2 * Copyright (C) 2000-2001 Vsevolod Volkov <vvv@mutt.org.ua>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
33 #include <sasl/sasl.h>
34 #include <sasl/saslutil.h>
40 #include "mutt_sasl.h"
44 /* SASL authenticator */
45 static pop_auth_res_t pop_auth_sasl (POP_DATA *pop_data, const char *method)
47 sasl_conn_t *saslconn;
48 sasl_interact_t *interaction = NULL;
50 char buf[LONG_STRING];
51 char inbuf[LONG_STRING];
54 const char *pc = NULL;
58 unsigned int len, olen;
59 unsigned char client_start;
61 if (mutt_sasl_client_new (pop_data->conn, &saslconn) < 0)
63 dprint (1, (debugfile, "pop_auth_sasl: Error allocating SASL connection.\n"));
68 method = pop_data->auth_list;
73 rc = sasl_client_start(saslconn, method, &interaction, &pc, &olen, &mech);
75 rc = sasl_client_start (saslconn, method, NULL,
76 &interaction, &pc, &olen, &mech);
78 if (rc != SASL_INTERACT)
80 mutt_sasl_interact (interaction);
83 if (rc != SASL_OK && rc != SASL_CONTINUE)
85 dprint (1, (debugfile, "pop_auth_sasl: Failure starting authentication exchange. No shared mechanisms?\n"));
87 /* SASL doesn't support suggested mechanisms, so fall back */
91 client_start = (olen > 0);
93 mutt_message _("Authenticating (SASL)...");
95 snprintf (buf, sizeof (buf), "AUTH %s", mech);
98 /* looping protocol */
101 strfcpy (buf + olen, "\r\n", sizeof (buf) - olen);
102 mutt_socket_write (pop_data->conn, buf);
103 if (mutt_socket_readln (inbuf, sizeof (inbuf), pop_data->conn) < 0)
105 sasl_dispose (&saslconn);
106 pop_data->status = POP_DISCONNECTED;
110 if (rc != SASL_CONTINUE)
114 if (!mutt_strncmp (inbuf, "+ ", 2)
115 && sasl_decode64 (inbuf, strlen (inbuf), buf, LONG_STRING-1, &len) != SASL_OK)
117 if (!mutt_strncmp (inbuf, "+ ", 2)
118 && sasl_decode64 (inbuf, strlen (inbuf), buf, &len) != SASL_OK)
121 dprint (1, (debugfile, "pop_auth_sasl: error base64-decoding server response.\n"));
128 rc = sasl_client_step (saslconn, buf, len, &interaction, &pc, &olen);
129 if (rc != SASL_INTERACT)
131 mutt_sasl_interact (interaction);
136 if (rc != SASL_CONTINUE && (olen == 0 || rc != SASL_OK))
139 /* send out response, or line break if none needed */
142 if (sasl_encode64 (pc, olen, buf, sizeof (buf), &olen) != SASL_OK)
144 dprint (1, (debugfile, "pop_auth_sasl: error base64-encoding client response.\n"));
148 /* sasl_client_st(art|ep) allocate pc with malloc, expect me to
159 if (!mutt_strncmp (inbuf, "+OK", 3))
161 mutt_sasl_setup_conn (pop_data->conn, saslconn);
162 return POP_A_SUCCESS;
166 sasl_dispose (&saslconn);
168 /* terminate SASL sessoin if the last responce is not +OK nor -ERR */
169 if (!mutt_strncmp (inbuf, "+ ", 2))
171 snprintf (buf, sizeof (buf), "*\r\n");
172 if (pop_query (pop_data, buf, sizeof (buf)) == -1)
176 mutt_error _("SASL authentication failed.");
179 return POP_A_FAILURE;
183 /* Get the server timestamp for APOP authentication */
184 void pop_apop_timestamp (POP_DATA *pop_data, char *buf)
188 FREE (&pop_data->timestamp);
190 if ((p1 = strchr (buf, '<')) && (p2 = strchr (p1, '>')))
193 pop_data->timestamp = safe_strdup (p1);
197 /* APOP authenticator */
198 static pop_auth_res_t pop_auth_apop (POP_DATA *pop_data, const char *method)
201 unsigned char digest[16];
203 char buf[LONG_STRING];
206 if (!pop_data->timestamp)
207 return POP_A_UNAVAIL;
209 mutt_message _("Authenticating (APOP)...");
211 /* Compute the authentication hash to send to the server */
212 MD5Init (&mdContext);
213 MD5Update (&mdContext, (unsigned char *)pop_data->timestamp,
214 strlen (pop_data->timestamp));
215 MD5Update (&mdContext, (unsigned char *)pop_data->conn->account.pass,
216 strlen (pop_data->conn->account.pass));
217 MD5Final (digest, &mdContext);
219 for (i = 0; i < sizeof (digest); i++)
220 sprintf (hash + 2 * i, "%02x", digest[i]);
222 /* Send APOP command to server */
223 snprintf (buf, sizeof (buf), "APOP %s %s\r\n", pop_data->conn->account.user, hash);
225 switch (pop_query (pop_data, buf, sizeof (buf)))
228 return POP_A_SUCCESS;
233 mutt_error _("APOP authentication failed.");
236 return POP_A_FAILURE;
239 /* USER authenticator */
240 static pop_auth_res_t pop_auth_user (POP_DATA *pop_data, const char *method)
242 char buf[LONG_STRING];
245 if (!pop_data->cmd_user)
246 return POP_A_UNAVAIL;
248 mutt_message _("Logging in...");
250 snprintf (buf, sizeof (buf), "USER %s\r\n", pop_data->conn->account.user);
251 ret = pop_query (pop_data, buf, sizeof (buf));
253 if (pop_data->cmd_user == 2)
257 pop_data->cmd_user = 1;
259 dprint (1, (debugfile, "pop_auth_user: set USER capability\n"));
264 pop_data->cmd_user = 0;
266 dprint (1, (debugfile, "pop_auth_user: unset USER capability\n"));
267 snprintf (pop_data->err_msg, sizeof (pop_data->err_msg),
268 _("Command USER is not supported by server."));
274 snprintf (buf, sizeof (buf), "PASS %s\r\n", pop_data->conn->account.pass);
275 ret = pop_query_d (pop_data, buf, sizeof (buf),
277 /* don't print the password unless we're at the ungodly debugging level */
278 debuglevel < M_SOCK_LOG_FULL ? "PASS *\r\n" :
286 return POP_A_SUCCESS;
291 mutt_error ("%s %s", _("Login failed."), pop_data->err_msg);
294 return POP_A_FAILURE;
297 static pop_auth_t pop_authenticators[] = {
299 { pop_auth_sasl, NULL },
301 { pop_auth_apop, "apop" },
302 { pop_auth_user, "user" },
309 * -1 - conection lost,
311 * -3 - authentication canceled.
313 int pop_authenticate (POP_DATA* pop_data)
315 ACCOUNT *acct = &pop_data->conn->account;
316 pop_auth_t* authenticator;
321 int ret = POP_A_UNAVAIL;
323 if (mutt_account_getuser (acct) || !acct->user[0] ||
324 mutt_account_getpass (acct) || !acct->pass[0])
327 if (PopAuthenticators && *PopAuthenticators)
329 /* Try user-specified list of authentication methods */
330 methods = safe_strdup (PopAuthenticators);
335 comma = strchr (method, ':');
338 dprint (2, (debugfile, "pop_authenticate: Trying method %s\n", method));
339 authenticator = pop_authenticators;
341 while (authenticator->authenticate)
343 if (!authenticator->method ||
344 !ascii_strcasecmp (authenticator->method, method))
346 ret = authenticator->authenticate (pop_data, method);
347 if (ret == POP_A_SOCKET)
348 switch (pop_connect (pop_data))
352 ret = authenticator->authenticate (pop_data, method);
359 if (ret != POP_A_UNAVAIL)
361 if (ret == POP_A_SUCCESS || ret == POP_A_SOCKET ||
362 (ret == POP_A_FAILURE && !option (OPTPOPAUTHTRYALL)))
378 /* Fall back to default: any authenticator */
379 dprint (2, (debugfile, "pop_authenticate: Using any available method.\n"));
380 authenticator = pop_authenticators;
382 while (authenticator->authenticate)
384 ret = authenticator->authenticate (pop_data, authenticator->method);
385 if (ret == POP_A_SOCKET)
386 switch (pop_connect (pop_data))
390 ret = authenticator->authenticate (pop_data, authenticator->method);
397 if (ret != POP_A_UNAVAIL)
399 if (ret == POP_A_SUCCESS || ret == POP_A_SOCKET ||
400 (ret == POP_A_FAILURE && !option (OPTPOPAUTHTRYALL)))
415 mutt_error (_("No authenticators available"));