Commit 6b6bdc83 authored by Steve Holme's avatar Steve Holme
Browse files

pop3: Fixed no known authentication mechanism when fallback is required 

Fixed an issue where (lib)curl is compiled without support for a
supported challenge-response based SASL authentication mechanism, such
as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
mechanisms and (lib)curl doesn't fallback to APOP or Clear Text
authentication.

Bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
Reported by: Stanislav Ivochkin
parent 56b7c87c

lib/pop3.c

+41 −46
Original line number Diff line number Diff line
@@ -460,6 +460,7 @@ static CURLcode pop3_authenticate(struct connectdata *conn) 


  /* Check supported authentication mechanisms by decreasing order of

     security */

  if(conn->proto.pop3c.authtypes & POP3_TYPE_SASL) {

#ifndef CURL_DISABLE_CRYPTO_AUTH

    if(pop3c->authmechs & SASL_MECH_DIGEST_MD5) {

      mech = "DIGEST-MD5";
@@ -491,17 +492,24 @@ static CURLcode pop3_authenticate(struct connectdata *conn) 
      authstate = POP3_AUTH_PLAIN;

      pop3c->authused = SASL_MECH_PLAIN;

    }

  else {

    infof(conn->data, "No known SASL authentication mechanisms supported!\n");

    result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported */

  }



  if(!result) {

  if(mech) {

    result = Curl_pp_sendf(&pop3c->pp, "AUTH %s", mech);



    if(!result)

      state(conn, authstate);

  }

#ifndef CURL_DISABLE_CRYPTO_AUTH

  else if(conn->proto.pop3c.authtypes & POP3_TYPE_APOP)

    result = pop3_state_apop(conn);

#endif

  else if(conn->proto.pop3c.authtypes & POP3_TYPE_CLEARTEXT)

    result = pop3_state_user(conn);

  else {

    infof(conn->data, "No known authentication mechanisms supported!\n");

    result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported */

  }



  return result;

}
@@ -603,21 +611,8 @@ static CURLcode pop3_state_capa_resp(struct connectdata *conn, int pop3code, 


  (void)instate; /* no use for this yet */



  if(pop3code == '+' && conn->proto.pop3c.authtypes) {

    /* Check supported authentication types by decreasing order of security */

    if(conn->proto.pop3c.authtypes & POP3_TYPE_SASL)

  if(pop3code == '+')

    result = pop3_authenticate(conn);

#ifndef CURL_DISABLE_CRYPTO_AUTH

    else if(conn->proto.pop3c.authtypes & POP3_TYPE_APOP)

      result = pop3_state_apop(conn);

#endif

    else if(conn->proto.pop3c.authtypes & POP3_TYPE_CLEARTEXT)

      result = pop3_state_user(conn);

    else {

      infof(conn->data, "No known authentication types supported!\n");

      result = CURLE_LOGIN_DENIED; /* Other types not supported */

    }

  }

  else

    result = pop3_state_user(conn);