X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/bfff2c60b2c860c2bc466bdab94daf770d86aec5..ef0725fd97369e801a56febfdb7a6ec2eaff73c8:/uip/popsbr.c diff --git a/uip/popsbr.c b/uip/popsbr.c index 81f3db75..d61ce767 100644 --- a/uip/popsbr.c +++ b/uip/popsbr.c @@ -5,14 +5,16 @@ * complete copyright information. */ -#include +#include "h/mh.h" +#include "sbr/credentials.h" +#include "sbr/client.h" #include "sbr/error.h" -#include -#include -#include +#include "h/utils.h" +#include "h/oauth.h" +#include "h/netsec.h" -#include -#include +#include "popsbr.h" +#include "h/signals.h" #include "sbr/base64.h" #define TRM "." @@ -78,12 +80,64 @@ check_mech(char *server_mechs, size_t server_mechs_size) return OK; } +/* + * If capable, issue the STLS command and start the TLS negotiation + */ + +static int +pop_start_tls(void) +{ + int status; + bool stls = false; + char *errstr; + + /* + * Issue the CAPA command and see if we have the STLS capability + */ + + if (command("CAPA") == NOTOK) { + snprintf(response, sizeof(response), + "The POP CAPA command failed; POP server does not " + "support STLS"); + return NOTOK; + } + + while ((status = multiline()) != DONE) { + if (status == NOTOK) + return NOTOK; + + if (strcasecmp(response, "STLS") == 0) + stls = true; + } + + if (!stls) { + snprintf(response, sizeof(response), "POP server does not support " + "STLS"); + return NOTOK; + } + + /* + * Issue STLS and then start the actual TLS negotiation + */ + + if (command("STLS") == NOTOK) + return NOTOK; + + if (netsec_negotiate_tls(nsc, &errstr) != OK) { + snprintf(response, sizeof(response), "%s", errstr); + free(errstr); + return NOTOK; + } + + return OK; +} + /* * Split string containing proxy command into an array of arguments * suitable for passing to exec. Returned array must be freed. Shouldn't * be possible to call this with host set to NULL. */ -char ** +static char ** parse_proxy(char *proxy, char *host) { char **pargv, **p; @@ -209,17 +263,19 @@ pop_init (char *host, char *port, char *user, char *proxy, int snoop, netsec_set_fd(nsc, fd1, fd2); netsec_set_snoop(nsc, snoop); - if (tls & P_INITTLS) { + if (tls & P_TLSENABLEMASK) { if (netsec_set_tls(nsc, 1, tls & P_NOVERIFY, &errstr) != OK) { snprintf(response, sizeof(response), "%s", errstr); free(errstr); return NOTOK; } - if (netsec_negotiate_tls(nsc, &errstr) != OK) { - snprintf(response, sizeof(response), "%s", errstr); - free(errstr); - return NOTOK; + if (tls & P_INITTLS) { + if (netsec_negotiate_tls(nsc, &errstr) != OK) { + snprintf(response, sizeof(response), "%s", errstr); + free(errstr); + return NOTOK; + } } } @@ -239,6 +295,10 @@ pop_init (char *host, char *port, char *user, char *proxy, int snoop, if (*response == '+') { nmh_creds_t creds; + if (tls & P_STARTTLS) + if (pop_start_tls() != OK) + return NOTOK; + if (sasl) { char server_mechs[256]; if (check_mech(server_mechs, sizeof(server_mechs)) != OK) @@ -394,7 +454,7 @@ pop_sasl_callback(enum sasl_message_type mtype, unsigned const char *indata, *outdata = NULL; *outdatalen = 0; } else { - rc = decodeBase64(line + 2, outdata, &len, 0, NULL); + rc = decodeBase64(line + 2, outdata, &len, 0); *outdatalen = len; if (rc != OK) { netsec_err(errstr, "Unable to decode base64 response"); @@ -556,7 +616,7 @@ pop_done (void) } -int +static int command(const char *fmt, ...) { va_list ap; @@ -616,7 +676,7 @@ vcommand (const char *fmt, va_list ap) } -int +static int multiline (void) { char buffer[BUFSIZ + LEN(TRM)];