From 6da7dc026c14ad38ae9fe74f4b35de7a6437dff0 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Thu, 7 Feb 2013 21:06:53 +0000 Subject: imap: Added support for SASL-IR extension (Part 2) Modified imap_authenticate() to add support for sending the initial response with the AUTHENTICATE command, as per RFC4959. --- lib/imap.c | 51 +++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 41 insertions(+), 10 deletions(-) (limited to 'lib') diff --git a/lib/imap.c b/lib/imap.c index ebf04218a..d00a94a0d 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -523,19 +523,22 @@ static CURLcode imap_authenticate(struct connectdata *conn) CURLcode result = CURLE_OK; struct imap_conn *imapc = &conn->proto.imapc; const char *mech = NULL; - imapstate authstate = IMAP_STOP; + char *initresp = NULL; + size_t len = 0; + imapstate authstate1 = IMAP_STOP; + imapstate authstate2 = IMAP_STOP; /* Calculate the supported authentication mechanism by decreasing order of security */ #ifndef CURL_DISABLE_CRYPTO_AUTH if(imapc->authmechs & SASL_MECH_DIGEST_MD5) { mech = "DIGEST-MD5"; - authstate = IMAP_AUTHENTICATE_DIGESTMD5; + authstate1 = IMAP_AUTHENTICATE_DIGESTMD5; imapc->authused = SASL_MECH_DIGEST_MD5; } else if(imapc->authmechs & SASL_MECH_CRAM_MD5) { mech = "CRAM-MD5"; - authstate = IMAP_AUTHENTICATE_CRAMMD5; + authstate1 = IMAP_AUTHENTICATE_CRAMMD5; imapc->authused = SASL_MECH_CRAM_MD5; } else @@ -543,28 +546,56 @@ static CURLcode imap_authenticate(struct connectdata *conn) #ifdef USE_NTLM if(imapc->authmechs & SASL_MECH_NTLM) { mech = "NTLM"; - authstate = IMAP_AUTHENTICATE_NTLM; + authstate1 = IMAP_AUTHENTICATE_NTLM; + authstate2 = IMAP_AUTHENTICATE_NTLM_TYPE2MSG; imapc->authused = SASL_MECH_NTLM; + + if(imapc->ir_supported) + result = Curl_sasl_create_login_message(conn->data, conn->user, + &initresp, &len); } else #endif if(imapc->authmechs & SASL_MECH_LOGIN) { mech = "LOGIN"; - authstate = IMAP_AUTHENTICATE_LOGIN; + authstate1 = IMAP_AUTHENTICATE_LOGIN; + authstate2 = IMAP_AUTHENTICATE_LOGIN_PASSWD; imapc->authused = SASL_MECH_LOGIN; + + if(imapc->ir_supported) + result = Curl_sasl_create_plain_message(conn->data, conn->user, + conn->passwd, &initresp, &len); } else if(imapc->authmechs & SASL_MECH_PLAIN) { mech = "PLAIN"; - authstate = IMAP_AUTHENTICATE_PLAIN; + authstate1 = IMAP_AUTHENTICATE_PLAIN; + authstate2 = IMAP_AUTHENTICATE; imapc->authused = SASL_MECH_PLAIN; + + if(imapc->ir_supported) + result = Curl_sasl_create_plain_message(conn->data, conn->user, + conn->passwd, &initresp, &len); } + if(result) + return result; + if(mech) { - /* Perform SASL based authentication */ - result = imap_sendf(conn, "AUTHENTICATE %s", mech); + if(initresp) { + /* Perform SASL based authentication */ + result = imap_sendf(conn, "AUTHENTICATE %s %s", mech, initresp); - if(!result) - state(conn, authstate); + if(!result) + state(conn, authstate2); + } + else { + result = imap_sendf(conn, "AUTHENTICATE %s", mech); + + if(!result) + state(conn, authstate1); + } + + Curl_safefree(initresp); } else if(!imapc->login_disabled) /* Perform clear text authentication */ -- cgit v1.2.3