imap: Fixed no known authentication mechanism when fallback is required

Fixed an issue where (lib)curl is compiled without support for a
supported challenge-response based SASL authentication mechanism, such
as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
mechanisms and (lib)curl doesn't fallback to Clear Text authentication.

Note: In order to fallback to Clear Text authentication properly this
fix adds support for the LOGINDISABLED server capability.
imap: Fixed no known authentication mechanism when fallback is required

Fixed an issue where (lib)curl is compiled without support for a
supported challenge-response based SASL authentication mechanism, such
as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
mechanisms and (lib)curl doesn't fallback to Clear Text authentication.

Note: In order to fallback to Clear Text authentication properly this
fix adds support for the LOGINDISABLED server capability.

Related bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
Reported by: Stanislav Ivochkin

diff --git a/lib/imap.c b/lib/imap.c
index 4191f5722c9f3b4feb22a4fcc82266df6bb95b1a..50930f7a4c8d14ce87d40ee2857c4295f2677bf5 100644 (file)
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -378,8 +378,12 @@ static int imap_endofresp(struct pingpong *pp, int *resp)
               line[wordlen] != '\n';)
           wordlen++;
 
+        /* Has the server explicitly disabled the LOGIN command? */
+        if(wordlen == 13 && !memcmp(line, "LOGINDISABLED", 13))
+          imapc->login_disabled = TRUE;
+
         /* Do we have an AUTH capability? */
-        if(wordlen > 5 && !memcmp(line, "AUTH=", 5)) {
+        else if(wordlen > 5 && !memcmp(line, "AUTH=", 5)) {
           line += 5;
           len -= 5;
           wordlen -= 5;
@@ -548,12 +552,8 @@ static CURLcode imap_authenticate(struct connectdata *conn)
     authstate = IMAP_AUTHENTICATE_PLAIN;
     imapc->authused = SASL_MECH_PLAIN;
   }
-  else {
-    infof(conn->data, "No known authentication mechanisms supported!\n");
-    result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported */
-  }
 
-  if(!result) {
+  if(mech) {
     const char *str = getcmdid(conn);
 
     result = imap_sendf(conn, str, "%s AUTHENTICATE %s", str, mech);
@@ -561,6 +561,12 @@ static CURLcode imap_authenticate(struct connectdata *conn)
     if(!result)
       state(conn, authstate);
   }
+  else if(!imapc->login_disabled)
+    result = imap_state_login(conn);
+  else {
+    infof(conn->data, "No known authentication mechanisms supported!\n");
+    result = CURLE_LOGIN_DENIED; /* Other mechanisms not supported */
+  }
 
   return result;
 }
@@ -660,11 +666,10 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn,
                                            imapstate instate)
 {
   CURLcode result = CURLE_OK;
-  struct imap_conn *imapc = &conn->proto.imapc;
 
   (void)instate; /* no use for this yet */
 
-  if(imapcode == 'O' && imapc->authmechs)
+  if(imapcode == 'O')
     result = imap_authenticate(conn);
   else
     result = imap_state_login(conn);

diff --git a/lib/imap.h b/lib/imap.h
index c33cbed9349a2b4b641c64944d0b6bcd64bdabfe..533ee4a94f0645dee1c91bdc65d8c030168b3377 100644 (file)
--- a/lib/imap.h
+++ b/lib/imap.h
@@ -62,6 +62,7 @@ struct imap_conn {
   int cmdid;              /* Next command ID */
   const char *idstr;      /* String based response ID to wait for */
   bool ssldone;           /* Is connect() over SSL done? */
+  bool login_disabled;    /* LOGIN command explicitly disabled by server */
 };
 
 extern const struct Curl_handler Curl_handler_imap;