2 * Copyright (C) 2000-5 Brendan Cully <brendan@kublai.com>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
19 /* common SASL helper routines */
27 #include "mutt_sasl.h"
28 #include "mutt_socket.h"
33 #include <sasl/sasl.h>
37 #include <sys/socket.h>
38 #include <netinet/in.h>
41 static int getnameinfo_err (int ret)
45 dprint (1, (debugfile, "getnameinfo: "));
50 "The name could not be resolved at this time. Future attempts may succeed.\n"));
54 dprint (1, (debugfile, "The flags had an invalid value.\n"));
58 dprint (1, (debugfile, "A non-recoverable error occurred.\n"));
64 "The address family was not recognized or the address length was invalid for the specified family.\n"));
68 dprint (1, (debugfile, "There was a memory allocation failure.\n"));
74 "The name does not resolve for the supplied parameters. NI_NAMEREQD is set and the host's name cannot be located, or both nodename and servname were null.\n"));
75 err = SASL_FAIL; /* no real equivalent */
80 "A system error occurred. The error code can be found in errno(%d,%s)).\n",
81 errno, strerror (errno)));
82 err = SASL_FAIL; /* no real equivalent */
85 dprint (1, (debugfile, "Unknown error %d\n", ret));
86 err = SASL_FAIL; /* no real equivalent */
93 /* arbitrary. SASL will probably use a smaller buffer anyway. OTOH it's
94 * been a while since I've had access to an SASL server which negotiated
95 * a protection buffer. */
96 #define M_SASL_MAXBUF 65536
99 #define IP_PORT_BUFLEN 1024
102 static sasl_callback_t mutt_sasl_callbacks[5];
104 static int mutt_sasl_start (void);
107 static int mutt_sasl_cb_log (void *context, int priority,
108 const char *message);
109 static int mutt_sasl_cb_authname (void *context, int id, const char **result,
111 static int mutt_sasl_cb_pass (sasl_conn_t * conn, void *context, int id,
112 sasl_secret_t ** psecret);
114 /* socket wrappers for a SASL security layer */
115 static int mutt_sasl_conn_open (CONNECTION * conn);
116 static int mutt_sasl_conn_close (CONNECTION * conn);
117 static int mutt_sasl_conn_read (CONNECTION * conn, char *buf, size_t len);
118 static int mutt_sasl_conn_write (CONNECTION * conn, const char *buf,
122 /* utility function, stolen from sasl2 sample code */
123 static int iptostring (const struct sockaddr *addr, socklen_t addrlen,
124 char *out, unsigned outlen)
126 char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
130 return SASL_BADPARAM;
132 ret = getnameinfo (addr, addrlen, hbuf, sizeof (hbuf), pbuf, sizeof (pbuf),
134 #ifdef NI_WITHSCOPEID
139 return getnameinfo_err (ret);
141 if (outlen < strlen (hbuf) + strlen (pbuf) + 2)
144 snprintf (out, outlen, "%s;%s", hbuf, pbuf);
150 /* mutt_sasl_start: called before doing a SASL exchange - initialises library
151 * (if neccessary). */
152 int mutt_sasl_start (void)
154 static unsigned char sasl_init = 0;
156 static sasl_callback_t callbacks[2];
162 /* set up default logging callback */
163 callbacks[0].id = SASL_CB_LOG;
164 callbacks[0].proc = mutt_sasl_cb_log;
165 callbacks[0].context = NULL;
167 callbacks[1].id = SASL_CB_LIST_END;
168 callbacks[1].proc = NULL;
169 callbacks[1].context = NULL;
171 rc = sasl_client_init (callbacks);
175 (debugfile, "mutt_sasl_start: libsasl initialisation failed.\n"));
184 /* mutt_sasl_client_new: wrapper for sasl_client_new which also sets various
185 * security properties. If this turns out to be fine for POP too we can
186 * probably stop exporting mutt_sasl_get_callbacks(). */
187 int mutt_sasl_client_new (CONNECTION * conn, sasl_conn_t ** saslconn)
189 sasl_security_properties_t secprops;
192 struct sockaddr_storage local, remote;
194 char iplocalport[IP_PORT_BUFLEN], ipremoteport[IP_PORT_BUFLEN];
196 sasl_external_properties_t extprops;
201 if (mutt_sasl_start () != SASL_OK)
204 switch (conn->account.type) {
205 case M_ACCT_TYPE_IMAP:
208 case M_ACCT_TYPE_POP:
212 dprint (1, (debugfile, "mutt_sasl_client_new: account type unset\n"));
217 size = sizeof (local);
218 if (getsockname (conn->fd, (struct sockaddr *) &local, &size)) {
221 "mutt_sasl_client_new: getsockname for local failed\n"));
226 ((struct sockaddr *) &local, size, iplocalport,
227 IP_PORT_BUFLEN) != SASL_OK) {
230 "mutt_sasl_client_new: iptostring for local failed\n"));
234 size = sizeof (remote);
235 if (getpeername (conn->fd, (struct sockaddr *) &remote, &size)) {
238 "mutt_sasl_client_new: getsockname for remote failed\n"));
243 ((struct sockaddr *) &remote, size, ipremoteport,
244 IP_PORT_BUFLEN) != SASL_OK) {
247 "mutt_sasl_client_new: iptostring for remote failed\n"));
252 (debugfile, "local ip: %s, remote ip:%s\n", iplocalport,
256 sasl_client_new (service, conn->account.host, iplocalport, ipremoteport,
257 mutt_sasl_get_callbacks (&conn->account), 0, saslconn);
260 rc = sasl_client_new (service, conn->account.host,
261 mutt_sasl_get_callbacks (&conn->account),
262 SASL_SECURITY_LAYER, saslconn);
266 dprint (1, (debugfile,
267 "mutt_sasl_client_new: Error allocating SASL connection\n"));
271 /*** set sasl IP properties, necessary for use with krb4 ***/
272 /* Do we need to fail if this fails? I would assume having these unset
273 * would just disable KRB4. Who wrote this code? I'm not sure how this
274 * interacts with the NSS code either, since that mucks with the fd. */
275 #ifndef USE_SASL2 /* with SASLv2 this all happens in sasl_client_new */
277 struct sockaddr_in local, remote;
280 size = sizeof (local);
281 if (getsockname (conn->fd, (struct sockaddr *) &local, &size))
284 size = sizeof (remote);
285 if (getpeername (conn->fd, (struct sockaddr *) &remote, &size))
289 if (sasl_setprop (*saslconn, SASL_IP_LOCAL, &local) != SASL_OK) {
290 dprint (1, (debugfile,
291 "mutt_sasl_client_new: Error setting local IP address\n"));
296 #ifdef SASL_IP_REMOTE
297 if (sasl_setprop (*saslconn, SASL_IP_REMOTE, &remote) != SASL_OK) {
298 dprint (1, (debugfile,
299 "mutt_sasl_client_new: Error setting remote IP address\n"));
306 /* set security properties. We use NOPLAINTEXT globally, since we can
307 * just fall back to LOGIN in the IMAP case anyway. If that doesn't
308 * work for POP, we can make it a flag or move this code into
309 * imap/auth_sasl.c */
310 memset (&secprops, 0, sizeof (secprops));
311 /* Work around a casting bug in the SASL krb4 module */
312 secprops.max_ssf = 0x7fff;
313 secprops.maxbufsize = M_SASL_MAXBUF;
314 secprops.security_flags |= SASL_SEC_NOPLAINTEXT;
315 if (sasl_setprop (*saslconn, SASL_SEC_PROPS, &secprops) != SASL_OK) {
316 dprint (1, (debugfile,
317 "mutt_sasl_client_new: Error setting security properties\n"));
321 /* we currently don't have an SSF finder for NSS (I don't know the API).
322 * If someone does it'd probably be trivial to write mutt_nss_get_ssf().
323 * I have a feeling more SSL code could be shared between those two files,
324 * but I haven't looked into it yet, since I still don't know the APIs. */
325 #if (defined(USE_SSL) || defined(USE_GNUTLS) && !defined(USE_NSS))
326 if (conn->account.flags & M_ACCT_SSL) {
327 #ifdef USE_SASL2 /* I'm not sure this actually has an effect, at least with SASLv2 */
328 dprint (2, (debugfile, "External SSF: %d\n", conn->ssf));
329 if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &(conn->ssf)) != SASL_OK)
331 memset (&extprops, 0, sizeof (extprops));
332 extprops.ssf = conn->ssf;
333 dprint (2, (debugfile, "External SSF: %d\n", extprops.ssf));
334 if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &extprops) != SASL_OK)
339 "mutt_sasl_client_new: Error setting external properties\n"));
344 (debugfile, "External authentication name: %s\n",
345 conn->account.user));
346 if (sasl_setprop (*saslconn, SASL_AUTH_EXTERNAL, conn->account.user) !=
350 "mutt_sasl_client_new: Error setting external properties\n"));
360 sasl_callback_t *mutt_sasl_get_callbacks (ACCOUNT * account)
362 sasl_callback_t *callback;
364 callback = mutt_sasl_callbacks;
366 callback->id = SASL_CB_AUTHNAME;
367 callback->proc = mutt_sasl_cb_authname;
368 callback->context = account;
371 callback->id = SASL_CB_USER;
372 callback->proc = mutt_sasl_cb_authname;
373 callback->context = account;
376 callback->id = SASL_CB_PASS;
377 callback->proc = mutt_sasl_cb_pass;
378 callback->context = account;
381 callback->id = SASL_CB_GETREALM;
382 callback->proc = NULL;
383 callback->context = NULL;
386 callback->id = SASL_CB_LIST_END;
387 callback->proc = NULL;
388 callback->context = NULL;
390 return mutt_sasl_callbacks;
393 int mutt_sasl_interact (sasl_interact_t * interaction)
395 char prompt[SHORT_STRING];
396 char resp[SHORT_STRING];
398 while (interaction->id != SASL_CB_LIST_END) {
401 "mutt_sasl_interact: filling in SASL interaction %ld.\n",
404 snprintf (prompt, sizeof (prompt), "%s: ", interaction->prompt);
406 if (mutt_get_field (prompt, resp, sizeof (resp), 0))
409 interaction->len = mutt_strlen (resp) + 1;
410 interaction->result = safe_malloc (interaction->len);
411 memcpy (interaction->result, resp, interaction->len);
419 /* SASL can stack a protection layer on top of an existing connection.
420 * To handle this, we store a saslconn_t in conn->sockdata, and write
421 * wrappers which en/decode the read/write stream, then replace sockdata
422 * with an embedded copy of the old sockdata and call the underlying
423 * functions (which we've also preserved). I thought about trying to make
424 * a general stackable connection system, but it seemed like overkill -
425 * something is wrong if we have 15 filters on top of a socket. Anyway,
426 * anything else which wishes to stack can use the same method. The only
427 * disadvantage is we have to write wrappers for all the socket methods,
428 * even if we only stack over read and write. Thinking about it, the
429 * abstraction problem is that there is more in CONNECTION than there
430 * needs to be. Ideally it would have only (void*)data and methods. */
432 /* mutt_sasl_setup_conn: replace connection methods, sockdata with
433 * SASL wrappers, for protection layers. Also get ssf, as a fastpath
434 * for the read/write methods. */
435 void mutt_sasl_setup_conn (CONNECTION * conn, sasl_conn_t * saslconn)
437 SASL_DATA *sasldata = (SASL_DATA *) safe_malloc (sizeof (SASL_DATA));
439 sasldata->saslconn = saslconn;
440 /* get ssf so we know whether we have to (en|de)code read/write */
442 sasl_getprop (saslconn, SASL_SSF, (const void **) &sasldata->ssf);
444 sasl_getprop (saslconn, SASL_SSF, (void **) &sasldata->ssf);
446 dprint (3, (debugfile, "SASL protection strength: %u\n", *sasldata->ssf));
447 /* Add SASL SSF to transport SSF */
448 conn->ssf += *sasldata->ssf;
450 sasl_getprop (saslconn, SASL_MAXOUTBUF,
451 (const void **) &sasldata->pbufsize);
453 sasl_getprop (saslconn, SASL_MAXOUTBUF, (void **) &sasldata->pbufsize);
456 (debugfile, "SASL protection buffer size: %u\n",
457 *sasldata->pbufsize));
459 /* clear input buffer */
460 sasldata->buf = NULL;
464 /* preserve old functions */
465 sasldata->sockdata = conn->sockdata;
466 sasldata->msasl_open = conn->conn_open;
467 sasldata->msasl_close = conn->conn_close;
468 sasldata->msasl_read = conn->conn_read;
469 sasldata->msasl_write = conn->conn_write;
471 /* and set up new functions */
472 conn->sockdata = sasldata;
473 conn->conn_open = mutt_sasl_conn_open;
474 conn->conn_close = mutt_sasl_conn_close;
475 conn->conn_read = mutt_sasl_conn_read;
476 conn->conn_write = mutt_sasl_conn_write;
479 /* mutt_sasl_cb_log: callback to log SASL messages */
480 static int mutt_sasl_cb_log (void *context, int priority, const char *message)
482 dprint (priority, (debugfile, "SASL: %s\n", message));
487 /* mutt_sasl_cb_authname: callback to retrieve authname or user (mutt
488 * doesn't distinguish, even if some SASL plugins do) from ACCOUNT */
489 static int mutt_sasl_cb_authname (void *context, int id, const char **result,
492 ACCOUNT *account = (ACCOUNT *) context;
499 return SASL_BADPARAM;
501 dprint (2, (debugfile, "mutt_sasl_cb_authname: getting %s for %s:%u\n",
502 id == SASL_CB_AUTHNAME ? "authname" : "user",
503 account->host, account->port));
505 if (mutt_account_getuser (account))
508 *result = account->user;
511 *len = strlen (*result);
516 static int mutt_sasl_cb_pass (sasl_conn_t * conn, void *context, int id,
517 sasl_secret_t ** psecret)
519 ACCOUNT *account = (ACCOUNT *) context;
522 if (!account || !psecret)
523 return SASL_BADPARAM;
525 dprint (2, (debugfile,
526 "mutt_sasl_cb_pass: getting password for %s@%s:%u\n",
527 account->user, account->host, account->port));
529 if (mutt_account_getpass (account))
532 len = strlen (account->pass);
534 *psecret = (sasl_secret_t *) safe_malloc (sizeof (sasl_secret_t) + len);
535 (*psecret)->len = len;
536 strcpy ((*psecret)->data, account->pass); /* __STRCPY_CHECKED__ */
541 /* mutt_sasl_conn_open: empty wrapper for underlying open function. We
542 * don't know in advance that a connection will use SASL, so we
543 * replace conn's methods with sasl methods when authentication
544 * is successful, using mutt_sasl_setup_conn */
545 static int mutt_sasl_conn_open (CONNECTION * conn)
550 sasldata = (SASL_DATA *) conn->sockdata;
551 conn->sockdata = sasldata->sockdata;
552 rc = (sasldata->msasl_open) (conn);
553 conn->sockdata = sasldata;
558 /* mutt_sasl_conn_close: calls underlying close function and disposes of
559 * the sasl_conn_t object, then restores connection to pre-sasl state */
560 static int mutt_sasl_conn_close (CONNECTION * conn)
565 sasldata = (SASL_DATA *) conn->sockdata;
567 /* restore connection's underlying methods */
568 conn->sockdata = sasldata->sockdata;
569 conn->conn_open = sasldata->msasl_open;
570 conn->conn_close = sasldata->msasl_close;
571 conn->conn_read = sasldata->msasl_read;
572 conn->conn_write = sasldata->msasl_write;
574 /* release sasl resources */
575 sasl_dispose (&sasldata->saslconn);
577 FREE (&sasldata->buf);
581 /* call underlying close */
582 rc = (conn->conn_close) (conn);
587 static int mutt_sasl_conn_read (CONNECTION * conn, char *buf, size_t len)
594 sasldata = (SASL_DATA *) conn->sockdata;
596 /* if we still have data in our read buffer, copy it into buf */
597 if (sasldata->blen > sasldata->bpos) {
598 olen = (sasldata->blen - sasldata->bpos > len) ? len :
599 sasldata->blen - sasldata->bpos;
601 memcpy (buf, sasldata->buf + sasldata->bpos, olen);
602 sasldata->bpos += olen;
607 conn->sockdata = sasldata->sockdata;
610 FREE (&sasldata->buf);
615 /* and decode the result, if necessary */
616 if (*sasldata->ssf) {
618 /* call the underlying read function to fill the buffer */
619 rc = (sasldata->msasl_read) (conn, buf, len);
623 rc = sasl_decode (sasldata->saslconn, buf, rc, &sasldata->buf,
626 dprint (1, (debugfile, "SASL decode failed: %s\n",
627 sasl_errstring (rc, NULL, NULL)));
631 while (!sasldata->blen);
633 olen = (sasldata->blen - sasldata->bpos > len) ? len :
634 sasldata->blen - sasldata->bpos;
636 memcpy (buf, sasldata->buf, olen);
637 sasldata->bpos += olen;
642 rc = (sasldata->msasl_read) (conn, buf, len);
645 conn->sockdata = sasldata;
650 static int mutt_sasl_conn_write (CONNECTION * conn, const char *buf,
661 unsigned int olen, plen;
663 sasldata = (SASL_DATA *) conn->sockdata;
664 conn->sockdata = sasldata->sockdata;
666 /* encode data, if necessary */
667 if (*sasldata->ssf) {
668 /* handle data larger than MAXOUTBUF */
670 olen = (len > *sasldata->pbufsize) ? *sasldata->pbufsize : len;
672 rc = sasl_encode (sasldata->saslconn, buf, olen, &pbuf, &plen);
674 dprint (1, (debugfile, "SASL encoding failed: %s\n",
675 sasl_errstring (rc, NULL, NULL)));
679 rc = (sasldata->msasl_write) (conn, pbuf, plen);
689 while (len > *sasldata->pbufsize);
692 /* just write using the underlying socket function */
693 rc = (sasldata->msasl_write) (conn, buf, len);
695 conn->sockdata = sasldata;
700 conn->sockdata = sasldata;