From f0638be52a0bdb313e608447763eb4481770c4b2 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Thu, 28 Oct 2010 12:35:49 -0400
Subject: [PATCH] - Close properly IMAP connection when login fails - Don't use LOGIN when server sent LOGINDISABLED

---
 program/include/rcube_imap_generic.php |   33 ++++++++++++++++++++-------------
 1 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/program/include/rcube_imap_generic.php b/program/include/rcube_imap_generic.php
index 7917d78..0383543 100644
--- a/program/include/rcube_imap_generic.php
+++ b/program/include/rcube_imap_generic.php
@@ -680,8 +680,6 @@
     		$auth_method = 'CHECK';
         }
 
-	    $message = "INITIAL: $auth_method\n";
-
 	    $result = false;
 
 	    // initialize connection
@@ -737,10 +735,12 @@
 	    // Connected to wrong port or connection error?
 	    if (!preg_match('/^\* (OK|PREAUTH)/i', $line)) {
 		    if ($line)
-			    $this->error = sprintf("Wrong startup greeting (%s:%d): %s", $host, $this->prefs['port'], $line);
+			    $error = sprintf("Wrong startup greeting (%s:%d): %s", $host, $this->prefs['port'], $line);
 		    else
-			    $this->error = sprintf("Empty startup greeting (%s:%d)", $host, $this->prefs['port']);
-	        $this->errornum = self::ERROR_BAD;
+			    $error = sprintf("Empty startup greeting (%s:%d)", $host, $this->prefs['port']);
+
+	        $this->set_error(self::ERROR_BAD, $error);
+            $this->close();
 	        return false;
 	    }
 
@@ -749,7 +749,7 @@
 		    $this->parseCapability($matches[1], true);
 	    }
 
-	    $this->message .= $line;
+	    $this->message = $line;
 
 	    // TLS connection
 	    if ($this->prefs['ssl_mode'] == 'tls' && $this->getCapability('STARTTLS')) {
@@ -757,11 +757,13 @@
                	$res = $this->execute('STARTTLS');
 
                 if ($res[0] != self::ERROR_OK) {
+                    $this->close();
                     return false;
                 }
 
 			    if (!stream_socket_enable_crypto($this->fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
 				    $this->set_error(self::ERROR_BAD, "Unable to negotiate TLS");
+                    $this->close();
 				    return false;
 			    }
 
@@ -790,6 +792,12 @@
 		    }
 	    }
         else {
+            // Prevent from sending credentials in plain text when connection is not secure
+		    if ($auth_method == 'LOGIN' && $this->getCapability('LOGINDISABLED')) {
+			    $this->set_error(self::ERROR_BAD, "Login disabled by IMAP server");
+                $this->close();
+			    return false;
+            }
             // replace AUTH with CRAM-MD5 for backward compat.
             $auth_methods[] = $auth_method == 'AUTH' ? 'CRAM-MD5' : $auth_method;
         }
@@ -829,10 +837,9 @@
         }
 
         // Close connection
-        @fclose($this->fp);
-        $this->fp = false;
+        $this->close();
 
-	    return false;
+        return false;
     }
 
     function connected()
@@ -842,10 +849,10 @@
 
     function close()
     {
-	    if ($this->logged && $this->putLine($this->next_tag() . ' LOGOUT')) {
-		    if (!feof($this->fp))
-			    fgets($this->fp, 1024);
-	    }
+	    if ($this->putLine($this->next_tag() . ' LOGOUT')) {
+    	    $this->readReply();
+        }
+
 		@fclose($this->fp);
 		$this->fp = false;
     }

--
Gitblit v1.9.1