From 79543caf908118d056353714ba2cb5c5348e20c2 Mon Sep 17 00:00:00 2001 From: Patrick Monnerat Date: Tue, 20 Jan 2015 17:33:05 +0100 Subject: SASL: common state engine for imap/pop3/smtp --- lib/imap.c | 838 +++++-------------------------------------------------------- 1 file changed, 64 insertions(+), 774 deletions(-) (limited to 'lib/imap.c') diff --git a/lib/imap.c b/lib/imap.c index 965efdf8a..c5c8e4aea 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -105,10 +105,12 @@ static CURLcode imap_sendf(struct connectdata *conn, const char *fmt, ...); static CURLcode imap_parse_url_options(struct connectdata *conn); static CURLcode imap_parse_url_path(struct connectdata *conn); static CURLcode imap_parse_custom_request(struct connectdata *conn); -static CURLcode imap_calc_sasl_details(struct connectdata *conn, - const char **mech, - char **initresp, size_t *len, - imapstate *state1, imapstate *state2); +static CURLcode imap_perform_authenticate(struct connectdata *conn, + const char *mech, + const char *initresp); +static CURLcode imap_continue_authenticate(struct connectdata *conn, + const char *resp); +static void imap_get_message(char *buffer, char** outptr); /* * IMAP protocol handler. @@ -213,6 +215,18 @@ static const struct Curl_handler Curl_handler_imaps_proxy = { #endif #endif +/* SASL parameters for the imap protocol */ +static const struct SASLproto saslimap = { + "imap", /* The service name */ + '+', /* Code received when continuation is expected */ + 'O', /* Code to receive upon authentication success */ + 0, /* Maximum initial response length (no max) */ + imap_perform_authenticate, /* Send authentication command */ + imap_continue_authenticate, /* Send authentication continuation */ + imap_get_message /* Get SASL response message */ +}; + + #ifdef USE_SSL static void imap_to_imaps(struct connectdata *conn) { @@ -353,16 +367,7 @@ static bool imap_endofresp(struct connectdata *conn, char *line, size_t len, (len >= 2 && !memcmp("+ ", line, 2))) { switch(imapc->state) { /* States which are interested in continuation responses */ - case IMAP_AUTHENTICATE_PLAIN: - case IMAP_AUTHENTICATE_LOGIN: - case IMAP_AUTHENTICATE_LOGIN_PASSWD: - case IMAP_AUTHENTICATE_CRAMMD5: - case IMAP_AUTHENTICATE_DIGESTMD5: - case IMAP_AUTHENTICATE_DIGESTMD5_RESP: - case IMAP_AUTHENTICATE_NTLM: - case IMAP_AUTHENTICATE_NTLM_TYPE2MSG: - case IMAP_AUTHENTICATE_XOAUTH2: - case IMAP_AUTHENTICATE_FINAL: + case IMAP_AUTHENTICATE: case IMAP_APPEND: *resp = '+'; break; @@ -425,20 +430,7 @@ static void state(struct connectdata *conn, imapstate newstate) "CAPABILITY", "STARTTLS", "UPGRADETLS", - "AUTHENTICATE_PLAIN", - "AUTHENTICATE_LOGIN", - "AUTHENTICATE_LOGIN_PASSWD", - "AUTHENTICATE_CRAMMD5", - "AUTHENTICATE_DIGESTMD5", - "AUTHENTICATE_DIGESTMD5_RESP", - "AUTHENTICATE_NTLM", - "AUTHENTICATE_NTLM_TYPE2MSG", - "AUTHENTICATE_GSSAPI", - "AUTHENTICATE_GSSAPI_TOKEN", - "AUTHENTICATE_GSSAPI_NO_DATA", - "AUTHENTICATE_XOAUTH2", - "AUTHENTICATE_CANCEL", - "AUTHENTICATE_FINAL", + "AUTHENTICATE", "LOGIN", "LIST", "SELECT", @@ -576,29 +568,36 @@ static CURLcode imap_perform_login(struct connectdata *conn) */ static CURLcode imap_perform_authenticate(struct connectdata *conn, const char *mech, - const char *initresp, - imapstate state1, imapstate state2) + const char *initresp) { CURLcode result = CURLE_OK; if(initresp) { /* Send the AUTHENTICATE command with the initial response */ result = imap_sendf(conn, "AUTHENTICATE %s %s", mech, initresp); - - if(!result) - state(conn, state2); } else { /* Send the AUTHENTICATE command */ result = imap_sendf(conn, "AUTHENTICATE %s", mech); - - if(!result) - state(conn, state1); } return result; } +/*********************************************************************** + * + * imap_continue_authenticate() + * + * Sends SASL continuation data or cancellation. + */ +static CURLcode imap_continue_authenticate(struct connectdata *conn, + const char *resp) +{ + struct imap_conn *imapc = &conn->proto.imapc; + + return Curl_pp_sendf(&imapc->pp, "%s", resp); +} + /*********************************************************************** * * imap_perform_authentication() @@ -611,31 +610,22 @@ static CURLcode imap_perform_authentication(struct connectdata *conn) { CURLcode result = CURLE_OK; struct imap_conn *imapc = &conn->proto.imapc; - const char *mech = NULL; - char *initresp = NULL; - size_t len = 0; - imapstate state1 = IMAP_STOP; - imapstate state2 = IMAP_STOP; + saslprogress progress; /* Check we have a username and password to authenticate with and end the connect phase if we don't */ if(!conn->bits.user_passwd) { state(conn, IMAP_STOP); - return result; } /* Calculate the SASL login details */ - result = imap_calc_sasl_details(conn, &mech, &initresp, &len, &state1, - &state2); + result = Curl_sasl_start(&imapc->sasl, conn, imapc->ir_supported, &progress); if(!result) { - if(mech && (imapc->preftype & IMAP_TYPE_SASL)) { - /* Perform SASL based authentication */ - result = imap_perform_authenticate(conn, mech, initresp, state1, state2); - } - else if((!imapc->login_disabled) && - (imapc->preftype & IMAP_TYPE_CLEARTEXT)) + if(progress == SASL_INPROGRESS) + state(conn, IMAP_AUTHENTICATE); + else if(!imapc->login_disabled && (imapc->preftype & IMAP_TYPE_CLEARTEXT)) /* Perform clear text authentication */ result = imap_perform_login(conn); else { @@ -645,8 +635,6 @@ static CURLcode imap_perform_authentication(struct connectdata *conn) } } - Curl_safefree(initresp); - return result; } @@ -976,569 +964,36 @@ static CURLcode imap_state_starttls_resp(struct connectdata *conn, return result; } -/* For AUTHENTICATE PLAIN (without initial response) responses */ -static CURLcode imap_state_auth_plain_resp(struct connectdata *conn, - int imapcode, - imapstate instate) -{ - CURLcode result = CURLE_OK; - struct SessionHandle *data = conn->data; - size_t len = 0; - char *plainauth = NULL; - - (void)instate; /* no use for this yet */ - - if(imapcode != '+') { - failf(data, "Access denied. %c", imapcode); - result = CURLE_LOGIN_DENIED; - } - else { - /* Create the authorisation message */ - result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd, - &plainauth, &len); - if(!result && plainauth) { - /* Send the message */ - result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", plainauth); - - if(!result) - state(conn, IMAP_AUTHENTICATE_FINAL); - } - } - - Curl_safefree(plainauth); - - return result; -} - -/* For AUTHENTICATE LOGIN (without initial response) responses */ -static CURLcode imap_state_auth_login_resp(struct connectdata *conn, - int imapcode, - imapstate instate) -{ - CURLcode result = CURLE_OK; - struct SessionHandle *data = conn->data; - size_t len = 0; - char *authuser = NULL; - - (void)instate; /* no use for this yet */ - - if(imapcode != '+') { - failf(data, "Access denied: %d", imapcode); - result = CURLE_LOGIN_DENIED; - } - else { - /* Create the user message */ - result = Curl_sasl_create_login_message(data, conn->user, - &authuser, &len); - if(!result && authuser) { - /* Send the user */ - result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", authuser); - - if(!result) - state(conn, IMAP_AUTHENTICATE_LOGIN_PASSWD); - } - } - - Curl_safefree(authuser); - - return result; -} - -/* For AUTHENTICATE LOGIN user entry responses */ -static CURLcode imap_state_auth_login_password_resp(struct connectdata *conn, - int imapcode, - imapstate instate) -{ - CURLcode result = CURLE_OK; - struct SessionHandle *data = conn->data; - size_t len = 0; - char *authpasswd = NULL; - - (void)instate; /* no use for this yet */ - - if(imapcode != '+') { - failf(data, "Access denied: %d", imapcode); - result = CURLE_LOGIN_DENIED; - } - else { - /* Create the password message */ - result = Curl_sasl_create_login_message(data, conn->passwd, - &authpasswd, &len); - if(!result && authpasswd) { - /* Send the password */ - result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", authpasswd); - - if(!result) - state(conn, IMAP_AUTHENTICATE_FINAL); - } - } - - Curl_safefree(authpasswd); - - return result; -} - -#ifndef CURL_DISABLE_CRYPTO_AUTH -/* For AUTHENTICATE CRAM-MD5 responses */ -static CURLcode imap_state_auth_cram_resp(struct connectdata *conn, - int imapcode, - imapstate instate) -{ - CURLcode result = CURLE_OK; - struct SessionHandle *data = conn->data; - char *chlg = NULL; - char *chlg64 = NULL; - char *rplyb64 = NULL; - size_t len = 0; - - (void)instate; /* no use for this yet */ - - if(imapcode != '+') { - failf(data, "Access denied: %d", imapcode); - return CURLE_LOGIN_DENIED; - } - - /* Get the challenge message */ - imap_get_message(data->state.buffer, &chlg64); - - /* Decode the challenge message */ - result = Curl_sasl_decode_cram_md5_message(chlg64, &chlg, &len); - if(result) { - /* Send the cancellation */ - result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", "*"); - - if(!result) - state(conn, IMAP_AUTHENTICATE_CANCEL); - } - else { - /* Create the response message */ - result = Curl_sasl_create_cram_md5_message(data, chlg, conn->user, - conn->passwd, &rplyb64, &len); - if(!result && rplyb64) { - /* Send the response */ - result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", rplyb64); - - if(!result) - state(conn, IMAP_AUTHENTICATE_FINAL); - } - } - - Curl_safefree(chlg); - Curl_safefree(rplyb64); - - return result; -} - -/* For AUTHENTICATE DIGEST-MD5 challenge responses */ -static CURLcode imap_state_auth_digest_resp(struct connectdata *conn, - int imapcode, - imapstate instate) -{ - CURLcode result = CURLE_OK; - struct SessionHandle *data = conn->data; - char *chlg64 = NULL; - char *rplyb64 = NULL; - size_t len = 0; - - (void)instate; /* no use for this yet */ - - if(imapcode != '+') { - failf(data, "Access denied: %d", imapcode); - return CURLE_LOGIN_DENIED; - } - - /* Get the challenge message */ - imap_get_message(data->state.buffer, &chlg64); - - /* Create the response message */ - result = Curl_sasl_create_digest_md5_message(data, chlg64, - conn->user, conn->passwd, - "imap", &rplyb64, &len); - if(result) { - if(result == CURLE_BAD_CONTENT_ENCODING) { - /* Send the cancellation */ - result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", "*"); - - if(!result) - state(conn, IMAP_AUTHENTICATE_CANCEL); - } - } - else { - /* Send the response */ - result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", rplyb64); - - if(!result) - state(conn, IMAP_AUTHENTICATE_DIGESTMD5_RESP); - } - - Curl_safefree(rplyb64); - - return result; -} - -/* For AUTHENTICATE DIGEST-MD5 challenge-response responses */ -static CURLcode imap_state_auth_digest_resp_resp(struct connectdata *conn, - int imapcode, - imapstate instate) -{ - CURLcode result = CURLE_OK; - struct SessionHandle *data = conn->data; - - (void)instate; /* no use for this yet */ - - if(imapcode != '+') { - failf(data, "Authentication failed: %d", imapcode); - result = CURLE_LOGIN_DENIED; - } - else { - /* Send an empty response */ - result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", ""); - - if(!result) - state(conn, IMAP_AUTHENTICATE_FINAL); - } - - return result; -} -#endif - -#ifdef USE_NTLM -/* For AUTHENTICATE NTLM (without initial response) responses */ -static CURLcode imap_state_auth_ntlm_resp(struct connectdata *conn, - int imapcode, - imapstate instate) -{ - CURLcode result = CURLE_OK; - struct SessionHandle *data = conn->data; - size_t len = 0; - char *type1msg = NULL; - - (void)instate; /* no use for this yet */ - - if(imapcode != '+') { - failf(data, "Access denied: %d", imapcode); - result = CURLE_LOGIN_DENIED; - } - else { - /* Create the type-1 message */ - result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd, - &conn->ntlm, - &type1msg, &len); - if(!result && type1msg) { - /* Send the message */ - result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", type1msg); - - if(!result) - state(conn, IMAP_AUTHENTICATE_NTLM_TYPE2MSG); - } - } - - Curl_safefree(type1msg); - - return result; -} - -/* For NTLM type-2 responses (sent in reponse to our type-1 message) */ -static CURLcode imap_state_auth_ntlm_type2msg_resp(struct connectdata *conn, - int imapcode, - imapstate instate) -{ - CURLcode result = CURLE_OK; - struct SessionHandle *data = conn->data; - char *type2msg = NULL; - char *type3msg = NULL; - size_t len = 0; - - (void)instate; /* no use for this yet */ - - if(imapcode != '+') { - failf(data, "Access denied: %d", imapcode); - result = CURLE_LOGIN_DENIED; - } - else { - /* Get the challenge message */ - imap_get_message(data->state.buffer, &type2msg); - - /* Decode the type-2 message */ - result = Curl_sasl_decode_ntlm_type2_message(data, type2msg, &conn->ntlm); - if(result) { - /* Send the cancellation */ - result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", "*"); - - if(!result) - state(conn, IMAP_AUTHENTICATE_CANCEL); - } - else { - /* Create the type-3 message */ - result = Curl_sasl_create_ntlm_type3_message(data, conn->user, - conn->passwd, &conn->ntlm, - &type3msg, &len); - if(!result && type3msg) { - /* Send the message */ - result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", type3msg); - - if(!result) - state(conn, IMAP_AUTHENTICATE_FINAL); - } - } - } - - Curl_safefree(type3msg); - - return result; -} -#endif - -#if defined(USE_KERBEROS5) -/* For AUTHENTICATE GSSAPI (without initial response) responses */ -static CURLcode imap_state_auth_gssapi_resp(struct connectdata *conn, - int imapcode, - imapstate instate) -{ - CURLcode result = CURLE_OK; - struct SessionHandle *data = conn->data; - struct imap_conn *imapc = &conn->proto.imapc; - size_t len = 0; - char *respmsg = NULL; - - (void)instate; /* no use for this yet */ - - if(imapcode != '+') { - failf(data, "Access denied: %d", imapcode); - result = CURLE_LOGIN_DENIED; - } - else { - /* Create the initial response message */ - result = Curl_sasl_create_gssapi_user_message(data, conn->user, - conn->passwd, "imap", - imapc->sasl.mutual_auth, - NULL, &conn->krb5, - &respmsg, &len); - if(!result && respmsg) { - /* Send the message */ - result = Curl_pp_sendf(&imapc->pp, "%s", respmsg); - - if(!result) - state(conn, IMAP_AUTHENTICATE_GSSAPI_TOKEN); - } - } - - Curl_safefree(respmsg); - - return result; -} - -/* For AUTHENTICATE GSSAPI user token responses */ -static CURLcode imap_state_auth_gssapi_token_resp(struct connectdata *conn, - int imapcode, - imapstate instate) +/* For SASL authentication responses */ +static CURLcode imap_state_auth_resp(struct connectdata *conn, + int imapcode, + imapstate instate) { CURLcode result = CURLE_OK; struct SessionHandle *data = conn->data; struct imap_conn *imapc = &conn->proto.imapc; - char *chlgmsg = NULL; - char *respmsg = NULL; - size_t len = 0; + saslprogress progress; (void)instate; /* no use for this yet */ - if(imapcode != '+') { - failf(data, "Access denied: %d", imapcode); - result = CURLE_LOGIN_DENIED; - } - else { - /* Get the challenge message */ - imap_get_message(data->state.buffer, &chlgmsg); - - if(imapc->sasl.mutual_auth) - /* Decode the user token challenge and create the optional response - message */ - result = Curl_sasl_create_gssapi_user_message(data, NULL, NULL, NULL, - imapc->sasl.mutual_auth, - chlgmsg, &conn->krb5, - &respmsg, &len); - else - /* Decode the security challenge and create the response message */ - result = Curl_sasl_create_gssapi_security_message(data, chlgmsg, - &conn->krb5, - &respmsg, &len); - - if(result) { - if(result == CURLE_BAD_CONTENT_ENCODING) { - /* Send the cancellation */ - result = Curl_pp_sendf(&imapc->pp, "%s", "*"); - - if(!result) - state(conn, IMAP_AUTHENTICATE_CANCEL); - } - } - else { - /* Send the response */ - if(respmsg) - result = Curl_pp_sendf(&imapc->pp, "%s", respmsg); - else - result = Curl_pp_sendf(&imapc->pp, "%s", ""); - - if(!result) - state(conn, imapc->sasl.mutual_auth? IMAP_AUTHENTICATE_GSSAPI_NO_DATA: - IMAP_AUTHENTICATE_FINAL); - } - } - - Curl_safefree(respmsg); - - return result; -} - -/* For AUTHENTICATE GSSAPI no data responses */ -static CURLcode imap_state_auth_gssapi_no_data_resp(struct connectdata *conn, - int imapcode, - imapstate instate) -{ - CURLcode result = CURLE_OK; - struct SessionHandle *data = conn->data; - char *chlgmsg = NULL; - char *respmsg = NULL; - size_t len = 0; - - (void)instate; /* no use for this yet */ - - if(imapcode != '+') { - failf(data, "Access denied: %d", imapcode); - result = CURLE_LOGIN_DENIED; - } - else { - /* Get the challenge message */ - imap_get_message(data->state.buffer, &chlgmsg); - - /* Decode the security challenge and create the response message */ - result = Curl_sasl_create_gssapi_security_message(data, chlgmsg, - &conn->krb5, - &respmsg, &len); - if(result) { - if(result == CURLE_BAD_CONTENT_ENCODING) { - /* Send the cancellation */ - result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", "*"); - - if(!result) - state(conn, IMAP_AUTHENTICATE_CANCEL); - } - } - else { - /* Send the response */ - if(respmsg) { - result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", respmsg); - - if(!result) - state(conn, IMAP_AUTHENTICATE_FINAL); + result = Curl_sasl_continue(&imapc->sasl, conn, imapcode, &progress); + if(!result) + switch(progress) { + case SASL_DONE: + state(conn, IMAP_STOP); /* Authenticated */ + break; + case SASL_IDLE: /* No mechanism left after cancellation */ + if((!imapc->login_disabled) && (imapc->preftype & IMAP_TYPE_CLEARTEXT)) + /* Perform clear text authentication */ + result = imap_perform_login(conn); + else { + failf(data, "Authentication cancelled"); + result = CURLE_LOGIN_DENIED; } + break; + default: + break; } - } - - Curl_safefree(respmsg); - - return result; -} -#endif - -/* For AUTHENTICATE XOAUTH2 (without initial response) responses */ -static CURLcode imap_state_auth_xoauth2_resp(struct connectdata *conn, - int imapcode, - imapstate instate) -{ - CURLcode result = CURLE_OK; - struct SessionHandle *data = conn->data; - size_t len = 0; - char *xoauth = NULL; - - (void)instate; /* no use for this yet */ - - if(imapcode != '+') { - failf(data, "Access denied: %d", imapcode); - result = CURLE_LOGIN_DENIED; - } - else { - /* Create the authorisation message */ - result = Curl_sasl_create_xoauth2_message(conn->data, conn->user, - conn->xoauth2_bearer, - &xoauth, &len); - if(!result && xoauth) { - /* Send the message */ - result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", xoauth); - - if(!result) - state(conn, IMAP_AUTHENTICATE_FINAL); - } - } - - Curl_safefree(xoauth); - - return result; -} - -/* For AUTHENTICATE cancellation responses */ -static CURLcode imap_state_auth_cancel_resp(struct connectdata *conn, - int imapcode, - imapstate instate) -{ - CURLcode result = CURLE_OK; - struct SessionHandle *data = conn->data; - struct imap_conn *imapc = &conn->proto.imapc; - const char *mech = NULL; - char *initresp = NULL; - size_t len = 0; - imapstate state1 = IMAP_STOP; - imapstate state2 = IMAP_STOP; - - (void)imapcode; - (void)instate; /* no use for this yet */ - - /* Remove the offending mechanism from the supported list */ - imapc->sasl.authmechs ^= imapc->sasl.authused; - - /* Calculate alternative SASL login details */ - result = imap_calc_sasl_details(conn, &mech, &initresp, &len, &state1, - &state2); - - if(!result) { - /* Do we have any mechanisms left or can we fallback to clear text? */ - if(mech) { - /* Retry SASL based authentication */ - result = imap_perform_authenticate(conn, mech, initresp, state1, state2); - - Curl_safefree(initresp); - } - else if((!imapc->login_disabled) && - (imapc->preftype & IMAP_TYPE_CLEARTEXT)) - /* Perform clear text authentication */ - result = imap_perform_login(conn); - else { - failf(data, "Authentication cancelled"); - - result = CURLE_LOGIN_DENIED; - } - } - - return result; -} - -/* For final responses in the AUTHENTICATE sequence */ -static CURLcode imap_state_auth_final_resp(struct connectdata *conn, - int imapcode, - imapstate instate) -{ - CURLcode result = CURLE_OK; - struct SessionHandle *data = conn->data; - - (void)instate; /* no use for this yet */ - - if(imapcode != 'O') { - failf(data, "Authentication failed: %d", imapcode); - result = CURLE_LOGIN_DENIED; - } - else - /* End of connect phase */ - state(conn, IMAP_STOP); return result; } @@ -1862,69 +1317,8 @@ static CURLcode imap_statemach_act(struct connectdata *conn) result = imap_state_starttls_resp(conn, imapcode, imapc->state); break; - case IMAP_AUTHENTICATE_PLAIN: - result = imap_state_auth_plain_resp(conn, imapcode, imapc->state); - break; - - case IMAP_AUTHENTICATE_LOGIN: - result = imap_state_auth_login_resp(conn, imapcode, imapc->state); - break; - - case IMAP_AUTHENTICATE_LOGIN_PASSWD: - result = imap_state_auth_login_password_resp(conn, imapcode, - imapc->state); - break; - -#ifndef CURL_DISABLE_CRYPTO_AUTH - case IMAP_AUTHENTICATE_CRAMMD5: - result = imap_state_auth_cram_resp(conn, imapcode, imapc->state); - break; - - case IMAP_AUTHENTICATE_DIGESTMD5: - result = imap_state_auth_digest_resp(conn, imapcode, imapc->state); - break; - - case IMAP_AUTHENTICATE_DIGESTMD5_RESP: - result = imap_state_auth_digest_resp_resp(conn, imapcode, imapc->state); - break; -#endif - -#ifdef USE_NTLM - case IMAP_AUTHENTICATE_NTLM: - result = imap_state_auth_ntlm_resp(conn, imapcode, imapc->state); - break; - - case IMAP_AUTHENTICATE_NTLM_TYPE2MSG: - result = imap_state_auth_ntlm_type2msg_resp(conn, imapcode, - imapc->state); - break; -#endif - -#if defined(USE_KERBEROS5) - case IMAP_AUTHENTICATE_GSSAPI: - result = imap_state_auth_gssapi_resp(conn, imapcode, imapc->state); - break; - - case IMAP_AUTHENTICATE_GSSAPI_TOKEN: - result = imap_state_auth_gssapi_token_resp(conn, imapcode, imapc->state); - break; - - case IMAP_AUTHENTICATE_GSSAPI_NO_DATA: - result = imap_state_auth_gssapi_no_data_resp(conn, imapcode, - imapc->state); - break; -#endif - - case IMAP_AUTHENTICATE_XOAUTH2: - result = imap_state_auth_xoauth2_resp(conn, imapcode, imapc->state); - break; - - case IMAP_AUTHENTICATE_CANCEL: - result = imap_state_auth_cancel_resp(conn, imapcode, imapc->state); - break; - - case IMAP_AUTHENTICATE_FINAL: - result = imap_state_auth_final_resp(conn, imapcode, imapc->state); + case IMAP_AUTHENTICATE: + result = imap_state_auth_resp(conn, imapcode, imapc->state); break; case IMAP_LOGIN: @@ -2051,7 +1445,7 @@ static CURLcode imap_connect(struct connectdata *conn, bool *done) /* Set the default preferred authentication type and mechanism */ imapc->preftype = IMAP_TYPE_ANY; - Curl_sasl_init(&imapc->sasl); + Curl_sasl_init(&imapc->sasl, &saslimap); /* Initialise the pingpong layer */ Curl_pp_init(pp); @@ -2748,108 +2142,4 @@ static CURLcode imap_parse_custom_request(struct connectdata *conn) return result; } -/*********************************************************************** - * - * imap_calc_sasl_details() - * - * Calculate the required login details for SASL authentication. - */ -static CURLcode imap_calc_sasl_details(struct connectdata *conn, - const char **mech, - char **initresp, size_t *len, - imapstate *state1, imapstate *state2) -{ - CURLcode result = CURLE_OK; - struct SessionHandle *data = conn->data; - struct imap_conn *imapc = &conn->proto.imapc; - - /* Calculate the supported authentication mechanism, by decreasing order of - security, as well as the initial response where appropriate */ -#if defined(USE_KERBEROS5) - if((imapc->sasl.authmechs & SASL_MECH_GSSAPI) && - (imapc->sasl.prefmech & SASL_MECH_GSSAPI)) { - imapc->sasl.mutual_auth = FALSE; /* TODO: Calculate mutual auth. */ - - *mech = SASL_MECH_STRING_GSSAPI; - *state1 = IMAP_AUTHENTICATE_GSSAPI; - *state2 = IMAP_AUTHENTICATE_GSSAPI_TOKEN; - imapc->sasl.authused = SASL_MECH_GSSAPI; - - if(imapc->ir_supported || data->set.sasl_ir) - result = Curl_sasl_create_gssapi_user_message(data, conn->user, - conn->passwd, "imap", - imapc->sasl.mutual_auth, - NULL, &conn->krb5, - initresp, len); - } - else -#endif -#ifndef CURL_DISABLE_CRYPTO_AUTH - if((imapc->sasl.authmechs & SASL_MECH_DIGEST_MD5) && - (imapc->sasl.prefmech & SASL_MECH_DIGEST_MD5)) { - *mech = SASL_MECH_STRING_DIGEST_MD5; - *state1 = IMAP_AUTHENTICATE_DIGESTMD5; - imapc->sasl.authused = SASL_MECH_DIGEST_MD5; - } - else if((imapc->sasl.authmechs & SASL_MECH_CRAM_MD5) && - (imapc->sasl.prefmech & SASL_MECH_CRAM_MD5)) { - *mech = SASL_MECH_STRING_CRAM_MD5; - *state1 = IMAP_AUTHENTICATE_CRAMMD5; - imapc->sasl.authused = SASL_MECH_CRAM_MD5; - } - else -#endif -#ifdef USE_NTLM - if((imapc->sasl.authmechs & SASL_MECH_NTLM) && - (imapc->sasl.prefmech & SASL_MECH_NTLM)) { - *mech = SASL_MECH_STRING_NTLM; - *state1 = IMAP_AUTHENTICATE_NTLM; - *state2 = IMAP_AUTHENTICATE_NTLM_TYPE2MSG; - imapc->sasl.authused = SASL_MECH_NTLM; - - if(imapc->ir_supported || data->set.sasl_ir) - result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd, - &conn->ntlm, - initresp, len); - } - else -#endif - if(((imapc->sasl.authmechs & SASL_MECH_XOAUTH2) && - (imapc->sasl.prefmech & SASL_MECH_XOAUTH2) && - (imapc->sasl.prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) { - *mech = SASL_MECH_STRING_XOAUTH2; - *state1 = IMAP_AUTHENTICATE_XOAUTH2; - *state2 = IMAP_AUTHENTICATE_FINAL; - imapc->sasl.authused = SASL_MECH_XOAUTH2; - - if(imapc->ir_supported || data->set.sasl_ir) - result = Curl_sasl_create_xoauth2_message(data, conn->user, - conn->xoauth2_bearer, - initresp, len); - } - else if((imapc->sasl.authmechs & SASL_MECH_LOGIN) && - (imapc->sasl.prefmech & SASL_MECH_LOGIN)) { - *mech = SASL_MECH_STRING_LOGIN; - *state1 = IMAP_AUTHENTICATE_LOGIN; - *state2 = IMAP_AUTHENTICATE_LOGIN_PASSWD; - imapc->sasl.authused = SASL_MECH_LOGIN; - - if(imapc->ir_supported || data->set.sasl_ir) - result = Curl_sasl_create_login_message(data, conn->user, initresp, len); - } - else if((imapc->sasl.authmechs & SASL_MECH_PLAIN) && - (imapc->sasl.prefmech & SASL_MECH_PLAIN)) { - *mech = SASL_MECH_STRING_PLAIN; - *state1 = IMAP_AUTHENTICATE_PLAIN; - *state2 = IMAP_AUTHENTICATE_FINAL; - imapc->sasl.authused = SASL_MECH_PLAIN; - - if(imapc->ir_supported || data->set.sasl_ir) - result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd, - initresp, len); - } - - return result; -} - #endif /* CURL_DISABLE_IMAP */ -- cgit v1.2.3