curl/curl
1
1
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-09-27 06:26:50 +03:00
Code Issues Packages Projects Releases Wiki Activity

imap: Fixed no known authentication mechanism when fallback is required

Browse Source 
Fixed an issue where (lib)curl is compiled without support for a
supported challenge-response based SASL authentication mechanism, such
as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
mechanisms and (lib)curl doesn't fallback to Clear Text authentication.

Note: In order to fallback to Clear Text authentication properly this
fix adds support for the LOGINDISABLED server capability.
imap: Fixed no known authentication mechanism when fallback is required

Fixed an issue where (lib)curl is compiled without support for a
supported challenge-response based SASL authentication mechanism, such
as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
mechanisms and (lib)curl doesn't fallback to Clear Text authentication.

Note: In order to fallback to Clear Text authentication properly this
fix adds support for the LOGINDISABLED server capability.

Related bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
Reported by: Stanislav Ivochkin
This commit is contained in:
Steve Holme 2013-02-03 23:58:03 +00:00
parent 6b6bdc83bd
commit b4270a9af1
2 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lib/imap.c
View File

@ -378,8 +378,12 @@ static int imap_endofresp(struct pingpong *pp, int *resp)
line[wordlen] != '\n';) line[wordlen] != '\n';)
wordlen++; wordlen++;
/* Has the server explicitly disabled the LOGIN command? */
if(wordlen == 13 && !memcmp(line, "LOGINDISABLED", 13))
imapc->login_disabled = TRUE;
/* Do we have an AUTH capability? */ /* Do we have an AUTH capability? */
if(wordlen > 5 && !memcmp(line, "AUTH=", 5)) { else if(wordlen > 5 && !memcmp(line, "AUTH=", 5)) {
line += 5; line += 5;
len -= 5; len -= 5;
wordlen -= 5; wordlen -= 5;
@ -548,12 +552,8 @@ static CURLcode imap_authenticate(struct connectdata *conn)
authstate = IMAP_AUTHENTICATE_PLAIN; authstate = IMAP_AUTHENTICATE_PLAIN;
imapc->authused = SASL_MECH_PLAIN; imapc->authused = SASL_MECH_PLAIN;
} }
else {
infof(conn->data, "No known authentication mechanisms supported!\n");
result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported */
}
if(!result) { if(mech) {
const char *str = getcmdid(conn); const char *str = getcmdid(conn);
result = imap_sendf(conn, str, "%s AUTHENTICATE %s", str, mech); result = imap_sendf(conn, str, "%s AUTHENTICATE %s", str, mech);
@ -561,6 +561,12 @@ static CURLcode imap_authenticate(struct connectdata *conn)
if(!result) if(!result)
state(conn, authstate); state(conn, authstate);
} }
else if(!imapc->login_disabled)
result = imap_state_login(conn);
else {
infof(conn->data, "No known authentication mechanisms supported!\n");
result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported */
}
return result; return result;
} }
@ -660,11 +666,10 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn,
imapstate instate) imapstate instate)
{ {
CURLcode result = CURLE_OK; CURLcode result = CURLE_OK;
struct imap_conn *imapc = &conn->proto.imapc;
(void)instate; /* no use for this yet */ (void)instate; /* no use for this yet */
if(imapcode == 'O' && imapc->authmechs) if(imapcode == 'O')
result = imap_authenticate(conn); result = imap_authenticate(conn);
else else
result = imap_state_login(conn); result = imap_state_login(conn);

1
lib/imap.h
View File

@ -62,6 +62,7 @@ struct imap_conn {
int cmdid; /* Next command ID */ int cmdid; /* Next command ID */
const char *idstr; /* String based response ID to wait for */ const char *idstr; /* String based response ID to wait for */
bool ssldone; /* Is connect() over SSL done? */ bool ssldone; /* Is connect() over SSL done? */
bool login_disabled; /* LOGIN command explicitly disabled by server */
}; };
extern const struct Curl_handler Curl_handler_imap; extern const struct Curl_handler Curl_handler_imap;