aboutsummaryrefslogtreecommitdiff
path: root/lib/pop3.c
AgeCommit message (Collapse)Author
2012-06-04pop3: Post authentication code tidy upSteve Holme
Corrected lines longer than 78 characters. Changed POP3_AUTH_FINAL to POP3_AUTH to match SMTP code now that the AUTH command is no longer sent on its own. Introduced some comments in data sending functions. Another attempt at trying to rational code and comment style.
2012-06-04pop3: Added support for sasl digest-md5 authenticationSteve Holme
2012-06-04pop3: Changed the sasl mechanism detection from auth to capaSteve Holme
Not all SASL enabled POP3 servers support the AUTH command on its own when trying to detect the supported mechanisms. As such changed the mechanism detection to use the CAPA command instead.
2012-06-03pop3: Added support for sasl cram-md5 authenticationSteve Holme
2012-06-03pop3.c: Added conditional compilation for NTLM function callsSteve Holme
Added USE_NTLM condition compilation around the NTLM functions called from pop3_statemach_act() introduced in commit 69f7156ad96877.
2012-06-03pop3: Fixed an issue with changes introduced in commit c267c53017bcSteve Holme
Because pop3_endofresp() is called for each line of data yet is not passed the line and line length, so we have to use the data pointed to by pp->linestart_resp which contains the whole packet, the mechanisms were being detected in one call yet the function would be called for each line of data. Using curl with verbose mode enabled would show that one line of data would be received in response to the AUTH command, before the AUTH <mechanism> command was sent to the server and then the next few lines of the original AUTH command would be displayed before the response from the AUTH <mechanism> command. This would then cause problems when parsing the CRAM-MD5 challenge data as extra data was contained in the buffer. Changed the parsing so that each line is checked for the mechanisms and the function returns FALSE until the whole of the AUTH response has been processed.
2012-06-02pop3.c:Corrected typo in commit 69ba0da8272dSteve Holme
2012-06-02pop3: Fixed the issue of having to supply the user name for all requestsSteve Holme
Previously it wasn't possible to connect to POP3 and not specify the user name as a CURLE_ACCESS_DENIED error would be returned. This error occurred because USER would be sent to the server with a blank user name if no mailbox user was specified as the server would reply with -ERR. This wasn't a problem prior to the 7.26.0 release but with the introduction of custom commands the user and/or application developer might want to issue a CAPA command without having to log in as a specific mailbox user. Additionally this fix won't send the newly introduced AUTH command if no user name is specified.
2012-06-02pop3.c: Small code tidy upSteve Holme
Corrected lines exceeding 78 characters. Repositioned some comments and added extra clarity.
2012-06-02pop3: Added support for sasl ntlm authenticationSteve Holme
2012-06-01pop3: Added support for sasl login authenticationSteve Holme
2012-05-31pop3: Added support for sasl plain text authenticationSteve Holme
2012-05-28pop3: Introduced the continue response in pop3_endofresp()Steve Holme
2012-05-28pop3: Changed response code from O and E to + and -Steve Holme
The POP3 protocol doesn't really have the concept of error codes and uses +, +OK and -ERR in response to commands to indicate continue, success and error. The AUTH command is one of those commands that requires multiple pieces of data to be sent to the server where the server will respond with + as part of the handshaking. This meant changing the values before continuing with the next stage of adding authentication support.
2012-05-28pop3: Small code tidy up following authentication work so farSteve Holme
Changed the order of the state machine to match the order of actual events. Reworked some comments and function parameter positioning that I missed the other day.
2012-05-27pop3: remove variable-not-used warningsDaniel Stenberg
2012-05-27pop3: Added support for SASL based authentication mechanism detectionSteve Holme
Added support for detecting the supported SASL authentication mechanisms via the AUTH command. There are two ways of detecting them, either by using the AUTH command, that will return -ERR if not supported or by using the CAPA command which will return SASL and the list of mechanisms if supported, not include SASL if SASL authentication is not supported or -ERR if the CAPA command is not supported. As such it seems simpler to use the AUTH command and fallback to normal clear text authentication if the the command is not supported. Additionally updated the test cases to return -ERR when the AUTH command is encountered. Additional test cases will be added when support for the individual authentication mechanisms is added.
2012-05-27pop3: remove trailing whitespaceDaniel Stenberg
2012-05-27pop3: Code tidy up before the introduction of authentication codeSteve Holme
Moved EOB definition into header file. Switched the logic around in pop3_endofresp() to allow for the introduction of auth-mechanism detection. Repositioned second and third function variables where they will fit within the 78 character line limit. Tidied up some comments.
2012-04-02pop3: Reworked the command sending and handlingSteve Holme
Reworked the command sending from two specific LIST and RETR command functions into a single command based function as well as the two associated response handlers into a generic command handler.
2012-03-31pop3: Added support for additional pop3 commandsSteve Holme
This feature allows the user to specify and use additional POP3 commands such as UIDL and DELE via libcurl's CURLOPT_CUSTOMREQUEST or curl's -X command line option.
2012-03-25pop3.c: Corrected problem with state() introduced in 01690ed2bce5Steve Holme
2012-03-25pop.c: Small code tidy upSteve Holme
2012-03-25pop3: Removed the need for the single message LIST command handlerSteve Holme
Simplified the code to remove the need for a separate "LIST <msg id>" command handler and state machine and instead use the LIST command handler for both operations.
2012-03-24pop3.c: Code policing and tidy upSteve Holme
Corrected character and line spacing and re-ordered list and retr functions based on the order of their state machines.
2012-03-24email: Moved server greeting responses into separate functionsSteve Holme
Moved the server greeting response handling code from the statemach_act functions to separate response functions. This makes the code simpler to follow and provides consistency with the other responses that are handled here.
2012-03-24pop3.c: Fixed body data being written when CURLOPT_NOBODY is specifiedSteve Holme
Body data would be forwarded to the client application in both the RETR and LIST commands even if CURLOPT_NOBODY was specified.
2012-03-09includes: remove inclusion of unused file http_proxy.hDaniel Stenberg
2012-03-08CONNECT: made generically not per-protocolDaniel Stenberg
Curl_protocol_connect() now does the tunneling through the HTTP proxy if requested instead of letting each protocol specific connection function do it.
2012-02-19pop3.c: Fixed drop of final CRLF in EOB checkingSteve Holme
Curl_pop3_write() would drop the final CRLF of a message as it was considered part of the EOB as opposed to part of the message. Whilst the EOB sequence needs to be searched for by the function only the final 3 characters should be removed as per RFC-1939 section 3. Reported by: Rich Gray Bug: http://curl.haxx.se/mail/lib-2012-02/0051.html
2012-01-24URL sanitize: reject URLs containing bad dataDaniel Stenberg
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
2012-01-04Fixed use of CURLUSESSL_TRY for POP3 and IMAP based connections.Steve Holme
Fixed a problem in POP3 and IMAP where a connection would fail when CURLUSESSL_TRY was specified for a server that didn't support SSL/TLS connections rather than continuing.
2012-01-04Fixed incorrect error code being returned in STARTTLSSteve Holme
The STARTTLS response code in SMTP, POP3 and IMAP would return CURLE_LOGIN_DENIED rather than CURLE_USE_SSL_FAILED when SSL/TLS was not available on the server. Reported by: Gokhan Sengun Bug: http://curl.haxx.se/mail/lib-2012-01/0018.html
2011-12-13pop3.c: fix compiler warning variable may be used uninitializedYang Tse
2011-12-01POP3: fixed escaped dot not being striped outSteve Holme
Changed the eob detection to work across the whole of the buffer so that lines that begin with a dot (which the server will have escaped) are passed to the client application correctly.
2011-11-29pop3.c: fix compiler warningYang Tse
2011-11-29POP3: detect when LIST returns no mailsDaniel Stenberg
By making sure the function can detect an "end of body" sequence immediately on the first line, test 811 is now enabled.
2011-11-29POP3: fix end of body detectionDaniel Stenberg
Curl_pop3_write() now has a state machine that scans for the end of a POP3 body so that the CR LF '.' CR LF sequence can come in everything from one up to five subsequent packets. Test case 810 is modified to use SLOWDOWN which makes the server pause between each single byte and thus makes the POP3 body get sent to curl basically one byte at a time.
2011-11-24query-part: ignore the URI part for given protocolsJonas Schnelli
By setting PROTOPT_NOURLQUERY in the protocol handler struct, the protocol will get the "query part" of the URL cut off before the data is handled by the protocol-specific code. This makes libcurl adhere to RFC3986 section 2.2. Test 1220 is added to verify a file:// URL with query-part.
2011-11-03rename ftp_ssl: the struct field is used for many protocolsDaniel Stenberg
Now called 'use_ssl' instead, which better matches the current CURLOPT name and since the option is used for all pingpong protocols (at least) it makes sense to not use 'ftp' in the name.
2011-10-21curl_multi_fdset: correct fdset with FTP PORT useDaniel Stenberg
After a PORT has been issued, and the multi handle would switch to the CURLM_STATE_DO_MORE state (which is unique for FTP), libcurl would return the wrong fdset to wait for when curl_multi_fdset() is called. The code would blindly assume that it was waiting for a connect of the second connection, while that isn't true immediately after the PORT command. Also, the function multi.c:domore_getsock() was highly FTP-centric and therefore ugly to keep in protocol-agnostic code. I solved this problem by introducing a new function pointer in the Curl_handler struct called domore_getsock() which is only called during the DOMORE state for protocols that set that pointer. The new ftp.c:ftp_domore_getsock() function now returns fdset info about the control connection's command/response handling while such a state is in use, and goes over to waiting for a writable second connection first once the commands are done. The original problem could be seen by running test 525 and checking the time stamps in the FTP server log. I can verify that this fix at least fixes this problem. Bug: http://curl.haxx.se/mail/lib-2011-10/0250.html Reported by: Gokhan Sengun
2011-09-05fix bool variables checking and assignmentYang Tse
2011-09-03fix a bunch of MSVC compiler warningsYang Tse
2011-08-19tcpconnect: follow-up commit after b998d95bDaniel Stenberg
As I modified conn->bits.tcpconnect to become an array that holds one bool for each potential connection all uses of that struct field must index it correctly.
2011-07-26stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.hYang Tse
2011-06-21[pop3] remove extra space in LIST commandOri Avtalion
Some servers, e.g. mail.bezeqint.net:110, consider it a syntax error
2011-05-05RTSP: convert protocol-specific checks to genericDaniel Stenberg
Add a 'readwrite' function to the protocol handler struct and use that for the extra readwrite functionality RTSP needs.
2011-05-05SSL: check for SSL, not specific protocolsDaniel Stenberg
Code cleanup to check less for protocols and more for the specific relevant feature. Like if SSL is required.
2011-04-27whitespace cleanup: no space first in conditionalsDaniel Stenberg
"if(a)" is our style, not "if( a )"
2011-04-27source cleanup: unify look, style and indent levelsDaniel Stenberg
By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed.