2 * Copyright notice from original mutt:
3 * Copyright (C) 2000-2001 Vsevolod Volkov <vvv@mutt.org.ua>
5 * This file is part of mutt-ng, see http://www.muttng.org/.
6 * It's licensed under the GNU General Public License,
7 * please see the file GPL in the top level source directory.
24 #include <sasl/sasl.h>
25 #include <sasl/saslutil.h>
31 #include "mutt_sasl.h"
35 /* SASL authenticator */
36 static pop_auth_res_t pop_auth_sasl (POP_DATA * pop_data, const char *method)
38 sasl_conn_t *saslconn;
39 sasl_interact_t *interaction = NULL;
41 char buf[LONG_STRING];
42 char inbuf[LONG_STRING];
46 const char *pc = NULL;
50 unsigned int len, olen;
51 unsigned char client_start;
53 if (mutt_sasl_client_new (pop_data->conn, &saslconn) < 0) {
56 "pop_auth_sasl: Error allocating SASL connection.\n"));
61 method = pop_data->auth_list;
66 sasl_client_start (saslconn, method, &interaction, &pc, &olen, &mech);
68 rc = sasl_client_start (saslconn, method, NULL,
69 &interaction, &pc, &olen, &mech);
71 if (rc != SASL_INTERACT)
73 mutt_sasl_interact (interaction);
76 if (rc != SASL_OK && rc != SASL_CONTINUE) {
79 "pop_auth_sasl: Failure starting authentication exchange. No shared mechanisms?\n"));
81 /* SASL doesn't support suggested mechanisms, so fall back */
85 client_start = (olen > 0);
87 mutt_message _("Authenticating (SASL)...");
89 snprintf (buf, sizeof (buf), "AUTH %s", mech);
92 /* looping protocol */
94 strfcpy (buf + olen, "\r\n", sizeof (buf) - olen);
95 mutt_socket_write (pop_data->conn, buf);
96 if (mutt_socket_readln (inbuf, sizeof (inbuf), pop_data->conn) < 0) {
97 sasl_dispose (&saslconn);
98 pop_data->status = POP_DISCONNECTED;
102 if (rc != SASL_CONTINUE)
106 if (!mutt_strncmp (inbuf, "+ ", 2)
107 && sasl_decode64 (inbuf, strlen (inbuf), buf, LONG_STRING - 1,
110 if (!mutt_strncmp (inbuf, "+ ", 2)
111 && sasl_decode64 (inbuf, strlen (inbuf), buf, &len) != SASL_OK)
116 "pop_auth_sasl: error base64-decoding server response.\n"));
122 rc = sasl_client_step (saslconn, buf, len, &interaction, &pc, &olen);
123 if (rc != SASL_INTERACT)
125 mutt_sasl_interact (interaction);
130 if (rc != SASL_CONTINUE && (olen == 0 || rc != SASL_OK))
133 /* send out response, or line break if none needed */
135 if (sasl_encode64 (pc, olen, buf, sizeof (buf), &olen) != SASL_OK) {
138 "pop_auth_sasl: error base64-encoding client response.\n"));
142 /* sasl_client_st(art|ep) allocate pc with malloc, expect me to
153 if (!mutt_strncmp (inbuf, "+OK", 3)) {
154 mutt_sasl_setup_conn (pop_data->conn, saslconn);
155 return POP_A_SUCCESS;
159 sasl_dispose (&saslconn);
161 /* terminate SASL sessoin if the last responce is not +OK nor -ERR */
162 if (!mutt_strncmp (inbuf, "+ ", 2)) {
163 snprintf (buf, sizeof (buf), "*\r\n");
164 if (pop_query (pop_data, buf, sizeof (buf)) == -1)
168 mutt_error _("SASL authentication failed.");
172 return POP_A_FAILURE;
176 /* Get the server timestamp for APOP authentication */
177 void pop_apop_timestamp (POP_DATA * pop_data, char *buf)
181 FREE (&pop_data->timestamp);
183 if ((p1 = strchr (buf, '<')) && (p2 = strchr (p1, '>'))) {
185 pop_data->timestamp = safe_strdup (p1);
189 /* APOP authenticator */
190 static pop_auth_res_t pop_auth_apop (POP_DATA * pop_data, const char *method)
193 unsigned char digest[16];
195 char buf[LONG_STRING];
198 if (!pop_data->timestamp)
199 return POP_A_UNAVAIL;
201 mutt_message _("Authenticating (APOP)...");
203 /* Compute the authentication hash to send to the server */
204 MD5Init (&mdContext);
205 MD5Update (&mdContext, (unsigned char *) pop_data->timestamp,
206 strlen (pop_data->timestamp));
207 MD5Update (&mdContext, (unsigned char *) pop_data->conn->account.pass,
208 strlen (pop_data->conn->account.pass));
209 MD5Final (digest, &mdContext);
211 for (i = 0; i < sizeof (digest); i++)
212 sprintf (hash + 2 * i, "%02x", digest[i]);
214 /* Send APOP command to server */
215 snprintf (buf, sizeof (buf), "APOP %s %s\r\n", pop_data->conn->account.user,
218 switch (pop_query (pop_data, buf, sizeof (buf))) {
220 return POP_A_SUCCESS;
225 mutt_error _("APOP authentication failed.");
229 return POP_A_FAILURE;
232 /* USER authenticator */
233 static pop_auth_res_t pop_auth_user (POP_DATA * pop_data, const char *method)
235 char buf[LONG_STRING];
238 if (!pop_data->cmd_user)
239 return POP_A_UNAVAIL;
241 mutt_message _("Logging in...");
243 snprintf (buf, sizeof (buf), "USER %s\r\n", pop_data->conn->account.user);
244 ret = pop_query (pop_data, buf, sizeof (buf));
246 if (pop_data->cmd_user == 2) {
248 pop_data->cmd_user = 1;
250 dprint (1, (debugfile, "pop_auth_user: set USER capability\n"));
254 pop_data->cmd_user = 0;
256 dprint (1, (debugfile, "pop_auth_user: unset USER capability\n"));
257 snprintf (pop_data->err_msg, sizeof (pop_data->err_msg),
258 _("Command USER is not supported by server."));
263 snprintf (buf, sizeof (buf), "PASS %s\r\n", pop_data->conn->account.pass);
264 ret = pop_query_d (pop_data, buf, sizeof (buf),
266 /* don't print the password unless we're at the ungodly debugging level */
267 debuglevel < M_SOCK_LOG_FULL ? "PASS *\r\n" :
274 return POP_A_SUCCESS;
279 mutt_error ("%s %s", _("Login failed."), pop_data->err_msg);
282 return POP_A_FAILURE;
285 static pop_auth_t pop_authenticators[] = {
287 {pop_auth_sasl, NULL},
289 {pop_auth_apop, "apop"},
290 {pop_auth_user, "user"},
297 * -1 - conection lost,
299 * -3 - authentication canceled.
301 int pop_authenticate (POP_DATA * pop_data)
303 ACCOUNT *acct = &pop_data->conn->account;
304 pop_auth_t *authenticator;
309 int ret = POP_A_UNAVAIL;
311 if (mutt_account_getuser (acct) || !acct->user[0] ||
312 mutt_account_getpass (acct) || !acct->pass[0])
315 if (PopAuthenticators && *PopAuthenticators) {
316 /* Try user-specified list of authentication methods */
317 methods = safe_strdup (PopAuthenticators);
321 comma = strchr (method, ':');
324 dprint (2, (debugfile, "pop_authenticate: Trying method %s\n", method));
325 authenticator = pop_authenticators;
327 while (authenticator->authenticate) {
328 if (!authenticator->method ||
329 !ascii_strcasecmp (authenticator->method, method)) {
330 ret = authenticator->authenticate (pop_data, method);
331 if (ret == POP_A_SOCKET)
332 switch (pop_connect (pop_data)) {
335 ret = authenticator->authenticate (pop_data, method);
342 if (ret != POP_A_UNAVAIL)
344 if (ret == POP_A_SUCCESS || ret == POP_A_SOCKET ||
345 (ret == POP_A_FAILURE && !option (OPTPOPAUTHTRYALL))) {
359 /* Fall back to default: any authenticator */
361 (debugfile, "pop_authenticate: Using any available method.\n"));
362 authenticator = pop_authenticators;
364 while (authenticator->authenticate) {
365 ret = authenticator->authenticate (pop_data, authenticator->method);
366 if (ret == POP_A_SOCKET)
367 switch (pop_connect (pop_data)) {
371 authenticator->authenticate (pop_data, authenticator->method);
378 if (ret != POP_A_UNAVAIL)
380 if (ret == POP_A_SUCCESS || ret == POP_A_SOCKET ||
381 (ret == POP_A_FAILURE && !option (OPTPOPAUTHTRYALL)))
395 mutt_error (_("No authenticators available"));