2 * Copyright (C) 2000-2001 Vsevolod Volkov <vvv@mutt.org.ua>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
33 #include <sasl/sasl.h>
34 #include <sasl/saslutil.h>
40 #include "mutt_sasl.h"
44 /* SASL authenticator */
45 static pop_auth_res_t pop_auth_sasl (POP_DATA * pop_data, const char *method)
47 sasl_conn_t *saslconn;
48 sasl_interact_t *interaction = NULL;
50 char buf[LONG_STRING];
51 char inbuf[LONG_STRING];
55 const char *pc = NULL;
59 unsigned int len, olen;
60 unsigned char client_start;
62 if (mutt_sasl_client_new (pop_data->conn, &saslconn) < 0) {
65 "pop_auth_sasl: Error allocating SASL connection.\n"));
70 method = pop_data->auth_list;
75 sasl_client_start (saslconn, method, &interaction, &pc, &olen, &mech);
77 rc = sasl_client_start (saslconn, method, NULL,
78 &interaction, &pc, &olen, &mech);
80 if (rc != SASL_INTERACT)
82 mutt_sasl_interact (interaction);
85 if (rc != SASL_OK && rc != SASL_CONTINUE) {
88 "pop_auth_sasl: Failure starting authentication exchange. No shared mechanisms?\n"));
90 /* SASL doesn't support suggested mechanisms, so fall back */
94 client_start = (olen > 0);
96 mutt_message _("Authenticating (SASL)...");
98 snprintf (buf, sizeof (buf), "AUTH %s", mech);
101 /* looping protocol */
103 strfcpy (buf + olen, "\r\n", sizeof (buf) - olen);
104 mutt_socket_write (pop_data->conn, buf);
105 if (mutt_socket_readln (inbuf, sizeof (inbuf), pop_data->conn) < 0) {
106 sasl_dispose (&saslconn);
107 pop_data->status = POP_DISCONNECTED;
111 if (rc != SASL_CONTINUE)
115 if (!mutt_strncmp (inbuf, "+ ", 2)
116 && sasl_decode64 (inbuf, strlen (inbuf), buf, LONG_STRING - 1,
119 if (!mutt_strncmp (inbuf, "+ ", 2)
120 && sasl_decode64 (inbuf, strlen (inbuf), buf, &len) != SASL_OK)
125 "pop_auth_sasl: error base64-decoding server response.\n"));
131 rc = sasl_client_step (saslconn, buf, len, &interaction, &pc, &olen);
132 if (rc != SASL_INTERACT)
134 mutt_sasl_interact (interaction);
139 if (rc != SASL_CONTINUE && (olen == 0 || rc != SASL_OK))
142 /* send out response, or line break if none needed */
144 if (sasl_encode64 (pc, olen, buf, sizeof (buf), &olen) != SASL_OK) {
147 "pop_auth_sasl: error base64-encoding client response.\n"));
151 /* sasl_client_st(art|ep) allocate pc with malloc, expect me to
162 if (!mutt_strncmp (inbuf, "+OK", 3)) {
163 mutt_sasl_setup_conn (pop_data->conn, saslconn);
164 return POP_A_SUCCESS;
168 sasl_dispose (&saslconn);
170 /* terminate SASL sessoin if the last responce is not +OK nor -ERR */
171 if (!mutt_strncmp (inbuf, "+ ", 2)) {
172 snprintf (buf, sizeof (buf), "*\r\n");
173 if (pop_query (pop_data, buf, sizeof (buf)) == -1)
177 mutt_error _("SASL authentication failed.");
181 return POP_A_FAILURE;
185 /* Get the server timestamp for APOP authentication */
186 void pop_apop_timestamp (POP_DATA * pop_data, char *buf)
190 FREE (&pop_data->timestamp);
192 if ((p1 = strchr (buf, '<')) && (p2 = strchr (p1, '>'))) {
194 pop_data->timestamp = safe_strdup (p1);
198 /* APOP authenticator */
199 static pop_auth_res_t pop_auth_apop (POP_DATA * pop_data, const char *method)
202 unsigned char digest[16];
204 char buf[LONG_STRING];
207 if (!pop_data->timestamp)
208 return POP_A_UNAVAIL;
210 mutt_message _("Authenticating (APOP)...");
212 /* Compute the authentication hash to send to the server */
213 MD5Init (&mdContext);
214 MD5Update (&mdContext, (unsigned char *) pop_data->timestamp,
215 strlen (pop_data->timestamp));
216 MD5Update (&mdContext, (unsigned char *) pop_data->conn->account.pass,
217 strlen (pop_data->conn->account.pass));
218 MD5Final (digest, &mdContext);
220 for (i = 0; i < sizeof (digest); i++)
221 sprintf (hash + 2 * i, "%02x", digest[i]);
223 /* Send APOP command to server */
224 snprintf (buf, sizeof (buf), "APOP %s %s\r\n", pop_data->conn->account.user,
227 switch (pop_query (pop_data, buf, sizeof (buf))) {
229 return POP_A_SUCCESS;
234 mutt_error _("APOP authentication failed.");
238 return POP_A_FAILURE;
241 /* USER authenticator */
242 static pop_auth_res_t pop_auth_user (POP_DATA * pop_data, const char *method)
244 char buf[LONG_STRING];
247 if (!pop_data->cmd_user)
248 return POP_A_UNAVAIL;
250 mutt_message _("Logging in...");
252 snprintf (buf, sizeof (buf), "USER %s\r\n", pop_data->conn->account.user);
253 ret = pop_query (pop_data, buf, sizeof (buf));
255 if (pop_data->cmd_user == 2) {
257 pop_data->cmd_user = 1;
259 dprint (1, (debugfile, "pop_auth_user: set USER capability\n"));
263 pop_data->cmd_user = 0;
265 dprint (1, (debugfile, "pop_auth_user: unset USER capability\n"));
266 snprintf (pop_data->err_msg, sizeof (pop_data->err_msg),
267 _("Command USER is not supported by server."));
272 snprintf (buf, sizeof (buf), "PASS %s\r\n", pop_data->conn->account.pass);
273 ret = pop_query_d (pop_data, buf, sizeof (buf),
275 /* don't print the password unless we're at the ungodly debugging level */
276 debuglevel < M_SOCK_LOG_FULL ? "PASS *\r\n" :
283 return POP_A_SUCCESS;
288 mutt_error ("%s %s", _("Login failed."), pop_data->err_msg);
291 return POP_A_FAILURE;
294 static pop_auth_t pop_authenticators[] = {
296 {pop_auth_sasl, NULL},
298 {pop_auth_apop, "apop"},
299 {pop_auth_user, "user"},
306 * -1 - conection lost,
308 * -3 - authentication canceled.
310 int pop_authenticate (POP_DATA * pop_data)
312 ACCOUNT *acct = &pop_data->conn->account;
313 pop_auth_t *authenticator;
318 int ret = POP_A_UNAVAIL;
320 if (mutt_account_getuser (acct) || !acct->user[0] ||
321 mutt_account_getpass (acct) || !acct->pass[0])
324 if (PopAuthenticators && *PopAuthenticators) {
325 /* Try user-specified list of authentication methods */
326 methods = safe_strdup (PopAuthenticators);
330 comma = strchr (method, ':');
333 dprint (2, (debugfile, "pop_authenticate: Trying method %s\n", method));
334 authenticator = pop_authenticators;
336 while (authenticator->authenticate) {
337 if (!authenticator->method ||
338 !ascii_strcasecmp (authenticator->method, method)) {
339 ret = authenticator->authenticate (pop_data, method);
340 if (ret == POP_A_SOCKET)
341 switch (pop_connect (pop_data)) {
344 ret = authenticator->authenticate (pop_data, method);
351 if (ret != POP_A_UNAVAIL)
353 if (ret == POP_A_SUCCESS || ret == POP_A_SOCKET ||
354 (ret == POP_A_FAILURE && !option (OPTPOPAUTHTRYALL))) {
368 /* Fall back to default: any authenticator */
370 (debugfile, "pop_authenticate: Using any available method.\n"));
371 authenticator = pop_authenticators;
373 while (authenticator->authenticate) {
374 ret = authenticator->authenticate (pop_data, authenticator->method);
375 if (ret == POP_A_SOCKET)
376 switch (pop_connect (pop_data)) {
380 authenticator->authenticate (pop_data, authenticator->method);
387 if (ret != POP_A_UNAVAIL)
389 if (ret == POP_A_SUCCESS || ret == POP_A_SOCKET ||
390 (ret == POP_A_FAILURE && !option (OPTPOPAUTHTRYALL)))
404 mutt_error (_("No authenticators available"));