aboutsummaryrefslogtreecommitdiff
path: root/lib/smtp.c
AgeCommit message (Collapse)Author
2012-03-09includes: remove inclusion of unused file http_proxy.hDaniel Stenberg
2012-03-08CONNECT: made generically not per-protocolDaniel Stenberg
Curl_protocol_connect() now does the tunneling through the HTTP proxy if requested instead of letting each protocol specific connection function do it.
2012-02-23SMTP: Added support for returning SMTP response codesSteve Holme
Set the conn->data->info.httpcode variable in smtp_statemach_act() to allow Curl_getinfo() to return the SMTP response code via the CURLINFO_RESPONSE_CODE action.
2012-02-21smtp.c: Fixed an issue with writing postdataSteve Holme
Fixed a problem in smtp_done() when writing out the postdata as Curl_write() would periodically return zero bytes written.
2012-02-17smtp.c: Fixed an issue with the EOB checkingSteve Holme
Curl_smtp_escape_eob() would leave off final CRLFs from emails ending in multiple blank lines additionally leaving the smtpc->eob variable with the character count in, which would cause problems for additional emails when sent through multiple calls to curl_easy_perform() after a CURLOPT_CONNECT_ONLY.
2012-02-16SMTP: Code policing and tidy upSteve Holme
2012-02-15smtp.c: Fixed use of angled brackets in AUTH parameter.Steve Holme
Fixed the use of angled brackets "<>" in the optional AUTH parameter as per RFC-2554 section 5. The address should not include them but an empty address should be replaced by them.
2012-02-14smtp_mail: Added support to MAIL FROM for the optional AUTH parameterSteve Holme
Added a new CURLOPT_MAIL_AUTH option that allows the calling program to set the optional AUTH parameter in the MAIL FROM command. When this option is specified and an authentication mechanism is used to communicate with the mail server then the AUTH parameter will be included in the MAIL FROM command. This is particularly useful when the calling program is acting as a relay in a trusted environment and performing server to server communication, as it allows the relaying server to specify the address of the mailbox that was used to authenticate and send the original email.
2012-02-14SMTP: Fixed error when using CURLOPT_CONNECT_ONLYSteve Holme
Fixed incorrect behavior in smtp_done() which would cause the end of block data to be sent to the SMTP server if libcurl was operating in connect only mode. This would cause the server to return an error as data would not be expected which in turn caused libcurl to return CURLE_RECV_ERROR.
2012-01-24URL sanitize: reject URLs containing bad dataDaniel Stenberg
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
2012-01-04Fixed incorrect error code being returned in STARTTLSSteve Holme
The STARTTLS response code in SMTP, POP3 and IMAP would return CURLE_LOGIN_DENIED rather than CURLE_USE_SSL_FAILED when SSL/TLS was not available on the server. Reported by: Gokhan Sengun Bug: http://curl.haxx.se/mail/lib-2012-01/0018.html
2011-11-24query-part: ignore the URI part for given protocolsJonas Schnelli
By setting PROTOPT_NOURLQUERY in the protocol handler struct, the protocol will get the "query part" of the URL cut off before the data is handled by the protocol-specific code. This makes libcurl adhere to RFC3986 section 2.2. Test 1220 is added to verify a file:// URL with query-part.
2011-11-03rename ftp_ssl: the struct field is used for many protocolsDaniel Stenberg
Now called 'use_ssl' instead, which better matches the current CURLOPT name and since the option is used for all pingpong protocols (at least) it makes sense to not use 'ftp' in the name.
2011-10-21curl_multi_fdset: correct fdset with FTP PORT useDaniel Stenberg
After a PORT has been issued, and the multi handle would switch to the CURLM_STATE_DO_MORE state (which is unique for FTP), libcurl would return the wrong fdset to wait for when curl_multi_fdset() is called. The code would blindly assume that it was waiting for a connect of the second connection, while that isn't true immediately after the PORT command. Also, the function multi.c:domore_getsock() was highly FTP-centric and therefore ugly to keep in protocol-agnostic code. I solved this problem by introducing a new function pointer in the Curl_handler struct called domore_getsock() which is only called during the DOMORE state for protocols that set that pointer. The new ftp.c:ftp_domore_getsock() function now returns fdset info about the control connection's command/response handling while such a state is in use, and goes over to waiting for a writable second connection first once the commands are done. The original problem could be seen by running test 525 and checking the time stamps in the FTP server log. I can verify that this fix at least fixes this problem. Bug: http://curl.haxx.se/mail/lib-2011-10/0250.html Reported by: Gokhan Sengun
2011-10-20Curl_smtp_escape_eob: first byte is index 0...Daniel Stenberg
Fix a bug with with commit 2621dd42a4d that happened due to my last second pre-commit cleanup of the change without proper testing afterwards!
2011-10-20Curl_smtp_escape_eob: fix EOB escapingDaniel Stenberg
As the EOB string can come byte by byte over a series of writes we must match byte-wise. Bug: http://curl.haxx.se/mail/lib-2011-10/0172.html
2011-10-03codepolicingDaniel Stenberg
2011-10-03smtp: Added support for NTLM authenticationSteve Holme
Modified smtp_endofresp() to detect NTLM from the server specified list of supported authentication mechanisms. Modified smtp_authenticate() to start the sending of the NTLM data. Added smtp_auth_ntlm_type1_message() which creates a NTLM type-1 message. This function is used by authenticate() to start the sending of data and by smtp_state_auth_ntlm_resp() when the AUTH command doesn't contain the type-1 message as part of the initial response. This lack of initial response can happen if an OOM error occurs or the type-1 message is longer than 504 characters. As the main AUTH command is limited to 512 character the data has to be transmitted in two parts; one containing the AUTH NTLM and the second containing the type-1 message. Added smtp_state_auth_ntlm_type2msg_resp() which handles the incoming type-2 message and sends an outgoing type-3 message. This type-2 message is sent by the server in response to our type-1 message. Modified smtp_state_auth_resp() to handle the response to: the AUTH NTLM without the initial response and the type-2 response. Modified smtp_disconnect() to cleanup the NTLM SSPI stack.
2011-10-03smtp: General tidy up ready for adding NTLM supportSteve Holme
Changed the name of variable l, in several functions, which represents the length of strings being sent to the server, to len which is more meaningful and consistent with other code in smtp.c and elsewhere. Reworked smtp_authenticate() to be simpler and easier to follow. Variables and now initialised in their definitions and if no username and password are specified the function sets the state to SMTP_STOP and returns immediately, rather than being part of a huge if statement.
2011-10-03smtp_mail: fixed another memory leakSteve Holme
... introduced in 7f304ab84f560c
2011-09-29smtp_mail: fix memory leakDaniel Stenberg
... introduced in 7f304ab84f560c
2011-09-29smtp_mail: Added support to MAIL FROM for the optional SIZE parameterSteve Holme
The size of the email can now be set via CURLOPT_INFILESIZE. This allows the email to be rejected by the server, if supported, and the maximum size has been configured on the server.
2011-09-26smtp_connect: use defined buffer length for hostnameSteve Holme
2011-09-21smtp: without a MAIL_FROM, send blank MAIL FROMGisle Vanem
I think curl should ignore this case and smtp.c should test for this. Since RFC-2821 seems to allow a "null reverse-path". Ref. "MAIL FROM:<>" in section 3.7, page 25.
2011-09-05fix bool variables checking and assignmentYang Tse
2011-09-03fix a bunch of MSVC compiler warningsYang Tse
2011-08-24SMTP authentication: fix ordering of preferred authentication methodSteve Holme
Fixed the order of the preferred SMTP authentication method to: AUTH CRAM-MD5, AUTH LOGIN then AUTH PLAIN. AUTH PLAIN should be the last as it slightly more insecure than AUTH LOGIN as the username and password are sent together - there is no handshaking between the client and server like there is with AUTH LOGIN.
2011-08-24base64: fix Curl_base64_encode and Curl_base64_decode interfacesYang Tse
Previous interfaces for these libcurl internal functions did not allow to tell apart a legitimate zero size result from an error condition. These functions now return a CURLcode indicating function success or otherwise specific error. Output size is returned using a pointer argument. All usage of these two functions, and others closely related, has been adapted to the new interfaces. Relative error and OOM handling adapted or added where missing. Unit test 1302 also adapted.
2011-08-19tcpconnect: follow-up commit after b998d95bDaniel Stenberg
As I modified conn->bits.tcpconnect to become an array that holds one bool for each potential connection all uses of that struct field must index it correctly.
2011-07-26stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.hYang Tse
2011-05-05RTSP: convert protocol-specific checks to genericDaniel Stenberg
Add a 'readwrite' function to the protocol handler struct and use that for the extra readwrite functionality RTSP needs.
2011-05-05SSL: check for SSL, not specific protocolsDaniel Stenberg
Code cleanup to check less for protocols and more for the specific relevant feature. Like if SSL is required.
2011-04-27source cleanup: unify look, style and indent levelsDaniel Stenberg
By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed.
2011-04-21Fix a couple of spelling errors in lib/Fabian Keil
Found with codespell.
2011-04-20CURL_DOES_CONVERSIONS: cleanupDaniel Stenberg
Massively reduce #ifdefs all over (23 #ifdef lines less so far) Moved conversion-specific code to non-ascii.c
2011-04-04http-proxy: move proxy code to http_proxy.cDaniel Stenberg
The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-03-15SMTP-multi: non-blocking connectBen Noordhuis
Use Curl_ssl_connect_nonblocking() when upgrading the connection to TLS/SSL while using the multi interface.
2011-03-15SMTP in multi mode: use Curl_ssl_connect_nonblocking() when connecting.Ben Noordhuis
2011-03-15protocol handler cleanup: SSL awarenessDaniel Stenberg
As a follow-up to commit 8831000bc0: don't assume that the SSL powered protocol alternatives are available.
2011-03-14protocols: use CURLPROTO_ internallyDaniel Stenberg
The PROT_* set of internal defines for the protocols is no longer used. We now use the same bits internally as we have defined in the public header using the CURLPROTO_ prefix. This is for simplicity and because the PROT_* prefix was already used duplicated internally for a set of KRB4 values. The PROTOPT_* defines were moved up to just below the struct definition within which they are used.
2011-03-14protocol handler: added flags fieldDaniel Stenberg
The protocol handler struct got a 'flags' field for special information and characteristics of the given protocol. This now enables us to move away central protocol information such as CLOSEACTION and DUALCHANNEL from single defines in a central place, out to each protocol's definition. It also made us stop abusing the protocol field for other info than the protocol, and we could start cleaning up other protocol-specific things by adding flags bits to set in the handler struct. The "protocol" field connectdata struct was removed as well and the code now refers directly to the conn->handler->protocol field instead. To make things work properly, the code now always store a conn->given pointer that points out the original handler struct so that the code can learn details from the original protocol even if conn->handler is modified along the way - for example when switching to go over a HTTP proxy.
2010-12-22SMTP: add brackets for MAIL FROMBrad Hards
Similar to what is done already for RCPT TO, the code now checks for and adds angle brackets (<>) around the email address that is provided for CURLOPT_MAIL_RCPT unless the app has done so itself.
2010-12-06url: provide dead_connection flag in Curl_handler::disconnectKamil Dudka
It helps to prevent a hangup with some FTP servers in case idle session timeout has exceeded. But it may be useful also for other protocols that send any quit message on disconnect. Currently used by FTP, POP3, IMAP and SMTP.
2010-12-03fix compiler warning: assignment within conditional expressionYang Tse
2010-12-01fix compiler warning: conversion may lose significant bitsYang Tse
2010-11-28atoi: remove atoi usageYang Tse
2010-10-11SMTP: debug output for no known auth mechanisms supportedDaniel Stenberg
... and some minor source code whitespace edits
2010-07-30smtp_connect: always provide host name bufferDaniel Stenberg
Previously the host name buffer was only used if gethostname() exists, but since we converted that into a curl private function that function always exists and will be used so the buffer needs to exist for all cases/systems.
2010-07-30NTLM tests: boost coverage by forcing the hostnameKamil Dudka
A shared library tests/libtest/.libs/lihostname.so is preloaded in NTLM test-cases to override the system implementation of gethostname(). It makes it possible to test the NTLM authentication for exact match, and this way test the implementation of MD4 and DES. If LD_PRELOAD doesn't work, a debug build willl also workk as debug builds are now made to prefer a specific environment variable and will then return that content as host name instead of the actual one. Kamil wrote the bulk of this, Daniel Stenberg polished it.
2010-07-29Changed comparison to match size_t var type.Guenter Knauf