test_pop3GSSAPIFail.js

Enable keyboard shortcuts

/* -*- Mode: JavaScript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */

/**

 * A server offers GSSAPI (Kerberos), but auth fails, due to client or server.

 * This mainly tests whether we use the correct login mode.

 * Whether it fails due to

 * - client not set up

 * - client ticket expired / not logged in

 * - server not being set up properly

 * makes no difference to Thunderbird, as that's all hidden in the gssapi-Library

 * from the OS. So, the server here just returning err is a good approximation

 * of reality of the above cases.

 * Actually, we (more precisely the OS GSSAPI lib) fail out of band

 * in the Kerberos protocol, before the AUTH GSSAPI command is even issued.

 * @author Ben Bucksch

*/

var server;

var daemon;

var authSchemes;

var incomingServer;

var thisTest;

var tests = [

    title: "GSSAPI auth, server with GSSAPI only",

    clientAuthMethod: Ci.nsMsgAuthMethod.GSSAPI,

    serverAuthMethods: ["GSSAPI"],

    expectSuccess: false,

    transaction: ["AUTH", "CAPA"],

},

    // First GSSAPI step happens and fails out of band, thus no "AUTH GSSAPI"

    title: "GSSAPI auth, server with GSSAPI and CRAM-MD5",

    clientAuthMethod: Ci.nsMsgAuthMethod.GSSAPI,

    serverAuthMethods: ["GSSAPI", "CRAM-MD5"],

    expectSuccess: false,

    transaction: ["AUTH", "CAPA"],

},

    title: "Any secure auth, server with GSSAPI only",

    clientAuthMethod: Ci.nsMsgAuthMethod.secure,

    serverAuthMethods: ["GSSAPI"],

    expectSuccess: false,

    transaction: ["AUTH", "CAPA"],

},

    title: "Any secure auth, server with GSSAPI and CRAM-MD5",

    clientAuthMethod: Ci.nsMsgAuthMethod.secure,

    serverAuthMethods: ["GSSAPI", "CRAM-MD5"],

    expectSuccess: true,

    transaction: ["AUTH", "CAPA", "AUTH CRAM-MD5", "STAT"],

},

    title: "Encrypted password, server with GSSAPI and CRAM-MD5",

    clientAuthMethod: Ci.nsMsgAuthMethod.passwordEncrypted,

    serverAuthMethods: ["GSSAPI", "CRAM-MD5"],

    expectSuccess: true,

    transaction: ["AUTH", "CAPA", "AUTH CRAM-MD5", "STAT"],

},

];

var urlListener = {

  OnStartRunningUrl() {},

  OnStopRunningUrl(url, result) {

    try {

      if (thisTest.expectSuccess) {

        Assert.equal(result, 0);

      } else {

        Assert.notEqual(result, 0);

      var transaction = server.playTransaction();

      do_check_transaction(transaction, thisTest.transaction);

      do_timeout(0, checkBusy);

    } catch (e) {

      server.stop();

      var thread = Services.tm.currentThread;

      while (thread.hasPendingEvents()) {

        thread.processNextEvent(true);

      do_throw(e);

},

};

function checkBusy() {

  if (tests.length == 0) {

    incomingServer.closeCachedConnections();

    // No more tests, let everything finish

    server.stop();

    var thread = Services.tm.currentThread;

    while (thread.hasPendingEvents()) {

      thread.processNextEvent(true);

    do_test_finished();

    return;

  // If the server hasn't quite finished, just delay a little longer.

  if (incomingServer.serverBusy) {

    do_timeout(20, checkBusy);

    return;

  testNext();

function testNext() {

  thisTest = tests.shift();

  // Handle the server in a try/catch/finally loop so that we always will stop

  // the server if something fails.

  try {

    server.resetTest();

    test = thisTest.title;

    dump("NEXT test is: " + thisTest.title + "\n");

    authSchemes = thisTest.serverAuthMethods;

    // Mailnews caches server capabilities, so try to reset it

    deletePop3Server();

    incomingServer = createPop3Server();

    const msgServer = incomingServer;

    msgServer.QueryInterface(Ci.nsIMsgIncomingServer);

    msgServer.authMethod = thisTest.clientAuthMethod;

    MailServices.pop3.GetNewMail(

      null,

      urlListener,

      localAccountUtils.inboxFolder,

      incomingServer

);

    server.performTest();

  } catch (e) {

    server.stop();

    do_throw(e);

// <copied from="head_maillocal.js::createPop3ServerAndLocalFolders()">

function createPop3Server() {

  const incoming = MailServices.accounts.createIncomingServer(

    "fred",

    "localhost",

    "pop3"

);

  incoming.port = server.port;

  incoming.password = "wilma";

  return incoming;

// </copied>

function deletePop3Server() {

  if (!incomingServer) {

    return;

  MailServices.accounts.removeIncomingServer(incomingServer, true);

  incomingServer = null;

class GSSAPIFail_handler extends POP3_RFC5034_handler {

  _needGSSAPI = false;

  // kAuthSchemes will be set by test

  AUTH(restLine) {

    var scheme = restLine.split(" ")[0];

    if (scheme == "GSSAPI") {

      this._multiline = true;

      this._needGSSAPI = true;

      return "+";

    return super.AUTH(restLine); // call parent

  onMultiline(line) {

    if (this._needGSSAPI) {

      this._multiline = false;

      this._needGSSAPI = false;

      return "-ERR hm.... shall I allow you? hm... NO.";

    if (super.onMultiline) {

      // Call parent.

      return super.onMultiline(line);

    return undefined;

function run_test() {

  // Disable new mail notifications

  Services.prefs.setBoolPref("mail.biff.play_sound", false);

  Services.prefs.setBoolPref("mail.biff.show_alert", false);

  Services.prefs.setBoolPref("mail.biff.show_tray_icon", false);

  Services.prefs.setBoolPref("mail.biff.animate_dock_icon", false);

  daemon = new Pop3Daemon();

  function createHandler(d) {

    var handler = new GSSAPIFail_handler(d);

    handler.kAuthSchemes = authSchemes;

    return handler;

  server = new nsMailServer(createHandler, daemon);

  server.start();

  // incomingServer = createPop3ServerAndLocalFolders();

  localAccountUtils.loadLocalMailAccount();

  do_test_pending();

  testNext();