Commit b4270a9a authored by Steve Holme's avatar Steve Holme
Browse files

imap: Fixed no known authentication mechanism when fallback is required 

Fixed an issue where (lib)curl is compiled without support for a
supported challenge-response based SASL authentication mechanism, such
as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
mechanisms and (lib)curl doesn't fallback to Clear Text authentication.

Note: In order to fallback to Clear Text authentication properly this
fix adds support for the LOGINDISABLED server capability.
imap: Fixed no known authentication mechanism when fallback is required

Fixed an issue where (lib)curl is compiled without support for a
supported challenge-response based SASL authentication mechanism, such
as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
mechanisms and (lib)curl doesn't fallback to Clear Text authentication.

Note: In order to fallback to Clear Text authentication properly this
fix adds support for the LOGINDISABLED server capability.

Related bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
Reported by: Stanislav Ivochkin
parent 6b6bdc83

lib/imap.c

+13 −8
Original line number Diff line number Diff line
@@ -378,8 +378,12 @@ static int imap_endofresp(struct pingpong *pp, int *resp) 
              line[wordlen] != '\n';)

          wordlen++;



        /* Has the server explicitly disabled the LOGIN command? */

        if(wordlen == 13 && !memcmp(line, "LOGINDISABLED", 13))

          imapc->login_disabled = TRUE;



        /* Do we have an AUTH capability? */

        if(wordlen > 5 && !memcmp(line, "AUTH=", 5)) {

        else if(wordlen > 5 && !memcmp(line, "AUTH=", 5)) {

          line += 5;

          len -= 5;

          wordlen -= 5;
@@ -548,12 +552,8 @@ static CURLcode imap_authenticate(struct connectdata *conn) 
    authstate = IMAP_AUTHENTICATE_PLAIN;

    imapc->authused = SASL_MECH_PLAIN;

  }

  else {

    infof(conn->data, "No known authentication mechanisms supported!\n");

    result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported */

  }



  if(!result) {

  if(mech) {

    const char *str = getcmdid(conn);



    result = imap_sendf(conn, str, "%s AUTHENTICATE %s", str, mech);
@@ -561,6 +561,12 @@ static CURLcode imap_authenticate(struct connectdata *conn) 
    if(!result)

      state(conn, authstate);

  }

  else if(!imapc->login_disabled)

    result = imap_state_login(conn);

  else {

    infof(conn->data, "No known authentication mechanisms supported!\n");

    result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported */

  }



  return result;

}
@@ -660,11 +666,10 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn, 
                                           imapstate instate)

{

  CURLcode result = CURLE_OK;

  struct imap_conn *imapc = &conn->proto.imapc;



  (void)instate; /* no use for this yet */



  if(imapcode == 'O' && imapc->authmechs)

  if(imapcode == 'O')

    result = imap_authenticate(conn);

  else

    result = imap_state_login(conn);

lib/imap.h

+1 −0
Original line number Diff line number Diff line
@@ -62,6 +62,7 @@ struct imap_conn { 
  int cmdid;              /* Next command ID */

  const char *idstr;      /* String based response ID to wait for */

  bool ssldone;           /* Is connect() over SSL done? */

  bool login_disabled;    /* LOGIN command explicitly disabled by server */

};



extern const struct Curl_handler Curl_handler_imap;