fix bug 286581, allow imap auth external, r=bienvenu

2010-11-20 16:16:34 -08:00 · 2010-11-20 16:16:34 -08:00 · 2b4a2f024a
--- a/mail/locales/en-US/chrome/messenger/messenger.properties
+++ b/mail/locales/en-US/chrome/messenger/messenger.properties
@ -140,6 +140,7 @@ authPasswordCleartextInsecurely=Password, transmitted insecurely
 authPasswordCleartextViaSSL=Normal password
 authPasswordEncrypted=Encrypted password
 authKerberos=Kerberos / GSSAPI
+authExternal=TLS Certificate
 authNTLM=NTLM
 authAnySecure=Any secure method (deprecated)
 authAny=Any method (insecure)
--- a/mailnews/base/prefs/content/am-server.js
+++ b/mailnews/base/prefs/content/am-server.js
@ -95,6 +95,7 @@ function initServerType()
  setLabelFromStringBundle("authMethod-no", "authNo");
  setLabelFromStringBundle("authMethod-old", "authOld");
  setLabelFromStringBundle("authMethod-kerberos", "authKerberos");
+  setLabelFromStringBundle("authMethod-external", "authExternal");
  setLabelFromStringBundle("authMethod-ntlm", "authNTLM");
  setLabelFromStringBundle("authMethod-anysecure", "authAnySecure");
  setLabelFromStringBundle("authMethod-any", "authAny");
--- a/mailnews/base/prefs/content/am-server.xul
+++ b/mailnews/base/prefs/content/am-server.xul
@ -156,6 +156,7 @@
              <menuitem id="authMethod-password-encrypted" value="4"/>
              <menuitem id="authMethod-kerberos" value="5"/>
              <menuitem id="authMethod-ntlm" value="6"/>
+              <menuitem id="authMethod-external" value="7"/>
              <menuitem id="authMethod-anysecure" value="8"/>
              <menuitem id="authMethod-any" value="9"/>
            </menupopup>
--- a/mailnews/base/public/MailNewsTypes2.idl
+++ b/mailnews/base/public/MailNewsTypes2.idl
@ -104,6 +104,8 @@ interface nsMsgAuthMethod {
    /// NTLM is a Windows single-singon scheme.
    /// Includes MSN / Passport.net, which is the same with a different name.
    const nsMsgAuthMethodValue NTLM = 6;
+    /// Auth External is cert-based authentication
+    const nsMsgAuthMethodValue External = 7;
    /// Encrypted password or Kerberos / GSSAPI or NTLM.
    /// @deprecated - for migration only.
    const nsMsgAuthMethodValue secure = 8;
--- a/mailnews/imap/src/nsImapCore.h
+++ b/mailnews/imap/src/nsImapCore.h
@ -150,7 +150,8 @@ typedef enum {
    kHasCondStoreCapability =  0x02000000, /* RFC 3551 CondStore extension */
    kHasEnableCapability    =  0x04000000, /* RFC 5161 ENABLE extension */
    kHasXListCapability    =  0x08000000,  /* XLIST extension */
-    kHasCompressDeflateCapability  =  0x10000000  /* RFC 4978 COMPRESS extension */
+    kHasCompressDeflateCapability  = 0x10000000,  /* RFC 4978 COMPRESS extension */
+    kHasAuthExternalCapability  = 0x20000000  /* RFC 2222 SASL AUTH EXTERNAL */
 } eIMAPCapabilityFlag;

 // this used to be part of the connection object class - maybe we should move it into 
--- a/mailnews/imap/src/nsImapProtocol.cpp
+++ b/mailnews/imap/src/nsImapProtocol.cpp
@ -5471,6 +5471,9 @@ void nsImapProtocol::InitPrefAuthMethods(PRInt32 authMethodPrefValue)
      case nsMsgAuthMethod::GSSAPI:
        m_prefAuthMethods = kHasAuthGssApiCapability;
        break;
+      case nsMsgAuthMethod::External:
+        m_prefAuthMethods = kHasAuthExternalCapability;
+        break;
      case nsMsgAuthMethod::secure:
        m_prefAuthMethods = kHasCRAMCapability |
            kHasAuthGssApiCapability |
@ -5486,7 +5489,8 @@ void nsImapProtocol::InitPrefAuthMethods(PRInt32 authMethodPrefValue)
        m_prefAuthMethods = kHasAuthOldLoginCapability |
            kHasAuthLoginCapability | kHasAuthPlainCapability |
            kHasCRAMCapability | kHasAuthGssApiCapability |
-            kHasAuthNTLMCapability | kHasAuthMSNCapability;
+            kHasAuthNTLMCapability | kHasAuthMSNCapability |
+            kHasAuthExternalCapability;
        break;
    }
    NS_ASSERTION(m_prefAuthMethods != kCapabilityUndefined,
@ -5506,12 +5510,15 @@ nsresult nsImapProtocol::ChooseAuthMethod()
  PR_LOG(IMAP, PR_LOG_DEBUG, ("IMAP auth: server caps 0x%X, pref 0x%X, failed 0x%X, avail caps 0x%X",
        serverCaps, m_prefAuthMethods, m_failedAuthMethods, availCaps));
  PR_LOG(IMAP, PR_LOG_DEBUG, ("(GSSAPI = 0x%X, CRAM = 0x%X, NTLM = 0x%X, "
-        "MSN =  0x%X, PLAIN = 0x%X, LOGIN = 0x%X, old-style IMAP login = 0x%X)",
+        "MSN =  0x%X, PLAIN = 0x%X, LOGIN = 0x%X, old-style IMAP login = 0x%X)"
+        "auth external IMAP login = 0x%X",
        kHasAuthGssApiCapability, kHasCRAMCapability, kHasAuthNTLMCapability,
        kHasAuthMSNCapability, kHasAuthPlainCapability, kHasAuthLoginCapability,
-        kHasAuthOldLoginCapability));
+        kHasAuthOldLoginCapability, kHasAuthExternalCapability));

-  if (kHasAuthGssApiCapability & availCaps)
+  if (kHasAuthExternalCapability & availCaps)
+    m_currentAuthMethod = kHasAuthExternalCapability;
+  else if (kHasAuthGssApiCapability & availCaps)
    m_currentAuthMethod = kHasAuthGssApiCapability;
  else if (kHasCRAMCapability & availCaps)
    m_currentAuthMethod = kHasCRAMCapability;
@ -5561,7 +5568,22 @@ nsresult nsImapProtocol::AuthLogin(const char *userName, const nsCString &passwo

  PR_LOG(IMAP, PR_LOG_DEBUG, ("IMAP: trying auth method 0x%X", m_currentAuthMethod));

-  if (flag & kHasCRAMCapability)
+  if (flag & kHasAuthExternalCapability)
+  {
+      char *base64UserName = PL_Base64Encode(userName, strlen(userName), nsnull);
+      nsCAutoString command (GetServerCommandTag());
+      command.Append(" authenticate EXTERNAL " );
+      command.Append(base64UserName);
+      command.Append(CRLF);
+	  PR_Free(base64UserName);
+      rv = SendData(command.get());
+      ParseIMAPandCheckForNewMail();
+      nsImapServerResponseParser &parser = GetServerStateParser();
+      if (parser.LastCommandSuccessful())
+        return NS_OK;
+      parser.SetCapabilityFlag(parser.GetCapabilityFlag() & ~kHasAuthExternalCapability);
+  }
+  else if (flag & kHasCRAMCapability)
  {
    NS_ENSURE_TRUE(m_imapServerSink, NS_ERROR_NULL_POINTER);
    PR_LOG(IMAP, PR_LOG_DEBUG, ("MD5 auth"));
@ -8268,6 +8290,7 @@ PRBool nsImapProtocol::TryToLogon()
  {
      // Get password
      if (m_currentAuthMethod != kHasAuthGssApiCapability && // GSSAPI uses no pw in apps
+          m_currentAuthMethod != kHasAuthExternalCapability &&
          m_currentAuthMethod != kHasAuthNoneCapability)
      {
          rv = GetPassword(password, newPasswordRequested);
--- a/mailnews/imap/src/nsImapServerResponseParser.cpp
+++ b/mailnews/imap/src/nsImapServerResponseParser.cpp
@ -2220,6 +2220,8 @@ void nsImapServerResponseParser::capability_data()
        fCapabilityFlag |= kHasAuthGssApiCapability;
      else if (token.Equals("AUTH=MSN", nsCaseInsensitiveCStringComparator()))
        fCapabilityFlag |= kHasAuthMSNCapability;
+      else if (token.Equals("AUTH=EXTERNAL", nsCaseInsensitiveCStringComparator()))
+        fCapabilityFlag |= kHasAuthExternalCapability;
      else if (token.Equals("STARTTLS", nsCaseInsensitiveCStringComparator()))
        fCapabilityFlag |= kHasStartTLSCapability;
      else if (token.Equals("LOGINDISABLED", nsCaseInsensitiveCStringComparator()))
--- a/suite/locales/en-US/chrome/mailnews/messenger.properties
+++ b/suite/locales/en-US/chrome/mailnews/messenger.properties
@ -144,6 +144,7 @@ authPasswordCleartextInsecurely=Password, transmitted insecurely
 authPasswordCleartextViaSSL=Normal password
 authPasswordEncrypted=Encrypted password
 authKerberos=Kerberos / GSSAPI
+authExternal=TLS Certificate
 authNTLM=NTLM
 authAnySecure=Any secure method (deprecated)
 authAny=Any method (insecure)