* complete copyright information.
*/
-#include <h/mh.h>
-#include <h/utils.h>
-#include <h/oauth.h>
-#include <h/netsec.h>
-
-#include <h/popsbr.h>
-#include <h/signals.h>
+#include "h/mh.h"
+#include "sbr/credentials.h"
+#include "sbr/client.h"
+#include "sbr/error.h"
+#include "h/utils.h"
+#include "h/oauth.h"
+#include "h/netsec.h"
+
+#include "popsbr.h"
+#include "h/signals.h"
+#include "sbr/base64.h"
#define TRM "."
* static prototypes
*/
-static int command(const char *, ...);
+static int command(const char *, ...) CHECK_PRINTF(1, 2);
static int multiline(void);
-static int traverse (int (*)(void *, char *), void *closure, const char *, ...);
-static int vcommand(const char *, va_list);
+static int traverse(int (*)(void *, char *), void *closure,
+ const char *, ...) CHECK_PRINTF(3, 4);
+static int vcommand(const char *, va_list) CHECK_PRINTF(1, 0);
static int pop_getline (char *, int, netsec_context *);
static int pop_sasl_callback(enum sasl_message_type, unsigned const char *,
unsigned int, unsigned char **, unsigned int *,
- char **);
+ void *, char **);
static int
check_mech(char *server_mechs, size_t server_mechs_size)
{
- int status, sasl_capability = 0;
+ int status;
+ bool sasl_capability = false;
/*
* First off, we're going to send the CAPA command to see if we can
return NOTOK;
}
- while ((status = multiline()) != DONE)
- switch (status) {
- case NOTOK:
+ while ((status = multiline()) != DONE) {
+ if (status == NOTOK)
return NOTOK;
- break;
- case DONE: /* Shouldn't be possible, but just in case */
- break;
- case OK:
- if (strncasecmp(response, "SASL ", 5) == 0) {
- /*
- * We've seen the SASL capability. Grab the mech list
- */
- sasl_capability++;
- strncpy(server_mechs, response + 5, server_mechs_size);
- }
- break;
- }
+
+ if (strncasecmp(response, "SASL ", 5) == 0) {
+ /* We've seen the SASL capability. Grab the mech list. */
+ sasl_capability = true;
+ strncpy(server_mechs, response + 5, server_mechs_size);
+ }
+ }
if (!sasl_capability) {
snprintf(response, sizeof(response), "POP server does not support "
return OK;
}
+/*
+ * If capable, issue the STLS command and start the TLS negotiation
+ */
+
+static int
+pop_start_tls(void)
+{
+ int status;
+ bool stls = false;
+ char *errstr;
+
+ /*
+ * Issue the CAPA command and see if we have the STLS capability
+ */
+
+ if (command("CAPA") == NOTOK) {
+ snprintf(response, sizeof(response),
+ "The POP CAPA command failed; POP server does not "
+ "support STLS");
+ return NOTOK;
+ }
+
+ while ((status = multiline()) != DONE) {
+ if (status == NOTOK)
+ return NOTOK;
+
+ if (strcasecmp(response, "STLS") == 0)
+ stls = true;
+ }
+
+ if (!stls) {
+ snprintf(response, sizeof(response), "POP server does not support "
+ "STLS");
+ return NOTOK;
+ }
+
+ /*
+ * Issue STLS and then start the actual TLS negotiation
+ */
+
+ if (command("STLS") == NOTOK)
+ return NOTOK;
+
+ if (netsec_negotiate_tls(nsc, &errstr) != OK) {
+ snprintf(response, sizeof(response), "%s", errstr);
+ free(errstr);
+ return NOTOK;
+ }
+
+ return OK;
+}
+
/*
* Split string containing proxy command into an array of arguments
* suitable for passing to exec. Returned array must be freed. Shouldn't
* be possible to call this with host set to NULL.
*/
-char **
+static char **
parse_proxy(char *proxy, char *host)
{
char **pargv, **p;
/* put together list of arguments */
p = pargv = mh_xmalloc(pargc * sizeof(char *));
- c = *pargv = mh_xmalloc(plen * sizeof(char));
+ c = *pargv = mh_xmalloc(plen);
for (cur = pro; *cur; cur++) {
if (isspace(*cur) && cur[1] && !isspace(cur[1])) {
*c++ = '\0';
close(1);
free(*argv);
free(argv);
- exit(10);
+ exit(1);
}
/* okay in the parent we do some stuff */
netsec_set_fd(nsc, fd1, fd2);
netsec_set_snoop(nsc, snoop);
- if (tls & P_INITTLS) {
+ if (tls & P_TLSENABLEMASK) {
if (netsec_set_tls(nsc, 1, tls & P_NOVERIFY, &errstr) != OK) {
snprintf(response, sizeof(response), "%s", errstr);
free(errstr);
return NOTOK;
}
- if (netsec_negotiate_tls(nsc, &errstr) != OK) {
- snprintf(response, sizeof(response), "%s", errstr);
- free(errstr);
- return NOTOK;
+ if (tls & P_INITTLS) {
+ if (netsec_negotiate_tls(nsc, &errstr) != OK) {
+ snprintf(response, sizeof(response), "%s", errstr);
+ free(errstr);
+ return NOTOK;
+ }
}
}
if (sasl) {
if (netsec_set_sasl_params(nsc, "pop", mech, pop_sasl_callback,
- &errstr) != OK) {
+ NULL, &errstr) != OK) {
snprintf(response, sizeof(response), "%s", errstr);
free(errstr);
return NOTOK;
if (*response == '+') {
nmh_creds_t creds;
+ if (tls & P_STARTTLS)
+ if (pop_start_tls() != OK)
+ return NOTOK;
+
if (sasl) {
char server_mechs[256];
if (check_mech(server_mechs, sizeof(server_mechs)) != OK)
case NOTOK:
case DONE:
- if (poprint)
- fprintf (stderr, "%s\n", response);
+ if (poprint) {
+ fputs(response, stderr);
+ putc('\n', stderr);
+ }
netsec_shutdown(nsc);
nsc = NULL;
return NOTOK;
static int
pop_sasl_callback(enum sasl_message_type mtype, unsigned const char *indata,
unsigned int indatalen, unsigned char **outdata,
- unsigned int *outdatalen, char **errstr)
+ unsigned int *outdatalen, void *context, char **errstr)
{
int rc, snoopoffset;
char *mech, *line;
size_t len, b64len;
+ NMH_UNUSED(context);
switch (mtype) {
case NETSEC_SASL_START:
"for initial challenge response");
return NOTOK;
}
- netsec_set_snoop_callback(nsc, netsec_b64_snoop_decoder, NULL);
rc = netsec_printf(nsc, errstr, "%s\r\n", b64data);
- netsec_set_snoop_callback(nsc, NULL, NULL);
free(b64data);
if (rc != OK)
return NOTOK;
- if (netsec_flush(nsc, errstr) != OK)
+ netsec_set_snoop_callback(nsc, netsec_b64_snoop_decoder, NULL);
+ rc = netsec_flush(nsc, errstr);
+ netsec_set_snoop_callback(nsc, NULL, NULL);
+ if (rc != OK)
return NOTOK;
} else {
- netsec_set_snoop_callback(nsc, netsec_b64_snoop_decoder,
- &snoopoffset);
- snoopoffset = 6 + strlen(mech);
rc = netsec_printf(nsc, errstr, "AUTH %s %s\r\n", mech,
b64data);
free(b64data);
- netsec_set_snoop_callback(nsc, NULL, NULL);
if (rc != OK)
return NOTOK;
- if (netsec_flush(nsc, errstr) != OK)
+ netsec_set_snoop_callback(nsc, netsec_b64_snoop_decoder,
+ &snoopoffset);
+ snoopoffset = 6 + strlen(mech);
+ rc = netsec_flush(nsc, errstr);
+ netsec_set_snoop_callback(nsc, NULL, NULL);
+ if (rc != OK)
return NOTOK;
}
} else {
*outdata = NULL;
*outdatalen = 0;
} else {
- rc = decodeBase64(line + 2, outdata, &len, 0, NULL);
+ rc = decodeBase64(line + 2, outdata, &len, 0);
*outdatalen = len;
if (rc != OK) {
netsec_err(errstr, "Unable to decode base64 response");
unsigned char *b64data;
b64data = mh_xmalloc(BASE64SIZE(indatalen));
writeBase64raw(indata, indatalen, b64data);
- netsec_set_snoop_callback(nsc, netsec_b64_snoop_decoder, NULL);
rc = netsec_printf(nsc, errstr, "%s\r\n", b64data);
- netsec_set_snoop_callback(nsc, NULL, NULL);
free(b64data);
}
if (rc != OK)
return NOTOK;
- if (netsec_flush(nsc, errstr) != OK)
+ if (indatalen > 0)
+ netsec_set_snoop_callback(nsc, netsec_b64_snoop_decoder, NULL);
+ rc = netsec_flush(nsc, errstr);
+ netsec_set_snoop_callback(nsc, NULL, NULL);
+ if (rc != OK)
return NOTOK;
break;
}
-int
+static int
command(const char *fmt, ...)
{
va_list ap;
case OK:
if (poprint)
fprintf (stderr, "<--- %s\n", response);
- return (*response == '+' ? OK : NOTOK);
+ return *response == '+' ? OK : NOTOK;
case NOTOK:
case DONE:
- if (poprint)
- fprintf (stderr, "%s\n", response);
+ if (poprint) {
+ fputs(response, stderr);
+ putc('\n', stderr);
+ }
return NOTOK;
}
}
-int
+static int
multiline (void)
{
char buffer[BUFSIZ + LEN(TRM)];
projects / nmh / blobdiff