pop3.c 46 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * SPDX-License-Identifier: curl
  22. *
  23. * RFC1734 POP3 Authentication
  24. * RFC1939 POP3 protocol
  25. * RFC2195 CRAM-MD5 authentication
  26. * RFC2384 POP URL Scheme
  27. * RFC2449 POP3 Extension Mechanism
  28. * RFC2595 Using TLS with IMAP, POP3 and ACAP
  29. * RFC2831 DIGEST-MD5 authentication
  30. * RFC4422 Simple Authentication and Security Layer (SASL)
  31. * RFC4616 PLAIN authentication
  32. * RFC4752 The Kerberos V5 ("GSSAPI") SASL Mechanism
  33. * RFC5034 POP3 SASL Authentication Mechanism
  34. * RFC6749 OAuth 2.0 Authorization Framework
  35. * RFC8314 Use of TLS for Email Submission and Access
  36. * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
  37. *
  38. ***************************************************************************/
  39. #include "curl_setup.h"
  40. #ifndef CURL_DISABLE_POP3
  41. #ifdef HAVE_NETINET_IN_H
  42. #include <netinet/in.h>
  43. #endif
  44. #ifdef HAVE_ARPA_INET_H
  45. #include <arpa/inet.h>
  46. #endif
  47. #ifdef HAVE_NETDB_H
  48. #include <netdb.h>
  49. #endif
  50. #ifdef __VMS
  51. #include <in.h>
  52. #include <inet.h>
  53. #endif
  54. #include <curl/curl.h>
  55. #include "urldata.h"
  56. #include "sendf.h"
  57. #include "hostip.h"
  58. #include "progress.h"
  59. #include "transfer.h"
  60. #include "escape.h"
  61. #include "http.h" /* for HTTP proxy tunnel stuff */
  62. #include "socks.h"
  63. #include "pop3.h"
  64. #include "strtoofft.h"
  65. #include "strcase.h"
  66. #include "vtls/vtls.h"
  67. #include "cfilters.h"
  68. #include "connect.h"
  69. #include "select.h"
  70. #include "multiif.h"
  71. #include "url.h"
  72. #include "bufref.h"
  73. #include "curl_sasl.h"
  74. #include "curl_md5.h"
  75. #include "warnless.h"
  76. #include "strdup.h"
  77. /* The last 3 #include files should be in this order */
  78. #include "curl_printf.h"
  79. #include "curl_memory.h"
  80. #include "memdebug.h"
  81. #ifndef ARRAYSIZE
  82. #define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0]))
  83. #endif
  84. /* Local API functions */
  85. static CURLcode pop3_regular_transfer(struct Curl_easy *data, bool *done);
  86. static CURLcode pop3_do(struct Curl_easy *data, bool *done);
  87. static CURLcode pop3_done(struct Curl_easy *data, CURLcode status,
  88. bool premature);
  89. static CURLcode pop3_connect(struct Curl_easy *data, bool *done);
  90. static CURLcode pop3_disconnect(struct Curl_easy *data,
  91. struct connectdata *conn, bool dead);
  92. static CURLcode pop3_multi_statemach(struct Curl_easy *data, bool *done);
  93. static int pop3_getsock(struct Curl_easy *data,
  94. struct connectdata *conn, curl_socket_t *socks);
  95. static CURLcode pop3_doing(struct Curl_easy *data, bool *dophase_done);
  96. static CURLcode pop3_setup_connection(struct Curl_easy *data,
  97. struct connectdata *conn);
  98. static CURLcode pop3_parse_url_options(struct connectdata *conn);
  99. static CURLcode pop3_parse_url_path(struct Curl_easy *data);
  100. static CURLcode pop3_parse_custom_request(struct Curl_easy *data);
  101. static CURLcode pop3_perform_auth(struct Curl_easy *data, const char *mech,
  102. const struct bufref *initresp);
  103. static CURLcode pop3_continue_auth(struct Curl_easy *data, const char *mech,
  104. const struct bufref *resp);
  105. static CURLcode pop3_cancel_auth(struct Curl_easy *data, const char *mech);
  106. static CURLcode pop3_get_message(struct Curl_easy *data, struct bufref *out);
  107. /* This function scans the body after the end-of-body and writes everything
  108. * until the end is found */
  109. static CURLcode pop3_write(struct Curl_easy *data,
  110. const char *str, size_t nread, bool is_eos);
  111. /*
  112. * POP3 protocol handler.
  113. */
  114. const struct Curl_handler Curl_handler_pop3 = {
  115. "pop3", /* scheme */
  116. pop3_setup_connection, /* setup_connection */
  117. pop3_do, /* do_it */
  118. pop3_done, /* done */
  119. ZERO_NULL, /* do_more */
  120. pop3_connect, /* connect_it */
  121. pop3_multi_statemach, /* connecting */
  122. pop3_doing, /* doing */
  123. pop3_getsock, /* proto_getsock */
  124. pop3_getsock, /* doing_getsock */
  125. ZERO_NULL, /* domore_getsock */
  126. ZERO_NULL, /* perform_getsock */
  127. pop3_disconnect, /* disconnect */
  128. pop3_write, /* write_resp */
  129. ZERO_NULL, /* write_resp_hd */
  130. ZERO_NULL, /* connection_check */
  131. ZERO_NULL, /* attach connection */
  132. PORT_POP3, /* defport */
  133. CURLPROTO_POP3, /* protocol */
  134. CURLPROTO_POP3, /* family */
  135. PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY | /* flags */
  136. PROTOPT_URLOPTIONS
  137. };
  138. #ifdef USE_SSL
  139. /*
  140. * POP3S protocol handler.
  141. */
  142. const struct Curl_handler Curl_handler_pop3s = {
  143. "pop3s", /* scheme */
  144. pop3_setup_connection, /* setup_connection */
  145. pop3_do, /* do_it */
  146. pop3_done, /* done */
  147. ZERO_NULL, /* do_more */
  148. pop3_connect, /* connect_it */
  149. pop3_multi_statemach, /* connecting */
  150. pop3_doing, /* doing */
  151. pop3_getsock, /* proto_getsock */
  152. pop3_getsock, /* doing_getsock */
  153. ZERO_NULL, /* domore_getsock */
  154. ZERO_NULL, /* perform_getsock */
  155. pop3_disconnect, /* disconnect */
  156. pop3_write, /* write_resp */
  157. ZERO_NULL, /* write_resp_hd */
  158. ZERO_NULL, /* connection_check */
  159. ZERO_NULL, /* attach connection */
  160. PORT_POP3S, /* defport */
  161. CURLPROTO_POP3S, /* protocol */
  162. CURLPROTO_POP3, /* family */
  163. PROTOPT_CLOSEACTION | PROTOPT_SSL
  164. | PROTOPT_NOURLQUERY | PROTOPT_URLOPTIONS /* flags */
  165. };
  166. #endif
  167. /* SASL parameters for the pop3 protocol */
  168. static const struct SASLproto saslpop3 = {
  169. "pop", /* The service name */
  170. pop3_perform_auth, /* Send authentication command */
  171. pop3_continue_auth, /* Send authentication continuation */
  172. pop3_cancel_auth, /* Send authentication cancellation */
  173. pop3_get_message, /* Get SASL response message */
  174. 255 - 8, /* Max line len - strlen("AUTH ") - 1 space - crlf */
  175. '*', /* Code received when continuation is expected */
  176. '+', /* Code to receive upon authentication success */
  177. SASL_AUTH_DEFAULT, /* Default mechanisms */
  178. SASL_FLAG_BASE64 /* Configuration flags */
  179. };
  180. #ifdef USE_SSL
  181. static void pop3_to_pop3s(struct connectdata *conn)
  182. {
  183. /* Change the connection handler */
  184. conn->handler = &Curl_handler_pop3s;
  185. /* Set the connection's upgraded to TLS flag */
  186. conn->bits.tls_upgraded = TRUE;
  187. }
  188. #else
  189. #define pop3_to_pop3s(x) Curl_nop_stmt
  190. #endif
  191. struct pop3_cmd {
  192. const char *name;
  193. unsigned short nlen;
  194. BIT(multiline); /* response is multi-line with last '.' line */
  195. BIT(multiline_with_args); /* is multi-line when command has args */
  196. };
  197. static const struct pop3_cmd pop3cmds[] = {
  198. { "APOP", 4, FALSE, FALSE },
  199. { "AUTH", 4, FALSE, FALSE },
  200. { "CAPA", 4, TRUE, TRUE },
  201. { "DELE", 4, FALSE, FALSE },
  202. { "LIST", 4, TRUE, FALSE },
  203. { "MSG", 3, TRUE, TRUE },
  204. { "NOOP", 4, FALSE, FALSE },
  205. { "PASS", 4, FALSE, FALSE },
  206. { "QUIT", 4, FALSE, FALSE },
  207. { "RETR", 4, TRUE, TRUE },
  208. { "RSET", 4, FALSE, FALSE },
  209. { "STAT", 4, FALSE, FALSE },
  210. { "STLS", 4, FALSE, FALSE },
  211. { "TOP", 3, TRUE, TRUE },
  212. { "UIDL", 4, TRUE, FALSE },
  213. { "USER", 4, FALSE, FALSE },
  214. { "UTF8", 4, FALSE, FALSE },
  215. { "XTND", 4, TRUE, TRUE },
  216. };
  217. /* Return iff a command is defined as "multi-line" (RFC 1939),
  218. * has a response terminated by a last line with a '.'.
  219. */
  220. static bool pop3_is_multiline(const char *cmdline)
  221. {
  222. size_t i;
  223. for(i = 0; i < ARRAYSIZE(pop3cmds); ++i) {
  224. if(strncasecompare(pop3cmds[i].name, cmdline, pop3cmds[i].nlen)) {
  225. if(!cmdline[pop3cmds[i].nlen])
  226. return pop3cmds[i].multiline;
  227. else if(cmdline[pop3cmds[i].nlen] == ' ')
  228. return pop3cmds[i].multiline_with_args;
  229. }
  230. }
  231. /* Unknown command, assume multi-line for backward compatibility with
  232. * earlier curl versions that only could do multi-line responses. */
  233. return TRUE;
  234. }
  235. /***********************************************************************
  236. *
  237. * pop3_endofresp()
  238. *
  239. * Checks for an ending POP3 status code at the start of the given string, but
  240. * also detects the APOP timestamp from the server greeting and various
  241. * capabilities from the CAPA response including the supported authentication
  242. * types and allowed SASL mechanisms.
  243. */
  244. static bool pop3_endofresp(struct Curl_easy *data, struct connectdata *conn,
  245. char *line, size_t len, int *resp)
  246. {
  247. struct pop3_conn *pop3c = &conn->proto.pop3c;
  248. (void)data;
  249. /* Do we have an error response? */
  250. if(len >= 4 && !memcmp("-ERR", line, 4)) {
  251. *resp = '-';
  252. return TRUE;
  253. }
  254. /* Are we processing CAPA command responses? */
  255. if(pop3c->state == POP3_CAPA) {
  256. /* Do we have the terminating line? */
  257. if(len >= 1 && line[0] == '.')
  258. /* Treat the response as a success */
  259. *resp = '+';
  260. else
  261. /* Treat the response as an untagged continuation */
  262. *resp = '*';
  263. return TRUE;
  264. }
  265. /* Do we have a success response? */
  266. if(len >= 3 && !memcmp("+OK", line, 3)) {
  267. *resp = '+';
  268. return TRUE;
  269. }
  270. /* Do we have a continuation response? */
  271. if(len >= 1 && line[0] == '+') {
  272. *resp = '*';
  273. return TRUE;
  274. }
  275. return FALSE; /* Nothing for us */
  276. }
  277. /***********************************************************************
  278. *
  279. * pop3_get_message()
  280. *
  281. * Gets the authentication message from the response buffer.
  282. */
  283. static CURLcode pop3_get_message(struct Curl_easy *data, struct bufref *out)
  284. {
  285. char *message = Curl_dyn_ptr(&data->conn->proto.pop3c.pp.recvbuf);
  286. size_t len = data->conn->proto.pop3c.pp.nfinal;
  287. if(len > 2) {
  288. /* Find the start of the message */
  289. len -= 2;
  290. for(message += 2; *message == ' ' || *message == '\t'; message++, len--)
  291. ;
  292. /* Find the end of the message */
  293. while(len--)
  294. if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
  295. message[len] != '\t')
  296. break;
  297. /* Terminate the message */
  298. message[++len] = '\0';
  299. Curl_bufref_set(out, message, len, NULL);
  300. }
  301. else
  302. /* junk input => zero length output */
  303. Curl_bufref_set(out, "", 0, NULL);
  304. return CURLE_OK;
  305. }
  306. /***********************************************************************
  307. *
  308. * pop3_state()
  309. *
  310. * This is the ONLY way to change POP3 state!
  311. */
  312. static void pop3_state(struct Curl_easy *data, pop3state newstate)
  313. {
  314. struct pop3_conn *pop3c = &data->conn->proto.pop3c;
  315. #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
  316. /* for debug purposes */
  317. static const char * const names[] = {
  318. "STOP",
  319. "SERVERGREET",
  320. "CAPA",
  321. "STARTTLS",
  322. "UPGRADETLS",
  323. "AUTH",
  324. "APOP",
  325. "USER",
  326. "PASS",
  327. "COMMAND",
  328. "QUIT",
  329. /* LAST */
  330. };
  331. if(pop3c->state != newstate)
  332. infof(data, "POP3 %p state change from %s to %s",
  333. (void *)pop3c, names[pop3c->state], names[newstate]);
  334. #endif
  335. pop3c->state = newstate;
  336. }
  337. /***********************************************************************
  338. *
  339. * pop3_perform_capa()
  340. *
  341. * Sends the CAPA command in order to obtain a list of server side supported
  342. * capabilities.
  343. */
  344. static CURLcode pop3_perform_capa(struct Curl_easy *data,
  345. struct connectdata *conn)
  346. {
  347. CURLcode result = CURLE_OK;
  348. struct pop3_conn *pop3c = &conn->proto.pop3c;
  349. pop3c->sasl.authmechs = SASL_AUTH_NONE; /* No known auth. mechanisms yet */
  350. pop3c->sasl.authused = SASL_AUTH_NONE; /* Clear the auth. mechanism used */
  351. pop3c->tls_supported = FALSE; /* Clear the TLS capability */
  352. /* Send the CAPA command */
  353. result = Curl_pp_sendf(data, &pop3c->pp, "%s", "CAPA");
  354. if(!result)
  355. pop3_state(data, POP3_CAPA);
  356. return result;
  357. }
  358. /***********************************************************************
  359. *
  360. * pop3_perform_starttls()
  361. *
  362. * Sends the STLS command to start the upgrade to TLS.
  363. */
  364. static CURLcode pop3_perform_starttls(struct Curl_easy *data,
  365. struct connectdata *conn)
  366. {
  367. /* Send the STLS command */
  368. CURLcode result = Curl_pp_sendf(data, &conn->proto.pop3c.pp, "%s", "STLS");
  369. if(!result)
  370. pop3_state(data, POP3_STARTTLS);
  371. return result;
  372. }
  373. /***********************************************************************
  374. *
  375. * pop3_perform_upgrade_tls()
  376. *
  377. * Performs the upgrade to TLS.
  378. */
  379. static CURLcode pop3_perform_upgrade_tls(struct Curl_easy *data,
  380. struct connectdata *conn)
  381. {
  382. /* Start the SSL connection */
  383. struct pop3_conn *pop3c = &conn->proto.pop3c;
  384. CURLcode result;
  385. bool ssldone = FALSE;
  386. if(!Curl_conn_is_ssl(conn, FIRSTSOCKET)) {
  387. result = Curl_ssl_cfilter_add(data, conn, FIRSTSOCKET);
  388. if(result)
  389. goto out;
  390. }
  391. result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssldone);
  392. if(!result) {
  393. pop3c->ssldone = ssldone;
  394. if(pop3c->state != POP3_UPGRADETLS)
  395. pop3_state(data, POP3_UPGRADETLS);
  396. if(pop3c->ssldone) {
  397. pop3_to_pop3s(conn);
  398. result = pop3_perform_capa(data, conn);
  399. }
  400. }
  401. out:
  402. return result;
  403. }
  404. /***********************************************************************
  405. *
  406. * pop3_perform_user()
  407. *
  408. * Sends a clear text USER command to authenticate with.
  409. */
  410. static CURLcode pop3_perform_user(struct Curl_easy *data,
  411. struct connectdata *conn)
  412. {
  413. CURLcode result = CURLE_OK;
  414. /* Check we have a username and password to authenticate with and end the
  415. connect phase if we do not */
  416. if(!data->state.aptr.user) {
  417. pop3_state(data, POP3_STOP);
  418. return result;
  419. }
  420. /* Send the USER command */
  421. result = Curl_pp_sendf(data, &conn->proto.pop3c.pp, "USER %s",
  422. conn->user ? conn->user : "");
  423. if(!result)
  424. pop3_state(data, POP3_USER);
  425. return result;
  426. }
  427. #ifndef CURL_DISABLE_DIGEST_AUTH
  428. /***********************************************************************
  429. *
  430. * pop3_perform_apop()
  431. *
  432. * Sends an APOP command to authenticate with.
  433. */
  434. static CURLcode pop3_perform_apop(struct Curl_easy *data,
  435. struct connectdata *conn)
  436. {
  437. CURLcode result = CURLE_OK;
  438. struct pop3_conn *pop3c = &conn->proto.pop3c;
  439. size_t i;
  440. struct MD5_context *ctxt;
  441. unsigned char digest[MD5_DIGEST_LEN];
  442. char secret[2 * MD5_DIGEST_LEN + 1];
  443. /* Check we have a username and password to authenticate with and end the
  444. connect phase if we do not */
  445. if(!data->state.aptr.user) {
  446. pop3_state(data, POP3_STOP);
  447. return result;
  448. }
  449. /* Create the digest */
  450. ctxt = Curl_MD5_init(&Curl_DIGEST_MD5);
  451. if(!ctxt)
  452. return CURLE_OUT_OF_MEMORY;
  453. Curl_MD5_update(ctxt, (const unsigned char *) pop3c->apoptimestamp,
  454. curlx_uztoui(strlen(pop3c->apoptimestamp)));
  455. Curl_MD5_update(ctxt, (const unsigned char *) conn->passwd,
  456. curlx_uztoui(strlen(conn->passwd)));
  457. /* Finalise the digest */
  458. Curl_MD5_final(ctxt, digest);
  459. /* Convert the calculated 16 octet digest into a 32 byte hex string */
  460. for(i = 0; i < MD5_DIGEST_LEN; i++)
  461. msnprintf(&secret[2 * i], 3, "%02x", digest[i]);
  462. result = Curl_pp_sendf(data, &pop3c->pp, "APOP %s %s", conn->user, secret);
  463. if(!result)
  464. pop3_state(data, POP3_APOP);
  465. return result;
  466. }
  467. #endif
  468. /***********************************************************************
  469. *
  470. * pop3_perform_auth()
  471. *
  472. * Sends an AUTH command allowing the client to login with the given SASL
  473. * authentication mechanism.
  474. */
  475. static CURLcode pop3_perform_auth(struct Curl_easy *data,
  476. const char *mech,
  477. const struct bufref *initresp)
  478. {
  479. CURLcode result = CURLE_OK;
  480. struct pop3_conn *pop3c = &data->conn->proto.pop3c;
  481. const char *ir = (const char *) Curl_bufref_ptr(initresp);
  482. if(ir) { /* AUTH <mech> ...<crlf> */
  483. /* Send the AUTH command with the initial response */
  484. result = Curl_pp_sendf(data, &pop3c->pp, "AUTH %s %s", mech, ir);
  485. }
  486. else {
  487. /* Send the AUTH command */
  488. result = Curl_pp_sendf(data, &pop3c->pp, "AUTH %s", mech);
  489. }
  490. return result;
  491. }
  492. /***********************************************************************
  493. *
  494. * pop3_continue_auth()
  495. *
  496. * Sends SASL continuation data.
  497. */
  498. static CURLcode pop3_continue_auth(struct Curl_easy *data,
  499. const char *mech,
  500. const struct bufref *resp)
  501. {
  502. struct pop3_conn *pop3c = &data->conn->proto.pop3c;
  503. (void)mech;
  504. return Curl_pp_sendf(data, &pop3c->pp,
  505. "%s", (const char *) Curl_bufref_ptr(resp));
  506. }
  507. /***********************************************************************
  508. *
  509. * pop3_cancel_auth()
  510. *
  511. * Sends SASL cancellation.
  512. */
  513. static CURLcode pop3_cancel_auth(struct Curl_easy *data, const char *mech)
  514. {
  515. struct pop3_conn *pop3c = &data->conn->proto.pop3c;
  516. (void)mech;
  517. return Curl_pp_sendf(data, &pop3c->pp, "*");
  518. }
  519. /***********************************************************************
  520. *
  521. * pop3_perform_authentication()
  522. *
  523. * Initiates the authentication sequence, with the appropriate SASL
  524. * authentication mechanism, falling back to APOP and clear text should a
  525. * common mechanism not be available between the client and server.
  526. */
  527. static CURLcode pop3_perform_authentication(struct Curl_easy *data,
  528. struct connectdata *conn)
  529. {
  530. CURLcode result = CURLE_OK;
  531. struct pop3_conn *pop3c = &conn->proto.pop3c;
  532. saslprogress progress = SASL_IDLE;
  533. /* Check we have enough data to authenticate with and end the
  534. connect phase if we do not */
  535. if(!Curl_sasl_can_authenticate(&pop3c->sasl, data)) {
  536. pop3_state(data, POP3_STOP);
  537. return result;
  538. }
  539. if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_SASL) {
  540. /* Calculate the SASL login details */
  541. result = Curl_sasl_start(&pop3c->sasl, data, FALSE, &progress);
  542. if(!result)
  543. if(progress == SASL_INPROGRESS)
  544. pop3_state(data, POP3_AUTH);
  545. }
  546. if(!result && progress == SASL_IDLE) {
  547. #ifndef CURL_DISABLE_DIGEST_AUTH
  548. if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_APOP)
  549. /* Perform APOP authentication */
  550. result = pop3_perform_apop(data, conn);
  551. else
  552. #endif
  553. if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_CLEARTEXT)
  554. /* Perform clear text authentication */
  555. result = pop3_perform_user(data, conn);
  556. else {
  557. /* Other mechanisms not supported */
  558. infof(data, "No known authentication mechanisms supported");
  559. result = CURLE_LOGIN_DENIED;
  560. }
  561. }
  562. return result;
  563. }
  564. /***********************************************************************
  565. *
  566. * pop3_perform_command()
  567. *
  568. * Sends a POP3 based command.
  569. */
  570. static CURLcode pop3_perform_command(struct Curl_easy *data)
  571. {
  572. CURLcode result = CURLE_OK;
  573. struct connectdata *conn = data->conn;
  574. struct POP3 *pop3 = data->req.p.pop3;
  575. const char *command = NULL;
  576. /* Calculate the default command */
  577. if(pop3->id[0] == '\0' || data->set.list_only) {
  578. command = "LIST";
  579. if(pop3->id[0] != '\0')
  580. /* Message specific LIST so skip the BODY transfer */
  581. pop3->transfer = PPTRANSFER_INFO;
  582. }
  583. else
  584. command = "RETR";
  585. if(pop3->custom && pop3->custom[0] != '\0')
  586. command = pop3->custom;
  587. /* Send the command */
  588. if(pop3->id[0] != '\0')
  589. result = Curl_pp_sendf(data, &conn->proto.pop3c.pp, "%s %s",
  590. command, pop3->id);
  591. else
  592. result = Curl_pp_sendf(data, &conn->proto.pop3c.pp, "%s", command);
  593. if(!result) {
  594. pop3_state(data, POP3_COMMAND);
  595. data->req.no_body = !pop3_is_multiline(command);
  596. }
  597. return result;
  598. }
  599. /***********************************************************************
  600. *
  601. * pop3_perform_quit()
  602. *
  603. * Performs the quit action prior to sclose() be called.
  604. */
  605. static CURLcode pop3_perform_quit(struct Curl_easy *data,
  606. struct connectdata *conn)
  607. {
  608. /* Send the QUIT command */
  609. CURLcode result = Curl_pp_sendf(data, &conn->proto.pop3c.pp, "%s", "QUIT");
  610. if(!result)
  611. pop3_state(data, POP3_QUIT);
  612. return result;
  613. }
  614. /* For the initial server greeting */
  615. static CURLcode pop3_state_servergreet_resp(struct Curl_easy *data,
  616. int pop3code,
  617. pop3state instate)
  618. {
  619. CURLcode result = CURLE_OK;
  620. struct connectdata *conn = data->conn;
  621. struct pop3_conn *pop3c = &conn->proto.pop3c;
  622. const char *line = Curl_dyn_ptr(&data->conn->proto.pop3c.pp.recvbuf);
  623. size_t len = data->conn->proto.pop3c.pp.nfinal;
  624. (void)instate; /* no use for this yet */
  625. if(pop3code != '+') {
  626. failf(data, "Got unexpected pop3-server response");
  627. result = CURLE_WEIRD_SERVER_REPLY;
  628. }
  629. else if(len > 3) {
  630. /* Does the server support APOP authentication? */
  631. char *lt;
  632. char *gt = NULL;
  633. /* Look for the APOP timestamp */
  634. lt = memchr(line, '<', len);
  635. if(lt)
  636. /* search the remainder for '>' */
  637. gt = memchr(lt, '>', len - (lt - line));
  638. if(gt) {
  639. /* the length of the timestamp, including the brackets */
  640. size_t timestamplen = gt - lt + 1;
  641. char *at = memchr(lt, '@', timestamplen);
  642. /* If the timestamp does not contain '@' it is not (as required by
  643. RFC-1939) conformant to the RFC-822 message id syntax, and we
  644. therefore do not use APOP authentication. */
  645. if(at) {
  646. /* dupe the timestamp */
  647. pop3c->apoptimestamp = Curl_memdup0(lt, timestamplen);
  648. if(!pop3c->apoptimestamp)
  649. return CURLE_OUT_OF_MEMORY;
  650. /* Store the APOP capability */
  651. pop3c->authtypes |= POP3_TYPE_APOP;
  652. }
  653. }
  654. if(!result)
  655. result = pop3_perform_capa(data, conn);
  656. }
  657. return result;
  658. }
  659. /* For CAPA responses */
  660. static CURLcode pop3_state_capa_resp(struct Curl_easy *data, int pop3code,
  661. pop3state instate)
  662. {
  663. CURLcode result = CURLE_OK;
  664. struct connectdata *conn = data->conn;
  665. struct pop3_conn *pop3c = &conn->proto.pop3c;
  666. const char *line = Curl_dyn_ptr(&data->conn->proto.pop3c.pp.recvbuf);
  667. size_t len = data->conn->proto.pop3c.pp.nfinal;
  668. (void)instate; /* no use for this yet */
  669. /* Do we have a untagged continuation response? */
  670. if(pop3code == '*') {
  671. /* Does the server support the STLS capability? */
  672. if(len >= 4 && !memcmp(line, "STLS", 4))
  673. pop3c->tls_supported = TRUE;
  674. /* Does the server support clear text authentication? */
  675. else if(len >= 4 && !memcmp(line, "USER", 4))
  676. pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
  677. /* Does the server support SASL based authentication? */
  678. else if(len >= 5 && !memcmp(line, "SASL ", 5)) {
  679. pop3c->authtypes |= POP3_TYPE_SASL;
  680. /* Advance past the SASL keyword */
  681. line += 5;
  682. len -= 5;
  683. /* Loop through the data line */
  684. for(;;) {
  685. size_t llen;
  686. size_t wordlen;
  687. unsigned short mechbit;
  688. while(len &&
  689. (*line == ' ' || *line == '\t' ||
  690. *line == '\r' || *line == '\n')) {
  691. line++;
  692. len--;
  693. }
  694. if(!len)
  695. break;
  696. /* Extract the word */
  697. for(wordlen = 0; wordlen < len && line[wordlen] != ' ' &&
  698. line[wordlen] != '\t' && line[wordlen] != '\r' &&
  699. line[wordlen] != '\n';)
  700. wordlen++;
  701. /* Test the word for a matching authentication mechanism */
  702. mechbit = Curl_sasl_decode_mech(line, wordlen, &llen);
  703. if(mechbit && llen == wordlen)
  704. pop3c->sasl.authmechs |= mechbit;
  705. line += wordlen;
  706. len -= wordlen;
  707. }
  708. }
  709. }
  710. else {
  711. /* Clear text is supported when CAPA is not recognised */
  712. if(pop3code != '+')
  713. pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
  714. if(!data->set.use_ssl || Curl_conn_is_ssl(conn, FIRSTSOCKET))
  715. result = pop3_perform_authentication(data, conn);
  716. else if(pop3code == '+' && pop3c->tls_supported)
  717. /* Switch to TLS connection now */
  718. result = pop3_perform_starttls(data, conn);
  719. else if(data->set.use_ssl <= CURLUSESSL_TRY)
  720. /* Fallback and carry on with authentication */
  721. result = pop3_perform_authentication(data, conn);
  722. else {
  723. failf(data, "STLS not supported.");
  724. result = CURLE_USE_SSL_FAILED;
  725. }
  726. }
  727. return result;
  728. }
  729. /* For STARTTLS responses */
  730. static CURLcode pop3_state_starttls_resp(struct Curl_easy *data,
  731. struct connectdata *conn,
  732. int pop3code,
  733. pop3state instate)
  734. {
  735. CURLcode result = CURLE_OK;
  736. (void)instate; /* no use for this yet */
  737. /* Pipelining in response is forbidden. */
  738. if(data->conn->proto.pop3c.pp.overflow)
  739. return CURLE_WEIRD_SERVER_REPLY;
  740. if(pop3code != '+') {
  741. if(data->set.use_ssl != CURLUSESSL_TRY) {
  742. failf(data, "STARTTLS denied");
  743. result = CURLE_USE_SSL_FAILED;
  744. }
  745. else
  746. result = pop3_perform_authentication(data, conn);
  747. }
  748. else
  749. result = pop3_perform_upgrade_tls(data, conn);
  750. return result;
  751. }
  752. /* For SASL authentication responses */
  753. static CURLcode pop3_state_auth_resp(struct Curl_easy *data,
  754. int pop3code,
  755. pop3state instate)
  756. {
  757. CURLcode result = CURLE_OK;
  758. struct connectdata *conn = data->conn;
  759. struct pop3_conn *pop3c = &conn->proto.pop3c;
  760. saslprogress progress;
  761. (void)instate; /* no use for this yet */
  762. result = Curl_sasl_continue(&pop3c->sasl, data, pop3code, &progress);
  763. if(!result)
  764. switch(progress) {
  765. case SASL_DONE:
  766. pop3_state(data, POP3_STOP); /* Authenticated */
  767. break;
  768. case SASL_IDLE: /* No mechanism left after cancellation */
  769. #ifndef CURL_DISABLE_DIGEST_AUTH
  770. if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_APOP)
  771. /* Perform APOP authentication */
  772. result = pop3_perform_apop(data, conn);
  773. else
  774. #endif
  775. if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_CLEARTEXT)
  776. /* Perform clear text authentication */
  777. result = pop3_perform_user(data, conn);
  778. else {
  779. failf(data, "Authentication cancelled");
  780. result = CURLE_LOGIN_DENIED;
  781. }
  782. break;
  783. default:
  784. break;
  785. }
  786. return result;
  787. }
  788. #ifndef CURL_DISABLE_DIGEST_AUTH
  789. /* For APOP responses */
  790. static CURLcode pop3_state_apop_resp(struct Curl_easy *data, int pop3code,
  791. pop3state instate)
  792. {
  793. CURLcode result = CURLE_OK;
  794. (void)instate; /* no use for this yet */
  795. if(pop3code != '+') {
  796. failf(data, "Authentication failed: %d", pop3code);
  797. result = CURLE_LOGIN_DENIED;
  798. }
  799. else
  800. /* End of connect phase */
  801. pop3_state(data, POP3_STOP);
  802. return result;
  803. }
  804. #endif
  805. /* For USER responses */
  806. static CURLcode pop3_state_user_resp(struct Curl_easy *data, int pop3code,
  807. pop3state instate)
  808. {
  809. CURLcode result = CURLE_OK;
  810. struct connectdata *conn = data->conn;
  811. (void)instate; /* no use for this yet */
  812. if(pop3code != '+') {
  813. failf(data, "Access denied. %c", pop3code);
  814. result = CURLE_LOGIN_DENIED;
  815. }
  816. else
  817. /* Send the PASS command */
  818. result = Curl_pp_sendf(data, &conn->proto.pop3c.pp, "PASS %s",
  819. conn->passwd ? conn->passwd : "");
  820. if(!result)
  821. pop3_state(data, POP3_PASS);
  822. return result;
  823. }
  824. /* For PASS responses */
  825. static CURLcode pop3_state_pass_resp(struct Curl_easy *data, int pop3code,
  826. pop3state instate)
  827. {
  828. CURLcode result = CURLE_OK;
  829. (void)instate; /* no use for this yet */
  830. if(pop3code != '+') {
  831. failf(data, "Access denied. %c", pop3code);
  832. result = CURLE_LOGIN_DENIED;
  833. }
  834. else
  835. /* End of connect phase */
  836. pop3_state(data, POP3_STOP);
  837. return result;
  838. }
  839. /* For command responses */
  840. static CURLcode pop3_state_command_resp(struct Curl_easy *data,
  841. int pop3code,
  842. pop3state instate)
  843. {
  844. CURLcode result = CURLE_OK;
  845. struct connectdata *conn = data->conn;
  846. struct POP3 *pop3 = data->req.p.pop3;
  847. struct pop3_conn *pop3c = &conn->proto.pop3c;
  848. struct pingpong *pp = &pop3c->pp;
  849. (void)instate; /* no use for this yet */
  850. if(pop3code != '+') {
  851. pop3_state(data, POP3_STOP);
  852. return CURLE_WEIRD_SERVER_REPLY;
  853. }
  854. /* This 'OK' line ends with a CR LF pair which is the two first bytes of the
  855. EOB string so count this is two matching bytes. This is necessary to make
  856. the code detect the EOB if the only data than comes now is %2e CR LF like
  857. when there is no body to return. */
  858. pop3c->eob = 2;
  859. /* But since this initial CR LF pair is not part of the actual body, we set
  860. the strip counter here so that these bytes will not be delivered. */
  861. pop3c->strip = 2;
  862. if(pop3->transfer == PPTRANSFER_BODY) {
  863. /* POP3 download */
  864. Curl_xfer_setup1(data, CURL_XFER_RECV, -1, FALSE);
  865. if(pp->overflow) {
  866. /* The recv buffer contains data that is actually body content so send
  867. it as such. Note that there may even be additional "headers" after
  868. the body */
  869. /* keep only the overflow */
  870. Curl_dyn_tail(&pp->recvbuf, pp->overflow);
  871. pp->nfinal = 0; /* done */
  872. if(!data->req.no_body) {
  873. result = pop3_write(data, Curl_dyn_ptr(&pp->recvbuf),
  874. Curl_dyn_len(&pp->recvbuf), FALSE);
  875. if(result)
  876. return result;
  877. }
  878. /* reset the buffer */
  879. Curl_dyn_reset(&pp->recvbuf);
  880. pp->overflow = 0;
  881. }
  882. }
  883. else
  884. pp->overflow = 0;
  885. /* End of DO phase */
  886. pop3_state(data, POP3_STOP);
  887. return result;
  888. }
  889. static CURLcode pop3_statemachine(struct Curl_easy *data,
  890. struct connectdata *conn)
  891. {
  892. CURLcode result = CURLE_OK;
  893. int pop3code;
  894. struct pop3_conn *pop3c = &conn->proto.pop3c;
  895. struct pingpong *pp = &pop3c->pp;
  896. size_t nread = 0;
  897. (void)data;
  898. /* Busy upgrading the connection; right now all I/O is SSL/TLS, not POP3 */
  899. if(pop3c->state == POP3_UPGRADETLS)
  900. return pop3_perform_upgrade_tls(data, conn);
  901. /* Flush any data that needs to be sent */
  902. if(pp->sendleft)
  903. return Curl_pp_flushsend(data, pp);
  904. do {
  905. /* Read the response from the server */
  906. result = Curl_pp_readresp(data, FIRSTSOCKET, pp, &pop3code, &nread);
  907. if(result)
  908. return result;
  909. if(!pop3code)
  910. break;
  911. /* We have now received a full POP3 server response */
  912. switch(pop3c->state) {
  913. case POP3_SERVERGREET:
  914. result = pop3_state_servergreet_resp(data, pop3code, pop3c->state);
  915. break;
  916. case POP3_CAPA:
  917. result = pop3_state_capa_resp(data, pop3code, pop3c->state);
  918. break;
  919. case POP3_STARTTLS:
  920. result = pop3_state_starttls_resp(data, conn, pop3code, pop3c->state);
  921. break;
  922. case POP3_AUTH:
  923. result = pop3_state_auth_resp(data, pop3code, pop3c->state);
  924. break;
  925. #ifndef CURL_DISABLE_DIGEST_AUTH
  926. case POP3_APOP:
  927. result = pop3_state_apop_resp(data, pop3code, pop3c->state);
  928. break;
  929. #endif
  930. case POP3_USER:
  931. result = pop3_state_user_resp(data, pop3code, pop3c->state);
  932. break;
  933. case POP3_PASS:
  934. result = pop3_state_pass_resp(data, pop3code, pop3c->state);
  935. break;
  936. case POP3_COMMAND:
  937. result = pop3_state_command_resp(data, pop3code, pop3c->state);
  938. break;
  939. case POP3_QUIT:
  940. pop3_state(data, POP3_STOP);
  941. break;
  942. default:
  943. /* internal error */
  944. pop3_state(data, POP3_STOP);
  945. break;
  946. }
  947. } while(!result && pop3c->state != POP3_STOP && Curl_pp_moredata(pp));
  948. return result;
  949. }
  950. /* Called repeatedly until done from multi.c */
  951. static CURLcode pop3_multi_statemach(struct Curl_easy *data, bool *done)
  952. {
  953. CURLcode result = CURLE_OK;
  954. struct connectdata *conn = data->conn;
  955. struct pop3_conn *pop3c = &conn->proto.pop3c;
  956. if((conn->handler->flags & PROTOPT_SSL) && !pop3c->ssldone) {
  957. bool ssldone = FALSE;
  958. result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssldone);
  959. pop3c->ssldone = ssldone;
  960. if(result || !pop3c->ssldone)
  961. return result;
  962. }
  963. result = Curl_pp_statemach(data, &pop3c->pp, FALSE, FALSE);
  964. *done = (pop3c->state == POP3_STOP);
  965. return result;
  966. }
  967. static CURLcode pop3_block_statemach(struct Curl_easy *data,
  968. struct connectdata *conn,
  969. bool disconnecting)
  970. {
  971. CURLcode result = CURLE_OK;
  972. struct pop3_conn *pop3c = &conn->proto.pop3c;
  973. while(pop3c->state != POP3_STOP && !result)
  974. result = Curl_pp_statemach(data, &pop3c->pp, TRUE, disconnecting);
  975. return result;
  976. }
  977. /* Allocate and initialize the POP3 struct for the current Curl_easy if
  978. required */
  979. static CURLcode pop3_init(struct Curl_easy *data)
  980. {
  981. CURLcode result = CURLE_OK;
  982. struct POP3 *pop3;
  983. pop3 = data->req.p.pop3 = calloc(1, sizeof(struct POP3));
  984. if(!pop3)
  985. result = CURLE_OUT_OF_MEMORY;
  986. return result;
  987. }
  988. /* For the POP3 "protocol connect" and "doing" phases only */
  989. static int pop3_getsock(struct Curl_easy *data,
  990. struct connectdata *conn, curl_socket_t *socks)
  991. {
  992. return Curl_pp_getsock(data, &conn->proto.pop3c.pp, socks);
  993. }
  994. /***********************************************************************
  995. *
  996. * pop3_connect()
  997. *
  998. * This function should do everything that is to be considered a part of the
  999. * connection phase.
  1000. *
  1001. * The variable 'done' points to will be TRUE if the protocol-layer connect
  1002. * phase is done when this function returns, or FALSE if not.
  1003. */
  1004. static CURLcode pop3_connect(struct Curl_easy *data, bool *done)
  1005. {
  1006. CURLcode result = CURLE_OK;
  1007. struct connectdata *conn = data->conn;
  1008. struct pop3_conn *pop3c = &conn->proto.pop3c;
  1009. struct pingpong *pp = &pop3c->pp;
  1010. *done = FALSE; /* default to not done yet */
  1011. /* We always support persistent connections in POP3 */
  1012. connkeep(conn, "POP3 default");
  1013. PINGPONG_SETUP(pp, pop3_statemachine, pop3_endofresp);
  1014. /* Set the default preferred authentication type and mechanism */
  1015. pop3c->preftype = POP3_TYPE_ANY;
  1016. Curl_sasl_init(&pop3c->sasl, data, &saslpop3);
  1017. /* Initialise the pingpong layer */
  1018. Curl_pp_init(pp);
  1019. /* Parse the URL options */
  1020. result = pop3_parse_url_options(conn);
  1021. if(result)
  1022. return result;
  1023. /* Start off waiting for the server greeting response */
  1024. pop3_state(data, POP3_SERVERGREET);
  1025. result = pop3_multi_statemach(data, done);
  1026. return result;
  1027. }
  1028. /***********************************************************************
  1029. *
  1030. * pop3_done()
  1031. *
  1032. * The DONE function. This does what needs to be done after a single DO has
  1033. * performed.
  1034. *
  1035. * Input argument is already checked for validity.
  1036. */
  1037. static CURLcode pop3_done(struct Curl_easy *data, CURLcode status,
  1038. bool premature)
  1039. {
  1040. CURLcode result = CURLE_OK;
  1041. struct POP3 *pop3 = data->req.p.pop3;
  1042. (void)premature;
  1043. if(!pop3)
  1044. return CURLE_OK;
  1045. if(status) {
  1046. connclose(data->conn, "POP3 done with bad status");
  1047. result = status; /* use the already set error code */
  1048. }
  1049. /* Cleanup our per-request based variables */
  1050. Curl_safefree(pop3->id);
  1051. Curl_safefree(pop3->custom);
  1052. /* Clear the transfer mode for the next request */
  1053. pop3->transfer = PPTRANSFER_BODY;
  1054. return result;
  1055. }
  1056. /***********************************************************************
  1057. *
  1058. * pop3_perform()
  1059. *
  1060. * This is the actual DO function for POP3. Get a message/listing according to
  1061. * the options previously setup.
  1062. */
  1063. static CURLcode pop3_perform(struct Curl_easy *data, bool *connected,
  1064. bool *dophase_done)
  1065. {
  1066. /* This is POP3 and no proxy */
  1067. CURLcode result = CURLE_OK;
  1068. struct POP3 *pop3 = data->req.p.pop3;
  1069. DEBUGF(infof(data, "DO phase starts"));
  1070. if(data->req.no_body) {
  1071. /* Requested no body means no transfer */
  1072. pop3->transfer = PPTRANSFER_INFO;
  1073. }
  1074. *dophase_done = FALSE; /* not done yet */
  1075. /* Start the first command in the DO phase */
  1076. result = pop3_perform_command(data);
  1077. if(result)
  1078. return result;
  1079. /* Run the state-machine */
  1080. result = pop3_multi_statemach(data, dophase_done);
  1081. *connected = Curl_conn_is_connected(data->conn, FIRSTSOCKET);
  1082. if(*dophase_done)
  1083. DEBUGF(infof(data, "DO phase is complete"));
  1084. return result;
  1085. }
  1086. /***********************************************************************
  1087. *
  1088. * pop3_do()
  1089. *
  1090. * This function is registered as 'curl_do' function. It decodes the path
  1091. * parts etc as a wrapper to the actual DO function (pop3_perform).
  1092. *
  1093. * The input argument is already checked for validity.
  1094. */
  1095. static CURLcode pop3_do(struct Curl_easy *data, bool *done)
  1096. {
  1097. CURLcode result = CURLE_OK;
  1098. *done = FALSE; /* default to false */
  1099. /* Parse the URL path */
  1100. result = pop3_parse_url_path(data);
  1101. if(result)
  1102. return result;
  1103. /* Parse the custom request */
  1104. result = pop3_parse_custom_request(data);
  1105. if(result)
  1106. return result;
  1107. result = pop3_regular_transfer(data, done);
  1108. return result;
  1109. }
  1110. /***********************************************************************
  1111. *
  1112. * pop3_disconnect()
  1113. *
  1114. * Disconnect from an POP3 server. Cleanup protocol-specific per-connection
  1115. * resources. BLOCKING.
  1116. */
  1117. static CURLcode pop3_disconnect(struct Curl_easy *data,
  1118. struct connectdata *conn, bool dead_connection)
  1119. {
  1120. struct pop3_conn *pop3c = &conn->proto.pop3c;
  1121. (void)data;
  1122. /* We cannot send quit unconditionally. If this connection is stale or
  1123. bad in any way, sending quit and waiting around here will make the
  1124. disconnect wait in vain and cause more problems than we need to. */
  1125. if(!dead_connection && conn->bits.protoconnstart) {
  1126. if(!pop3_perform_quit(data, conn))
  1127. (void)pop3_block_statemach(data, conn, TRUE); /* ignore errors on QUIT */
  1128. }
  1129. /* Disconnect from the server */
  1130. Curl_pp_disconnect(&pop3c->pp);
  1131. /* Cleanup the SASL module */
  1132. Curl_sasl_cleanup(conn, pop3c->sasl.authused);
  1133. /* Cleanup our connection based variables */
  1134. Curl_safefree(pop3c->apoptimestamp);
  1135. return CURLE_OK;
  1136. }
  1137. /* Call this when the DO phase has completed */
  1138. static CURLcode pop3_dophase_done(struct Curl_easy *data, bool connected)
  1139. {
  1140. (void)data;
  1141. (void)connected;
  1142. return CURLE_OK;
  1143. }
  1144. /* Called from multi.c while DOing */
  1145. static CURLcode pop3_doing(struct Curl_easy *data, bool *dophase_done)
  1146. {
  1147. CURLcode result = pop3_multi_statemach(data, dophase_done);
  1148. if(result)
  1149. DEBUGF(infof(data, "DO phase failed"));
  1150. else if(*dophase_done) {
  1151. result = pop3_dophase_done(data, FALSE /* not connected */);
  1152. DEBUGF(infof(data, "DO phase is complete"));
  1153. }
  1154. return result;
  1155. }
  1156. /***********************************************************************
  1157. *
  1158. * pop3_regular_transfer()
  1159. *
  1160. * The input argument is already checked for validity.
  1161. *
  1162. * Performs all commands done before a regular transfer between a local and a
  1163. * remote host.
  1164. */
  1165. static CURLcode pop3_regular_transfer(struct Curl_easy *data,
  1166. bool *dophase_done)
  1167. {
  1168. CURLcode result = CURLE_OK;
  1169. bool connected = FALSE;
  1170. /* Make sure size is unknown at this point */
  1171. data->req.size = -1;
  1172. /* Set the progress data */
  1173. Curl_pgrsSetUploadCounter(data, 0);
  1174. Curl_pgrsSetDownloadCounter(data, 0);
  1175. Curl_pgrsSetUploadSize(data, -1);
  1176. Curl_pgrsSetDownloadSize(data, -1);
  1177. /* Carry out the perform */
  1178. result = pop3_perform(data, &connected, dophase_done);
  1179. /* Perform post DO phase operations if necessary */
  1180. if(!result && *dophase_done)
  1181. result = pop3_dophase_done(data, connected);
  1182. return result;
  1183. }
  1184. static CURLcode pop3_setup_connection(struct Curl_easy *data,
  1185. struct connectdata *conn)
  1186. {
  1187. /* Initialise the POP3 layer */
  1188. CURLcode result = pop3_init(data);
  1189. if(result)
  1190. return result;
  1191. /* Clear the TLS upgraded flag */
  1192. conn->bits.tls_upgraded = FALSE;
  1193. return CURLE_OK;
  1194. }
  1195. /***********************************************************************
  1196. *
  1197. * pop3_parse_url_options()
  1198. *
  1199. * Parse the URL login options.
  1200. */
  1201. static CURLcode pop3_parse_url_options(struct connectdata *conn)
  1202. {
  1203. CURLcode result = CURLE_OK;
  1204. struct pop3_conn *pop3c = &conn->proto.pop3c;
  1205. const char *ptr = conn->options;
  1206. while(!result && ptr && *ptr) {
  1207. const char *key = ptr;
  1208. const char *value;
  1209. while(*ptr && *ptr != '=')
  1210. ptr++;
  1211. value = ptr + 1;
  1212. while(*ptr && *ptr != ';')
  1213. ptr++;
  1214. if(strncasecompare(key, "AUTH=", 5)) {
  1215. result = Curl_sasl_parse_url_auth_option(&pop3c->sasl,
  1216. value, ptr - value);
  1217. if(result && strncasecompare(value, "+APOP", ptr - value)) {
  1218. pop3c->preftype = POP3_TYPE_APOP;
  1219. pop3c->sasl.prefmech = SASL_AUTH_NONE;
  1220. result = CURLE_OK;
  1221. }
  1222. }
  1223. else
  1224. result = CURLE_URL_MALFORMAT;
  1225. if(*ptr == ';')
  1226. ptr++;
  1227. }
  1228. if(pop3c->preftype != POP3_TYPE_APOP)
  1229. switch(pop3c->sasl.prefmech) {
  1230. case SASL_AUTH_NONE:
  1231. pop3c->preftype = POP3_TYPE_NONE;
  1232. break;
  1233. case SASL_AUTH_DEFAULT:
  1234. pop3c->preftype = POP3_TYPE_ANY;
  1235. break;
  1236. default:
  1237. pop3c->preftype = POP3_TYPE_SASL;
  1238. break;
  1239. }
  1240. return result;
  1241. }
  1242. /***********************************************************************
  1243. *
  1244. * pop3_parse_url_path()
  1245. *
  1246. * Parse the URL path into separate path components.
  1247. */
  1248. static CURLcode pop3_parse_url_path(struct Curl_easy *data)
  1249. {
  1250. /* The POP3 struct is already initialised in pop3_connect() */
  1251. struct POP3 *pop3 = data->req.p.pop3;
  1252. const char *path = &data->state.up.path[1]; /* skip leading path */
  1253. /* URL decode the path for the message ID */
  1254. return Curl_urldecode(path, 0, &pop3->id, NULL, REJECT_CTRL);
  1255. }
  1256. /***********************************************************************
  1257. *
  1258. * pop3_parse_custom_request()
  1259. *
  1260. * Parse the custom request.
  1261. */
  1262. static CURLcode pop3_parse_custom_request(struct Curl_easy *data)
  1263. {
  1264. CURLcode result = CURLE_OK;
  1265. struct POP3 *pop3 = data->req.p.pop3;
  1266. const char *custom = data->set.str[STRING_CUSTOMREQUEST];
  1267. /* URL decode the custom request */
  1268. if(custom)
  1269. result = Curl_urldecode(custom, 0, &pop3->custom, NULL, REJECT_CTRL);
  1270. return result;
  1271. }
  1272. /***********************************************************************
  1273. *
  1274. * pop3_write()
  1275. *
  1276. * This function scans the body after the end-of-body and writes everything
  1277. * until the end is found.
  1278. */
  1279. static CURLcode pop3_write(struct Curl_easy *data, const char *str,
  1280. size_t nread, bool is_eos)
  1281. {
  1282. /* This code could be made into a special function in the handler struct */
  1283. CURLcode result = CURLE_OK;
  1284. struct SingleRequest *k = &data->req;
  1285. struct connectdata *conn = data->conn;
  1286. struct pop3_conn *pop3c = &conn->proto.pop3c;
  1287. bool strip_dot = FALSE;
  1288. size_t last = 0;
  1289. size_t i;
  1290. (void)is_eos;
  1291. /* Search through the buffer looking for the end-of-body marker which is
  1292. 5 bytes (0d 0a 2e 0d 0a). Note that a line starting with a dot matches
  1293. the eob so the server will have prefixed it with an extra dot which we
  1294. need to strip out. Additionally the marker could of course be spread out
  1295. over 5 different data chunks. */
  1296. for(i = 0; i < nread; i++) {
  1297. size_t prev = pop3c->eob;
  1298. switch(str[i]) {
  1299. case 0x0d:
  1300. if(pop3c->eob == 0) {
  1301. pop3c->eob++;
  1302. if(i) {
  1303. /* Write out the body part that did not match */
  1304. result = Curl_client_write(data, CLIENTWRITE_BODY, &str[last],
  1305. i - last);
  1306. if(result)
  1307. return result;
  1308. last = i;
  1309. }
  1310. }
  1311. else if(pop3c->eob == 3)
  1312. pop3c->eob++;
  1313. else
  1314. /* If the character match was not at position 0 or 3 then restart the
  1315. pattern matching */
  1316. pop3c->eob = 1;
  1317. break;
  1318. case 0x0a:
  1319. if(pop3c->eob == 1 || pop3c->eob == 4)
  1320. pop3c->eob++;
  1321. else
  1322. /* If the character match was not at position 1 or 4 then start the
  1323. search again */
  1324. pop3c->eob = 0;
  1325. break;
  1326. case 0x2e:
  1327. if(pop3c->eob == 2)
  1328. pop3c->eob++;
  1329. else if(pop3c->eob == 3) {
  1330. /* We have an extra dot after the CRLF which we need to strip off */
  1331. strip_dot = TRUE;
  1332. pop3c->eob = 0;
  1333. }
  1334. else
  1335. /* If the character match was not at position 2 then start the search
  1336. again */
  1337. pop3c->eob = 0;
  1338. break;
  1339. default:
  1340. pop3c->eob = 0;
  1341. break;
  1342. }
  1343. /* Did we have a partial match which has subsequently failed? */
  1344. if(prev && prev >= pop3c->eob) {
  1345. /* Strip can only be non-zero for the very first mismatch after CRLF
  1346. and then both prev and strip are equal and nothing will be output
  1347. below */
  1348. while(prev && pop3c->strip) {
  1349. prev--;
  1350. pop3c->strip--;
  1351. }
  1352. if(prev) {
  1353. /* If the partial match was the CRLF and dot then only write the CRLF
  1354. as the server would have inserted the dot */
  1355. if(strip_dot && prev - 1 > 0) {
  1356. result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)POP3_EOB,
  1357. prev - 1);
  1358. }
  1359. else if(!strip_dot) {
  1360. result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)POP3_EOB,
  1361. prev);
  1362. }
  1363. else {
  1364. result = CURLE_OK;
  1365. }
  1366. if(result)
  1367. return result;
  1368. last = i;
  1369. strip_dot = FALSE;
  1370. }
  1371. }
  1372. }
  1373. if(pop3c->eob == POP3_EOB_LEN) {
  1374. /* We have a full match so the transfer is done, however we must transfer
  1375. the CRLF at the start of the EOB as this is considered to be part of the
  1376. message as per RFC-1939, sect. 3 */
  1377. result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)POP3_EOB, 2);
  1378. k->keepon &= ~KEEP_RECV;
  1379. pop3c->eob = 0;
  1380. return result;
  1381. }
  1382. if(pop3c->eob)
  1383. /* While EOB is matching nothing should be output */
  1384. return CURLE_OK;
  1385. if(nread - last) {
  1386. result = Curl_client_write(data, CLIENTWRITE_BODY, &str[last],
  1387. nread - last);
  1388. }
  1389. return result;
  1390. }
  1391. #endif /* CURL_DISABLE_POP3 */