diff options
| author | Aditya Garg <gargaditya08@live.com> | 2025-06-20 12:10:26 +0530 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2025-06-20 08:11:16 -0700 |
| commit | b9e766604df2c50b2f721479bb405409db3344d1 (patch) | |
| tree | 10365f6428c06ce57ca77f00d6759484086843ae | |
| parent | ac4e02c5030c05d71b20127a7118b0a0fc3c1c64 (diff) | |
| download | git-b9e766604df2c50b2f721479bb405409db3344d1.tar.gz | |
imap-send: gracefully fail if CRAM-MD5 authentication is requested without OpenSSL
Unlike PLAIN, XOAUTH2 and OAUTHBEARER, CRAM-MD5 authentication is not
supported by libcurl and requires OpenSSL. If the user tries to use
CRAM-MD5 authentication without OpenSSL, the previous behaviour was to
attempt to authenticate and fail with a die(error). Handle this in a
better way by first checking if OpenSSL is available and then attempting
to authenticate. If OpenSSL is not available, print an error message and
exit gracefully.
Signed-off-by: Aditya Garg <gargaditya08@live.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | imap-send.c | 66 |
1 files changed, 39 insertions, 27 deletions
diff --git a/imap-send.c b/imap-send.c index 1a582c8443..f55399cd9e 100644 --- a/imap-send.c +++ b/imap-send.c @@ -885,18 +885,6 @@ static char *cram(const char *challenge_64, const char *user, const char *pass) return (char *)response_64; } -#else - -static char *cram(const char *challenge_64 UNUSED, - const char *user UNUSED, - const char *pass UNUSED) -{ - die("If you want to use CRAM-MD5 authenticate method, " - "you have to build git-imap-send with OpenSSL library."); -} - -#endif - static int auth_cram_md5(struct imap_store *ctx, const char *prompt) { int ret; @@ -915,6 +903,12 @@ static int auth_cram_md5(struct imap_store *ctx, const char *prompt) return 0; } +#else + +#define auth_cram_md5 NULL + +#endif + static void server_fill_credential(struct imap_server_conf *srvc, struct credential *cred) { if (srvc->user && srvc->pass) @@ -934,6 +928,38 @@ static void server_fill_credential(struct imap_server_conf *srvc, struct credent srvc->pass = xstrdup(cred->password); } +static int try_auth_method(struct imap_server_conf *srvc, + struct imap_store *ctx, + struct imap *imap, + const char *auth_method, + enum CAPABILITY cap, + int (*fn)(struct imap_store *, const char *)) +{ + struct imap_cmd_cb cb = {0}; + + if (!CAP(cap)) { + fprintf(stderr, "You specified " + "%s as authentication method, " + "but %s doesn't support it.\n", + auth_method, srvc->host); + return -1; + } + cb.cont = fn; + + if (NOT_CONSTANT(!cb.cont)) { + fprintf(stderr, "If you want to use %s authentication mechanism, " + "you have to build git-imap-send with OpenSSL library.", + auth_method); + return -1; + } + if (imap_exec(ctx, &cb, "AUTHENTICATE %s", auth_method) != RESP_OK) { + fprintf(stderr, "IMAP error: AUTHENTICATE %s failed\n", + auth_method); + return -1; + } + return 0; +} + static struct imap_store *imap_open_store(struct imap_server_conf *srvc, const char *folder) { struct credential cred = CREDENTIAL_INIT; @@ -1089,23 +1115,9 @@ static struct imap_store *imap_open_store(struct imap_server_conf *srvc, const c server_fill_credential(srvc, &cred); if (srvc->auth_method) { - struct imap_cmd_cb cb; - if (!strcmp(srvc->auth_method, "CRAM-MD5")) { - if (!CAP(AUTH_CRAM_MD5)) { - fprintf(stderr, "You specified " - "CRAM-MD5 as authentication method, " - "but %s doesn't support it.\n", srvc->host); - goto bail; - } - /* CRAM-MD5 */ - - memset(&cb, 0, sizeof(cb)); - cb.cont = auth_cram_md5; - if (imap_exec(ctx, &cb, "AUTHENTICATE CRAM-MD5") != RESP_OK) { - fprintf(stderr, "IMAP error: AUTHENTICATE CRAM-MD5 failed\n"); + if (try_auth_method(srvc, ctx, imap, "CRAM-MD5", AUTH_CRAM_MD5, auth_cram_md5)) goto bail; - } } else { fprintf(stderr, "Unknown authentication method:%s\n", srvc->host); goto bail; |