1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 16:18:48 -05:00
Commit Graph

225 Commits

Author SHA1 Message Date
Steve Holme
38dfe52559 pop3: Post authentication code tidy up
Corrected lines longer than 78 characters.

Changed POP3_AUTH_FINAL to POP3_AUTH to match SMTP code now that the
AUTH command is no longer sent on its own.

Introduced some comments in data sending functions.

Another attempt at trying to rational code and comment style.
2012-06-04 22:15:51 +01:00
Steve Holme
7759d10f36 pop3: Added support for sasl digest-md5 authentication 2012-06-04 21:50:16 +01:00
Steve Holme
e336bc7c42 pop3: Changed the sasl mechanism detection from auth to capa
Not all SASL enabled POP3 servers support the AUTH command on its own
when trying to detect the supported mechanisms. As such changed the
mechanism detection to use the CAPA command instead.
2012-06-04 19:09:45 +01:00
Steve Holme
8c0bfd3e0c pop3: Added support for sasl cram-md5 authentication 2012-06-03 19:13:16 +01:00
Steve Holme
3b8cf5bd14 pop3.c: Added conditional compilation for NTLM function calls
Added USE_NTLM condition compilation around the NTLM functions called
from pop3_statemach_act() introduced in commit 69f7156ad9.
2012-06-03 17:40:05 +01:00
Steve Holme
b5bb61ee69 pop3: Fixed an issue with changes introduced in commit c267c53017
Because pop3_endofresp() is called for each line of data yet is not
passed the line and line length, so we have to use the data pointed to
by pp->linestart_resp which contains the whole packet, the mechanisms
were being detected in one call yet the function would be called for
each line of data.

Using curl with verbose mode enabled would show that one line of data
would be received in response to the AUTH command, before the AUTH
<mechanism> command was sent to the server and then the next few lines
of the original AUTH command would be displayed before the response from
the AUTH <mechanism> command. This would then cause problems when
parsing the CRAM-MD5 challenge data as extra data was contained in the
buffer.

Changed the parsing so that each line is checked for the mechanisms
and the function returns FALSE until the whole of the AUTH response has
been processed.
2012-06-03 17:06:48 +01:00
Steve Holme
9c7016f560 pop3.c:Corrected typo in commit 69ba0da827 2012-06-02 23:12:07 +01:00
Steve Holme
69ba0da827 pop3: Fixed the issue of having to supply the user name for all requests
Previously it wasn't possible to connect to POP3 and not specify the
user name as a CURLE_ACCESS_DENIED error would be returned. This error
occurred because USER would be sent to the server with a blank user name
if no mailbox user was specified as the server would reply with -ERR.

This wasn't a problem prior to the 7.26.0 release but with the
introduction of custom commands the user and/or application developer
might want to issue a CAPA command without having to log in as a
specific mailbox user.

Additionally this fix won't send the newly introduced AUTH command if no
user name is specified.
2012-06-02 22:11:37 +01:00
Steve Holme
1fa2af5136 pop3.c: Small code tidy up
Corrected lines exceeding 78 characters.

Repositioned some comments and added extra clarity.
2012-06-02 21:38:55 +01:00
Steve Holme
69f7156ad9 pop3: Added support for sasl ntlm authentication 2012-06-02 11:55:58 +01:00
Steve Holme
2df6e6d9f8 pop3: Added support for sasl login authentication 2012-06-01 15:59:29 +01:00
Steve Holme
2c6d32b864 pop3: Added support for sasl plain text authentication 2012-05-31 20:45:53 +01:00
Steve Holme
7291c1f565 pop3: Introduced the continue response in pop3_endofresp() 2012-05-28 21:29:01 +01:00
Steve Holme
3fa0fbb816 pop3: Changed response code from O and E to + and -
The POP3 protocol doesn't really have the concept of error codes and
uses +, +OK and -ERR in response to commands to indicate continue,
success and error.

The AUTH command is one of those commands that requires multiple pieces
of data to be sent to the server where the server will respond with + as
part of the handshaking. This meant changing the values before
continuing with the next stage of adding authentication support.
2012-05-28 20:59:10 +01:00
Steve Holme
a9d798c4d5 pop3: Small code tidy up following authentication work so far
Changed the order of the state machine to match the order of actual
events.

Reworked some comments and function parameter positioning that I missed
the other day.
2012-05-28 20:21:52 +01:00
Daniel Stenberg
a7731673d0 pop3: remove variable-not-used warnings 2012-05-27 23:29:15 +02:00
Steve Holme
c267c53017 pop3: Added support for SASL based authentication mechanism detection
Added support for detecting the supported SASL authentication mechanisms
via the AUTH command. There are two ways of detecting them, either by
using the AUTH command, that will return -ERR if not supported or by
using the CAPA command which will return SASL and the list of mechanisms
if supported, not include SASL if SASL authentication is not supported
or -ERR if the CAPA command is not supported. As such it seems simpler
to use the AUTH command and fallback to normal clear text authentication
if the the command is not supported.

Additionally updated the test cases to return -ERR when the AUTH command
is encountered. Additional test cases will be added when support for the
individual authentication mechanisms is added.
2012-05-27 19:09:38 +01:00
Daniel Stenberg
dc454bd16b pop3: remove trailing whitespace 2012-05-27 14:08:46 +02:00
Steve Holme
c6495bccbf pop3: Code tidy up before the introduction of authentication code
Moved EOB definition into header file.

Switched the logic around in pop3_endofresp() to allow for the
introduction of auth-mechanism detection.

Repositioned second and third function variables where they will fit
within the 78 character line limit.

Tidied up some comments.
2012-05-27 10:54:13 +01:00
Steve Holme
15e1227ed4 pop3: Reworked the command sending and handling
Reworked the command sending from two specific LIST and RETR command
functions into a single command based function as well as the two
associated response handlers into a generic command handler.
2012-04-02 23:24:00 +01:00
Steve Holme
761c3c5446 pop3: Added support for additional pop3 commands
This feature allows the user to specify and use additional POP3
commands such as UIDL and DELE via libcurl's CURLOPT_CUSTOMREQUEST or
curl's -X command line option.
2012-03-31 18:46:22 +01:00
Steve Holme
982315573c pop3.c: Corrected problem with state() introduced in 01690ed2bc 2012-03-25 12:47:39 +01:00
Steve Holme
9f96e6da28 pop.c: Small code tidy up 2012-03-25 11:28:59 +01:00
Steve Holme
01690ed2bc pop3: Removed the need for the single message LIST command handler
Simplified the code to remove the need for a separate "LIST <msg id>"
command handler and state machine and instead use the LIST command
handler for both operations.
2012-03-25 11:21:59 +01:00
Steve Holme
2da89708ec pop3.c: Code policing and tidy up
Corrected character and line spacing and re-ordered list and retr
functions based on the order of their state machines.
2012-03-24 12:28:11 +00:00
Steve Holme
5c62a551c4 email: Moved server greeting responses into separate functions
Moved the server greeting response handling code from the statemach_act
functions to separate response functions. This makes the code simpler
to follow and provides consistency with the other responses that are
handled here.
2012-03-24 11:55:34 +00:00
Steve Holme
602a8a565c pop3.c: Fixed body data being written when CURLOPT_NOBODY is specified
Body data would be forwarded to the client application in both the RETR
and LIST commands even if CURLOPT_NOBODY was specified.
2012-03-24 00:09:38 +00:00
Daniel Stenberg
2764bf2c5b includes: remove inclusion of unused file http_proxy.h 2012-03-09 00:05:24 +01:00
Daniel Stenberg
41b0237834 CONNECT: made generically not per-protocol
Curl_protocol_connect() now does the tunneling through the HTTP proxy if
requested instead of letting each protocol specific connection function
do it.
2012-03-08 23:31:38 +01:00
Steve Holme
035ef06bda pop3.c: Fixed drop of final CRLF in EOB checking
Curl_pop3_write() would drop the final CRLF of a message as it was
considered part of the EOB as opposed to part of the message. Whilst
the EOB sequence needs to be searched for by the function only the
final 3 characters should be removed as per RFC-1939 section 3.

Reported by: Rich Gray
Bug: http://curl.haxx.se/mail/lib-2012-02/0051.html
2012-02-19 23:48:14 +01:00
Daniel Stenberg
75ca568fa1 URL sanitize: reject URLs containing bad data
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a
decoded manner now use the new Curl_urldecode() function to reject URLs
with embedded control codes (anything that is or decodes to a byte value
less than 32).

URLs containing such codes could easily otherwise be used to do harm and
allow users to do unintended actions with otherwise innocent tools and
applications. Like for example using a URL like
pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get
a mail and instead this would delete one.

This flaw is considered a security vulnerability: CVE-2012-0036

Security advisory at: http://curl.haxx.se/docs/adv_20120124.html

Reported by: Dan Fandrich
2012-01-24 08:54:26 +01:00
Steve Holme
db4f69ef06 Fixed use of CURLUSESSL_TRY for POP3 and IMAP based connections.
Fixed a problem in POP3 and IMAP where a connection would fail when
CURLUSESSL_TRY was specified for a server that didn't support
SSL/TLS connections rather than continuing.
2012-01-04 00:48:20 +01:00
Steve Holme
277022b2e4 Fixed incorrect error code being returned in STARTTLS
The STARTTLS response code in SMTP, POP3 and IMAP would return
CURLE_LOGIN_DENIED rather than CURLE_USE_SSL_FAILED when SSL/TLS
was not available on the server.

Reported by: Gokhan Sengun
Bug: http://curl.haxx.se/mail/lib-2012-01/0018.html
2012-01-04 00:47:58 +01:00
Yang Tse
b9b772fefe pop3.c: fix compiler warning variable may be used uninitialized 2011-12-13 15:58:02 +01:00
Steve Holme
bdb647814e POP3: fixed escaped dot not being striped out
Changed the eob detection to work across the whole of the buffer so that
lines that begin with a dot (which the server will have escaped) are
passed to the client application correctly.
2011-12-01 00:06:47 +01:00
Yang Tse
1038d0aa16 pop3.c: fix compiler warning 2011-11-29 20:28:49 +01:00
Daniel Stenberg
af64666434 POP3: detect when LIST returns no mails
By making sure the function can detect an "end of body" sequence
immediately on the first line, test 811 is now enabled.
2011-11-29 13:43:46 +01:00
Daniel Stenberg
dda815b776 POP3: fix end of body detection
Curl_pop3_write() now has a state machine that scans for the end of a
POP3 body so that the CR LF '.' CR LF sequence can come in everything
from one up to five subsequent packets.

Test case 810 is modified to use SLOWDOWN which makes the server pause
between each single byte and thus makes the POP3 body get sent to curl
basically one byte at a time.
2011-11-29 00:25:21 +01:00
Jonas Schnelli
2c905fd1f8 query-part: ignore the URI part for given protocols
By setting PROTOPT_NOURLQUERY in the protocol handler struct, the
protocol will get the "query part" of the URL cut off before the data is
handled by the protocol-specific code. This makes libcurl adhere to
RFC3986 section 2.2.

Test 1220 is added to verify a file:// URL with query-part.
2011-11-24 23:31:19 +01:00
Daniel Stenberg
93e57d0628 rename ftp_ssl: the struct field is used for many protocols
Now called 'use_ssl' instead, which better matches the current CURLOPT
name and since the option is used for all pingpong protocols (at least)
it makes sense to not use 'ftp' in the name.
2011-11-03 09:54:12 +01:00
Daniel Stenberg
d7934b8bd4 curl_multi_fdset: correct fdset with FTP PORT use
After a PORT has been issued, and the multi handle would switch to the
CURLM_STATE_DO_MORE state (which is unique for FTP), libcurl would
return the wrong fdset to wait for when curl_multi_fdset() is
called. The code would blindly assume that it was waiting for a connect
of the second connection, while that isn't true immediately after the
PORT command.

Also, the function multi.c:domore_getsock() was highly FTP-centric and
therefore ugly to keep in protocol-agnostic code. I solved this problem
by introducing a new function pointer in the Curl_handler struct called
domore_getsock() which is only called during the DOMORE state for
protocols that set that pointer.

The new ftp.c:ftp_domore_getsock() function now returns fdset info about
the control connection's command/response handling while such a state is
in use, and goes over to waiting for a writable second connection first
once the commands are done.

The original problem could be seen by running test 525 and checking the
time stamps in the FTP server log. I can verify that this fix at least
fixes this problem.

Bug: http://curl.haxx.se/mail/lib-2011-10/0250.html
Reported by: Gokhan Sengun
2011-10-21 23:36:54 +02:00
Yang Tse
a50210710a fix bool variables checking and assignment 2011-09-05 20:46:09 +02:00
Yang Tse
6b75d2c2df fix a bunch of MSVC compiler warnings 2011-09-03 16:07:09 +02:00
Daniel Stenberg
2d7c79af76 tcpconnect: follow-up commit after b998d95b
As I modified conn->bits.tcpconnect to become an array that holds one
bool for each potential connection all uses of that struct field must
index it correctly.
2011-08-19 23:39:56 +02:00
Yang Tse
f1586cb477 stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.h 2011-07-26 17:23:27 +02:00
Ori Avtalion
af6dcc92d5 [pop3] remove extra space in LIST command
Some servers, e.g. mail.bezeqint.net:110, consider it a syntax error
2011-06-21 18:12:05 +03:00
Daniel Stenberg
f0612f166a RTSP: convert protocol-specific checks to generic
Add a 'readwrite' function to the protocol handler struct and use that
for the extra readwrite functionality RTSP needs.
2011-05-05 16:27:03 +02:00
Daniel Stenberg
e34131db78 SSL: check for SSL, not specific protocols
Code cleanup to check less for protocols and more for the specific
relevant feature. Like if SSL is required.
2011-05-05 15:49:43 +02:00
Daniel Stenberg
889d1e973f whitespace cleanup: no space first in conditionals
"if(a)" is our style, not "if( a )"
2011-04-27 09:09:35 +02:00
Daniel Stenberg
b903186fa0 source cleanup: unify look, style and indent levels
By the use of a the new lib/checksrc.pl script that checks that our
basic source style rules are followed.
2011-04-27 09:09:35 +02:00
Fabian Keil
1702a2c08d Fix a couple of spelling errors in lib/
Found with codespell.
2011-04-21 07:55:53 -07:00
Daniel Stenberg
c828646f60 CURL_DOES_CONVERSIONS: cleanup
Massively reduce #ifdefs all over (23 #ifdef lines less so far)
Moved conversion-specific code to non-ascii.c
2011-04-20 00:50:07 +02:00
Ben Noordhuis
db59b6202d [pop3 starttls] PASS command was not sent after upgrade to TLS. 2011-04-05 13:38:31 +02:00
Ben Noordhuis
e7837bfd03 [pop3 starttls] the command to send is STLS, not STARTTLS. 2011-04-05 13:38:31 +02:00
Daniel Stenberg
02dbfa2192 http-proxy: move proxy code to http_proxy.c
The new http_proxy.* files now host HTTP proxy specific code (500+ lines
moved out from http.c), and as a consequence there is a macro introduced
for the Curl_proxyCONNECT() function so that code can use it without
actually supporting proxy (or HTTP) in builds.
2011-04-04 19:38:00 +02:00
Daniel Stenberg
3a87dd8b20 pop3: add state name in debug array
We have an array with the state names only built and used when built
debug enabled and this need to list all the states from the .h
2011-03-19 11:05:45 +01:00
Dan Fandrich
663a52c2f8 pop3: use Curl_safefree() to allow torture tests to succeed 2011-03-18 11:20:24 -07:00
Daniel Stenberg
0c05ee3a33 pop3: remove unused variable 2011-03-18 09:18:22 +01:00
Dan Fandrich
ef1c18b952 Added support for LISTing a single POP3 message
Added tests for a number of POP3 LIST operations, including one
that shows a curl problem when listing no messages, so is
disabled.
2011-03-17 16:59:30 -07:00
Dan Fandrich
409867e62b pop3: fixed memory leak in an error retrieval case 2011-03-17 16:28:12 -07:00
Daniel Stenberg
cc228ea6f6 protocol handler cleanup: SSL awareness
As a follow-up to commit 8831000bc0: don't assume that the SSL powered
protocol alternatives are available.
2011-03-15 10:02:05 +01:00
Daniel Stenberg
13b64d7558 protocols: use CURLPROTO_ internally
The PROT_* set of internal defines for the protocols is no longer
used. We now use the same bits internally as we have defined in the
public header using the CURLPROTO_ prefix. This is for simplicity and
because the PROT_* prefix was already used duplicated internally for a
set of KRB4 values.

The PROTOPT_* defines were moved up to just below the struct definition
within which they are used.
2011-03-14 22:52:14 +01:00
Daniel Stenberg
8831000bc0 protocol handler: added flags field
The protocol handler struct got a 'flags' field for special information
and characteristics of the given protocol.

This now enables us to move away central protocol information such as
CLOSEACTION and DUALCHANNEL from single defines in a central place, out
to each protocol's definition. It also made us stop abusing the protocol
field for other info than the protocol, and we could start cleaning up
other protocol-specific things by adding flags bits to set in the
handler struct.

The "protocol" field connectdata struct was removed as well and the code
now refers directly to the conn->handler->protocol field instead. To
make things work properly, the code now always store a conn->given
pointer that points out the original handler struct so that the code can
learn details from the original protocol even if conn->handler is
modified along the way - for example when switching to go over a HTTP
proxy.
2011-03-14 22:22:22 +01:00
Kamil Dudka
5c7c9a768d url: provide dead_connection flag in Curl_handler::disconnect
It helps to prevent a hangup with some FTP servers in case idle session
timeout has exceeded.  But it may be useful also for other protocols
that send any quit message on disconnect.  Currently used by FTP, POP3,
IMAP and SMTP.
2010-12-06 14:35:42 +01:00
Dan Fandrich
04cfef24a1 Fixed some memory leaks in the POP3 torture tests 2010-05-19 12:18:06 -07:00
Daniel Stenberg
c0111460b0 Curl_setup_transfer: no longer returns anything
This function could only return CURLE_OK and by changing it to
a void instead, we can simplify code all over.
2010-04-16 23:43:04 +02:00
Daniel Stenberg
fa7341143a POP3: when USER command fails, don't even try PASS 2010-04-16 22:56:13 +02:00
Daniel Stenberg
d1837ad90a use (s)size_t for string lengths to fix compiler warns 2010-03-29 16:30:35 +02:00
Ben Greear
69ccc9f861 pop3: Get message listing if no mailbox in URL
If you pass a URL to pop3 that does not contain a message ID as
part of the URL, it will currently ask for 'INBOX' which just
causes the pop3 server to return an error.

The change makes libcurl treat en empty message ID as a request
for LIST (list of pop3 message IDs).  User's code could then
parse this and download individual messages as desired.
2010-03-28 23:49:00 +02:00
Daniel Stenberg
2309b4e330 remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
Yang Tse
715e3a806f Make Curl_pop3_write() additionally truncate trailing POP3_EOB from received
string buffer, otherwise Curl_client_write() call with zero size would write
to the end of string buffer including matched POP3_EOB.
2010-01-30 05:22:30 +00:00
Yang Tse
340ab2f87f make Curl_handler_*_proxy definition static 2010-01-25 23:41:02 +00:00
Yang Tse
3184a91ec8 VMS specific preprocessor symbol checking adjustments 2009-12-30 17:59:56 +00:00
Yang Tse
b0f548fb56 Fix compiler warnings 2009-12-14 14:02:43 +00:00
Daniel Stenberg
ec3bb8f727 introducing IMAP, POP3 and SMTP support (still lots of polish left to do) 2009-12-12 21:54:01 +00:00