summaryrefslogtreecommitdiffstats
path: root/comm/mail/components/accountcreation/GuessConfig.jsm
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--comm/mail/components/accountcreation/GuessConfig.jsm1317
1 files changed, 1317 insertions, 0 deletions
diff --git a/comm/mail/components/accountcreation/GuessConfig.jsm b/comm/mail/components/accountcreation/GuessConfig.jsm
new file mode 100644
index 0000000000..3d590311d9
--- /dev/null
+++ b/comm/mail/components/accountcreation/GuessConfig.jsm
@@ -0,0 +1,1317 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const EXPORTED_SYMBOLS = ["GuessConfig"];
+
+const { AccountCreationUtils } = ChromeUtils.import(
+ "resource:///modules/accountcreation/AccountCreationUtils.jsm"
+);
+const lazy = {};
+ChromeUtils.defineModuleGetter(
+ lazy,
+ "AccountConfig",
+ "resource:///modules/accountcreation/AccountConfig.jsm"
+);
+ChromeUtils.defineModuleGetter(
+ lazy,
+ "Sanitizer",
+ "resource:///modules/accountcreation/Sanitizer.jsm"
+);
+
+const { setTimeout } = ChromeUtils.importESModule(
+ "resource://gre/modules/Timer.sys.mjs"
+);
+
+const {
+ Abortable,
+ alertPrompt,
+ assert,
+ CancelledException,
+ ddump,
+ deepCopy,
+ Exception,
+ gAccountSetupLogger,
+ getStringBundle,
+ NotReached,
+ UserCancelledException,
+} = AccountCreationUtils;
+
+/**
+ * Try to guess the config, by:
+ * - guessing hostnames (pop3.<domain>, pop.<domain>, imap.<domain>,
+ * mail.<domain> etc.)
+ * - probing known ports (for IMAP, POP3 etc., with SSL, STARTTLS etc.)
+ * - opening a connection via the right protocol and checking the
+ * protocol-specific CAPABILITIES like that the server returns.
+ *
+ * Final verification is not done here, but in verifyConfig().
+ *
+ * This function is async.
+ *
+ * @param domain {String} the domain part of the email address
+ * @param progressCallback {function(type, hostname, port, socketType, done)}
+ * Called when we try a new hostname/port.
+ * type {String-enum} @see AccountConfig type - "imap", "pop3", "smtp"
+ * hostname {String}
+ * port {Integer}
+ * socketType {nsMsgSocketType} @see MailNewsTypes2.idl
+ * 0 = plain, 2 = STARTTLS, 3 = SSL
+ * done {Boolean} false, if we start probing this host/port, true if we're
+ * done and the host is good. (there is no notification when a host is
+ * bad, we'll just tell about the next host tried)
+ * @param successCallback {function(config {AccountConfig})}
+ * Called when we could guess the config.
+ * param accountConfig {AccountConfig} The guessed account config.
+ * username, password, realname, emailaddress etc. are not filled out,
+ * but placeholders to be filled out via replaceVariables().
+ * @param errorCallback function(ex)
+ * Called when we could guess not the config, either
+ * because we have not found anything or
+ * because there was an error (e.g. no network connection).
+ * The ex.message will contain a user-presentable message.
+ * @param resultConfig {AccountConfig} (optional)
+ * A config which may be partially filled in. If so, it will be used as base
+ * for the guess.
+ * @param which {String-enum} (optional) "incoming", "outgoing", or "both".
+ * Default "both". Whether to guess only the incoming or outgoing server.
+ * @result {Abortable} Allows you to cancel the guess
+ */
+function guessConfig(
+ domain,
+ progressCallback,
+ successCallback,
+ errorCallback,
+ resultConfig,
+ which
+) {
+ assert(typeof progressCallback == "function", "need progressCallback");
+ assert(typeof successCallback == "function", "need successCallback");
+ assert(typeof errorCallback == "function", "need errorCallback");
+
+ // Servers that we know enough that they support OAuth2 do not need guessing.
+ if (resultConfig.incoming.auth == Ci.nsMsgAuthMethod.OAuth2) {
+ successCallback(resultConfig);
+ return new Abortable();
+ }
+
+ if (!resultConfig) {
+ resultConfig = new lazy.AccountConfig();
+ }
+ resultConfig.source = lazy.AccountConfig.kSourceGuess;
+
+ if (!which) {
+ which = "both";
+ }
+
+ if (!Services.prefs.getBoolPref("mailnews.auto_config.guess.enabled")) {
+ errorCallback("Guessing config disabled per user preference");
+ return new Abortable();
+ }
+
+ var incomingHostDetector = null;
+ var outgoingHostDetector = null;
+ var incomingEx = null; // if incoming had error, store ex here
+ var outgoingEx = null; // if incoming had error, store ex here
+ var incomingDone = which == "outgoing";
+ var outgoingDone = which == "incoming";
+ // If we're offline, we're going to pick the most common settings.
+ // (Not the "best" settings, but common).
+ if (Services.io.offline) {
+ // TODO: don't do this. Bug 599173.
+ resultConfig.source = lazy.AccountConfig.kSourceUser;
+ resultConfig.incoming.hostname = "mail." + domain;
+ resultConfig.incoming.username = resultConfig.identity.emailAddress;
+ resultConfig.outgoing.username = resultConfig.identity.emailAddress;
+ resultConfig.incoming.type = "imap";
+ resultConfig.incoming.port = 143;
+ resultConfig.incoming.socketType = Ci.nsMsgSocketType.alwaysSTARTTLS;
+ resultConfig.incoming.auth = Ci.nsMsgAuthMethod.passwordCleartext;
+ resultConfig.outgoing.hostname = "smtp." + domain;
+ resultConfig.outgoing.socketType = Ci.nsMsgSocketType.alwaysSTARTTLS;
+ resultConfig.outgoing.port = 587;
+ resultConfig.outgoing.auth = Ci.nsMsgAuthMethod.passwordCleartext;
+ resultConfig.incomingAlternatives.push({
+ hostname: "mail." + domain,
+ username: resultConfig.identity.emailAddress,
+ type: "pop3",
+ port: 110,
+ socketType: Ci.nsMsgSocketType.alwaysSTARTTLS,
+ auth: Ci.nsMsgAuthMethod.passwordCleartext,
+ });
+ successCallback(resultConfig);
+ return new Abortable();
+ }
+ var progress = function (thisTry) {
+ progressCallback(
+ protocolToString(thisTry.protocol),
+ thisTry.hostname,
+ thisTry.port,
+ thisTry.socketType,
+ false,
+ resultConfig
+ );
+ };
+
+ var checkDone = function () {
+ if (incomingEx) {
+ try {
+ errorCallback(incomingEx, resultConfig);
+ } catch (e) {
+ console.error(e);
+ alertPrompt("Error in errorCallback for guessConfig()", e);
+ }
+ return;
+ }
+ if (outgoingEx) {
+ try {
+ errorCallback(outgoingEx, resultConfig);
+ } catch (e) {
+ console.error(e);
+ alertPrompt("Error in errorCallback for guessConfig()", e);
+ }
+ return;
+ }
+ if (incomingDone && outgoingDone) {
+ try {
+ successCallback(resultConfig);
+ } catch (e) {
+ try {
+ errorCallback(e);
+ } catch (e) {
+ console.error(e);
+ alertPrompt("Error in errorCallback for guessConfig()", e);
+ }
+ }
+ }
+ };
+
+ var logger = gAccountSetupLogger;
+ var HostTryToAccountServer = function (thisTry, server) {
+ server.type = protocolToString(thisTry.protocol);
+ server.hostname = thisTry.hostname;
+ server.port = thisTry.port;
+ server.socketType = thisTry.socketType;
+ server.auth =
+ thisTry.authMethod || chooseBestAuthMethod(thisTry.authMethods);
+ server.authAlternatives = thisTry.authMethods;
+ // TODO
+ // cert is also bad when targetSite is set. (Same below for incoming.)
+ // Fix SSLErrorHandler and security warning dialog in accountSetup.js.
+ server.badCert = thisTry.selfSignedCert;
+ server.targetSite = thisTry.targetSite;
+ logger.info(
+ "CHOOSING " +
+ server.type +
+ " " +
+ server.hostname +
+ ":" +
+ server.port +
+ ", auth method " +
+ server.auth +
+ (server.authAlternatives.length
+ ? " " + server.authAlternatives.join(",")
+ : "") +
+ ", socketType " +
+ server.socketType +
+ (server.badCert ? " (bad cert!)" : "")
+ );
+ };
+
+ var outgoingSuccess = function (thisTry, alternativeTries) {
+ assert(thisTry.protocol == SMTP, "I only know SMTP for outgoing");
+ // Ensure there are no previously saved outgoing errors, if we've got
+ // success here.
+ outgoingEx = null;
+ HostTryToAccountServer(thisTry, resultConfig.outgoing);
+
+ for (let alternativeTry of alternativeTries) {
+ // resultConfig.createNewOutgoing(); misses username etc., so copy
+ let altServer = deepCopy(resultConfig.outgoing);
+ HostTryToAccountServer(alternativeTry, altServer);
+ assert(resultConfig.outgoingAlternatives);
+ resultConfig.outgoingAlternatives.push(altServer);
+ }
+
+ progressCallback(
+ resultConfig.outgoing.type,
+ resultConfig.outgoing.hostname,
+ resultConfig.outgoing.port,
+ resultConfig.outgoing.socketType,
+ true,
+ resultConfig
+ );
+ outgoingDone = true;
+ checkDone();
+ };
+
+ var incomingSuccess = function (thisTry, alternativeTries) {
+ // Ensure there are no previously saved incoming errors, if we've got
+ // success here.
+ incomingEx = null;
+ HostTryToAccountServer(thisTry, resultConfig.incoming);
+
+ for (let alternativeTry of alternativeTries) {
+ // resultConfig.createNewIncoming(); misses username etc., so copy
+ let altServer = deepCopy(resultConfig.incoming);
+ HostTryToAccountServer(alternativeTry, altServer);
+ assert(resultConfig.incomingAlternatives);
+ resultConfig.incomingAlternatives.push(altServer);
+ }
+
+ progressCallback(
+ resultConfig.incoming.type,
+ resultConfig.incoming.hostname,
+ resultConfig.incoming.port,
+ resultConfig.incoming.socketType,
+ true,
+ resultConfig
+ );
+ incomingDone = true;
+ checkDone();
+ };
+
+ var incomingError = function (ex) {
+ incomingEx = ex;
+ checkDone();
+ incomingHostDetector.cancel(new CancelOthersException());
+ outgoingHostDetector.cancel(new CancelOthersException());
+ };
+
+ var outgoingError = function (ex) {
+ outgoingEx = ex;
+ checkDone();
+ incomingHostDetector.cancel(new CancelOthersException());
+ outgoingHostDetector.cancel(new CancelOthersException());
+ };
+
+ incomingHostDetector = new IncomingHostDetector(
+ progress,
+ incomingSuccess,
+ incomingError
+ );
+ outgoingHostDetector = new OutgoingHostDetector(
+ progress,
+ outgoingSuccess,
+ outgoingError
+ );
+ if (which == "incoming" || which == "both") {
+ incomingHostDetector.start(
+ resultConfig.incoming.hostname ? resultConfig.incoming.hostname : domain,
+ !!resultConfig.incoming.hostname,
+ resultConfig.incoming.type,
+ resultConfig.incoming.port,
+ resultConfig.incoming.socketType,
+ resultConfig.incoming.auth
+ );
+ }
+ if (which == "outgoing" || which == "both") {
+ outgoingHostDetector.start(
+ resultConfig.outgoing.hostname ? resultConfig.outgoing.hostname : domain,
+ !!resultConfig.outgoing.hostname,
+ "smtp",
+ resultConfig.outgoing.port,
+ resultConfig.outgoing.socketType,
+ resultConfig.outgoing.auth
+ );
+ }
+
+ return new GuessAbortable(incomingHostDetector, outgoingHostDetector);
+}
+
+function GuessAbortable(incomingHostDetector, outgoingHostDetector) {
+ Abortable.call(this);
+ this._incomingHostDetector = incomingHostDetector;
+ this._outgoingHostDetector = outgoingHostDetector;
+}
+GuessAbortable.prototype = Object.create(Abortable.prototype);
+GuessAbortable.prototype.constructor = GuessAbortable;
+GuessAbortable.prototype.cancel = function (ex) {
+ this._incomingHostDetector.cancel(ex);
+ this._outgoingHostDetector.cancel(ex);
+};
+
+// --------------
+// Implementation
+
+// Objects, functions and constants that follow are not to be used outside
+// this file.
+var kNotTried = 0;
+var kOngoing = 1;
+var kFailed = 2;
+var kSuccess = 3;
+
+/**
+ * Internal object holding one server that we should try or did try.
+ * Used as |thisTry|.
+ *
+ * Note: The consts it uses for protocol is defined towards the end of this file
+ * and not the same as those used in AccountConfig (type). (fix
+ * this)
+ */
+function HostTry() {}
+HostTry.prototype = {
+ // IMAP, POP or SMTP
+ protocol: UNKNOWN,
+ // {String}
+ hostname: undefined,
+ // {Integer}
+ port: undefined,
+ // {nsMsgSocketType}
+ socketType: UNKNOWN,
+ // {String} what to send to server
+ commands: null,
+ // {Integer-enum} kNotTried, kOngoing, kFailed or kSuccess
+ status: kNotTried,
+ // {Abortable} allows to cancel the socket comm
+ abortable: null,
+
+ // {Array of {Integer-enum}} @see _advertisesAuthMethods() result
+ // Info about the server, from the protocol and SSL chat
+ authMethods: null,
+ // {String} Whether the SSL cert is not from a proper CA
+ selfSignedCert: false,
+ // {String} Which host the SSL cert is made for, if not hostname.
+ // If set, this is an SSL error.
+ targetSite: null,
+};
+
+/**
+ * When the success or errorCallbacks are called to abort the other requests
+ * which happened in parallel, this ex is used as param for cancel(), so that
+ * the cancel doesn't trigger another callback.
+ */
+function CancelOthersException() {
+ CancelledException.call(this, "we're done, cancelling the other probes");
+}
+CancelOthersException.prototype = Object.create(CancelledException.prototype);
+CancelOthersException.prototype.constructor = CancelOthersException;
+
+/**
+ * @param successCallback {function(result {HostTry}, alts {Array of HostTry})}
+ * Called when the config is OK
+ * |result| is the most preferred server.
+ * |alts| currently exists only for |IncomingHostDetector| and contains
+ * some servers of the other type (POP3 instead of IMAP), if available.
+ * @param errorCallback {function(ex)} Called when we could not find a config
+ * @param progressCallback { function(server {HostTry}) } Called when we tried
+ * (will try?) a new hostname and port
+ */
+function HostDetector(progressCallback, successCallback, errorCallback) {
+ this.mSuccessCallback = successCallback;
+ this.mProgressCallback = progressCallback;
+ this.mErrorCallback = errorCallback;
+ this._cancel = false;
+ // {Array of {HostTry}}, ordered by decreasing preference
+ this._hostsToTry = [];
+
+ // init logging
+ this._log = gAccountSetupLogger;
+ this._log.info("created host detector");
+}
+
+HostDetector.prototype = {
+ cancel(ex) {
+ this._cancel = true;
+ // We have to actively stop the network calls, as they may result in
+ // callbacks e.g. to the cert handler. If the dialog is gone by the time
+ // this happens, the javascript stack is horked.
+ for (let i = 0; i < this._hostsToTry.length; i++) {
+ let thisTry = this._hostsToTry[i]; // {HostTry}
+ if (thisTry.abortable) {
+ thisTry.abortable.cancel(ex);
+ }
+ thisTry.status = kFailed; // or don't set? Maybe we want to continue.
+ }
+ if (ex instanceof CancelOthersException) {
+ return;
+ }
+ if (!ex) {
+ ex = new CancelledException();
+ }
+ this.mErrorCallback(ex);
+ },
+
+ /**
+ * Start the detection.
+ *
+ * @param {string} domain - Domain to be used as base for guessing.
+ * Should be a domain (e.g. yahoo.co.uk).
+ * If hostIsPrecise == true, it should be a full hostname.
+ * @param {boolean} hostIsPrecise - If true, use only this hostname,
+ * do not guess hostnames.
+ * @param {"pop3"|"imap"|"exchange"|"smtp"|""} - Account type.
+ * @param {integer} port - The port to use. 0 to autodetect
+ * @param {nsMsgSocketType|-1} socketType - Socket type. -1 to autodetect.
+ * @param {nsMsgAuthMethod|0} authMethod - Authentication method. 0 to autodetect.
+ */
+ start(domain, hostIsPrecise, type, port, socketType, authMethod) {
+ domain = domain.replace(/\s*/g, ""); // Remove whitespace
+ if (!hostIsPrecise) {
+ hostIsPrecise = false;
+ }
+ var protocol = lazy.Sanitizer.translate(
+ type,
+ { imap: IMAP, pop3: POP, smtp: SMTP },
+ UNKNOWN
+ );
+ if (!port) {
+ port = UNKNOWN;
+ }
+ var ssl_only = Services.prefs.getBoolPref(
+ "mailnews.auto_config.guess.sslOnly"
+ );
+ this._cancel = false;
+ this._log.info(
+ `Starting ${protocol} detection on ${
+ !hostIsPrecise ? "~ " : ""
+ }${domain}:${port} with socketType=${socketType} and authMethod=${authMethod}`
+ );
+
+ // fill this._hostsToTry
+ this._hostsToTry = [];
+ var hostnamesToTry = [];
+ // if hostIsPrecise is true, it's because that's what the user input
+ // explicitly, and we'll just try it, nothing else.
+ if (hostIsPrecise) {
+ hostnamesToTry.push(domain);
+ } else {
+ hostnamesToTry = this._hostnamesToTry(protocol, domain);
+ }
+
+ for (let i = 0; i < hostnamesToTry.length; i++) {
+ let hostname = hostnamesToTry[i];
+ let hostEntries = this._portsToTry(hostname, protocol, socketType, port);
+ for (let j = 0; j < hostEntries.length; j++) {
+ let hostTry = hostEntries[j]; // from getHostEntry()
+ if (ssl_only && hostTry.socketType == NONE) {
+ continue;
+ }
+ hostTry.hostname = hostname;
+ hostTry.status = kNotTried;
+ hostTry.desc =
+ hostTry.hostname +
+ ":" +
+ hostTry.port +
+ " socketType=" +
+ hostTry.socketType +
+ " " +
+ protocolToString(hostTry.protocol);
+ hostTry.authMethod = authMethod;
+ this._hostsToTry.push(hostTry);
+ }
+ }
+
+ this._hostsToTry = sortTriesByPreference(this._hostsToTry);
+ this._tryAll();
+ },
+
+ // We make all host/port combinations run in parallel, store their
+ // results in an array, and as soon as one finishes successfully and all
+ // higher-priority ones have failed, we abort all lower-priority ones.
+
+ _tryAll() {
+ if (this._cancel) {
+ return;
+ }
+ var me = this;
+ var timeout = Services.prefs.getIntPref(
+ "mailnews.auto_config.guess.timeout"
+ );
+ // We assume we'll resolve the same proxy for all tries, and
+ // proceed to use the first resolved proxy for all tries. This
+ // assumption is generally sound, but not always: mechanisms like
+ // the pref network.proxy.no_proxies_on can make imap.domain and
+ // pop.domain resolve differently.
+ doProxy(this._hostsToTry[0].hostname, function (proxy) {
+ for (let i = 0; i < me._hostsToTry.length; i++) {
+ let thisTry = me._hostsToTry[i]; // {HostTry}
+ if (thisTry.status != kNotTried) {
+ continue;
+ }
+ me._log.info(thisTry.desc + ": initializing probe...");
+ if (i == 0) {
+ // showing 50 servers at once is pointless
+ me.mProgressCallback(thisTry);
+ }
+
+ thisTry.abortable = SocketUtil(
+ thisTry.hostname,
+ thisTry.port,
+ thisTry.socketType,
+ thisTry.commands,
+ timeout,
+ proxy,
+ new SSLErrorHandler(thisTry, me._log),
+ function (wiredata) {
+ // result callback
+ if (me._cancel) {
+ // Don't use response anymore.
+ return;
+ }
+ me.mProgressCallback(thisTry);
+ me._processResult(thisTry, wiredata);
+ me._checkFinished();
+ },
+ function (e) {
+ // error callback
+ if (me._cancel) {
+ // Who set cancel to true already called mErrorCallback().
+ return;
+ }
+ me._log.warn(thisTry.desc + ": " + e);
+ thisTry.status = kFailed;
+ me._checkFinished();
+ }
+ );
+ thisTry.status = kOngoing;
+ }
+ });
+ },
+
+ /**
+ * @param {HostTry} thisTry
+ * @param {string[]} wiredata - What the server returned in response to our protocol chat.
+ */
+ _processResult(thisTry, wiredata) {
+ if (thisTry._gotCertError) {
+ if (thisTry._gotCertError == Ci.nsICertOverrideService.ERROR_MISMATCH) {
+ thisTry._gotCertError = 0;
+ thisTry.status = kFailed;
+ return;
+ }
+
+ if (
+ thisTry._gotCertError == Ci.nsICertOverrideService.ERROR_UNTRUSTED ||
+ thisTry._gotCertError == Ci.nsICertOverrideService.ERROR_TIME
+ ) {
+ this._log.info(
+ thisTry.desc + ": TRYING AGAIN, hopefully with exception recorded"
+ );
+ thisTry._gotCertError = 0;
+ thisTry.selfSignedCert = true; // _next_ run gets this exception
+ thisTry.status = kNotTried; // try again (with exception)
+ this._tryAll();
+ return;
+ }
+ }
+
+ if (wiredata == null || wiredata === undefined) {
+ this._log.info(thisTry.desc + ": no data");
+ thisTry.status = kFailed;
+ return;
+ }
+ this._log.info(thisTry.desc + ": wiredata: " + wiredata.join(""));
+ thisTry.authMethods = this._advertisesAuthMethods(
+ thisTry.protocol,
+ wiredata
+ );
+ if (
+ thisTry.socketType == STARTTLS &&
+ !this._hasSTARTTLS(thisTry, wiredata)
+ ) {
+ this._log.info(thisTry.desc + ": STARTTLS wanted, but not offered");
+ thisTry.status = kFailed;
+ return;
+ }
+ this._log.info(
+ thisTry.desc +
+ ": success" +
+ (thisTry.selfSignedCert ? " (selfSignedCert)" : "")
+ );
+ thisTry.status = kSuccess;
+
+ if (thisTry.selfSignedCert) {
+ // eh, ERROR_UNTRUSTED or ERROR_TIME
+ // We clear the temporary override now after success. If we clear it
+ // earlier we get into an infinite loop, probably because the cert
+ // remembering is temporary and the next try gets a new connection which
+ // isn't covered by that temporariness.
+ this._log.info(
+ thisTry.desc + ": clearing validity override for " + thisTry.hostname
+ );
+ Cc["@mozilla.org/security/certoverride;1"]
+ .getService(Ci.nsICertOverrideService)
+ .clearValidityOverride(thisTry.hostname, thisTry.port, {});
+ }
+ },
+
+ _checkFinished() {
+ var successfulTry = null;
+ var successfulTryAlternative = null; // POP3
+ var unfinishedBusiness = false;
+ // this._hostsToTry is ordered by decreasing preference
+ for (let i = 0; i < this._hostsToTry.length; i++) {
+ let thisTry = this._hostsToTry[i];
+ if (thisTry.status == kNotTried || thisTry.status == kOngoing) {
+ unfinishedBusiness = true;
+ } else if (thisTry.status == kSuccess && !unfinishedBusiness) {
+ // thisTry is good, and all higher preference tries failed, so use this
+ if (!successfulTry) {
+ successfulTry = thisTry;
+ if (successfulTry.protocol == SMTP) {
+ break;
+ }
+ } else if (successfulTry.protocol != thisTry.protocol) {
+ successfulTryAlternative = thisTry;
+ break;
+ }
+ }
+ }
+ if (successfulTry && (successfulTryAlternative || !unfinishedBusiness)) {
+ this.mSuccessCallback(
+ successfulTry,
+ successfulTryAlternative ? [successfulTryAlternative] : []
+ );
+ this.cancel(new CancelOthersException());
+ } else if (!unfinishedBusiness) {
+ // all failed
+ this._log.info("ran out of options");
+ var errorMsg = getStringBundle(
+ "chrome://messenger/locale/accountCreationModel.properties"
+ ).GetStringFromName("cannot_find_server.error");
+ this.mErrorCallback(new Exception(errorMsg));
+ // no need to cancel, all failed
+ }
+ // else let ongoing calls continue
+ },
+
+ /**
+ * Which auth mechanism the server claims to support.
+ * That doesn't necessarily reflect reality, it is more an upper bound.
+ *
+ * @param {integer} protocol - IMAP, POP or SMTP
+ * @param {string[]} capaResponse - On the wire data that the server returned.
+ * May be the full exchange or just capa.
+ * @returns {nsMsgAuthMethod[]} Advertised authentication methods,
+ * in decreasing order of preference.
+ * E.g. [ nsMsgAuthMethod.GSSAPI, nsMsgAuthMethod.passwordEncrypted ]
+ * for a server that supports only Kerberos and encrypted passwords.
+ */
+ _advertisesAuthMethods(protocol, capaResponse) {
+ // For IMAP, capabilities include e.g.:
+ // "AUTH=CRAM-MD5", "AUTH=NTLM", "AUTH=GSSAPI", "AUTH=MSN", "AUTH=PLAIN"
+ // for POP3, the auth mechanisms are returned in capa as the following:
+ // "CRAM-MD5", "NTLM", "MSN", "GSSAPI"
+ // For SMTP, EHLO will return AUTH and then a list of the
+ // mechanism(s) supported, e.g.,
+ // AUTH LOGIN NTLM MSN CRAM-MD5 GSSAPI
+ var supported = new Set();
+ var line = capaResponse.join("\n").toUpperCase();
+ var prefix = "";
+ if (protocol == POP) {
+ prefix = "";
+ } else if (protocol == IMAP) {
+ prefix = "AUTH=";
+ } else if (protocol == SMTP) {
+ prefix = "AUTH.*";
+ } else {
+ throw NotReached("must pass protocol");
+ }
+ // add in decreasing order of preference
+ if (new RegExp(prefix + "GSSAPI").test(line)) {
+ supported.add(Ci.nsMsgAuthMethod.GSSAPI);
+ }
+ if (new RegExp(prefix + "CRAM-MD5").test(line)) {
+ supported.add(Ci.nsMsgAuthMethod.passwordEncrypted);
+ }
+ if (new RegExp(prefix + "(NTLM|MSN)").test(line)) {
+ supported.add(Ci.nsMsgAuthMethod.NTLM);
+ }
+ if (new RegExp(prefix + "LOGIN").test(line)) {
+ supported.add(Ci.nsMsgAuthMethod.passwordCleartext);
+ }
+ if (new RegExp(prefix + "PLAIN").test(line)) {
+ supported.add(Ci.nsMsgAuthMethod.passwordCleartext);
+ }
+ if (protocol != IMAP || !line.includes("LOGINDISABLED")) {
+ supported.add(Ci.nsMsgAuthMethod.passwordCleartext);
+ }
+ // The array elements will be in the Set's order of addition.
+ return Array.from(supported);
+ },
+
+ _hasSTARTTLS(thisTry, wiredata) {
+ var capa = thisTry.protocol == POP ? "STLS" : "STARTTLS";
+ return (
+ thisTry.socketType == STARTTLS &&
+ wiredata.join("").toUpperCase().includes(capa)
+ );
+ },
+};
+
+/**
+ * @param {nsMsgAuthMethod[]} authMethods - Authentication methods to choose from.
+ * See return value of _advertisesAuthMethods()
+ * Note: the returned auth method will be removed from the array.
+ * @returns {nsMsgAuthMethod} one of them, the preferred one
+ * Note: this might be Kerberos, which might not actually work,
+ * so you might need to try the others, too.
+ */
+function chooseBestAuthMethod(authMethods) {
+ if (!authMethods || !authMethods.length) {
+ return Ci.nsMsgAuthMethod.passwordCleartext;
+ }
+ return authMethods.shift(); // take first (= most preferred)
+}
+
+function IncomingHostDetector(
+ progressCallback,
+ successCallback,
+ errorCallback
+) {
+ HostDetector.call(this, progressCallback, successCallback, errorCallback);
+}
+IncomingHostDetector.prototype = {
+ __proto__: HostDetector.prototype,
+ _hostnamesToTry(protocol, domain) {
+ var hostnamesToTry = [];
+ if (protocol != POP) {
+ hostnamesToTry.push("imap." + domain);
+ }
+ if (protocol != IMAP) {
+ hostnamesToTry.push("pop3." + domain);
+ hostnamesToTry.push("pop." + domain);
+ }
+ hostnamesToTry.push("mail." + domain);
+ hostnamesToTry.push(domain);
+ return hostnamesToTry;
+ },
+ _portsToTry: getIncomingTryOrder,
+};
+
+function OutgoingHostDetector(
+ progressCallback,
+ successCallback,
+ errorCallback
+) {
+ HostDetector.call(this, progressCallback, successCallback, errorCallback);
+}
+OutgoingHostDetector.prototype = {
+ __proto__: HostDetector.prototype,
+ _hostnamesToTry(protocol, domain) {
+ var hostnamesToTry = [];
+ hostnamesToTry.push("smtp." + domain);
+ hostnamesToTry.push("mail." + domain);
+ hostnamesToTry.push(domain);
+ return hostnamesToTry;
+ },
+ _portsToTry: getOutgoingTryOrder,
+};
+
+// ---------------------------------------------
+// Encode protocol ports and order of preference
+
+// Protocol Types
+var UNKNOWN = -1;
+var IMAP = 0;
+var POP = 1;
+var SMTP = 2;
+// Security Types
+var NONE = Ci.nsMsgSocketType.plain;
+var STARTTLS = Ci.nsMsgSocketType.alwaysSTARTTLS;
+var SSL = Ci.nsMsgSocketType.SSL;
+
+var IMAP_PORTS = {};
+IMAP_PORTS[NONE] = 143;
+IMAP_PORTS[STARTTLS] = 143;
+IMAP_PORTS[SSL] = 993;
+
+var POP_PORTS = {};
+POP_PORTS[NONE] = 110;
+POP_PORTS[STARTTLS] = 110;
+POP_PORTS[SSL] = 995;
+
+var SMTP_PORTS = {};
+SMTP_PORTS[NONE] = 587;
+SMTP_PORTS[STARTTLS] = 587;
+SMTP_PORTS[SSL] = 465;
+
+var CMDS = {};
+CMDS[IMAP] = ["1 CAPABILITY\r\n", "2 LOGOUT\r\n"];
+CMDS[POP] = ["CAPA\r\n", "QUIT\r\n"];
+CMDS[SMTP] = ["EHLO we-guess.mozilla.org\r\n", "QUIT\r\n"];
+
+/**
+ * Sort by preference of SSL, IMAP etc.
+ *
+ * @param tries {Array of {HostTry}}
+ * @returns {Array of {HostTry}}
+ */
+function sortTriesByPreference(tries) {
+ return tries.sort(function (a, b) {
+ // -1 = a is better; 1 = b is better; 0 = equal
+ // Prefer SSL/STARTTLS above all else
+ if (a.socketType != NONE && b.socketType == NONE) {
+ return -1;
+ }
+ if (b.socketType != NONE && a.socketType == NONE) {
+ return 1;
+ }
+ // Prefer IMAP over POP
+ if (a.protocol == IMAP && b.protocol == POP) {
+ return -1;
+ }
+ if (b.protocol == IMAP && a.protocol == POP) {
+ return 1;
+ }
+ // Prefer SSL/TLS over STARTTLS
+ if (a.socketType == SSL && b.socketType == STARTTLS) {
+ return -1;
+ }
+ if (a.socketType == STARTTLS && b.socketType == SSL) {
+ return 1;
+ }
+ // For hostnames, leave existing sorting, as in _hostnamesToTry()
+ // For ports, leave existing sorting, as in getOutgoingTryOrder()
+ return 0;
+ });
+}
+
+/**
+ * @returns {HostTry[]} Hosts to try.
+ */
+function getIncomingTryOrder(host, protocol, socketType, port) {
+ var lowerCaseHost = host.toLowerCase();
+
+ if (
+ protocol == UNKNOWN &&
+ (lowerCaseHost.startsWith("pop.") || lowerCaseHost.startsWith("pop3."))
+ ) {
+ protocol = POP;
+ } else if (protocol == UNKNOWN && lowerCaseHost.startsWith("imap.")) {
+ protocol = IMAP;
+ }
+
+ if (protocol != UNKNOWN) {
+ if (socketType == UNKNOWN) {
+ return [
+ getHostEntry(protocol, STARTTLS, port),
+ getHostEntry(protocol, SSL, port),
+ getHostEntry(protocol, NONE, port),
+ ];
+ }
+ return [getHostEntry(protocol, socketType, port)];
+ }
+ if (socketType == UNKNOWN) {
+ return [
+ getHostEntry(IMAP, STARTTLS, port),
+ getHostEntry(IMAP, SSL, port),
+ getHostEntry(POP, STARTTLS, port),
+ getHostEntry(POP, SSL, port),
+ getHostEntry(IMAP, NONE, port),
+ getHostEntry(POP, NONE, port),
+ ];
+ }
+ return [
+ getHostEntry(IMAP, socketType, port),
+ getHostEntry(POP, socketType, port),
+ ];
+}
+
+/**
+ * @returns {Array of {HostTry}}
+ */
+function getOutgoingTryOrder(host, protocol, socketType, port) {
+ assert(protocol == SMTP, "need SMTP as protocol for outgoing");
+ if (socketType == UNKNOWN) {
+ if (port == UNKNOWN) {
+ // neither SSL nor port known
+ return [
+ getHostEntry(SMTP, STARTTLS, UNKNOWN),
+ getHostEntry(SMTP, STARTTLS, 25),
+ getHostEntry(SMTP, SSL, UNKNOWN),
+ getHostEntry(SMTP, NONE, UNKNOWN),
+ getHostEntry(SMTP, NONE, 25),
+ ];
+ }
+ // port known, SSL not
+ return [
+ getHostEntry(SMTP, STARTTLS, port),
+ getHostEntry(SMTP, SSL, port),
+ getHostEntry(SMTP, NONE, port),
+ ];
+ }
+ // SSL known, port not
+ if (port == UNKNOWN) {
+ if (socketType == SSL) {
+ return [getHostEntry(SMTP, SSL, UNKNOWN)];
+ }
+ return [
+ getHostEntry(SMTP, socketType, UNKNOWN),
+ getHostEntry(SMTP, socketType, 25),
+ ];
+ }
+ // SSL and port known
+ return [getHostEntry(SMTP, socketType, port)];
+}
+
+/**
+ * @returns {HostTry} with proper default port and commands,
+ * but without hostname.
+ */
+function getHostEntry(protocol, socketType, port) {
+ if (!port || port == UNKNOWN) {
+ switch (protocol) {
+ case POP:
+ port = POP_PORTS[socketType];
+ break;
+ case IMAP:
+ port = IMAP_PORTS[socketType];
+ break;
+ case SMTP:
+ port = SMTP_PORTS[socketType];
+ break;
+ default:
+ throw new NotReached("unsupported protocol " + protocol);
+ }
+ }
+
+ var r = new HostTry();
+ r.protocol = protocol;
+ r.socketType = socketType;
+ r.port = port;
+ r.commands = CMDS[protocol];
+ return r;
+}
+
+// here -> AccountConfig
+function protocolToString(type) {
+ if (type == IMAP) {
+ return "imap";
+ }
+ if (type == POP) {
+ return "pop3";
+ }
+ if (type == SMTP) {
+ return "smtp";
+ }
+ throw new NotReached("unexpected protocol");
+}
+
+// ----------------------
+// SSL cert error handler
+
+/**
+ * @param thisTry {HostTry}
+ * @param logger {ConsoleAPI}
+ */
+function SSLErrorHandler(thisTry, logger) {
+ this._try = thisTry;
+ this._log = logger;
+ // _ gotCertError will be set to an error code (one of those defined in
+ // nsICertOverrideService)
+ this._gotCertError = 0;
+}
+SSLErrorHandler.prototype = {
+ processCertError(secInfo, targetSite) {
+ this._log.error("Got Cert error for " + targetSite);
+
+ if (!secInfo) {
+ return;
+ }
+
+ let cert = secInfo.serverCert;
+
+ let parts = targetSite.split(":");
+ let host = parts[0];
+ let port = parts[1];
+
+ /* The following 2 cert problems are unfortunately common:
+ * 1) hostname mismatch:
+ * user is customer at a domain hoster, he owns yourname.org,
+ * and the IMAP server is imap.hoster.com (but also reachable as
+ * imap.yourname.org), and has a cert for imap.hoster.com.
+ * 2) self-signed:
+ * a company has an internal IMAP server, and it's only for
+ * 30 employees, and they didn't want to buy a cert, so
+ * they use a self-signed cert.
+ *
+ * We would like the above to pass, somehow, with user confirmation.
+ * The following case should *not* pass:
+ *
+ * 1) MITM
+ * User has @gmail.com, and an attacker is between the user and
+ * the Internet and runs a man-in-the-middle (MITM) attack.
+ * Attacker controls DNS and sends imap.gmail.com to his own
+ * imap.attacker.com. He has either a valid, CA-issued
+ * cert for imap.attacker.com, or a self-signed cert.
+ * Of course, attacker.com could also be legit-sounding gmailservers.com.
+ *
+ * What makes it dangerous is that we (!) propose the server to the user,
+ * and he cannot judge whether imap.gmailservers.com is correct or not,
+ * and he will likely approve it.
+ */
+
+ if (secInfo.isDomainMismatch) {
+ this._try._gotCertError = Ci.nsICertOverrideService.ERROR_MISMATCH;
+ } else if (secInfo.isUntrusted) {
+ // e.g. self-signed
+ this._try._gotCertError = Ci.nsICertOverrideService.ERROR_UNTRUSTED;
+ } else if (secInfo.isNotValidAtThisTime) {
+ this._try._gotCertError = Ci.nsICertOverrideService.ERROR_TIME;
+ } else {
+ this._try._gotCertError = -1; // other
+ }
+
+ /* We will add a temporary cert exception here, so that
+ * we can continue and connect and try.
+ * But we will remove it again as soon as we close the
+ * connection, in _processResult().
+ * _gotCertError will serve as the marker that we
+ * have to clear the override later.
+ *
+ * In verifyConfig(), before we send the password, we *must*
+ * get another cert exception, this time with dialog to the user
+ * so that he gets informed about this and can make a choice.
+ */
+ this._try.targetSite = targetSite;
+ Cc["@mozilla.org/security/certoverride;1"]
+ .getService(Ci.nsICertOverrideService)
+ .rememberValidityOverride(host, port, {}, cert, true); // temporary override
+ this._log.warn(`Added temporary override of bad cert for: ${host}:${port}`);
+ },
+};
+
+// -----------
+// Socket Util
+
+/**
+ * @param hostname {String} The DNS hostname to connect to.
+ * @param port {Integer} The numeric port to connect to on the host.
+ * @param socketType {nsMsgSocketType} SSL, STARTTLS or NONE
+ * @param commands {Array of String}: protocol commands
+ * to send to the server.
+ * @param timeout {Integer} seconds to wait for a server response, then cancel.
+ * @param proxy {nsIProxyInfo} The proxy to use (or null to not use any).
+ * @param sslErrorHandler {SSLErrorHandler}
+ * @param resultCallback {function(wiredata)} This function will
+ * be called with the result string array from the server
+ * or null if no communication occurred.
+ * @param errorCallback {function(e)}
+ */
+function SocketUtil(
+ hostname,
+ port,
+ socketType,
+ commands,
+ timeout,
+ proxy,
+ sslErrorHandler,
+ resultCallback,
+ errorCallback
+) {
+ assert(commands && commands.length, "need commands");
+
+ var index = 0; // commands[index] is next to send to server
+ var initialized = false;
+ var aborted = false;
+
+ function _error(e) {
+ if (aborted) {
+ return;
+ }
+ aborted = true;
+ errorCallback(e);
+ }
+
+ function timeoutFunc() {
+ if (!initialized) {
+ _error("timeout");
+ }
+ }
+
+ // In case DNS takes too long or does not resolve or another blocking
+ // issue occurs before the timeout can be set on the socket, this
+ // ensures that the listener callback will be fired in a timely manner.
+ // XXX There might to be some clean up needed after the timeout is fired
+ // for socket and io resources.
+
+ // The timeout value plus 2 seconds
+ setTimeout(timeoutFunc, timeout * 1000 + 2000);
+
+ var transportService = Cc[
+ "@mozilla.org/network/socket-transport-service;1"
+ ].getService(Ci.nsISocketTransportService);
+
+ // @see NS_NETWORK_SOCKET_CONTRACTID_PREFIX
+ var socketTypeName;
+ if (socketType == SSL) {
+ socketTypeName = ["ssl"];
+ } else if (socketType == STARTTLS) {
+ socketTypeName = ["starttls"];
+ } else {
+ socketTypeName = [];
+ }
+ var transport = transportService.createTransport(
+ socketTypeName,
+ hostname,
+ port,
+ proxy,
+ null
+ );
+
+ transport.setTimeout(Ci.nsISocketTransport.TIMEOUT_CONNECT, timeout);
+ transport.setTimeout(Ci.nsISocketTransport.TIMEOUT_READ_WRITE, timeout);
+
+ var outstream = transport.openOutputStream(0, 0, 0);
+ var stream = transport.openInputStream(0, 0, 0);
+ var instream = Cc["@mozilla.org/scriptableinputstream;1"].createInstance(
+ Ci.nsIScriptableInputStream
+ );
+ instream.init(stream);
+
+ var dataListener = {
+ data: [],
+ onStartRequest(request) {
+ try {
+ initialized = true;
+ if (!aborted) {
+ // Send the first request
+ let outputData = commands[index++];
+ outstream.write(outputData, outputData.length);
+ }
+ } catch (e) {
+ _error(e);
+ }
+ },
+ async onStopRequest(request, status) {
+ try {
+ instream.close();
+ outstream.close();
+ // Did it fail because of a bad certificate?
+ let isCertError = false;
+ if (!Components.isSuccessCode(status)) {
+ let nssErrorsService = Cc[
+ "@mozilla.org/nss_errors_service;1"
+ ].getService(Ci.nsINSSErrorsService);
+ try {
+ let errorType = nssErrorsService.getErrorClass(status);
+ if (errorType == Ci.nsINSSErrorsService.ERROR_CLASS_BAD_CERT) {
+ isCertError = true;
+ }
+ } catch (e) {
+ // nsINSSErrorsService.getErrorClass throws if given a non-STARTTLS,
+ // non-cert error, so ignore this.
+ }
+ }
+ if (isCertError) {
+ if (
+ Services.prefs.getBoolPref(
+ "mailnews.auto_config.guess.requireGoodCert",
+ true
+ )
+ ) {
+ gAccountSetupLogger.info(
+ `Bad (overridable) certificate for ${hostname}:${port}. Set mailnews.auto_config.guess.requireGoodCert to false to allow detecting this as a valid SSL/TLS configuration`
+ );
+ } else {
+ let socketTransport = transport.QueryInterface(
+ Ci.nsISocketTransport
+ );
+ let secInfo =
+ await socketTransport.tlsSocketControl?.asyncGetSecurityInfo();
+ sslErrorHandler.processCertError(secInfo, hostname + ":" + port);
+ }
+ }
+ resultCallback(this.data.length ? this.data : null);
+ } catch (e) {
+ _error(e);
+ }
+ },
+ onDataAvailable(request, inputStream, offset, count) {
+ try {
+ if (!aborted) {
+ let inputData = instream.read(count);
+ this.data.push(inputData);
+ if (index < commands.length) {
+ // Send the next request to the server.
+ let outputData = commands[index++];
+ outstream.write(outputData, outputData.length);
+ }
+ }
+ } catch (e) {
+ _error(e);
+ }
+ },
+ };
+
+ try {
+ var pump = Cc["@mozilla.org/network/input-stream-pump;1"].createInstance(
+ Ci.nsIInputStreamPump
+ );
+
+ pump.init(stream, 0, 0, false);
+ pump.asyncRead(dataListener);
+ return new SocketAbortable(transport);
+ } catch (e) {
+ _error(e);
+ }
+ return null;
+}
+
+function SocketAbortable(transport) {
+ Abortable.call(this);
+ assert(transport instanceof Ci.nsITransport, "need transport");
+ this._transport = transport;
+}
+SocketAbortable.prototype = Object.create(Abortable.prototype);
+SocketAbortable.prototype.constructor = UserCancelledException;
+SocketAbortable.prototype.cancel = function (ex) {
+ try {
+ this._transport.close(Cr.NS_ERROR_ABORT);
+ } catch (e) {
+ ddump("canceling socket failed: " + e);
+ }
+};
+
+/**
+ * Resolve a proxy for some domain and expose it via a callback.
+ *
+ * @param hostname {String} The hostname which a proxy will be resolved for
+ * @param resultCallback {function(proxyInfo)}
+ * Called after the proxy has been resolved for hostname.
+ * proxy {nsIProxyInfo} The resolved proxy, or null if none were found
+ * for hostname
+ */
+function doProxy(hostname, resultCallback) {
+ // This implements the nsIProtocolProxyCallback interface:
+ function ProxyResolveCallback() {}
+ ProxyResolveCallback.prototype = {
+ onProxyAvailable(req, uri, proxy, status) {
+ // Anything but a SOCKS proxy will be unusable for email.
+ if (proxy != null && proxy.type != "socks" && proxy.type != "socks4") {
+ proxy = null;
+ }
+ resultCallback(proxy);
+ },
+ };
+ var proxyService = Cc[
+ "@mozilla.org/network/protocol-proxy-service;1"
+ ].getService(Ci.nsIProtocolProxyService);
+ // Use some arbitrary scheme just because it is required...
+ var uri = Services.io.newURI("http://" + hostname);
+ // ... we'll ignore it any way. We prefer SOCKS since that's the
+ // only thing we can use for email protocols.
+ var proxyFlags =
+ Ci.nsIProtocolProxyService.RESOLVE_IGNORE_URI_SCHEME |
+ Ci.nsIProtocolProxyService.RESOLVE_PREFER_SOCKS_PROXY;
+ if (Services.prefs.getBoolPref("network.proxy.socks_remote_dns")) {
+ proxyFlags |= Ci.nsIProtocolProxyService.RESOLVE_ALWAYS_TUNNEL;
+ }
+ proxyService.asyncResolve(uri, proxyFlags, new ProxyResolveCallback());
+}
+
+var GuessConfig = {
+ UNKNOWN,
+ IMAP,
+ POP,
+ SMTP,
+ NONE,
+ STARTTLS,
+ SSL,
+ getHostEntry,
+ getIncomingTryOrder,
+ getOutgoingTryOrder,
+ guessConfig,
+};