aboutsummaryrefslogtreecommitdiff
path: root/lib/imap.c
AgeCommit message (Collapse)Author
2013-02-10imap: Added support for the STARTTLS capability (Part Three)Steve Holme
Added honoring of the tls_supported flag when starting a TLS upgrade rather than unconditionally attempting it. If the use_ssl flag is set to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the connection will continue to authenticate. If this flag is set to CURLUSESSL_ALL then the connection will complete with a failure as it did previously.
2013-02-10imap: Added support for the STARTTLS capability (Part Two)Steve Holme
Added sending of initial CAPABILITY command before STARTTLS is sent. This allows for the detection of the capability before trying to upgrade the connection.
2013-02-10imap: Added support for the STARTTLS capability (Part One)Steve Holme
Introduced detection of the STARTTLS capability, in order to add support for TLS upgrades without unconditionally sending the STARTTLS command.
2013-02-09imap: Corrected some commentsSteve Holme
2013-02-08imap: Renamed state variables in imap_authenticate()Steve Holme
Renamed the authstate1 and authstate2 variables in imap_authenticate() as the old name was a left over from when there was only one state variable which was named due to a clash with the state() function. Additionally this provides consistency with the smtp module.
2013-02-07imap: Added support for SASL-IR extension (Part 2)Steve Holme
Modified imap_authenticate() to add support for sending the initial response with the AUTHENTICATE command, as per RFC4959.
2013-02-07imap: Added support for SASL-IR extension (Part 1)Steve Holme
Introduced detection of the SASL-IR capability, in order to add support for sending the initial response with the AUTHENTICATE command, as per RFC4959.
2013-02-07imap: Changed response tag generation to be completely uniqueSteve Holme
Updated the automatic response tag generation to follow the examples given in RC3501, which list a 4 character string such as A001, A002, etc. As a unique identifier should be generated for each command the string generation is based on the connection id and the incrementing command id.
2013-02-06imap: Small variable rename in preparation for upcoming changeSteve Holme
Renamed a couple of variables and updated some comments in preparation for upcoming command id / response tag change.
2013-02-06email: Moved starttls code in separate functionsSteve Holme
To help maintain the readability of the code in imap.c, pop3.c and smtp.c moved the starttls code into state_starttls() functions.
2013-02-05email: Reworked comments in the endofresp() functionsSteve Holme
Tidied up the comments in the endofresp() functions to be more meaningful prior to release.
2013-02-04email: Provided extra comments following recent pop3/imap fixesSteve Holme
Provided additional clarification about the logic of the authenticate() functions following commit 6b6bdc83bd36 and b4270a9af1d0.
2013-02-03imap: Fixed no known authentication mechanism when fallback is requiredSteve Holme
Fixed an issue where (lib)curl is compiled without support for a supported challenge-response based SASL authentication mechanism, such as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN mechanisms and (lib)curl doesn't fallback to Clear Text authentication. Note: In order to fallback to Clear Text authentication properly this fix adds support for the LOGINDISABLED server capability. imap: Fixed no known authentication mechanism when fallback is required Fixed an issue where (lib)curl is compiled without support for a supported challenge-response based SASL authentication mechanism, such as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN mechanisms and (lib)curl doesn't fallback to Clear Text authentication. Note: In order to fallback to Clear Text authentication properly this fix adds support for the LOGINDISABLED server capability. Related bug: http://curl.haxx.se/mail/lib-2013-02/0004.html Reported by: Stanislav Ivochkin
2013-01-27imap.c: Fixed unnecessary state change if starttls failsSteve Holme
The state machine should only be changed to IMAP_STARTTLS when the STARTTLS command has been successfully sent to the server.
2013-01-24imap.c: Fixed failure detection during TLS upgradeSteve Holme
imap_state_upgrade_tls() would attempt to incorrectly complete the upgrade to imaps and start the CAPABILITY command if Curl_ssl_connect_nonblocking() returned a failure code and if ssldone was set to TRUE. This would only happen when a non-blocking API hadn't been provided by the SSL implementation and curlssl_connect() was called underneath.
2013-01-23email: Removed unnecessary return statementsSteve Holme
Small tidy up to remove unnecessary return statements prior to the next fix.
2013-01-22email: Corrected references to SASL RFCSteve Holme
The most recent version of the SASL RFC is RFC4422 and not RFC2222 as previously documented.
2013-01-19email: General code tidy upSteve Holme
Corrected some function argument definitions to maximize the 80 character line length limit and be in keeping with the curl coding style.
2013-01-17always-multi: always use non-blocking internalsDaniel Stenberg
Remove internal separated behavior of the easy vs multi intercace. curl_easy_perform() is now using the multi interface itself. Several minor multi interface quirks and bugs have been fixed in the process. Much help with debugging this has been provided by: Yang Tse
2013-01-09build: fix circular header inclusion with other packagesYang Tse
This commit renames lib/setup.h to lib/curl_setup.h and renames lib/setup_once.h to lib/curl_setup_once.h. Removes the need and usage of a header inclusion guard foreign to libcurl. [1] Removes the need and presence of an alarming notice we carried in old setup_once.h [2] ---------------------------------------- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, this single inclusion guard is enough to ensure that inclusion of lib/setup_once.h done from lib/setup.h is only done once. Additionally lib/setup.h has always used __SETUP_ONCE_H macro to protect inclusion of setup_once.h even after commit ec691ca3, this was to avoid a circular header inclusion triggered when building a c-ares enabled version with c-ares sources available which also has a setup_once.h header. Commit ec691ca3 exposes the real nature of __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard foreign to libcurl belonging to c-ares's setup_once.h The renaming this commit does, fixes the circular header inclusion, and as such removes the need and usage of a header inclusion guard foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. 2 - Due to the circular interdependency of old lib/setup_once.h and the c-ares setup_once.h header, old file lib/setup_once.h has carried back from 2006 up to now days an alarming and prominent notice about the need of keeping libcurl's and c-ares's setup_once.h in sync. Given that this commit fixes the circular interdependency, the need and presence of mentioned notice is removed. All mentioned interdependencies come back from now old days when the c-ares project lived inside a curl subdirectory. This commit removes last traces of such fact.
2013-01-07imap.c: Small tidy up to add missing commentSteve Holme
2013-01-07imap: Added support for sasl digest-md5 authenticationSteve Holme
2013-01-07imap: Added support for sasl cram-md5 authenticationSteve Holme
2013-01-07imap: Added support for sasl ntlm authenticationSteve Holme
2013-01-06imap: Added support for sasl login authenticationSteve Holme
2013-01-06imap: Added support for sasl plain text authenticationSteve Holme
2013-01-06imap: Introduced the continue response in imap_endofresp()Steve Holme
2013-01-06imap: Added support for SASL based authentication mechanism detectionSteve Holme
Added support for detecting the supported SASL authentication mechanisms via the CAPABILITY command.
2013-01-06Revert changes relative to lib/*.[ch] recent renamingYang Tse
This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
2013-01-03build: rename 93 lib/*.c filesYang Tse
93 lib/*.c source files renamed to use our standard naming scheme. This commit only does the file renaming. ---------------------------------------- renamed: lib/amigaos.c -> lib/curl_amigaos.c renamed: lib/asyn-ares.c -> lib/curl_asyn_ares.c renamed: lib/asyn-thread.c -> lib/curl_asyn_thread.c renamed: lib/axtls.c -> lib/curl_axtls.c renamed: lib/base64.c -> lib/curl_base64.c renamed: lib/bundles.c -> lib/curl_bundles.c renamed: lib/conncache.c -> lib/curl_conncache.c renamed: lib/connect.c -> lib/curl_connect.c renamed: lib/content_encoding.c -> lib/curl_content_encoding.c renamed: lib/cookie.c -> lib/curl_cookie.c renamed: lib/cyassl.c -> lib/curl_cyassl.c renamed: lib/dict.c -> lib/curl_dict.c renamed: lib/easy.c -> lib/curl_easy.c renamed: lib/escape.c -> lib/curl_escape.c renamed: lib/file.c -> lib/curl_file.c renamed: lib/fileinfo.c -> lib/curl_fileinfo.c renamed: lib/formdata.c -> lib/curl_formdata.c renamed: lib/ftp.c -> lib/curl_ftp.c renamed: lib/ftplistparser.c -> lib/curl_ftplistparser.c renamed: lib/getenv.c -> lib/curl_getenv.c renamed: lib/getinfo.c -> lib/curl_getinfo.c renamed: lib/gopher.c -> lib/curl_gopher.c renamed: lib/gtls.c -> lib/curl_gtls.c renamed: lib/hash.c -> lib/curl_hash.c renamed: lib/hmac.c -> lib/curl_hmac.c renamed: lib/hostasyn.c -> lib/curl_hostasyn.c renamed: lib/hostcheck.c -> lib/curl_hostcheck.c renamed: lib/hostip.c -> lib/curl_hostip.c renamed: lib/hostip4.c -> lib/curl_hostip4.c renamed: lib/hostip6.c -> lib/curl_hostip6.c renamed: lib/hostsyn.c -> lib/curl_hostsyn.c renamed: lib/http.c -> lib/curl_http.c renamed: lib/http_chunks.c -> lib/curl_http_chunks.c renamed: lib/http_digest.c -> lib/curl_http_digest.c renamed: lib/http_negotiate.c -> lib/curl_http_negotiate.c renamed: lib/http_negotiate_sspi.c -> lib/curl_http_negotiate_sspi.c renamed: lib/http_proxy.c -> lib/curl_http_proxy.c renamed: lib/idn_win32.c -> lib/curl_idn_win32.c renamed: lib/if2ip.c -> lib/curl_if2ip.c renamed: lib/imap.c -> lib/curl_imap.c renamed: lib/inet_ntop.c -> lib/curl_inet_ntop.c renamed: lib/inet_pton.c -> lib/curl_inet_pton.c renamed: lib/krb4.c -> lib/curl_krb4.c renamed: lib/krb5.c -> lib/curl_krb5.c renamed: lib/ldap.c -> lib/curl_ldap.c renamed: lib/llist.c -> lib/curl_llist.c renamed: lib/md4.c -> lib/curl_md4.c renamed: lib/md5.c -> lib/curl_md5.c renamed: lib/memdebug.c -> lib/curl_memdebug.c renamed: lib/mprintf.c -> lib/curl_mprintf.c renamed: lib/multi.c -> lib/curl_multi.c renamed: lib/netrc.c -> lib/curl_netrc.c renamed: lib/non-ascii.c -> lib/curl_non_ascii.c renamed: lib/curl_non-ascii.h -> lib/curl_non_ascii.h renamed: lib/nonblock.c -> lib/curl_nonblock.c renamed: lib/nss.c -> lib/curl_nss.c renamed: lib/nwlib.c -> lib/curl_nwlib.c renamed: lib/nwos.c -> lib/curl_nwos.c renamed: lib/openldap.c -> lib/curl_openldap.c renamed: lib/parsedate.c -> lib/curl_parsedate.c renamed: lib/pingpong.c -> lib/curl_pingpong.c renamed: lib/polarssl.c -> lib/curl_polarssl.c renamed: lib/pop3.c -> lib/curl_pop3.c renamed: lib/progress.c -> lib/curl_progress.c renamed: lib/qssl.c -> lib/curl_qssl.c renamed: lib/rawstr.c -> lib/curl_rawstr.c renamed: lib/rtsp.c -> lib/curl_rtsp.c renamed: lib/security.c -> lib/curl_security.c renamed: lib/select.c -> lib/curl_select.c renamed: lib/sendf.c -> lib/curl_sendf.c renamed: lib/share.c -> lib/curl_share.c renamed: lib/slist.c -> lib/curl_slist.c renamed: lib/smtp.c -> lib/curl_smtp.c renamed: lib/socks.c -> lib/curl_socks.c renamed: lib/socks_gssapi.c -> lib/curl_socks_gssapi.c renamed: lib/socks_sspi.c -> lib/curl_socks_sspi.c renamed: lib/speedcheck.c -> lib/curl_speedcheck.c renamed: lib/splay.c -> lib/curl_splay.c renamed: lib/ssh.c -> lib/curl_ssh.c renamed: lib/sslgen.c -> lib/curl_sslgen.c renamed: lib/ssluse.c -> lib/curl_ssluse.c renamed: lib/strdup.c -> lib/curl_strdup.c renamed: lib/strequal.c -> lib/curl_strequal.c renamed: lib/strerror.c -> lib/curl_strerror.c renamed: lib/strtok.c -> lib/curl_strtok.c renamed: lib/strtoofft.c -> lib/curl_strtoofft.c renamed: lib/telnet.c -> lib/curl_telnet.c renamed: lib/tftp.c -> lib/curl_tftp.c renamed: lib/timeval.c -> lib/curl_timeval.c renamed: lib/transfer.c -> lib/curl_transfer.c renamed: lib/url.c -> lib/curl_url.c renamed: lib/version.c -> lib/curl_version.c renamed: lib/warnless.c -> lib/curl_warnless.c renamed: lib/wildcard.c -> lib/curl_wildcard.c ----------------------------------------
2013-01-03build: make use of 93 lib/*.c renamed filesYang Tse
93 *.c source files renamed to use our standard naming scheme. This change affects 77 files in libcurl's source tree.
2012-12-30imap.c: Minor follow up tidy upSteve Holme
2012-12-30imap: Code tidy up prior to adding support for the CAPABILITY commandSteve Holme
* Changing the order of the state machine to represent the order in which commands are sent to the server. * Reworking the imap_endofresp() function as the FETCH response doesn't include the command id and shouldn't be part of the length comparison that takes into account the id string.
2012-12-29imap_doing: don't call imap_dophase_done() if already failedSteve Holme
Applied the POP3 fix from commit 2897ce7dc2e1 so imap_dophase_done() isn't called if imap_multi_statemach() fails.
2012-12-29imap.c: Fixed bad state error when logging in with invalid credentialsSteve Holme
Fixed a problem with the state machine when attempting to log in with invalid credentials. The server would report login failure but libcurl would not read the response due to inappropriate IMAP_STOP states being set after the login was sent.
2012-12-29imap.c: remove trailing whitespaceYang Tse
2012-12-28imap.c: Code tidy up - Part 2Steve Holme
2012-12-28imap.c: Code tidy up - Part 1Steve Holme
Applied some of the comment and layout changes that had already been applied to the pop3 and smtp code over the last 6 to 9 months. This is in preparation of adding SASL based authentication.
2012-12-28imap.c: Code tidy up renaming imapsendf() to imap_sendf()Steve Holme
Renamed imapsendf() to imap_sendf() to be more in keeping with the other imap functions as well as Curl_pp_sendf() that it replaces.
2012-12-28build: make use of 76 lib/*.h renamed filesYang Tse
76 private header files renamed to use our standard naming scheme. This change affects 322 files in libcurl's source tree.
2012-12-28imsp.c: Fixed usernames and passwords that contain escape charactersSteve Holme
Fixed a problem with sending usernames and passwords that contain backslash, quotation mark and space characters.
2012-12-14setup_once.h: refactor inclusion of <unistd.h> and <sys/socket.h>Yang Tse
Inclusion of top two most included header files now done in setup_once.h
2012-06-05email: Removed duplicated header fileSteve Holme
2012-03-24email: Moved server greeting responses into separate functionsSteve Holme
Moved the server greeting response handling code from the statemach_act functions to separate response functions. This makes the code simpler to follow and provides consistency with the other responses that are handled here.
2012-03-09includes: remove inclusion of unused file http_proxy.hDaniel Stenberg
2012-03-08CONNECT: made generically not per-protocolDaniel Stenberg
Curl_protocol_connect() now does the tunneling through the HTTP proxy if requested instead of letting each protocol specific connection function do it.
2012-01-24URL sanitize: reject URLs containing bad dataDaniel Stenberg
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
2012-01-04Fixed use of CURLUSESSL_TRY for POP3 and IMAP based connections.Steve Holme
Fixed a problem in POP3 and IMAP where a connection would fail when CURLUSESSL_TRY was specified for a server that didn't support SSL/TLS connections rather than continuing.
2012-01-04Fixed incorrect error code being returned in STARTTLSSteve Holme
The STARTTLS response code in SMTP, POP3 and IMAP would return CURLE_LOGIN_DENIED rather than CURLE_USE_SSL_FAILED when SSL/TLS was not available on the server. Reported by: Gokhan Sengun Bug: http://curl.haxx.se/mail/lib-2012-01/0018.html
2011-11-24query-part: ignore the URI part for given protocolsJonas Schnelli
By setting PROTOPT_NOURLQUERY in the protocol handler struct, the protocol will get the "query part" of the URL cut off before the data is handled by the protocol-specific code. This makes libcurl adhere to RFC3986 section 2.2. Test 1220 is added to verify a file:// URL with query-part.