aboutsummaryrefslogtreecommitdiff
path: root/lib/smtp.c
AgeCommit message (Collapse)Author
2012-05-31smtp.c: Re-factored smtp_auth_login_user() for use with passwordsSteve Holme
In preparation for moving to the SASL module re-factored the smtp_auth_login_user() function to smtp_auth_login() so that it can be used for both user names and passwords as sending both of these under the login authentication mechanism is the same.
2012-05-30sasl: Moved plain text authentication message creation from smtp.cSteve Holme
Moved the plain text message creation from smtp.c into the sasl module to allow for use by other modules such as pop3.
2012-05-25sasl: Re-factored auth-mechanism constants to be more genericSteve Holme
2012-05-25smtp: Moved auth-mechanism constants into a separate header fileSteve Holme
Move the SMTP_AUTH constants into a separate header file in preparation for adding SASL based authentication to POP3 as the two protocols will need to share them.
2012-05-22smtp: Fixed an issue with the multi-interface always sending postdataSteve Holme
Due to the result code being reset to CURLE_OK when smtp_dophase_done() was called, postdata would incorrectly be sent to the server when the MAIL FROM or RCPT command was rejected. As such, libcurl would return the wrong result code from performing the operation and additionally set CURLINFO_RESPONSE_CODE to be that returned by the postdata command. Bug: http://curl.haxx.se/mail/lib-2012-05/0108.html Reported by: Gokhan Sengun
2012-05-17smtp: Fixed non-escaping of dot character at beginning of lineSteve Holme
A dot character at the beginning of a line would not be escaped to a double dot as required by RFC-2821, instead it would be deleted by the mail server. Please see section 4.5.2 of the RFC for more information. Note: This fix also simplifies the detection of repeated CRLF.CRLF combinations, such as CRLF.CRLF.CRLF, a little rather than having to advance the eob counter to 2.
2012-05-02MD5: OOM fixGokhan Sengun
check whether md5 initialization succeeded before updating digest of buffers onto it
2012-04-04smtp.c: fix compiler warningsYang Tse
2012-04-01smtp.c: Code policing and tidy upSteve Holme
2012-03-31smtp: Add support for DIGEST-MD5 authenticationGökhan Şengün
2012-03-31smtp: Cody tidy up of md5 digest lengthGökhan Şengün
Replaced the hard coded md5 digest length (16) with a preprocessor constant
2012-03-24email: Moved server greeting responses into separate functionsSteve Holme
Moved the server greeting response handling code from the statemach_act functions to separate response functions. This makes the code simpler to follow and provides consistency with the other responses that are handled here.
2012-03-20fix several compiler warningsYang Tse
2012-03-10smtp.c: Changed the curl error code for EHLO and HELO responsesSteve Holme
Changed the returned curl error codes for EHLO and HELO responses from CURLE_LOGIN_DENIED to CURLE_REMOTE_ACCESS_DENIED as a negative response from these commands represents no service as opposed to a login error.
2012-03-09includes: remove inclusion of unused file http_proxy.hDaniel Stenberg
2012-03-08CONNECT: made generically not per-protocolDaniel Stenberg
Curl_protocol_connect() now does the tunneling through the HTTP proxy if requested instead of letting each protocol specific connection function do it.
2012-02-23SMTP: Added support for returning SMTP response codesSteve Holme
Set the conn->data->info.httpcode variable in smtp_statemach_act() to allow Curl_getinfo() to return the SMTP response code via the CURLINFO_RESPONSE_CODE action.
2012-02-21smtp.c: Fixed an issue with writing postdataSteve Holme
Fixed a problem in smtp_done() when writing out the postdata as Curl_write() would periodically return zero bytes written.
2012-02-17smtp.c: Fixed an issue with the EOB checkingSteve Holme
Curl_smtp_escape_eob() would leave off final CRLFs from emails ending in multiple blank lines additionally leaving the smtpc->eob variable with the character count in, which would cause problems for additional emails when sent through multiple calls to curl_easy_perform() after a CURLOPT_CONNECT_ONLY.
2012-02-16SMTP: Code policing and tidy upSteve Holme
2012-02-15smtp.c: Fixed use of angled brackets in AUTH parameter.Steve Holme
Fixed the use of angled brackets "<>" in the optional AUTH parameter as per RFC-2554 section 5. The address should not include them but an empty address should be replaced by them.
2012-02-14smtp_mail: Added support to MAIL FROM for the optional AUTH parameterSteve Holme
Added a new CURLOPT_MAIL_AUTH option that allows the calling program to set the optional AUTH parameter in the MAIL FROM command. When this option is specified and an authentication mechanism is used to communicate with the mail server then the AUTH parameter will be included in the MAIL FROM command. This is particularly useful when the calling program is acting as a relay in a trusted environment and performing server to server communication, as it allows the relaying server to specify the address of the mailbox that was used to authenticate and send the original email.
2012-02-14SMTP: Fixed error when using CURLOPT_CONNECT_ONLYSteve Holme
Fixed incorrect behavior in smtp_done() which would cause the end of block data to be sent to the SMTP server if libcurl was operating in connect only mode. This would cause the server to return an error as data would not be expected which in turn caused libcurl to return CURLE_RECV_ERROR.
2012-01-24URL sanitize: reject URLs containing bad dataDaniel Stenberg
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
2012-01-04Fixed incorrect error code being returned in STARTTLSSteve Holme
The STARTTLS response code in SMTP, POP3 and IMAP would return CURLE_LOGIN_DENIED rather than CURLE_USE_SSL_FAILED when SSL/TLS was not available on the server. Reported by: Gokhan Sengun Bug: http://curl.haxx.se/mail/lib-2012-01/0018.html
2011-11-24query-part: ignore the URI part for given protocolsJonas Schnelli
By setting PROTOPT_NOURLQUERY in the protocol handler struct, the protocol will get the "query part" of the URL cut off before the data is handled by the protocol-specific code. This makes libcurl adhere to RFC3986 section 2.2. Test 1220 is added to verify a file:// URL with query-part.
2011-11-03rename ftp_ssl: the struct field is used for many protocolsDaniel Stenberg
Now called 'use_ssl' instead, which better matches the current CURLOPT name and since the option is used for all pingpong protocols (at least) it makes sense to not use 'ftp' in the name.
2011-10-21curl_multi_fdset: correct fdset with FTP PORT useDaniel Stenberg
After a PORT has been issued, and the multi handle would switch to the CURLM_STATE_DO_MORE state (which is unique for FTP), libcurl would return the wrong fdset to wait for when curl_multi_fdset() is called. The code would blindly assume that it was waiting for a connect of the second connection, while that isn't true immediately after the PORT command. Also, the function multi.c:domore_getsock() was highly FTP-centric and therefore ugly to keep in protocol-agnostic code. I solved this problem by introducing a new function pointer in the Curl_handler struct called domore_getsock() which is only called during the DOMORE state for protocols that set that pointer. The new ftp.c:ftp_domore_getsock() function now returns fdset info about the control connection's command/response handling while such a state is in use, and goes over to waiting for a writable second connection first once the commands are done. The original problem could be seen by running test 525 and checking the time stamps in the FTP server log. I can verify that this fix at least fixes this problem. Bug: http://curl.haxx.se/mail/lib-2011-10/0250.html Reported by: Gokhan Sengun
2011-10-20Curl_smtp_escape_eob: first byte is index 0...Daniel Stenberg
Fix a bug with with commit 2621dd42a4d that happened due to my last second pre-commit cleanup of the change without proper testing afterwards!
2011-10-20Curl_smtp_escape_eob: fix EOB escapingDaniel Stenberg
As the EOB string can come byte by byte over a series of writes we must match byte-wise. Bug: http://curl.haxx.se/mail/lib-2011-10/0172.html
2011-10-03codepolicingDaniel Stenberg
2011-10-03smtp: Added support for NTLM authenticationSteve Holme
Modified smtp_endofresp() to detect NTLM from the server specified list of supported authentication mechanisms. Modified smtp_authenticate() to start the sending of the NTLM data. Added smtp_auth_ntlm_type1_message() which creates a NTLM type-1 message. This function is used by authenticate() to start the sending of data and by smtp_state_auth_ntlm_resp() when the AUTH command doesn't contain the type-1 message as part of the initial response. This lack of initial response can happen if an OOM error occurs or the type-1 message is longer than 504 characters. As the main AUTH command is limited to 512 character the data has to be transmitted in two parts; one containing the AUTH NTLM and the second containing the type-1 message. Added smtp_state_auth_ntlm_type2msg_resp() which handles the incoming type-2 message and sends an outgoing type-3 message. This type-2 message is sent by the server in response to our type-1 message. Modified smtp_state_auth_resp() to handle the response to: the AUTH NTLM without the initial response and the type-2 response. Modified smtp_disconnect() to cleanup the NTLM SSPI stack.
2011-10-03smtp: General tidy up ready for adding NTLM supportSteve Holme
Changed the name of variable l, in several functions, which represents the length of strings being sent to the server, to len which is more meaningful and consistent with other code in smtp.c and elsewhere. Reworked smtp_authenticate() to be simpler and easier to follow. Variables and now initialised in their definitions and if no username and password are specified the function sets the state to SMTP_STOP and returns immediately, rather than being part of a huge if statement.
2011-10-03smtp_mail: fixed another memory leakSteve Holme
... introduced in 7f304ab84f560c
2011-09-29smtp_mail: fix memory leakDaniel Stenberg
... introduced in 7f304ab84f560c
2011-09-29smtp_mail: Added support to MAIL FROM for the optional SIZE parameterSteve Holme
The size of the email can now be set via CURLOPT_INFILESIZE. This allows the email to be rejected by the server, if supported, and the maximum size has been configured on the server.
2011-09-26smtp_connect: use defined buffer length for hostnameSteve Holme
2011-09-21smtp: without a MAIL_FROM, send blank MAIL FROMGisle Vanem
I think curl should ignore this case and smtp.c should test for this. Since RFC-2821 seems to allow a "null reverse-path". Ref. "MAIL FROM:<>" in section 3.7, page 25.
2011-09-05fix bool variables checking and assignmentYang Tse
2011-09-03fix a bunch of MSVC compiler warningsYang Tse
2011-08-24SMTP authentication: fix ordering of preferred authentication methodSteve Holme
Fixed the order of the preferred SMTP authentication method to: AUTH CRAM-MD5, AUTH LOGIN then AUTH PLAIN. AUTH PLAIN should be the last as it slightly more insecure than AUTH LOGIN as the username and password are sent together - there is no handshaking between the client and server like there is with AUTH LOGIN.
2011-08-24base64: fix Curl_base64_encode and Curl_base64_decode interfacesYang Tse
Previous interfaces for these libcurl internal functions did not allow to tell apart a legitimate zero size result from an error condition. These functions now return a CURLcode indicating function success or otherwise specific error. Output size is returned using a pointer argument. All usage of these two functions, and others closely related, has been adapted to the new interfaces. Relative error and OOM handling adapted or added where missing. Unit test 1302 also adapted.
2011-08-19tcpconnect: follow-up commit after b998d95bDaniel Stenberg
As I modified conn->bits.tcpconnect to become an array that holds one bool for each potential connection all uses of that struct field must index it correctly.
2011-07-26stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.hYang Tse
2011-05-05RTSP: convert protocol-specific checks to genericDaniel Stenberg
Add a 'readwrite' function to the protocol handler struct and use that for the extra readwrite functionality RTSP needs.
2011-05-05SSL: check for SSL, not specific protocolsDaniel Stenberg
Code cleanup to check less for protocols and more for the specific relevant feature. Like if SSL is required.
2011-04-27source cleanup: unify look, style and indent levelsDaniel Stenberg
By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed.
2011-04-21Fix a couple of spelling errors in lib/Fabian Keil
Found with codespell.
2011-04-20CURL_DOES_CONVERSIONS: cleanupDaniel Stenberg
Massively reduce #ifdefs all over (23 #ifdef lines less so far) Moved conversion-specific code to non-ascii.c
2011-04-04http-proxy: move proxy code to http_proxy.cDaniel Stenberg
The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.