X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/2e04b8ea0e57e411665aa6a8814ff65db0d4cd2b..fb6ea8dca0129dbb93ecb5fe1147a7b03138bbf8:/sbr/oauth.c?ds=inline diff --git a/sbr/oauth.c b/sbr/oauth.c old mode 100644 new mode 100755 index b3e47a93..0cc95e4e --- a/sbr/oauth.c +++ b/sbr/oauth.c @@ -26,13 +26,13 @@ #define JSON_TYPE "application/json" -/* We pretend access tokens expire 30 seconds earlier than they actually do to +/* We pretend access tokens expire 60 seconds earlier than they actually do to * allow for separate processes to use and refresh access tokens. The process * that uses the access token (post) has an error if the token is expired; the * process that refreshes the access token (send) must have already refreshed if * the expiration is close. * - * 30s is arbitrary, and hopefully is enough to allow for clock skew. + * 60s is arbitrary, and hopefully is enough to allow for clock skew. * Currently only Gmail supports XOAUTH2, and seems to always use a token * life-time of 3600s, but that is not guaranteed. It is possible for Gmail to * issue an access token with a life-time so short that even after send @@ -44,7 +44,7 @@ * (not counting header and not null-terminated) */ #define RESPONSE_BODY_MAX 8192 -/* Maxium size for URLs and URI-encoded query strings, null-terminated. +/* Maximum size for URLs and URI-encoded query strings, null-terminated. * * Actual maximum we need is based on the size of tokens (limited by * RESPONSE_BODY_MAX), code user copies from a web page (arbitrarily large), and @@ -54,46 +54,6 @@ */ #define URL_MAX 8192 -struct service_info { - /* Name of service, so we can search static SERVICES (below) and for - * determining default credential file name. */ - char *name; - - /* Human-readable name of the service; in mh_oauth_ctx::svc this is not - * another buffer to free, but a pointer to either static SERVICE data - * (below) or to the name field. */ - char *display_name; - - /* [1] 2.2 Client Identifier, 2.3.1 Client Password */ - char *client_id; - /* [1] 2.3.1 Client Password */ - char *client_secret; - /* [1] 3.1 Authorization Endpoint */ - char *auth_endpoint; - /* [1] 3.1.2 Redirection Endpoint */ - char *redirect_uri; - /* [1] 3.2 Token Endpoint */ - char *token_endpoint; - /* [1] 3.3 Access Token Scope */ - char *scope; -}; - -static const struct service_info SERVICES[] = { - /* https://developers.google.com/accounts/docs/OAuth2InstalledApp */ - { - /* name */ "gmail", - /* display_name */ "Gmail", - - /* client_id */ "91584523849-8lv9kgp1rvp8ahta6fa4b125tn2polcg.apps.googleusercontent.com", - /* client_secret */ "Ua8sX34xyv7hVrKM-U70dKI6", - - /* auth_endpoint */ "https://accounts.google.com/o/oauth2/auth", - /* redirect_uri */ "urn:ietf:wg:oauth:2.0:oob", - /* token_endpoint */ "https://accounts.google.com/o/oauth2/token", - /* scope */ "https://mail.google.com/" - } -}; - struct mh_oauth_cred { mh_oauth_ctx *ctx; @@ -114,7 +74,7 @@ struct mh_oauth_cred { }; struct mh_oauth_ctx { - struct service_info svc; + struct mh_oauth_service_info svc; CURL *curl; FILE *log; @@ -167,23 +127,22 @@ static boolean get_json_strings(const char *, size_t, FILE *, ...); static boolean make_query_url(char *, size_t, CURL *, const char *, ...); static boolean post(struct curl_ctx *, const char *, const char *); -char * -mh_oauth_do_xoauth(const char *user, const char *svc, FILE *log) +int +mh_oauth_do_xoauth(const char *user, const char *svc, unsigned char **oauth_res, + size_t *oauth_res_len, FILE *log) { mh_oauth_ctx *ctx; mh_oauth_cred *cred; char *fn; int failed_to_lock = 0; FILE *fp; - size_t client_res_len; char *client_res; - char *client_res_b64; if (!mh_oauth_new (&ctx, svc)) adios(NULL, mh_oauth_get_err_string(ctx)); if (log != NULL) mh_oauth_log_to(stderr, ctx); - fn = getcpy(mh_oauth_cred_fn(ctx)); + fn = getcpy(mh_oauth_cred_fn(svc)); fp = lkfopendata(fn, "r+", &failed_to_lock); if (fp == NULL) { if (errno == ENOENT) { @@ -223,18 +182,14 @@ mh_oauth_do_xoauth(const char *user, const char *svc, FILE *log) free(fn); /* XXX writeBase64raw modifies the source buffer! make a copy */ - client_res = getcpy(mh_oauth_sasl_client_response(&client_res_len, user, + client_res = getcpy(mh_oauth_sasl_client_response(oauth_res_len, user, cred)); mh_oauth_cred_free(cred); mh_oauth_free(ctx); - client_res_b64 = mh_xmalloc(((((client_res_len) + 2) / 3 ) * 4) + 1); - if (writeBase64raw((unsigned char *)client_res, client_res_len, - (unsigned char *)client_res_b64) != OK) { - adios(NULL, "base64 encoding of XOAUTH2 client response failed"); - } - free(client_res); - return client_res_b64; + *oauth_res = (unsigned char *) client_res; + + return OK; } static boolean @@ -283,78 +238,6 @@ set_err_http(mh_oauth_ctx *ctx, const struct curl_ctx *curl_ctx) free(error); } -/* Copy service info so we don't have to free it only sometimes. */ -static void -copy_svc(struct service_info *to, const struct service_info *from) -{ - to->display_name = from->display_name; -#define copy(_field_) to->_field_ = getcpy(from->_field_) - copy(name); - copy(scope); - copy(client_id); - copy(client_secret); - copy(auth_endpoint); - copy(token_endpoint); - copy(redirect_uri); -#undef copy -} - -/* Return profile component node name for a service parameter. */ -static char * -node_name_for_svc(const char *base_name, const char *svc) -{ - char *result = mh_xmalloc(sizeof "oauth-" - 1 - + strlen(svc) - + 1 /* '-' */ - + strlen(base_name) - + 1 /* '\0' */); - sprintf(result, "oauth-%s-%s", svc, base_name); - /* TODO: s/_/-/g ? */ - return result; -} - -/* Update one service_info field if overridden in profile. */ -static void -update_svc_field(char **field, const char *base_name, const char *svc) -{ - char *name = node_name_for_svc(base_name, svc); - const char *value = context_find(name); - if (value != NULL) { - free(*field); - *field = getcpy(value); - } - free(name); -} - -/* Update all service_info fields that are overridden in profile. */ -static boolean -update_svc(struct service_info *svc, const char *svc_name, mh_oauth_ctx *ctx) -{ -#define update(name) \ - update_svc_field(&svc->name, #name, svc_name); \ - if (svc->name == NULL) { \ - set_err_details(ctx, MH_OAUTH_BAD_PROFILE, #name " is missing"); \ - return FALSE; \ - } - update(scope); - update(client_id); - update(client_secret); - update(auth_endpoint); - update(token_endpoint); - update(redirect_uri); -#undef update - - if (svc->name == NULL) { - svc->name = getcpy(svc_name); - } - - if (svc->display_name == NULL) { - svc->display_name = svc->name; - } - - return TRUE; -} - static char * make_user_agent() { @@ -373,26 +256,15 @@ boolean mh_oauth_new(mh_oauth_ctx **result, const char *svc_name) { mh_oauth_ctx *ctx = *result = mh_xmalloc(sizeof *ctx); - size_t i; ctx->curl = NULL; ctx->log = NULL; ctx->cred_fn = ctx->sasl_client_res = ctx->err_formatted = NULL; - ctx->svc.name = ctx->svc.display_name = NULL; - ctx->svc.scope = ctx->svc.client_id = NULL; - ctx->svc.client_secret = ctx->svc.auth_endpoint = NULL; - ctx->svc.token_endpoint = ctx->svc.redirect_uri = NULL; - - for (i = 0; i < sizeof SERVICES / sizeof SERVICES[0]; i++) { - if (strcmp(SERVICES[i].name, svc_name) == 0) { - copy_svc(&ctx->svc, &SERVICES[i]); - break; - } - } - - if (!update_svc(&ctx->svc, svc_name, ctx)) { + if (!mh_oauth_get_service_info(svc_name, &ctx->svc, ctx->err_buf, + sizeof(ctx->err_buf))) { + set_err_details(ctx, MH_OAUTH_BAD_PROFILE, ctx->err_buf); return FALSE; } @@ -692,36 +564,6 @@ mh_oauth_cred_free(mh_oauth_cred *cred) free(cred); } -const char * -mh_oauth_cred_fn(mh_oauth_ctx *ctx) -{ - char *result, *result_if_allocated; - const char *svc = ctx->svc.name; - - char *component = node_name_for_svc("credential-file", svc); - result = context_find(component); - free(component); - - if (result == NULL) { - result = mh_xmalloc(sizeof "oauth-" - 1 - + strlen(svc) - + 1 /* '\0' */); - sprintf(result, "oauth-%s", svc); - result_if_allocated = result; - } else { - result_if_allocated = NULL; - } - - if (result[0] != '/') { - const char *tmp = m_maildir(result); - free(result_if_allocated); - result = getcpy(tmp); - } - - free(ctx->cred_fn); - return ctx->cred_fn = result; -} - /* for loading multi-user cred files */ struct user_creds { mh_oauth_cred *creds; @@ -1114,6 +956,14 @@ post(struct curl_ctx *ctx, const char *url, const char *req_body) curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback); curl_easy_setopt(curl, CURLOPT_WRITEDATA, ctx); + if (strncmp(url, "http://127.0.0.1:", 17) == 0) { + /* Hack: on Cygwin, curl doesn't fail to connect with ECONNREFUSED. + Instead, it waits to timeout. So set a really short timeout, but + just on localhost (for convenience of the user, and the test + suite). */ + curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 2L); + } + status = curl_easy_perform(curl); /* first check for error from callback */ if (ctx->too_big) { @@ -1288,5 +1138,4 @@ get_json_strings(const char *input, size_t input_len, FILE *log, ...) free(tokens); return result; } - #endif