2 * Copyright notice from original mutt:
3 * Copyright (C) 2000-2001 Vsevolod Volkov <vvv@mutt.org.ua>
5 * This file is part of mutt-ng, see http://www.muttng.org/.
6 * It's licensed under the GNU General Public License,
7 * please see the file GPL in the top level source directory.
10 #include <lib-lib/lib-lib.h>
12 #include <lib-hash/hash.h>
13 #include <lib-mx/mx.h>
18 #include <sasl/sasl.h>
19 #include <sasl/saslutil.h>
20 #include "mutt_sasl.h"
22 /* SASL authenticator */
23 static pop_auth_res_t pop_auth_sasl (POP_DATA * pop_data, const char *method)
25 sasl_conn_t *saslconn;
26 sasl_interact_t *interaction = NULL;
28 char buf[LONG_STRING];
29 char inbuf[LONG_STRING];
32 const char *pc = NULL;
33 unsigned int len, olen;
34 unsigned char client_start;
36 if (mutt_sasl_client_new (pop_data->conn, &saslconn) < 0) {
41 method = pop_data->auth_list;
44 rc = sasl_client_start (saslconn, method, &interaction, &pc, &olen,
46 if (rc != SASL_INTERACT)
48 mutt_sasl_interact (interaction);
51 if (rc != SASL_OK && rc != SASL_CONTINUE) {
52 /* SASL doesn't support suggested mechanisms, so fall back */
56 client_start = (olen > 0);
58 mutt_message _("Authenticating (SASL)...");
60 snprintf (buf, sizeof (buf), "AUTH %s", mech);
63 /* looping protocol */
65 m_strcpy(buf + olen, sizeof(buf) - olen, "\r\n");
66 mutt_socket_write (pop_data->conn, buf);
67 if (mutt_socket_readln (inbuf, sizeof (inbuf), pop_data->conn) < 0) {
68 sasl_dispose (&saslconn);
69 pop_data->status = POP_DISCONNECTED;
73 if (rc != SASL_CONTINUE)
76 if (!m_strncmp(inbuf, "+ ", 2)
77 && sasl_decode64 (inbuf, strlen (inbuf), buf, LONG_STRING - 1,
85 rc = sasl_client_step (saslconn, buf, len, &interaction, &pc, &olen);
86 if (rc != SASL_INTERACT)
88 mutt_sasl_interact (interaction);
93 if (rc != SASL_CONTINUE && (olen == 0 || rc != SASL_OK))
96 /* send out response, or line break if none needed */
98 if (sasl_encode64 (pc, olen, buf, sizeof (buf), &olen) != SASL_OK) {
102 /* sasl_client_st(art|ep) allocate pc with malloc, expect me to
111 if (!m_strncmp(inbuf, "+OK", 3)) {
112 mutt_sasl_setup_conn (pop_data->conn, saslconn);
113 return POP_A_SUCCESS;
117 sasl_dispose (&saslconn);
119 /* terminate SASL sessoin if the last responce is not +OK nor -ERR */
120 if (!m_strncmp(inbuf, "+ ", 2)) {
121 snprintf (buf, sizeof (buf), "*\r\n");
122 if (pop_query (pop_data, buf, sizeof (buf)) == PQ_NOT_CONNECTED)
126 mutt_error _("SASL authentication failed.");
130 return POP_A_FAILURE;
133 /* Get the server timestamp for APOP authentication */
134 void pop_apop_timestamp (POP_DATA * pop_data, char *buf)
138 p_delete(&pop_data->timestamp);
140 if ((p1 = strchr (buf, '<')) && (p2 = strchr (p1, '>'))) {
142 pop_data->timestamp = m_strdup(p1);
146 /* APOP authenticator */
147 static pop_auth_res_t pop_auth_apop (POP_DATA * pop_data,
148 const char *method __attribute__ ((unused)))
151 unsigned char digest[16];
153 char buf[LONG_STRING];
156 if (!pop_data->timestamp)
157 return POP_A_UNAVAIL;
159 mutt_message _("Authenticating (APOP)...");
161 /* Compute the authentication hash to send to the server */
162 MD5Init (&mdContext);
163 MD5Update (&mdContext, (unsigned char *) pop_data->timestamp,
164 strlen (pop_data->timestamp));
165 MD5Update (&mdContext, (unsigned char *) pop_data->conn->account.pass,
166 strlen (pop_data->conn->account.pass));
167 MD5Final (digest, &mdContext);
169 for (i = 0; i < ssizeof(digest); i++)
170 sprintf (hash + 2 * i, "%02x", digest[i]);
172 /* Send APOP command to server */
173 snprintf(buf, sizeof(buf), "APOP %s %s\r\n", pop_data->conn->account.user,
176 switch (pop_query (pop_data, buf, sizeof (buf))) {
178 return POP_A_SUCCESS;
179 case PQ_NOT_CONNECTED:
181 case PFD_FUNCT_ERROR:
187 mutt_error ("%s %s", _("APOP authentication failed."), pop_data->err_msg);
190 return POP_A_FAILURE;
193 /* USER authenticator */
194 static pop_auth_res_t pop_auth_user (POP_DATA * pop_data,
195 const char *method __attribute__ ((unused)))
197 char buf[LONG_STRING];
198 pop_query_status ret;
200 if (pop_data->cmd_user == CMD_NOT_AVAILABLE)
201 return POP_A_UNAVAIL;
203 mutt_message _("Logging in...");
205 snprintf (buf, sizeof (buf), "USER %s\r\n", pop_data->conn->account.user);
206 ret = pop_query (pop_data, buf, sizeof (buf));
208 if (pop_data->cmd_user == CMD_UNKNOWN) {
210 pop_data->cmd_user = CMD_AVAILABLE;
214 pop_data->cmd_user = CMD_NOT_AVAILABLE;
216 snprintf (pop_data->err_msg, sizeof (pop_data->err_msg),
217 _("Command USER is not supported by server."));
222 snprintf (buf, sizeof (buf), "PASS %s\r\n", pop_data->conn->account.pass);
223 ret = pop_query (pop_data, buf, sizeof (buf));
228 return POP_A_SUCCESS;
229 case PQ_NOT_CONNECTED:
231 case PFD_FUNCT_ERROR:
237 mutt_error ("%s %s", _("Login failed."), pop_data->err_msg);
240 return POP_A_FAILURE;
243 static pop_auth_t pop_authenticators[] = {
244 {pop_auth_sasl, NULL},
245 {pop_auth_apop, "apop"},
246 {pop_auth_user, "user"},
253 * -1 - conection lost,
255 * -3 - authentication canceled.
257 pop_query_status pop_authenticate (POP_DATA * pop_data)
259 ACCOUNT *act = &pop_data->conn->account;
260 pop_auth_t *authenticator;
265 int ret = POP_A_UNAVAIL;
267 if (mutt_account_getuser (act) || !act->user[0] ||
268 mutt_account_getpass (act) || !act->pass[0])
269 return PFD_FUNCT_ERROR;
271 if (PopAuthenticators && *PopAuthenticators) {
272 /* Try user-specified list of authentication methods */
273 methods = m_strdup(PopAuthenticators);
277 comma = strchr (method, ':');
280 authenticator = pop_authenticators;
282 while (authenticator->authenticate) {
283 if (!authenticator->method ||
284 !ascii_strcasecmp (authenticator->method, method)) {
285 ret = authenticator->authenticate (pop_data, method);
286 if (ret == POP_A_SOCKET)
287 switch (pop_connect (pop_data)) {
290 ret = authenticator->authenticate (pop_data, method);
297 if (ret != POP_A_UNAVAIL)
299 if (ret == POP_A_SUCCESS || ret == POP_A_SOCKET ||
300 (ret == POP_A_FAILURE && !option (OPTPOPAUTHTRYALL))) {
314 /* Fall back to default: any authenticator */
315 authenticator = pop_authenticators;
317 while (authenticator->authenticate) {
318 ret = authenticator->authenticate (pop_data, authenticator->method);
319 if (ret == POP_A_SOCKET)
320 switch (pop_connect (pop_data)) {
324 authenticator->authenticate (pop_data, authenticator->method);
331 if (ret != POP_A_UNAVAIL)
333 if (ret == POP_A_SUCCESS || ret == POP_A_SOCKET ||
334 (ret == POP_A_FAILURE && !option (OPTPOPAUTHTRYALL)))
345 return PQ_NOT_CONNECTED;
348 mutt_error (_("No authenticators available"));