Loading lib/curl_sasl.h +8 −0 Original line number Diff line number Diff line Loading @@ -68,6 +68,14 @@ enum { CURLDIGESTALGO_MD5SESS }; /* Per-connection parameters */ struct SASL { unsigned int authmechs; /* Accepted authentication mechanisms */ unsigned int prefmech; /* Preferred authentication mechanism */ unsigned int authused; /* Auth mechanism used for the connection */ bool mutual_auth; /* Mutual authentication enabled (GSSAPI only) */ }; /* This is used to test whether the line starts with the given mechanism */ #define sasl_mech_equal(line, wordlen, mech) \ (wordlen == (sizeof(mech) - 1) / sizeof(char) && \ Loading lib/imap.c +52 −52 Original line number Diff line number Diff line Loading @@ -471,8 +471,8 @@ static CURLcode imap_perform_capability(struct connectdata *conn) CURLcode result = CURLE_OK; struct imap_conn *imapc = &conn->proto.imapc; imapc->authmechs = 0; /* No known authentication mechanisms yet */ imapc->authused = 0; /* Clear the authentication mechanism used */ imapc->sasl.authmechs = SASL_AUTH_NONE; /* No known auth. mechanisms yet */ imapc->sasl.authused = SASL_AUTH_NONE; /* Clear the auth. mechanism used */ imapc->tls_supported = FALSE; /* Clear the TLS capability */ /* Send the CAPABILITY command */ Loading Loading @@ -919,21 +919,21 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn, /* Test the word for a matching authentication mechanism */ if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN)) imapc->authmechs |= SASL_MECH_LOGIN; imapc->sasl.authmechs |= SASL_MECH_LOGIN; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN)) imapc->authmechs |= SASL_MECH_PLAIN; imapc->sasl.authmechs |= SASL_MECH_PLAIN; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5)) imapc->authmechs |= SASL_MECH_CRAM_MD5; imapc->sasl.authmechs |= SASL_MECH_CRAM_MD5; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5)) imapc->authmechs |= SASL_MECH_DIGEST_MD5; imapc->sasl.authmechs |= SASL_MECH_DIGEST_MD5; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI)) imapc->authmechs |= SASL_MECH_GSSAPI; imapc->sasl.authmechs |= SASL_MECH_GSSAPI; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL)) imapc->authmechs |= SASL_MECH_EXTERNAL; imapc->sasl.authmechs |= SASL_MECH_EXTERNAL; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM)) imapc->authmechs |= SASL_MECH_NTLM; imapc->sasl.authmechs |= SASL_MECH_NTLM; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2)) imapc->authmechs |= SASL_MECH_XOAUTH2; imapc->sasl.authmechs |= SASL_MECH_XOAUTH2; } line += wordlen; Loading Loading @@ -1321,7 +1321,7 @@ static CURLcode imap_state_auth_gssapi_resp(struct connectdata *conn, /* Create the initial response message */ result = Curl_sasl_create_gssapi_user_message(data, conn->user, conn->passwd, "imap", imapc->mutual_auth, imapc->sasl.mutual_auth, NULL, &conn->krb5, &respmsg, &len); if(!result && respmsg) { Loading Loading @@ -1360,11 +1360,11 @@ static CURLcode imap_state_auth_gssapi_token_resp(struct connectdata *conn, /* Get the challenge message */ imap_get_message(data->state.buffer, &chlgmsg); if(imapc->mutual_auth) if(imapc->sasl.mutual_auth) /* Decode the user token challenge and create the optional response message */ result = Curl_sasl_create_gssapi_user_message(data, NULL, NULL, NULL, imapc->mutual_auth, imapc->sasl.mutual_auth, chlgmsg, &conn->krb5, &respmsg, &len); else Loading @@ -1390,8 +1390,8 @@ static CURLcode imap_state_auth_gssapi_token_resp(struct connectdata *conn, result = Curl_pp_sendf(&imapc->pp, "%s", ""); if(!result) state(conn, (imapc->mutual_auth ? IMAP_AUTHENTICATE_GSSAPI_NO_DATA : IMAP_AUTHENTICATE_FINAL)); state(conn, imapc->sasl.mutual_auth? IMAP_AUTHENTICATE_GSSAPI_NO_DATA: IMAP_AUTHENTICATE_FINAL); } } Loading Loading @@ -1504,7 +1504,7 @@ static CURLcode imap_state_auth_cancel_resp(struct connectdata *conn, (void)instate; /* no use for this yet */ /* Remove the offending mechanism from the supported list */ imapc->authmechs ^= imapc->authused; imapc->sasl.authmechs ^= imapc->sasl.authused; /* Calculate alternative SASL login details */ result = imap_calc_sasl_details(conn, &mech, &initresp, &len, &state1, Loading Loading @@ -2061,7 +2061,7 @@ static CURLcode imap_connect(struct connectdata *conn, bool *done) /* Set the default preferred authentication type and mechanism */ imapc->preftype = IMAP_TYPE_ANY; imapc->prefmech = SASL_AUTH_ANY; imapc->sasl.prefmech = SASL_AUTH_ANY; /* Initialise the pingpong layer */ Curl_pp_init(pp); Loading Loading @@ -2274,7 +2274,7 @@ static CURLcode imap_disconnect(struct connectdata *conn, bool dead_connection) Curl_pp_disconnect(&imapc->pp); /* Cleanup the SASL module */ Curl_sasl_cleanup(conn, imapc->authused); Curl_sasl_cleanup(conn, imapc->sasl.authused); /* Cleanup our connection based variables */ Curl_safefree(imapc->mailbox); Loading Loading @@ -2565,7 +2565,7 @@ static CURLcode imap_parse_url_options(struct connectdata *conn) if(reset) { reset = FALSE; imapc->preftype = IMAP_TYPE_NONE; imapc->prefmech = SASL_AUTH_NONE; imapc->sasl.prefmech = SASL_AUTH_NONE; } while(*ptr && *ptr != ';') { Loading @@ -2575,35 +2575,35 @@ static CURLcode imap_parse_url_options(struct connectdata *conn) if(strnequal(value, "*", len)) { imapc->preftype = IMAP_TYPE_ANY; imapc->prefmech = SASL_AUTH_ANY; imapc->sasl.prefmech = SASL_AUTH_ANY; } else if(strnequal(value, SASL_MECH_STRING_LOGIN, len)) { imapc->preftype = IMAP_TYPE_SASL; imapc->prefmech |= SASL_MECH_LOGIN; imapc->sasl.prefmech |= SASL_MECH_LOGIN; } else if(strnequal(value, SASL_MECH_STRING_PLAIN, len)) { imapc->preftype = IMAP_TYPE_SASL; imapc->prefmech |= SASL_MECH_PLAIN; imapc->sasl.prefmech |= SASL_MECH_PLAIN; } else if(strnequal(value, SASL_MECH_STRING_CRAM_MD5, len)) { imapc->preftype = IMAP_TYPE_SASL; imapc->prefmech |= SASL_MECH_CRAM_MD5; imapc->sasl.prefmech |= SASL_MECH_CRAM_MD5; } else if(strnequal(value, SASL_MECH_STRING_DIGEST_MD5, len)) { imapc->preftype = IMAP_TYPE_SASL; imapc->prefmech |= SASL_MECH_DIGEST_MD5; imapc->sasl.prefmech |= SASL_MECH_DIGEST_MD5; } else if(strnequal(value, SASL_MECH_STRING_GSSAPI, len)) { imapc->preftype = IMAP_TYPE_SASL; imapc->prefmech |= SASL_MECH_GSSAPI; imapc->sasl.prefmech |= SASL_MECH_GSSAPI; } else if(strnequal(value, SASL_MECH_STRING_NTLM, len)) { imapc->preftype = IMAP_TYPE_SASL; imapc->prefmech |= SASL_MECH_NTLM; imapc->sasl.prefmech |= SASL_MECH_NTLM; } else if(strnequal(value, SASL_MECH_STRING_XOAUTH2, len)) { imapc->preftype = IMAP_TYPE_SASL; imapc->prefmech |= SASL_MECH_XOAUTH2; imapc->sasl.prefmech |= SASL_MECH_XOAUTH2; } if(*ptr == ';') Loading Loading @@ -2803,46 +2803,46 @@ static CURLcode imap_calc_sasl_details(struct connectdata *conn, /* Calculate the supported authentication mechanism, by decreasing order of security, as well as the initial response where appropriate */ #if defined(USE_KERBEROS5) if((imapc->authmechs & SASL_MECH_GSSAPI) && (imapc->prefmech & SASL_MECH_GSSAPI)) { imapc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ if((imapc->sasl.authmechs & SASL_MECH_GSSAPI) && (imapc->sasl.prefmech & SASL_MECH_GSSAPI)) { imapc->sasl.mutual_auth = FALSE; /* TODO: Calculate mutual auth. */ *mech = SASL_MECH_STRING_GSSAPI; *state1 = IMAP_AUTHENTICATE_GSSAPI; *state2 = IMAP_AUTHENTICATE_GSSAPI_TOKEN; imapc->authused = SASL_MECH_GSSAPI; imapc->sasl.authused = SASL_MECH_GSSAPI; if(imapc->ir_supported || data->set.sasl_ir) result = Curl_sasl_create_gssapi_user_message(data, conn->user, conn->passwd, "imap", imapc->mutual_auth, imapc->sasl.mutual_auth, NULL, &conn->krb5, initresp, len); } else #endif #ifndef CURL_DISABLE_CRYPTO_AUTH if((imapc->authmechs & SASL_MECH_DIGEST_MD5) && (imapc->prefmech & SASL_MECH_DIGEST_MD5)) { if((imapc->sasl.authmechs & SASL_MECH_DIGEST_MD5) && (imapc->sasl.prefmech & SASL_MECH_DIGEST_MD5)) { *mech = SASL_MECH_STRING_DIGEST_MD5; *state1 = IMAP_AUTHENTICATE_DIGESTMD5; imapc->authused = SASL_MECH_DIGEST_MD5; imapc->sasl.authused = SASL_MECH_DIGEST_MD5; } else if((imapc->authmechs & SASL_MECH_CRAM_MD5) && (imapc->prefmech & SASL_MECH_CRAM_MD5)) { else if((imapc->sasl.authmechs & SASL_MECH_CRAM_MD5) && (imapc->sasl.prefmech & SASL_MECH_CRAM_MD5)) { *mech = SASL_MECH_STRING_CRAM_MD5; *state1 = IMAP_AUTHENTICATE_CRAMMD5; imapc->authused = SASL_MECH_CRAM_MD5; imapc->sasl.authused = SASL_MECH_CRAM_MD5; } else #endif #ifdef USE_NTLM if((imapc->authmechs & SASL_MECH_NTLM) && (imapc->prefmech & SASL_MECH_NTLM)) { if((imapc->sasl.authmechs & SASL_MECH_NTLM) && (imapc->sasl.prefmech & SASL_MECH_NTLM)) { *mech = SASL_MECH_STRING_NTLM; *state1 = IMAP_AUTHENTICATE_NTLM; *state2 = IMAP_AUTHENTICATE_NTLM_TYPE2MSG; imapc->authused = SASL_MECH_NTLM; imapc->sasl.authused = SASL_MECH_NTLM; if(imapc->ir_supported || data->set.sasl_ir) result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd, Loading @@ -2851,35 +2851,35 @@ static CURLcode imap_calc_sasl_details(struct connectdata *conn, } else #endif if(((imapc->authmechs & SASL_MECH_XOAUTH2) && (imapc->prefmech & SASL_MECH_XOAUTH2) && (imapc->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) { if(((imapc->sasl.authmechs & SASL_MECH_XOAUTH2) && (imapc->sasl.prefmech & SASL_MECH_XOAUTH2) && (imapc->sasl.prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) { *mech = SASL_MECH_STRING_XOAUTH2; *state1 = IMAP_AUTHENTICATE_XOAUTH2; *state2 = IMAP_AUTHENTICATE_FINAL; imapc->authused = SASL_MECH_XOAUTH2; imapc->sasl.authused = SASL_MECH_XOAUTH2; if(imapc->ir_supported || data->set.sasl_ir) result = Curl_sasl_create_xoauth2_message(data, conn->user, conn->xoauth2_bearer, initresp, len); } else if((imapc->authmechs & SASL_MECH_LOGIN) && (imapc->prefmech & SASL_MECH_LOGIN)) { else if((imapc->sasl.authmechs & SASL_MECH_LOGIN) && (imapc->sasl.prefmech & SASL_MECH_LOGIN)) { *mech = SASL_MECH_STRING_LOGIN; *state1 = IMAP_AUTHENTICATE_LOGIN; *state2 = IMAP_AUTHENTICATE_LOGIN_PASSWD; imapc->authused = SASL_MECH_LOGIN; imapc->sasl.authused = SASL_MECH_LOGIN; if(imapc->ir_supported || data->set.sasl_ir) result = Curl_sasl_create_login_message(data, conn->user, initresp, len); } else if((imapc->authmechs & SASL_MECH_PLAIN) && (imapc->prefmech & SASL_MECH_PLAIN)) { else if((imapc->sasl.authmechs & SASL_MECH_PLAIN) && (imapc->sasl.prefmech & SASL_MECH_PLAIN)) { *mech = SASL_MECH_STRING_PLAIN; *state1 = IMAP_AUTHENTICATE_PLAIN; *state2 = IMAP_AUTHENTICATE_FINAL; imapc->authused = SASL_MECH_PLAIN; imapc->sasl.authused = SASL_MECH_PLAIN; if(imapc->ir_supported || data->set.sasl_ir) result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd, Loading lib/imap.h +2 −4 Original line number Diff line number Diff line Loading @@ -23,6 +23,7 @@ ***************************************************************************/ #include "pingpong.h" #include "curl_sasl.h" /**************************************************************************** * IMAP unique setup Loading Loading @@ -83,16 +84,13 @@ struct imap_conn { struct pingpong pp; imapstate state; /* Always use imap.c:state() to change state! */ bool ssldone; /* Is connect() over SSL done? */ unsigned int authmechs; /* Accepted authentication mechanisms */ struct SASL sasl; /* SASL-related parameters */ unsigned int preftype; /* Preferred authentication type */ unsigned int prefmech; /* Preferred authentication mechanism */ unsigned int authused; /* Auth mechanism used for the connection */ int cmdid; /* Last used command ID */ char resptag[5]; /* Response tag to wait for */ bool tls_supported; /* StartTLS capability supported by server */ bool login_disabled; /* LOGIN command disabled by server */ bool ir_supported; /* Initial response supported by server */ bool mutual_auth; /* Mutual authentication enabled (GSSAPI only) */ char *mailbox; /* The last selected mailbox */ char *mailbox_uidvalidity; /* UIDVALIDITY parsed from select response */ }; Loading lib/pop3.c +53 −53 Original line number Diff line number Diff line Loading @@ -354,8 +354,8 @@ static CURLcode pop3_perform_capa(struct connectdata *conn) CURLcode result = CURLE_OK; struct pop3_conn *pop3c = &conn->proto.pop3c; pop3c->authmechs = 0; /* No known authentication mechanisms yet */ pop3c->authused = 0; /* Clear the authentication mechanism used */ pop3c->sasl.authmechs = SASL_AUTH_NONE; /* No known auth. mechanisms yet */ pop3c->sasl.authused = SASL_AUTH_NONE; /* Clear the auth. mechanism used */ pop3c->tls_supported = FALSE; /* Clear the TLS capability */ /* Send the CAPA command */ Loading Loading @@ -745,21 +745,21 @@ static CURLcode pop3_state_capa_resp(struct connectdata *conn, int pop3code, /* Test the word for a matching authentication mechanism */ if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN)) pop3c->authmechs |= SASL_MECH_LOGIN; pop3c->sasl.authmechs |= SASL_MECH_LOGIN; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN)) pop3c->authmechs |= SASL_MECH_PLAIN; pop3c->sasl.authmechs |= SASL_MECH_PLAIN; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5)) pop3c->authmechs |= SASL_MECH_CRAM_MD5; pop3c->sasl.authmechs |= SASL_MECH_CRAM_MD5; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5)) pop3c->authmechs |= SASL_MECH_DIGEST_MD5; pop3c->sasl.authmechs |= SASL_MECH_DIGEST_MD5; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI)) pop3c->authmechs |= SASL_MECH_GSSAPI; pop3c->sasl.authmechs |= SASL_MECH_GSSAPI; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL)) pop3c->authmechs |= SASL_MECH_EXTERNAL; pop3c->sasl.authmechs |= SASL_MECH_EXTERNAL; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM)) pop3c->authmechs |= SASL_MECH_NTLM; pop3c->sasl.authmechs |= SASL_MECH_NTLM; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2)) pop3c->authmechs |= SASL_MECH_XOAUTH2; pop3c->sasl.authmechs |= SASL_MECH_XOAUTH2; line += wordlen; len -= wordlen; Loading Loading @@ -1152,7 +1152,7 @@ static CURLcode pop3_state_auth_gssapi_resp(struct connectdata *conn, /* Create the initial response message */ result = Curl_sasl_create_gssapi_user_message(data, conn->user, conn->passwd, "pop", pop3c->mutual_auth, pop3c->sasl.mutual_auth, NULL, &conn->krb5, &respmsg, &len); if(!result && respmsg) { Loading Loading @@ -1191,11 +1191,11 @@ static CURLcode pop3_state_auth_gssapi_token_resp(struct connectdata *conn, /* Get the challenge message */ pop3_get_message(data->state.buffer, &chlgmsg); if(pop3c->mutual_auth) if(pop3c->sasl.mutual_auth) /* Decode the user token challenge and create the optional response message */ result = Curl_sasl_create_gssapi_user_message(data, NULL, NULL, NULL, pop3c->mutual_auth, pop3c->sasl.mutual_auth, chlgmsg, &conn->krb5, &respmsg, &len); else Loading @@ -1221,7 +1221,7 @@ static CURLcode pop3_state_auth_gssapi_token_resp(struct connectdata *conn, result = Curl_pp_sendf(&pop3c->pp, "%s", ""); if(!result) state(conn, (pop3c->mutual_auth ? POP3_AUTH_GSSAPI_NO_DATA : state(conn, (pop3c->sasl.mutual_auth ? POP3_AUTH_GSSAPI_NO_DATA : POP3_AUTH_FINAL)); } } Loading Loading @@ -1334,7 +1334,7 @@ static CURLcode pop3_state_auth_cancel_resp(struct connectdata *conn, (void)instate; /* no use for this yet */ /* Remove the offending mechanism from the supported list */ pop3c->authmechs ^= pop3c->authused; pop3c->sasl.authmechs ^= pop3c->sasl.authused; /* Calculate alternative SASL login details */ result = pop3_calc_sasl_details(conn, &mech, &initresp, &len, &state1, Loading Loading @@ -1727,7 +1727,7 @@ static CURLcode pop3_connect(struct connectdata *conn, bool *done) /* Set the default preferred authentication type and mechanism */ pop3c->preftype = POP3_TYPE_ANY; pop3c->prefmech = SASL_AUTH_ANY; pop3c->sasl.prefmech = SASL_AUTH_ANY; /* Initialise the pingpong layer */ Curl_pp_init(pp); Loading Loading @@ -1879,7 +1879,7 @@ static CURLcode pop3_disconnect(struct connectdata *conn, bool dead_connection) Curl_pp_disconnect(&pop3c->pp); /* Cleanup the SASL module */ Curl_sasl_cleanup(conn, pop3c->authused); Curl_sasl_cleanup(conn, pop3c->sasl.authused); /* Cleanup our connection based variables */ Curl_safefree(pop3c->apoptimestamp); Loading Loading @@ -2011,7 +2011,7 @@ static CURLcode pop3_parse_url_options(struct connectdata *conn) if(reset) { reset = FALSE; pop3c->preftype = POP3_TYPE_NONE; pop3c->prefmech = SASL_AUTH_NONE; pop3c->sasl.prefmech = SASL_AUTH_NONE; } while(*ptr && *ptr != ';') { Loading @@ -2021,39 +2021,39 @@ static CURLcode pop3_parse_url_options(struct connectdata *conn) if(strnequal(value, "*", len)) { pop3c->preftype = POP3_TYPE_ANY; pop3c->prefmech = SASL_AUTH_ANY; pop3c->sasl.prefmech = SASL_AUTH_ANY; } else if(strnequal(value, "+APOP", len)) { pop3c->preftype = POP3_TYPE_APOP; pop3c->prefmech = SASL_AUTH_NONE; pop3c->sasl.prefmech = SASL_AUTH_NONE; } else if(strnequal(value, SASL_MECH_STRING_LOGIN, len)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech |= SASL_MECH_LOGIN; pop3c->sasl.prefmech |= SASL_MECH_LOGIN; } else if(strnequal(value, SASL_MECH_STRING_PLAIN, len)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech |= SASL_MECH_PLAIN; pop3c->sasl.prefmech |= SASL_MECH_PLAIN; } else if(strnequal(value, SASL_MECH_STRING_CRAM_MD5, len)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech |= SASL_MECH_CRAM_MD5; pop3c->sasl.prefmech |= SASL_MECH_CRAM_MD5; } else if(strnequal(value, SASL_MECH_STRING_DIGEST_MD5, len)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech |= SASL_MECH_DIGEST_MD5; pop3c->sasl.prefmech |= SASL_MECH_DIGEST_MD5; } else if(strnequal(value, SASL_MECH_STRING_GSSAPI, len)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech |= SASL_MECH_GSSAPI; pop3c->sasl.prefmech |= SASL_MECH_GSSAPI; } else if(strnequal(value, SASL_MECH_STRING_NTLM, len)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech |= SASL_MECH_NTLM; pop3c->sasl.prefmech |= SASL_MECH_NTLM; } else if(strnequal(value, SASL_MECH_STRING_XOAUTH2, len)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech |= SASL_MECH_XOAUTH2; pop3c->sasl.prefmech |= SASL_MECH_XOAUTH2; } if(*ptr == ';') Loading Loading @@ -2121,46 +2121,46 @@ static CURLcode pop3_calc_sasl_details(struct connectdata *conn, /* Calculate the supported authentication mechanism, by decreasing order of security, as well as the initial response where appropriate */ #if defined(USE_KERBEROS5) if((pop3c->authmechs & SASL_MECH_GSSAPI) && (pop3c->prefmech & SASL_MECH_GSSAPI)) { pop3c->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ if((pop3c->sasl.authmechs & SASL_MECH_GSSAPI) && (pop3c->sasl.prefmech & SASL_MECH_GSSAPI)) { pop3c->sasl.mutual_auth = FALSE; /* TODO: Calculate mutual auth. */ *mech = SASL_MECH_STRING_GSSAPI; *state1 = POP3_AUTH_GSSAPI; *state2 = POP3_AUTH_GSSAPI_TOKEN; pop3c->authused = SASL_MECH_GSSAPI; pop3c->sasl.authused = SASL_MECH_GSSAPI; if(data->set.sasl_ir) result = Curl_sasl_create_gssapi_user_message(data, conn->user, conn->passwd, "pop", pop3c->mutual_auth, pop3c->sasl.mutual_auth, NULL, &conn->krb5, initresp, len); } else #endif #ifndef CURL_DISABLE_CRYPTO_AUTH if((pop3c->authmechs & SASL_MECH_DIGEST_MD5) && (pop3c->prefmech & SASL_MECH_DIGEST_MD5)) { if((pop3c->sasl.authmechs & SASL_MECH_DIGEST_MD5) && (pop3c->sasl.prefmech & SASL_MECH_DIGEST_MD5)) { *mech = SASL_MECH_STRING_DIGEST_MD5; *state1 = POP3_AUTH_DIGESTMD5; pop3c->authused = SASL_MECH_DIGEST_MD5; pop3c->sasl.authused = SASL_MECH_DIGEST_MD5; } else if((pop3c->authmechs & SASL_MECH_CRAM_MD5) && (pop3c->prefmech & SASL_MECH_CRAM_MD5)) { else if((pop3c->sasl.authmechs & SASL_MECH_CRAM_MD5) && (pop3c->sasl.prefmech & SASL_MECH_CRAM_MD5)) { *mech = SASL_MECH_STRING_CRAM_MD5; *state1 = POP3_AUTH_CRAMMD5; pop3c->authused = SASL_MECH_CRAM_MD5; pop3c->sasl.authused = SASL_MECH_CRAM_MD5; } else #endif #ifdef USE_NTLM if((pop3c->authmechs & SASL_MECH_NTLM) && (pop3c->prefmech & SASL_MECH_NTLM)) { if((pop3c->sasl.authmechs & SASL_MECH_NTLM) && (pop3c->sasl.prefmech & SASL_MECH_NTLM)) { *mech = SASL_MECH_STRING_NTLM; *state1 = POP3_AUTH_NTLM; *state2 = POP3_AUTH_NTLM_TYPE2MSG; pop3c->authused = SASL_MECH_NTLM; pop3c->sasl.authused = SASL_MECH_NTLM; if(data->set.sasl_ir) result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd, Loading @@ -2169,35 +2169,35 @@ static CURLcode pop3_calc_sasl_details(struct connectdata *conn, } else #endif if(((pop3c->authmechs & SASL_MECH_XOAUTH2) && (pop3c->prefmech & SASL_MECH_XOAUTH2) && (pop3c->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) { if(((pop3c->sasl.authmechs & SASL_MECH_XOAUTH2) && (pop3c->sasl.prefmech & SASL_MECH_XOAUTH2) && (pop3c->sasl.prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) { *mech = SASL_MECH_STRING_XOAUTH2; *state1 = POP3_AUTH_XOAUTH2; *state2 = POP3_AUTH_FINAL; pop3c->authused = SASL_MECH_XOAUTH2; pop3c->sasl.authused = SASL_MECH_XOAUTH2; if(data->set.sasl_ir) result = Curl_sasl_create_xoauth2_message(data, conn->user, conn->xoauth2_bearer, initresp, len); } else if((pop3c->authmechs & SASL_MECH_LOGIN) && (pop3c->prefmech & SASL_MECH_LOGIN)) { else if((pop3c->sasl.authmechs & SASL_MECH_LOGIN) && (pop3c->sasl.prefmech & SASL_MECH_LOGIN)) { *mech = SASL_MECH_STRING_LOGIN; *state1 = POP3_AUTH_LOGIN; *state2 = POP3_AUTH_LOGIN_PASSWD; pop3c->authused = SASL_MECH_LOGIN; pop3c->sasl.authused = SASL_MECH_LOGIN; if(data->set.sasl_ir) result = Curl_sasl_create_login_message(data, conn->user, initresp, len); } else if((pop3c->authmechs & SASL_MECH_PLAIN) && (pop3c->prefmech & SASL_MECH_PLAIN)) { else if((pop3c->sasl.authmechs & SASL_MECH_PLAIN) && (pop3c->sasl.prefmech & SASL_MECH_PLAIN)) { *mech = SASL_MECH_STRING_PLAIN; *state1 = POP3_AUTH_PLAIN; *state2 = POP3_AUTH_FINAL; pop3c->authused = SASL_MECH_PLAIN; pop3c->sasl.authused = SASL_MECH_PLAIN; if(data->set.sasl_ir) result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd, Loading lib/pop3.h +2 −4 Original line number Diff line number Diff line Loading @@ -23,6 +23,7 @@ ***************************************************************************/ #include "pingpong.h" #include "curl_sasl.h" /**************************************************************************** * POP3 unique setup Loading Loading @@ -77,14 +78,11 @@ struct pop3_conn { have been received so far */ size_t strip; /* Number of bytes from the start to ignore as non-body */ struct SASL sasl; /* SASL-related storage */ unsigned int authtypes; /* Accepted authentication types */ unsigned int authmechs; /* Accepted SASL authentication mechanisms */ unsigned int preftype; /* Preferred authentication type */ unsigned int prefmech; /* Preferred SASL authentication mechanism */ unsigned int authused; /* SASL auth mechanism used for the connection */ char *apoptimestamp; /* APOP timestamp from the server greeting */ bool tls_supported; /* StartTLS capability supported by server */ bool mutual_auth; /* Mutual authentication enabled (GSSAPI only) */ }; extern const struct Curl_handler Curl_handler_pop3; Loading Loading
lib/curl_sasl.h +8 −0 Original line number Diff line number Diff line Loading @@ -68,6 +68,14 @@ enum { CURLDIGESTALGO_MD5SESS }; /* Per-connection parameters */ struct SASL { unsigned int authmechs; /* Accepted authentication mechanisms */ unsigned int prefmech; /* Preferred authentication mechanism */ unsigned int authused; /* Auth mechanism used for the connection */ bool mutual_auth; /* Mutual authentication enabled (GSSAPI only) */ }; /* This is used to test whether the line starts with the given mechanism */ #define sasl_mech_equal(line, wordlen, mech) \ (wordlen == (sizeof(mech) - 1) / sizeof(char) && \ Loading
lib/imap.c +52 −52 Original line number Diff line number Diff line Loading @@ -471,8 +471,8 @@ static CURLcode imap_perform_capability(struct connectdata *conn) CURLcode result = CURLE_OK; struct imap_conn *imapc = &conn->proto.imapc; imapc->authmechs = 0; /* No known authentication mechanisms yet */ imapc->authused = 0; /* Clear the authentication mechanism used */ imapc->sasl.authmechs = SASL_AUTH_NONE; /* No known auth. mechanisms yet */ imapc->sasl.authused = SASL_AUTH_NONE; /* Clear the auth. mechanism used */ imapc->tls_supported = FALSE; /* Clear the TLS capability */ /* Send the CAPABILITY command */ Loading Loading @@ -919,21 +919,21 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn, /* Test the word for a matching authentication mechanism */ if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN)) imapc->authmechs |= SASL_MECH_LOGIN; imapc->sasl.authmechs |= SASL_MECH_LOGIN; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN)) imapc->authmechs |= SASL_MECH_PLAIN; imapc->sasl.authmechs |= SASL_MECH_PLAIN; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5)) imapc->authmechs |= SASL_MECH_CRAM_MD5; imapc->sasl.authmechs |= SASL_MECH_CRAM_MD5; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5)) imapc->authmechs |= SASL_MECH_DIGEST_MD5; imapc->sasl.authmechs |= SASL_MECH_DIGEST_MD5; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI)) imapc->authmechs |= SASL_MECH_GSSAPI; imapc->sasl.authmechs |= SASL_MECH_GSSAPI; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL)) imapc->authmechs |= SASL_MECH_EXTERNAL; imapc->sasl.authmechs |= SASL_MECH_EXTERNAL; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM)) imapc->authmechs |= SASL_MECH_NTLM; imapc->sasl.authmechs |= SASL_MECH_NTLM; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2)) imapc->authmechs |= SASL_MECH_XOAUTH2; imapc->sasl.authmechs |= SASL_MECH_XOAUTH2; } line += wordlen; Loading Loading @@ -1321,7 +1321,7 @@ static CURLcode imap_state_auth_gssapi_resp(struct connectdata *conn, /* Create the initial response message */ result = Curl_sasl_create_gssapi_user_message(data, conn->user, conn->passwd, "imap", imapc->mutual_auth, imapc->sasl.mutual_auth, NULL, &conn->krb5, &respmsg, &len); if(!result && respmsg) { Loading Loading @@ -1360,11 +1360,11 @@ static CURLcode imap_state_auth_gssapi_token_resp(struct connectdata *conn, /* Get the challenge message */ imap_get_message(data->state.buffer, &chlgmsg); if(imapc->mutual_auth) if(imapc->sasl.mutual_auth) /* Decode the user token challenge and create the optional response message */ result = Curl_sasl_create_gssapi_user_message(data, NULL, NULL, NULL, imapc->mutual_auth, imapc->sasl.mutual_auth, chlgmsg, &conn->krb5, &respmsg, &len); else Loading @@ -1390,8 +1390,8 @@ static CURLcode imap_state_auth_gssapi_token_resp(struct connectdata *conn, result = Curl_pp_sendf(&imapc->pp, "%s", ""); if(!result) state(conn, (imapc->mutual_auth ? IMAP_AUTHENTICATE_GSSAPI_NO_DATA : IMAP_AUTHENTICATE_FINAL)); state(conn, imapc->sasl.mutual_auth? IMAP_AUTHENTICATE_GSSAPI_NO_DATA: IMAP_AUTHENTICATE_FINAL); } } Loading Loading @@ -1504,7 +1504,7 @@ static CURLcode imap_state_auth_cancel_resp(struct connectdata *conn, (void)instate; /* no use for this yet */ /* Remove the offending mechanism from the supported list */ imapc->authmechs ^= imapc->authused; imapc->sasl.authmechs ^= imapc->sasl.authused; /* Calculate alternative SASL login details */ result = imap_calc_sasl_details(conn, &mech, &initresp, &len, &state1, Loading Loading @@ -2061,7 +2061,7 @@ static CURLcode imap_connect(struct connectdata *conn, bool *done) /* Set the default preferred authentication type and mechanism */ imapc->preftype = IMAP_TYPE_ANY; imapc->prefmech = SASL_AUTH_ANY; imapc->sasl.prefmech = SASL_AUTH_ANY; /* Initialise the pingpong layer */ Curl_pp_init(pp); Loading Loading @@ -2274,7 +2274,7 @@ static CURLcode imap_disconnect(struct connectdata *conn, bool dead_connection) Curl_pp_disconnect(&imapc->pp); /* Cleanup the SASL module */ Curl_sasl_cleanup(conn, imapc->authused); Curl_sasl_cleanup(conn, imapc->sasl.authused); /* Cleanup our connection based variables */ Curl_safefree(imapc->mailbox); Loading Loading @@ -2565,7 +2565,7 @@ static CURLcode imap_parse_url_options(struct connectdata *conn) if(reset) { reset = FALSE; imapc->preftype = IMAP_TYPE_NONE; imapc->prefmech = SASL_AUTH_NONE; imapc->sasl.prefmech = SASL_AUTH_NONE; } while(*ptr && *ptr != ';') { Loading @@ -2575,35 +2575,35 @@ static CURLcode imap_parse_url_options(struct connectdata *conn) if(strnequal(value, "*", len)) { imapc->preftype = IMAP_TYPE_ANY; imapc->prefmech = SASL_AUTH_ANY; imapc->sasl.prefmech = SASL_AUTH_ANY; } else if(strnequal(value, SASL_MECH_STRING_LOGIN, len)) { imapc->preftype = IMAP_TYPE_SASL; imapc->prefmech |= SASL_MECH_LOGIN; imapc->sasl.prefmech |= SASL_MECH_LOGIN; } else if(strnequal(value, SASL_MECH_STRING_PLAIN, len)) { imapc->preftype = IMAP_TYPE_SASL; imapc->prefmech |= SASL_MECH_PLAIN; imapc->sasl.prefmech |= SASL_MECH_PLAIN; } else if(strnequal(value, SASL_MECH_STRING_CRAM_MD5, len)) { imapc->preftype = IMAP_TYPE_SASL; imapc->prefmech |= SASL_MECH_CRAM_MD5; imapc->sasl.prefmech |= SASL_MECH_CRAM_MD5; } else if(strnequal(value, SASL_MECH_STRING_DIGEST_MD5, len)) { imapc->preftype = IMAP_TYPE_SASL; imapc->prefmech |= SASL_MECH_DIGEST_MD5; imapc->sasl.prefmech |= SASL_MECH_DIGEST_MD5; } else if(strnequal(value, SASL_MECH_STRING_GSSAPI, len)) { imapc->preftype = IMAP_TYPE_SASL; imapc->prefmech |= SASL_MECH_GSSAPI; imapc->sasl.prefmech |= SASL_MECH_GSSAPI; } else if(strnequal(value, SASL_MECH_STRING_NTLM, len)) { imapc->preftype = IMAP_TYPE_SASL; imapc->prefmech |= SASL_MECH_NTLM; imapc->sasl.prefmech |= SASL_MECH_NTLM; } else if(strnequal(value, SASL_MECH_STRING_XOAUTH2, len)) { imapc->preftype = IMAP_TYPE_SASL; imapc->prefmech |= SASL_MECH_XOAUTH2; imapc->sasl.prefmech |= SASL_MECH_XOAUTH2; } if(*ptr == ';') Loading Loading @@ -2803,46 +2803,46 @@ static CURLcode imap_calc_sasl_details(struct connectdata *conn, /* Calculate the supported authentication mechanism, by decreasing order of security, as well as the initial response where appropriate */ #if defined(USE_KERBEROS5) if((imapc->authmechs & SASL_MECH_GSSAPI) && (imapc->prefmech & SASL_MECH_GSSAPI)) { imapc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ if((imapc->sasl.authmechs & SASL_MECH_GSSAPI) && (imapc->sasl.prefmech & SASL_MECH_GSSAPI)) { imapc->sasl.mutual_auth = FALSE; /* TODO: Calculate mutual auth. */ *mech = SASL_MECH_STRING_GSSAPI; *state1 = IMAP_AUTHENTICATE_GSSAPI; *state2 = IMAP_AUTHENTICATE_GSSAPI_TOKEN; imapc->authused = SASL_MECH_GSSAPI; imapc->sasl.authused = SASL_MECH_GSSAPI; if(imapc->ir_supported || data->set.sasl_ir) result = Curl_sasl_create_gssapi_user_message(data, conn->user, conn->passwd, "imap", imapc->mutual_auth, imapc->sasl.mutual_auth, NULL, &conn->krb5, initresp, len); } else #endif #ifndef CURL_DISABLE_CRYPTO_AUTH if((imapc->authmechs & SASL_MECH_DIGEST_MD5) && (imapc->prefmech & SASL_MECH_DIGEST_MD5)) { if((imapc->sasl.authmechs & SASL_MECH_DIGEST_MD5) && (imapc->sasl.prefmech & SASL_MECH_DIGEST_MD5)) { *mech = SASL_MECH_STRING_DIGEST_MD5; *state1 = IMAP_AUTHENTICATE_DIGESTMD5; imapc->authused = SASL_MECH_DIGEST_MD5; imapc->sasl.authused = SASL_MECH_DIGEST_MD5; } else if((imapc->authmechs & SASL_MECH_CRAM_MD5) && (imapc->prefmech & SASL_MECH_CRAM_MD5)) { else if((imapc->sasl.authmechs & SASL_MECH_CRAM_MD5) && (imapc->sasl.prefmech & SASL_MECH_CRAM_MD5)) { *mech = SASL_MECH_STRING_CRAM_MD5; *state1 = IMAP_AUTHENTICATE_CRAMMD5; imapc->authused = SASL_MECH_CRAM_MD5; imapc->sasl.authused = SASL_MECH_CRAM_MD5; } else #endif #ifdef USE_NTLM if((imapc->authmechs & SASL_MECH_NTLM) && (imapc->prefmech & SASL_MECH_NTLM)) { if((imapc->sasl.authmechs & SASL_MECH_NTLM) && (imapc->sasl.prefmech & SASL_MECH_NTLM)) { *mech = SASL_MECH_STRING_NTLM; *state1 = IMAP_AUTHENTICATE_NTLM; *state2 = IMAP_AUTHENTICATE_NTLM_TYPE2MSG; imapc->authused = SASL_MECH_NTLM; imapc->sasl.authused = SASL_MECH_NTLM; if(imapc->ir_supported || data->set.sasl_ir) result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd, Loading @@ -2851,35 +2851,35 @@ static CURLcode imap_calc_sasl_details(struct connectdata *conn, } else #endif if(((imapc->authmechs & SASL_MECH_XOAUTH2) && (imapc->prefmech & SASL_MECH_XOAUTH2) && (imapc->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) { if(((imapc->sasl.authmechs & SASL_MECH_XOAUTH2) && (imapc->sasl.prefmech & SASL_MECH_XOAUTH2) && (imapc->sasl.prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) { *mech = SASL_MECH_STRING_XOAUTH2; *state1 = IMAP_AUTHENTICATE_XOAUTH2; *state2 = IMAP_AUTHENTICATE_FINAL; imapc->authused = SASL_MECH_XOAUTH2; imapc->sasl.authused = SASL_MECH_XOAUTH2; if(imapc->ir_supported || data->set.sasl_ir) result = Curl_sasl_create_xoauth2_message(data, conn->user, conn->xoauth2_bearer, initresp, len); } else if((imapc->authmechs & SASL_MECH_LOGIN) && (imapc->prefmech & SASL_MECH_LOGIN)) { else if((imapc->sasl.authmechs & SASL_MECH_LOGIN) && (imapc->sasl.prefmech & SASL_MECH_LOGIN)) { *mech = SASL_MECH_STRING_LOGIN; *state1 = IMAP_AUTHENTICATE_LOGIN; *state2 = IMAP_AUTHENTICATE_LOGIN_PASSWD; imapc->authused = SASL_MECH_LOGIN; imapc->sasl.authused = SASL_MECH_LOGIN; if(imapc->ir_supported || data->set.sasl_ir) result = Curl_sasl_create_login_message(data, conn->user, initresp, len); } else if((imapc->authmechs & SASL_MECH_PLAIN) && (imapc->prefmech & SASL_MECH_PLAIN)) { else if((imapc->sasl.authmechs & SASL_MECH_PLAIN) && (imapc->sasl.prefmech & SASL_MECH_PLAIN)) { *mech = SASL_MECH_STRING_PLAIN; *state1 = IMAP_AUTHENTICATE_PLAIN; *state2 = IMAP_AUTHENTICATE_FINAL; imapc->authused = SASL_MECH_PLAIN; imapc->sasl.authused = SASL_MECH_PLAIN; if(imapc->ir_supported || data->set.sasl_ir) result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd, Loading
lib/imap.h +2 −4 Original line number Diff line number Diff line Loading @@ -23,6 +23,7 @@ ***************************************************************************/ #include "pingpong.h" #include "curl_sasl.h" /**************************************************************************** * IMAP unique setup Loading Loading @@ -83,16 +84,13 @@ struct imap_conn { struct pingpong pp; imapstate state; /* Always use imap.c:state() to change state! */ bool ssldone; /* Is connect() over SSL done? */ unsigned int authmechs; /* Accepted authentication mechanisms */ struct SASL sasl; /* SASL-related parameters */ unsigned int preftype; /* Preferred authentication type */ unsigned int prefmech; /* Preferred authentication mechanism */ unsigned int authused; /* Auth mechanism used for the connection */ int cmdid; /* Last used command ID */ char resptag[5]; /* Response tag to wait for */ bool tls_supported; /* StartTLS capability supported by server */ bool login_disabled; /* LOGIN command disabled by server */ bool ir_supported; /* Initial response supported by server */ bool mutual_auth; /* Mutual authentication enabled (GSSAPI only) */ char *mailbox; /* The last selected mailbox */ char *mailbox_uidvalidity; /* UIDVALIDITY parsed from select response */ }; Loading
lib/pop3.c +53 −53 Original line number Diff line number Diff line Loading @@ -354,8 +354,8 @@ static CURLcode pop3_perform_capa(struct connectdata *conn) CURLcode result = CURLE_OK; struct pop3_conn *pop3c = &conn->proto.pop3c; pop3c->authmechs = 0; /* No known authentication mechanisms yet */ pop3c->authused = 0; /* Clear the authentication mechanism used */ pop3c->sasl.authmechs = SASL_AUTH_NONE; /* No known auth. mechanisms yet */ pop3c->sasl.authused = SASL_AUTH_NONE; /* Clear the auth. mechanism used */ pop3c->tls_supported = FALSE; /* Clear the TLS capability */ /* Send the CAPA command */ Loading Loading @@ -745,21 +745,21 @@ static CURLcode pop3_state_capa_resp(struct connectdata *conn, int pop3code, /* Test the word for a matching authentication mechanism */ if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN)) pop3c->authmechs |= SASL_MECH_LOGIN; pop3c->sasl.authmechs |= SASL_MECH_LOGIN; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN)) pop3c->authmechs |= SASL_MECH_PLAIN; pop3c->sasl.authmechs |= SASL_MECH_PLAIN; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5)) pop3c->authmechs |= SASL_MECH_CRAM_MD5; pop3c->sasl.authmechs |= SASL_MECH_CRAM_MD5; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5)) pop3c->authmechs |= SASL_MECH_DIGEST_MD5; pop3c->sasl.authmechs |= SASL_MECH_DIGEST_MD5; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI)) pop3c->authmechs |= SASL_MECH_GSSAPI; pop3c->sasl.authmechs |= SASL_MECH_GSSAPI; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL)) pop3c->authmechs |= SASL_MECH_EXTERNAL; pop3c->sasl.authmechs |= SASL_MECH_EXTERNAL; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM)) pop3c->authmechs |= SASL_MECH_NTLM; pop3c->sasl.authmechs |= SASL_MECH_NTLM; else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2)) pop3c->authmechs |= SASL_MECH_XOAUTH2; pop3c->sasl.authmechs |= SASL_MECH_XOAUTH2; line += wordlen; len -= wordlen; Loading Loading @@ -1152,7 +1152,7 @@ static CURLcode pop3_state_auth_gssapi_resp(struct connectdata *conn, /* Create the initial response message */ result = Curl_sasl_create_gssapi_user_message(data, conn->user, conn->passwd, "pop", pop3c->mutual_auth, pop3c->sasl.mutual_auth, NULL, &conn->krb5, &respmsg, &len); if(!result && respmsg) { Loading Loading @@ -1191,11 +1191,11 @@ static CURLcode pop3_state_auth_gssapi_token_resp(struct connectdata *conn, /* Get the challenge message */ pop3_get_message(data->state.buffer, &chlgmsg); if(pop3c->mutual_auth) if(pop3c->sasl.mutual_auth) /* Decode the user token challenge and create the optional response message */ result = Curl_sasl_create_gssapi_user_message(data, NULL, NULL, NULL, pop3c->mutual_auth, pop3c->sasl.mutual_auth, chlgmsg, &conn->krb5, &respmsg, &len); else Loading @@ -1221,7 +1221,7 @@ static CURLcode pop3_state_auth_gssapi_token_resp(struct connectdata *conn, result = Curl_pp_sendf(&pop3c->pp, "%s", ""); if(!result) state(conn, (pop3c->mutual_auth ? POP3_AUTH_GSSAPI_NO_DATA : state(conn, (pop3c->sasl.mutual_auth ? POP3_AUTH_GSSAPI_NO_DATA : POP3_AUTH_FINAL)); } } Loading Loading @@ -1334,7 +1334,7 @@ static CURLcode pop3_state_auth_cancel_resp(struct connectdata *conn, (void)instate; /* no use for this yet */ /* Remove the offending mechanism from the supported list */ pop3c->authmechs ^= pop3c->authused; pop3c->sasl.authmechs ^= pop3c->sasl.authused; /* Calculate alternative SASL login details */ result = pop3_calc_sasl_details(conn, &mech, &initresp, &len, &state1, Loading Loading @@ -1727,7 +1727,7 @@ static CURLcode pop3_connect(struct connectdata *conn, bool *done) /* Set the default preferred authentication type and mechanism */ pop3c->preftype = POP3_TYPE_ANY; pop3c->prefmech = SASL_AUTH_ANY; pop3c->sasl.prefmech = SASL_AUTH_ANY; /* Initialise the pingpong layer */ Curl_pp_init(pp); Loading Loading @@ -1879,7 +1879,7 @@ static CURLcode pop3_disconnect(struct connectdata *conn, bool dead_connection) Curl_pp_disconnect(&pop3c->pp); /* Cleanup the SASL module */ Curl_sasl_cleanup(conn, pop3c->authused); Curl_sasl_cleanup(conn, pop3c->sasl.authused); /* Cleanup our connection based variables */ Curl_safefree(pop3c->apoptimestamp); Loading Loading @@ -2011,7 +2011,7 @@ static CURLcode pop3_parse_url_options(struct connectdata *conn) if(reset) { reset = FALSE; pop3c->preftype = POP3_TYPE_NONE; pop3c->prefmech = SASL_AUTH_NONE; pop3c->sasl.prefmech = SASL_AUTH_NONE; } while(*ptr && *ptr != ';') { Loading @@ -2021,39 +2021,39 @@ static CURLcode pop3_parse_url_options(struct connectdata *conn) if(strnequal(value, "*", len)) { pop3c->preftype = POP3_TYPE_ANY; pop3c->prefmech = SASL_AUTH_ANY; pop3c->sasl.prefmech = SASL_AUTH_ANY; } else if(strnequal(value, "+APOP", len)) { pop3c->preftype = POP3_TYPE_APOP; pop3c->prefmech = SASL_AUTH_NONE; pop3c->sasl.prefmech = SASL_AUTH_NONE; } else if(strnequal(value, SASL_MECH_STRING_LOGIN, len)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech |= SASL_MECH_LOGIN; pop3c->sasl.prefmech |= SASL_MECH_LOGIN; } else if(strnequal(value, SASL_MECH_STRING_PLAIN, len)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech |= SASL_MECH_PLAIN; pop3c->sasl.prefmech |= SASL_MECH_PLAIN; } else if(strnequal(value, SASL_MECH_STRING_CRAM_MD5, len)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech |= SASL_MECH_CRAM_MD5; pop3c->sasl.prefmech |= SASL_MECH_CRAM_MD5; } else if(strnequal(value, SASL_MECH_STRING_DIGEST_MD5, len)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech |= SASL_MECH_DIGEST_MD5; pop3c->sasl.prefmech |= SASL_MECH_DIGEST_MD5; } else if(strnequal(value, SASL_MECH_STRING_GSSAPI, len)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech |= SASL_MECH_GSSAPI; pop3c->sasl.prefmech |= SASL_MECH_GSSAPI; } else if(strnequal(value, SASL_MECH_STRING_NTLM, len)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech |= SASL_MECH_NTLM; pop3c->sasl.prefmech |= SASL_MECH_NTLM; } else if(strnequal(value, SASL_MECH_STRING_XOAUTH2, len)) { pop3c->preftype = POP3_TYPE_SASL; pop3c->prefmech |= SASL_MECH_XOAUTH2; pop3c->sasl.prefmech |= SASL_MECH_XOAUTH2; } if(*ptr == ';') Loading Loading @@ -2121,46 +2121,46 @@ static CURLcode pop3_calc_sasl_details(struct connectdata *conn, /* Calculate the supported authentication mechanism, by decreasing order of security, as well as the initial response where appropriate */ #if defined(USE_KERBEROS5) if((pop3c->authmechs & SASL_MECH_GSSAPI) && (pop3c->prefmech & SASL_MECH_GSSAPI)) { pop3c->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ if((pop3c->sasl.authmechs & SASL_MECH_GSSAPI) && (pop3c->sasl.prefmech & SASL_MECH_GSSAPI)) { pop3c->sasl.mutual_auth = FALSE; /* TODO: Calculate mutual auth. */ *mech = SASL_MECH_STRING_GSSAPI; *state1 = POP3_AUTH_GSSAPI; *state2 = POP3_AUTH_GSSAPI_TOKEN; pop3c->authused = SASL_MECH_GSSAPI; pop3c->sasl.authused = SASL_MECH_GSSAPI; if(data->set.sasl_ir) result = Curl_sasl_create_gssapi_user_message(data, conn->user, conn->passwd, "pop", pop3c->mutual_auth, pop3c->sasl.mutual_auth, NULL, &conn->krb5, initresp, len); } else #endif #ifndef CURL_DISABLE_CRYPTO_AUTH if((pop3c->authmechs & SASL_MECH_DIGEST_MD5) && (pop3c->prefmech & SASL_MECH_DIGEST_MD5)) { if((pop3c->sasl.authmechs & SASL_MECH_DIGEST_MD5) && (pop3c->sasl.prefmech & SASL_MECH_DIGEST_MD5)) { *mech = SASL_MECH_STRING_DIGEST_MD5; *state1 = POP3_AUTH_DIGESTMD5; pop3c->authused = SASL_MECH_DIGEST_MD5; pop3c->sasl.authused = SASL_MECH_DIGEST_MD5; } else if((pop3c->authmechs & SASL_MECH_CRAM_MD5) && (pop3c->prefmech & SASL_MECH_CRAM_MD5)) { else if((pop3c->sasl.authmechs & SASL_MECH_CRAM_MD5) && (pop3c->sasl.prefmech & SASL_MECH_CRAM_MD5)) { *mech = SASL_MECH_STRING_CRAM_MD5; *state1 = POP3_AUTH_CRAMMD5; pop3c->authused = SASL_MECH_CRAM_MD5; pop3c->sasl.authused = SASL_MECH_CRAM_MD5; } else #endif #ifdef USE_NTLM if((pop3c->authmechs & SASL_MECH_NTLM) && (pop3c->prefmech & SASL_MECH_NTLM)) { if((pop3c->sasl.authmechs & SASL_MECH_NTLM) && (pop3c->sasl.prefmech & SASL_MECH_NTLM)) { *mech = SASL_MECH_STRING_NTLM; *state1 = POP3_AUTH_NTLM; *state2 = POP3_AUTH_NTLM_TYPE2MSG; pop3c->authused = SASL_MECH_NTLM; pop3c->sasl.authused = SASL_MECH_NTLM; if(data->set.sasl_ir) result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd, Loading @@ -2169,35 +2169,35 @@ static CURLcode pop3_calc_sasl_details(struct connectdata *conn, } else #endif if(((pop3c->authmechs & SASL_MECH_XOAUTH2) && (pop3c->prefmech & SASL_MECH_XOAUTH2) && (pop3c->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) { if(((pop3c->sasl.authmechs & SASL_MECH_XOAUTH2) && (pop3c->sasl.prefmech & SASL_MECH_XOAUTH2) && (pop3c->sasl.prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) { *mech = SASL_MECH_STRING_XOAUTH2; *state1 = POP3_AUTH_XOAUTH2; *state2 = POP3_AUTH_FINAL; pop3c->authused = SASL_MECH_XOAUTH2; pop3c->sasl.authused = SASL_MECH_XOAUTH2; if(data->set.sasl_ir) result = Curl_sasl_create_xoauth2_message(data, conn->user, conn->xoauth2_bearer, initresp, len); } else if((pop3c->authmechs & SASL_MECH_LOGIN) && (pop3c->prefmech & SASL_MECH_LOGIN)) { else if((pop3c->sasl.authmechs & SASL_MECH_LOGIN) && (pop3c->sasl.prefmech & SASL_MECH_LOGIN)) { *mech = SASL_MECH_STRING_LOGIN; *state1 = POP3_AUTH_LOGIN; *state2 = POP3_AUTH_LOGIN_PASSWD; pop3c->authused = SASL_MECH_LOGIN; pop3c->sasl.authused = SASL_MECH_LOGIN; if(data->set.sasl_ir) result = Curl_sasl_create_login_message(data, conn->user, initresp, len); } else if((pop3c->authmechs & SASL_MECH_PLAIN) && (pop3c->prefmech & SASL_MECH_PLAIN)) { else if((pop3c->sasl.authmechs & SASL_MECH_PLAIN) && (pop3c->sasl.prefmech & SASL_MECH_PLAIN)) { *mech = SASL_MECH_STRING_PLAIN; *state1 = POP3_AUTH_PLAIN; *state2 = POP3_AUTH_FINAL; pop3c->authused = SASL_MECH_PLAIN; pop3c->sasl.authused = SASL_MECH_PLAIN; if(data->set.sasl_ir) result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd, Loading
lib/pop3.h +2 −4 Original line number Diff line number Diff line Loading @@ -23,6 +23,7 @@ ***************************************************************************/ #include "pingpong.h" #include "curl_sasl.h" /**************************************************************************** * POP3 unique setup Loading Loading @@ -77,14 +78,11 @@ struct pop3_conn { have been received so far */ size_t strip; /* Number of bytes from the start to ignore as non-body */ struct SASL sasl; /* SASL-related storage */ unsigned int authtypes; /* Accepted authentication types */ unsigned int authmechs; /* Accepted SASL authentication mechanisms */ unsigned int preftype; /* Preferred authentication type */ unsigned int prefmech; /* Preferred SASL authentication mechanism */ unsigned int authused; /* SASL auth mechanism used for the connection */ char *apoptimestamp; /* APOP timestamp from the server greeting */ bool tls_supported; /* StartTLS capability supported by server */ bool mutual_auth; /* Mutual authentication enabled (GSSAPI only) */ }; extern const struct Curl_handler Curl_handler_pop3; Loading
