#define SM_DOT 600 /* see above */
#define SM_QUIT 30
#define SM_CLOS 10
-#ifdef CYRUS_SASL
#define SM_AUTH 45
-#endif /* CYRUS_SASL */
static int sm_addrs = 0;
static int sm_alarmed = 0;
* static prototypes
*/
static int smtp_init (char *, char *, char *, int, int, int, int, int,
- char *, char *, int);
+ char *, char *, const char *, int);
static int sendmail_init (char *, char *, int, int, int, int, int,
char *, char *);
static int sm_fputc(int);
static void sm_fflush(void);
static int sm_fgets(char *, int, FILE *);
+static int sm_auth_xoauth2(const char *);
#ifdef CYRUS_SASL
/*
int
sm_init (char *client, char *server, char *port, int watch, int verbose,
- int debug, int sasl, int saslssf, char *saslmech, char *user, int tls)
+ int debug, int sasl, int saslssf, char *saslmech, char *user,
+ const char *xoauth_client_res, int tls)
{
if (sm_mts == MTS_SMTP)
return smtp_init (client, server, port, watch, verbose,
- debug, sasl, saslssf, saslmech, user, tls);
+ debug, sasl, saslssf, saslmech, user,
+ xoauth_client_res, tls);
else
return sendmail_init (client, server, watch, verbose,
debug, sasl, saslssf, saslmech, user);
static int
smtp_init (char *client, char *server, char *port, int watch, int verbose,
int debug,
- int sasl, int saslssf, char *saslmech, char *user, int tls)
+ int sasl, int saslssf, char *saslmech, char *user,
+ const char *xoauth_client_res, int tls)
{
int result, sd1, sd2;
-#ifdef CYRUS_SASL
- char *server_mechs;
-#else /* CYRUS_SASL */
+#ifndef CYRUS_SASL
NMH_UNUSED (sasl);
NMH_UNUSED (saslssf);
NMH_UNUSED (saslmech);
*/
if (sasl) {
+ char *server_mechs;
if (! (server_mechs = EHLOset("AUTH"))) {
sm_end(NOTOK);
return sm_ierror("SMTP server does not support SASL");
saslmech, server_mechs);
}
- if (sm_auth_sasl(user, saslssf, saslmech ? saslmech : server_mechs,
+ /* Don't call sm_auth_sasl() for XAUTH2 with -sasl. Instead, call
+ sm_auth_xoauth2() below. */
+ if (xoauth_client_res == NULL &&
+ sm_auth_sasl(user, saslssf, saslmech ? saslmech : server_mechs,
server) != RP_OK) {
sm_end(NOTOK);
return NOTOK;
}
#endif /* CYRUS_SASL */
+ if (xoauth_client_res != NULL) {
+ char *server_mechs;
+ if ((server_mechs = EHLOset("AUTH")) == NULL
+ || stringdex("XOAUTH2", server_mechs) == -1) {
+ sm_end(NOTOK);
+ return sm_ierror("SMTP server does not support SASL XOAUTH2");
+ }
+ if (sm_auth_xoauth2(xoauth_client_res) != RP_OK) {
+ sm_end(NOTOK);
+ return NOTOK;
+ }
+ }
+
send_options: ;
if (watch && EHLOset ("XVRB"))
smtalk (SM_HELO, "VERB on");
}
#endif /* CYRUS_SASL */
+/* https://developers.google.com/gmail/xoauth2_protocol */
+static int
+sm_auth_xoauth2(const char *client_res)
+{
+ int status = smtalk(SM_AUTH, "AUTH XOAUTH2 %s", client_res);
+ if (status == 235) {
+ /* It worked! */
+ return RP_OK;
+ }
+
+ /*
+ * Status is 334 and sm_reply.text contains base64-encoded JSON. As far as
+ * epg can tell, no matter the error, the JSON is always the same:
+ * {"status":"400","schemes":"Bearer","scope":"https://mail.google.com/"}
+ * I tried these errors:
+ * - garbage token
+ * - expired token
+ * - wrong scope
+ * - wrong username
+ */
+ /* Then we're supposed to send an empty response ("\r\n"). */
+ smtalk(SM_AUTH, "");
+ /*
+ * And now we always get this, again, no matter the error:
+ * 535-5.7.8 Username and Password not accepted. Learn more at
+ * 535 5.7.8 http://support.google.com/mail/bin/answer.py?answer=14257
+ */
+ return RP_BHST;
+}
+
static int
sm_ierror (char *fmt, ...)
{
}
} else
#endif /* TLS_SUPPORT */
- fwrite(buffer, sizeof(*buffer), len, sm_wfp);
+ if ((int) fwrite(buffer, sizeof(*buffer), len, sm_wfp) < len) {
+ advise ("sm_fwrite", "fwrite");
+ }
#ifdef CYRUS_SASL
} else {
while (len >= maxoutbuf - sasl_outbuflen) {
return NOTOK;
}
- fwrite(output, sizeof(*output), outputlen, sm_wfp);
+ if (fwrite(output, sizeof(*output), outputlen, sm_wfp) <
+ outputlen) {
+ advise ("sm_fwrite", "fwrite");
+ }
}
if (len > 0) {
return;
}
- fwrite(output, sizeof(*output), outputlen, sm_wfp);
+ if (fwrite(output, sizeof(*output), outputlen, sm_wfp) < outputlen) {
+ advise ("sm_fflush", "fwrite");
+ }
sasl_outbuflen = 0;
}
#endif /* CYRUS_SASL */
projects / nmh / blobdiff