diff options
| author | Eric S. Raymond <esr@thyrsus.com> | 2001-02-11 23:26:10 +0000 |
|---|---|---|
| committer | Eric S. Raymond <esr@thyrsus.com> | 2001-02-11 23:26:10 +0000 |
| commit | d6c728ad218f79305ad759eba6d787d125c67ec3 (patch) | |
| tree | 3ab20cfce9699d9c0af61ad73229c5a16e577b95 /imap.c | |
| parent | 18f57966dd58cb32956332ab4ac235edd8d1d7ca (diff) | |
| download | fetchmail-d6c728ad218f79305ad759eba6d787d125c67ec3.tar.gz fetchmail-d6c728ad218f79305ad759eba6d787d125c67ec3.tar.bz2 fetchmail-d6c728ad218f79305ad759eba6d787d125c67ec3.zip | |
Let's get rid of the old protocols with preauthentication bundled in.
svn path=/trunk/; revision=3071
Diffstat (limited to 'imap.c')
| -rw-r--r-- | imap.c | 60 |
1 files changed, 29 insertions, 31 deletions
@@ -276,27 +276,20 @@ int imap_getauth(int sock, struct query *ctl, char *greeting) return(PS_SUCCESS); } -#if OPIE_ENABLE - if ((ctl->server.protocol == P_IMAP) && strstr(capabilities, "AUTH=X-OTP")) - { - if (outlevel >= O_DEBUG) - report(stdout, _("OTP authentication is supported\n")); - if (do_otp(sock, ctl) == PS_SUCCESS) - return(PS_SUCCESS); - }; -#endif /* OPIE_ENABLE */ - + /* + * OK, now try the protocol variants that don't require passwords first. + */ #ifdef GSSAPI if (strstr(capabilities, "AUTH=GSSAPI")) { - if (ctl->server.protocol == P_IMAP_GSS) + if (ctl->server.preauthenticate == A_GSSAPI) { if (outlevel >= O_DEBUG) report(stdout, _("GSS authentication is supported\n")); return do_gssauth(sock, ctl->server.truename, ctl->remotename); } } - else if (ctl->server.protocol == P_IMAP_GSS) + else if (ctl->server.preauthenticate == P_IMAP_GSS) { report(stderr, _("Required GSS capability not supported by server\n")); @@ -310,43 +303,47 @@ int imap_getauth(int sock, struct query *ctl, char *greeting) if (outlevel >= O_DEBUG) report(stdout, _("KERBEROS_V4 authentication is supported\n")); - if (ctl->server.protocol == P_IMAP_K4) + if (ctl->server.preauthenticate == A_KERBEROS_V4) { if ((ok = do_rfc1731(sock, "AUTHENTICATE", ctl->server.truename))) /* SASL cancellation of authentication */ gen_send(sock, "*"); - return(ok); } /* else fall through to ordinary AUTH=LOGIN case */ } - else if (ctl->server.protocol == P_IMAP_K4) + else if (ctl->server.preauthenticate == A_KERBEROS_V4) { - report(stderr, + report(stderr, _("Required KERBEROS_V4 capability not supported by server\n")); - return(PS_AUTHFAIL); + return(PS_AUTHFAIL); } #endif /* KERBEROS_V4 */ + /* + * No such luck. OK, now try the variants that mask your password + * in a challenge-response. + */ + if (strstr(capabilities, "AUTH=CRAM-MD5")) { if (outlevel >= O_DEBUG) - report (stdout, _("CRAM-MD5 authentication is supported\n")); - if (ctl->server.protocol != P_IMAP_LOGIN) - { - if ((ok = do_cram_md5 (sock, "AUTHENTICATE", ctl))) - /* SASL cancellation of authentication */ - gen_send(sock, "*"); - - return(ok); - } + report(stdout, _("CRAM-MD5 authentication is supported\n")); + if ((ok = do_cram_md5 (sock, "AUTHENTICATE", ctl))) + /* SASL cancellation of authentication */ + gen_send(sock, "*"); + return(ok); } - else if (ctl->server.protocol == P_IMAP_CRAM_MD5) + +#if OPIE_ENABLE + if (strstr(capabilities, "AUTH=X-OTP")) { - report(stderr, - _("Required CRAM-MD5 capability not supported by server\n")); - return(PS_AUTHFAIL); - } + if (outlevel >= O_DEBUG) + report(stdout, _("OTP authentication is supported\n")); + if (do_otp(sock, ctl) == PS_SUCCESS) + return(PS_SUCCESS); + }; +#endif /* OPIE_ENABLE */ #ifdef NTLM_ENABLE if (strstr (capabilities, "AUTH=NTLM")) @@ -366,6 +363,7 @@ int imap_getauth(int sock, struct query *ctl, char *greeting) }; #endif /* __UNUSED__ */ + /* we're stuck with sending the password en clair */ { /* these sizes guarantee no buffer overflow */ char remotename[NAMELEN*2+1], password[PASSWORDLEN*2+1]; |