drop gss as well.

Signed-off-by: Pierre Habouzit <madcoder@debian.org>

diff --git a/configure.ac b/configure.ac
index f48c031..8fd5613 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -332,19 +332,6 @@ AC_CHECK_FUNCS(getaddrinfo)
 
 dnl -- imap dependencies --
 
-AC_ARG_WITH(gss, AC_HELP_STRING([--with-gss], [Compile in GSSAPI authentication for IMAP]),[
-    if test x$with_gss != xno; then
-        PKG_CHECK_MODULES(GSSAPI,libgssapi,[
-            CPPFLAGS="$CPPFLAGS $GSSAPI_CFLAGS"
-            MUTTLIBS="$MUTTLIBS $GSSAPI_LIBS"
-            AC_DEFINE(USE_GSS,1,[ Define if you have GSSAPI libraries available ])
-            AC_CHECK_HEADERS(xom.h)
-        ],[
-           AC_MSG_ERROR([could not find libgssapi])
-        ])
-    fi
-])
-
 AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl[=PFX]], [Compile in SSL support for POP/IMAP]),
 [   if test "$with_ssl" != "no"; then
         if test "$with_ssl" != "yes"; then

diff --git a/imap/Makefile.am b/imap/Makefile.am
index 446e7c6..9591604 100644 (file)
--- a/imap/Makefile.am
+++ b/imap/Makefile.am
@@ -5,7 +5,6 @@ INCLUDES = -I$(top_srcdir) -I$(top_srcdir)/intl
 noinst_LIBRARIES = libimap.a
 noinst_HEADERS = auth.h imap_private.h message.h
 
-libimap_a_SOURCES = auth.c auth_login.c browse.c command.c imap.c imap.h \
-       message.c utf7.c util.c auth_sasl.c auth_gss.c
+libimap_a_SOURCES = auth.c auth_login.c browse.c command.c imap.c imap.h message.c utf7.c util.c auth_sasl.c
 
 -include $(top_builddir)/tools/cflags.mk

diff --git a/imap/auth.c b/imap/auth.c
index 8ee355b..8b32807 100644 (file)
--- a/imap/auth.c
+++ b/imap/auth.c
@@ -19,10 +19,6 @@
 
 static imap_auth_t imap_authenticators[] = {
   {imap_auth_sasl, NULL},
-#ifdef USE_GSS
-  {imap_auth_gss, "gssapi"},
-#endif
-  /* SASL includes CRAM-MD5 (and GSSAPI, but that's not enabled by default) */
   {imap_auth_login, "login"},
   {NULL, NULL}
 };

diff --git a/imap/auth.h b/imap/auth.h
index 8deda56..4dab11d 100644 (file)
--- a/imap/auth.h
+++ b/imap/auth.h
@@ -30,10 +30,6 @@ typedef struct {
 
 /* external authenticator prototypes */
 imap_auth_res_t imap_auth_login (IMAP_DATA * idata, const char *method);
-
-#ifdef USE_GSS
-imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method);
-#endif
 imap_auth_res_t imap_auth_sasl (IMAP_DATA * idata, const char *method);
 
 #endif /* _IMAP_AUTH_H */

diff --git a/imap/auth_gss.c b/imap/auth_gss.c
deleted file mode 100644 (file)
index 6e82a26..0000000
--- a/imap/auth_gss.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/*
- * Copyright notice from original mutt:
- * Copyright (C) 1999-2000 Brendan Cully <brendan@kublai.com>
- *
- * This file is part of mutt-ng, see http://www.muttng.org/.
- * It's licensed under the GNU General Public License,
- * please see the file GPL in the top level source directory.
- */
-
-/* GSS login/authentication code */
-
-#include <lib-lib/lib-lib.h>
-
-#ifdef USE_GSS
-
-#include <netinet/in.h>
-
-#ifdef HAVE_HEIMDAL
-#  include <gssapi/gssapi.h>
-#  define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
-#else
-#  include <gssapi/gssapi.h>
-#  include <gssapi/gssapi_generic.h>
-#endif
-
-#define GSS_BUFSIZE 8192
-
-#define GSS_AUTH_P_NONE      1
-#define GSS_AUTH_P_INTEGRITY 2
-#define GSS_AUTH_P_PRIVACY   4
-
-#include "mutt.h"
-#include "imap_private.h"
-#include "auth.h"
-
-/* imap_auth_gss: AUTH=GSSAPI support. */
-imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method __attribute__ ((unused)))
-{
-  gss_buffer_desc request_buf, send_token;
-  gss_buffer_t sec_token;
-  gss_name_t target_name;
-  gss_ctx_id_t context;
-  gss_qop_t quality;
-  int cflags;
-  OM_uint32 maj_stat, min_stat;
-  char buf1[GSS_BUFSIZE], buf2[GSS_BUFSIZE], server_conf_flags;
-  unsigned long buf_size;
-  int rc;
-
-  if (!mutt_bit_isset (idata->capabilities, AGSSAPI))
-    return IMAP_AUTH_UNAVAIL;
-
-  if (mutt_account_getuser (&idata->conn->account))
-    return IMAP_AUTH_FAILURE;
-
-  /* get an IMAP service ticket for the server */
-  snprintf (buf1, sizeof (buf1), "imap@%s", idata->conn->account.host);
-  request_buf.value = buf1;
-  request_buf.length = m_strlen(buf1) + 1;
-  maj_stat = gss_import_name (&min_stat, &request_buf, gss_nt_service_name,
-                              &target_name);
-  if (maj_stat != GSS_S_COMPLETE) {
-    return IMAP_AUTH_UNAVAIL;
-  }
-
-  /* Acquire initial credentials - without a TGT GSSAPI is UNAVAIL */
-  sec_token = GSS_C_NO_BUFFER;
-  context = GSS_C_NO_CONTEXT;
-
-  /* build token */
-  maj_stat = gss_init_sec_context (&min_stat, GSS_C_NO_CREDENTIAL, &context,
-                                   target_name, GSS_C_NO_OID,
-                                   GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG, 0,
-                                   GSS_C_NO_CHANNEL_BINDINGS, sec_token, NULL,
-                                   &send_token, (unsigned int *) &cflags,
-                                   NULL);
-  if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) {
-    gss_release_name (&min_stat, &target_name);
-
-    return IMAP_AUTH_UNAVAIL;
-  }
-
-  /* now begin login */
-  mutt_message _("Authenticating (GSSAPI)...");
-
-  imap_cmd_start (idata, "AUTHENTICATE GSSAPI");
-
-  /* expect a null continuation response ("+") */
-  do
-    rc = imap_cmd_step (idata);
-  while (rc == IMAP_CMD_CONTINUE);
-
-  if (rc != IMAP_CMD_RESPOND) {
-    gss_release_name (&min_stat, &target_name);
-    goto bail;
-  }
-
-  /* now start the security context initialisation loop... */
-  mutt_to_base64 ((unsigned char *) buf1, send_token.value, send_token.length,
-                  sizeof (buf1) - 2);
-  gss_release_buffer (&min_stat, &send_token);
-  m_strcat(buf1, sizeof(buf1), "\r\n");
-  mutt_socket_write (idata->conn, buf1);
-
-  while (maj_stat == GSS_S_CONTINUE_NEEDED) {
-    /* Read server data */
-    do
-      rc = imap_cmd_step (idata);
-    while (rc == IMAP_CMD_CONTINUE);
-
-    if (rc != IMAP_CMD_RESPOND) {
-      gss_release_name (&min_stat, &target_name);
-      goto bail;
-    }
-
-    request_buf.length = mutt_from_base64 (buf2, idata->cmd.buf + 2);
-    request_buf.value = buf2;
-    sec_token = &request_buf;
-
-    /* Write client data */
-    maj_stat = gss_init_sec_context (&min_stat, GSS_C_NO_CREDENTIAL, &context,
-                                     target_name, GSS_C_NO_OID,
-                                     GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
-                                     0, GSS_C_NO_CHANNEL_BINDINGS, sec_token,
-                                     NULL, &send_token,
-                                     (unsigned int *) &cflags, NULL);
-    if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) {
-      gss_release_name (&min_stat, &target_name);
-
-      goto err_abort_cmd;
-    }
-    mutt_to_base64 ((unsigned char *) buf1, send_token.value,
-                    send_token.length, sizeof (buf1) - 2);
-    gss_release_buffer (&min_stat, &send_token);
-    m_strcat(buf1, sizeof(buf1), "\r\n");
-    mutt_socket_write (idata->conn, buf1);
-  }
-
-  gss_release_name (&min_stat, &target_name);
-
-  /* get security flags and buffer size */
-  do
-    rc = imap_cmd_step (idata);
-  while (rc == IMAP_CMD_CONTINUE);
-
-  if (rc != IMAP_CMD_RESPOND) {
-    goto bail;
-  }
-  request_buf.length = mutt_from_base64 (buf2, idata->cmd.buf + 2);
-  request_buf.value = buf2;
-
-  maj_stat = gss_unwrap (&min_stat, context, &request_buf, &send_token,
-                         &cflags, &quality);
-  if (maj_stat != GSS_S_COMPLETE) {
-    gss_release_buffer (&min_stat, &send_token);
-    goto err_abort_cmd;
-  }
-
-  /* first octet is security levels supported. We want NONE */
-  server_conf_flags = ((char *) send_token.value)[0];
-  if (!(((char *) send_token.value)[0] & GSS_AUTH_P_NONE)) {
-    gss_release_buffer (&min_stat, &send_token);
-    goto err_abort_cmd;
-  }
-
-  /* we don't care about buffer size if we don't wrap content. But here it is */
-  ((char *) send_token.value)[0] = 0;
-  buf_size = ntohl (*((long *) send_token.value));
-  gss_release_buffer (&min_stat, &send_token);
-
-  /* agree to terms (hack!) */
-  buf_size = htonl (buf_size);  /* not relevant without integrity/privacy */
-  memcpy (buf1, &buf_size, 4);
-  buf1[0] = GSS_AUTH_P_NONE;
-  /* server decides if principal can log in as user */
-  m_strcpy(buf1 + 4, sizeof(buf1) - 4, idata->conn->account.user);
-  request_buf.value = buf1;
-  request_buf.length = 4 + m_strlen(idata->conn->account.user) + 1;
-  maj_stat = gss_wrap (&min_stat, context, 0, GSS_C_QOP_DEFAULT, &request_buf,
-                       &cflags, &send_token);
-  if (maj_stat != GSS_S_COMPLETE) {
-    goto err_abort_cmd;
-  }
-
-  mutt_to_base64 ((unsigned char *) buf1, send_token.value, send_token.length,
-                  sizeof (buf1) - 2);
-  m_strcat(buf1, sizeof(buf1), "\r\n");
-  mutt_socket_write (idata->conn, buf1);
-
-  /* Joy of victory or agony of defeat? */
-  do
-    rc = imap_cmd_step (idata);
-  while (rc == IMAP_CMD_CONTINUE);
-  if (rc == IMAP_CMD_RESPOND) {
-    goto err_abort_cmd;
-  }
-  if (imap_code (idata->cmd.buf)) {
-    /* flush the security context */
-    maj_stat = gss_delete_sec_context (&min_stat, &context, &send_token);
-
-    /* send_token may contain a notification to the server to flush
-     * credentials. RFC 1731 doesn't specify what to do, and since this
-     * support is only for authentication, we'll assume the server knows
-     * enough to flush its own credentials */
-    gss_release_buffer (&min_stat, &send_token);
-
-    return IMAP_AUTH_SUCCESS;
-  }
-  else
-    goto bail;
-
-err_abort_cmd:
-  mutt_socket_write (idata->conn, "*\r\n");
-  do
-    rc = imap_cmd_step (idata);
-  while (rc == IMAP_CMD_CONTINUE);
-
-bail:
-  mutt_error _("GSSAPI authentication failed.");
-  mutt_sleep (2);
-  return IMAP_AUTH_FAILURE;
-}
-
-#endif /* USE_GSS */

diff --git a/main.c b/main.c
index 8da5c92..f13f5a5 100644 (file)
--- a/main.c
+++ b/main.c
@@ -233,11 +233,6 @@ static void show_version (void)
 #else
          "-USE_NNTP  "
 #endif
-#ifdef USE_GSS
-         "+USE_GSS  "
-#else
-         "-USE_GSS  "
-#endif
 #ifdef USE_SSL
          "+USE_SSL  "
 #else