1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00

imap: Moved the calculation of SASL login details into a separate function

This commit is contained in:
Steve Holme 2013-12-18 12:29:46 +00:00
parent da24fbbc00
commit 933e6c9d16

View File

@ -105,6 +105,10 @@ static CURLcode imap_sendf(struct connectdata *conn, const char *fmt, ...);
static CURLcode imap_parse_url_options(struct connectdata *conn);
static CURLcode imap_parse_url_path(struct connectdata *conn);
static CURLcode imap_parse_custom_request(struct connectdata *conn);
static CURLcode imap_calc_sasl_details(struct connectdata *conn,
const char **mech,
char **initresp, size_t *len,
imapstate *state1, imapstate *state2);
/*
* IMAP protocol handler.
@ -598,7 +602,6 @@ static CURLcode imap_perform_authenticate(struct connectdata *conn,
static CURLcode imap_perform_authentication(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
struct SessionHandle *data = conn->data;
struct imap_conn *imapc = &conn->proto.imapc;
const char *mech = NULL;
char *initresp = NULL;
@ -614,73 +617,9 @@ static CURLcode imap_perform_authentication(struct connectdata *conn)
return result;
}
/* Calculate the supported authentication mechanism, by decreasing order of
security, as well as the initial response where appropriate */
#ifndef CURL_DISABLE_CRYPTO_AUTH
if((imapc->authmechs & SASL_MECH_DIGEST_MD5) &&
(imapc->prefmech & SASL_MECH_DIGEST_MD5)) {
mech = SASL_MECH_STRING_DIGEST_MD5;
state1 = IMAP_AUTHENTICATE_DIGESTMD5;
imapc->authused = SASL_MECH_DIGEST_MD5;
}
else if((imapc->authmechs & SASL_MECH_CRAM_MD5) &&
(imapc->prefmech & SASL_MECH_CRAM_MD5)) {
mech = SASL_MECH_STRING_CRAM_MD5;
state1 = IMAP_AUTHENTICATE_CRAMMD5;
imapc->authused = SASL_MECH_CRAM_MD5;
}
else
#endif
#ifdef USE_NTLM
if((imapc->authmechs & SASL_MECH_NTLM) &&
(imapc->prefmech & SASL_MECH_NTLM)) {
mech = SASL_MECH_STRING_NTLM;
state1 = IMAP_AUTHENTICATE_NTLM;
state2 = IMAP_AUTHENTICATE_NTLM_TYPE2MSG;
imapc->authused = SASL_MECH_NTLM;
if(imapc->ir_supported || data->set.sasl_ir)
result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
&conn->ntlm,
&initresp, &len);
}
else
#endif
if(((imapc->authmechs & SASL_MECH_XOAUTH2) &&
(imapc->prefmech & SASL_MECH_XOAUTH2) &&
(imapc->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) {
mech = SASL_MECH_STRING_XOAUTH2;
state1 = IMAP_AUTHENTICATE_XOAUTH2;
state2 = IMAP_AUTHENTICATE_FINAL;
imapc->authused = SASL_MECH_XOAUTH2;
if(imapc->ir_supported || data->set.sasl_ir)
result = Curl_sasl_create_xoauth2_message(conn->data, conn->user,
conn->xoauth2_bearer,
&initresp, &len);
}
else if((imapc->authmechs & SASL_MECH_LOGIN) &&
(imapc->prefmech & SASL_MECH_LOGIN)) {
mech = SASL_MECH_STRING_LOGIN;
state1 = IMAP_AUTHENTICATE_LOGIN;
state2 = IMAP_AUTHENTICATE_LOGIN_PASSWD;
imapc->authused = SASL_MECH_LOGIN;
if(imapc->ir_supported || data->set.sasl_ir)
result = Curl_sasl_create_login_message(conn->data, conn->user,
&initresp, &len);
}
else if((imapc->authmechs & SASL_MECH_PLAIN) &&
(imapc->prefmech & SASL_MECH_PLAIN)) {
mech = SASL_MECH_STRING_PLAIN;
state1 = IMAP_AUTHENTICATE_PLAIN;
state2 = IMAP_AUTHENTICATE_FINAL;
imapc->authused = SASL_MECH_PLAIN;
if(imapc->ir_supported || data->set.sasl_ir)
result = Curl_sasl_create_plain_message(conn->data, conn->user,
conn->passwd, &initresp, &len);
}
/* Calculate the SASL login details */
result = imap_calc_sasl_details(conn, &mech, &initresp, &len, &state1,
&state2);
if(!result) {
if(mech && (imapc->preftype & IMAP_TYPE_SASL)) {
@ -2543,4 +2482,89 @@ static CURLcode imap_parse_custom_request(struct connectdata *conn)
return result;
}
/***********************************************************************
*
* imap_calc_sasl_details()
*
* Calculate the required login details for SASL authentication.
*/
static CURLcode imap_calc_sasl_details(struct connectdata *conn,
const char **mech,
char **initresp, size_t *len,
imapstate *state1, imapstate *state2)
{
CURLcode result = CURLE_OK;
struct SessionHandle *data = conn->data;
struct imap_conn *imapc = &conn->proto.imapc;
/* Calculate the supported authentication mechanism, by decreasing order of
security, as well as the initial response where appropriate */
#ifndef CURL_DISABLE_CRYPTO_AUTH
if((imapc->authmechs & SASL_MECH_DIGEST_MD5) &&
(imapc->prefmech & SASL_MECH_DIGEST_MD5)) {
*mech = SASL_MECH_STRING_DIGEST_MD5;
*state1 = IMAP_AUTHENTICATE_DIGESTMD5;
imapc->authused = SASL_MECH_DIGEST_MD5;
}
else if((imapc->authmechs & SASL_MECH_CRAM_MD5) &&
(imapc->prefmech & SASL_MECH_CRAM_MD5)) {
*mech = SASL_MECH_STRING_CRAM_MD5;
*state1 = IMAP_AUTHENTICATE_CRAMMD5;
imapc->authused = SASL_MECH_CRAM_MD5;
}
else
#endif
#ifdef USE_NTLM
if((imapc->authmechs & SASL_MECH_NTLM) &&
(imapc->prefmech & SASL_MECH_NTLM)) {
*mech = SASL_MECH_STRING_NTLM;
*state1 = IMAP_AUTHENTICATE_NTLM;
*state2 = IMAP_AUTHENTICATE_NTLM_TYPE2MSG;
imapc->authused = SASL_MECH_NTLM;
if(imapc->ir_supported || data->set.sasl_ir)
result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
&conn->ntlm,
initresp, len);
}
else
#endif
if(((imapc->authmechs & SASL_MECH_XOAUTH2) &&
(imapc->prefmech & SASL_MECH_XOAUTH2) &&
(imapc->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) {
*mech = SASL_MECH_STRING_XOAUTH2;
*state1 = IMAP_AUTHENTICATE_XOAUTH2;
*state2 = IMAP_AUTHENTICATE_FINAL;
imapc->authused = SASL_MECH_XOAUTH2;
if(imapc->ir_supported || data->set.sasl_ir)
result = Curl_sasl_create_xoauth2_message(data, conn->user,
conn->xoauth2_bearer,
initresp, len);
}
else if((imapc->authmechs & SASL_MECH_LOGIN) &&
(imapc->prefmech & SASL_MECH_LOGIN)) {
*mech = SASL_MECH_STRING_LOGIN;
*state1 = IMAP_AUTHENTICATE_LOGIN;
*state2 = IMAP_AUTHENTICATE_LOGIN_PASSWD;
imapc->authused = SASL_MECH_LOGIN;
if(imapc->ir_supported || data->set.sasl_ir)
result = Curl_sasl_create_login_message(data, conn->user, initresp, len);
}
else if((imapc->authmechs & SASL_MECH_PLAIN) &&
(imapc->prefmech & SASL_MECH_PLAIN)) {
*mech = SASL_MECH_STRING_PLAIN;
*state1 = IMAP_AUTHENTICATE_PLAIN;
*state2 = IMAP_AUTHENTICATE_FINAL;
imapc->authused = SASL_MECH_PLAIN;
if(imapc->ir_supported || data->set.sasl_ir)
result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd,
initresp, len);
}
return result;
}
#endif /* CURL_DISABLE_IMAP */