eyecatchu/git
1
0
Fork 0
mirror of https://github.com/git/git.git synced 2026-01-11 13:23:12 +09:00
Code Issues Packages Projects Releases Wiki Activity

imap-send: gracefully fail if CRAM-MD5 authentication is requested without OpenSSL

Browse Source 
Unlike PLAIN, XOAUTH2 and OAUTHBEARER, CRAM-MD5 authentication is not
supported by libcurl and requires OpenSSL. If the user tries to use
CRAM-MD5 authentication without OpenSSL, the previous behaviour was to
attempt to authenticate and fail with a die(error). Handle this in a
better way by first checking if OpenSSL is available and then attempting
to authenticate. If OpenSSL is not available, print an error message and
exit gracefully.

Signed-off-by: Aditya Garg <gargaditya08@live.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Aditya Garg 2025-06-20 12:10:26 +05:30 committed by Junio C Hamano
parent ac4e02c503
commit b9e766604d
1 changed files with 39 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
imap-send.c
View File

@ -885,18 +885,6 @@ static char *cram(const char *challenge_64, const char *user, const char *pass)
return (char *)response_64;
}
#else
static char *cram(const char *challenge_64 UNUSED,
const char *user UNUSED,
const char *pass UNUSED)
{
die("If you want to use CRAM-MD5 authenticate method, "
"you have to build git-imap-send with OpenSSL library.");
}
#endif
static int auth_cram_md5(struct imap_store *ctx, const char *prompt)
{
int ret;
@ -915,6 +903,12 @@ static int auth_cram_md5(struct imap_store *ctx, const char *prompt)
return 0;
}
#else
#define auth_cram_md5 NULL
#endif
static void server_fill_credential(struct imap_server_conf *srvc, struct credential *cred)
{
if (srvc->user && srvc->pass)
@ -934,6 +928,38 @@ static void server_fill_credential(struct imap_server_conf *srvc, struct credent
srvc->pass = xstrdup(cred->password);
}
static int try_auth_method(struct imap_server_conf *srvc,
struct imap_store *ctx,
struct imap *imap,
const char *auth_method,
enum CAPABILITY cap,
int (*fn)(struct imap_store *, const char *))
{
struct imap_cmd_cb cb = {0};
if (!CAP(cap)) {
fprintf(stderr, "You specified "
"%s as authentication method, "
"but %s doesn't support it.\n",
auth_method, srvc->host);
return -1;
}
cb.cont = fn;
if (NOT_CONSTANT(!cb.cont)) {
fprintf(stderr, "If you want to use %s authentication mechanism, "
"you have to build git-imap-send with OpenSSL library.",
auth_method);
return -1;
}
if (imap_exec(ctx, &cb, "AUTHENTICATE %s", auth_method) != RESP_OK) {
fprintf(stderr, "IMAP error: AUTHENTICATE %s failed\n",
auth_method);
return -1;
}
return 0;
}
static struct imap_store *imap_open_store(struct imap_server_conf *srvc, const char *folder)
{
struct credential cred = CREDENTIAL_INIT;
@ -1089,23 +1115,9 @@ static struct imap_store *imap_open_store(struct imap_server_conf *srvc, const c
server_fill_credential(srvc, &cred);
if (srvc->auth_method) {
struct imap_cmd_cb cb;
if (!strcmp(srvc->auth_method, "CRAM-MD5")) {
if (!CAP(AUTH_CRAM_MD5)) {
fprintf(stderr, "You specified "
"CRAM-MD5 as authentication method, "
"but %s doesn't support it.\n", srvc->host);
if (try_auth_method(srvc, ctx, imap, "CRAM-MD5", AUTH_CRAM_MD5, auth_cram_md5))
goto bail;
}
/* CRAM-MD5 */
memset(&cb, 0, sizeof(cb));
cb.cont = auth_cram_md5;
if (imap_exec(ctx, &cb, "AUTHENTICATE CRAM-MD5") != RESP_OK) {
fprintf(stderr, "IMAP error: AUTHENTICATE CRAM-MD5 failed\n");
goto bail;
}
} else {
fprintf(stderr, "Unknown authentication method:%s\n", srvc->host);
goto bail;