imap-login: Using CAPABILITY command after STARTTLS shouldn't trigger CAPABILITY...

--HG--
branch : HEAD

diff --git a/src/imap-login/client-authenticate.c b/src/imap-login/client-authenticate.c
index 0dafd36eff1fc16de8a51590030b0562cdc07916..9b25eb6dbc2f49ee085c1f5a95e7b28c3aef815a 100644 (file)
--- a/src/imap-login/client-authenticate.c
+++ b/src/imap-login/client-authenticate.c
@@ -327,7 +327,8 @@ static int client_auth_begin(struct imap_client *client, const char *mech_name,
 {
        char *prefix;
 
-       prefix = i_strdup_printf("%d%s", client->capability_command_used,
+       prefix = i_strdup_printf("%d%s",
+                                client->client_ignores_capability_resp_code,
                                 client->cmd_tag);
 
        i_free(client->common.master_data_prefix);

diff --git a/src/imap-login/client.c b/src/imap-login/client.c
index 63d5ef04ab29a3c52802fe3d4d44e145f966fce1..fbf4f860aaf60d39937297074dd516c37a4fbbde 100644 (file)
--- a/src/imap-login/client.c
+++ b/src/imap-login/client.c
@@ -111,7 +111,11 @@ static const char *get_capability(struct imap_client *client)
 
 static int cmd_capability(struct imap_client *client)
 {
-       client->capability_command_used = TRUE;
+       /* Client is required to send CAPABILITY after STARTTLS, so the
+          capability resp-code workaround checks only pre-STARTTLS
+          CAPABILITY commands. */
+       if (!client->starttls)
+               client->client_ignores_capability_resp_code = TRUE;
        client_send_line(client, t_strconcat(
                "* CAPABILITY ", get_capability(client), NULL));
        client_send_tagline(client, "OK Capability completed.");
@@ -135,6 +139,7 @@ static void client_start_tls(struct imap_client *client)
                return;
        }
 
+       client->starttls = TRUE;
        client->common.proxying = TRUE;
        client->common.tls = TRUE;
        client->common.secured = TRUE;

diff --git a/src/imap-login/client.h b/src/imap-login/client.h
index 1de2696017f93a2b34e625ffb9401e0235cca458..13277fbdaab46323959c901c652c822193e273e9 100644 (file)
--- a/src/imap-login/client.h
+++ b/src/imap-login/client.h
@@ -27,6 +27,7 @@ struct imap_client {
 
        const char *cmd_tag, *cmd_name;
 
+       unsigned int starttls:1;
        unsigned int login_success:1;
        unsigned int cmd_finished:1;
        unsigned int proxy_sasl_ir:1;
@@ -37,7 +38,7 @@ struct imap_client {
        unsigned int greeting_sent:1;
        unsigned int id_logged:1;
        unsigned int auth_initializing:1;
-       unsigned int capability_command_used:1;
+       unsigned int client_ignores_capability_resp_code:1;
 };
 
 void client_destroy(struct imap_client *client, const char *reason);

diff --git a/src/imap-login/imap-proxy.c b/src/imap-login/imap-proxy.c
index 3d6c9fb7d6e5d62b65a0521c195eef4b3da79f00..f4aa33692036d011f98f9abbbdfd83de5a2799da 100644 (file)
--- a/src/imap-login/imap-proxy.c
+++ b/src/imap-login/imap-proxy.c
@@ -73,12 +73,12 @@ static void
 client_send_capability_if_needed(struct imap_client *client, string_t *str,
                                 const char *capability)
 {
-       if (!client->capability_command_used || capability == NULL)
+       if (!client->client_ignores_capability_resp_code || capability == NULL)
                return;
 
        /* reset this so that we don't re-send the CAPABILITY in case server
           sends it multiple times */
-       client->capability_command_used = FALSE;
+       client->client_ignores_capability_resp_code = FALSE;
 
        /* client has used CAPABILITY command, so it didn't understand the
           capabilities in the banner. send the backend's untagged CAPABILITY
@@ -88,7 +88,7 @@ client_send_capability_if_needed(struct imap_client *client, string_t *str,
 
 static void proxy_write_login(struct imap_client *client, string_t *str)
 {
-       if (client->capability_command_used)
+       if (client->client_ignores_capability_resp_code)
                str_append(str, "C CAPABILITY\r\n");
 
        if (client->proxy_master_user == NULL) {