2 * Copyright notice from original mutt:
3 * Copyright (C) 2000-2001 Vsevolod Volkov <vvv@mutt.org.ua>
5 * This file is part of mutt-ng, see http://www.muttng.org/.
6 * It's licensed under the GNU General Public License,
7 * please see the file GPL in the top level source directory.
22 #include "lib/debug.h"
29 #include <sasl/sasl.h>
30 #include <sasl/saslutil.h>
36 #include "mutt_sasl.h"
40 /* SASL authenticator */
41 static pop_auth_res_t pop_auth_sasl (POP_DATA * pop_data, const char *method)
43 sasl_conn_t *saslconn;
44 sasl_interact_t *interaction = NULL;
46 char buf[LONG_STRING];
47 char inbuf[LONG_STRING];
51 const char *pc = NULL;
55 unsigned int len, olen;
56 unsigned char client_start;
58 if (mutt_sasl_client_new (pop_data->conn, &saslconn) < 0) {
59 debug_print (1, ("Error allocating SASL connection.\n"));
64 method = pop_data->auth_list;
69 sasl_client_start (saslconn, method, &interaction, &pc, &olen, &mech);
71 rc = sasl_client_start (saslconn, method, NULL,
72 &interaction, &pc, &olen, &mech);
74 if (rc != SASL_INTERACT)
76 mutt_sasl_interact (interaction);
79 if (rc != SASL_OK && rc != SASL_CONTINUE) {
80 debug_print (1, ("Failure starting authentication exchange. No shared mechanisms?\n"));
82 /* SASL doesn't support suggested mechanisms, so fall back */
86 client_start = (olen > 0);
88 mutt_message _("Authenticating (SASL)...");
90 snprintf (buf, sizeof (buf), "AUTH %s", mech);
93 /* looping protocol */
95 strfcpy (buf + olen, "\r\n", sizeof (buf) - olen);
96 mutt_socket_write (pop_data->conn, buf);
97 if (mutt_socket_readln (inbuf, sizeof (inbuf), pop_data->conn) < 0) {
98 sasl_dispose (&saslconn);
99 pop_data->status = POP_DISCONNECTED;
103 if (rc != SASL_CONTINUE)
107 if (!str_ncmp (inbuf, "+ ", 2)
108 && sasl_decode64 (inbuf, strlen (inbuf), buf, LONG_STRING - 1,
111 if (!str_ncmp (inbuf, "+ ", 2)
112 && sasl_decode64 (inbuf, strlen (inbuf), buf, &len) != SASL_OK)
115 debug_print (1, ("error base64-decoding server response.\n"));
121 rc = sasl_client_step (saslconn, buf, len, &interaction, &pc, &olen);
122 if (rc != SASL_INTERACT)
124 mutt_sasl_interact (interaction);
129 if (rc != SASL_CONTINUE && (olen == 0 || rc != SASL_OK))
132 /* send out response, or line break if none needed */
134 if (sasl_encode64 (pc, olen, buf, sizeof (buf), &olen) != SASL_OK) {
135 debug_print (1, ("error base64-encoding client response.\n"));
139 /* sasl_client_st(art|ep) allocate pc with malloc, expect me to
150 if (!str_ncmp (inbuf, "+OK", 3)) {
151 mutt_sasl_setup_conn (pop_data->conn, saslconn);
152 return POP_A_SUCCESS;
156 sasl_dispose (&saslconn);
158 /* terminate SASL sessoin if the last responce is not +OK nor -ERR */
159 if (!str_ncmp (inbuf, "+ ", 2)) {
160 snprintf (buf, sizeof (buf), "*\r\n");
161 if (pop_query (pop_data, buf, sizeof (buf)) == PQ_NOT_CONNECTED)
165 mutt_error _("SASL authentication failed.");
169 return POP_A_FAILURE;
173 /* Get the server timestamp for APOP authentication */
174 void pop_apop_timestamp (POP_DATA * pop_data, char *buf)
178 mem_free (&pop_data->timestamp);
180 if ((p1 = strchr (buf, '<')) && (p2 = strchr (p1, '>'))) {
182 pop_data->timestamp = str_dup (p1);
186 /* APOP authenticator */
187 static pop_auth_res_t pop_auth_apop (POP_DATA * pop_data, const char *method)
190 unsigned char digest[16];
192 char buf[LONG_STRING];
195 if (!pop_data->timestamp)
196 return POP_A_UNAVAIL;
198 mutt_message _("Authenticating (APOP)...");
200 /* Compute the authentication hash to send to the server */
201 MD5Init (&mdContext);
202 MD5Update (&mdContext, (unsigned char *) pop_data->timestamp,
203 strlen (pop_data->timestamp));
204 MD5Update (&mdContext, (unsigned char *) pop_data->conn->account.pass,
205 strlen (pop_data->conn->account.pass));
206 MD5Final (digest, &mdContext);
208 for (i = 0; i < sizeof (digest); i++)
209 sprintf (hash + 2 * i, "%02x", digest[i]);
211 /* Send APOP command to server */
212 snprintf (buf, sizeof (buf), "APOP %s %s\r\n", pop_data->conn->account.user,
215 switch (pop_query (pop_data, buf, sizeof (buf))) {
217 return POP_A_SUCCESS;
218 case PQ_NOT_CONNECTED:
220 case PFD_FUNCT_ERROR:
226 mutt_error ("%s %s", _("APOP authentication failed."), pop_data->err_msg);
229 return POP_A_FAILURE;
232 /* USER authenticator */
233 static pop_auth_res_t pop_auth_user (POP_DATA * pop_data, const char *method)
235 char buf[LONG_STRING];
236 pop_query_status ret;
238 if (pop_data->cmd_user == CMD_NOT_AVAILABLE)
239 return POP_A_UNAVAIL;
241 mutt_message _("Logging in...");
243 snprintf (buf, sizeof (buf), "USER %s\r\n", pop_data->conn->account.user);
244 ret = pop_query (pop_data, buf, sizeof (buf));
246 if (pop_data->cmd_user == CMD_UNKNOWN) {
248 pop_data->cmd_user = CMD_AVAILABLE;
250 debug_print (1, ("set USER capability\n"));
254 pop_data->cmd_user = CMD_NOT_AVAILABLE;
256 debug_print (1, ("unset USER capability\n"));
257 snprintf (pop_data->err_msg, sizeof (pop_data->err_msg),
258 _("Command USER is not supported by server."));
263 snprintf (buf, sizeof (buf), "PASS %s\r\n", pop_data->conn->account.pass);
264 ret = pop_query_d (pop_data, buf, sizeof (buf),
266 /* don't print the password unless we're at the ungodly debugging level */
267 DebugLevel < M_SOCK_LOG_FULL ? "PASS *\r\n" :
274 return POP_A_SUCCESS;
275 case PQ_NOT_CONNECTED:
277 case PFD_FUNCT_ERROR:
283 mutt_error ("%s %s", _("Login failed."), pop_data->err_msg);
286 return POP_A_FAILURE;
289 static pop_auth_t pop_authenticators[] = {
291 {pop_auth_sasl, NULL},
293 {pop_auth_apop, "apop"},
294 {pop_auth_user, "user"},
301 * -1 - conection lost,
303 * -3 - authentication canceled.
305 pop_query_status pop_authenticate (POP_DATA * pop_data)
307 ACCOUNT *acct = &pop_data->conn->account;
308 pop_auth_t *authenticator;
313 int ret = POP_A_UNAVAIL;
315 if (mutt_account_getuser (acct) || !acct->user[0] ||
316 mutt_account_getpass (acct) || !acct->pass[0])
317 return PFD_FUNCT_ERROR;
319 if (PopAuthenticators && *PopAuthenticators) {
320 /* Try user-specified list of authentication methods */
321 methods = str_dup (PopAuthenticators);
325 comma = strchr (method, ':');
328 debug_print (2, ("Trying method %s\n", method));
329 authenticator = pop_authenticators;
331 while (authenticator->authenticate) {
332 if (!authenticator->method ||
333 !ascii_strcasecmp (authenticator->method, method)) {
334 ret = authenticator->authenticate (pop_data, method);
335 if (ret == POP_A_SOCKET)
336 switch (pop_connect (pop_data)) {
339 ret = authenticator->authenticate (pop_data, method);
346 if (ret != POP_A_UNAVAIL)
348 if (ret == POP_A_SUCCESS || ret == POP_A_SOCKET ||
349 (ret == POP_A_FAILURE && !option (OPTPOPAUTHTRYALL))) {
363 /* Fall back to default: any authenticator */
364 debug_print (2, ("Using any available method.\n"));
365 authenticator = pop_authenticators;
367 while (authenticator->authenticate) {
368 ret = authenticator->authenticate (pop_data, authenticator->method);
369 if (ret == POP_A_SOCKET)
370 switch (pop_connect (pop_data)) {
374 authenticator->authenticate (pop_data, authenticator->method);
381 if (ret != POP_A_UNAVAIL)
383 if (ret == POP_A_SUCCESS || ret == POP_A_SOCKET ||
384 (ret == POP_A_FAILURE && !option (OPTPOPAUTHTRYALL)))
395 return PQ_NOT_CONNECTED;
398 mutt_error (_("No authenticators available"));