# include "config.h"
#endif
-#include <lib-lib/mem.h>
-
-#include "mutt.h"
-#include "account.h"
-#include "mutt_sasl.h"
-#include "mutt_socket.h"
-
-#include "lib/debug.h"
-
#include <errno.h>
#include <netdb.h>
#include <sasl/sasl.h>
-
#include <sys/socket.h>
#include <netinet/in.h>
+#include <lib-lib/mem.h>
+
+#include "mutt.h"
+#include "account.h"
+#include "mutt_sasl.h"
+#include <lib-sys/mutt_socket.h>
+
static int getnameinfo_err (int ret)
{
int err;
switch (ret) {
case EAI_AGAIN:
- debug_print (1, ("The name could not be resolved at this time. Future attempts may succeed.\n"));
err = SASL_TRYAGAIN;
break;
case EAI_BADFLAGS:
- debug_print (1, ("The flags had an invalid value.\n"));
err = SASL_BADPARAM;
break;
case EAI_FAIL:
- debug_print (1, ("A non-recoverable error occurred.\n"));
err = SASL_FAIL;
break;
case EAI_FAMILY:
- debug_print (1, ("The address family was not recognized or the address length was invalid for the specified family.\n"));
err = SASL_BADPROT;
break;
case EAI_MEMORY:
- debug_print (1, ("There was a memory allocation failure.\n"));
err = SASL_NOMEM;
break;
case EAI_NONAME:
- debug_print (1, ("The name does not resolve for the supplied parameters. NI_NAMEREQD is set and the host's name cannot be located, or both nodename and servname were null.\n"));
err = SASL_FAIL; /* no real equivalent */
break;
case EAI_SYSTEM:
- debug_print (1, ("A system error occurred. The error code can be found in errno(%d,%s)).\n",
- errno, strerror (errno)));
err = SASL_FAIL; /* no real equivalent */
break;
default:
- debug_print (1, ("Unknown error %d\n", ret));
err = SASL_FAIL; /* no real equivalent */
break;
}
static int mutt_sasl_start (void);
/* callbacks */
-static int mutt_sasl_cb_log (void *context, int priority,
- const char *message);
static int mutt_sasl_cb_authname (void *context, int id, const char **result,
unsigned int *len);
static int mutt_sasl_cb_pass (sasl_conn_t * conn, void *context, int id,
/* socket wrappers for a SASL security layer */
static int mutt_sasl_conn_open (CONNECTION * conn);
static int mutt_sasl_conn_close (CONNECTION * conn);
-static int mutt_sasl_conn_read (CONNECTION * conn, char *buf, size_t len);
+static int mutt_sasl_conn_read (CONNECTION * conn, char *buf, ssize_t len);
static int mutt_sasl_conn_write (CONNECTION * conn, const char *buf,
- size_t count);
+ ssize_t count);
/* utility function, stolen from sasl2 sample code */
static int iptostring (const struct sockaddr *addr, socklen_t addrlen,
if (ret)
return getnameinfo_err (ret);
- if (outlen < str_len (hbuf) + str_len (pbuf) + 2)
+ if (outlen < m_strlen(hbuf) + m_strlen(pbuf) + 2)
return SASL_BUFOVER;
snprintf (out, outlen, "%s;%s", hbuf, pbuf);
return SASL_OK;
}
+/* mutt_sasl_cb_log: callback to log SASL messages */
+static int mutt_sasl_cb_log (void *context, int priority, const char *message)
+{
+ return SASL_OK;
+}
+
/* mutt_sasl_start: called before doing a SASL exchange - initialises library
* (if necessary). */
int mutt_sasl_start (void)
rc = sasl_client_init (callbacks);
if (rc != SASL_OK) {
- debug_print (1, ("libsasl initialisation failed.\n"));
return SASL_FAIL;
}
service = "pop";
break;
default:
- debug_print (1, ("account type unset\n"));
return -1;
}
size = sizeof (local);
if (getsockname (conn->fd, (struct sockaddr *) &local, &size)) {
- debug_print (1, ("getsockname for local failed\n"));
return -1;
}
else
- if (iptostring
- ((struct sockaddr *) &local, size, iplocalport,
+ if (iptostring((struct sockaddr *)&local, size, iplocalport,
IP_PORT_BUFLEN) != SASL_OK) {
- debug_print (1, ("iptostring for local failed\n"));
return -1;
}
size = sizeof (remote);
if (getpeername (conn->fd, (struct sockaddr *) &remote, &size)) {
- debug_print (1, ("getsockname for remote failed\n"));
return -1;
}
else
if (iptostring
((struct sockaddr *) &remote, size, ipremoteport,
IP_PORT_BUFLEN) != SASL_OK) {
- debug_print (1, ("iptostring for remote failed\n"));
return -1;
}
- debug_print (1, ("local ip: %s, remote ip:%s\n", iplocalport, ipremoteport));
-
- rc =
- sasl_client_new (service, conn->account.host, iplocalport, ipremoteport,
- mutt_sasl_get_callbacks (&conn->account), 0, saslconn);
+ rc = sasl_client_new(service, conn->account.host, iplocalport, ipremoteport,
+ mutt_sasl_get_callbacks(&conn->account), 0, saslconn);
if (rc != SASL_OK) {
- debug_print (1, ("Error allocating SASL connection\n"));
return -1;
}
#ifdef SASL_IP_LOCAL
if (sasl_setprop (*saslconn, SASL_IP_LOCAL, &local) != SASL_OK) {
- debug_print (1, ("Error setting local IP address\n"));
return -1;
}
#endif
#ifdef SASL_IP_REMOTE
if (sasl_setprop (*saslconn, SASL_IP_REMOTE, &remote) != SASL_OK) {
- debug_print (1, ("Error setting remote IP address\n"));
return -1;
}
#endif
* just fall back to LOGIN in the IMAP case anyway. If that doesn't
* work for POP, we can make it a flag or move this code into
* imap/auth_sasl.c */
- memset (&secprops, 0, sizeof (secprops));
+ p_clear(&secprops, 1);
/* Work around a casting bug in the SASL krb4 module */
secprops.max_ssf = 0x7fff;
secprops.maxbufsize = M_SASL_MAXBUF;
secprops.security_flags |= SASL_SEC_NOPLAINTEXT;
if (sasl_setprop (*saslconn, SASL_SEC_PROPS, &secprops) != SASL_OK) {
- debug_print (1, ("Error setting security properties\n"));
return -1;
}
if (conn->ssf) {
- debug_print (2, ("External SSF: %d\n", conn->ssf));
if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &(conn->ssf)) != SASL_OK)
{
- debug_print (1, ("Error setting external properties\n"));
return -1;
}
- debug_print (2, ("External authentication name: %s\n", conn->account.user));
if (sasl_setprop (*saslconn, SASL_AUTH_EXTERNAL, conn->account.user) !=
SASL_OK) {
- debug_print (1, ("Error setting external properties\n"));
return -1;
}
}
char resp[SHORT_STRING];
while (interaction->id != SASL_CB_LIST_END) {
- debug_print (2, ("filling in SASL interaction %ld.\n", interaction->id));
-
snprintf (prompt, sizeof (prompt), "%s: ", interaction->prompt);
resp[0] = '\0';
if (mutt_get_field (prompt, resp, sizeof (resp), 0))
return SASL_FAIL;
- interaction->len = str_len (resp) + 1;
+ interaction->len = m_strlen(resp) + 1;
interaction->result = p_dupstr(resp, interaction->len - 1);
interaction++;
}
sasldata->saslconn = saslconn;
/* get ssf so we know whether we have to (en|de)code read/write */
sasl_getprop (saslconn, SASL_SSF, (const void **)(void *)&sasldata->ssf);
- debug_print (3, ("SASL protection strength: %u\n", *sasldata->ssf));
+
/* Add SASL SSF to transport SSF */
conn->ssf += *sasldata->ssf;
sasl_getprop (saslconn, SASL_MAXOUTBUF,
(const void **)(void *)&sasldata->pbufsize);
- debug_print (3, ("SASL protection buffer size: %u\n", *sasldata->pbufsize));
/* clear input buffer */
sasldata->buf = NULL;
sasl_done ();
}
-/* mutt_sasl_cb_log: callback to log SASL messages */
-static int mutt_sasl_cb_log (void *context, int priority, const char *message)
-{
- debug_print (priority, ("SASL: %s\n", message));
-
- return SASL_OK;
-}
-
/* mutt_sasl_cb_authname: callback to retrieve authname or user from ACCOUNT */
static int mutt_sasl_cb_authname (void *context, int id, const char **result,
unsigned *len)
if (!account)
return SASL_BADPARAM;
- debug_print (2, ("getting %s for %s:%u\n",
- id == SASL_CB_AUTHNAME ? "authname" : "user",
- account->host, account->port));
-
if (id == SASL_CB_AUTHNAME) {
if (mutt_account_getlogin (account))
return SASL_FAIL;
}
if (len)
- *len = str_len (*result);
+ *len = m_strlen(*result);
return SASL_OK;
}
if (!account || !psecret)
return SASL_BADPARAM;
- debug_print (2, ("getting password for %s@%s:%u\n",
- account->login, account->host, account->port));
-
if (mutt_account_getpass (account))
return SASL_FAIL;
- len = str_len (account->pass);
+ len = m_strlen(account->pass);
*psecret = xmalloc(sizeof(sasl_secret_t) + len);
(*psecret)->len = len;
return rc;
}
-static int mutt_sasl_conn_read (CONNECTION * conn, char *buf, size_t len)
+static int mutt_sasl_conn_read (CONNECTION * conn, char *buf, ssize_t len)
{
SASL_DATA *sasldata;
int rc;
rc = sasl_decode (sasldata->saslconn, buf, rc, &sasldata->buf,
&sasldata->blen);
if (rc != SASL_OK) {
- debug_print (1, ("SASL decode failed: %s\n",
- sasl_errstring (rc, NULL, NULL)));
goto out;
}
}
}
static int mutt_sasl_conn_write (CONNECTION * conn, const char *buf,
- size_t len)
+ ssize_t len)
{
SASL_DATA *sasldata;
int rc;
rc = sasl_encode (sasldata->saslconn, buf, olen, &pbuf, &plen);
if (rc != SASL_OK) {
- debug_print (1, ("SASL encoding failed: %s\n",
- sasl_errstring (rc, NULL, NULL)));
goto fail;
}