* if we fail to log in because of user/passvoid wrong, reply with NO instead of BAD

[citadel.git] / citadel / modules / imap / serv_imap.c

diff --git a/citadel/modules/imap/serv_imap.c b/citadel/modules/imap/serv_imap.c
index a78d648a3b9b642d8b15862dae5355551390ddce..27c0da4ccbb424f7082b728972d2310d344d7400 100644 (file)
--- a/citadel/modules/imap/serv_imap.c
+++ b/citadel/modules/imap/serv_imap.c
@@ -56,7 +56,6 @@
 #include "support.h"
 #include "config.h"
 #include "user_ops.h"
-#include "policy.h"
 #include "database.h"
 #include "msgbase.h"
 #include "internet_addressing.h"
@@ -413,9 +412,8 @@ void imap_cleanup_function(void)
        imap_free_msgids();
        imap_free_transmitted_message();
 
-       if (IMAP->cached_rfc822_data != NULL) {
-               free(IMAP->cached_rfc822_data);
-               IMAP->cached_rfc822_data = NULL;
+       if (IMAP->cached_rfc822 != NULL) {
+               FreeStrBuf(&IMAP->cached_rfc822);
                IMAP->cached_rfc822_msgnum = (-1);
                IMAP->cached_rfc822_withbody = 0;
        }
@@ -505,7 +503,6 @@ void imap_greeting(void)
        CC->session_specific_data = malloc(sizeof(citimap));
        memset(IMAP, 0, sizeof(citimap));
        IMAP->authstate = imap_as_normal;
-       IMAP->cached_rfc822_data = NULL;
        IMAP->cached_rfc822_msgnum = (-1);
        IMAP->cached_rfc822_withbody = 0;
 
@@ -553,12 +550,17 @@ void imap_login(int num_parms, ConstStr *Params)
                }
        case 4:
                if (CtdlLoginExistingUser(NULL, Params[2].Key) == login_ok) {
-                       if (CtdlTryPassword(Params[3].Key) == pass_ok) {
+                       if (CtdlTryPassword(Params[3].Key, Params[3].len) == pass_ok) {
                                cprintf("%s OK [", Params[0].Key);
                                imap_output_capability_string();
                                cprintf("] Hello, %s\r\n", CC->user.fullname);
                                return;
                        }
+                       else
+                       {
+                               cprintf("%s NO AUTHENTICATE %s failed\r\n",
+                                       Params[0].Key, Params[3].Key);
+                       }
                }
 
                cprintf("%s BAD Login incorrect\r\n", Params[0].Key);
@@ -619,6 +621,7 @@ void imap_auth_plain(void)
        char user[256];
        char pass[256];
        int result;
+       long len;
 
        memset(pass, 0, sizeof(pass));
        StrBufDecodeBase64(IMAP->Cmd.CmdBuf);
@@ -626,7 +629,9 @@ void imap_auth_plain(void)
        decoded_authstring = ChrPtr(IMAP->Cmd.CmdBuf);
        safestrncpy(ident, decoded_authstring, sizeof ident);
        safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user);
-       safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
+       len = safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass);
+       if (len < 0)
+               len = sizeof(pass) - 1;
 
        IMAP->authstate = imap_as_normal;
 
@@ -638,7 +643,7 @@ void imap_auth_plain(void)
        }
 
        if (result == login_ok) {
-               if (CtdlTryPassword(pass) == pass_ok) {
+               if (CtdlTryPassword(pass, len) == pass_ok) {
                        cprintf("%s OK authentication succeeded\r\n", IMAP->authseq);
                        return;
                }
@@ -675,18 +680,24 @@ void imap_auth_login_pass(long state)
 {
        citimap *Imap = IMAP;
        const char *pass = NULL;
+       long len = 0;
 
        switch (state) {
        default:
        case imap_as_expecting_password:
                StrBufDecodeBase64(Imap->Cmd.CmdBuf);
                pass = ChrPtr(Imap->Cmd.CmdBuf);
+               len = StrLength(Imap->Cmd.CmdBuf);
                break;
        case imap_as_expecting_multilinepassword:
                pass = ChrPtr(Imap->Cmd.CmdBuf);
+               len = StrLength(Imap->Cmd.CmdBuf);
                break;
        }
-       if (CtdlTryPassword(pass) == pass_ok) {
+       if (len > USERNAME_SIZE)
+               StrBufCutAt(Imap->Cmd.CmdBuf, USERNAME_SIZE, NULL);
+
+       if (CtdlTryPassword(pass, len) == pass_ok) {
                cprintf("%s OK authentication succeeded\r\n", IMAP->authseq);
        } else {
                cprintf("%s NO authentication failed\r\n", IMAP->authseq);
@@ -1420,7 +1431,7 @@ void imap_command_loop(void)
                CtdlLogPrintf(CTDL_INFO, "IMAP: <plain_auth>\n");
        }
        else if ((Imap->authstate == imap_as_expecting_multilineusername) || 
-                bmstrcasestr(ChrPtr(Imap->Cmd.CmdBuf), " LOGIN ")) {
+                cbmstrcasestr(ChrPtr(Imap->Cmd.CmdBuf), " LOGIN ")) {
                CtdlLogPrintf(CTDL_INFO, "IMAP: LOGIN...\n");
        }
        else {