pop3: Fixed no known authentication mechanism when fallback is required

Fixed an issue where (lib)curl is compiled without support for a
supported challenge-response based SASL authentication mechanism, such
as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
mechanisms and (lib)curl doesn't fallback to APOP or Clear Text
authentication.

Bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
Reported by: Stanislav Ivochkin
This commit is contained in:
Steve Holme 2013-02-03 21:43:08 +00:00
Родитель 56b7c87c74
Коммит 6b6bdc83bd
1 изменённых файлов: 41 добавлений и 46 удалений

Просмотреть файл

@ -460,48 +460,56 @@ static CURLcode pop3_authenticate(struct connectdata *conn)
/* Check supported authentication mechanisms by decreasing order of
security */
if(conn->proto.pop3c.authtypes & POP3_TYPE_SASL) {
#ifndef CURL_DISABLE_CRYPTO_AUTH
if(pop3c->authmechs & SASL_MECH_DIGEST_MD5) {
mech = "DIGEST-MD5";
authstate = POP3_AUTH_DIGESTMD5;
pop3c->authused = SASL_MECH_DIGEST_MD5;
}
else if(pop3c->authmechs & SASL_MECH_CRAM_MD5) {
mech = "CRAM-MD5";
authstate = POP3_AUTH_CRAMMD5;
pop3c->authused = SASL_MECH_CRAM_MD5;
}
else
if(pop3c->authmechs & SASL_MECH_DIGEST_MD5) {
mech = "DIGEST-MD5";
authstate = POP3_AUTH_DIGESTMD5;
pop3c->authused = SASL_MECH_DIGEST_MD5;
}
else if(pop3c->authmechs & SASL_MECH_CRAM_MD5) {
mech = "CRAM-MD5";
authstate = POP3_AUTH_CRAMMD5;
pop3c->authused = SASL_MECH_CRAM_MD5;
}
else
#endif
#ifdef USE_NTLM
if(pop3c->authmechs & SASL_MECH_NTLM) {
mech = "NTLM";
authstate = POP3_AUTH_NTLM;
pop3c->authused = SASL_MECH_NTLM;
}
else
if(pop3c->authmechs & SASL_MECH_NTLM) {
mech = "NTLM";
authstate = POP3_AUTH_NTLM;
pop3c->authused = SASL_MECH_NTLM;
}
else
#endif
if(pop3c->authmechs & SASL_MECH_LOGIN) {
mech = "LOGIN";
authstate = POP3_AUTH_LOGIN;
pop3c->authused = SASL_MECH_LOGIN;
}
else if(pop3c->authmechs & SASL_MECH_PLAIN) {
mech = "PLAIN";
authstate = POP3_AUTH_PLAIN;
pop3c->authused = SASL_MECH_PLAIN;
}
else {
infof(conn->data, "No known SASL authentication mechanisms supported!\n");
result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported */
if(pop3c->authmechs & SASL_MECH_LOGIN) {
mech = "LOGIN";
authstate = POP3_AUTH_LOGIN;
pop3c->authused = SASL_MECH_LOGIN;
}
else if(pop3c->authmechs & SASL_MECH_PLAIN) {
mech = "PLAIN";
authstate = POP3_AUTH_PLAIN;
pop3c->authused = SASL_MECH_PLAIN;
}
}
if(!result) {
if(mech) {
result = Curl_pp_sendf(&pop3c->pp, "AUTH %s", mech);
if(!result)
state(conn, authstate);
}
#ifndef CURL_DISABLE_CRYPTO_AUTH
else if(conn->proto.pop3c.authtypes & POP3_TYPE_APOP)
result = pop3_state_apop(conn);
#endif
else if(conn->proto.pop3c.authtypes & POP3_TYPE_CLEARTEXT)
result = pop3_state_user(conn);
else {
infof(conn->data, "No known authentication mechanisms supported!\n");
result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported */
}
return result;
}
@ -603,21 +611,8 @@ static CURLcode pop3_state_capa_resp(struct connectdata *conn, int pop3code,
(void)instate; /* no use for this yet */
if(pop3code == '+' && conn->proto.pop3c.authtypes) {
/* Check supported authentication types by decreasing order of security */
if(conn->proto.pop3c.authtypes & POP3_TYPE_SASL)
result = pop3_authenticate(conn);
#ifndef CURL_DISABLE_CRYPTO_AUTH
else if(conn->proto.pop3c.authtypes & POP3_TYPE_APOP)
result = pop3_state_apop(conn);
#endif
else if(conn->proto.pop3c.authtypes & POP3_TYPE_CLEARTEXT)
result = pop3_state_user(conn);
else {
infof(conn->data, "No known authentication types supported!\n");
result = CURLE_LOGIN_DENIED; /* Other types not supported */
}
}
if(pop3code == '+')
result = pop3_authenticate(conn);
else
result = pop3_state_user(conn);