowing the client to login with the given SASL
+ * authentication mechanism.
+ */
+static CURLcode pop3_perform_auth(struct connectdata *conn,
+ const char *mech,
+ const char *initresp, size_t len,
+ pop3state state1, pop3state state2)
+{
+ CURLcode result = CURLE_OK;
+ struct pop3_conn *pop3c = &conn->proto.pop3c;
+
+ if(initresp && 8 + strlen(mech) + len <= 255) { /* AUTH <mech> ...<crlf> */
+ /* Send the AUTH command with the initial response */
+ result = Curl_pp_sendf(&pop3c->pp, "AUTH %s %s", mech, initresp);
+
+ if(!result)
+ state(conn, state2);
+ }
+ else {
+ /* Send the AUTH command */
+ result = Curl_pp_sendf(&pop3c->pp, "AUTH %s", mech);
+
+ if(!result)
+ state(conn, state1);
+ }
+
+ return result;
+}
+
+/***********************************************************************
*
- * Sends an AUTH command allowing the client to login with the appropriate
- * SASL authentication mechanism.
+ * pop3_perform_authentication()
*
- * Additionally, the function will perform fallback to APOP and USER commands
- * should a common mechanism not be available between the client and server.
+ * Initiates the authentication sequence, with the appropriate SASL
+ * authentication mechanism, falling back to APOP and clear text should a
+ * common mechanism not be available between the client and server.
*/
-static CURLcode pop3_perform_authenticate(struct connectdata *conn)
+static CURLcode pop3_perform_authentication(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
struct pop3_conn *pop3c = &conn->proto.pop3c;
const char *mech = NULL;
char *initresp = NULL;
return result;
}
- /* Calculate the supported authentication mechanism by decreasing order of
- security */
- if(pop3c->authtypes & POP3_TYPE_SASL) {
-#ifndef CURL_DISABLE_CRYPTO_AUTH
- if((pop3c->authmechs & SASL_MECH_DIGEST_MD5) &&
- (pop3c->prefmech & SASL_MECH_DIGEST_MD5)) {
- mech = SASL_MECH_STRING_DIGEST_MD5;
- state1 = POP3_AUTH_DIGESTMD5;
- pop3c->authused = SASL_MECH_DIGEST_MD5;
- }
- else if((pop3c->authmechs & SASL_MECH_CRAM_MD5) &&
- (pop3c->prefmech & SASL_MECH_CRAM_MD5)) {
- mech = SASL_MECH_STRING_CRAM_MD5;
- state1 = POP3_AUTH_CRAMMD5;
- pop3c->authused = SASL_MECH_CRAM_MD5;
- }
- else
-#endif
-#ifdef USE_NTLM
- if((pop3c->authmechs & SASL_MECH_NTLM) &&
- (pop3c->prefmech & SASL_MECH_NTLM)) {
- mech = SASL_MECH_STRING_NTLM;
- state1 = POP3_AUTH_NTLM;
- state2 = POP3_AUTH_NTLM_TYPE2MSG;
- pop3c->authused = SASL_MECH_NTLM;
-
- if(data->set.sasl_ir)
- result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
- &conn->ntlm,
- &initresp, &len);
- }
- else
-#endif
- if(((pop3c->authmechs & SASL_MECH_XOAUTH2) &&
- (pop3c->prefmech & SASL_MECH_XOAUTH2) &&
- (pop3c->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) {
- mech = SASL_MECH_STRING_XOAUTH2;
- state1 = POP3_AUTH_XOAUTH2;
- state2 = POP3_AUTH_FINAL;
- pop3c->authused = SASL_MECH_XOAUTH2;
-
- if(data->set.sasl_ir)
- result = Curl_sasl_create_xoauth2_message(conn->data, conn->user,
- conn->xoauth2_bearer,
- &initresp, &len);
- }
- else if((pop3c->authmechs & SASL_MECH_LOGIN) &&
- (pop3c->prefmech & SASL_MECH_LOGIN)) {
- mech = SASL_MECH_STRING_LOGIN;
- state1 = POP3_AUTH_LOGIN;
- state2 = POP3_AUTH_LOGIN_PASSWD;
- pop3c->authused = SASL_MECH_LOGIN;
-
- if(data->set.sasl_ir)
- result = Curl_sasl_create_login_message(conn->data, conn->user,
- &initresp, &len);
- }
- else if((pop3c->authmechs & SASL_MECH_PLAIN) &&
- (pop3c->prefmech & SASL_MECH_PLAIN)) {
- mech = SASL_MECH_STRING_PLAIN;
- state1 = POP3_AUTH_PLAIN;
- state2 = POP3_AUTH_FINAL;
- pop3c->authused = SASL_MECH_PLAIN;
-
- if(data->set.sasl_ir)
- result = Curl_sasl_create_plain_message(conn->data, conn->user,
- conn->passwd, &initresp,
- &len);
- }
- }
+ /* Calculate the SASL login details */
+ if(pop3c->authtypes & POP3_TYPE_SASL)
+ result = pop3_calc_sasl_details(conn, &mech, &initresp, &len, &state1,
+ &state2);
if(!result) {
if(mech && (pop3c->preftype & POP3_TYPE_SASL)) {
/* Perform SASL based authentication */
- if(initresp &&
- 8 + strlen(mech) + len <= 255) { /* AUTH <mech> ...<crlf> */
- result = Curl_pp_sendf(&pop3c->pp, "AUTH %s %s", mech, initresp);
-
- if(!result)
- state(conn, state2);
- }
- else {
- result = Curl_pp_sendf(&pop3c->pp, "AUTH %s", mech);
-
- if(!result)
- state(conn, state1);
- }
+ result = pop3_perform_auth(conn, mech, initresp, len, state1, state2);
Curl_safefree(initresp);
}
{
CURLcode result = CURLE_OK;
struct SessionHandle *data = conn->data;
+ struct pop3_conn *pop3c = &conn->proto.pop3c;
+ const char *line = data->state.buffer;
+ size_t len = strlen(line);
+ size_t i;
(void)instate; /* no use for this yet */
failf(data, "Got unexpected pop3-server response");
result = CURLE_FTP_WEIRD_SERVER_REPLY;
}
- else
+ else {
+ /* Does the server support APOP authentication? */
+ if(len >= 4 && line[len - 2] == '>') {
+ /* Look for the APOP timestamp */
+ for(i = 3; i < len - 2; ++i) {
+ if(line[i] == '<') {
+ /* Calculate the length of the timestamp */
+ size_t timestamplen = len - 1 - i;
+ if(!timestamplen)
+ break;
+
+ /* Allocate some memory for the timestamp */
+ pop3c->apoptimestamp = (char *)calloc(1, timestamplen + 1);
+
+ if(!pop3c->apoptimestamp)
+ break;
+
+ /* Copy the timestamp */
+ memcpy(pop3c->apoptimestamp, line + i, timestamplen);
+ pop3c->apoptimestamp[timestamplen] = '\0';
+
+ /* Store the APOP capability */
+ pop3c->authtypes |= POP3_TYPE_APOP;
+ break;
+ }
+ }
+ }
+
result = pop3_perform_capa(conn);
+ }
return result;
}
CURLcode result = CURLE_OK;
struct SessionHandle *data = conn->data;
struct pop3_conn *pop3c = &conn->proto.pop3c;
+ const char *line = data->state.buffer;
+ size_t len = strlen(line);
+ size_t wordlen;
(void)instate; /* no use for this yet */
- if(pop3code != '+')
- result = pop3_perform_user(conn);
- else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
- /* We don't have a SSL/TLS connection yet, but SSL is requested */
- if(pop3c->tls_supported)
- /* Switch to TLS connection now */
- result = pop3_perform_starttls(conn);
- else if(data->set.use_ssl == CURLUSESSL_TRY)
- /* Fallback and carry on with authentication */
- result = pop3_perform_authenticate(conn);
- else {
- failf(data, "STLS not supported.");
- result = CURLE_USE_SSL_FAILED;
+ /* Do we have a untagged response? */
+ if(pop3code == '*') {
+ /* Does the server support the STLS capability? */
+ if(len >= 4 && !memcmp(line, "STLS", 4))
+ pop3c->tls_supported = TRUE;
+
+ /* Does the server support clear text authentication? */
+ else if(len >= 4 && !memcmp(line, "USER", 4))
+ pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
+
+ /* Does the server support SASL based authentication? */
+ else if(len >= 5 && !memcmp(line, "SASL ", 5)) {
+ pop3c->authtypes |= POP3_TYPE_SASL;
+
+ /* Advance past the SASL keyword */
+ line += 5;
+ len -= 5;
+
+ /* Loop through the data line */
+ for(;;) {
+ while(len &&
+ (*line == ' ' || *line == '\t' ||
+ *line == '\r' || *line == '\n')) {
+
+ line++;
+ len--;
+ }
+
+ if(!len)
+ break;
+
+ /* Extract the word */
+ for(wordlen = 0; wordlen < len && line[wordlen] != ' ' &&
+ line[wordlen] != '\t' && line[wordlen] != '\r' &&
+ line[wordlen] != '\n';)
+ wordlen++;
+
+ /* Test the word for a matching authentication mechanism */
+ if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN))
+ pop3c->authmechs |= SASL_MECH_LOGIN;
+ else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN))
+ pop3c->authmechs |= SASL_MECH_PLAIN;
+ else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5))
+ pop3c->authmechs |= SASL_MECH_CRAM_MD5;
+ else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5))
+ pop3c->authmechs |= SASL_MECH_DIGEST_MD5;
+ else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI))
+ pop3c->authmechs |= SASL_MECH_GSSAPI;
+ else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL))
+ pop3c->authmechs |= SASL_MECH_EXTERNAL;
+ else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM))
+ pop3c->authmechs |= SASL_MECH_NTLM;
+ else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2))
+ pop3c->authmechs |= SASL_MECH_XOAUTH2;
+
+ line += wordlen;
+ len -= wordlen;
+ }
}
}
- else
- result = pop3_perform_authenticate(conn);
+ else if(pop3code == '+') {
+ if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+ /* We don't have a SSL/TLS connection yet, but SSL is requested */
+ if(pop3c->tls_supported)
+ /* Switch to TLS connection now */
+ result = pop3_perform_starttls(conn);
+ else if(data->set.use_ssl == CURLUSESSL_TRY)
+ /* Fallback and carry on with authentication */
+ result = pop3_perform_authentication(conn);
+ else {
+ failf(data, "STLS not supported.");
+ result = CURLE_USE_SSL_FAILED;
+ }
+ }
+ else
+ result = pop3_perform_authentication(conn);
+ }
+ else {
+ /* Clear text is supported when CAPA isn't recognised */
+ pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
+
+ result = pop3_perform_authentication(conn);
+ }
return result;
}
result = CURLE_USE_SSL_FAILED;
}
else
- result = pop3_perform_authenticate(conn);
+ result = pop3_perform_authentication(conn);
}
else
result = pop3_perform_upgrade_tls(conn);
/* Create the authorisation message */
result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd,
&plainauth, &len);
+ if(!result && plainauth) {
+ /* Send the message */
+ result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", plainauth);
- /* Send the message */
- if(!result) {
- if(plainauth) {
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", plainauth);
-
- if(!result)
- state(conn, POP3_AUTH_FINAL);
- }
-
- Curl_safefree(plainauth);
+ if(!result)
+ state(conn, POP3_AUTH_FINAL);
}
}
+ Curl_safefree(plainauth);
+
return result;
}
/* Create the user message */
result = Curl_sasl_create_login_message(data, conn->user,
&authuser, &len);
+ if(!result && authuser) {
+ /* Send the user */
+ result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", authuser);
- /* Send the user */
- if(!result) {
- if(authuser) {
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", authuser);
-
- if(!result)
- state(conn, POP3_AUTH_LOGIN_PASSWD);
- }
-
- Curl_safefree(authuser);
+ if(!result)
+ state(conn, POP3_AUTH_LOGIN_PASSWD);
}
}
+ Curl_safefree(authuser);
+
return result;
}
/* Create the password message */
result = Curl_sasl_create_login_message(data, conn->passwd,
&authpasswd, &len);
+ if(!result && authpasswd) {
+ /* Send the password */
+ result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", authpasswd);
- /* Send the password */
- if(!result) {
- if(authpasswd) {
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", authpasswd);
-
- if(!result)
- state(conn, POP3_AUTH_FINAL);
- }
-
- Curl_safefree(authpasswd);
+ if(!result)
+ state(conn, POP3_AUTH_FINAL);
}
}
+ Curl_safefree(authpasswd);
+
return result;
}
char *rplyb64 = NULL;
size_t len = 0;
- char nonce[64];
- char realm[128];
- char algorithm[64];
-
(void)instate; /* no use for this yet */
if(pop3code != '+') {
/* Get the challenge message */
pop3_get_message(data->state.buffer, &chlg64);
- /* Decode the challange message */
- result = Curl_sasl_decode_digest_md5_message(chlg64, nonce, sizeof(nonce),
- realm, sizeof(realm),
- algorithm, sizeof(algorithm));
- if(result || strcmp(algorithm, "md5-sess") != 0) {
- /* Send the cancellation */
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "*");
+ /* Create the response message */
+ result = Curl_sasl_create_digest_md5_message(data, chlg64,
+ conn->user, conn->passwd,
+ "pop", &rplyb64, &len);
+ if(result) {
+ if(result == CURLE_BAD_CONTENT_ENCODING) {
+ /* Send the cancellation */
+ result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "*");
- if(!result)
- state(conn, POP3_AUTH_CANCEL);
+ if(!result)
+ state(conn, POP3_AUTH_CANCEL);
+ }
}
else {
- /* Create the response message */
- result = Curl_sasl_create_digest_md5_message(data, nonce, realm,
- conn->user, conn->passwd,
- "pop", &rplyb64, &len);
- if(!result && rplyb64) {
- /* Send the response */
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", rplyb64);
+ /* Send the response */
+ result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", rplyb64);
- if(!result)
- state(conn, POP3_AUTH_DIGESTMD5_RESP);
- }
+ if(!result)
+ state(conn, POP3_AUTH_DIGESTMD5_RESP);
}
Curl_safefree(rplyb64);
result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
&conn->ntlm,
&type1msg, &len);
+ if(!result && type1msg) {
+ /* Send the message */
+ result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", type1msg);
- /* Send the message */
- if(!result) {
- if(type1msg) {
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", type1msg);
-
- if(!result)
- state(conn, POP3_AUTH_NTLM_TYPE2MSG);
- }
-
- Curl_safefree(type1msg);
+ if(!result)
+ state(conn, POP3_AUTH_NTLM_TYPE2MSG);
}
}
+ Curl_safefree(type1msg);
+
return result;
}
/* Get the type-2 message */
pop3_get_message(data->state.buffer, &type2msg);
- /* Create the type-3 message */
- result = Curl_sasl_create_ntlm_type3_message(data, type2msg, conn->user,
- conn->passwd, &conn->ntlm,
- &type3msg, &len);
+ /* Decode the type-2 message */
+ result = Curl_sasl_decode_ntlm_type2_message(data, type2msg, &conn->ntlm);
+ if(result) {
+ /* Send the cancellation */
+ result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "*");
- /* Send the message */
- if(!result) {
- if(type3msg) {
+ if(!result)
+ state(conn, POP3_AUTH_CANCEL);
+ }
+ else {
+ /* Create the type-3 message */
+ result = Curl_sasl_create_ntlm_type3_message(data, conn->user,
+ conn->passwd, &conn->ntlm,
+ &type3msg, &len);
+ if(!result && type3msg) {
+ /* Send the message */
result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", type3msg);
if(!result)
state(conn, POP3_AUTH_FINAL);
}
-
- Curl_safefree(type3msg);
}
}
+ Curl_safefree(type3msg);
+
return result;
}
#endif
result = Curl_sasl_create_xoauth2_message(conn->data, conn->user,
conn->xoauth2_bearer,
&xoauth, &len);
+ if(!result && xoauth) {
+ /* Send the message */
+ result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", xoauth);
- /* Send the message */
- if(!result) {
- if(xoauth) {
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", xoauth);
-
- if(!result)
- state(conn, POP3_AUTH_FINAL);
- }
-
- Curl_safefree(xoauth);
+ if(!result)
+ state(conn, POP3_AUTH_FINAL);
}
}
+ Curl_safefree(xoauth);
+
return result;
}
int pop3code,
pop3state instate)
{
+ CURLcode result = CURLE_OK;
struct SessionHandle *data = conn->data;
+ struct pop3_conn *pop3c = &conn->proto.pop3c;
+ const char *mech = NULL;
+ char *initresp = NULL;
+ size_t len = 0;
+ pop3state state1 = POP3_STOP;
+ pop3state state2 = POP3_STOP;
(void)pop3code;
(void)instate; /* no use for this yet */
- failf(data, "Authentication cancelled");
+ /* Remove the offending mechanism from the supported list */
+ pop3c->authmechs ^= pop3c->authused;
- return CURLE_LOGIN_DENIED;
+ /* Calculate alternative SASL login details */
+ result = pop3_calc_sasl_details(conn, &mech, &initresp, &len, &state1,
+ &state2);
+
+ if(!result) {
+ /* Do we have any mechanisms left or can we fallback to another
+ authentication type? */
+ if(mech) {
+ /* Retry SASL based authentication */
+ result = pop3_perform_auth(conn, mech, initresp, len, state1, state2);
+
+ Curl_safefree(initresp);
+ }
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+ else if((pop3c->authtypes & POP3_TYPE_APOP) &&
+ (pop3c->preftype & POP3_TYPE_APOP))
+ /* Perform APOP authentication */
+ result = pop3_perform_apop(conn);
+#endif
+ else if((pop3c->authtypes & POP3_TYPE_CLEARTEXT) &&
+ (pop3c->preftype & POP3_TYPE_CLEARTEXT))
+ /* Perform clear text authentication */
+ result = pop3_perform_user(conn);
+ else {
+ failf(data, "Authentication cancelled");
+
+ result = CURLE_LOGIN_DENIED;
+ }
+ }
+
+ return result;
}
/* For final responses in the AUTH sequence */
if(pp->sendleft)
return Curl_pp_flushsend(pp);
- /* Read the response from the server */
- result = Curl_pp_readresp(sock, pp, &pop3code, &nread);
- if(result)
- return result;
+ do {
+ /* Read the response from the server */
+ result = Curl_pp_readresp(sock, pp, &pop3code, &nread);
+ if(result)
+ return result;
+
+ if(!pop3code)
+ break;
- if(pop3code) {
/* We have now received a full POP3 server response */
switch(pop3c->state) {
case POP3_SERVERGREET:
state(conn, POP3_STOP);
break;
}
- }
+ } while(!result && pop3c->state != POP3_STOP && Curl_pp_moredata(pp));
return result;
}
*done = FALSE; /* default to not done yet */
/* We always support persistent connections in POP3 */
- conn->bits.close = FALSE;
+ connkeep(conn, "POP3 default");
/* Set the default response time-out */
pp->response_time = RESP_TIMEOUT;
return CURLE_OK;
if(status) {
- conn->bits.close = TRUE; /* marked for closure */
+ connclose(conn, "POP3 done with bad status");
result = status; /* use the already set error code */
}
{
/* This is POP3 and no proxy */
CURLcode result = CURLE_OK;
+ struct POP3 *pop3 = conn->data->req.protop;
DEBUGF(infof(conn->data, "DO phase starts\n"));
if(conn->data->set.opt_no_body) {
/* Requested no body means no transfer */
- struct POP3 *pop3 = conn->data->req.protop;
pop3->transfer = FTPTRANSFER_INFO;
}
struct pop3_conn *pop3c = &conn->proto.pop3c;
const char *options = conn->options;
const char *ptr = options;
+ bool reset = TRUE;
- if(options) {
+ while(ptr && *ptr) {
const char *key = ptr;
while(*ptr && *ptr != '=')
ptr++;
if(strnequal(key, "AUTH", 4)) {
- const char *value = ptr + 1;
+ size_t len = 0;
+ const char *value = ++ptr;
+
+ if(reset) {
+ reset = FALSE;
+ pop3c->preftype = POP3_TYPE_NONE;
+ pop3c->prefmech = SASL_AUTH_NONE;
+ }
+
+ while(*ptr && *ptr != ';') {
+ ptr++;
+ len++;
+ }
- if(strequal(value, "*")) {
+ if(strnequal(value, "*", len)) {
pop3c->preftype = POP3_TYPE_ANY;
pop3c->prefmech = SASL_AUTH_ANY;
}
- else if(strequal(value, "+APOP")) {
+ else if(strnequal(value, "+APOP", len)) {
pop3c->preftype = POP3_TYPE_APOP;
pop3c->prefmech = SASL_AUTH_NONE;
}
- else if(strequal(value, SASL_MECH_STRING_LOGIN)) {
+ else if(strnequal(value, SASL_MECH_STRING_LOGIN, len)) {
pop3c->preftype = POP3_TYPE_SASL;
- pop3c->prefmech = SASL_MECH_LOGIN;
+ pop3c->prefmech |= SASL_MECH_LOGIN;
}
- else if(strequal(value, SASL_MECH_STRING_PLAIN)) {
+ else if(strnequal(value, SASL_MECH_STRING_PLAIN, len)) {
pop3c->preftype = POP3_TYPE_SASL;
- pop3c->prefmech = SASL_MECH_PLAIN;
+ pop3c->prefmech |= SASL_MECH_PLAIN;
}
- else if(strequal(value, SASL_MECH_STRING_CRAM_MD5)) {
+ else if(strnequal(value, SASL_MECH_STRING_CRAM_MD5, len)) {
pop3c->preftype = POP3_TYPE_SASL;
- pop3c->prefmech = SASL_MECH_CRAM_MD5;
+ pop3c->prefmech |= SASL_MECH_CRAM_MD5;
}
- else if(strequal(value, SASL_MECH_STRING_DIGEST_MD5)) {
+ else if(strnequal(value, SASL_MECH_STRING_DIGEST_MD5, len)) {
pop3c->preftype = POP3_TYPE_SASL;
- pop3c->prefmech = SASL_MECH_DIGEST_MD5;
+ pop3c->prefmech |= SASL_MECH_DIGEST_MD5;
}
- else if(strequal(value, SASL_MECH_STRING_GSSAPI)) {
+ else if(strnequal(value, SASL_MECH_STRING_GSSAPI, len)) {
pop3c->preftype = POP3_TYPE_SASL;
- pop3c->prefmech = SASL_MECH_GSSAPI;
+ pop3c->prefmech |= SASL_MECH_GSSAPI;
}
- else if(strequal(value, SASL_MECH_STRING_NTLM)) {
+ else if(strnequal(value, SASL_MECH_STRING_NTLM, len)) {
pop3c->preftype = POP3_TYPE_SASL;
- pop3c->prefmech = SASL_MECH_NTLM;
+ pop3c->prefmech |= SASL_MECH_NTLM;
}
- else if(strequal(value, SASL_MECH_STRING_XOAUTH2)) {
+ else if(strnequal(value, SASL_MECH_STRING_XOAUTH2, len)) {
pop3c->preftype = POP3_TYPE_SASL;
- pop3c->prefmech = SASL_MECH_XOAUTH2;
- }
- else {
- pop3c->preftype = POP3_TYPE_NONE;
- pop3c->prefmech = SASL_AUTH_NONE;
+ pop3c->prefmech |= SASL_MECH_XOAUTH2;
}
+
+ if(*ptr == ';')
+ ptr++;
}
else
result = CURLE_URL_MALFORMAT;
/***********************************************************************
*
+ * pop3_calc_sasl_details()
+ *
+ * Calculate the required login details for SASL authentication.
+ */
+static CURLcode pop3_calc_sasl_details(struct connectdata *conn,
+ const char **mech,
+ char **initresp, size_t *len,
+ pop3state *state1, pop3state *state2)
+{
+ CURLcode result = CURLE_OK;
+ struct SessionHandle *data = conn->data;
+ struct pop3_conn *pop3c = &conn->proto.pop3c;
+
+ /* Calculate the supported authentication mechanism, by decreasing order of
+ security, as well as the initial response where appropriate */
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+ if((pop3c->authmechs & SASL_MECH_DIGEST_MD5) &&
+ (pop3c->prefmech & SASL_MECH_DIGEST_MD5)) {
+ *mech = SASL_MECH_STRING_DIGEST_MD5;
+ *state1 = POP3_AUTH_DIGESTMD5;
+ pop3c->authused = SASL_MECH_DIGEST_MD5;
+ }
+ else if((pop3c->authmechs & SASL_MECH_CRAM_MD5) &&
+ (pop3c->prefmech & SASL_MECH_CRAM_MD5)) {
+ *mech = SASL_MECH_STRING_CRAM_MD5;
+ *state1 = POP3_AUTH_CRAMMD5;
+ pop3c->authused = SASL_MECH_CRAM_MD5;
+ }
+ else
+#endif
+#ifdef USE_NTLM
+ if((pop3c->authmechs & SASL_MECH_NTLM) &&
+ (pop3c->prefmech & SASL_MECH_NTLM)) {
+ *mech = SASL_MECH_STRING_NTLM;
+ *state1 = POP3_AUTH_NTLM;
+ *state2 = POP3_AUTH_NTLM_TYPE2MSG;
+ pop3c->authused = SASL_MECH_NTLM;
+
+ if(data->set.sasl_ir)
+ result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
+ &conn->ntlm,
+ initresp, len);
+ }
+ else
+#endif
+ if(((pop3c->authmechs & SASL_MECH_XOAUTH2) &&
+ (pop3c->prefmech & SASL_MECH_XOAUTH2) &&
+ (pop3c->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) {
+ *mech = SASL_MECH_STRING_XOAUTH2;
+ *state1 = POP3_AUTH_XOAUTH2;
+ *state2 = POP3_AUTH_FINAL;
+ pop3c->authused = SASL_MECH_XOAUTH2;
+
+ if(data->set.sasl_ir)
+ result = Curl_sasl_create_xoauth2_message(data, conn->user,
+ conn->xoauth2_bearer,
+ initresp, len);
+ }
+ else if((pop3c->authmechs & SASL_MECH_LOGIN) &&
+ (pop3c->prefmech & SASL_MECH_LOGIN)) {
+ *mech = SASL_MECH_STRING_LOGIN;
+ *state1 = POP3_AUTH_LOGIN;
+ *state2 = POP3_AUTH_LOGIN_PASSWD;
+ pop3c->authused = SASL_MECH_LOGIN;
+
+ if(data->set.sasl_ir)
+ result = Curl_sasl_create_login_message(data, conn->user, initresp, len);
+ }
+ else if((pop3c->authmechs & SASL_MECH_PLAIN) &&
+ (pop3c->prefmech & SASL_MECH_PLAIN)) {
+ *mech = SASL_MECH_STRING_PLAIN;
+ *state1 = POP3_AUTH_PLAIN;
+ *state2 = POP3_AUTH_FINAL;
+ pop3c->authused = SASL_MECH_PLAIN;
+
+ if(data->set.sasl_ir)
+ result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd,
+ initresp, len);
+ }
+
+ return result;
+}
+
+/***********************************************************************
+ *
* Curl_pop3_write()
*
* This function scans the body after the end-of-body and writes everything