2 * Copyright notice from original mutt:
3 * Copyright (C) 2000-5 Brendan Cully <brendan@kublai.com>
5 * This file is part of mutt-ng, see http://www.muttng.org/.
6 * It's licensed under the GNU General Public License,
7 * please see the file GPL in the top level source directory.
10 /* common SASL helper routines */
18 #include "mutt_sasl.h"
19 #include "mutt_socket.h"
22 #include "lib/debug.h"
27 #include <sasl/sasl.h>
31 #include <sys/socket.h>
32 #include <netinet/in.h>
35 static int getnameinfo_err (int ret)
41 debug_print (1, ("The name could not be resolved at this time. Future attempts may succeed.\n"));
45 debug_print (1, ("The flags had an invalid value.\n"));
49 debug_print (1, ("A non-recoverable error occurred.\n"));
53 debug_print (1, ("The address family was not recognized or the address length was invalid for the specified family.\n"));
57 debug_print (1, ("There was a memory allocation failure.\n"));
61 debug_print (1, ("The name does not resolve for the supplied parameters. NI_NAMEREQD is set and the host's name cannot be located, or both nodename and servname were null.\n"));
62 err = SASL_FAIL; /* no real equivalent */
65 debug_print (1, ("A system error occurred. The error code can be found in errno(%d,%s)).\n",
66 errno, strerror (errno)));
67 err = SASL_FAIL; /* no real equivalent */
70 debug_print (1, ("Unknown error %d\n", ret));
71 err = SASL_FAIL; /* no real equivalent */
78 /* arbitrary. SASL will probably use a smaller buffer anyway. OTOH it's
79 * been a while since I've had access to an SASL server which negotiated
80 * a protection buffer. */
81 #define M_SASL_MAXBUF 65536
84 #define IP_PORT_BUFLEN 1024
87 static sasl_callback_t mutt_sasl_callbacks[5];
89 static int mutt_sasl_start (void);
92 static int mutt_sasl_cb_log (void *context, int priority,
94 static int mutt_sasl_cb_authname (void *context, int id, const char **result,
96 static int mutt_sasl_cb_pass (sasl_conn_t * conn, void *context, int id,
97 sasl_secret_t ** psecret);
99 /* socket wrappers for a SASL security layer */
100 static int mutt_sasl_conn_open (CONNECTION * conn);
101 static int mutt_sasl_conn_close (CONNECTION * conn);
102 static int mutt_sasl_conn_read (CONNECTION * conn, char *buf, size_t len);
103 static int mutt_sasl_conn_write (CONNECTION * conn, const char *buf,
107 /* utility function, stolen from sasl2 sample code */
108 static int iptostring (const struct sockaddr *addr, socklen_t addrlen,
109 char *out, unsigned outlen)
111 char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
115 return SASL_BADPARAM;
117 ret = getnameinfo (addr, addrlen, hbuf, sizeof (hbuf), pbuf, sizeof (pbuf),
119 #ifdef NI_WITHSCOPEID
124 return getnameinfo_err (ret);
126 if (outlen < safe_strlen (hbuf) + safe_strlen (pbuf) + 2)
129 snprintf (out, outlen, "%s;%s", hbuf, pbuf);
135 /* mutt_sasl_start: called before doing a SASL exchange - initialises library
136 * (if neccessary). */
137 int mutt_sasl_start (void)
139 static unsigned char sasl_init = 0;
141 static sasl_callback_t callbacks[2];
147 /* set up default logging callback */
148 callbacks[0].id = SASL_CB_LOG;
149 callbacks[0].proc = mutt_sasl_cb_log;
150 callbacks[0].context = NULL;
152 callbacks[1].id = SASL_CB_LIST_END;
153 callbacks[1].proc = NULL;
154 callbacks[1].context = NULL;
156 rc = sasl_client_init (callbacks);
159 debug_print (1, ("libsasl initialisation failed.\n"));
168 /* mutt_sasl_client_new: wrapper for sasl_client_new which also sets various
169 * security properties. If this turns out to be fine for POP too we can
170 * probably stop exporting mutt_sasl_get_callbacks(). */
171 int mutt_sasl_client_new (CONNECTION * conn, sasl_conn_t ** saslconn)
173 sasl_security_properties_t secprops;
176 struct sockaddr_storage local, remote;
178 char iplocalport[IP_PORT_BUFLEN], ipremoteport[IP_PORT_BUFLEN];
180 sasl_external_properties_t extprops;
185 if (mutt_sasl_start () != SASL_OK)
188 switch (conn->account.type) {
189 case M_ACCT_TYPE_IMAP:
192 case M_ACCT_TYPE_POP:
196 debug_print (1, ("account type unset\n"));
201 size = sizeof (local);
202 if (getsockname (conn->fd, (struct sockaddr *) &local, &size)) {
203 debug_print (1, ("getsockname for local failed\n"));
208 ((struct sockaddr *) &local, size, iplocalport,
209 IP_PORT_BUFLEN) != SASL_OK) {
210 debug_print (1, ("iptostring for local failed\n"));
214 size = sizeof (remote);
215 if (getpeername (conn->fd, (struct sockaddr *) &remote, &size)) {
216 debug_print (1, ("getsockname for remote failed\n"));
221 ((struct sockaddr *) &remote, size, ipremoteport,
222 IP_PORT_BUFLEN) != SASL_OK) {
223 debug_print (1, ("iptostring for remote failed\n"));
227 debug_print (1, ("local ip: %s, remote ip:%s\n", iplocalport, ipremoteport));
230 sasl_client_new (service, conn->account.host, iplocalport, ipremoteport,
231 mutt_sasl_get_callbacks (&conn->account), 0, saslconn);
234 rc = sasl_client_new (service, conn->account.host,
235 mutt_sasl_get_callbacks (&conn->account),
236 SASL_SECURITY_LAYER, saslconn);
240 debug_print (1, ("Error allocating SASL connection\n"));
244 /*** set sasl IP properties, necessary for use with krb4 ***/
245 /* Do we need to fail if this fails? I would assume having these unset
246 * would just disable KRB4. Who wrote this code? I'm not sure how this
247 * interacts with the NSS code either, since that mucks with the fd. */
248 #ifndef USE_SASL2 /* with SASLv2 this all happens in sasl_client_new */
250 struct sockaddr_in local, remote;
253 size = sizeof (local);
254 if (getsockname (conn->fd, (struct sockaddr *) &local, &size))
257 size = sizeof (remote);
258 if (getpeername (conn->fd, (struct sockaddr *) &remote, &size))
262 if (sasl_setprop (*saslconn, SASL_IP_LOCAL, &local) != SASL_OK) {
263 debug_print (1, ("Error setting local IP address\n"));
268 #ifdef SASL_IP_REMOTE
269 if (sasl_setprop (*saslconn, SASL_IP_REMOTE, &remote) != SASL_OK) {
270 debug_print (1, ("Error setting remote IP address\n"));
277 /* set security properties. We use NOPLAINTEXT globally, since we can
278 * just fall back to LOGIN in the IMAP case anyway. If that doesn't
279 * work for POP, we can make it a flag or move this code into
280 * imap/auth_sasl.c */
281 memset (&secprops, 0, sizeof (secprops));
282 /* Work around a casting bug in the SASL krb4 module */
283 secprops.max_ssf = 0x7fff;
284 secprops.maxbufsize = M_SASL_MAXBUF;
285 secprops.security_flags |= SASL_SEC_NOPLAINTEXT;
286 if (sasl_setprop (*saslconn, SASL_SEC_PROPS, &secprops) != SASL_OK) {
287 debug_print (1, ("Error setting security properties\n"));
291 /* we currently don't have an SSF finder for NSS (I don't know the API).
292 * If someone does it'd probably be trivial to write mutt_nss_get_ssf().
293 * I have a feeling more SSL code could be shared between those two files,
294 * but I haven't looked into it yet, since I still don't know the APIs. */
295 #if (defined(USE_SSL) || defined(USE_GNUTLS) && !defined(USE_NSS))
296 if (conn->account.flags & M_ACCT_SSL) {
297 #ifdef USE_SASL2 /* I'm not sure this actually has an effect, at least with SASLv2 */
298 debug_print (2, ("External SSF: %d\n", conn->ssf));
299 if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &(conn->ssf)) != SASL_OK)
301 memset (&extprops, 0, sizeof (extprops));
302 extprops.ssf = conn->ssf;
303 debug_print (2, ("External SSF: %d\n", extprops.ssf));
304 if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &extprops) != SASL_OK)
307 debug_print (1, ("Error setting external properties\n"));
311 debug_print (2, ("External authentication name: %s\n", conn->account.user));
312 if (sasl_setprop (*saslconn, SASL_AUTH_EXTERNAL, conn->account.user) !=
314 debug_print (1, ("Error setting external properties\n"));
324 sasl_callback_t *mutt_sasl_get_callbacks (ACCOUNT * account)
326 sasl_callback_t *callback;
328 callback = mutt_sasl_callbacks;
330 callback->id = SASL_CB_AUTHNAME;
331 callback->proc = mutt_sasl_cb_authname;
332 callback->context = account;
335 callback->id = SASL_CB_USER;
336 callback->proc = mutt_sasl_cb_authname;
337 callback->context = account;
340 callback->id = SASL_CB_PASS;
341 callback->proc = mutt_sasl_cb_pass;
342 callback->context = account;
345 callback->id = SASL_CB_GETREALM;
346 callback->proc = NULL;
347 callback->context = NULL;
350 callback->id = SASL_CB_LIST_END;
351 callback->proc = NULL;
352 callback->context = NULL;
354 return mutt_sasl_callbacks;
357 int mutt_sasl_interact (sasl_interact_t * interaction)
359 char prompt[SHORT_STRING];
360 char resp[SHORT_STRING];
362 while (interaction->id != SASL_CB_LIST_END) {
363 debug_print (2, ("filling in SASL interaction %ld.\n", interaction->id));
365 snprintf (prompt, sizeof (prompt), "%s: ", interaction->prompt);
367 if (mutt_get_field (prompt, resp, sizeof (resp), 0))
370 interaction->len = safe_strlen (resp) + 1;
371 interaction->result = safe_malloc (interaction->len);
372 memcpy (interaction->result, resp, interaction->len);
380 /* SASL can stack a protection layer on top of an existing connection.
381 * To handle this, we store a saslconn_t in conn->sockdata, and write
382 * wrappers which en/decode the read/write stream, then replace sockdata
383 * with an embedded copy of the old sockdata and call the underlying
384 * functions (which we've also preserved). I thought about trying to make
385 * a general stackable connection system, but it seemed like overkill -
386 * something is wrong if we have 15 filters on top of a socket. Anyway,
387 * anything else which wishes to stack can use the same method. The only
388 * disadvantage is we have to write wrappers for all the socket methods,
389 * even if we only stack over read and write. Thinking about it, the
390 * abstraction problem is that there is more in CONNECTION than there
391 * needs to be. Ideally it would have only (void*)data and methods. */
393 /* mutt_sasl_setup_conn: replace connection methods, sockdata with
394 * SASL wrappers, for protection layers. Also get ssf, as a fastpath
395 * for the read/write methods. */
396 void mutt_sasl_setup_conn (CONNECTION * conn, sasl_conn_t * saslconn)
398 SASL_DATA *sasldata = (SASL_DATA *) safe_malloc (sizeof (SASL_DATA));
400 sasldata->saslconn = saslconn;
401 /* get ssf so we know whether we have to (en|de)code read/write */
403 sasl_getprop (saslconn, SASL_SSF, (const void **) &sasldata->ssf);
405 sasl_getprop (saslconn, SASL_SSF, (void **) &sasldata->ssf);
407 debug_print (3, ("SASL protection strength: %u\n", *sasldata->ssf));
408 /* Add SASL SSF to transport SSF */
409 conn->ssf += *sasldata->ssf;
411 sasl_getprop (saslconn, SASL_MAXOUTBUF,
412 (const void **) &sasldata->pbufsize);
414 sasl_getprop (saslconn, SASL_MAXOUTBUF, (void **) &sasldata->pbufsize);
416 debug_print (3, ("SASL protection buffer size: %u\n", *sasldata->pbufsize));
418 /* clear input buffer */
419 sasldata->buf = NULL;
423 /* preserve old functions */
424 sasldata->sockdata = conn->sockdata;
425 sasldata->msasl_open = conn->conn_open;
426 sasldata->msasl_close = conn->conn_close;
427 sasldata->msasl_read = conn->conn_read;
428 sasldata->msasl_write = conn->conn_write;
430 /* and set up new functions */
431 conn->sockdata = sasldata;
432 conn->conn_open = mutt_sasl_conn_open;
433 conn->conn_close = mutt_sasl_conn_close;
434 conn->conn_read = mutt_sasl_conn_read;
435 conn->conn_write = mutt_sasl_conn_write;
438 /* mutt_sasl_cb_log: callback to log SASL messages */
439 static int mutt_sasl_cb_log (void *context, int priority, const char *message)
441 debug_print (priority, ("SASL: %s\n", message));
446 /* mutt_sasl_cb_authname: callback to retrieve authname or user (mutt
447 * doesn't distinguish, even if some SASL plugins do) from ACCOUNT */
448 static int mutt_sasl_cb_authname (void *context, int id, const char **result,
451 ACCOUNT *account = (ACCOUNT *) context;
458 return SASL_BADPARAM;
460 debug_print (2, ("getting %s for %s:%u\n",
461 id == SASL_CB_AUTHNAME ? "authname" : "user",
462 account->host, account->port));
464 if (mutt_account_getuser (account))
467 *result = account->user;
470 *len = safe_strlen (*result);
475 static int mutt_sasl_cb_pass (sasl_conn_t * conn, void *context, int id,
476 sasl_secret_t ** psecret)
478 ACCOUNT *account = (ACCOUNT *) context;
481 if (!account || !psecret)
482 return SASL_BADPARAM;
484 debug_print (2, ("getting password for %s@%s:%u\n",
485 account->user, account->host, account->port));
487 if (mutt_account_getpass (account))
490 len = safe_strlen (account->pass);
492 *psecret = (sasl_secret_t *) safe_malloc (sizeof (sasl_secret_t) + len);
493 (*psecret)->len = len;
494 strcpy ((*psecret)->data, account->pass); /* __STRCPY_CHECKED__ */
499 /* mutt_sasl_conn_open: empty wrapper for underlying open function. We
500 * don't know in advance that a connection will use SASL, so we
501 * replace conn's methods with sasl methods when authentication
502 * is successful, using mutt_sasl_setup_conn */
503 static int mutt_sasl_conn_open (CONNECTION * conn)
508 sasldata = (SASL_DATA *) conn->sockdata;
509 conn->sockdata = sasldata->sockdata;
510 rc = (sasldata->msasl_open) (conn);
511 conn->sockdata = sasldata;
516 /* mutt_sasl_conn_close: calls underlying close function and disposes of
517 * the sasl_conn_t object, then restores connection to pre-sasl state */
518 static int mutt_sasl_conn_close (CONNECTION * conn)
523 sasldata = (SASL_DATA *) conn->sockdata;
525 /* restore connection's underlying methods */
526 conn->sockdata = sasldata->sockdata;
527 conn->conn_open = sasldata->msasl_open;
528 conn->conn_close = sasldata->msasl_close;
529 conn->conn_read = sasldata->msasl_read;
530 conn->conn_write = sasldata->msasl_write;
532 /* release sasl resources */
533 sasl_dispose (&sasldata->saslconn);
535 FREE (&sasldata->buf);
539 /* call underlying close */
540 rc = (conn->conn_close) (conn);
545 static int mutt_sasl_conn_read (CONNECTION * conn, char *buf, size_t len)
552 sasldata = (SASL_DATA *) conn->sockdata;
554 /* if we still have data in our read buffer, copy it into buf */
555 if (sasldata->blen > sasldata->bpos) {
556 olen = (sasldata->blen - sasldata->bpos > len) ? len :
557 sasldata->blen - sasldata->bpos;
559 memcpy (buf, sasldata->buf + sasldata->bpos, olen);
560 sasldata->bpos += olen;
565 conn->sockdata = sasldata->sockdata;
568 FREE (&sasldata->buf);
573 /* and decode the result, if necessary */
574 if (*sasldata->ssf) {
576 /* call the underlying read function to fill the buffer */
577 rc = (sasldata->msasl_read) (conn, buf, len);
581 rc = sasl_decode (sasldata->saslconn, buf, rc, &sasldata->buf,
584 debug_print (1, ("SASL decode failed: %s\n",
585 sasl_errstring (rc, NULL, NULL)));
589 while (!sasldata->blen);
591 olen = (sasldata->blen - sasldata->bpos > len) ? len :
592 sasldata->blen - sasldata->bpos;
594 memcpy (buf, sasldata->buf, olen);
595 sasldata->bpos += olen;
600 rc = (sasldata->msasl_read) (conn, buf, len);
603 conn->sockdata = sasldata;
608 static int mutt_sasl_conn_write (CONNECTION * conn, const char *buf,
619 unsigned int olen, plen;
621 sasldata = (SASL_DATA *) conn->sockdata;
622 conn->sockdata = sasldata->sockdata;
624 /* encode data, if necessary */
625 if (*sasldata->ssf) {
626 /* handle data larger than MAXOUTBUF */
628 olen = (len > *sasldata->pbufsize) ? *sasldata->pbufsize : len;
630 rc = sasl_encode (sasldata->saslconn, buf, olen, &pbuf, &plen);
632 debug_print (1, ("SASL encoding failed: %s\n",
633 sasl_errstring (rc, NULL, NULL)));
637 rc = (sasldata->msasl_write) (conn, pbuf, plen);
647 while (len > *sasldata->pbufsize);
650 /* just write using the underlying socket function */
651 rc = (sasldata->msasl_write) (conn, buf, len);
653 conn->sockdata = sasldata;
658 conn->sockdata = sasldata;