* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* RFC3207 SMTP over TLS
* RFC4422 Simple Authentication and Security Layer (SASL)
* RFC4616 PLAIN authentication
+ * RFC4752 The Kerberos V5 ("GSSAPI") SASL Mechanism
* RFC4954 SMTP Authentication
* RFC5321 SMTP protocol
* RFC6749 OAuth 2.0 Authorization Framework
#include <curl/curl.h>
#include "urldata.h"
#include "sendf.h"
-#include "if2ip.h"
#include "hostip.h"
#include "progress.h"
#include "transfer.h"
#include "strtoofft.h"
#include "strequal.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
#include "connect.h"
#include "strerror.h"
#include "select.h"
static CURLcode smtp_setup_connection(struct connectdata *conn);
static CURLcode smtp_parse_url_options(struct connectdata *conn);
static CURLcode smtp_parse_url_path(struct connectdata *conn);
+static CURLcode smtp_parse_custom_request(struct connectdata *conn);
+static CURLcode smtp_calc_sasl_details(struct connectdata *conn,
+ const char **mech,
+ char **initresp, size_t *len,
+ smtpstate *state1, smtpstate *state2);
/*
* SMTP protocol handler.
smtp_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
PORT_SMTPS, /* defport */
- CURLPROTO_SMTP | CURLPROTO_SMTPS, /* protocol */
+ CURLPROTO_SMTPS, /* protocol */
PROTOPT_CLOSEACTION | PROTOPT_SSL
| PROTOPT_NOURLQUERY /* flags */
};
*resp = 0;
}
/* Do we have a multiline (continuation) response? */
- else if(line[3] == '-') {
+ else if(line[3] == '-' &&
+ (smtpc->state == SMTP_EHLO || smtpc->state == SMTP_COMMAND)) {
result = TRUE;
*resp = 1; /* Internal response code */
}
"AUTH_DIGESTMD5_RESP",
"AUTH_NTLM",
"AUTH_NTLM_TYPE2MSG",
+ "AUTH_GSSAPI",
+ "AUTH_GSSAPI_TOKEN",
+ "AUTH_GSSAPI_NO_DATA",
"AUTH_XOAUTH2",
"AUTH_CANCEL",
"AUTH_FINAL",
+ "COMMAND",
"MAIL",
"RCPT",
"DATA",
CURLcode result = CURLE_OK;
struct smtp_conn *smtpc = &conn->proto.smtpc;
- smtpc->authmechs = 0; /* No known authentication mechanisms yet */
- smtpc->authused = 0; /* Clear the authentication mechanism used
- for esmtp connections */
- smtpc->tls_supported = FALSE; /* Clear the TLS capability */
+ smtpc->authmechs = 0; /* No known authentication mechanisms yet */
+ smtpc->authused = 0; /* Clear the authentication mechanism used
+ for esmtp connections */
+ smtpc->tls_supported = FALSE; /* Clear the TLS capability */
+ smtpc->auth_supported = FALSE; /* Clear the AUTH capability */
/* Send the EHLO command */
result = Curl_pp_sendf(&smtpc->pp, "EHLO %s", smtpc->domain);
/***********************************************************************
*
- * smtp_perform_authenticate()
+ * smtp_perform_auth()
*
- * Sends an AUTH command allowing the client to login with the appropriate
- * SASL authentication mechanism.
+ * Sends an AUTH command allowing the client to login with the given SASL
+ * authentication mechanism.
*/
-static CURLcode smtp_perform_authenticate(struct connectdata *conn)
+static CURLcode smtp_perform_auth(struct connectdata *conn,
+ const char *mech,
+ const char *initresp, size_t len,
+ smtpstate state1, smtpstate state2)
+{
+ CURLcode result = CURLE_OK;
+ struct smtp_conn *smtpc = &conn->proto.smtpc;
+
+ if(initresp && 8 + strlen(mech) + len <= 512) { /* AUTH <mech> ...<crlf> */
+ /* Send the AUTH command with the initial response */
+ result = Curl_pp_sendf(&smtpc->pp, "AUTH %s %s", mech, initresp);
+
+ if(!result)
+ state(conn, state2);
+ }
+ else {
+ /* Send the AUTH command */
+ result = Curl_pp_sendf(&smtpc->pp, "AUTH %s", mech);
+
+ if(!result)
+ state(conn, state1);
+ }
+
+ return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_perform_authentication()
+ *
+ * Initiates the authentication sequence, with the appropriate SASL
+ * authentication mechanism.
+ */
+static CURLcode smtp_perform_authentication(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
struct smtp_conn *smtpc = &conn->proto.smtpc;
const char *mech = NULL;
char *initresp = NULL;
smtpstate state1 = SMTP_STOP;
smtpstate state2 = SMTP_STOP;
- /* Check we have a username and password to authenticate with and end the
- connect phase if we don't */
- if(!conn->bits.user_passwd) {
+ /* Check we have a username and password to authenticate with, and the
+ server supports authentiation, and end the connect phase if not */
+ if(!conn->bits.user_passwd || !smtpc->auth_supported) {
state(conn, SMTP_STOP);
return result;
}
- /* Calculate the supported authentication mechanism, by decreasing order of
- security, as well as the initial response where appropriate */
-#ifndef CURL_DISABLE_CRYPTO_AUTH
- if((smtpc->authmechs & SASL_MECH_DIGEST_MD5) &&
- (smtpc->prefmech & SASL_MECH_DIGEST_MD5)) {
- mech = SASL_MECH_STRING_DIGEST_MD5;
- state1 = SMTP_AUTH_DIGESTMD5;
- smtpc->authused = SASL_MECH_DIGEST_MD5;
- }
- else if((smtpc->authmechs & SASL_MECH_CRAM_MD5) &&
- (smtpc->prefmech & SASL_MECH_CRAM_MD5)) {
- mech = SASL_MECH_STRING_CRAM_MD5;
- state1 = SMTP_AUTH_CRAMMD5;
- smtpc->authused = SASL_MECH_CRAM_MD5;
- }
- else
-#endif
-#ifdef USE_NTLM
- if((smtpc->authmechs & SASL_MECH_NTLM) &&
- (smtpc->prefmech & SASL_MECH_NTLM)) {
- mech = SASL_MECH_STRING_NTLM;
- state1 = SMTP_AUTH_NTLM;
- state2 = SMTP_AUTH_NTLM_TYPE2MSG;
- smtpc->authused = SASL_MECH_NTLM;
-
- if(data->set.sasl_ir)
- result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
- &conn->ntlm,
- &initresp, &len);
- }
- else
-#endif
- if(((smtpc->authmechs & SASL_MECH_XOAUTH2) &&
- (smtpc->prefmech & SASL_MECH_XOAUTH2) &&
- (smtpc->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) {
- mech = SASL_MECH_STRING_XOAUTH2;
- state1 = SMTP_AUTH_XOAUTH2;
- state2 = SMTP_AUTH_FINAL;
- smtpc->authused = SASL_MECH_XOAUTH2;
-
- if(data->set.sasl_ir)
- result = Curl_sasl_create_xoauth2_message(conn->data, conn->user,
- conn->xoauth2_bearer,
- &initresp, &len);
- }
- else if((smtpc->authmechs & SASL_MECH_LOGIN) &&
- (smtpc->prefmech & SASL_MECH_LOGIN)) {
- mech = SASL_MECH_STRING_LOGIN;
- state1 = SMTP_AUTH_LOGIN;
- state2 = SMTP_AUTH_LOGIN_PASSWD;
- smtpc->authused = SASL_MECH_LOGIN;
-
- if(data->set.sasl_ir)
- result = Curl_sasl_create_login_message(conn->data, conn->user,
- &initresp, &len);
- }
- else if((smtpc->authmechs & SASL_MECH_PLAIN) &&
- (smtpc->prefmech & SASL_MECH_PLAIN)) {
- mech = SASL_MECH_STRING_PLAIN;
- state1 = SMTP_AUTH_PLAIN;
- state2 = SMTP_AUTH_FINAL;
- smtpc->authused = SASL_MECH_PLAIN;
-
- if(data->set.sasl_ir)
- result = Curl_sasl_create_plain_message(conn->data, conn->user,
- conn->passwd, &initresp, &len);
- }
+ /* Calculate the SASL login details */
+ result = smtp_calc_sasl_details(conn, &mech, &initresp, &len, &state1,
+ &state2);
if(!result) {
if(mech) {
/* Perform SASL based authentication */
- if(initresp &&
- 8 + strlen(mech) + len <= 512) { /* AUTH <mech> ...<crlf> */
- result = Curl_pp_sendf(&smtpc->pp, "AUTH %s %s", mech, initresp);
-
- if(!result)
- state(conn, state2);
- }
- else {
- result = Curl_pp_sendf(&smtpc->pp, "AUTH %s", mech);
-
- if(!result)
- state(conn, state1);
- }
+ result = smtp_perform_auth(conn, mech, initresp, len, state1, state2);
Curl_safefree(initresp);
}
/***********************************************************************
*
+ * smtp_perform_command()
+ *
+ * Sends a SMTP based command.
+ */
+static CURLcode smtp_perform_command(struct connectdata *conn)
+{
+ CURLcode result = CURLE_OK;
+ struct SessionHandle *data = conn->data;
+ struct SMTP *smtp = data->req.protop;
+
+ /* Send the command */
+ if(smtp->rcpt)
+ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s %s",
+ smtp->custom && smtp->custom[0] != '\0' ?
+ smtp->custom : "VRFY",
+ smtp->rcpt->data);
+ else
+ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s",
+ smtp->custom && smtp->custom[0] != '\0' ?
+ smtp->custom : "HELP");
+
+ if(!result)
+ state(conn, SMTP_COMMAND);
+
+ return result;
+}
+
+/***********************************************************************
+ *
* smtp_perform_mail()
*
* Sends an MAIL command to initiate the upload of a message.
}
/* Calculate the optional SIZE parameter */
- if(conn->proto.smtpc.size_supported && conn->data->set.infilesize > 0) {
- size = aprintf("%" FORMAT_OFF_T, data->set.infilesize);
+ if(conn->proto.smtpc.size_supported && conn->data->state.infilesize > 0) {
+ size = aprintf("%" CURL_FORMAT_CURL_OFF_T, data->state.infilesize);
if(!size) {
Curl_safefree(from);
struct SMTP *smtp = data->req.protop;
/* Send the RCPT TO command */
- if(smtp->rcpt) {
- if(smtp->rcpt->data[0] == '<')
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "RCPT TO:%s",
- smtp->rcpt->data);
- else
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "RCPT TO:<%s>",
- smtp->rcpt->data);
- if(!result)
- state(conn, SMTP_RCPT);
- }
+ if(smtp->rcpt->data[0] == '<')
+ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "RCPT TO:%s",
+ smtp->rcpt->data);
+ else
+ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "RCPT TO:<%s>",
+ smtp->rcpt->data);
+ if(!result)
+ state(conn, SMTP_RCPT);
return result;
}
result = CURLE_USE_SSL_FAILED;
}
else
- result = smtp_perform_authenticate(conn);
+ result = smtp_perform_authentication(conn);
}
else
result = smtp_perform_upgrade_tls(conn);
(void)instate; /* no use for this yet */
if(smtpcode/100 != 2 && smtpcode != 1) {
- if((data->set.use_ssl <= CURLUSESSL_TRY || conn->ssl[FIRSTSOCKET].use) &&
- !conn->bits.user_passwd)
+ if(data->set.use_ssl <= CURLUSESSL_TRY || conn->ssl[FIRSTSOCKET].use)
result = smtp_perform_helo(conn);
else {
failf(data, "Remote access denied: %d", smtpcode);
else if(len >= 4 && !memcmp(line, "SIZE", 4))
smtpc->size_supported = TRUE;
- /* Do we have the authentication mechanism list? */
+ /* Does the server support authentication? */
else if(len >= 5 && !memcmp(line, "AUTH ", 5)) {
+ smtpc->auth_supported = TRUE;
+
+ /* Advance past the AUTH keyword */
line += 5;
len -= 5;
result = smtp_perform_starttls(conn);
else if(data->set.use_ssl == CURLUSESSL_TRY)
/* Fallback and carry on with authentication */
- result = smtp_perform_authenticate(conn);
+ result = smtp_perform_authentication(conn);
else {
failf(data, "STARTTLS not supported.");
result = CURLE_USE_SSL_FAILED;
}
}
else
- result = smtp_perform_authenticate(conn);
+ result = smtp_perform_authentication(conn);
}
}
char *rplyb64 = NULL;
size_t len = 0;
- char nonce[64];
- char realm[128];
- char algorithm[64];
-
(void)instate; /* no use for this yet */
if(smtpcode != 334) {
/* Get the challenge message */
smtp_get_message(data->state.buffer, &chlg64);
- /* Decode the challange message */
- result = Curl_sasl_decode_digest_md5_message(chlg64, nonce, sizeof(nonce),
- realm, sizeof(realm),
- algorithm, sizeof(algorithm));
- if(result || strcmp(algorithm, "md5-sess") != 0) {
- /* Send the cancellation */
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "*");
+ /* Create the response message */
+ result = Curl_sasl_create_digest_md5_message(data, chlg64,
+ conn->user, conn->passwd,
+ "smtp", &rplyb64, &len);
+ if(result) {
+ if(result == CURLE_BAD_CONTENT_ENCODING) {
+ /* Send the cancellation */
+ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "*");
- if(!result)
- state(conn, SMTP_AUTH_CANCEL);
+ if(!result)
+ state(conn, SMTP_AUTH_CANCEL);
+ }
}
else {
- /* Create the response message */
- result = Curl_sasl_create_digest_md5_message(data, nonce, realm,
- conn->user, conn->passwd,
- "smtp", &rplyb64, &len);
- if(!result && rplyb64) {
- /* Send the response */
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", rplyb64);
+ /* Send the response */
+ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", rplyb64);
- if(!result)
- state(conn, SMTP_AUTH_DIGESTMD5_RESP);
- }
+ if(!result)
+ state(conn, SMTP_AUTH_DIGESTMD5_RESP);
}
Curl_safefree(rplyb64);
}
#endif
+#if defined(USE_KERBEROS5)
+/* For AUTH GSSAPI (without initial response) responses */
+static CURLcode smtp_state_auth_gssapi_resp(struct connectdata *conn,
+ int smtpcode,
+ smtpstate instate)
+{
+ CURLcode result = CURLE_OK;
+ struct SessionHandle *data = conn->data;
+ struct smtp_conn *smtpc = &conn->proto.smtpc;
+ char *respmsg = NULL;
+ size_t len = 0;
+
+ (void)instate; /* no use for this yet */
+
+ if(smtpcode != 334) {
+ failf(data, "Access denied: %d", smtpcode);
+ result = CURLE_LOGIN_DENIED;
+ }
+ else {
+ /* Create the initial response message */
+ result = Curl_sasl_create_gssapi_user_message(data, conn->user,
+ conn->passwd, "smtp",
+ smtpc->mutual_auth, NULL,
+ &conn->krb5,
+ &respmsg, &len);
+ if(!result && respmsg) {
+ /* Send the message */
+ result = Curl_pp_sendf(&smtpc->pp, "%s", respmsg);
+
+ if(!result)
+ state(conn, SMTP_AUTH_GSSAPI_TOKEN);
+ }
+ }
+
+ Curl_safefree(respmsg);
+
+ return result;
+}
+
+/* For AUTH GSSAPI user token responses */
+static CURLcode smtp_state_auth_gssapi_token_resp(struct connectdata *conn,
+ int smtpcode,
+ smtpstate instate)
+{
+ CURLcode result = CURLE_OK;
+ struct SessionHandle *data = conn->data;
+ struct smtp_conn *smtpc = &conn->proto.smtpc;
+ char *chlgmsg = NULL;
+ char *respmsg = NULL;
+ size_t len = 0;
+
+ (void)instate; /* no use for this yet */
+
+ if(smtpcode != 334) {
+ failf(data, "Access denied: %d", smtpcode);
+ result = CURLE_LOGIN_DENIED;
+ }
+ else {
+ /* Get the challenge message */
+ smtp_get_message(data->state.buffer, &chlgmsg);
+
+ if(smtpc->mutual_auth)
+ /* Decode the user token challenge and create the optional response
+ message */
+ result = Curl_sasl_create_gssapi_user_message(data, NULL, NULL, NULL,
+ smtpc->mutual_auth,
+ chlgmsg, &conn->krb5,
+ &respmsg, &len);
+ else
+ /* Decode the security challenge and create the response message */
+ result = Curl_sasl_create_gssapi_security_message(data, chlgmsg,
+ &conn->krb5,
+ &respmsg, &len);
+
+ if(result) {
+ if(result == CURLE_BAD_CONTENT_ENCODING) {
+ /* Send the cancellation */
+ result = Curl_pp_sendf(&smtpc->pp, "%s", "*");
+
+ if(!result)
+ state(conn, SMTP_AUTH_CANCEL);
+ }
+ }
+ else {
+ /* Send the response */
+ if(respmsg)
+ result = Curl_pp_sendf(&smtpc->pp, "%s", respmsg);
+ else
+ result = Curl_pp_sendf(&smtpc->pp, "%s", "");
+
+ if(!result)
+ state(conn, (smtpc->mutual_auth ? SMTP_AUTH_GSSAPI_NO_DATA :
+ SMTP_AUTH_FINAL));
+ }
+ }
+
+ Curl_safefree(respmsg);
+
+ return result;
+}
+
+/* For AUTH GSSAPI no data responses */
+static CURLcode smtp_state_auth_gssapi_no_data_resp(struct connectdata *conn,
+ int smtpcode,
+ smtpstate instate)
+{
+ CURLcode result = CURLE_OK;
+ struct SessionHandle *data = conn->data;
+ char *chlgmsg = NULL;
+ char *respmsg = NULL;
+ size_t len = 0;
+
+ (void)instate; /* no use for this yet */
+
+ if(smtpcode != 334) {
+ failf(data, "Access denied: %d", smtpcode);
+ result = CURLE_LOGIN_DENIED;
+ }
+ else {
+ /* Get the challenge message */
+ smtp_get_message(data->state.buffer, &chlgmsg);
+
+ /* Decode the security challenge and create the response message */
+ result = Curl_sasl_create_gssapi_security_message(data, chlgmsg,
+ &conn->krb5,
+ &respmsg, &len);
+ if(result) {
+ if(result == CURLE_BAD_CONTENT_ENCODING) {
+ /* Send the cancellation */
+ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "*");
+
+ if(!result)
+ state(conn, SMTP_AUTH_CANCEL);
+ }
+ }
+ else {
+ /* Send the response */
+ if(respmsg) {
+ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", respmsg);
+
+ if(!result)
+ state(conn, SMTP_AUTH_FINAL);
+ }
+ }
+ }
+
+ Curl_safefree(respmsg);
+
+ return result;
+}
+#endif
+
/* For AUTH XOAUTH2 (without initial response) responses */
static CURLcode smtp_state_auth_xoauth2_resp(struct connectdata *conn,
int smtpcode, smtpstate instate)
int smtpcode,
smtpstate instate)
{
+ CURLcode result = CURLE_OK;
struct SessionHandle *data = conn->data;
+ struct smtp_conn *smtpc = &conn->proto.smtpc;
+ const char *mech = NULL;
+ char *initresp = NULL;
+ size_t len = 0;
+ smtpstate state1 = SMTP_STOP;
+ smtpstate state2 = SMTP_STOP;
(void)smtpcode;
(void)instate; /* no use for this yet */
- failf(data, "Authentication cancelled");
+ /* Remove the offending mechanism from the supported list */
+ smtpc->authmechs ^= smtpc->authused;
+
+ /* Calculate alternative SASL login details */
+ result = smtp_calc_sasl_details(conn, &mech, &initresp, &len, &state1,
+ &state2);
- return CURLE_LOGIN_DENIED;
+ if(!result) {
+ /* Do we have any mechanisms left? */
+ if(mech) {
+ /* Retry SASL based authentication */
+ result = smtp_perform_auth(conn, mech, initresp, len, state1, state2);
+
+ Curl_safefree(initresp);
+ }
+ else {
+ failf(data, "Authentication cancelled");
+
+ result = CURLE_LOGIN_DENIED;
+ }
+ }
+
+ return result;
}
/* For final responses in the AUTH sequence */
return result;
}
+/* For command responses */
+static CURLcode smtp_state_command_resp(struct connectdata *conn, int smtpcode,
+ smtpstate instate)
+{
+ CURLcode result = CURLE_OK;
+ struct SessionHandle *data = conn->data;
+ struct SMTP *smtp = data->req.protop;
+ char *line = data->state.buffer;
+ size_t len = strlen(line);
+
+ (void)instate; /* no use for this yet */
+
+ if((smtp->rcpt && smtpcode/100 != 2 && smtpcode != 553 && smtpcode != 1) ||
+ (!smtp->rcpt && smtpcode/100 != 2 && smtpcode != 1)) {
+ failf(data, "Command failed: %d", smtpcode);
+ result = CURLE_RECV_ERROR;
+ }
+ else {
+ /* Temporarily add the LF character back and send as body to the client */
+ if(!data->set.opt_no_body) {
+ line[len] = '\n';
+ result = Curl_client_write(conn, CLIENTWRITE_BODY, line, len + 1);
+ line[len] = '\0';
+ }
+
+ if(smtpcode != 1) {
+ if(smtp->rcpt) {
+ smtp->rcpt = smtp->rcpt->next;
+
+ if(smtp->rcpt) {
+ /* Send the next command */
+ result = smtp_perform_command(conn);
+ }
+ else
+ /* End of DO phase */
+ state(conn, SMTP_STOP);
+ }
+ else
+ /* End of DO phase */
+ state(conn, SMTP_STOP);
+ }
+ }
+
+ return result;
+}
+
/* For MAIL responses */
static CURLcode smtp_state_mail_resp(struct connectdata *conn, int smtpcode,
smtpstate instate)
{
CURLcode result = CURLE_OK;
struct SessionHandle *data = conn->data;
- struct SMTP *smtp = data->req.protop;
(void)instate; /* no use for this yet */
if(smtpcode/100 != 2) {
failf(data, "MAIL failed: %d", smtpcode);
result = CURLE_SEND_ERROR;
- state(conn, SMTP_STOP);
}
- else {
- smtp->rcpt = data->set.mail_rcpt;
-
+ else
+ /* Start the RCPT TO command */
result = smtp_perform_rcpt_to(conn);
- }
return result;
}
if(smtpcode/100 != 2) {
failf(data, "RCPT failed: %d", smtpcode);
result = CURLE_SEND_ERROR;
- state(conn, SMTP_STOP);
}
else {
- if(smtp->rcpt) {
- smtp->rcpt = smtp->rcpt->next;
+ smtp->rcpt = smtp->rcpt->next;
+
+ if(smtp->rcpt)
+ /* Send the next RCPT TO command */
result = smtp_perform_rcpt_to(conn);
+ else {
+ /* Send the DATA command */
+ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "DATA");
- /* If we failed or still are sending RCPT data then return */
- if(result || smtp->rcpt)
- return result;
+ if(!result)
+ state(conn, SMTP_DATA);
}
-
- /* Send the DATA command */
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "DATA");
-
- if(!result)
- state(conn, SMTP_DATA);
}
return result;
static CURLcode smtp_state_data_resp(struct connectdata *conn, int smtpcode,
smtpstate instate)
{
+ CURLcode result = CURLE_OK;
struct SessionHandle *data = conn->data;
(void)instate; /* no use for this yet */
if(smtpcode != 354) {
- state(conn, SMTP_STOP);
- return CURLE_SEND_ERROR;
+ failf(data, "DATA failed: %d", smtpcode);
+ result = CURLE_SEND_ERROR;
}
+ else {
+ /* Set the progress upload size */
+ Curl_pgrsSetUploadSize(data, data->state.infilesize);
- /* Set the progress upload size */
- Curl_pgrsSetUploadSize(data, data->set.infilesize);
-
- /* SMTP upload */
- Curl_setup_transfer(conn, -1, -1, FALSE, NULL, FIRSTSOCKET, NULL);
+ /* SMTP upload */
+ Curl_setup_transfer(conn, -1, -1, FALSE, NULL, FIRSTSOCKET, NULL);
- /* End of DO phase */
- state(conn, SMTP_STOP);
+ /* End of DO phase */
+ state(conn, SMTP_STOP);
+ }
- return CURLE_OK;
+ return result;
}
/* For POSTDATA responses, which are received after the entire DATA
break;
#endif
+#if defined(USE_KERBEROS5)
+ case SMTP_AUTH_GSSAPI:
+ result = smtp_state_auth_gssapi_resp(conn, smtpcode, smtpc->state);
+ break;
+
+ case SMTP_AUTH_GSSAPI_TOKEN:
+ result = smtp_state_auth_gssapi_token_resp(conn, smtpcode, smtpc->state);
+ break;
+
+ case SMTP_AUTH_GSSAPI_NO_DATA:
+ result = smtp_state_auth_gssapi_no_data_resp(conn, smtpcode,
+ smtpc->state);
+ break;
+#endif
+
case SMTP_AUTH_XOAUTH2:
result = smtp_state_auth_xoauth2_resp(conn, smtpcode, smtpc->state);
break;
result = smtp_state_auth_final_resp(conn, smtpcode, smtpc->state);
break;
+ case SMTP_COMMAND:
+ result = smtp_state_command_resp(conn, smtpcode, smtpc->state);
+ break;
+
case SMTP_MAIL:
result = smtp_state_mail_resp(conn, smtpcode, smtpc->state);
break;
*done = FALSE; /* default to not done yet */
/* We always support persistent connections in SMTP */
- conn->bits.close = FALSE;
+ connkeep(conn, "SMTP default");
/* Set the default response time-out */
pp->response_time = RESP_TIMEOUT;
struct SessionHandle *data = conn->data;
struct SMTP *smtp = data->req.protop;
struct pingpong *pp = &conn->proto.smtpc.pp;
- const char *eob;
+ char *eob;
ssize_t len;
ssize_t bytes_written;
(void)premature;
- if(!smtp)
+ if(!smtp || !pp->conn)
/* When the easy handle is removed from the multi interface while libcurl
is still trying to resolve the host name, the SMTP struct is not yet
initialized. However, the removal action calls Curl_done() which in
return CURLE_OK;
if(status) {
- conn->bits.close = TRUE; /* marked for closure */
+ connclose(conn, "SMTP done with bad status"); /* marked for closure */
result = status; /* use the already set error code */
}
- else if(!data->set.connect_only) {
+ else if(!data->set.connect_only && data->set.upload && data->set.mail_rcpt) {
/* Calculate the EOB taking into account any terminating CRLF from the
previous line of the email or the CRLF of the DATA command when there
- is "no mail data". RFC-5321, sect. 4.1.1.4. */
- eob = SMTP_EOB;
- len = SMTP_EOB_LEN;
- if(smtp->trailing_crlf || !conn->data->set.infilesize) {
- eob += 2;
- len -= 2;
+ is "no mail data". RFC-5321, sect. 4.1.1.4.
+
+ Note: As some SSL backends, such as OpenSSL, will cause Curl_write() to
+ fail when using a different pointer following a previous write, that
+ returned CURLE_AGAIN, we duplicate the EOB now rather than when the
+ bytes written doesn't equal len. */
+ if(smtp->trailing_crlf || !conn->data->state.infilesize) {
+ eob = strdup(SMTP_EOB + 2);
+ len = SMTP_EOB_LEN - 2;
+ }
+ else {
+ eob = strdup(SMTP_EOB);
+ len = SMTP_EOB_LEN;
}
+ if(!eob)
+ return CURLE_OUT_OF_MEMORY;
+
/* Send the end of block data */
result = Curl_write(conn, conn->writesockfd, eob, len, &bytes_written);
- if(result)
+ if(result) {
+ free(eob);
return result;
+ }
if(bytes_written != len) {
/* The whole chunk was not sent so keep it around and adjust the
pingpong structure accordingly */
- pp->sendthis = strdup(eob);
+ pp->sendthis = eob;
pp->sendsize = len;
pp->sendleft = len - bytes_written;
}
- else
+ else {
/* Successfully sent so adjust the response timeout relative to now */
pp->response = Curl_tvnow();
+ free(eob);
+ }
+
state(conn, SMTP_POSTDATA);
/* Run the state-machine
result = smtp_block_statemach(conn);
}
+ /* Cleanup our per-request based variables */
+ Curl_safefree(smtp->custom);
+
/* Clear the transfer mode for the next request */
smtp->transfer = FTPTRANSFER_BODY;
*
* smtp_perform()
*
- * This is the actual DO function for SMTP. Send a mail according to the
- * options previously setup.
+ * This is the actual DO function for SMTP. Transfer a mail, send a command
+ * or get some data according to the options previously setup.
*/
static CURLcode smtp_perform(struct connectdata *conn, bool *connected,
bool *dophase_done)
{
/* This is SMTP and no proxy */
CURLcode result = CURLE_OK;
+ struct SessionHandle *data = conn->data;
+ struct SMTP *smtp = data->req.protop;
DEBUGF(infof(conn->data, "DO phase starts\n"));
- if(conn->data->set.opt_no_body) {
+ if(data->set.opt_no_body) {
/* Requested no body means no transfer */
- struct SMTP *smtp = conn->data->req.protop;
smtp->transfer = FTPTRANSFER_INFO;
}
*dophase_done = FALSE; /* not done yet */
+ /* Store the first recipient (or NULL if not specified) */
+ smtp->rcpt = data->set.mail_rcpt;
+
/* Start the first command in the DO phase */
- result = smtp_perform_mail(conn);
+ if(data->set.upload && data->set.mail_rcpt)
+ /* MAIL transfer */
+ result = smtp_perform_mail(conn);
+ else
+ /* SMTP based command (VRFY, EXPN, NOOP, RSET or HELP) */
+ result = smtp_perform_command(conn);
+
if(result)
return result;
- /* run the state-machine */
+ /* Run the state-machine */
result = smtp_multi_statemach(conn, dophase_done);
*connected = conn->bits.tcpconnect[FIRSTSOCKET];
*done = FALSE; /* default to false */
+ /* Parse the custom request */
+ result = smtp_parse_custom_request(conn);
+ if(result)
+ return result;
+
result = smtp_regular_transfer(conn, done);
return result;
/* Set the progress data */
Curl_pgrsSetUploadCounter(data, 0);
Curl_pgrsSetDownloadCounter(data, 0);
- Curl_pgrsSetUploadSize(data, 0);
- Curl_pgrsSetDownloadSize(data, 0);
+ Curl_pgrsSetUploadSize(data, -1);
+ Curl_pgrsSetDownloadSize(data, -1);
/* Carry out the perform */
result = smtp_perform(conn, &connected, dophase_done);
struct smtp_conn *smtpc = &conn->proto.smtpc;
const char *options = conn->options;
const char *ptr = options;
+ bool reset = TRUE;
- if(options) {
+ while(ptr && *ptr) {
const char *key = ptr;
while(*ptr && *ptr != '=')
ptr++;
if(strnequal(key, "AUTH", 4)) {
- const char *value = ptr + 1;
+ size_t len = 0;
+ const char *value = ++ptr;
- if(strequal(value, "*"))
- smtpc->prefmech = SASL_AUTH_ANY;
- else if(strequal(value, SASL_MECH_STRING_LOGIN))
- smtpc->prefmech = SASL_MECH_LOGIN;
- else if(strequal(value, SASL_MECH_STRING_PLAIN))
- smtpc->prefmech = SASL_MECH_PLAIN;
- else if(strequal(value, SASL_MECH_STRING_CRAM_MD5))
- smtpc->prefmech = SASL_MECH_CRAM_MD5;
- else if(strequal(value, SASL_MECH_STRING_DIGEST_MD5))
- smtpc->prefmech = SASL_MECH_DIGEST_MD5;
- else if(strequal(value, SASL_MECH_STRING_GSSAPI))
- smtpc->prefmech = SASL_MECH_GSSAPI;
- else if(strequal(value, SASL_MECH_STRING_NTLM))
- smtpc->prefmech = SASL_MECH_NTLM;
- else if(strequal(value, SASL_MECH_STRING_XOAUTH2))
- smtpc->prefmech = SASL_MECH_XOAUTH2;
- else
+ if(reset) {
+ reset = FALSE;
smtpc->prefmech = SASL_AUTH_NONE;
+ }
+
+ while(*ptr && *ptr != ';') {
+ ptr++;
+ len++;
+ }
+
+ if(strnequal(value, "*", len))
+ smtpc->prefmech = SASL_AUTH_ANY;
+ else if(strnequal(value, SASL_MECH_STRING_LOGIN, len))
+ smtpc->prefmech |= SASL_MECH_LOGIN;
+ else if(strnequal(value, SASL_MECH_STRING_PLAIN, len))
+ smtpc->prefmech |= SASL_MECH_PLAIN;
+ else if(strnequal(value, SASL_MECH_STRING_CRAM_MD5, len))
+ smtpc->prefmech |= SASL_MECH_CRAM_MD5;
+ else if(strnequal(value, SASL_MECH_STRING_DIGEST_MD5, len))
+ smtpc->prefmech |= SASL_MECH_DIGEST_MD5;
+ else if(strnequal(value, SASL_MECH_STRING_GSSAPI, len))
+ smtpc->prefmech |= SASL_MECH_GSSAPI;
+ else if(strnequal(value, SASL_MECH_STRING_NTLM, len))
+ smtpc->prefmech |= SASL_MECH_NTLM;
+ else if(strnequal(value, SASL_MECH_STRING_XOAUTH2, len))
+ smtpc->prefmech |= SASL_MECH_XOAUTH2;
+
+ if(*ptr == ';')
+ ptr++;
}
else
result = CURLE_URL_MALFORMAT;
return Curl_urldecode(conn->data, path, 0, &smtpc->domain, NULL, TRUE);
}
-CURLcode Curl_smtp_escape_eob(struct connectdata *conn, ssize_t nread)
+/***********************************************************************
+ *
+ * smtp_parse_custom_request()
+ *
+ * Parse the custom request.
+ */
+static CURLcode smtp_parse_custom_request(struct connectdata *conn)
+{
+ CURLcode result = CURLE_OK;
+ struct SessionHandle *data = conn->data;
+ struct SMTP *smtp = data->req.protop;
+ const char *custom = data->set.str[STRING_CUSTOMREQUEST];
+
+ /* URL decode the custom request */
+ if(custom)
+ result = Curl_urldecode(data, custom, 0, &smtp->custom, NULL, TRUE);
+
+ return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_calc_sasl_details()
+ *
+ * Calculate the required login details for SASL authentication.
+ */
+static CURLcode smtp_calc_sasl_details(struct connectdata *conn,
+ const char **mech,
+ char **initresp, size_t *len,
+ smtpstate *state1, smtpstate *state2)
+{
+ CURLcode result = CURLE_OK;
+ struct SessionHandle *data = conn->data;
+ struct smtp_conn *smtpc = &conn->proto.smtpc;
+
+ /* Calculate the supported authentication mechanism, by decreasing order of
+ security, as well as the initial response where appropriate */
+#if defined(USE_KERBEROS5)
+ if((smtpc->authmechs & SASL_MECH_GSSAPI) &&
+ (smtpc->prefmech & SASL_MECH_GSSAPI)) {
+ smtpc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
+
+ *mech = SASL_MECH_STRING_GSSAPI;
+ *state1 = SMTP_AUTH_GSSAPI;
+ *state2 = SMTP_AUTH_GSSAPI_TOKEN;
+ smtpc->authused = SASL_MECH_GSSAPI;
+
+ if(data->set.sasl_ir)
+ result = Curl_sasl_create_gssapi_user_message(data, conn->user,
+ conn->passwd, "smtp",
+ smtpc->mutual_auth,
+ NULL, &conn->krb5,
+ initresp, len);
+ }
+ else
+#endif
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+ if((smtpc->authmechs & SASL_MECH_DIGEST_MD5) &&
+ (smtpc->prefmech & SASL_MECH_DIGEST_MD5)) {
+ *mech = SASL_MECH_STRING_DIGEST_MD5;
+ *state1 = SMTP_AUTH_DIGESTMD5;
+ smtpc->authused = SASL_MECH_DIGEST_MD5;
+ }
+ else if((smtpc->authmechs & SASL_MECH_CRAM_MD5) &&
+ (smtpc->prefmech & SASL_MECH_CRAM_MD5)) {
+ *mech = SASL_MECH_STRING_CRAM_MD5;
+ *state1 = SMTP_AUTH_CRAMMD5;
+ smtpc->authused = SASL_MECH_CRAM_MD5;
+ }
+ else
+#endif
+#ifdef USE_NTLM
+ if((smtpc->authmechs & SASL_MECH_NTLM) &&
+ (smtpc->prefmech & SASL_MECH_NTLM)) {
+ *mech = SASL_MECH_STRING_NTLM;
+ *state1 = SMTP_AUTH_NTLM;
+ *state2 = SMTP_AUTH_NTLM_TYPE2MSG;
+ smtpc->authused = SASL_MECH_NTLM;
+
+ if(data->set.sasl_ir)
+ result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
+ &conn->ntlm,
+ initresp, len);
+ }
+ else
+#endif
+ if(((smtpc->authmechs & SASL_MECH_XOAUTH2) &&
+ (smtpc->prefmech & SASL_MECH_XOAUTH2) &&
+ (smtpc->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) {
+ *mech = SASL_MECH_STRING_XOAUTH2;
+ *state1 = SMTP_AUTH_XOAUTH2;
+ *state2 = SMTP_AUTH_FINAL;
+ smtpc->authused = SASL_MECH_XOAUTH2;
+
+ if(data->set.sasl_ir)
+ result = Curl_sasl_create_xoauth2_message(data, conn->user,
+ conn->xoauth2_bearer,
+ initresp, len);
+ }
+ else if((smtpc->authmechs & SASL_MECH_LOGIN) &&
+ (smtpc->prefmech & SASL_MECH_LOGIN)) {
+ *mech = SASL_MECH_STRING_LOGIN;
+ *state1 = SMTP_AUTH_LOGIN;
+ *state2 = SMTP_AUTH_LOGIN_PASSWD;
+ smtpc->authused = SASL_MECH_LOGIN;
+
+ if(data->set.sasl_ir)
+ result = Curl_sasl_create_login_message(data, conn->user, initresp, len);
+ }
+ else if((smtpc->authmechs & SASL_MECH_PLAIN) &&
+ (smtpc->prefmech & SASL_MECH_PLAIN)) {
+ *mech = SASL_MECH_STRING_PLAIN;
+ *state1 = SMTP_AUTH_PLAIN;
+ *state2 = SMTP_AUTH_FINAL;
+ smtpc->authused = SASL_MECH_PLAIN;
+
+ if(data->set.sasl_ir)
+ result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd,
+ initresp, len);
+ }
+
+ return result;
+}
+
+CURLcode Curl_smtp_escape_eob(struct connectdata *conn, const ssize_t nread)
{
/* When sending a SMTP payload we must detect CRLF. sequences making sure
they are sent as CRLF.. instead, as a . on the beginning of a line will
ssize_t si;
struct SessionHandle *data = conn->data;
struct SMTP *smtp = data->req.protop;
+ char *scratch = data->state.scratch;
+ char *newscratch = NULL;
+ char *oldscratch = NULL;
+ size_t eob_sent;
+
+ /* Do we need to allocate a scratch buffer? */
+ if(!scratch || data->set.crlf) {
+ oldscratch = scratch;
- /* Do we need to allocate the scatch buffer? */
- if(!data->state.scratch) {
- data->state.scratch = malloc(2 * BUFSIZE);
+ scratch = newscratch = malloc(2 * BUFSIZE);
+ if(!newscratch) {
+ failf(data, "Failed to alloc scratch buffer!");
- if(!data->state.scratch) {
- failf (data, "Failed to alloc scratch buffer!");
return CURLE_OUT_OF_MEMORY;
}
}
+ /* Have we already sent part of the EOB? */
+ eob_sent = smtp->eob;
+
/* This loop can be improved by some kind of Boyer-Moore style of
approach but that is saved for later... */
for(i = 0, si = 0; i < nread; i++) {
}
else if(smtp->eob) {
/* A previous substring matched so output that first */
- memcpy(&data->state.scratch[si], SMTP_EOB, smtp->eob);
- si += smtp->eob;
+ memcpy(&scratch[si], &SMTP_EOB[eob_sent], smtp->eob - eob_sent);
+ si += smtp->eob - eob_sent;
/* Then compare the first byte */
if(SMTP_EOB[0] == data->req.upload_fromhere[i])
else
smtp->eob = 0;
+ eob_sent = 0;
+
/* Reset the trailing CRLF flag as there was more data */
smtp->trailing_crlf = FALSE;
}
/* Do we have a match for CRLF. as per RFC-5321, sect. 4.5.2 */
if(SMTP_EOB_FIND_LEN == smtp->eob) {
/* Copy the replacement data to the target buffer */
- memcpy(&data->state.scratch[si], SMTP_EOB_REPL, SMTP_EOB_REPL_LEN);
- si += SMTP_EOB_REPL_LEN;
+ memcpy(&scratch[si], &SMTP_EOB_REPL[eob_sent],
+ SMTP_EOB_REPL_LEN - eob_sent);
+ si += SMTP_EOB_REPL_LEN - eob_sent;
smtp->eob = 0;
+ eob_sent = 0;
}
else if(!smtp->eob)
- data->state.scratch[si++] = data->req.upload_fromhere[i];
+ scratch[si++] = data->req.upload_fromhere[i];
}
- if(smtp->eob) {
+ if(smtp->eob - eob_sent) {
/* A substring matched before processing ended so output that now */
- memcpy(&data->state.scratch[si], SMTP_EOB, smtp->eob);
- si += smtp->eob;
- smtp->eob = 0;
+ memcpy(&scratch[si], &SMTP_EOB[eob_sent], smtp->eob - eob_sent);
+ si += smtp->eob - eob_sent;
}
+ /* Only use the new buffer if we replaced something */
if(si != nread) {
- /* Only use the new buffer if we replaced something */
- nread = si;
-
/* Upload from the new (replaced) buffer instead */
- data->req.upload_fromhere = data->state.scratch;
+ data->req.upload_fromhere = scratch;
+
+ /* Save the buffer so it can be freed later */
+ data->state.scratch = scratch;
+
+ /* Free the old scratch buffer */
+ Curl_safefree(oldscratch);
/* Set the new amount too */
- data->req.upload_present = nread;
+ data->req.upload_present = si;
}
+ else
+ Curl_safefree(newscratch);
return CURLE_OK;
}
projects / platform / upstream / curl.git / blobdiff