1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at http://curl.haxx.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * RFC1734 POP3 Authentication
22 * RFC1939 POP3 protocol
23 * RFC2195 CRAM-MD5 authentication
24 * RFC2384 POP URL Scheme
25 * RFC2449 POP3 Extension Mechanism
26 * RFC2595 Using TLS with IMAP, POP3 and ACAP
27 * RFC2831 DIGEST-MD5 authentication
28 * RFC4422 Simple Authentication and Security Layer (SASL)
29 * RFC4616 PLAIN authentication
30 * RFC4752 The Kerberos V5 ("GSSAPI") SASL Mechanism
31 * RFC5034 POP3 SASL Authentication Mechanism
32 * RFC6749 OAuth 2.0 Authorization Framework
33 * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
34 *
35 ***************************************************************************/
36
37 #include "curl_setup.h"
38
39 #ifndef CURL_DISABLE_POP3
40
41 #ifdef HAVE_NETINET_IN_H
42 #include <netinet/in.h>
43 #endif
44 #ifdef HAVE_ARPA_INET_H
45 #include <arpa/inet.h>
46 #endif
47 #ifdef HAVE_UTSNAME_H
48 #include <sys/utsname.h>
49 #endif
50 #ifdef HAVE_NETDB_H
51 #include <netdb.h>
52 #endif
53 #ifdef __VMS
54 #include <in.h>
55 #include <inet.h>
56 #endif
57
58 #if (defined(NETWARE) && defined(__NOVELL_LIBC__))
59 #undef in_addr_t
60 #define in_addr_t unsigned long
61 #endif
62
63 #include <curl/curl.h>
64 #include "urldata.h"
65 #include "sendf.h"
66 #include "hostip.h"
67 #include "progress.h"
68 #include "transfer.h"
69 #include "escape.h"
70 #include "http.h" /* for HTTP proxy tunnel stuff */
71 #include "socks.h"
72 #include "pop3.h"
73
74 #include "strtoofft.h"
75 #include "strequal.h"
76 #include "vtls/vtls.h"
77 #include "connect.h"
78 #include "strerror.h"
79 #include "select.h"
80 #include "multiif.h"
81 #include "url.h"
82 #include "rawstr.h"
83 #include "curl_sasl.h"
84 #include "curl_md5.h"
85 #include "warnless.h"
86 #include "curl_printf.h"
87 #include "curl_memory.h"
88 /* The last #include file should be: */
89 #include "memdebug.h"
90
91 /* Local API functions */
92 static CURLcode pop3_regular_transfer(struct connectdata *conn, bool *done);
93 static CURLcode pop3_do(struct connectdata *conn, bool *done);
94 static CURLcode pop3_done(struct connectdata *conn, CURLcode status,
95 bool premature);
96 static CURLcode pop3_connect(struct connectdata *conn, bool *done);
97 static CURLcode pop3_disconnect(struct connectdata *conn, bool dead);
98 static CURLcode pop3_multi_statemach(struct connectdata *conn, bool *done);
99 static int pop3_getsock(struct connectdata *conn, curl_socket_t *socks,
100 int numsocks);
101 static CURLcode pop3_doing(struct connectdata *conn, bool *dophase_done);
102 static CURLcode pop3_setup_connection(struct connectdata *conn);
103 static CURLcode pop3_parse_url_options(struct connectdata *conn);
104 static CURLcode pop3_parse_url_path(struct connectdata *conn);
105 static CURLcode pop3_parse_custom_request(struct connectdata *conn);
106 static CURLcode pop3_perform_auth(struct connectdata *conn, const char *mech,
107 const char *initresp);
108 static CURLcode pop3_continue_auth(struct connectdata *conn, const char *resp);
109 static void pop3_get_message(char *buffer, char** outptr);
110
111 /*
112 * POP3 protocol handler.
113 */
114
115 const struct Curl_handler Curl_handler_pop3 = {
116 "POP3", /* scheme */
117 pop3_setup_connection, /* setup_connection */
118 pop3_do, /* do_it */
119 pop3_done, /* done */
120 ZERO_NULL, /* do_more */
121 pop3_connect, /* connect_it */
122 pop3_multi_statemach, /* connecting */
123 pop3_doing, /* doing */
124 pop3_getsock, /* proto_getsock */
125 pop3_getsock, /* doing_getsock */
126 ZERO_NULL, /* domore_getsock */
127 ZERO_NULL, /* perform_getsock */
128 pop3_disconnect, /* disconnect */
129 ZERO_NULL, /* readwrite */
130 PORT_POP3, /* defport */
131 CURLPROTO_POP3, /* protocol */
132 PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY /* flags */
133 };
134
135 #ifdef USE_SSL
136 /*
137 * POP3S protocol handler.
138 */
139
140 const struct Curl_handler Curl_handler_pop3s = {
141 "POP3S", /* scheme */
142 pop3_setup_connection, /* setup_connection */
143 pop3_do, /* do_it */
144 pop3_done, /* done */
145 ZERO_NULL, /* do_more */
146 pop3_connect, /* connect_it */
147 pop3_multi_statemach, /* connecting */
148 pop3_doing, /* doing */
149 pop3_getsock, /* proto_getsock */
150 pop3_getsock, /* doing_getsock */
151 ZERO_NULL, /* domore_getsock */
152 ZERO_NULL, /* perform_getsock */
153 pop3_disconnect, /* disconnect */
154 ZERO_NULL, /* readwrite */
155 PORT_POP3S, /* defport */
156 CURLPROTO_POP3S, /* protocol */
157 PROTOPT_CLOSEACTION | PROTOPT_SSL
158 | PROTOPT_NOURLQUERY /* flags */
159 };
160 #endif
161
162 #ifndef CURL_DISABLE_HTTP
163 /*
164 * HTTP-proxyed POP3 protocol handler.
165 */
166
167 static const struct Curl_handler Curl_handler_pop3_proxy = {
168 "POP3", /* scheme */
169 Curl_http_setup_conn, /* setup_connection */
170 Curl_http, /* do_it */
171 Curl_http_done, /* done */
172 ZERO_NULL, /* do_more */
173 ZERO_NULL, /* connect_it */
174 ZERO_NULL, /* connecting */
175 ZERO_NULL, /* doing */
176 ZERO_NULL, /* proto_getsock */
177 ZERO_NULL, /* doing_getsock */
178 ZERO_NULL, /* domore_getsock */
179 ZERO_NULL, /* perform_getsock */
180 ZERO_NULL, /* disconnect */
181 ZERO_NULL, /* readwrite */
182 PORT_POP3, /* defport */
183 CURLPROTO_HTTP, /* protocol */
184 PROTOPT_NONE /* flags */
185 };
186
187 #ifdef USE_SSL
188 /*
189 * HTTP-proxyed POP3S protocol handler.
190 */
191
192 static const struct Curl_handler Curl_handler_pop3s_proxy = {
193 "POP3S", /* scheme */
194 Curl_http_setup_conn, /* setup_connection */
195 Curl_http, /* do_it */
196 Curl_http_done, /* done */
197 ZERO_NULL, /* do_more */
198 ZERO_NULL, /* connect_it */
199 ZERO_NULL, /* connecting */
200 ZERO_NULL, /* doing */
201 ZERO_NULL, /* proto_getsock */
202 ZERO_NULL, /* doing_getsock */
203 ZERO_NULL, /* domore_getsock */
204 ZERO_NULL, /* perform_getsock */
205 ZERO_NULL, /* disconnect */
206 ZERO_NULL, /* readwrite */
207 PORT_POP3S, /* defport */
208 CURLPROTO_HTTP, /* protocol */
209 PROTOPT_NONE /* flags */
210 };
211 #endif
212 #endif
213
214 /* SASL parameters for the pop3 protocol */
215 static const struct SASLproto saslpop3 = {
216 "pop", /* The service name */
217 '+', /* Code received when continuation is expected */
218 '+', /* Code to receive upon authentication success */
219 255 - 8, /* Maximum initial response length (no max) */
220 pop3_perform_auth, /* Send authentication command */
221 pop3_continue_auth, /* Send authentication continuation */
222 pop3_get_message /* Get SASL response message */
223 };
224
225 #ifdef USE_SSL
pop3_to_pop3s(struct connectdata * conn)226 static void pop3_to_pop3s(struct connectdata *conn)
227 {
228 conn->handler = &Curl_handler_pop3s;
229 }
230 #else
231 #define pop3_to_pop3s(x) Curl_nop_stmt
232 #endif
233
234 /***********************************************************************
235 *
236 * pop3_endofresp()
237 *
238 * Checks for an ending POP3 status code at the start of the given string, but
239 * also detects the APOP timestamp from the server greeting and various
240 * capabilities from the CAPA response including the supported authentication
241 * types and allowed SASL mechanisms.
242 */
pop3_endofresp(struct connectdata * conn,char * line,size_t len,int * resp)243 static bool pop3_endofresp(struct connectdata *conn, char *line, size_t len,
244 int *resp)
245 {
246 struct pop3_conn *pop3c = &conn->proto.pop3c;
247
248 /* Do we have an error response? */
249 if(len >= 4 && !memcmp("-ERR", line, 4)) {
250 *resp = '-';
251
252 return TRUE;
253 }
254
255 /* Are we processing CAPA command responses? */
256 if(pop3c->state == POP3_CAPA) {
257 /* Do we have the terminating line? */
258 if(len >= 1 && !memcmp(line, ".", 1))
259 *resp = '+';
260 else
261 *resp = '*';
262
263 return TRUE;
264 }
265
266 /* Do we have a command or continuation response? */
267 if((len >= 3 && !memcmp("+OK", line, 3)) ||
268 (len >= 1 && !memcmp("+", line, 1))) {
269 *resp = '+';
270
271 return TRUE;
272 }
273
274 return FALSE; /* Nothing for us */
275 }
276
277 /***********************************************************************
278 *
279 * pop3_get_message()
280 *
281 * Gets the authentication message from the response buffer.
282 */
pop3_get_message(char * buffer,char ** outptr)283 static void pop3_get_message(char *buffer, char** outptr)
284 {
285 size_t len = 0;
286 char* message = NULL;
287
288 /* Find the start of the message */
289 for(message = buffer + 2; *message == ' ' || *message == '\t'; message++)
290 ;
291
292 /* Find the end of the message */
293 for(len = strlen(message); len--;)
294 if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
295 message[len] != '\t')
296 break;
297
298 /* Terminate the message */
299 if(++len) {
300 message[len] = '\0';
301 }
302
303 *outptr = message;
304 }
305
306 /***********************************************************************
307 *
308 * state()
309 *
310 * This is the ONLY way to change POP3 state!
311 */
state(struct connectdata * conn,pop3state newstate)312 static void state(struct connectdata *conn, pop3state newstate)
313 {
314 struct pop3_conn *pop3c = &conn->proto.pop3c;
315 #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
316 /* for debug purposes */
317 static const char * const names[] = {
318 "STOP",
319 "SERVERGREET",
320 "CAPA",
321 "STARTTLS",
322 "UPGRADETLS",
323 "AUTH",
324 "APOP",
325 "USER",
326 "PASS",
327 "COMMAND",
328 "QUIT",
329 /* LAST */
330 };
331
332 if(pop3c->state != newstate)
333 infof(conn->data, "POP3 %p state change from %s to %s\n",
334 (void *)pop3c, names[pop3c->state], names[newstate]);
335 #endif
336
337 pop3c->state = newstate;
338 }
339
340 /***********************************************************************
341 *
342 * pop3_perform_capa()
343 *
344 * Sends the CAPA command in order to obtain a list of server side supported
345 * capabilities.
346 */
pop3_perform_capa(struct connectdata * conn)347 static CURLcode pop3_perform_capa(struct connectdata *conn)
348 {
349 CURLcode result = CURLE_OK;
350 struct pop3_conn *pop3c = &conn->proto.pop3c;
351
352 pop3c->sasl.authmechs = SASL_AUTH_NONE; /* No known auth. mechanisms yet */
353 pop3c->sasl.authused = SASL_AUTH_NONE; /* Clear the auth. mechanism used */
354 pop3c->tls_supported = FALSE; /* Clear the TLS capability */
355
356 /* Send the CAPA command */
357 result = Curl_pp_sendf(&pop3c->pp, "%s", "CAPA");
358
359 if(!result)
360 state(conn, POP3_CAPA);
361
362 return result;
363 }
364
365 /***********************************************************************
366 *
367 * pop3_perform_starttls()
368 *
369 * Sends the STLS command to start the upgrade to TLS.
370 */
pop3_perform_starttls(struct connectdata * conn)371 static CURLcode pop3_perform_starttls(struct connectdata *conn)
372 {
373 CURLcode result = CURLE_OK;
374
375 /* Send the STLS command */
376 result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "STLS");
377
378 if(!result)
379 state(conn, POP3_STARTTLS);
380
381 return result;
382 }
383
384 /***********************************************************************
385 *
386 * pop3_perform_upgrade_tls()
387 *
388 * Performs the upgrade to TLS.
389 */
pop3_perform_upgrade_tls(struct connectdata * conn)390 static CURLcode pop3_perform_upgrade_tls(struct connectdata *conn)
391 {
392 CURLcode result = CURLE_OK;
393 struct pop3_conn *pop3c = &conn->proto.pop3c;
394
395 /* Start the SSL connection */
396 result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &pop3c->ssldone);
397
398 if(!result) {
399 if(pop3c->state != POP3_UPGRADETLS)
400 state(conn, POP3_UPGRADETLS);
401
402 if(pop3c->ssldone) {
403 pop3_to_pop3s(conn);
404 result = pop3_perform_capa(conn);
405 }
406 }
407
408 return result;
409 }
410
411 /***********************************************************************
412 *
413 * pop3_perform_user()
414 *
415 * Sends a clear text USER command to authenticate with.
416 */
pop3_perform_user(struct connectdata * conn)417 static CURLcode pop3_perform_user(struct connectdata *conn)
418 {
419 CURLcode result = CURLE_OK;
420
421 /* Check we have a username and password to authenticate with and end the
422 connect phase if we don't */
423 if(!conn->bits.user_passwd) {
424 state(conn, POP3_STOP);
425
426 return result;
427 }
428
429 /* Send the USER command */
430 result = Curl_pp_sendf(&conn->proto.pop3c.pp, "USER %s",
431 conn->user ? conn->user : "");
432 if(!result)
433 state(conn, POP3_USER);
434
435 return result;
436 }
437
438 #ifndef CURL_DISABLE_CRYPTO_AUTH
439 /***********************************************************************
440 *
441 * pop3_perform_apop()
442 *
443 * Sends an APOP command to authenticate with.
444 */
pop3_perform_apop(struct connectdata * conn)445 static CURLcode pop3_perform_apop(struct connectdata *conn)
446 {
447 CURLcode result = CURLE_OK;
448 struct pop3_conn *pop3c = &conn->proto.pop3c;
449 size_t i;
450 MD5_context *ctxt;
451 unsigned char digest[MD5_DIGEST_LEN];
452 char secret[2 * MD5_DIGEST_LEN + 1];
453
454 /* Check we have a username and password to authenticate with and end the
455 connect phase if we don't */
456 if(!conn->bits.user_passwd) {
457 state(conn, POP3_STOP);
458
459 return result;
460 }
461
462 /* Create the digest */
463 ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
464 if(!ctxt)
465 return CURLE_OUT_OF_MEMORY;
466
467 Curl_MD5_update(ctxt, (const unsigned char *) pop3c->apoptimestamp,
468 curlx_uztoui(strlen(pop3c->apoptimestamp)));
469
470 Curl_MD5_update(ctxt, (const unsigned char *) conn->passwd,
471 curlx_uztoui(strlen(conn->passwd)));
472
473 /* Finalise the digest */
474 Curl_MD5_final(ctxt, digest);
475
476 /* Convert the calculated 16 octet digest into a 32 byte hex string */
477 for(i = 0; i < MD5_DIGEST_LEN; i++)
478 snprintf(&secret[2 * i], 3, "%02x", digest[i]);
479
480 result = Curl_pp_sendf(&pop3c->pp, "APOP %s %s", conn->user, secret);
481
482 if(!result)
483 state(conn, POP3_APOP);
484
485 return result;
486 }
487 #endif
488
489 /***********************************************************************
490 *
491 * pop3_perform_auth()
492 *
493 * Sends an AUTH command allowing the client to login with the given SASL
494 * authentication mechanism.
495 */
pop3_perform_auth(struct connectdata * conn,const char * mech,const char * initresp)496 static CURLcode pop3_perform_auth(struct connectdata *conn,
497 const char *mech,
498 const char *initresp)
499 {
500 CURLcode result = CURLE_OK;
501 struct pop3_conn *pop3c = &conn->proto.pop3c;
502
503 if(initresp) { /* AUTH <mech> ...<crlf> */
504 /* Send the AUTH command with the initial response */
505 result = Curl_pp_sendf(&pop3c->pp, "AUTH %s %s", mech, initresp);
506 }
507 else {
508 /* Send the AUTH command */
509 result = Curl_pp_sendf(&pop3c->pp, "AUTH %s", mech);
510 }
511
512 return result;
513 }
514
515 /***********************************************************************
516 *
517 * pop3_continue_auth()
518 *
519 * Sends SASL continuation data or cancellation.
520 */
pop3_continue_auth(struct connectdata * conn,const char * resp)521 static CURLcode pop3_continue_auth(struct connectdata *conn,
522 const char *resp)
523 {
524 struct pop3_conn *pop3c = &conn->proto.pop3c;
525
526 return Curl_pp_sendf(&pop3c->pp, "%s", resp);
527 }
528
529 /***********************************************************************
530 *
531 * pop3_perform_authentication()
532 *
533 * Initiates the authentication sequence, with the appropriate SASL
534 * authentication mechanism, falling back to APOP and clear text should a
535 * common mechanism not be available between the client and server.
536 */
pop3_perform_authentication(struct connectdata * conn)537 static CURLcode pop3_perform_authentication(struct connectdata *conn)
538 {
539 CURLcode result = CURLE_OK;
540 struct pop3_conn *pop3c = &conn->proto.pop3c;
541 saslprogress progress = SASL_IDLE;
542
543 /* Check we have enough data to authenticate with and end the
544 connect phase if we don't */
545 if(!Curl_sasl_can_authenticate(&pop3c->sasl, conn)) {
546 state(conn, POP3_STOP);
547 return result;
548 }
549
550 if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_SASL) {
551 /* Calculate the SASL login details */
552 result = Curl_sasl_start(&pop3c->sasl, conn, FALSE, &progress);
553
554 if(!result)
555 if(progress == SASL_INPROGRESS)
556 state(conn, POP3_AUTH);
557 }
558
559 if(!result && progress == SASL_IDLE) {
560 #ifndef CURL_DISABLE_CRYPTO_AUTH
561 if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_APOP)
562 /* Perform APOP authentication */
563 result = pop3_perform_apop(conn);
564 else
565 #endif
566 if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_CLEARTEXT)
567 /* Perform clear text authentication */
568 result = pop3_perform_user(conn);
569 else {
570 /* Other mechanisms not supported */
571 infof(conn->data, "No known authentication mechanisms supported!\n");
572 result = CURLE_LOGIN_DENIED;
573 }
574 }
575
576 return result;
577 }
578
579 /***********************************************************************
580 *
581 * pop3_perform_command()
582 *
583 * Sends a POP3 based command.
584 */
pop3_perform_command(struct connectdata * conn)585 static CURLcode pop3_perform_command(struct connectdata *conn)
586 {
587 CURLcode result = CURLE_OK;
588 struct SessionHandle *data = conn->data;
589 struct POP3 *pop3 = data->req.protop;
590 const char *command = NULL;
591
592 /* Calculate the default command */
593 if(pop3->id[0] == '\0' || conn->data->set.ftp_list_only) {
594 command = "LIST";
595
596 if(pop3->id[0] != '\0')
597 /* Message specific LIST so skip the BODY transfer */
598 pop3->transfer = FTPTRANSFER_INFO;
599 }
600 else
601 command = "RETR";
602
603 /* Send the command */
604 if(pop3->id[0] != '\0')
605 result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s %s",
606 (pop3->custom && pop3->custom[0] != '\0' ?
607 pop3->custom : command), pop3->id);
608 else
609 result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s",
610 (pop3->custom && pop3->custom[0] != '\0' ?
611 pop3->custom : command));
612
613 if(!result)
614 state(conn, POP3_COMMAND);
615
616 return result;
617 }
618
619 /***********************************************************************
620 *
621 * pop3_perform_quit()
622 *
623 * Performs the quit action prior to sclose() be called.
624 */
pop3_perform_quit(struct connectdata * conn)625 static CURLcode pop3_perform_quit(struct connectdata *conn)
626 {
627 CURLcode result = CURLE_OK;
628
629 /* Send the QUIT command */
630 result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "QUIT");
631
632 if(!result)
633 state(conn, POP3_QUIT);
634
635 return result;
636 }
637
638 /* For the initial server greeting */
pop3_state_servergreet_resp(struct connectdata * conn,int pop3code,pop3state instate)639 static CURLcode pop3_state_servergreet_resp(struct connectdata *conn,
640 int pop3code,
641 pop3state instate)
642 {
643 CURLcode result = CURLE_OK;
644 struct SessionHandle *data = conn->data;
645 struct pop3_conn *pop3c = &conn->proto.pop3c;
646 const char *line = data->state.buffer;
647 size_t len = strlen(line);
648 size_t i;
649
650 (void)instate; /* no use for this yet */
651
652 if(pop3code != '+') {
653 failf(data, "Got unexpected pop3-server response");
654 result = CURLE_FTP_WEIRD_SERVER_REPLY;
655 }
656 else {
657 /* Does the server support APOP authentication? */
658 if(len >= 4 && line[len - 2] == '>') {
659 /* Look for the APOP timestamp */
660 for(i = 3; i < len - 2; ++i) {
661 if(line[i] == '<') {
662 /* Calculate the length of the timestamp */
663 size_t timestamplen = len - 1 - i;
664 if(!timestamplen)
665 break;
666
667 /* Allocate some memory for the timestamp */
668 pop3c->apoptimestamp = (char *)calloc(1, timestamplen + 1);
669
670 if(!pop3c->apoptimestamp)
671 break;
672
673 /* Copy the timestamp */
674 memcpy(pop3c->apoptimestamp, line + i, timestamplen);
675 pop3c->apoptimestamp[timestamplen] = '\0';
676
677 /* Store the APOP capability */
678 pop3c->authtypes |= POP3_TYPE_APOP;
679 break;
680 }
681 }
682 }
683
684 result = pop3_perform_capa(conn);
685 }
686
687 return result;
688 }
689
690 /* For CAPA responses */
pop3_state_capa_resp(struct connectdata * conn,int pop3code,pop3state instate)691 static CURLcode pop3_state_capa_resp(struct connectdata *conn, int pop3code,
692 pop3state instate)
693 {
694 CURLcode result = CURLE_OK;
695 struct SessionHandle *data = conn->data;
696 struct pop3_conn *pop3c = &conn->proto.pop3c;
697 const char *line = data->state.buffer;
698 size_t len = strlen(line);
699 size_t wordlen;
700
701 (void)instate; /* no use for this yet */
702
703 /* Do we have a untagged response? */
704 if(pop3code == '*') {
705 /* Does the server support the STLS capability? */
706 if(len >= 4 && !memcmp(line, "STLS", 4))
707 pop3c->tls_supported = TRUE;
708
709 /* Does the server support clear text authentication? */
710 else if(len >= 4 && !memcmp(line, "USER", 4))
711 pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
712
713 /* Does the server support SASL based authentication? */
714 else if(len >= 5 && !memcmp(line, "SASL ", 5)) {
715 pop3c->authtypes |= POP3_TYPE_SASL;
716
717 /* Advance past the SASL keyword */
718 line += 5;
719 len -= 5;
720
721 /* Loop through the data line */
722 for(;;) {
723 size_t llen;
724 unsigned int mechbit;
725
726 while(len &&
727 (*line == ' ' || *line == '\t' ||
728 *line == '\r' || *line == '\n')) {
729
730 line++;
731 len--;
732 }
733
734 if(!len)
735 break;
736
737 /* Extract the word */
738 for(wordlen = 0; wordlen < len && line[wordlen] != ' ' &&
739 line[wordlen] != '\t' && line[wordlen] != '\r' &&
740 line[wordlen] != '\n';)
741 wordlen++;
742
743 /* Test the word for a matching authentication mechanism */
744 if((mechbit = Curl_sasl_decode_mech(line, wordlen, &llen)) &&
745 llen == wordlen)
746 pop3c->sasl.authmechs |= mechbit;
747
748 line += wordlen;
749 len -= wordlen;
750 }
751 }
752 }
753 else if(pop3code == '+') {
754 if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
755 /* We don't have a SSL/TLS connection yet, but SSL is requested */
756 if(pop3c->tls_supported)
757 /* Switch to TLS connection now */
758 result = pop3_perform_starttls(conn);
759 else if(data->set.use_ssl == CURLUSESSL_TRY)
760 /* Fallback and carry on with authentication */
761 result = pop3_perform_authentication(conn);
762 else {
763 failf(data, "STLS not supported.");
764 result = CURLE_USE_SSL_FAILED;
765 }
766 }
767 else
768 result = pop3_perform_authentication(conn);
769 }
770 else {
771 /* Clear text is supported when CAPA isn't recognised */
772 pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
773
774 result = pop3_perform_authentication(conn);
775 }
776
777 return result;
778 }
779
780 /* For STARTTLS responses */
pop3_state_starttls_resp(struct connectdata * conn,int pop3code,pop3state instate)781 static CURLcode pop3_state_starttls_resp(struct connectdata *conn,
782 int pop3code,
783 pop3state instate)
784 {
785 CURLcode result = CURLE_OK;
786 struct SessionHandle *data = conn->data;
787
788 (void)instate; /* no use for this yet */
789
790 if(pop3code != '+') {
791 if(data->set.use_ssl != CURLUSESSL_TRY) {
792 failf(data, "STARTTLS denied. %c", pop3code);
793 result = CURLE_USE_SSL_FAILED;
794 }
795 else
796 result = pop3_perform_authentication(conn);
797 }
798 else
799 result = pop3_perform_upgrade_tls(conn);
800
801 return result;
802 }
803
804 /* For SASL authentication responses */
pop3_state_auth_resp(struct connectdata * conn,int pop3code,pop3state instate)805 static CURLcode pop3_state_auth_resp(struct connectdata *conn,
806 int pop3code,
807 pop3state instate)
808 {
809 CURLcode result = CURLE_OK;
810 struct SessionHandle *data = conn->data;
811 struct pop3_conn *pop3c = &conn->proto.pop3c;
812 saslprogress progress;
813
814 (void)instate; /* no use for this yet */
815
816 result = Curl_sasl_continue(&pop3c->sasl, conn, pop3code, &progress);
817 if(!result)
818 switch(progress) {
819 case SASL_DONE:
820 state(conn, POP3_STOP); /* Authenticated */
821 break;
822 case SASL_IDLE: /* No mechanism left after cancellation */
823 #ifndef CURL_DISABLE_CRYPTO_AUTH
824 if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_APOP)
825 /* Perform APOP authentication */
826 result = pop3_perform_apop(conn);
827 else
828 #endif
829 if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_CLEARTEXT)
830 /* Perform clear text authentication */
831 result = pop3_perform_user(conn);
832 else {
833 failf(data, "Authentication cancelled");
834 result = CURLE_LOGIN_DENIED;
835 }
836 break;
837 default:
838 break;
839 }
840
841 return result;
842 }
843
844 #ifndef CURL_DISABLE_CRYPTO_AUTH
845 /* For APOP responses */
pop3_state_apop_resp(struct connectdata * conn,int pop3code,pop3state instate)846 static CURLcode pop3_state_apop_resp(struct connectdata *conn, int pop3code,
847 pop3state instate)
848 {
849 CURLcode result = CURLE_OK;
850 struct SessionHandle *data = conn->data;
851
852 (void)instate; /* no use for this yet */
853
854 if(pop3code != '+') {
855 failf(data, "Authentication failed: %d", pop3code);
856 result = CURLE_LOGIN_DENIED;
857 }
858 else
859 /* End of connect phase */
860 state(conn, POP3_STOP);
861
862 return result;
863 }
864 #endif
865
866 /* For USER responses */
pop3_state_user_resp(struct connectdata * conn,int pop3code,pop3state instate)867 static CURLcode pop3_state_user_resp(struct connectdata *conn, int pop3code,
868 pop3state instate)
869 {
870 CURLcode result = CURLE_OK;
871 struct SessionHandle *data = conn->data;
872
873 (void)instate; /* no use for this yet */
874
875 if(pop3code != '+') {
876 failf(data, "Access denied. %c", pop3code);
877 result = CURLE_LOGIN_DENIED;
878 }
879 else
880 /* Send the PASS command */
881 result = Curl_pp_sendf(&conn->proto.pop3c.pp, "PASS %s",
882 conn->passwd ? conn->passwd : "");
883 if(!result)
884 state(conn, POP3_PASS);
885
886 return result;
887 }
888
889 /* For PASS responses */
pop3_state_pass_resp(struct connectdata * conn,int pop3code,pop3state instate)890 static CURLcode pop3_state_pass_resp(struct connectdata *conn, int pop3code,
891 pop3state instate)
892 {
893 CURLcode result = CURLE_OK;
894 struct SessionHandle *data = conn->data;
895
896 (void)instate; /* no use for this yet */
897
898 if(pop3code != '+') {
899 failf(data, "Access denied. %c", pop3code);
900 result = CURLE_LOGIN_DENIED;
901 }
902 else
903 /* End of connect phase */
904 state(conn, POP3_STOP);
905
906 return result;
907 }
908
909 /* For command responses */
pop3_state_command_resp(struct connectdata * conn,int pop3code,pop3state instate)910 static CURLcode pop3_state_command_resp(struct connectdata *conn,
911 int pop3code,
912 pop3state instate)
913 {
914 CURLcode result = CURLE_OK;
915 struct SessionHandle *data = conn->data;
916 struct POP3 *pop3 = data->req.protop;
917 struct pop3_conn *pop3c = &conn->proto.pop3c;
918 struct pingpong *pp = &pop3c->pp;
919
920 (void)instate; /* no use for this yet */
921
922 if(pop3code != '+') {
923 state(conn, POP3_STOP);
924 return CURLE_RECV_ERROR;
925 }
926
927 /* This 'OK' line ends with a CR LF pair which is the two first bytes of the
928 EOB string so count this is two matching bytes. This is necessary to make
929 the code detect the EOB if the only data than comes now is %2e CR LF like
930 when there is no body to return. */
931 pop3c->eob = 2;
932
933 /* But since this initial CR LF pair is not part of the actual body, we set
934 the strip counter here so that these bytes won't be delivered. */
935 pop3c->strip = 2;
936
937 if(pop3->transfer == FTPTRANSFER_BODY) {
938 /* POP3 download */
939 Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, NULL, -1, NULL);
940
941 if(pp->cache) {
942 /* The header "cache" contains a bunch of data that is actually body
943 content so send it as such. Note that there may even be additional
944 "headers" after the body */
945
946 if(!data->set.opt_no_body) {
947 result = Curl_pop3_write(conn, pp->cache, pp->cache_size);
948 if(result)
949 return result;
950 }
951
952 /* Free the cache */
953 Curl_safefree(pp->cache);
954
955 /* Reset the cache size */
956 pp->cache_size = 0;
957 }
958 }
959
960 /* End of DO phase */
961 state(conn, POP3_STOP);
962
963 return result;
964 }
965
pop3_statemach_act(struct connectdata * conn)966 static CURLcode pop3_statemach_act(struct connectdata *conn)
967 {
968 CURLcode result = CURLE_OK;
969 curl_socket_t sock = conn->sock[FIRSTSOCKET];
970 int pop3code;
971 struct pop3_conn *pop3c = &conn->proto.pop3c;
972 struct pingpong *pp = &pop3c->pp;
973 size_t nread = 0;
974
975 /* Busy upgrading the connection; right now all I/O is SSL/TLS, not POP3 */
976 if(pop3c->state == POP3_UPGRADETLS)
977 return pop3_perform_upgrade_tls(conn);
978
979 /* Flush any data that needs to be sent */
980 if(pp->sendleft)
981 return Curl_pp_flushsend(pp);
982
983 do {
984 /* Read the response from the server */
985 result = Curl_pp_readresp(sock, pp, &pop3code, &nread);
986 if(result)
987 return result;
988
989 if(!pop3code)
990 break;
991
992 /* We have now received a full POP3 server response */
993 switch(pop3c->state) {
994 case POP3_SERVERGREET:
995 result = pop3_state_servergreet_resp(conn, pop3code, pop3c->state);
996 break;
997
998 case POP3_CAPA:
999 result = pop3_state_capa_resp(conn, pop3code, pop3c->state);
1000 break;
1001
1002 case POP3_STARTTLS:
1003 result = pop3_state_starttls_resp(conn, pop3code, pop3c->state);
1004 break;
1005
1006 case POP3_AUTH:
1007 result = pop3_state_auth_resp(conn, pop3code, pop3c->state);
1008 break;
1009
1010 #ifndef CURL_DISABLE_CRYPTO_AUTH
1011 case POP3_APOP:
1012 result = pop3_state_apop_resp(conn, pop3code, pop3c->state);
1013 break;
1014 #endif
1015
1016 case POP3_USER:
1017 result = pop3_state_user_resp(conn, pop3code, pop3c->state);
1018 break;
1019
1020 case POP3_PASS:
1021 result = pop3_state_pass_resp(conn, pop3code, pop3c->state);
1022 break;
1023
1024 case POP3_COMMAND:
1025 result = pop3_state_command_resp(conn, pop3code, pop3c->state);
1026 break;
1027
1028 case POP3_QUIT:
1029 /* fallthrough, just stop! */
1030 default:
1031 /* internal error */
1032 state(conn, POP3_STOP);
1033 break;
1034 }
1035 } while(!result && pop3c->state != POP3_STOP && Curl_pp_moredata(pp));
1036
1037 return result;
1038 }
1039
1040 /* Called repeatedly until done from multi.c */
pop3_multi_statemach(struct connectdata * conn,bool * done)1041 static CURLcode pop3_multi_statemach(struct connectdata *conn, bool *done)
1042 {
1043 CURLcode result = CURLE_OK;
1044 struct pop3_conn *pop3c = &conn->proto.pop3c;
1045
1046 if((conn->handler->flags & PROTOPT_SSL) && !pop3c->ssldone) {
1047 result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &pop3c->ssldone);
1048 if(result || !pop3c->ssldone)
1049 return result;
1050 }
1051
1052 result = Curl_pp_statemach(&pop3c->pp, FALSE);
1053 *done = (pop3c->state == POP3_STOP) ? TRUE : FALSE;
1054
1055 return result;
1056 }
1057
pop3_block_statemach(struct connectdata * conn)1058 static CURLcode pop3_block_statemach(struct connectdata *conn)
1059 {
1060 CURLcode result = CURLE_OK;
1061 struct pop3_conn *pop3c = &conn->proto.pop3c;
1062
1063 while(pop3c->state != POP3_STOP && !result)
1064 result = Curl_pp_statemach(&pop3c->pp, TRUE);
1065
1066 return result;
1067 }
1068
1069 /* Allocate and initialize the POP3 struct for the current SessionHandle if
1070 required */
pop3_init(struct connectdata * conn)1071 static CURLcode pop3_init(struct connectdata *conn)
1072 {
1073 CURLcode result = CURLE_OK;
1074 struct SessionHandle *data = conn->data;
1075 struct POP3 *pop3;
1076
1077 pop3 = data->req.protop = calloc(sizeof(struct POP3), 1);
1078 if(!pop3)
1079 result = CURLE_OUT_OF_MEMORY;
1080
1081 return result;
1082 }
1083
1084 /* For the POP3 "protocol connect" and "doing" phases only */
pop3_getsock(struct connectdata * conn,curl_socket_t * socks,int numsocks)1085 static int pop3_getsock(struct connectdata *conn, curl_socket_t *socks,
1086 int numsocks)
1087 {
1088 return Curl_pp_getsock(&conn->proto.pop3c.pp, socks, numsocks);
1089 }
1090
1091 /***********************************************************************
1092 *
1093 * pop3_connect()
1094 *
1095 * This function should do everything that is to be considered a part of the
1096 * connection phase.
1097 *
1098 * The variable 'done' points to will be TRUE if the protocol-layer connect
1099 * phase is done when this function returns, or FALSE if not.
1100 */
pop3_connect(struct connectdata * conn,bool * done)1101 static CURLcode pop3_connect(struct connectdata *conn, bool *done)
1102 {
1103 CURLcode result = CURLE_OK;
1104 struct pop3_conn *pop3c = &conn->proto.pop3c;
1105 struct pingpong *pp = &pop3c->pp;
1106
1107 *done = FALSE; /* default to not done yet */
1108
1109 /* We always support persistent connections in POP3 */
1110 connkeep(conn, "POP3 default");
1111
1112 /* Set the default response time-out */
1113 pp->response_time = RESP_TIMEOUT;
1114 pp->statemach_act = pop3_statemach_act;
1115 pp->endofresp = pop3_endofresp;
1116 pp->conn = conn;
1117
1118 /* Set the default preferred authentication type and mechanism */
1119 pop3c->preftype = POP3_TYPE_ANY;
1120 Curl_sasl_init(&pop3c->sasl, &saslpop3);
1121
1122 /* Initialise the pingpong layer */
1123 Curl_pp_init(pp);
1124
1125 /* Parse the URL options */
1126 result = pop3_parse_url_options(conn);
1127 if(result)
1128 return result;
1129
1130 /* Start off waiting for the server greeting response */
1131 state(conn, POP3_SERVERGREET);
1132
1133 result = pop3_multi_statemach(conn, done);
1134
1135 return result;
1136 }
1137
1138 /***********************************************************************
1139 *
1140 * pop3_done()
1141 *
1142 * The DONE function. This does what needs to be done after a single DO has
1143 * performed.
1144 *
1145 * Input argument is already checked for validity.
1146 */
pop3_done(struct connectdata * conn,CURLcode status,bool premature)1147 static CURLcode pop3_done(struct connectdata *conn, CURLcode status,
1148 bool premature)
1149 {
1150 CURLcode result = CURLE_OK;
1151 struct SessionHandle *data = conn->data;
1152 struct POP3 *pop3 = data->req.protop;
1153
1154 (void)premature;
1155
1156 if(!pop3)
1157 /* When the easy handle is removed from the multi interface while libcurl
1158 is still trying to resolve the host name, the POP3 struct is not yet
1159 initialized. However, the removal action calls Curl_done() which in
1160 turn calls this function, so we simply return success. */
1161 return CURLE_OK;
1162
1163 if(status) {
1164 connclose(conn, "POP3 done with bad status");
1165 result = status; /* use the already set error code */
1166 }
1167
1168 /* Cleanup our per-request based variables */
1169 Curl_safefree(pop3->id);
1170 Curl_safefree(pop3->custom);
1171
1172 /* Clear the transfer mode for the next request */
1173 pop3->transfer = FTPTRANSFER_BODY;
1174
1175 return result;
1176 }
1177
1178 /***********************************************************************
1179 *
1180 * pop3_perform()
1181 *
1182 * This is the actual DO function for POP3. Get a message/listing according to
1183 * the options previously setup.
1184 */
pop3_perform(struct connectdata * conn,bool * connected,bool * dophase_done)1185 static CURLcode pop3_perform(struct connectdata *conn, bool *connected,
1186 bool *dophase_done)
1187 {
1188 /* This is POP3 and no proxy */
1189 CURLcode result = CURLE_OK;
1190 struct POP3 *pop3 = conn->data->req.protop;
1191
1192 DEBUGF(infof(conn->data, "DO phase starts\n"));
1193
1194 if(conn->data->set.opt_no_body) {
1195 /* Requested no body means no transfer */
1196 pop3->transfer = FTPTRANSFER_INFO;
1197 }
1198
1199 *dophase_done = FALSE; /* not done yet */
1200
1201 /* Start the first command in the DO phase */
1202 result = pop3_perform_command(conn);
1203 if(result)
1204 return result;
1205
1206 /* Run the state-machine */
1207 result = pop3_multi_statemach(conn, dophase_done);
1208
1209 *connected = conn->bits.tcpconnect[FIRSTSOCKET];
1210
1211 if(*dophase_done)
1212 DEBUGF(infof(conn->data, "DO phase is complete\n"));
1213
1214 return result;
1215 }
1216
1217 /***********************************************************************
1218 *
1219 * pop3_do()
1220 *
1221 * This function is registered as 'curl_do' function. It decodes the path
1222 * parts etc as a wrapper to the actual DO function (pop3_perform).
1223 *
1224 * The input argument is already checked for validity.
1225 */
pop3_do(struct connectdata * conn,bool * done)1226 static CURLcode pop3_do(struct connectdata *conn, bool *done)
1227 {
1228 CURLcode result = CURLE_OK;
1229
1230 *done = FALSE; /* default to false */
1231
1232 /* Parse the URL path */
1233 result = pop3_parse_url_path(conn);
1234 if(result)
1235 return result;
1236
1237 /* Parse the custom request */
1238 result = pop3_parse_custom_request(conn);
1239 if(result)
1240 return result;
1241
1242 result = pop3_regular_transfer(conn, done);
1243
1244 return result;
1245 }
1246
1247 /***********************************************************************
1248 *
1249 * pop3_disconnect()
1250 *
1251 * Disconnect from an POP3 server. Cleanup protocol-specific per-connection
1252 * resources. BLOCKING.
1253 */
pop3_disconnect(struct connectdata * conn,bool dead_connection)1254 static CURLcode pop3_disconnect(struct connectdata *conn, bool dead_connection)
1255 {
1256 struct pop3_conn *pop3c = &conn->proto.pop3c;
1257
1258 /* We cannot send quit unconditionally. If this connection is stale or
1259 bad in any way, sending quit and waiting around here will make the
1260 disconnect wait in vain and cause more problems than we need to. */
1261
1262 /* The POP3 session may or may not have been allocated/setup at this
1263 point! */
1264 if(!dead_connection && pop3c->pp.conn && pop3c->pp.conn->bits.protoconnstart)
1265 if(!pop3_perform_quit(conn))
1266 (void)pop3_block_statemach(conn); /* ignore errors on QUIT */
1267
1268 /* Disconnect from the server */
1269 Curl_pp_disconnect(&pop3c->pp);
1270
1271 /* Cleanup the SASL module */
1272 Curl_sasl_cleanup(conn, pop3c->sasl.authused);
1273
1274 /* Cleanup our connection based variables */
1275 Curl_safefree(pop3c->apoptimestamp);
1276
1277 return CURLE_OK;
1278 }
1279
1280 /* Call this when the DO phase has completed */
pop3_dophase_done(struct connectdata * conn,bool connected)1281 static CURLcode pop3_dophase_done(struct connectdata *conn, bool connected)
1282 {
1283 (void)conn;
1284 (void)connected;
1285
1286 return CURLE_OK;
1287 }
1288
1289 /* Called from multi.c while DOing */
pop3_doing(struct connectdata * conn,bool * dophase_done)1290 static CURLcode pop3_doing(struct connectdata *conn, bool *dophase_done)
1291 {
1292 CURLcode result = pop3_multi_statemach(conn, dophase_done);
1293
1294 if(result)
1295 DEBUGF(infof(conn->data, "DO phase failed\n"));
1296 else if(*dophase_done) {
1297 result = pop3_dophase_done(conn, FALSE /* not connected */);
1298
1299 DEBUGF(infof(conn->data, "DO phase is complete\n"));
1300 }
1301
1302 return result;
1303 }
1304
1305 /***********************************************************************
1306 *
1307 * pop3_regular_transfer()
1308 *
1309 * The input argument is already checked for validity.
1310 *
1311 * Performs all commands done before a regular transfer between a local and a
1312 * remote host.
1313 */
pop3_regular_transfer(struct connectdata * conn,bool * dophase_done)1314 static CURLcode pop3_regular_transfer(struct connectdata *conn,
1315 bool *dophase_done)
1316 {
1317 CURLcode result = CURLE_OK;
1318 bool connected = FALSE;
1319 struct SessionHandle *data = conn->data;
1320
1321 /* Make sure size is unknown at this point */
1322 data->req.size = -1;
1323
1324 /* Set the progress data */
1325 Curl_pgrsSetUploadCounter(data, 0);
1326 Curl_pgrsSetDownloadCounter(data, 0);
1327 Curl_pgrsSetUploadSize(data, -1);
1328 Curl_pgrsSetDownloadSize(data, -1);
1329
1330 /* Carry out the perform */
1331 result = pop3_perform(conn, &connected, dophase_done);
1332
1333 /* Perform post DO phase operations if necessary */
1334 if(!result && *dophase_done)
1335 result = pop3_dophase_done(conn, connected);
1336
1337 return result;
1338 }
1339
pop3_setup_connection(struct connectdata * conn)1340 static CURLcode pop3_setup_connection(struct connectdata *conn)
1341 {
1342 struct SessionHandle *data = conn->data;
1343
1344 /* Initialise the POP3 layer */
1345 CURLcode result = pop3_init(conn);
1346 if(result)
1347 return result;
1348
1349 if(conn->bits.httpproxy && !data->set.tunnel_thru_httpproxy) {
1350 /* Unless we have asked to tunnel POP3 operations through the proxy, we
1351 switch and use HTTP operations only */
1352 #ifndef CURL_DISABLE_HTTP
1353 if(conn->handler == &Curl_handler_pop3)
1354 conn->handler = &Curl_handler_pop3_proxy;
1355 else {
1356 #ifdef USE_SSL
1357 conn->handler = &Curl_handler_pop3s_proxy;
1358 #else
1359 failf(data, "POP3S not supported!");
1360 return CURLE_UNSUPPORTED_PROTOCOL;
1361 #endif
1362 }
1363
1364 /* set it up as an HTTP connection instead */
1365 return conn->handler->setup_connection(conn);
1366 #else
1367 failf(data, "POP3 over http proxy requires HTTP support built-in!");
1368 return CURLE_UNSUPPORTED_PROTOCOL;
1369 #endif
1370 }
1371
1372 data->state.path++; /* don't include the initial slash */
1373
1374 return CURLE_OK;
1375 }
1376
1377 /***********************************************************************
1378 *
1379 * pop3_parse_url_options()
1380 *
1381 * Parse the URL login options.
1382 */
pop3_parse_url_options(struct connectdata * conn)1383 static CURLcode pop3_parse_url_options(struct connectdata *conn)
1384 {
1385 CURLcode result = CURLE_OK;
1386 struct pop3_conn *pop3c = &conn->proto.pop3c;
1387 const char *ptr = conn->options;
1388
1389 pop3c->sasl.resetprefs = TRUE;
1390
1391 while(!result && ptr && *ptr) {
1392 const char *key = ptr;
1393 const char *value;
1394
1395 while(*ptr && *ptr != '=')
1396 ptr++;
1397
1398 value = ptr + 1;
1399
1400 while(*ptr && *ptr != ';')
1401 ptr++;
1402
1403 if(strnequal(key, "AUTH=", 5)) {
1404 result = Curl_sasl_parse_url_auth_option(&pop3c->sasl,
1405 value, ptr - value);
1406
1407 if(result && strnequal(value, "+APOP", ptr - value)) {
1408 pop3c->preftype = POP3_TYPE_APOP;
1409 pop3c->sasl.prefmech = SASL_AUTH_NONE;
1410 result = CURLE_OK;
1411 }
1412 }
1413 else
1414 result = CURLE_URL_MALFORMAT;
1415
1416 if(*ptr == ';')
1417 ptr++;
1418 }
1419
1420 if(pop3c->preftype != POP3_TYPE_APOP)
1421 switch(pop3c->sasl.prefmech) {
1422 case SASL_AUTH_NONE:
1423 pop3c->preftype = POP3_TYPE_NONE;
1424 break;
1425 case SASL_AUTH_DEFAULT:
1426 pop3c->preftype = POP3_TYPE_ANY;
1427 break;
1428 default:
1429 pop3c->preftype = POP3_TYPE_SASL;
1430 break;
1431 }
1432
1433 return result;
1434 }
1435
1436 /***********************************************************************
1437 *
1438 * pop3_parse_url_path()
1439 *
1440 * Parse the URL path into separate path components.
1441 */
pop3_parse_url_path(struct connectdata * conn)1442 static CURLcode pop3_parse_url_path(struct connectdata *conn)
1443 {
1444 /* The POP3 struct is already initialised in pop3_connect() */
1445 struct SessionHandle *data = conn->data;
1446 struct POP3 *pop3 = data->req.protop;
1447 const char *path = data->state.path;
1448
1449 /* URL decode the path for the message ID */
1450 return Curl_urldecode(data, path, 0, &pop3->id, NULL, TRUE);
1451 }
1452
1453 /***********************************************************************
1454 *
1455 * pop3_parse_custom_request()
1456 *
1457 * Parse the custom request.
1458 */
pop3_parse_custom_request(struct connectdata * conn)1459 static CURLcode pop3_parse_custom_request(struct connectdata *conn)
1460 {
1461 CURLcode result = CURLE_OK;
1462 struct SessionHandle *data = conn->data;
1463 struct POP3 *pop3 = data->req.protop;
1464 const char *custom = data->set.str[STRING_CUSTOMREQUEST];
1465
1466 /* URL decode the custom request */
1467 if(custom)
1468 result = Curl_urldecode(data, custom, 0, &pop3->custom, NULL, TRUE);
1469
1470 return result;
1471 }
1472
1473 /***********************************************************************
1474 *
1475 * Curl_pop3_write()
1476 *
1477 * This function scans the body after the end-of-body and writes everything
1478 * until the end is found.
1479 */
Curl_pop3_write(struct connectdata * conn,char * str,size_t nread)1480 CURLcode Curl_pop3_write(struct connectdata *conn, char *str, size_t nread)
1481 {
1482 /* This code could be made into a special function in the handler struct */
1483 CURLcode result = CURLE_OK;
1484 struct SessionHandle *data = conn->data;
1485 struct SingleRequest *k = &data->req;
1486
1487 struct pop3_conn *pop3c = &conn->proto.pop3c;
1488 bool strip_dot = FALSE;
1489 size_t last = 0;
1490 size_t i;
1491
1492 /* Search through the buffer looking for the end-of-body marker which is
1493 5 bytes (0d 0a 2e 0d 0a). Note that a line starting with a dot matches
1494 the eob so the server will have prefixed it with an extra dot which we
1495 need to strip out. Additionally the marker could of course be spread out
1496 over 5 different data chunks. */
1497 for(i = 0; i < nread; i++) {
1498 size_t prev = pop3c->eob;
1499
1500 switch(str[i]) {
1501 case 0x0d:
1502 if(pop3c->eob == 0) {
1503 pop3c->eob++;
1504
1505 if(i) {
1506 /* Write out the body part that didn't match */
1507 result = Curl_client_write(conn, CLIENTWRITE_BODY, &str[last],
1508 i - last);
1509
1510 if(result)
1511 return result;
1512
1513 last = i;
1514 }
1515 }
1516 else if(pop3c->eob == 3)
1517 pop3c->eob++;
1518 else
1519 /* If the character match wasn't at position 0 or 3 then restart the
1520 pattern matching */
1521 pop3c->eob = 1;
1522 break;
1523
1524 case 0x0a:
1525 if(pop3c->eob == 1 || pop3c->eob == 4)
1526 pop3c->eob++;
1527 else
1528 /* If the character match wasn't at position 1 or 4 then start the
1529 search again */
1530 pop3c->eob = 0;
1531 break;
1532
1533 case 0x2e:
1534 if(pop3c->eob == 2)
1535 pop3c->eob++;
1536 else if(pop3c->eob == 3) {
1537 /* We have an extra dot after the CRLF which we need to strip off */
1538 strip_dot = TRUE;
1539 pop3c->eob = 0;
1540 }
1541 else
1542 /* If the character match wasn't at position 2 then start the search
1543 again */
1544 pop3c->eob = 0;
1545 break;
1546
1547 default:
1548 pop3c->eob = 0;
1549 break;
1550 }
1551
1552 /* Did we have a partial match which has subsequently failed? */
1553 if(prev && prev >= pop3c->eob) {
1554 /* Strip can only be non-zero for the very first mismatch after CRLF
1555 and then both prev and strip are equal and nothing will be output
1556 below */
1557 while(prev && pop3c->strip) {
1558 prev--;
1559 pop3c->strip--;
1560 }
1561
1562 if(prev) {
1563 /* If the partial match was the CRLF and dot then only write the CRLF
1564 as the server would have inserted the dot */
1565 result = Curl_client_write(conn, CLIENTWRITE_BODY, (char*)POP3_EOB,
1566 strip_dot ? prev - 1 : prev);
1567
1568 if(result)
1569 return result;
1570
1571 last = i;
1572 strip_dot = FALSE;
1573 }
1574 }
1575 }
1576
1577 if(pop3c->eob == POP3_EOB_LEN) {
1578 /* We have a full match so the transfer is done, however we must transfer
1579 the CRLF at the start of the EOB as this is considered to be part of the
1580 message as per RFC-1939, sect. 3 */
1581 result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)POP3_EOB, 2);
1582
1583 k->keepon &= ~KEEP_RECV;
1584 pop3c->eob = 0;
1585
1586 return result;
1587 }
1588
1589 if(pop3c->eob)
1590 /* While EOB is matching nothing should be output */
1591 return CURLE_OK;
1592
1593 if(nread - last) {
1594 result = Curl_client_write(conn, CLIENTWRITE_BODY, &str[last],
1595 nread - last);
1596 }
1597
1598 return result;
1599 }
1600
1601 #endif /* CURL_DISABLE_POP3 */
1602