* Alpine will delete passwords that do not work from internal memory

and the local password cache (password file or system local cache.)
author: Eduardo Chappa <chappa@washington.edu> 2021-09-09 21:01:09 -0600
committer: Eduardo Chappa <chappa@washington.edu> 2021-09-09 21:01:09 -0600
commit: 7feb75607413687c38c51197a73611cb30d39127 (patch)
tree: d8da4994dcd377360494775f5c1a666a30676e47 /imap
parent: 68ac2c9a0ed6d3b0aa1f14c1b5efc9a44e9d871f (diff)
download: alpine-7feb75607413687c38c51197a73611cb30d39127.tar.xz
6 files changed, 36 insertions, 1 deletions
diff --git a/imap/src/c-client/imap4r1.c b/imap/src/c-client/imap4r1.c
index 155b4d5c..b29d7201 100644
--- a/imap/src/c-client/imap4r1.c
+++ b/imap/src/c-client/imap4r1.c
@@ -1206,6 +1206,7 @@ long imap_auth (MAILSTREAM *stream,NETMBX *mb,char *tmp,char *usr)
       sprintf (tmp,"Retrying using %s authentication after %.80s",
 	       at->name,lsterr);
       mm_log (tmp,NIL);
+      delete_password(mb, usr);
       fs_give ((void **) &lsterr);
     }
     trial = 0;			/* initial trial count */
@@ -1215,6 +1216,7 @@ long imap_auth (MAILSTREAM *stream,NETMBX *mb,char *tmp,char *usr)
 	sprintf (tmp,"Retrying %s authentication after %.80s",at->name,lsterr);
 	mm_log (tmp,WARN);
 	fs_give ((void **) &lsterr);
+	delete_password(mb, usr);
       }
       LOCAL->saslcancel = NIL;
       sprintf (tag,"%08lx",0xffffffff & (stream->gensym++));
@@ -1233,6 +1235,7 @@ long imap_auth (MAILSTREAM *stream,NETMBX *mb,char *tmp,char *usr)
 
 	if(base && !trial){	/* do it now, instead of later */
 	  mm_log ("IMAP Authentication cancelled",ERROR);
+	  delete_password(mb, usr);
 	  return NIL;
 	}
 				/* make sure have a response */
@@ -1250,6 +1253,7 @@ long imap_auth (MAILSTREAM *stream,NETMBX *mb,char *tmp,char *usr)
 	}
 	if (!trial) {		/* if main program requested cancellation */
 	  mm_log ("IMAP Authentication cancelled",ERROR);
+	  delete_password(mb, usr);
 	  return NIL;
 	}
 				/* no error if protocol-initiated cancel */
@@ -1264,6 +1268,7 @@ long imap_auth (MAILSTREAM *stream,NETMBX *mb,char *tmp,char *usr)
       sprintf (tmp,"Can not authenticate to IMAP server: %.80s",lsterr);
       mm_log (tmp,ERROR);
     }
+    delete_password(mb, usr);
     fs_give ((void **) &lsterr);
   }
   if(mb && *mb->auth){
@@ -1316,6 +1321,7 @@ long imap_login (MAILSTREAM *stream,NETMBX *mb,char *pwd,char *usr)
 	if (imap_OK (stream,reply = imap_send (stream,"LOGIN",args)))
 	  ret = LONGT;		/* success */
 	else {
+	  delete_password(mb, usr);
 	  mm_log (reply->text,WARN);
 	  if (!LOCAL->referral && (trial == imap_maxlogintrials))
 	    mm_log ("Too many login failures",ERROR);
diff --git a/imap/src/c-client/mail.c b/imap/src/c-client/mail.c
index 730201c2..471269c0 100644
--- a/imap/src/c-client/mail.c
+++ b/imap/src/c-client/mail.c
@@ -58,6 +58,8 @@ static mailcache_t mailcache = mm_cache;
 static rfc822out_t mail822out = NIL;
 				/* RFC-822 output generator (new style) */
 static rfc822outfull_t mail822outfull = NIL;
+				/* Erase password (client side) */
+static deletepwd_t erase_password = NIL;
 				/* SMTP verbose callback */
 static smtpverbose_t mailsmtpverbose = mm_dlog;
 				/* proxy copy routine */
@@ -581,6 +583,11 @@ void *mail_parameters (MAILSTREAM *stream,long function,void *value)
   case GET_SENDCOMMAND:
     ret = (void *) mailsendcommand;
     break;
+  case SET_ERASEPASSWORD:
+    erase_password = (deletepwd_t) value;
+  case GET_ERASEPASSWORD:
+    ret = (void *) erase_password;
+    break;
 
   case SET_SERVICENAME:
     servicename = (char *) value;
@@ -6242,7 +6249,12 @@ unsigned int mail_lookup_auth_name (char *mechanism,long flags)
       return i;
   return 0;
 }
-
+/* Client side callback warning to delete wrong password */
+void delete_password(NETMBX *mb, char *user)
+{
+  deletepwd_t ep = mail_parameters(NULL, GET_ERASEPASSWORD, NULL);
+  if (ep) (ep)(mb, user);
+}
 /* Standard TCP/IP network driver */
 
 static NETDRIVER tcpdriver = {
diff --git a/imap/src/c-client/mail.h b/imap/src/c-client/mail.h
index d40d7ebe..8e848201 100644
--- a/imap/src/c-client/mail.h
+++ b/imap/src/c-client/mail.h
@@ -308,6 +308,8 @@
 #define SET_IDLETIMEOUT (long) 453
 #define GET_FETCHLOOKAHEADLIMIT (long) 454
 #define SET_FETCHLOOKAHEADLIMIT (long) 455
+#define GET_ERASEPASSWORD	(long) 456
+#define SET_ERASEPASSWORD	(long) 457
 /* HTTP SUPPORT DEFINES THEIR OWN SET_ AND GET_ CONSTANTS (490..493). See http.h */
 
 	/* 5xx: local file drivers */
@@ -1416,6 +1418,7 @@ typedef ADDRESS *(*parsephrase_t) (char *phrase,char *end,char *host);
 typedef void *(*blocknotify_t) (int reason,void *data);
 typedef long (*kinit_t) (char *host,char *reason);
 typedef void (*sendcommand_t) (MAILSTREAM *stream,char *cmd,long flags);
+typedef void (*deletepwd_t) (NETMBX *mb,char *user);
 typedef char *(*newsrcquery_t) (MAILSTREAM *stream,char *mulname,char *name);
 typedef void (*getacl_t) (MAILSTREAM *stream,char *mailbox,ACLLIST *acl);
 typedef void (*listrights_t) (MAILSTREAM *stream,char *mailbox,char *id,
@@ -1698,6 +1701,8 @@ long mm_diskerror (MAILSTREAM *stream,long errcode,long serious);
 void mm_fatal (char *string);
 void *mm_cache (MAILSTREAM *stream,unsigned long msgno,long op);
 
+void delete_password (NETMBX *mb, char *user);
+
 extern STRINGDRIVER mail_string;
 void mail_versioncheck (char *version);
 void mail_link (DRIVER *driver);
diff --git a/imap/src/c-client/nntp.c b/imap/src/c-client/nntp.c
index b8d89893..3875b351 100644
--- a/imap/src/c-client/nntp.c
+++ b/imap/src/c-client/nntp.c
@@ -2058,6 +2058,7 @@ long nntp_send_auth_work (SENDSTREAM *stream,NETMBX *mb,char *pwd,long flags)
       sprintf (tmp,"Retrying using %s authentication after %.80s",
 	       at->name,lsterr);
       mm_log (tmp,NIL);
+      delete_password(mb, mb ? mb->user : NULL);
       fs_give ((void **) &lsterr);
     }
     trial = 0;			/* initial trial count */
@@ -2066,6 +2067,7 @@ long nntp_send_auth_work (SENDSTREAM *stream,NETMBX *mb,char *pwd,long flags)
       if (lsterr) {
 	sprintf (tmp,"Retrying %s authentication after %.80s",at->name,lsterr);
 	mm_log (tmp,WARN);
+	delete_password(mb, mb ? mb->user : NULL);
 	fs_give ((void **) &lsterr);
       }
       stream->saslcancel = NIL;
@@ -2096,6 +2098,7 @@ long nntp_send_auth_work (SENDSTREAM *stream,NETMBX *mb,char *pwd,long flags)
       sprintf (tmp,"Can not authenticate to NNTP server: %.80s",lsterr);
       mm_log (tmp,ERROR);
     }
+    delete_password(mb, mb ? mb->user : NULL);
     fs_give ((void **) &lsterr);
   }
   else if (mb->secflag)		/* no SASL, can't do /secure */
@@ -2124,6 +2127,8 @@ long nntp_send_auth_work (SENDSTREAM *stream,NETMBX *mb,char *pwd,long flags)
       stream->sensitive = T;	/* hide this command */
       if (nntp_send_work (stream,"AUTHINFO PASS",pwd2) == NNTPAUTHED)
 	ret = LONGT;		/* password OK */
+      else
+        delete_password(mb, mb ? mb->user : NULL);
       stream->sensitive = NIL;	/* unhide */
       if (ret) break;		/* OK if successful */
     default:			/* authentication failed */
diff --git a/imap/src/c-client/pop3.c b/imap/src/c-client/pop3.c
index 89c3d9cb..ea8a64f5 100644
--- a/imap/src/c-client/pop3.c
+++ b/imap/src/c-client/pop3.c
@@ -628,12 +628,14 @@ long pop3_auth (MAILSTREAM *stream,NETMBX *mb,char *pwd,char *usr)
 		 at->name,t);
 	mm_log (pwd,NIL);
 	fs_give ((void **) &t);
+	delete_password(mb, usr);
       }
       trial = 0;		/* initial trial count */
       do {
 	if (t) {
 	  sprintf (pwd,"Retrying %s authentication after %.80s",at->name,t);
 	  mm_log (pwd,WARN);
+	  delete_password(mb, usr);
 	  fs_give ((void **) &t);
 	}
 	if(at->flags & AU_SINGLE){
@@ -664,6 +666,7 @@ long pop3_auth (MAILSTREAM *stream,NETMBX *mb,char *pwd,char *usr)
 	sprintf (pwd,"Can not authenticate to POP3 server: %.80s",t);
 	mm_log (pwd,ERROR);
       }
+      delete_password(mb, usr);
       fs_give ((void **) &t);
     }
     if(mb && *mb->auth){
@@ -696,6 +699,7 @@ long pop3_auth (MAILSTREAM *stream,NETMBX *mb,char *pwd,char *usr)
 	  LOCAL->sensitive=NIL;	/* unhide */
 	}
 	if (!ret) {		/* failure */
+	  delete_password(mb, usr);
 	  mm_log (LOCAL->reply,WARN);
 	  if (trial == pop3_maxlogintrials)
 	    mm_log ("Too many login failures",ERROR);
diff --git a/imap/src/c-client/smtp.c b/imap/src/c-client/smtp.c
index bee34565..7c1f9936 100644
--- a/imap/src/c-client/smtp.c
+++ b/imap/src/c-client/smtp.c
@@ -301,6 +301,7 @@ long smtp_auth (SENDSTREAM *stream,NETMBX *mb,char *tmp)
       sprintf (tmp,"Retrying using %s authentication after %.80s",
 	       at->name,lsterr);
       mm_log (tmp,NIL);
+      delete_password(mb, usr);
       fs_give ((void **) &lsterr);
     }
     trial = 0;			/* initial trial count */
@@ -310,6 +311,7 @@ long smtp_auth (SENDSTREAM *stream,NETMBX *mb,char *tmp)
 	sprintf (tmp,"Retrying %s authentication after %.80s",at->name,lsterr);
 	mm_log (tmp,WARN);
 	fs_give ((void **) &lsterr);
+	delete_password(mb, usr);
       }
       if(at->flags & AU_SINGLE){
 	sprintf(tmp, "AUTH %s", at->name);
@@ -343,6 +345,7 @@ long smtp_auth (SENDSTREAM *stream,NETMBX *mb,char *tmp)
       sprintf (tmp,"Can not authenticate to SMTP server: %.80s",lsterr);
       mm_log (tmp,ERROR);
     }
+    delete_password(mb, usr);
     fs_give ((void **) &lsterr);
   }
   if(mb && *mb->auth){
author	Eduardo Chappa <chappa@washington.edu>	2021-09-09 21:01:09 -0600
committer	Eduardo Chappa <chappa@washington.edu>	2021-09-09 21:01:09 -0600
commit	7feb75607413687c38c51197a73611cb30d39127 (patch)
tree	d8da4994dcd377360494775f5c1a666a30676e47 /imap
parent	68ac2c9a0ed6d3b0aa1f14c1b5efc9a44e9d871f (diff)
download	alpine-7feb75607413687c38c51197a73611cb30d39127.tar.xz