diff --git a/lib/imap.c b/lib/imap.c index 37feff42986d43fb97c8de0f35c1485668b71030..bd03c76cde4be7b8f7d017767c322fb3f8138d7e 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -1307,14 +1307,45 @@ static CURLcode imap_state_auth_cancel_resp(struct connectdata *conn, int imapcode, imapstate instate) { + CURLcode result = CURLE_OK; struct SessionHandle *data = conn->data; + struct imap_conn *imapc = &conn->proto.imapc; + const char *mech = NULL; + char *initresp = NULL; + size_t len = 0; + imapstate state1 = IMAP_STOP; + imapstate state2 = IMAP_STOP; (void)imapcode; (void)instate; /* no use for this yet */ - failf(data, "Authentication cancelled"); + /* Remove the offending mechanism from the supported list */ + imapc->authmechs ^= imapc->authused; + + /* Calculate alternative SASL login details */ + result = imap_calc_sasl_details(conn, &mech, &initresp, &len, &state1, + &state2); + + if(!result) { + /* Do we have any mechanisms left or can we fallback to clear text? */ + if(mech) { + /* Retry SASL based authentication */ + result = imap_perform_authenticate(conn, mech, initresp, state1, state2); + + Curl_safefree(initresp); + } + else if((!imapc->login_disabled) && + (imapc->preftype & IMAP_TYPE_CLEARTEXT)) + /* Perform clear text authentication */ + result = imap_perform_login(conn); + else { + failf(data, "Authentication cancelled"); + + result = CURLE_LOGIN_DENIED; + } + } - return CURLE_LOGIN_DENIED; + return result; } /* For final responses in the AUTHENTICATE sequence */ diff --git a/lib/pop3.c b/lib/pop3.c index 1554f09cd3e5be74404997511fa8158dcc6df388..c2c151a93d42c76720caabc31df540a9e2af6c7d 100644 --- a/lib/pop3.c +++ b/lib/pop3.c @@ -1161,14 +1161,52 @@ static CURLcode pop3_state_auth_cancel_resp(struct connectdata *conn, int pop3code, pop3state instate) { + CURLcode result = CURLE_OK; struct SessionHandle *data = conn->data; + struct pop3_conn *pop3c = &conn->proto.pop3c; + const char *mech = NULL; + char *initresp = NULL; + size_t len = 0; + pop3state state1 = POP3_STOP; + pop3state state2 = POP3_STOP; (void)pop3code; (void)instate; /* no use for this yet */ - failf(data, "Authentication cancelled"); + /* Remove the offending mechanism from the supported list */ + pop3c->authmechs ^= pop3c->authused; + + /* Calculate alternative SASL login details */ + result = pop3_calc_sasl_details(conn, &mech, &initresp, &len, &state1, + &state2); + + if(!result) { + /* Do we have any mechanisms left or can we fallback to another + authentication type? */ + if(mech) { + /* Retry SASL based authentication */ + result = pop3_perform_auth(conn, mech, initresp, len, state1, state2); + + Curl_safefree(initresp); + } +#ifndef CURL_DISABLE_CRYPTO_AUTH + else if((pop3c->authtypes & POP3_TYPE_APOP) && + (pop3c->preftype & POP3_TYPE_APOP)) + /* Perform APOP authentication */ + result = pop3_perform_apop(conn); +#endif + else if((pop3c->authtypes & POP3_TYPE_CLEARTEXT) && + (pop3c->preftype & POP3_TYPE_CLEARTEXT)) + /* Perform clear text authentication */ + result = pop3_perform_user(conn); + else { + failf(data, "Authentication cancelled"); + + result = CURLE_LOGIN_DENIED; + } + } - return CURLE_LOGIN_DENIED; + return result; } /* For final responses in the AUTH sequence */ diff --git a/lib/smtp.c b/lib/smtp.c index 07fec11f9c05f548353664d51cc7e1a9d1e24bb8..f35f7537ecd9f5a4c627c4de0e119b8585017114 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -1189,14 +1189,41 @@ static CURLcode smtp_state_auth_cancel_resp(struct connectdata *conn, int smtpcode, smtpstate instate) { + CURLcode result = CURLE_OK; struct SessionHandle *data = conn->data; + struct smtp_conn *smtpc = &conn->proto.smtpc; + const char *mech = NULL; + char *initresp = NULL; + size_t len = 0; + smtpstate state1 = SMTP_STOP; + smtpstate state2 = SMTP_STOP; (void)smtpcode; (void)instate; /* no use for this yet */ - failf(data, "Authentication cancelled"); + /* Remove the offending mechanism from the supported list */ + smtpc->authmechs ^= smtpc->authused; + + /* Calculate alternative SASL login details */ + result = smtp_calc_sasl_details(conn, &mech, &initresp, &len, &state1, + &state2); - return CURLE_LOGIN_DENIED; + if(!result) { + /* Do we have any mechanisms left? */ + if(mech) { + /* Retry SASL based authentication */ + result = smtp_perform_auth(conn, mech, initresp, len, state1, state2); + + Curl_safefree(initresp); + } + else { + failf(data, "Authentication cancelled"); + + result = CURLE_LOGIN_DENIED; + } + } + + return result; } /* For final responses in the AUTH sequence */ diff --git a/tests/data/test830 b/tests/data/test830 index edc3eb1e7f9289ebf9e45969d8e3a930e27cfea7..ff5586717e6161e62f2a55abc70c608c3c611542 100644 --- a/tests/data/test830 +++ b/tests/data/test830 @@ -12,6 +12,7 @@ RFC2195 AUTH CRAM-MD5 +CAPA LOGINDISABLED REPLY AUTHENTICATE + Rubbish REPLY * A002 NO AUTH exchange cancelled by client diff --git a/tests/data/test831 b/tests/data/test831 index 4963ba3720a3884b8f8728e19af4b271486ea980..51864db339fcdd2f8a11d3754570a232b3c54b25 100644 --- a/tests/data/test831 +++ b/tests/data/test831 @@ -11,6 +11,7 @@ IMAP AUTH NTLM AUTH NTLM +CAPA LOGINDISABLED REPLY AUTHENTICATE + REPLY TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= + Rubbish REPLY * A002 NO AUTH exchange cancelled by client diff --git a/tests/data/test832 b/tests/data/test832 index 6c54b304f6e2abc4cac09fff5de8463712415abe..edc910d21b7f89ae5d5f1a23f206ad77e690f555 100644 --- a/tests/data/test832 +++ b/tests/data/test832 @@ -12,6 +12,7 @@ RFC2831 AUTH DIGEST-MD5 +CAPA LOGINDISABLED REPLY AUTHENTICATE + Rubbish REPLY * A002 NO AUTH exchange cancelled by client