pop3: Added support for sasl digest-md5 authentication
This commit is contained in:
parent
32ab3276ee
commit
7759d10f36
@ -15,6 +15,7 @@ This release includes the following changes:
|
||||
o pop3: Added support for sasl login authentication
|
||||
o pop3: Added support for sasl ntlm authentication
|
||||
o pop3: Added support for sasl cram-md5 authentication
|
||||
o pop3: Added support for sasl digest-md5 authentication
|
||||
|
||||
This release includes the following bugfixes:
|
||||
|
||||
@ -32,7 +33,7 @@ This release would not have looked like this without help, code, reports and
|
||||
advice from friends like these:
|
||||
|
||||
Anthony Bryan, Guenter Knauf, Kamil Dudka, Steve Holme, Tatsuhiro Tsujikawa,
|
||||
Yang Tse
|
||||
Yang Tse, Gokhan Sengun
|
||||
|
||||
Thanks! (and sorry if I forgot to mention someone)
|
||||
|
||||
|
82
lib/pop3.c
82
lib/pop3.c
@ -23,6 +23,7 @@
|
||||
* RFC2195 CRAM-MD5 authentication
|
||||
* RFC2384 POP URL Scheme
|
||||
* RFC2595 Using TLS with IMAP, POP3 and ACAP
|
||||
* RFC2831 DIGEST-MD5 authentication
|
||||
* RFC4616 PLAIN authentication
|
||||
*
|
||||
***************************************************************************/
|
||||
@ -315,6 +316,8 @@ static void state(struct connectdata *conn, pop3state newstate)
|
||||
"AUTH_LOGIN",
|
||||
"AUTH_LOGIN_PASSWD",
|
||||
"AUTH_CRAMMD5",
|
||||
"AUTH_DIGESTMD5",
|
||||
"AUTH_DIGESTMD5_RESP",
|
||||
"AUTH_NTLM",
|
||||
"AUTH_NTLM_TYPE2MSG",
|
||||
"AUTH_FINAL",
|
||||
@ -387,7 +390,12 @@ static CURLcode pop3_authenticate(struct connectdata *conn)
|
||||
/* Check supported authentication mechanisms by decreasing order of
|
||||
security */
|
||||
#ifndef CURL_DISABLE_CRYPTO_AUTH
|
||||
if(pop3c->authmechs & SASL_AUTH_CRAM_MD5) {
|
||||
if(pop3c->authmechs & SASL_AUTH_DIGEST_MD5) {
|
||||
mech = "DIGEST-MD5";
|
||||
authstate = POP3_AUTH_DIGESTMD5;
|
||||
pop3c->authused = SASL_AUTH_DIGEST_MD5;
|
||||
}
|
||||
else if(pop3c->authmechs & SASL_AUTH_CRAM_MD5) {
|
||||
mech = "CRAM-MD5";
|
||||
authstate = POP3_AUTH_CRAMMD5;
|
||||
pop3c->authused = SASL_AUTH_CRAM_MD5;
|
||||
@ -674,6 +682,70 @@ static CURLcode pop3_state_auth_cram_resp(struct connectdata *conn,
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/* For AUTH DIGEST-MD5 challenge responses */
|
||||
static CURLcode pop3_state_auth_digest_resp(struct connectdata *conn,
|
||||
int pop3code,
|
||||
pop3state instate)
|
||||
{
|
||||
CURLcode result = CURLE_OK;
|
||||
struct SessionHandle *data = conn->data;
|
||||
char *chlg64 = data->state.buffer;
|
||||
size_t len = 0;
|
||||
char *rplyb64 = NULL;
|
||||
|
||||
(void)instate; /* no use for this yet */
|
||||
|
||||
if(pop3code != '+') {
|
||||
failf(data, "Access denied: %d", pop3code);
|
||||
return CURLE_LOGIN_DENIED;
|
||||
}
|
||||
|
||||
/* Get the challenge */
|
||||
for(chlg64 += 2; *chlg64 == ' ' || *chlg64 == '\t'; chlg64++)
|
||||
;
|
||||
|
||||
result = Curl_sasl_create_digest_md5_message(data, chlg64, conn->user,
|
||||
conn->passwd, "pop",
|
||||
&rplyb64, &len);
|
||||
|
||||
if(!result) {
|
||||
if(rplyb64) {
|
||||
result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", rplyb64);
|
||||
|
||||
if(!result)
|
||||
state(conn, POP3_AUTH_DIGESTMD5_RESP);
|
||||
}
|
||||
|
||||
Curl_safefree(rplyb64);
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/* For AUTH DIGEST-MD5 challenge-response responses */
|
||||
static CURLcode pop3_state_auth_digest_resp_resp(struct connectdata *conn,
|
||||
int pop3code,
|
||||
pop3state instate)
|
||||
{
|
||||
CURLcode result = CURLE_OK;
|
||||
struct SessionHandle *data = conn->data;
|
||||
|
||||
(void)instate; /* no use for this yet */
|
||||
|
||||
if(pop3code != '+') {
|
||||
failf(data, "Authentication failed: %d", pop3code);
|
||||
result = CURLE_LOGIN_DENIED;
|
||||
}
|
||||
else {
|
||||
result = Curl_pp_sendf(&conn->proto.pop3c.pp, "");
|
||||
|
||||
if(!result)
|
||||
state(conn, POP3_AUTH_FINAL);
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef USE_NTLM
|
||||
@ -962,6 +1034,14 @@ static CURLcode pop3_statemach_act(struct connectdata *conn)
|
||||
case POP3_AUTH_CRAMMD5:
|
||||
result = pop3_state_auth_cram_resp(conn, pop3code, pop3c->state);
|
||||
break;
|
||||
|
||||
case POP3_AUTH_DIGESTMD5:
|
||||
result = pop3_state_auth_digest_resp(conn, pop3code, pop3c->state);
|
||||
break;
|
||||
|
||||
case POP3_AUTH_DIGESTMD5_RESP:
|
||||
result = pop3_state_auth_digest_resp_resp(conn, pop3code, pop3c->state);
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef USE_NTLM
|
||||
|
@ -35,6 +35,8 @@ typedef enum {
|
||||
POP3_AUTH_LOGIN,
|
||||
POP3_AUTH_LOGIN_PASSWD,
|
||||
POP3_AUTH_CRAMMD5,
|
||||
POP3_AUTH_DIGESTMD5,
|
||||
POP3_AUTH_DIGESTMD5_RESP,
|
||||
POP3_AUTH_NTLM,
|
||||
POP3_AUTH_NTLM_TYPE2MSG,
|
||||
POP3_AUTH_FINAL,
|
||||
|
Loading…
Reference in New Issue
Block a user