Граф коммитов

64 Коммитов

Автор SHA1 Сообщение Дата
Steve Holme 2c6d32b864 pop3: Added support for sasl plain text authentication 2012-05-31 20:45:53 +01:00
Steve Holme 7291c1f565 pop3: Introduced the continue response in pop3_endofresp() 2012-05-28 21:29:01 +01:00
Steve Holme 3fa0fbb816 pop3: Changed response code from O and E to + and -
The POP3 protocol doesn't really have the concept of error codes and
uses +, +OK and -ERR in response to commands to indicate continue,
success and error.

The AUTH command is one of those commands that requires multiple pieces
of data to be sent to the server where the server will respond with + as
part of the handshaking. This meant changing the values before
continuing with the next stage of adding authentication support.
2012-05-28 20:59:10 +01:00
Steve Holme a9d798c4d5 pop3: Small code tidy up following authentication work so far
Changed the order of the state machine to match the order of actual
events.

Reworked some comments and function parameter positioning that I missed
the other day.
2012-05-28 20:21:52 +01:00
Daniel Stenberg a7731673d0 pop3: remove variable-not-used warnings 2012-05-27 23:29:15 +02:00
Steve Holme c267c53017 pop3: Added support for SASL based authentication mechanism detection
Added support for detecting the supported SASL authentication mechanisms
via the AUTH command. There are two ways of detecting them, either by
using the AUTH command, that will return -ERR if not supported or by
using the CAPA command which will return SASL and the list of mechanisms
if supported, not include SASL if SASL authentication is not supported
or -ERR if the CAPA command is not supported. As such it seems simpler
to use the AUTH command and fallback to normal clear text authentication
if the the command is not supported.

Additionally updated the test cases to return -ERR when the AUTH command
is encountered. Additional test cases will be added when support for the
individual authentication mechanisms is added.
2012-05-27 19:09:38 +01:00
Daniel Stenberg dc454bd16b pop3: remove trailing whitespace 2012-05-27 14:08:46 +02:00
Steve Holme c6495bccbf pop3: Code tidy up before the introduction of authentication code
Moved EOB definition into header file.

Switched the logic around in pop3_endofresp() to allow for the
introduction of auth-mechanism detection.

Repositioned second and third function variables where they will fit
within the 78 character line limit.

Tidied up some comments.
2012-05-27 10:54:13 +01:00
Steve Holme 15e1227ed4 pop3: Reworked the command sending and handling
Reworked the command sending from two specific LIST and RETR command
functions into a single command based function as well as the two
associated response handlers into a generic command handler.
2012-04-02 23:24:00 +01:00
Steve Holme 761c3c5446 pop3: Added support for additional pop3 commands
This feature allows the user to specify and use additional POP3
commands such as UIDL and DELE via libcurl's CURLOPT_CUSTOMREQUEST or
curl's -X command line option.
2012-03-31 18:46:22 +01:00
Steve Holme 982315573c pop3.c: Corrected problem with state() introduced in 01690ed2bc 2012-03-25 12:47:39 +01:00
Steve Holme 9f96e6da28 pop.c: Small code tidy up 2012-03-25 11:28:59 +01:00
Steve Holme 01690ed2bc pop3: Removed the need for the single message LIST command handler
Simplified the code to remove the need for a separate "LIST <msg id>"
command handler and state machine and instead use the LIST command
handler for both operations.
2012-03-25 11:21:59 +01:00
Steve Holme 2da89708ec pop3.c: Code policing and tidy up
Corrected character and line spacing and re-ordered list and retr
functions based on the order of their state machines.
2012-03-24 12:28:11 +00:00
Steve Holme 5c62a551c4 email: Moved server greeting responses into separate functions
Moved the server greeting response handling code from the statemach_act
functions to separate response functions. This makes the code simpler
to follow and provides consistency with the other responses that are
handled here.
2012-03-24 11:55:34 +00:00
Steve Holme 602a8a565c pop3.c: Fixed body data being written when CURLOPT_NOBODY is specified
Body data would be forwarded to the client application in both the RETR
and LIST commands even if CURLOPT_NOBODY was specified.
2012-03-24 00:09:38 +00:00
Daniel Stenberg 2764bf2c5b includes: remove inclusion of unused file http_proxy.h 2012-03-09 00:05:24 +01:00
Daniel Stenberg 41b0237834 CONNECT: made generically not per-protocol
Curl_protocol_connect() now does the tunneling through the HTTP proxy if
requested instead of letting each protocol specific connection function
do it.
2012-03-08 23:31:38 +01:00
Steve Holme 035ef06bda pop3.c: Fixed drop of final CRLF in EOB checking
Curl_pop3_write() would drop the final CRLF of a message as it was
considered part of the EOB as opposed to part of the message. Whilst
the EOB sequence needs to be searched for by the function only the
final 3 characters should be removed as per RFC-1939 section 3.

Reported by: Rich Gray
Bug: http://curl.haxx.se/mail/lib-2012-02/0051.html
2012-02-19 23:48:14 +01:00
Daniel Stenberg 75ca568fa1 URL sanitize: reject URLs containing bad data
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a
decoded manner now use the new Curl_urldecode() function to reject URLs
with embedded control codes (anything that is or decodes to a byte value
less than 32).

URLs containing such codes could easily otherwise be used to do harm and
allow users to do unintended actions with otherwise innocent tools and
applications. Like for example using a URL like
pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get
a mail and instead this would delete one.

This flaw is considered a security vulnerability: CVE-2012-0036

Security advisory at: http://curl.haxx.se/docs/adv_20120124.html

Reported by: Dan Fandrich
2012-01-24 08:54:26 +01:00
Steve Holme db4f69ef06 Fixed use of CURLUSESSL_TRY for POP3 and IMAP based connections.
Fixed a problem in POP3 and IMAP where a connection would fail when
CURLUSESSL_TRY was specified for a server that didn't support
SSL/TLS connections rather than continuing.
2012-01-04 00:48:20 +01:00
Steve Holme 277022b2e4 Fixed incorrect error code being returned in STARTTLS
The STARTTLS response code in SMTP, POP3 and IMAP would return
CURLE_LOGIN_DENIED rather than CURLE_USE_SSL_FAILED when SSL/TLS
was not available on the server.

Reported by: Gokhan Sengun
Bug: http://curl.haxx.se/mail/lib-2012-01/0018.html
2012-01-04 00:47:58 +01:00
Yang Tse b9b772fefe pop3.c: fix compiler warning variable may be used uninitialized 2011-12-13 15:58:02 +01:00
Steve Holme bdb647814e POP3: fixed escaped dot not being striped out
Changed the eob detection to work across the whole of the buffer so that
lines that begin with a dot (which the server will have escaped) are
passed to the client application correctly.
2011-12-01 00:06:47 +01:00
Yang Tse 1038d0aa16 pop3.c: fix compiler warning 2011-11-29 20:28:49 +01:00
Daniel Stenberg af64666434 POP3: detect when LIST returns no mails
By making sure the function can detect an "end of body" sequence
immediately on the first line, test 811 is now enabled.
2011-11-29 13:43:46 +01:00
Daniel Stenberg dda815b776 POP3: fix end of body detection
Curl_pop3_write() now has a state machine that scans for the end of a
POP3 body so that the CR LF '.' CR LF sequence can come in everything
from one up to five subsequent packets.

Test case 810 is modified to use SLOWDOWN which makes the server pause
between each single byte and thus makes the POP3 body get sent to curl
basically one byte at a time.
2011-11-29 00:25:21 +01:00
Jonas Schnelli 2c905fd1f8 query-part: ignore the URI part for given protocols
By setting PROTOPT_NOURLQUERY in the protocol handler struct, the
protocol will get the "query part" of the URL cut off before the data is
handled by the protocol-specific code. This makes libcurl adhere to
RFC3986 section 2.2.

Test 1220 is added to verify a file:// URL with query-part.
2011-11-24 23:31:19 +01:00
Daniel Stenberg 93e57d0628 rename ftp_ssl: the struct field is used for many protocols
Now called 'use_ssl' instead, which better matches the current CURLOPT
name and since the option is used for all pingpong protocols (at least)
it makes sense to not use 'ftp' in the name.
2011-11-03 09:54:12 +01:00
Daniel Stenberg d7934b8bd4 curl_multi_fdset: correct fdset with FTP PORT use
After a PORT has been issued, and the multi handle would switch to the
CURLM_STATE_DO_MORE state (which is unique for FTP), libcurl would
return the wrong fdset to wait for when curl_multi_fdset() is
called. The code would blindly assume that it was waiting for a connect
of the second connection, while that isn't true immediately after the
PORT command.

Also, the function multi.c:domore_getsock() was highly FTP-centric and
therefore ugly to keep in protocol-agnostic code. I solved this problem
by introducing a new function pointer in the Curl_handler struct called
domore_getsock() which is only called during the DOMORE state for
protocols that set that pointer.

The new ftp.c:ftp_domore_getsock() function now returns fdset info about
the control connection's command/response handling while such a state is
in use, and goes over to waiting for a writable second connection first
once the commands are done.

The original problem could be seen by running test 525 and checking the
time stamps in the FTP server log. I can verify that this fix at least
fixes this problem.

Bug: http://curl.haxx.se/mail/lib-2011-10/0250.html
Reported by: Gokhan Sengun
2011-10-21 23:36:54 +02:00
Yang Tse a50210710a fix bool variables checking and assignment 2011-09-05 20:46:09 +02:00
Yang Tse 6b75d2c2df fix a bunch of MSVC compiler warnings 2011-09-03 16:07:09 +02:00
Daniel Stenberg 2d7c79af76 tcpconnect: follow-up commit after b998d95b
As I modified conn->bits.tcpconnect to become an array that holds one
bool for each potential connection all uses of that struct field must
index it correctly.
2011-08-19 23:39:56 +02:00
Yang Tse f1586cb477 stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.h 2011-07-26 17:23:27 +02:00
Ori Avtalion af6dcc92d5 [pop3] remove extra space in LIST command
Some servers, e.g. mail.bezeqint.net:110, consider it a syntax error
2011-06-21 18:12:05 +03:00
Daniel Stenberg f0612f166a RTSP: convert protocol-specific checks to generic
Add a 'readwrite' function to the protocol handler struct and use that
for the extra readwrite functionality RTSP needs.
2011-05-05 16:27:03 +02:00
Daniel Stenberg e34131db78 SSL: check for SSL, not specific protocols
Code cleanup to check less for protocols and more for the specific
relevant feature. Like if SSL is required.
2011-05-05 15:49:43 +02:00
Daniel Stenberg 889d1e973f whitespace cleanup: no space first in conditionals
"if(a)" is our style, not "if( a )"
2011-04-27 09:09:35 +02:00
Daniel Stenberg b903186fa0 source cleanup: unify look, style and indent levels
By the use of a the new lib/checksrc.pl script that checks that our
basic source style rules are followed.
2011-04-27 09:09:35 +02:00
Fabian Keil 1702a2c08d Fix a couple of spelling errors in lib/
Found with codespell.
2011-04-21 07:55:53 -07:00
Daniel Stenberg c828646f60 CURL_DOES_CONVERSIONS: cleanup
Massively reduce #ifdefs all over (23 #ifdef lines less so far)
Moved conversion-specific code to non-ascii.c
2011-04-20 00:50:07 +02:00
Ben Noordhuis db59b6202d [pop3 starttls] PASS command was not sent after upgrade to TLS. 2011-04-05 13:38:31 +02:00
Ben Noordhuis e7837bfd03 [pop3 starttls] the command to send is STLS, not STARTTLS. 2011-04-05 13:38:31 +02:00
Daniel Stenberg 02dbfa2192 http-proxy: move proxy code to http_proxy.c
The new http_proxy.* files now host HTTP proxy specific code (500+ lines
moved out from http.c), and as a consequence there is a macro introduced
for the Curl_proxyCONNECT() function so that code can use it without
actually supporting proxy (or HTTP) in builds.
2011-04-04 19:38:00 +02:00
Daniel Stenberg 3a87dd8b20 pop3: add state name in debug array
We have an array with the state names only built and used when built
debug enabled and this need to list all the states from the .h
2011-03-19 11:05:45 +01:00
Dan Fandrich 663a52c2f8 pop3: use Curl_safefree() to allow torture tests to succeed 2011-03-18 11:20:24 -07:00
Daniel Stenberg 0c05ee3a33 pop3: remove unused variable 2011-03-18 09:18:22 +01:00
Dan Fandrich ef1c18b952 Added support for LISTing a single POP3 message
Added tests for a number of POP3 LIST operations, including one
that shows a curl problem when listing no messages, so is
disabled.
2011-03-17 16:59:30 -07:00
Dan Fandrich 409867e62b pop3: fixed memory leak in an error retrieval case 2011-03-17 16:28:12 -07:00
Daniel Stenberg cc228ea6f6 protocol handler cleanup: SSL awareness
As a follow-up to commit 8831000bc0: don't assume that the SSL powered
protocol alternatives are available.
2011-03-15 10:02:05 +01:00