imap: Fixed no known authentication mechanism when fallback is required
Fixed an issue where (lib)curl is compiled without support for a supported challenge-response based SASL authentication mechanism, such as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN mechanisms and (lib)curl doesn't fallback to Clear Text authentication. Note: In order to fallback to Clear Text authentication properly this fix adds support for the LOGINDISABLED server capability. imap: Fixed no known authentication mechanism when fallback is required Fixed an issue where (lib)curl is compiled without support for a supported challenge-response based SASL authentication mechanism, such as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN mechanisms and (lib)curl doesn't fallback to Clear Text authentication. Note: In order to fallback to Clear Text authentication properly this fix adds support for the LOGINDISABLED server capability. Related bug: http://curl.haxx.se/mail/lib-2013-02/0004.html Reported by: Stanislav Ivochkin
This commit is contained in:
Steve Holme
Родитель
6b6bdc83bd
Коммит
b4270a9af1
21
lib/imap.c
21
lib/imap.c
|
|
@ -378,8 +378,12 @@ static int imap_endofresp(struct pingpong *pp, int *resp)
|
|||
line[wordlen] != '\n';)
|
||||
wordlen++;
|
||||
|
||||
/* Has the server explicitly disabled the LOGIN command? */
|
||||
if(wordlen == 13 && !memcmp(line, "LOGINDISABLED", 13))
|
||||
imapc->login_disabled = TRUE;
|
||||
|
||||
/* Do we have an AUTH capability? */
|
||||
if(wordlen > 5 && !memcmp(line, "AUTH=", 5)) {
|
||||
else if(wordlen > 5 && !memcmp(line, "AUTH=", 5)) {
|
||||
line += 5;
|
||||
len -= 5;
|
||||
wordlen -= 5;
|
||||
|
|
@ -548,12 +552,8 @@ static CURLcode imap_authenticate(struct connectdata *conn)
|
|||
authstate = IMAP_AUTHENTICATE_PLAIN;
|
||||
imapc->authused = SASL_MECH_PLAIN;
|
||||
}
|
||||
else {
|
||||
infof(conn->data, "No known authentication mechanisms supported!\n");
|
||||
result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported */
|
||||
}
|
||||
|
||||
if(!result) {
|
||||
if(mech) {
|
||||
const char *str = getcmdid(conn);
|
||||
|
||||
result = imap_sendf(conn, str, "%s AUTHENTICATE %s", str, mech);
|
||||
|
|
@ -561,6 +561,12 @@ static CURLcode imap_authenticate(struct connectdata *conn)
|
|||
if(!result)
|
||||
state(conn, authstate);
|
||||
}
|
||||
else if(!imapc->login_disabled)
|
||||
result = imap_state_login(conn);
|
||||
else {
|
||||
infof(conn->data, "No known authentication mechanisms supported!\n");
|
||||
result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported */
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
|
@ -660,11 +666,10 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn,
|
|||
imapstate instate)
|
||||
{
|
||||
CURLcode result = CURLE_OK;
|
||||
struct imap_conn *imapc = &conn->proto.imapc;
|
||||
|
||||
(void)instate; /* no use for this yet */
|
||||
|
||||
if(imapcode == 'O' && imapc->authmechs)
|
||||
if(imapcode == 'O')
|
||||
result = imap_authenticate(conn);
|
||||
else
|
||||
result = imap_state_login(conn);
|
||||
|
|
|
|||
|
|
@ -62,6 +62,7 @@ struct imap_conn {
|
|||
int cmdid; /* Next command ID */
|
||||
const char *idstr; /* String based response ID to wait for */
|
||||
bool ssldone; /* Is connect() over SSL done? */
|
||||
bool login_disabled; /* LOGIN command explicitly disabled by server */
|
||||
};
|
||||
|
||||
extern const struct Curl_handler Curl_handler_imap;
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче