imap: Added support for sasl cram-md5 authentication

diff --git a/lib/imap.c b/lib/imap.c
index c69295d71747912b8a4f0e776e61ed9876d6d09e..045bde033f5faff7072aad84d3d2ae29de96c56e 100644 (file)
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -18,6 +18,7 @@
  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  * KIND, either express or implied.
  *
+ * RFC2195 CRAM-MD5 authentication
  * RFC2222 Simple Authentication and Security Layer (SASL)
  * RFC3501 IMAPv4 protocol
  * RFC4616 PLAIN authentication
@@ -435,6 +436,7 @@ static void state(struct connectdata *conn,
     "AUTHENTICATE_PLAIN",
     "AUTHENTICATE_LOGIN",
     "AUTHENTICATE_LOGIN_PASSWD",
+    "AUTHENTICATE_CRAMMD5",
     "AUTHENTICATE_NTLM",
     "AUTHENTICATE_NTLM_TYPE2MSG",
     "AUTHENTICATE",
@@ -515,6 +517,14 @@ static CURLcode imap_authenticate(struct connectdata *conn)
 
   /* Check supported authentication mechanisms by decreasing order of
      security */
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+  if(imapc->authmechs & SASL_MECH_CRAM_MD5) {
+    mech = "CRAM-MD5";
+    authstate = IMAP_AUTHENTICATE_CRAMMD5;
+    imapc->authused = SASL_MECH_CRAM_MD5;
+  }
+  else
+#endif
 #ifdef USE_NTLM
   if(imapc->authmechs & SASL_MECH_NTLM) {
     mech = "NTLM";
@@ -774,6 +784,61 @@ static CURLcode imap_state_auth_login_password_resp(struct connectdata *conn,
   return result;
 }
 
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+/* For AUTHENTICATE CRAM-MD5 responses */
+static CURLcode imap_state_auth_cram_resp(struct connectdata *conn,
+                                          int imapcode,
+                                          imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  char *chlg64 = data->state.buffer;
+  size_t len = 0;
+  char *rplyb64 = NULL;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != '+') {
+    failf(data, "Access denied: %d", imapcode);
+    return CURLE_LOGIN_DENIED;
+  }
+
+  /* Get the challenge */
+  for(chlg64 += 2; *chlg64 == ' ' || *chlg64 == '\t'; chlg64++)
+    ;
+
+  /* Terminate the challenge */
+  if(*chlg64 != '=') {
+    for(len = strlen(chlg64); len--;)
+      if(chlg64[len] != '\r' && chlg64[len] != '\n' && chlg64[len] != ' ' &&
+         chlg64[len] != '\t')
+        break;
+
+    if(++len) {
+      chlg64[len] = '\0';
+    }
+  }
+
+  /* Create the response message */
+  result = Curl_sasl_create_cram_md5_message(data, chlg64, conn->user,
+                                             conn->passwd, &rplyb64, &len);
+
+  /* Send the response */
+  if(!result) {
+    if(rplyb64) {
+      result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", rplyb64);
+
+      if(!result)
+        state(conn, IMAP_AUTHENTICATE);
+    }
+
+    Curl_safefree(rplyb64);
+  }
+
+  return result;
+}
+#endif
+
 #ifdef USE_NTLM
 /* For AUTHENTICATE NTLM responses */
 static CURLcode imap_state_auth_ntlm_resp(struct connectdata *conn,
@@ -1092,6 +1157,12 @@ static CURLcode imap_statemach_act(struct connectdata *conn)
                                                    imapc->state);
       break;
 
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+    case IMAP_AUTHENTICATE_CRAMMD5:
+      result = imap_state_auth_cram_resp(conn, imapcode, imapc->state);
+      break;
+#endif
+
 #ifdef USE_NTLM
     case IMAP_AUTHENTICATE_NTLM:
       result = imap_state_auth_ntlm_resp(conn, imapcode, imapc->state);

diff --git a/lib/imap.h b/lib/imap.h
index 19e595f2f63fe12a58332a88e2d7aa8234df4396..8fa4e0f620d96acaff97c3a2d3dcb6f325d404a4 100644 (file)
--- a/lib/imap.h
+++ b/lib/imap.h
@@ -38,6 +38,7 @@ typedef enum {
   IMAP_AUTHENTICATE_PLAIN,
   IMAP_AUTHENTICATE_LOGIN,
   IMAP_AUTHENTICATE_LOGIN_PASSWD,
+  IMAP_AUTHENTICATE_CRAMMD5,
   IMAP_AUTHENTICATE_NTLM,
   IMAP_AUTHENTICATE_NTLM_TYPE2MSG,
   IMAP_AUTHENTICATE,