diff options
| author | Steve Holme <steve_holme@hotmail.com> | 2013-12-18 20:44:20 +0000 |
|---|---|---|
| committer | Steve Holme <steve_holme@hotmail.com> | 2013-12-18 20:45:17 +0000 |
| commit | 48043f87b60a74af22bfe66a2db3b105a946921c (patch) | |
| tree | eda4eb3deb6bfe28b31ee2b07106c5f6e5ac6d64 /lib/imap.c | |
| parent | b7b126ee416239b03f681774edb6deebb2196841 (diff) | |
imap/pop3/smtp: Added support for SASL authentication downgrades
Added support for downgrading the SASL authentication mechanism when the
decoding of CRAM-MD5, DIGEST-MD5 and NTLM messages fails. This enhances
the previously added support for graceful cancellation by allowing the
client to retry a lesser SASL mechanism such as LOGIN or PLAIN, or even
APOP / clear text (in the case of POP3 and IMAP) when supported by the
server.
Diffstat (limited to 'lib/imap.c')
| -rw-r--r-- | lib/imap.c | 35 |
1 files changed, 33 insertions, 2 deletions
diff --git a/lib/imap.c b/lib/imap.c index 37feff429..bd03c76cd 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -1307,14 +1307,45 @@ static CURLcode imap_state_auth_cancel_resp(struct connectdata *conn, int imapcode, imapstate instate) { + CURLcode result = CURLE_OK; struct SessionHandle *data = conn->data; + struct imap_conn *imapc = &conn->proto.imapc; + const char *mech = NULL; + char *initresp = NULL; + size_t len = 0; + imapstate state1 = IMAP_STOP; + imapstate state2 = IMAP_STOP; (void)imapcode; (void)instate; /* no use for this yet */ - failf(data, "Authentication cancelled"); + /* Remove the offending mechanism from the supported list */ + imapc->authmechs ^= imapc->authused; + + /* Calculate alternative SASL login details */ + result = imap_calc_sasl_details(conn, &mech, &initresp, &len, &state1, + &state2); + + if(!result) { + /* Do we have any mechanisms left or can we fallback to clear text? */ + if(mech) { + /* Retry SASL based authentication */ + result = imap_perform_authenticate(conn, mech, initresp, state1, state2); + + Curl_safefree(initresp); + } + else if((!imapc->login_disabled) && + (imapc->preftype & IMAP_TYPE_CLEARTEXT)) + /* Perform clear text authentication */ + result = imap_perform_login(conn); + else { + failf(data, "Authentication cancelled"); + + result = CURLE_LOGIN_DENIED; + } + } - return CURLE_LOGIN_DENIED; + return result; } /* For final responses in the AUTHENTICATE sequence */ |