X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/ceaab2f46ae8fa4598b9682eaf3210cda21517c9..63621a81d16ab743de6b57d47578a9a2c670ad22:/uip/popsbr.c?ds=sidebyside diff --git a/uip/popsbr.c b/uip/popsbr.c index 7126b950..a9319054 100644 --- a/uip/popsbr.c +++ b/uip/popsbr.c @@ -1,5 +1,4 @@ -/* - * popsbr.c -- POP client subroutines +/* popsbr.c -- POP client subroutines * * This code is Copyright (c) 2002, by the authors of nmh. See the * COPYRIGHT file in the root directory of the nmh distribution for @@ -13,12 +12,11 @@ #include #include +#include "sbr/base64.h" #define TRM "." -#define TRMLEN (sizeof TRM - 1) static int poprint = 0; -static int pophack = 0; char response[BUFSIZ]; static netsec_context *nsc = NULL; @@ -27,19 +25,17 @@ static netsec_context *nsc = NULL; * static prototypes */ -static int command(const char *, ...); +static int command(const char *, ...) CHECK_PRINTF(1, 2); static int multiline(void); -static int traverse (int (*)(char *), const char *, ...); -static int vcommand(const char *, va_list); +static int traverse(int (*)(void *, char *), void *closure, + const char *, ...) CHECK_PRINTF(3, 4); +static int vcommand(const char *, va_list) CHECK_PRINTF(1, 0); static int pop_getline (char *, int, netsec_context *); -static int sasl_fgetc(FILE *); -static int putline (char *, FILE *); static int pop_sasl_callback(enum sasl_message_type, unsigned const char *, unsigned int, unsigned char **, unsigned int *, char **); - static int check_mech(char *server_mechs, size_t server_mechs_size) { @@ -60,23 +56,16 @@ check_mech(char *server_mechs, size_t server_mechs_size) return NOTOK; } - while ((status = multiline()) != DONE) - switch (status) { - case NOTOK: + while ((status = multiline()) != DONE) { + if (status == NOTOK) return NOTOK; - break; - case DONE: /* Shouldn't be possible, but just in case */ - break; - case OK: - if (strncasecmp(response, "SASL ", 5) == 0) { - /* - * We've seen the SASL capability. Grab the mech list - */ - sasl_capability++; - strncpy(server_mechs, response + 5, server_mechs_size); - } - break; - } + + if (strncasecmp(response, "SASL ", 5) == 0) { + /* We've seen the SASL capability. Grab the mech list. */ + sasl_capability++; + strncpy(server_mechs, response + 5, server_mechs_size); + } + } if (!sasl_capability) { snprintf(response, sizeof(response), "POP server does not support " @@ -87,323 +76,6 @@ check_mech(char *server_mechs, size_t server_mechs_size) return OK; } -#ifdef CYRUS_SASL -/* - * This function implements the AUTH command for various SASL mechanisms - * - * We do the whole SASL dialog here. If this completes, then we've - * authenticated successfully and have (possibly) negotiated a security - * layer. - */ - -#define CHECKB64SIZE(insize, outbuf, outsize) \ - { size_t wantout = (((insize + 2) / 3) * 4) + 32; \ - if (wantout > outsize) { \ - outbuf = mh_xrealloc(outbuf, outsize = wantout); \ - } \ - } - -#if 0 -int -pop_auth_sasl(char *user, char *host, char *mech) -{ - int result, status; - unsigned int buflen, outlen; - char server_mechs[256], *buf, *outbuf = NULL; - size_t outbufsize = 0; - const char *chosen_mech; - sasl_security_properties_t secprops; - struct pass_context p_context; - sasl_ssf_t *ssf; - int *moutbuf; - - if ((status = check_mech(server_mechs, sizeof(server_mechs), mech)) != OK) { - return status; - } - - /* - * Start the SASL process. First off, initialize the SASL library. - */ - - callbacks[POP_SASL_CB_N_USER].context = user; - p_context.user = user; - p_context.host = host; - callbacks[POP_SASL_CB_N_PASS].context = &p_context; - - result = sasl_client_init(callbacks); - - if (result != SASL_OK) { - snprintf(response, sizeof(response), "SASL library initialization " - "failed: %s", sasl_errstring(result, NULL, NULL)); - return NOTOK; - } - - result = sasl_client_new("pop", host, NULL, NULL, NULL, 0, &conn); - - if (result != SASL_OK) { - snprintf(response, sizeof(response), "SASL client initialization " - "failed: %s", sasl_errstring(result, NULL, NULL)); - return NOTOK; - } - - /* - * Initialize the security properties - */ - - memset(&secprops, 0, sizeof(secprops)); - secprops.maxbufsize = SASL_BUFFER_SIZE; - secprops.max_ssf = tls_active ? 0 : UINT_MAX; - - result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops); - - if (result != SASL_OK) { - snprintf(response, sizeof(response), "SASL security property " - "initialization failed: %s", sasl_errdetail(conn)); - return NOTOK; - } - - /* - * Start the actual protocol. Feed the mech list into the library - * and get out a possible initial challenge - */ - - result = sasl_client_start(conn, - (const char *) (mech ? mech : server_mechs), - NULL, (const char **) &buf, - &buflen, &chosen_mech); - - if (result != SASL_OK && result != SASL_CONTINUE) { - snprintf(response, sizeof(response), "SASL client start failed: %s", - sasl_errdetail(conn)); - return NOTOK; - } - - if (buflen) { - CHECKB64SIZE(buflen, outbuf, outbufsize); - status = sasl_encode64(buf, buflen, outbuf, outbufsize, NULL); - if (status != SASL_OK) { - snprintf(response, sizeof(response), "SASL base64 encode " - "failed: %s", sasl_errstring(status, NULL, NULL)); - if (outbuf) - free(outbuf); - return NOTOK; - } - - status = command("AUTH %s %s", chosen_mech, outbuf); - } else - status = command("AUTH %s", chosen_mech); - - while (result == SASL_CONTINUE) { - size_t inlen; - - if (status == NOTOK) { - if (outbuf) - free(outbuf); - return NOTOK; - } - - /* - * If we get a "+OK" prefix to our response, then we should - * exit out of this exchange now (because authenticated should - * have succeeded) - */ - - if (strncmp(response, "+OK", 3) == 0) - break; - - /* - * Otherwise, make sure the server challenge is correctly formatted - */ - - if (strncmp(response, "+ ", 2) != 0) { - command("*"); - snprintf(response, sizeof(response), - "Malformed authentication message from server"); - if (outbuf) - free(outbuf); - return NOTOK; - } - - /* - * For decode, it will always be shorter, so just make sure - * that outbuf is as at least as big as the encoded response. - */ - - inlen = strlen(response + 2); - - if (inlen > outbufsize) { - outbuf = mh_xrealloc(outbuf, outbufsize = inlen); - } - - result = sasl_decode64(response + 2, strlen(response + 2), - outbuf, outbufsize, &outlen); - - if (result != SASL_OK) { - command("*"); - snprintf(response, sizeof(response), "SASL base64 decode " - "failed: %s", sasl_errstring(result, NULL, NULL)); - if (outbuf) - free(outbuf); - return NOTOK; - } - - result = sasl_client_step(conn, outbuf, outlen, NULL, - (const char **) &buf, &buflen); - - if (result != SASL_OK && result != SASL_CONTINUE) { - command("*"); - snprintf(response, sizeof(response), "SASL client negotiaton " - "failed: %s", sasl_errdetail(conn)); - if (outbuf) - free(outbuf); - return NOTOK; - } - - CHECKB64SIZE(buflen, outbuf, outbufsize); - - status = sasl_encode64(buf, buflen, outbuf, outbufsize, NULL); - - if (status != SASL_OK) { - command("*"); - snprintf(response, sizeof(response), "SASL base64 encode " - "failed: %s", sasl_errstring(status, NULL, NULL)); - if (outbuf) - free(outbuf); - return NOTOK; - } - - status = command(outbuf); - } - - if (outbuf) - free(outbuf); - - /* - * If we didn't get a positive final response, then error out - * (that probably means we failed an authorization check). - */ - - if (status != OK) - return NOTOK; - - /* - * We _should_ be okay now. Get a few properties now that negotiation - * has completed. - */ - - result = sasl_getprop(conn, SASL_MAXOUTBUF, (const void **) &moutbuf); - - if (result != SASL_OK) { - snprintf(response, sizeof(response), "Cannot retrieve SASL negotiated " - "output buffer size: %s", sasl_errdetail(conn)); - return NOTOK; - } - - maxoutbuf = *moutbuf; - - result = sasl_getprop(conn, SASL_SSF, (const void **) &ssf); - - sasl_ssf = *ssf; - - if (result != SASL_OK) { - snprintf(response, sizeof(response), "Cannot retrieve SASL negotiated " - "security strength factor: %s", sasl_errdetail(conn)); - return NOTOK; - } - - /* - * Limit this to what we can deal with. Shouldn't matter much because - * this is only outgoing data (which should be small) - */ - - if (maxoutbuf == 0 || maxoutbuf > BUFSIZ) - maxoutbuf = BUFSIZ; - - sasl_complete = 1; - - return status; -} - -/* - * Callback to return the userid sent down via the user parameter - */ - -static int -sasl_get_user(void *context, int id, const char **result, unsigned *len) -{ - char *user = (char *) context; - - if (! result || id != SASL_CB_USER) - return SASL_BADPARAM; - - *result = user; - if (len) - *len = strlen(user); - - return SASL_OK; -} - -/* - * Callback to return the password (we call ruserpass, which can get it - * out of the .netrc - */ - -static int -sasl_get_pass(sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret) -{ - struct pass_context *p_context = (struct pass_context *) context; - struct nmh_creds creds = { 0, 0, 0 }; - int len; - - NMH_UNUSED (conn); - - if (! psecret || id != SASL_CB_PASS) - return SASL_BADPARAM; - - if (creds.password == NULL) { - /* - * Pass the 0 third argument to nmh_get_credentials() so - * that the default password isn't used. With legacy/.netrc - * credentials support, we'll only get here if the -user - * switch to send(1)/post(8) wasn't used. - */ - if (nmh_get_credentials (p_context->host, p_context->user, 0, &creds) - != OK) { - return SASL_BADPARAM; - } - } - - len = strlen (creds.password); - - *psecret = (sasl_secret_t *) mh_xmalloc(sizeof(sasl_secret_t) + len); - - (*psecret)->len = len; - strcpy((char *) (*psecret)->data, creds.password); - - return SASL_OK; -} - -int -pop_auth_xoauth(const char *client_res) -{ - char server_mechs[256]; - int status = check_mech(server_mechs, sizeof(server_mechs), "XOAUTH"); - - if (status != OK) return status; - - if ((status = command("AUTH XOAUTH2 %s", client_res)) != OK) { - return status; - } - if (strncmp(response, "+OK", 3) == 0) { - return OK; - } - - /* response contains base64-encoded JSON, which is always the same. - * See mts/smtp/smtp.c for more notes on that. */ - /* Then we're supposed to send an empty response ("\r\n"). */ - return command(""); -} -#endif /* CYRUS_SASL */ /* * Split string containing proxy command into an array of arguments * suitable for passing to exec. Returned array must be freed. Shouldn't @@ -454,8 +126,8 @@ parse_proxy(char *proxy, char *host) } int -pop_init (char *host, char *port, char *user, char *pass, char *proxy, - int snoop, int sasl, char *mech, int tls, const char *oauth_svc) +pop_init (char *host, char *port, char *user, char *proxy, int snoop, + int sasl, char *mech, int tls, const char *oauth_svc) { int fd1, fd2; char buffer[BUFSIZ]; @@ -466,13 +138,7 @@ pop_init (char *host, char *port, char *user, char *pass, char *proxy, if (user) netsec_set_userid(nsc, user); - if (tls) { - if (netsec_set_tls(nsc, 1, &errstr) != OK) { - snprintf(response, sizeof(response), "%s", errstr); - free(errstr); - return NOTOK; - } - } + netsec_set_hostname(nsc, host); if (oauth_svc != NULL) { if (netsec_set_oauth_service(nsc, oauth_svc) != OK) { @@ -533,14 +199,21 @@ pop_init (char *host, char *port, char *user, char *pass, char *proxy, sizeof(response), snoop)) == NOTOK) { return NOTOK; } + fd2 = fd1; } SIGNAL (SIGPIPE, SIG_IGN); - netsec_set_fd(nsc, fd1); + netsec_set_fd(nsc, fd1, fd2); netsec_set_snoop(nsc, snoop); - if (tls) { + if (tls & P_INITTLS) { + if (netsec_set_tls(nsc, 1, tls & P_NOVERIFY, &errstr) != OK) { + snprintf(response, sizeof(response), "%s", errstr); + free(errstr); + return NOTOK; + } + if (netsec_negotiate_tls(nsc, &errstr) != OK) { snprintf(response, sizeof(response), "%s", errstr); free(errstr); @@ -549,8 +222,8 @@ pop_init (char *host, char *port, char *user, char *pass, char *proxy, } if (sasl) { - if (netsec_set_sasl_params(nsc, host, "pop", mech, - pop_sasl_callback, &errstr) != OK) { + if (netsec_set_sasl_params(nsc, "pop", mech, pop_sasl_callback, + &errstr) != OK) { snprintf(response, sizeof(response), "%s", errstr); free(errstr); return NOTOK; @@ -562,9 +235,11 @@ pop_init (char *host, char *port, char *user, char *pass, char *proxy, if (poprint) fprintf (stderr, "<--- %s\n", response); if (*response == '+') { + nmh_creds_t creds; + if (sasl) { char server_mechs[256]; - if (check_mech(server_mechs, sizeof(server_mechs) != OK)) + if (check_mech(server_mechs, sizeof(server_mechs)) != OK) return NOTOK; if (netsec_negotiate_sasl(nsc, server_mechs, &errstr) != OK) { @@ -574,22 +249,32 @@ pop_init (char *host, char *port, char *user, char *pass, char *proxy, return NOTOK; } return OK; - } else - if (command ("USER %s", user) != NOTOK - && command ("%s %s", (pophack++, "PASS"), - pass) != NOTOK) - return OK; + } + + if (!(creds = nmh_get_credentials(host, user))) + return NOTOK; + if (command ("USER %s", nmh_cred_get_user(creds)) + != NOTOK) { + if (command("PASS %s", nmh_cred_get_password(creds)) + != NOTOK) { + nmh_credentials_free(creds); + return OK; + } + } + nmh_credentials_free(creds); } strncpy (buffer, response, sizeof(buffer)); command ("QUIT"); strncpy (response, buffer, sizeof(response)); - /* and fall */ + /* FALLTHRU */ case NOTOK: case DONE: - if (poprint) - fprintf (stderr, "%s\n", response); - netsec_shutdown(nsc, 1); + if (poprint) { + fputs(response, stderr); + putc('\n', stderr); + } + netsec_shutdown(nsc); nsc = NULL; return NOTOK; } @@ -606,10 +291,10 @@ pop_init (char *host, char *port, char *user, char *pass, char *proxy, static int pop_sasl_callback(enum sasl_message_type mtype, unsigned const char *indata, - unsigned int indatasize, unsigned char **outdata, - unsigned int *outdatasize, char **errstr) + unsigned int indatalen, unsigned char **outdata, + unsigned int *outdatalen, char **errstr) { - int rc; + int rc, snoopoffset; char *mech, *line; size_t len, b64len; @@ -627,10 +312,10 @@ pop_sasl_callback(enum sasl_message_type mtype, unsigned const char *indata, mech = netsec_get_sasl_mechanism(nsc); - if (indatasize) { + if (indatalen) { char *b64data; - b64data = mh_xmalloc(BASE64SIZE(indatasize)); - writeBase64raw(indata, indatasize, line); + b64data = mh_xmalloc(BASE64SIZE(indatalen)); + writeBase64raw(indata, indatalen, (unsigned char *) b64data); b64len = strlen(b64data); /* Formula here is AUTH + SP + mech + SP + out + CR + LF */ @@ -653,16 +338,22 @@ pop_sasl_callback(enum sasl_message_type mtype, unsigned const char *indata, "for initial challenge response"); return NOTOK; } + netsec_set_snoop_callback(nsc, netsec_b64_snoop_decoder, NULL); rc = netsec_printf(nsc, errstr, "%s\r\n", b64data); + netsec_set_snoop_callback(nsc, NULL, NULL); free(b64data); if (rc != OK) return NOTOK; if (netsec_flush(nsc, errstr) != OK) return NOTOK; } else { + netsec_set_snoop_callback(nsc, netsec_b64_snoop_decoder, + &snoopoffset); + snoopoffset = 6 + strlen(mech); rc = netsec_printf(nsc, errstr, "AUTH %s %s\r\n", mech, b64data); free(b64data); + netsec_set_snoop_callback(nsc, NULL, NULL); if (rc != OK) return NOTOK; if (netsec_flush(nsc, errstr) != OK) @@ -679,14 +370,17 @@ pop_sasl_callback(enum sasl_message_type mtype, unsigned const char *indata, /* * We should get one line back, with our base64 data. Decode that - * and feed it back in. + * and feed it back into the SASL library. */ case NETSEC_SASL_READ: + netsec_set_snoop_callback(nsc, netsec_b64_snoop_decoder, &snoopoffset); + snoopoffset = 2; line = netsec_readline(nsc, &len, errstr); + netsec_set_snoop_callback(nsc, NULL, NULL); if (line == NULL) return NOTOK; - if (len < 2 || (len == 2 && strcmp(line, "+ ") != 0) { + if (len < 2 || (len == 2 && strcmp(line, "+ ") != 0)) { netsec_err(errstr, "Invalid format for SASL response"); return NOTOK; } @@ -695,12 +389,72 @@ pop_sasl_callback(enum sasl_message_type mtype, unsigned const char *indata, *outdata = NULL; *outdatalen = 0; } else { - rc = decodeBase64(line + 2, &outdata, &outdatasize, 0, NULL); - if (rc != OK) + rc = decodeBase64(line + 2, outdata, &len, 0, NULL); + *outdatalen = len; + if (rc != OK) { + netsec_err(errstr, "Unable to decode base64 response"); return NOTOK; + } + } + break; + + /* + * Our encoding is pretty simple, so this is easy. + */ + + case NETSEC_SASL_WRITE: + if (indatalen == 0) { + rc = netsec_printf(nsc, errstr, "\r\n"); + } else { + unsigned char *b64data; + b64data = mh_xmalloc(BASE64SIZE(indatalen)); + writeBase64raw(indata, indatalen, b64data); + netsec_set_snoop_callback(nsc, netsec_b64_snoop_decoder, NULL); + rc = netsec_printf(nsc, errstr, "%s\r\n", b64data); + netsec_set_snoop_callback(nsc, NULL, NULL); + free(b64data); + } + + if (rc != OK) + return NOTOK; + + if (netsec_flush(nsc, errstr) != OK) + return NOTOK; + break; + + /* + * Finish the protocol; we're looking for an +OK + */ + + case NETSEC_SASL_FINISH: + line = netsec_readline(nsc, &len, errstr); + if (line == NULL) + return NOTOK; + + if (!has_prefix(line, "+OK")) { + netsec_err(errstr, "Authentication failed: %s", line); + return NOTOK; } break; + /* + * Cancel the SASL exchange in the middle of the commands; for + * POP, that's a single "*". + * + * It's unclear to me if I should be returning errors up; I finally + * decided the answer should be "yes", and if the upper layer wants to + * ignore them that's their choice. + */ + + case NETSEC_SASL_CANCEL: + rc = netsec_printf(nsc, errstr, "*\r\n"); + if (rc == OK) + rc = netsec_flush(nsc, errstr); + if (rc != OK) + return NOTOK; + break; + } + return OK; } @@ -724,68 +478,16 @@ pop_stat (int *nmsgs, int *nbytes) int -pop_list (int msgno, int *nmsgs, int *msgs, int *bytes) +pop_retr (int msgno, int (*action)(void *, char *), void *closure) { - int i; - int *ids = NULL; - - if (msgno) { - if (command ("LIST %d", msgno) == NOTOK) - return NOTOK; - *msgs = *bytes = 0; - if (ids) { - *ids = 0; - sscanf (response, "+OK %d %d %d", msgs, bytes, ids); - } - else - sscanf (response, "+OK %d %d", msgs, bytes); - return OK; - } - - if (command ("LIST") == NOTOK) - return NOTOK; - - for (i = 0; i < *nmsgs; i++) - switch (multiline ()) { - case NOTOK: - return NOTOK; - case DONE: - *nmsgs = ++i; - return OK; - case OK: - *msgs = *bytes = 0; - if (ids) { - *ids = 0; - sscanf (response, "%d %d %d", - msgs++, bytes++, ids++); - } - else - sscanf (response, "%d %d", msgs++, bytes++); - break; - } - for (;;) - switch (multiline ()) { - case NOTOK: - return NOTOK; - case DONE: - return OK; - case OK: - break; - } -} - - -int -pop_retr (int msgno, int (*action)(char *)) -{ - return traverse (action, "RETR %d", msgno); + return traverse (action, closure, "RETR %d", msgno); } static int -traverse (int (*action)(char *), const char *fmt, ...) +traverse (int (*action)(void *, char *), void *closure, const char *fmt, ...) { - int result; + int result, snoopstate; va_list ap; char buffer[sizeof(response)]; @@ -797,19 +499,24 @@ traverse (int (*action)(char *), const char *fmt, ...) return NOTOK; strncpy (buffer, response, sizeof(buffer)); - for (;;) - switch (multiline ()) { - case NOTOK: - return NOTOK; - - case DONE: - strncpy (response, buffer, sizeof(response)); - return OK; + if ((snoopstate = netsec_get_snoop(nsc))) + netsec_set_snoop(nsc, 0); + + for (;;) { + result = multiline(); + if (result == OK) { + result = (*action)(closure, response); + if (result == OK) + continue; + } else if (result == DONE) { + strncpy(response, buffer, sizeof(response)); + result = OK; + } + break; + } - case OK: - (*action) (response); - break; - } + netsec_set_snoop(nsc, snoopstate); + return result; } @@ -820,27 +527,6 @@ pop_dele (int msgno) } -int -pop_noop (void) -{ - return command ("NOOP"); -} - - -int -pop_rset (void) -{ - return command ("RSET"); -} - - -int -pop_top (int msgno, int lines, int (*action)(char *)) -{ - return traverse (action, "TOP %d %d", msgno, lines); -} - - int pop_quit (void) { @@ -857,7 +543,7 @@ int pop_done (void) { if (nsc) - netsec_shutdown(nsc, 1); + netsec_shutdown(nsc); return OK; } @@ -880,30 +566,29 @@ command(const char *fmt, ...) static int vcommand (const char *fmt, va_list ap) { - char *cp, buffer[65536]; - - vsnprintf (buffer, sizeof(buffer), fmt, ap); - - if (poprint) { - if (pophack) { - if ((cp = strchr (buffer, ' '))) - *cp = 0; - fprintf (stderr, "---> %s ********\n", buffer); - if (cp) - *cp = ' '; - pophack = 0; - } - else - fprintf (stderr, "---> %s\n", buffer); + /* char *cp; */ + char *errstr; + + if (netsec_vprintf(nsc, &errstr, fmt, ap) != OK) { + strncpy(response, errstr, sizeof(response)); + response[sizeof(response) - 1] = '\0'; + free(errstr); + return NOTOK; } - if (putline (buffer, output) == NOTOK) + if (netsec_printf(nsc, &errstr, "\r\n") != OK) { + strncpy(response, errstr, sizeof(response)); + response[sizeof(response) - 1] = '\0'; + free(errstr); return NOTOK; + } -#ifdef CYRUS_SASL - if (poprint && sasl_ssf) - fprintf(stderr, "(decrypted) "); -#endif /* CYRUS_SASL */ + if (netsec_flush(nsc, &errstr) != OK) { + strncpy(response, errstr, sizeof(response)); + response[sizeof(response) - 1] = '\0'; + free(errstr); + return NOTOK; + } switch (pop_getline (response, sizeof response, nsc)) { case OK: @@ -913,8 +598,10 @@ vcommand (const char *fmt, va_list ap) case NOTOK: case DONE: - if (poprint) - fprintf (stderr, "%s\n", response); + if (poprint) { + fputs(response, stderr); + putc('\n', stderr); + } return NOTOK; } @@ -925,24 +612,14 @@ vcommand (const char *fmt, va_list ap) int multiline (void) { - char buffer[BUFSIZ + TRMLEN]; + char buffer[BUFSIZ + LEN(TRM)]; if (pop_getline (buffer, sizeof buffer, nsc) != OK) return NOTOK; -#ifdef DEBUG - if (poprint) { -#ifdef CYRUS_SASL - if (sasl_ssf) - fprintf(stderr, "(decrypted) "); -#endif /* CYRUS_SASL */ - fprintf (stderr, "<--- %s\n", response); - } -#endif /* DEBUG */ - if (strncmp (buffer, TRM, TRMLEN) == 0) { - if (buffer[TRMLEN] == 0) + if (has_prefix(buffer, TRM)) { + if (buffer[LEN(TRM)] == 0) return DONE; - else - strncpy (response, buffer + TRMLEN, sizeof(response)); + strncpy (response, buffer + LEN(TRM), sizeof(response)); } else strncpy (response, buffer, sizeof(response)); @@ -957,10 +634,10 @@ multiline (void) static int pop_getline (char *s, int n, netsec_context *ns) { - int c = -2; + /* int c = -2; */ char *p; size_t len, destlen; - int rc; + /* int rc; */ char *errstr; p = netsec_readline(ns, &len, &errstr); @@ -979,155 +656,14 @@ pop_getline (char *s, int n, netsec_context *ns) * * We get a length back from netsec_readline, but the rest of the POP * code doesn't handle it; the assumptions are that everything from - * the network can be respresented as C strings. That should get fixed + * the network can be represented as C strings. That should get fixed * someday. */ - destlen = len > n - 1 ? len : n - 1; + destlen = min(len, (size_t)(n - 1)); memcpy(s, p, destlen); s[destlen] = '\0'; return OK; } - - -static int -putline (char *s, FILE *iop) -{ -#ifdef CYRUS_SASL - char outbuf[BUFSIZ], *buf; - int result; - unsigned int buflen; - - if (sasl_complete == 0 || sasl_ssf == 0) { -#endif /* CYRUS_SASL */ -#ifdef TLS_SUPPORT - if (tls_active) { - int ret; - - BIO_printf(io, "%s\r\n"); - ret = BIO_flush(io); - - if (ret != 1) { - strncpy(response, "lost connection", sizeof(response)); - return NOTOK; - else { - return OK; - } - } else -#endif /* TLS_SUPPORT */ - fprintf (iop, "%s\r\n", s); -#ifdef CYRUS_SASL - } else { - /* - * Build an output buffer, encrypt it using sasl_encode, and - * squirt out the results. - */ - strncpy(outbuf, s, sizeof(outbuf) - 3); - outbuf[sizeof(outbuf) - 3] = '\0'; /* Just in case */ - strcat(outbuf, "\r\n"); - - result = sasl_encode(conn, outbuf, strlen(outbuf), - (const char **) &buf, &buflen); - - if (result != SASL_OK) { - snprintf(response, sizeof(response), "SASL encoding error: %s", - sasl_errdetail(conn)); - return NOTOK; - } - - if (fwrite(buf, buflen, 1, iop) < 1) { - advise ("putline", "fwrite"); - } - } -#endif /* CYRUS_SASL */ - - fflush (iop); - if (ferror (iop)) { - strncpy (response, "lost connection", sizeof(response)); - return NOTOK; - } - - return OK; -} - -#ifdef CYRUS_SASL -/* - * Okay, our little fgetc replacement. Hopefully this is a little more - * efficient than the last one. - */ -static int -sasl_fgetc(FILE *f) -{ - static unsigned char *buffer = NULL, *ptr; - static unsigned int size = 0; - static int cnt = 0; - unsigned int retbufsize = 0; - int cc, result; - char *retbuf, tmpbuf[SASL_BUFFER_SIZE]; - - /* - * If we have some leftover data, return that - */ - - if (cnt) { - cnt--; - return (int) *ptr++; - } - - /* - * Otherwise, fill our buffer until we have some data to return. - */ - - while (retbufsize == 0) { - -#ifdef TLS_SUPPORT - if (tls_active) { - - cc = read(fileno(f), tmpbuf, sizeof(tmpbuf)); - - if (cc == 0) - return EOF; - - if (cc < 0) { - snprintf(response, sizeof(response), "Error during read from " - "network: %s", strerror(errno)); - return -2; - } - - /* - * We're not allowed to call sasl_decode until sasl_complete is - * true, so we do these gyrations ... - */ - - if (!sasl_complete) { - - retbuf = tmpbuf; - retbufsize = cc; - - } else { - - result = sasl_decode(conn, tmpbuf, cc, - (const char **) &retbuf, &retbufsize); - - if (result != SASL_OK) { - snprintf(response, sizeof(response), "Error during SASL " - "decoding: %s", sasl_errdetail(conn)); - return -2; - } - } - } - - if (retbufsize > size) { - buffer = mh_xrealloc(buffer, retbufsize); - size = retbufsize; - } - - memcpy(buffer, retbuf, retbufsize); - ptr = buffer + 1; - cnt = retbufsize - 1; - - return (int) buffer[0]; -} -#endif /* CYRUS_SASL */