-/*
- * popsbr.c -- POP client subroutines
- *
- * $Id$
+/* popsbr.c -- POP client subroutines
*
* This code is Copyright (c) 2002, by the authors of nmh. See the
* COPYRIGHT file in the root directory of the nmh distribution for
* complete copyright information.
*/
-#include <h/mh.h>
-
-extern int client(char *args, char *protocol, char *service, int rproto,
- char *response, int len_response);
-
-#if defined(NNTP) && !defined(PSHSBR)
-# undef NNTP
-#endif
-
-#ifdef NNTP /* building pshsbr.o from popsbr.c */
-# include <h/nntp.h>
-#endif /* NNTP */
-
-#if !defined(NNTP) && defined(APOP)
-# include <h/md5.h>
-#endif
+#include "h/mh.h"
+#include "sbr/credentials.h"
+#include "sbr/client.h"
+#include "sbr/error.h"
+#include "h/utils.h"
+#include "h/oauth.h"
+#include "h/netsec.h"
-#ifdef CYRUS_SASL
-# include <sasl.h>
-#endif /* CYRUS_SASL */
-
-#include <h/popsbr.h>
-#include <h/signals.h>
-#include <signal.h>
-#include <errno.h>
+#include "h/popsbr.h"
+#include "h/signals.h"
+#include "sbr/base64.h"
#define TRM "."
-#define TRMLEN (sizeof TRM - 1)
static int poprint = 0;
-static int pophack = 0;
char response[BUFSIZ];
-
-static FILE *input;
-static FILE *output;
-
-#define targ_t char *
-
-#if !defined(NNTP) && defined(MPOP)
-# define command pop_command
-# define multiline pop_multiline
-#endif
-
-#ifdef NNTP
-# ifdef BPOP /* stupid */
-static int xtnd_last = -1;
-static int xtnd_first = 0;
-static char xtnd_name[512]; /* INCREDIBLE HACK!! */
-# endif
-#endif /* NNTP */
-
-#ifdef CYRUS_SASL
-static sasl_conn_t *conn; /* SASL connection state */
-static int sasl_complete = 0; /* Has sasl authentication succeeded? */
-static int maxoutbuf; /* Maximum output buffer size */
-static sasl_ssf_t sasl_ssf = 0; /* Security strength factor */
-static int sasl_get_user(void *, int, const char **, unsigned *);
-static int sasl_get_pass(sasl_conn_t *, void *, int, sasl_secret_t **);
-struct pass_context {
- char *user;
- char *host;
-};
-
-static sasl_callback_t callbacks[] = {
- { SASL_CB_USER, sasl_get_user, NULL },
-#define POP_SASL_CB_N_USER 0
- { SASL_CB_PASS, sasl_get_pass, NULL },
-#define POP_SASL_CB_N_PASS 1
- { SASL_CB_LIST_END, NULL, NULL },
-};
-#else /* CYRUS_SASL */
-# define sasl_fgetc fgetc
-#endif /* CYRUS_SASL */
+static netsec_context *nsc = NULL;
/*
* static prototypes
*/
-#if !defined(NNTP) && defined(APOP)
-static char *pop_auth (char *, char *);
-#endif
-#if defined(NNTP) || !defined(MPOP)
-/* otherwise they are not static functions */
-static int command(const char *, ...);
+static int command(const char *, ...) CHECK_PRINTF(1, 2);
static int multiline(void);
-#endif
-
-#ifdef CYRUS_SASL
-static int pop_auth_sasl(char *, char *, char *);
-static int sasl_fgetc(FILE *);
-#endif /* CYRUS_SASL */
-static int traverse (int (*)(), const char *, ...);
-static int vcommand(const char *, va_list);
-static int getline (char *, int, FILE *);
-static int putline (char *, FILE *);
+static int traverse(int (*)(void *, char *), void *closure,
+ const char *, ...) CHECK_PRINTF(3, 4);
+static int vcommand(const char *, va_list) CHECK_PRINTF(1, 0);
+static int pop_getline (char *, int, netsec_context *);
+static int pop_sasl_callback(enum sasl_message_type, unsigned const char *,
+ unsigned int, unsigned char **, unsigned int *,
+ void *, char **);
-
-#if !defined(NNTP) && defined(APOP)
-static char *
-pop_auth (char *user, char *pass)
-{
- int len, buflen;
- char *cp, *lp;
- unsigned char *dp, *ep, digest[16];
- MD5_CTX mdContext;
- static char buffer[BUFSIZ];
-
- if ((cp = strchr (response, '<')) == NULL
- || (lp = strchr (cp, '>')) == NULL) {
- snprintf (buffer, sizeof(buffer), "APOP not available: %s", response);
- strncpy (response, buffer, sizeof(response));
- return NULL;
- }
-
- *(++lp) = '\0';
- snprintf (buffer, sizeof(buffer), "%s%s", cp, pass);
-
- MD5Init (&mdContext);
- MD5Update (&mdContext, (unsigned char *) buffer,
- (unsigned int) strlen (buffer));
- MD5Final (digest, &mdContext);
-
- cp = buffer;
- buflen = sizeof(buffer);
-
- snprintf (cp, buflen, "%s ", user);
- len = strlen (cp);
- cp += len;
- buflen -= len;
-
- for (ep = (dp = digest) + sizeof(digest) / sizeof(digest[0]); dp < ep; ) {
- snprintf (cp, buflen, "%02x", *dp++ & 0xff);
- cp += 2;
- buflen -= 2;
- }
- *cp = '\0';
-
- return buffer;
-}
-#endif /* !NNTP && APOP */
-
-#ifdef CYRUS_SASL
-/*
- * This function implements the AUTH command for various SASL mechanisms
- *
- * We do the whole SASL dialog here. If this completes, then we've
- * authenticated successfully and have (possibly) negotiated a security
- * layer.
- */
-
-int
-pop_auth_sasl(char *user, char *host, char *mech)
+static int
+check_mech(char *server_mechs, size_t server_mechs_size)
{
- int result, status, sasl_capability = 0, outlen;
- unsigned int buflen;
- char server_mechs[256], *buf, outbuf[BUFSIZ];
- const char *chosen_mech;
- sasl_security_properties_t secprops;
- sasl_external_properties_t extprops;
- struct pass_context p_context;
- sasl_ssf_t *ssf;
- int *moutbuf;
+ int status;
+ bool sasl_capability = false;
/*
* First off, we're going to send the CAPA command to see if we can
return NOTOK;
}
- while ((status = multiline()) != DONE)
- switch (status) {
- case NOTOK:
+ while ((status = multiline()) != DONE) {
+ if (status == NOTOK)
return NOTOK;
- break;
- case DONE: /* Shouldn't be possible, but just in case */
- break;
- case OK:
- if (strncasecmp(response, "SASL ", 5) == 0) {
- /*
- * We've seen the SASL capability. Grab the mech list
- */
- sasl_capability++;
- strncpy(server_mechs, response + 5, sizeof(server_mechs));
- }
- break;
- }
+
+ if (strncasecmp(response, "SASL ", 5) == 0) {
+ /* We've seen the SASL capability. Grab the mech list. */
+ sasl_capability = true;
+ strncpy(server_mechs, response + 5, server_mechs_size);
+ }
+ }
if (!sasl_capability) {
snprintf(response, sizeof(response), "POP server does not support "
return NOTOK;
}
- /*
- * If we received a preferred mechanism, see if the server supports it.
- */
-
- if (mech && stringdex(mech, server_mechs) == -1) {
- snprintf(response, sizeof(response), "Requested SASL mech \"%s\" is "
- "not in list of supported mechanisms:\n%s",
- mech, server_mechs);
- return NOTOK;
- }
-
- /*
- * Start the SASL process. First off, initialize the SASL library.
- */
-
- callbacks[POP_SASL_CB_N_USER].context = user;
- p_context.user = user;
- p_context.host = host;
- callbacks[POP_SASL_CB_N_PASS].context = &p_context;
-
- result = sasl_client_init(callbacks);
-
- if (result != SASL_OK) {
- snprintf(response, sizeof(response), "SASL library initialization "
- "failed: %s", sasl_errstring(result, NULL, NULL));
- return NOTOK;
- }
-
- result = sasl_client_new("pop", host, NULL, SASL_SECURITY_LAYER, &conn);
-
- if (result != SASL_OK) {
- snprintf(response, sizeof(response), "SASL client initialization "
- "failed: %s", sasl_errstring(result, NULL, NULL));
- return NOTOK;
- }
-
- /*
- * Initialize the security properties
- */
-
- memset(&secprops, 0, sizeof(secprops));
- secprops.maxbufsize = BUFSIZ;
- secprops.max_ssf = UINT_MAX;
- memset(&extprops, 0, sizeof(extprops));
-
- result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops);
-
- if (result != SASL_OK) {
- snprintf(response, sizeof(response), "SASL security property "
- "initialization failed: %s",
- sasl_errstring(result, NULL, NULL));
- return NOTOK;
- }
+ return OK;
+}
- result = sasl_setprop(conn, SASL_SSF_EXTERNAL, &extprops);
+/*
+ * Split string containing proxy command into an array of arguments
+ * suitable for passing to exec. Returned array must be freed. Shouldn't
+ * be possible to call this with host set to NULL.
+ */
+char **
+parse_proxy(char *proxy, char *host)
+{
+ char **pargv, **p;
+ int pargc = 2;
+ int hlen = strlen(host);
+ int plen = 1;
+ unsigned char *cur, *pro;
+ char *c;
+
+ /* skip any initial space */
+ for (pro = (unsigned char *) proxy; isspace(*pro); pro++)
+ continue;
+
+ /* calculate required size for argument array */
+ for (cur = pro; *cur; cur++) {
+ if (isspace(*cur) && cur[1] && !isspace(cur[1]))
+ plen++, pargc++;
+ else if (*cur == '%' && cur[1] == 'h') {
+ plen += hlen;
+ cur++;
+ } else if (!isspace(*cur))
+ plen++;
+ }
+
+ /* put together list of arguments */
+ p = pargv = mh_xmalloc(pargc * sizeof(char *));
+ c = *pargv = mh_xmalloc(plen);
+ for (cur = pro; *cur; cur++) {
+ if (isspace(*cur) && cur[1] && !isspace(cur[1])) {
+ *c++ = '\0';
+ *++p = c;
+ } else if (*cur == '%' && cur[1] == 'h') {
+ strcpy (c, host);
+ c += hlen;
+ cur++;
+ } else if (!isspace(*cur))
+ *c++ = *cur;
+ }
+ *c = '\0';
+ *++p = NULL;
+ return pargv;
+}
- if (result != SASL_OK) {
- snprintf(response, sizeof(response), "SASL external property "
- "initialization failed: %s",
- sasl_errstring(result, NULL, NULL));
- return NOTOK;
- }
+int
+pop_init (char *host, char *port, char *user, char *proxy, int snoop,
+ int sasl, char *mech, int tls, const char *oauth_svc)
+{
+ int fd1, fd2;
+ char buffer[BUFSIZ];
+ char *errstr;
- /*
- * Start the actual protocol. Feed the mech list into the library
- * and get out a possible initial challenge
- */
+ nsc = netsec_init();
- result = sasl_client_start(conn, mech ? mech : server_mechs,
- NULL, NULL, &buf, &buflen, &chosen_mech);
+ if (user)
+ netsec_set_userid(nsc, user);
- if (result != SASL_OK && result != SASL_CONTINUE) {
- snprintf(response, sizeof(response), "SASL client start failed: %s",
- sasl_errstring(result, NULL, NULL));
- return NOTOK;
- }
+ netsec_set_hostname(nsc, host);
- if (buflen) {
- status = sasl_encode64(buf, buflen, outbuf, sizeof(outbuf), NULL);
- free(buf);
- if (status != SASL_OK) {
- snprintf(response, sizeof(response), "SASL base64 encode "
- "failed: %s", sasl_errstring(status, NULL, NULL));
+ if (oauth_svc != NULL) {
+ if (netsec_set_oauth_service(nsc, oauth_svc) != OK) {
+ snprintf(response, sizeof(response), "OAuth2 not supported");
return NOTOK;
}
+ }
- status = command("AUTH %s %s", chosen_mech, outbuf);
- } else
- status = command("AUTH %s", chosen_mech);
+ if (proxy && *proxy) {
+ int pid;
+ int inpipe[2]; /* for reading from the server */
+ int outpipe[2]; /* for sending to the server */
+
+ if (pipe(inpipe) < 0) {
+ adios ("inpipe", "pipe");
+ }
+ if (pipe(outpipe) < 0) {
+ adios ("outpipe", "pipe");
+ }
+
+ pid=fork();
+ if (pid==0) {
+ char **argv;
+
+ /* in child */
+ close(0);
+ close(1);
+ dup2(outpipe[0],0); /* connect read end of connection */
+ dup2(inpipe[1], 1); /* connect write end of connection */
+ if(inpipe[0]>1) close(inpipe[0]);
+ if(inpipe[1]>1) close(inpipe[1]);
+ if(outpipe[0]>1) close(outpipe[0]);
+ if(outpipe[1]>1) close(outpipe[1]);
+
+ /* run the proxy command */
+ argv=parse_proxy(proxy, host);
+ execvp(argv[0],argv);
+
+ perror(argv[0]);
+ close(0);
+ close(1);
+ free(*argv);
+ free(argv);
+ exit(1);
+ }
+
+ /* okay in the parent we do some stuff */
+ close(inpipe[1]); /* child uses this */
+ close(outpipe[0]); /* child uses this */
+
+ /* we read on fd1 */
+ fd1=inpipe[0];
+ /* and write on fd2 */
+ fd2=outpipe[1];
- while (result == SASL_CONTINUE) {
- if (status == NOTOK)
- return NOTOK;
-
- /*
- * If we get a "+OK" prefix to our response, then we should
- * exit out of this exchange now (because authenticated should
- * have succeeded)
- */
-
- if (strncmp(response, "+OK", 3) == 0)
- break;
-
- /*
- * Otherwise, make sure the server challenge is correctly formatted
- */
-
- if (strncmp(response, "+ ", 2) != 0) {
- command("*");
- snprintf(response, sizeof(response),
- "Malformed authentication message from server");
+ } else {
+ if ((fd1 = client (host, port ? port : "pop3", response,
+ sizeof(response), snoop)) == NOTOK) {
return NOTOK;
}
+ fd2 = fd1;
+ }
- result = sasl_decode64(response + 2, strlen(response + 2),
- outbuf, &outlen);
-
- if (result != SASL_OK) {
- command("*");
- snprintf(response, sizeof(response), "SASL base64 decode "
- "failed: %s", sasl_errstring(result, NULL, NULL));
- return NOTOK;
- }
+ SIGNAL (SIGPIPE, SIG_IGN);
- result = sasl_client_step(conn, outbuf, outlen, NULL, &buf, &buflen);
+ netsec_set_fd(nsc, fd1, fd2);
+ netsec_set_snoop(nsc, snoop);
- if (result != SASL_OK && result != SASL_CONTINUE) {
- command("*");
- snprintf(response, sizeof(response), "SASL client negotiaton "
- "failed: %s", sasl_errstring(result, NULL, NULL));
+ if (tls & P_INITTLS) {
+ if (netsec_set_tls(nsc, 1, tls & P_NOVERIFY, &errstr) != OK) {
+ snprintf(response, sizeof(response), "%s", errstr);
+ free(errstr);
return NOTOK;
}
- status = sasl_encode64(buf, buflen, outbuf, sizeof(outbuf), NULL);
- free(buf);
-
- if (status != SASL_OK) {
- command("*");
- snprintf(response, sizeof(response), "SASL base64 encode "
- "failed: %s", sasl_errstring(status, NULL, NULL));
+ if (netsec_negotiate_tls(nsc, &errstr) != OK) {
+ snprintf(response, sizeof(response), "%s", errstr);
+ free(errstr);
return NOTOK;
}
-
- status = command(outbuf);
- }
-
- /*
- * If we didn't get a positive final response, then error out
- * (that probably means we failed an authorization check).
- */
-
- if (status != OK)
- return NOTOK;
-
- /*
- * Depending on the mechanism, we might need to call sasl_client_step()
- * one more time. Do that now.
- */
-
- result = sasl_client_step(conn, NULL, 0, NULL, &buf, &buflen);
-
- if (result != SASL_OK) {
- snprintf(response, sizeof(response), "SASL final client negotiaton "
- "failed: %s", sasl_errstring(result, NULL, NULL));
- return NOTOK;
}
- /*
- * We _should_ be okay now. Get a few properties now that negotiation
- * has completed.
- */
-
- result = sasl_getprop(conn, SASL_MAXOUTBUF, (void **) &moutbuf);
-
- if (result != SASL_OK) {
- snprintf(response, sizeof(response), "Cannot retrieve SASL negotiated "
- "output buffer size: %s", sasl_errstring(result, NULL, NULL));
- return NOTOK;
+ if (sasl) {
+ if (netsec_set_sasl_params(nsc, "pop", mech, pop_sasl_callback,
+ NULL, &errstr) != OK) {
+ snprintf(response, sizeof(response), "%s", errstr);
+ free(errstr);
+ return NOTOK;
+ }
}
- maxoutbuf = *moutbuf;
+ switch (pop_getline (response, sizeof response, nsc)) {
+ case OK:
+ if (poprint)
+ fprintf (stderr, "<--- %s\n", response);
+ if (*response == '+') {
+ nmh_creds_t creds;
- result = sasl_getprop(conn, SASL_SSF, (void **) &ssf);
+ if (sasl) {
+ char server_mechs[256];
+ if (check_mech(server_mechs, sizeof(server_mechs)) != OK)
+ return NOTOK;
+ if (netsec_negotiate_sasl(nsc, server_mechs,
+ &errstr) != OK) {
+ strncpy(response, errstr, sizeof(response));
+ response[sizeof(response) - 1] = '\0';
+ free(errstr);
+ return NOTOK;
+ }
+ return OK;
+ }
- sasl_ssf = *ssf;
+ if (!(creds = nmh_get_credentials(host, user)))
+ return NOTOK;
+ if (command ("USER %s", nmh_cred_get_user(creds))
+ != NOTOK) {
+ if (command("PASS %s", nmh_cred_get_password(creds))
+ != NOTOK) {
+ nmh_credentials_free(creds);
+ return OK;
+ }
+ }
+ nmh_credentials_free(creds);
+ }
+ strncpy (buffer, response, sizeof(buffer));
+ command ("QUIT");
+ strncpy (response, buffer, sizeof(response));
+ /* FALLTHRU */
- if (result != SASL_OK) {
- snprintf(response, sizeof(response), "Cannot retrieve SASL negotiated "
- "security strength factor: %s",
- sasl_errstring(result, NULL, NULL));
- return NOTOK;
+ case NOTOK:
+ case DONE:
+ if (poprint) {
+ fputs(response, stderr);
+ putc('\n', stderr);
+ }
+ netsec_shutdown(nsc);
+ nsc = NULL;
+ return NOTOK;
}
- /*
- * Limit this to what we can deal with.
- */
-
- if (maxoutbuf == 0 || maxoutbuf > BUFSIZ)
- maxoutbuf = BUFSIZ;
-
- sasl_complete = 1;
-
- return status;
+ return NOTOK; /* NOTREACHED */
}
-/*
- * Callback to return the userid sent down via the user parameter
- */
-
-static int
-sasl_get_user(void *context, int id, const char **result, unsigned *len)
-{
- char *user = (char *) context;
-
- if (! result || id != SASL_CB_USER)
- return SASL_BADPARAM;
-
- *result = user;
- if (len)
- *len = strlen(user);
-
- return SASL_OK;
-}
/*
- * Callback to return the password (we call ruserpass, which can get it
- * out of the .netrc
+ * Our SASL callback; we are given SASL tokens and then have to format
+ * them according to the protocol requirements, and then process incoming
+ * messages and feed them back into the SASL library.
*/
static int
-sasl_get_pass(sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret)
+pop_sasl_callback(enum sasl_message_type mtype, unsigned const char *indata,
+ unsigned int indatalen, unsigned char **outdata,
+ unsigned int *outdatalen, void *context, char **errstr)
{
- struct pass_context *p_context = (struct pass_context *) context;
- char *pass = NULL;
- int len;
-
- if (! psecret || id != SASL_CB_PASS)
- return SASL_BADPARAM;
-
- ruserpass(p_context->user, &(p_context->host), &pass);
-
- len = strlen(pass);
-
- *psecret = (sasl_secret_t *) malloc(sizeof(sasl_secret_t) + len);
+ int rc, snoopoffset;
+ char *mech, *line;
+ size_t len, b64len;
+ NMH_UNUSED(context);
- if (! *psecret)
- return SASL_NOMEM;
-
- (*psecret)->len = len;
- strcpy((*psecret)->data, pass);
-
- return SASL_OK;
-}
-#endif /* CYRUS_SASL */
+ switch (mtype) {
+ case NETSEC_SASL_START:
+ /*
+ * Generate our AUTH message, but there is a wrinkle.
+ *
+ * Technically, according to RFC 5034, if your command INCLUDING
+ * an initial response exceeds 255 octets (including CRLF), you
+ * can't issue this all in one go, but have to just issue the
+ * AUTH command, wait for a blank initial response, and then
+ * send your data.
+ */
-int
-pop_init (char *host, char *user, char *pass, int snoop, int rpop, int kpop,
- int sasl, char *mech)
-{
- int fd1, fd2;
- char buffer[BUFSIZ];
+ mech = netsec_get_sasl_mechanism(nsc);
+
+ if (indatalen) {
+ char *b64data;
+ b64data = mh_xmalloc(BASE64SIZE(indatalen));
+ writeBase64raw(indata, indatalen, (unsigned char *) b64data);
+ b64len = strlen(b64data);
+
+ /* Formula here is AUTH + SP + mech + SP + out + CR + LF */
+ len = b64len + 8 + strlen(mech);
+ if (len > 255) {
+ rc = netsec_printf(nsc, errstr, "AUTH %s\r\n", mech);
+ if (rc)
+ return NOTOK;
+ if (netsec_flush(nsc, errstr) != OK)
+ return NOTOK;
+ line = netsec_readline(nsc, &len, errstr);
+ if (! line)
+ return NOTOK;
+ /*
+ * If the protocol is being followed correctly, should just
+ * be a "+ ", nothing else.
+ */
+ if (len != 2 || strcmp(line, "+ ") != 0) {
+ netsec_err(errstr, "Did not get expected blank response "
+ "for initial challenge response");
+ return NOTOK;
+ }
+ rc = netsec_printf(nsc, errstr, "%s\r\n", b64data);
+ free(b64data);
+ if (rc != OK)
+ return NOTOK;
+ netsec_set_snoop_callback(nsc, netsec_b64_snoop_decoder, NULL);
+ rc = netsec_flush(nsc, errstr);
+ netsec_set_snoop_callback(nsc, NULL, NULL);
+ if (rc != OK)
+ return NOTOK;
+ } else {
+ rc = netsec_printf(nsc, errstr, "AUTH %s %s\r\n", mech,
+ b64data);
+ free(b64data);
+ if (rc != OK)
+ return NOTOK;
+ netsec_set_snoop_callback(nsc, netsec_b64_snoop_decoder,
+ &snoopoffset);
+ snoopoffset = 6 + strlen(mech);
+ rc = netsec_flush(nsc, errstr);
+ netsec_set_snoop_callback(nsc, NULL, NULL);
+ if (rc != OK)
+ return NOTOK;
+ }
+ } else {
+ if (netsec_printf(nsc, errstr, "AUTH %s\r\n", mech) != OK)
+ return NOTOK;
+ if (netsec_flush(nsc, errstr) != OK)
+ return NOTOK;
+ }
-#ifdef APOP
- int apop;
+ break;
- if ((apop = rpop) < 0)
- rpop = 0;
-#endif
+ /*
+ * We should get one line back, with our base64 data. Decode that
+ * and feed it back into the SASL library.
+ */
+ case NETSEC_SASL_READ:
+ netsec_set_snoop_callback(nsc, netsec_b64_snoop_decoder, &snoopoffset);
+ snoopoffset = 2;
+ line = netsec_readline(nsc, &len, errstr);
+ netsec_set_snoop_callback(nsc, NULL, NULL);
-#ifndef NNTP
-# ifdef KPOP
- if ( kpop ) {
- snprintf (buffer, sizeof(buffer), "%s/%s", KPOP_PRINCIPAL, "kpop");
- if ((fd1 = client (host, "tcp", buffer, 0, response, sizeof(response))) == NOTOK) {
+ if (line == NULL)
return NOTOK;
- }
- } else {
-# endif /* KPOP */
- if ((fd1 = client (host, "tcp", POPSERVICE, rpop, response, sizeof(response))) == NOTOK) {
+ if (len < 2 || (len == 2 && strcmp(line, "+ ") != 0)) {
+ netsec_err(errstr, "Invalid format for SASL response");
return NOTOK;
- }
-# ifdef KPOP
- }
-# endif /* KPOP */
-#else /* NNTP */
- if ((fd1 = client (host, "tcp", "nntp", rpop, response, sizeof(response))) == NOTOK)
- return NOTOK;
-#endif
-
- if ((fd2 = dup (fd1)) == NOTOK) {
- char *s;
-
- if ((s = strerror(errno)))
- snprintf (response, sizeof(response),
- "unable to dup connection descriptor: %s", s);
- else
- snprintf (response, sizeof(response),
- "unable to dup connection descriptor: unknown error");
- close (fd1);
- return NOTOK;
- }
-#ifndef NNTP
- if (pop_set (fd1, fd2, snoop) == NOTOK)
-#else /* NNTP */
- if (pop_set (fd1, fd2, snoop, (char *)0) == NOTOK)
-#endif /* NNTP */
- return NOTOK;
+ }
- SIGNAL (SIGPIPE, SIG_IGN);
+ if (len == 2) {
+ *outdata = NULL;
+ *outdatalen = 0;
+ } else {
+ rc = decodeBase64(line + 2, outdata, &len, 0, NULL);
+ *outdatalen = len;
+ if (rc != OK) {
+ netsec_err(errstr, "Unable to decode base64 response");
+ return NOTOK;
+ }
+ }
+ break;
- switch (getline (response, sizeof response, input)) {
- case OK:
- if (poprint)
- fprintf (stderr, "<--- %s\n", response);
-#ifndef NNTP
- if (*response == '+') {
-# ifndef KPOP
-# ifdef APOP
- if (apop < 0) {
- char *cp = pop_auth (user, pass);
+ /*
+ * Our encoding is pretty simple, so this is easy.
+ */
- if (cp && command ("APOP %s", cp) != NOTOK)
- return OK;
- }
- else
-# endif /* APOP */
-# ifdef CYRUS_SASL
- if (sasl) {
- if (pop_auth_sasl(user, host, mech) != NOTOK)
- return OK;
- } else
-# endif /* CYRUS_SASL */
- if (command ("USER %s", user) != NOTOK
- && command ("%s %s", rpop ? "RPOP" : (pophack++, "PASS"),
- pass) != NOTOK)
- return OK;
-# else /* KPOP */
- if (command ("USER %s", user) != NOTOK
- && command ("PASS %s", pass) != NOTOK)
- return OK;
-# endif
- }
-#else /* NNTP */
- if (*response < CHAR_ERR) {
- command ("MODE READER");
- return OK;
- }
-#endif
- strncpy (buffer, response, sizeof(buffer));
- command ("QUIT");
- strncpy (response, buffer, sizeof(response));
- /* and fall */
+ case NETSEC_SASL_WRITE:
+ if (indatalen == 0) {
+ rc = netsec_printf(nsc, errstr, "\r\n");
+ } else {
+ unsigned char *b64data;
+ b64data = mh_xmalloc(BASE64SIZE(indatalen));
+ writeBase64raw(indata, indatalen, b64data);
+ rc = netsec_printf(nsc, errstr, "%s\r\n", b64data);
+ free(b64data);
+ }
- case NOTOK:
- case DONE:
- if (poprint)
- fprintf (stderr, "%s\n", response);
- fclose (input);
- fclose (output);
+ if (rc != OK)
return NOTOK;
- }
- return NOTOK; /* NOTREACHED */
-}
+ if (indatalen > 0)
+ netsec_set_snoop_callback(nsc, netsec_b64_snoop_decoder, NULL);
+ rc = netsec_flush(nsc, errstr);
+ netsec_set_snoop_callback(nsc, NULL, NULL);
+ if (rc != OK)
+ return NOTOK;
+ break;
-#ifdef NNTP
-int
-pop_set (int in, int out, int snoop, char *myname)
-#else
-int
-pop_set (int in, int out, int snoop)
-#endif
-{
+ /*
+ * Finish the protocol; we're looking for an +OK
+ */
-#ifdef NNTP
- if (myname && *myname) {
- /* interface from bbc to msh */
- strncpy (xtnd_name, myname, sizeof(xtnd_name));
- }
-#endif /* NNTP */
-
- if ((input = fdopen (in, "r")) == NULL
- || (output = fdopen (out, "w")) == NULL) {
- strncpy (response, "fdopen failed on connection descriptor", sizeof(response));
- if (input)
- fclose (input);
- else
- close (in);
- close (out);
- return NOTOK;
- }
+ case NETSEC_SASL_FINISH:
+ line = netsec_readline(nsc, &len, errstr);
+ if (line == NULL)
+ return NOTOK;
- poprint = snoop;
+ if (!has_prefix(line, "+OK")) {
+ netsec_err(errstr, "Authentication failed: %s", line);
+ return NOTOK;
+ }
+ break;
- return OK;
-}
+ /*
+ * Cancel the SASL exchange in the middle of the commands; for
+ * POP, that's a single "*".
+ *
+ * It's unclear to me if I should be returning errors up; I finally
+ * decided the answer should be "yes", and if the upper layer wants to
+ * ignore them that's their choice.
+ */
+ case NETSEC_SASL_CANCEL:
+ rc = netsec_printf(nsc, errstr, "*\r\n");
+ if (rc == OK)
+ rc = netsec_flush(nsc, errstr);
+ if (rc != OK)
+ return NOTOK;
+ break;
+ }
-int
-pop_fd (char *in, int inlen, char *out, int outlen)
-{
- snprintf (in, inlen, "%d", fileno (input));
- snprintf (out, outlen, "%d", fileno (output));
return OK;
}
-
/*
* Find out number of messages available
* and their total size.
int
pop_stat (int *nmsgs, int *nbytes)
{
-#ifdef NNTP
- char **ap;
-#endif /* NNTP */
-#ifndef NNTP
if (command ("STAT") == NOTOK)
return NOTOK;
*nmsgs = *nbytes = 0;
sscanf (response, "+OK %d %d", nmsgs, nbytes);
-#else /* NNTP */
- if (xtnd_last < 0) { /* in msh, xtnd_name is set from myname */
- if (command("GROUP %s", xtnd_name) == NOTOK)
- return NOTOK;
-
- ap = brkstring (response, " ", "\n"); /* "211 nart first last ggg" */
- xtnd_first = atoi (ap[2]);
- xtnd_last = atoi (ap[3]);
- }
-
- /* nmsgs is not the real nart, but an incredible simuation */
- if (xtnd_last > 0)
- *nmsgs = xtnd_last - xtnd_first + 1; /* because of holes... */
- else
- *nmsgs = 0;
- *nbytes = xtnd_first; /* for subtracting offset in msh() */
-#endif /* NNTP */
-
return OK;
}
-#ifdef NNTP
-int
-pop_exists (int (*action)())
-{
-#ifdef XMSGS /* hacked into NNTP 1.5 */
- if (traverse (action, "XMSGS %d-%d", (targ_t) xtnd_first, (targ_t) xtnd_last) == OK)
- return OK;
-#endif
- /* provided by INN 1.4 */
- if (traverse (action, "LISTGROUP") == OK)
- return OK;
- return traverse (action, "XHDR NONAME %d-%d", (targ_t) xtnd_first, (targ_t) xtnd_last);
-}
-#endif /* NNTP */
-
-#ifdef BPOP
-int
-pop_list (int msgno, int *nmsgs, int *msgs, int *bytes, int *ids)
-#else
int
-pop_list (int msgno, int *nmsgs, int *msgs, int *bytes)
-#endif
+pop_retr (int msgno, int (*action)(void *, char *), void *closure)
{
- int i;
-#ifndef BPOP
- int *ids = NULL;
-#endif
-
- if (msgno) {
-#ifndef NNTP
- if (command ("LIST %d", msgno) == NOTOK)
- return NOTOK;
- *msgs = *bytes = 0;
- if (ids) {
- *ids = 0;
- sscanf (response, "+OK %d %d %d", msgs, bytes, ids);
- }
- else
- sscanf (response, "+OK %d %d", msgs, bytes);
-#else /* NNTP */
- *msgs = *bytes = 0;
- if (command ("STAT %d", msgno) == NOTOK)
- return NOTOK;
- if (ids) {
- *ids = msgno;
- }
-#endif /* NNTP */
- return OK;
- }
-
-#ifndef NNTP
- if (command ("LIST") == NOTOK)
- return NOTOK;
-
- for (i = 0; i < *nmsgs; i++)
- switch (multiline ()) {
- case NOTOK:
- return NOTOK;
- case DONE:
- *nmsgs = ++i;
- return OK;
- case OK:
- *msgs = *bytes = 0;
- if (ids) {
- *ids = 0;
- sscanf (response, "%d %d %d",
- msgs++, bytes++, ids++);
- }
- else
- sscanf (response, "%d %d", msgs++, bytes++);
- break;
- }
- for (;;)
- switch (multiline ()) {
- case NOTOK:
- return NOTOK;
- case DONE:
- return OK;
- case OK:
- break;
- }
-#else /* NNTP */
- return NOTOK;
-#endif /* NNTP */
-}
-
-
-int
-pop_retr (int msgno, int (*action)())
-{
-#ifndef NNTP
- return traverse (action, "RETR %d", (targ_t) msgno);
-#else /* NNTP */
- return traverse (action, "ARTICLE %d", (targ_t) msgno);
-#endif /* NNTP */
+ return traverse (action, closure, "RETR %d", msgno);
}
static int
-traverse (int (*action)(), const char *fmt, ...)
+traverse (int (*action)(void *, char *), void *closure, const char *fmt, ...)
{
- int result;
+ int result, snoopstate;
va_list ap;
char buffer[sizeof(response)];
return NOTOK;
strncpy (buffer, response, sizeof(buffer));
- for (;;)
- switch (multiline ()) {
- case NOTOK:
- return NOTOK;
+ if ((snoopstate = netsec_get_snoop(nsc)))
+ netsec_set_snoop(nsc, 0);
- case DONE:
- strncpy (response, buffer, sizeof(response));
- return OK;
+ for (;;) {
+ result = multiline();
+ if (result == OK) {
+ result = (*action)(closure, response);
+ if (result == OK)
+ continue;
+ } else if (result == DONE) {
+ strncpy(response, buffer, sizeof(response));
+ result = OK;
+ }
+ break;
+ }
- case OK:
- (*action) (response);
- break;
- }
+ netsec_set_snoop(nsc, snoopstate);
+ return result;
}
}
-int
-pop_noop (void)
-{
- return command ("NOOP");
-}
-
-
-#if defined(MPOP) && !defined(NNTP)
-int
-pop_last (void)
-{
- return command ("LAST");
-}
-#endif
-
-
-int
-pop_rset (void)
-{
- return command ("RSET");
-}
-
-
-int
-pop_top (int msgno, int lines, int (*action)())
-{
-#ifndef NNTP
- return traverse (action, "TOP %d %d", (targ_t) msgno, (targ_t) lines);
-#else /* NNTP */
- return traverse (action, "HEAD %d", (targ_t) msgno);
-#endif /* NNTP */
-}
-
-
-#ifdef BPOP
-int
-pop_xtnd (int (*action)(), char *fmt, ...)
-{
- int result;
- va_list ap;
- char buffer[BUFSIZ];
-
-#ifdef NNTP
- char **ap;
-#endif
-
- va_start(ap, fmt);
-#ifndef NNTP
- /* needs to be fixed... va_end needs to be added */
- snprintf (buffer, sizeof(buffer), "XTND %s", fmt);
- result = traverse (action, buffer, a, b, c, d);
- va_end(ap);
- return result;
-#else /* NNTP */
- snprintf (buffer, sizeof(buffer), fmt, a, b, c, d);
- ap = brkstring (buffer, " ", "\n"); /* a hack, i know... */
-
- if (!strcasecmp(ap[0], "x-bboards")) { /* XTND "X-BBOARDS group */
- /* most of these parameters are meaningless under NNTP.
- * bbc.c was modified to set AKA and LEADERS as appropriate,
- * the rest are left blank.
- */
- return OK;
- }
- if (!strcasecmp (ap[0], "archive") && ap[1]) {
- snprintf (xtnd_name, sizeof(xtnd_name), "%s", ap[1]); /* save the name */
- xtnd_last = 0;
- xtnd_first = 1; /* setup to fail in pop_stat */
- return OK;
- }
- if (!strcasecmp (ap[0], "bboards")) {
-
- if (ap[1]) { /* XTND "BBOARDS group" */
- snprintf (xtnd_name, sizeof(xtnd_name), "%s", ap[1]); /* save the name */
- if (command("GROUP %s", xtnd_name) == NOTOK)
- return NOTOK;
-
- /* action must ignore extra args */
- strncpy (buffer, response, sizeof(buffer));
- ap = brkstring (response, " ", "\n");/* "211 nart first last g" */
- xtnd_first = atoi (ap[2]);
- xtnd_last = atoi (ap[3]);
-
- (*action) (buffer);
- return OK;
-
- } else { /* XTND "BBOARDS" */
- return traverse (action, "LIST", a, b, c, d);
- }
- }
- return NOTOK; /* unknown XTND command */
-#endif /* NNTP */
-}
-#endif BPOP
-
-
int
pop_quit (void)
{
int
pop_done (void)
{
-#ifdef CYRUS_SASL
- if (conn)
- sasl_dispose(&conn);
-#endif /* CYRUS_SASL */
- fclose (input);
- fclose (output);
+ if (nsc)
+ netsec_shutdown(nsc);
return OK;
}
-#if !defined(MPOP) || defined(NNTP)
-static
-#endif
int
command(const char *fmt, ...)
{
static int
vcommand (const char *fmt, va_list ap)
{
- char *cp, buffer[BUFSIZ];
-
- vsnprintf (buffer, sizeof(buffer), fmt, ap);
- if (poprint) {
-#ifdef CYRUS_SASL
- if (sasl_ssf)
- fprintf(stderr, "(encrypted) ");
-#endif /* CYRUS_SASL */
- if (pophack) {
- if ((cp = strchr (buffer, ' ')))
- *cp = 0;
- fprintf (stderr, "---> %s ********\n", buffer);
- if (cp)
- *cp = ' ';
- pophack = 0;
- }
- else
- fprintf (stderr, "---> %s\n", buffer);
+ /* char *cp; */
+ char *errstr;
+
+ if (netsec_vprintf(nsc, &errstr, fmt, ap) != OK) {
+ strncpy(response, errstr, sizeof(response));
+ response[sizeof(response) - 1] = '\0';
+ free(errstr);
+ return NOTOK;
}
- if (putline (buffer, output) == NOTOK)
+ if (netsec_printf(nsc, &errstr, "\r\n") != OK) {
+ strncpy(response, errstr, sizeof(response));
+ response[sizeof(response) - 1] = '\0';
+ free(errstr);
return NOTOK;
+ }
-#ifdef CYRUS_SASL
- if (poprint && sasl_ssf)
- fprintf(stderr, "(decrypted) ");
-#endif /* CYRUS_SASL */
+ if (netsec_flush(nsc, &errstr) != OK) {
+ strncpy(response, errstr, sizeof(response));
+ response[sizeof(response) - 1] = '\0';
+ free(errstr);
+ return NOTOK;
+ }
- switch (getline (response, sizeof response, input)) {
+ switch (pop_getline (response, sizeof response, nsc)) {
case OK:
if (poprint)
fprintf (stderr, "<--- %s\n", response);
-#ifndef NNTP
- return (*response == '+' ? OK : NOTOK);
-#else /* NNTP */
- return (*response < CHAR_ERR ? OK : NOTOK);
-#endif /* NNTP */
+ return *response == '+' ? OK : NOTOK;
case NOTOK:
case DONE:
- if (poprint)
- fprintf (stderr, "%s\n", response);
+ if (poprint) {
+ fputs(response, stderr);
+ putc('\n', stderr);
+ }
return NOTOK;
}
}
-#if defined(MPOP) && !defined(NNTP)
int
multiline (void)
-#else
-static int
-multiline (void)
-#endif
{
- char buffer[BUFSIZ + TRMLEN];
+ char buffer[BUFSIZ + LEN(TRM)];
- if (getline (buffer, sizeof buffer, input) != OK)
+ if (pop_getline (buffer, sizeof buffer, nsc) != OK)
return NOTOK;
-#ifdef DEBUG
- if (poprint) {
-#ifdef CYRUS_SASL
- if (sasl_ssf)
- fprintf(stderr, "(decrypted) ");
-#endif /* CYRUS_SASL */
- fprintf (stderr, "<--- %s\n", response);
- }
-#endif DEBUG
- if (strncmp (buffer, TRM, TRMLEN) == 0) {
- if (buffer[TRMLEN] == 0)
+ if (has_prefix(buffer, TRM)) {
+ if (buffer[LEN(TRM)] == 0)
return DONE;
- else
- strncpy (response, buffer + TRMLEN, sizeof(response));
+ strncpy (response, buffer + LEN(TRM), sizeof(response));
}
else
strncpy (response, buffer, sizeof(response));
}
/*
- * Note that these functions have been modified to deal with layer encryption
- * in the SASL case
+ * This is now just a thin wrapper around netsec_readline().
*/
static int
-getline (char *s, int n, FILE *iop)
+pop_getline (char *s, int n, netsec_context *ns)
{
- int c;
+ /* int c = -2; */
char *p;
+ size_t len, destlen;
+ /* int rc; */
+ char *errstr;
- p = s;
- while (--n > 0 && (c = sasl_fgetc (iop)) != EOF && c != -2)
- if ((*p++ = c) == '\n')
- break;
- if (c == -2)
- return NOTOK;
- if (ferror (iop) && c != EOF) {
- strncpy (response, "error on connection", sizeof(response));
- return NOTOK;
- }
- if (c == EOF && p == s) {
- strncpy (response, "connection closed by foreign host", sizeof(response));
- return DONE;
- }
- *p = 0;
- if (*--p == '\n')
- *p = 0;
- if (*--p == '\r')
- *p = 0;
+ p = netsec_readline(ns, &len, &errstr);
- return OK;
-}
-
-
-static int
-putline (char *s, FILE *iop)
-{
-#ifdef CYRUS_SASL
- char outbuf[BUFSIZ], *buf;
- int result;
- unsigned int buflen;
-
- if (!sasl_complete) {
-#endif /* CYRUS_SASL */
- fprintf (iop, "%s\r\n", s);
-#ifdef CYRUS_SASL
- } else {
- /*
- * Build an output buffer, encrypt it using sasl_encode, and
- * squirt out the results.
- */
- strncpy(outbuf, s, sizeof(outbuf) - 3);
- outbuf[sizeof(outbuf) - 3] = '\0'; /* Just in case */
- strcat(outbuf, "\r\n");
-
- result = sasl_encode(conn, outbuf, strlen(outbuf), &buf, &buflen);
-
- if (result != SASL_OK) {
- snprintf(response, sizeof(response), "SASL encoding error: %s",
- sasl_errstring(result, NULL, NULL));
- return NOTOK;
- }
-
- fwrite(buf, buflen, 1, iop);
- free(buf);
- }
-#endif /* CYRUS_SASL */
-
- fflush (iop);
- if (ferror (iop)) {
- strncpy (response, "lost connection", sizeof(response));
+ if (p == NULL) {
+ strncpy(response, errstr, sizeof(response));
+ response[sizeof(response) - 1] = '\0';
+ free(errstr);
return NOTOK;
}
- return OK;
-}
-
-#ifdef CYRUS_SASL
-/*
- * Okay, our little fgetc replacement. Hopefully this is a little more
- * efficient than the last one.
- */
-static int
-sasl_fgetc(FILE *f)
-{
- static unsigned char *buffer = NULL, *ptr;
- static int size = 0;
- static int cnt = 0;
- unsigned int retbufsize = 0;
- int cc, result;
- char *retbuf, tmpbuf[BUFSIZ];
-
- /*
- * If we have some leftover data, return that
- */
-
- if (cnt) {
- cnt--;
- return (int) *ptr++;
- }
-
/*
- * Otherwise, fill our buffer until we have some data to return.
+ * If we had an error, it should have been returned already. Since
+ * netsec_readline() strips off the CR-LF ending, just copy the existing
+ * buffer into response now.
+ *
+ * We get a length back from netsec_readline, but the rest of the POP
+ * code doesn't handle it; the assumptions are that everything from
+ * the network can be represented as C strings. That should get fixed
+ * someday.
*/
- while (retbufsize == 0) {
-
- cc = read(fileno(f), tmpbuf, sizeof(tmpbuf));
-
- if (cc == 0)
- return EOF;
-
- if (cc < 0) {
- snprintf(response, sizeof(response), "Error during read from "
- "network: %s", strerror(errno));
- return -2;
- }
-
- /*
- * We're not allowed to call sasl_decode until sasl_complete is
- * true, so we do these gyrations ...
- */
-
- if (!sasl_complete) {
-
- retbuf = tmpbuf;
- retbufsize = cc;
-
- } else {
-
- result = sasl_decode(conn, tmpbuf, cc, &retbuf, &retbufsize);
-
- if (result != SASL_OK) {
- snprintf(response, sizeof(response), "Error during SASL "
- "decoding: %s", sasl_errstring(result, NULL, NULL));
- return -2;
- }
- }
- }
+ destlen = min(len, (size_t)(n - 1));
- if (retbufsize > size) {
- buffer = realloc(buffer, retbufsize);
- if (!buffer) {
- snprintf(response, sizeof(response), "Error during realloc in "
- "read routine: %s", strerror(errno));
- return -2;
- }
- size = retbufsize;
- }
-
- memcpy(buffer, retbuf, retbufsize);
- ptr = buffer + 1;
- cnt = retbufsize - 1;
- if (sasl_complete)
- free(retbuf);
-
- return (int) buffer[0];
+ memcpy(s, p, destlen);
+ s[destlen] = '\0';
+
+ return OK;
}
-#endif /* CYRUS_SASL */
projects / nmh / blobdiff