aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2012-06-04pop3: Changed the sasl mechanism detection from auth to capaSteve Holme
Not all SASL enabled POP3 servers support the AUTH command on its own when trying to detect the supported mechanisms. As such changed the mechanism detection to use the CAPA command instead.
2012-06-04sasl: Small code tidy upSteve Holme
Reworked variable names in Curl_sasl_create_cram_md5_message() to match those in Curl_sasl_create_digest_md5_message() as they are more appropriate.
2012-06-04sasl: Moved digest-md5 authentication message creation from smtp.cSteve Holme
Moved the digest-md5 message creation from smtp.c into the sasl module to allow for use by other modules such as pop3.
2012-06-04sasl: Small code tidy up before moving digest-md5 overSteve Holme
Correction of comments and variable names.
2012-06-03pop3: Added support for sasl cram-md5 authenticationSteve Holme
2012-06-03Curl_sasl_create_plain_message: remove TABDaniel Stenberg
2012-06-03sasl: Small code tidy upSteve Holme
Added some comments and removed an unreferenced variable.
2012-06-03pop3.c: Added conditional compilation for NTLM function callsSteve Holme
Added USE_NTLM condition compilation around the NTLM functions called from pop3_statemach_act() introduced in commit 69f7156ad96877.
2012-06-03sasl: Moved cram-md5 authentication message creation from smtp.cSteve Holme
Moved the cram-md5 message creation from smtp.c into the sasl module to allow for use by other modules such as pop3.
2012-06-03pop3: Fixed an issue with changes introduced in commit c267c53017bcSteve Holme
Because pop3_endofresp() is called for each line of data yet is not passed the line and line length, so we have to use the data pointed to by pp->linestart_resp which contains the whole packet, the mechanisms were being detected in one call yet the function would be called for each line of data. Using curl with verbose mode enabled would show that one line of data would be received in response to the AUTH command, before the AUTH <mechanism> command was sent to the server and then the next few lines of the original AUTH command would be displayed before the response from the AUTH <mechanism> command. This would then cause problems when parsing the CRAM-MD5 challenge data as extra data was contained in the buffer. Changed the parsing so that each line is checked for the mechanisms and the function returns FALSE until the whole of the AUTH response has been processed.
2012-06-03sasl.c: Fix to avoid warnings introduced in commit d9ca9e9869e8Steve Holme
Applied a fix to avoid warnings on systems where Curl_ntlm_sspi_cleanup() is just a nop.
2012-06-02pop3.c:Corrected typo in commit 69ba0da8272dSteve Holme
2012-06-02pop3: Fixed the issue of having to supply the user name for all requestsSteve Holme
Previously it wasn't possible to connect to POP3 and not specify the user name as a CURLE_ACCESS_DENIED error would be returned. This error occurred because USER would be sent to the server with a blank user name if no mailbox user was specified as the server would reply with -ERR. This wasn't a problem prior to the 7.26.0 release but with the introduction of custom commands the user and/or application developer might want to issue a CAPA command without having to log in as a specific mailbox user. Additionally this fix won't send the newly introduced AUTH command if no user name is specified.
2012-06-02pop3.c: Small code tidy upSteve Holme
Corrected lines exceeding 78 characters. Repositioned some comments and added extra clarity.
2012-06-02sasl: Corrected variable names in comments and parametersSteve Holme
2012-06-02pop3: Added support for sasl ntlm authenticationSteve Holme
2012-06-02sasl: Small comment style tidy up following ntlm commitSteve Holme
2012-06-02sasl: Moved ntlm authentication message handling from smtp.cSteve Holme
Moved the ntlm message creation and decoding from smtp.c into the sasl module to allow for use by other modules such as pop3.
2012-06-01pop3: Added support for sasl login authenticationSteve Holme
2012-05-31sasl: Moved login authentication message creation from smtp.cSteve Holme
Moved the login message creation from smtp.c into the sasl module to allow for use by other modules such as pop3.
2012-05-31smtp.c: Reworked message encoding in smtp_state_authpasswd_resp()Steve Holme
Rather than encoding the password message itself the smtp_state_authpasswd_resp() function now delegates the work to the same function that smtp_state_authlogin_resp() and smtp_authenticate() use when constructing the encoded user name.
2012-05-31smtp.c: Re-factored smtp_auth_login_user() for use with passwordsSteve Holme
In preparation for moving to the SASL module re-factored the smtp_auth_login_user() function to smtp_auth_login() so that it can be used for both user names and passwords as sending both of these under the login authentication mechanism is the same.
2012-05-31pop3: Added support for sasl plain text authenticationSteve Holme
2012-05-30curl_ntlm_msgs.c: Corrected small spelling mistake in commentsSteve Holme
2012-05-30sasl: Moved plain text authentication message creation from smtp.cSteve Holme
Moved the plain text message creation from smtp.c into the sasl module to allow for use by other modules such as pop3.
2012-05-28pop3: Introduced the continue response in pop3_endofresp()Steve Holme
2012-05-28pop3: Changed response code from O and E to + and -Steve Holme
The POP3 protocol doesn't really have the concept of error codes and uses +, +OK and -ERR in response to commands to indicate continue, success and error. The AUTH command is one of those commands that requires multiple pieces of data to be sent to the server where the server will respond with + as part of the handshaking. This meant changing the values before continuing with the next stage of adding authentication support.
2012-05-28pop3: Small code tidy up following authentication work so farSteve Holme
Changed the order of the state machine to match the order of actual events. Reworked some comments and function parameter positioning that I missed the other day.
2012-05-28nss: use human-readable error messages provided by NSSKamil Dudka
Bug: http://lists.baseurl.org/pipermail/yum-devel/2012-January/009002.html
2012-05-27pop3: remove variable-not-used warningsDaniel Stenberg
2012-05-27pop3: Added support for SASL based authentication mechanism detectionSteve Holme
Added support for detecting the supported SASL authentication mechanisms via the AUTH command. There are two ways of detecting them, either by using the AUTH command, that will return -ERR if not supported or by using the CAPA command which will return SASL and the list of mechanisms if supported, not include SASL if SASL authentication is not supported or -ERR if the CAPA command is not supported. As such it seems simpler to use the AUTH command and fallback to normal clear text authentication if the the command is not supported. Additionally updated the test cases to return -ERR when the AUTH command is encountered. Additional test cases will be added when support for the individual authentication mechanisms is added.
2012-05-27pop3: remove trailing whitespaceDaniel Stenberg
2012-05-27pop3: Code tidy up before the introduction of authentication codeSteve Holme
Moved EOB definition into header file. Switched the logic around in pop3_endofresp() to allow for the introduction of auth-mechanism detection. Repositioned second and third function variables where they will fit within the 78 character line limit. Tidied up some comments.
2012-05-27Try to detect OpenSSL build type automatically.Guenter Knauf
2012-05-25sasl: Re-factored auth-mechanism constants to be more genericSteve Holme
2012-05-25smtp: Moved auth-mechanism constants into a separate header fileSteve Holme
Move the SMTP_AUTH constants into a separate header file in preparation for adding SASL based authentication to POP3 as the two protocols will need to share them.
2012-05-25nss: avoid using explicit casts of code pointersKamil Dudka
2012-05-22smtp: Fixed an issue with the multi-interface always sending postdataSteve Holme
Due to the result code being reset to CURLE_OK when smtp_dophase_done() was called, postdata would incorrectly be sent to the server when the MAIL FROM or RCPT command was rejected. As such, libcurl would return the wrong result code from performing the operation and additionally set CURLINFO_RESPONSE_CODE to be that returned by the postdata command. Bug: http://curl.haxx.se/mail/lib-2012-05/0108.html Reported by: Gokhan Sengun
2012-05-22Fixed compile error with GNUTLS+NETTLETatsuhiro Tsujikawa
In nettle/md5.h, md5_init and md5_update are defined as macros to nettle_md5_init and nettle_md5_update respectively. This causes error when using MD5_params.md5_init and md5_update. This patch renames these members as md5_init_func and md5_update_func to avoid name conflict. For completeness, MD5_params.md5_final was also renamed as md5_final_func. The changes in curl_ntlm_core.c is conversion error and fixed by casting to proper type.
2012-05-22Updated dependency libary versions.Guenter Knauf
2012-05-17smtp: Fixed non-escaping of dot character at beginning of lineSteve Holme
A dot character at the beginning of a line would not be escaped to a double dot as required by RFC-2821, instead it would be deleted by the mail server. Please see section 4.5.2 of the RFC for more information. Note: This fix also simplifies the detection of repeated CRLF.CRLF combinations, such as CRLF.CRLF.CRLF, a little rather than having to advance the eob counter to 2.
2012-05-02MD5: OOM fixGokhan Sengun
check whether md5 initialization succeeded before updating digest of buffers onto it
2012-04-26Updated dependency lib versions.Guenter Knauf
2012-04-23URL parse: reject numerical IPv6 addresses outside bracketsDaniel Stenberg
Roman Mamedov spotted (in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126) that curl would not complain when given a URL with an IPv6 numerical address without brackets. It would simply cut off the last ":[hex]" part and thus not work correctly. That's a URL using an illegal syntax and now libcurl will instead return a clear error code and error message detailing the error. The above mentioned bug report claims this to be a regression but libcurl does not guarantee functionality when given URLs that aren't following the URL spec (RFC3986 mostly). I consider the fact that it used to handle this differently a mere coincidence.
2012-04-23Curl_MD5_init: fix OOM memory leakDaniel Stenberg
Bug: http://curl.haxx.se/mail/lib-2012-04/0246.html Reported by: Michael Mueller
2012-04-23OpenSSL cert: provide more details when cert check failsGokhan Sengun
curl needs to be more chatty regarding certificate verification failure during SSL handshake
2012-04-23Revert "sspi: Added version information"Yang Tse
This reverts commit 2976de480808119dae08fc6f52c8d75ba1aedb1a.
2012-04-23Revert "sspi - Small code tidy up"Yang Tse
This reverts commit 46cd5f1daddad3b3e542e6d93eee52e8bb9a8687.
2012-04-23Revert "Fixed 'extra tokens at end of #endif directive'."Yang Tse
This reverts commit 77172a242fc0c820f97eae39d0e3e0f265222fe6.
2012-04-23Revert "Fixed 'Trailing whitespace' found by checksrc."Yang Tse
This reverts commit 683bfa60ad0b52505947e59b03515e5f44378523.