aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/imap.c71
-rw-r--r--lib/imap.h1
2 files changed, 72 insertions, 0 deletions
diff --git a/lib/imap.c b/lib/imap.c
index c69295d71..045bde033 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -18,6 +18,7 @@
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
+ * RFC2195 CRAM-MD5 authentication
* RFC2222 Simple Authentication and Security Layer (SASL)
* RFC3501 IMAPv4 protocol
* RFC4616 PLAIN authentication
@@ -435,6 +436,7 @@ static void state(struct connectdata *conn,
"AUTHENTICATE_PLAIN",
"AUTHENTICATE_LOGIN",
"AUTHENTICATE_LOGIN_PASSWD",
+ "AUTHENTICATE_CRAMMD5",
"AUTHENTICATE_NTLM",
"AUTHENTICATE_NTLM_TYPE2MSG",
"AUTHENTICATE",
@@ -515,6 +517,14 @@ static CURLcode imap_authenticate(struct connectdata *conn)
/* Check supported authentication mechanisms by decreasing order of
security */
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+ if(imapc->authmechs & SASL_MECH_CRAM_MD5) {
+ mech = "CRAM-MD5";
+ authstate = IMAP_AUTHENTICATE_CRAMMD5;
+ imapc->authused = SASL_MECH_CRAM_MD5;
+ }
+ else
+#endif
#ifdef USE_NTLM
if(imapc->authmechs & SASL_MECH_NTLM) {
mech = "NTLM";
@@ -774,6 +784,61 @@ static CURLcode imap_state_auth_login_password_resp(struct connectdata *conn,
return result;
}
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+/* For AUTHENTICATE CRAM-MD5 responses */
+static CURLcode imap_state_auth_cram_resp(struct connectdata *conn,
+ int imapcode,
+ imapstate instate)
+{
+ CURLcode result = CURLE_OK;
+ struct SessionHandle *data = conn->data;
+ char *chlg64 = data->state.buffer;
+ size_t len = 0;
+ char *rplyb64 = NULL;
+
+ (void)instate; /* no use for this yet */
+
+ if(imapcode != '+') {
+ failf(data, "Access denied: %d", imapcode);
+ return CURLE_LOGIN_DENIED;
+ }
+
+ /* Get the challenge */
+ for(chlg64 += 2; *chlg64 == ' ' || *chlg64 == '\t'; chlg64++)
+ ;
+
+ /* Terminate the challenge */
+ if(*chlg64 != '=') {
+ for(len = strlen(chlg64); len--;)
+ if(chlg64[len] != '\r' && chlg64[len] != '\n' && chlg64[len] != ' ' &&
+ chlg64[len] != '\t')
+ break;
+
+ if(++len) {
+ chlg64[len] = '\0';
+ }
+ }
+
+ /* Create the response message */
+ result = Curl_sasl_create_cram_md5_message(data, chlg64, conn->user,
+ conn->passwd, &rplyb64, &len);
+
+ /* Send the response */
+ if(!result) {
+ if(rplyb64) {
+ result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", rplyb64);
+
+ if(!result)
+ state(conn, IMAP_AUTHENTICATE);
+ }
+
+ Curl_safefree(rplyb64);
+ }
+
+ return result;
+}
+#endif
+
#ifdef USE_NTLM
/* For AUTHENTICATE NTLM responses */
static CURLcode imap_state_auth_ntlm_resp(struct connectdata *conn,
@@ -1092,6 +1157,12 @@ static CURLcode imap_statemach_act(struct connectdata *conn)
imapc->state);
break;
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+ case IMAP_AUTHENTICATE_CRAMMD5:
+ result = imap_state_auth_cram_resp(conn, imapcode, imapc->state);
+ break;
+#endif
+
#ifdef USE_NTLM
case IMAP_AUTHENTICATE_NTLM:
result = imap_state_auth_ntlm_resp(conn, imapcode, imapc->state);
diff --git a/lib/imap.h b/lib/imap.h
index 19e595f2f..8fa4e0f62 100644
--- a/lib/imap.h
+++ b/lib/imap.h
@@ -38,6 +38,7 @@ typedef enum {
IMAP_AUTHENTICATE_PLAIN,
IMAP_AUTHENTICATE_LOGIN,
IMAP_AUTHENTICATE_LOGIN_PASSWD,
+ IMAP_AUTHENTICATE_CRAMMD5,
IMAP_AUTHENTICATE_NTLM,
IMAP_AUTHENTICATE_NTLM_TYPE2MSG,
IMAP_AUTHENTICATE,