From 48043f87b60a74af22bfe66a2db3b105a946921c Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Wed, 18 Dec 2013 20:44:20 +0000 Subject: imap/pop3/smtp: Added support for SASL authentication downgrades Added support for downgrading the SASL authentication mechanism when the decoding of CRAM-MD5, DIGEST-MD5 and NTLM messages fails. This enhances the previously added support for graceful cancellation by allowing the client to retry a lesser SASL mechanism such as LOGIN or PLAIN, or even APOP / clear text (in the case of POP3 and IMAP) when supported by the server. --- lib/smtp.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) (limited to 'lib/smtp.c') diff --git a/lib/smtp.c b/lib/smtp.c index 07fec11f9..f35f7537e 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -1189,14 +1189,41 @@ static CURLcode smtp_state_auth_cancel_resp(struct connectdata *conn, int smtpcode, smtpstate instate) { + CURLcode result = CURLE_OK; struct SessionHandle *data = conn->data; + struct smtp_conn *smtpc = &conn->proto.smtpc; + const char *mech = NULL; + char *initresp = NULL; + size_t len = 0; + smtpstate state1 = SMTP_STOP; + smtpstate state2 = SMTP_STOP; (void)smtpcode; (void)instate; /* no use for this yet */ - failf(data, "Authentication cancelled"); + /* Remove the offending mechanism from the supported list */ + smtpc->authmechs ^= smtpc->authused; + + /* Calculate alternative SASL login details */ + result = smtp_calc_sasl_details(conn, &mech, &initresp, &len, &state1, + &state2); - return CURLE_LOGIN_DENIED; + if(!result) { + /* Do we have any mechanisms left? */ + if(mech) { + /* Retry SASL based authentication */ + result = smtp_perform_auth(conn, mech, initresp, len, state1, state2); + + Curl_safefree(initresp); + } + else { + failf(data, "Authentication cancelled"); + + result = CURLE_LOGIN_DENIED; + } + } + + return result; } /* For final responses in the AUTH sequence */ -- cgit v1.2.3