X-Git-Url: http://git.madism.org/?p=apps%2Fmadmutt.git;a=blobdiff_plain;f=imap%2Fauth_gss.c;h=6e82a26fdde78a4bad596dee12ad5f21f847df3a;hp=61bef8124f28753d4b87ab75d31afbba1cf66f87;hb=85fd0dfe747c58f2da62074ddd90a598397a4848;hpb=fe81278e7e988e6a8ae81eb086a99258c3bea82a diff --git a/imap/auth_gss.c b/imap/auth_gss.c index 61bef81..6e82a26 100644 --- a/imap/auth_gss.c +++ b/imap/auth_gss.c @@ -9,15 +9,9 @@ /* GSS login/authentication code */ -#if HAVE_CONFIG_H -# include "config.h" -#endif +#include -#include "mutt.h" -#include "imap_private.h" -#include "auth.h" - -#include "lib/intl.h" +#ifdef USE_GSS #include @@ -35,14 +29,17 @@ #define GSS_AUTH_P_INTEGRITY 2 #define GSS_AUTH_P_PRIVACY 4 +#include "mutt.h" +#include "imap_private.h" +#include "auth.h" + /* imap_auth_gss: AUTH=GSSAPI support. */ -imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method) +imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method __attribute__ ((unused))) { gss_buffer_desc request_buf, send_token; gss_buffer_t sec_token; gss_name_t target_name; gss_ctx_id_t context; - gss_OID mech_name; gss_qop_t quality; int cflags; OM_uint32 maj_stat, min_stat; @@ -59,22 +56,13 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method) /* get an IMAP service ticket for the server */ snprintf (buf1, sizeof (buf1), "imap@%s", idata->conn->account.host); request_buf.value = buf1; - request_buf.length = mutt_strlen (buf1) + 1; + request_buf.length = m_strlen(buf1) + 1; maj_stat = gss_import_name (&min_stat, &request_buf, gss_nt_service_name, &target_name); if (maj_stat != GSS_S_COMPLETE) { - dprint (2, (debugfile, "Couldn't get service name for [%s]\n", buf1)); return IMAP_AUTH_UNAVAIL; } -#ifdef DEBUG - else if (debuglevel >= 2) { - maj_stat = gss_display_name (&min_stat, target_name, &request_buf, - &mech_name); - dprint (2, (debugfile, "Using service name [%s]\n", - (char *) request_buf.value)); - maj_stat = gss_release_buffer (&min_stat, &request_buf); - } -#endif + /* Acquire initial credentials - without a TGT GSSAPI is UNAVAIL */ sec_token = GSS_C_NO_BUFFER; context = GSS_C_NO_CONTEXT; @@ -87,7 +75,6 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method) &send_token, (unsigned int *) &cflags, NULL); if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) { - dprint (1, (debugfile, "Error acquiring credentials - no TGT?\n")); gss_release_name (&min_stat, &target_name); return IMAP_AUTH_UNAVAIL; @@ -104,17 +91,15 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method) while (rc == IMAP_CMD_CONTINUE); if (rc != IMAP_CMD_RESPOND) { - dprint (2, (debugfile, "Invalid response from server: %s\n", buf1)); gss_release_name (&min_stat, &target_name); goto bail; } /* now start the security context initialisation loop... */ - dprint (2, (debugfile, "Sending credentials\n")); mutt_to_base64 ((unsigned char *) buf1, send_token.value, send_token.length, sizeof (buf1) - 2); gss_release_buffer (&min_stat, &send_token); - safe_strcat (buf1, sizeof (buf1), "\r\n"); + m_strcat(buf1, sizeof(buf1), "\r\n"); mutt_socket_write (idata->conn, buf1); while (maj_stat == GSS_S_CONTINUE_NEEDED) { @@ -124,7 +109,6 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method) while (rc == IMAP_CMD_CONTINUE); if (rc != IMAP_CMD_RESPOND) { - dprint (1, (debugfile, "Error receiving server response.\n")); gss_release_name (&min_stat, &target_name); goto bail; } @@ -141,7 +125,6 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method) NULL, &send_token, (unsigned int *) &cflags, NULL); if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) { - dprint (1, (debugfile, "Error exchanging credentials\n")); gss_release_name (&min_stat, &target_name); goto err_abort_cmd; @@ -149,7 +132,7 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method) mutt_to_base64 ((unsigned char *) buf1, send_token.value, send_token.length, sizeof (buf1) - 2); gss_release_buffer (&min_stat, &send_token); - safe_strcat (buf1, sizeof (buf1), "\r\n"); + m_strcat(buf1, sizeof(buf1), "\r\n"); mutt_socket_write (idata->conn, buf1); } @@ -161,7 +144,6 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method) while (rc == IMAP_CMD_CONTINUE); if (rc != IMAP_CMD_RESPOND) { - dprint (1, (debugfile, "Error receiving server response.\n")); goto bail; } request_buf.length = mutt_from_base64 (buf2, idata->cmd.buf + 2); @@ -170,16 +152,13 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method) maj_stat = gss_unwrap (&min_stat, context, &request_buf, &send_token, &cflags, &quality); if (maj_stat != GSS_S_COMPLETE) { - dprint (2, (debugfile, "Couldn't unwrap security level data\n")); gss_release_buffer (&min_stat, &send_token); goto err_abort_cmd; } - dprint (2, (debugfile, "Credential exchange complete\n")); /* first octet is security levels supported. We want NONE */ server_conf_flags = ((char *) send_token.value)[0]; if (!(((char *) send_token.value)[0] & GSS_AUTH_P_NONE)) { - dprint (2, (debugfile, "Server requires integrity or privacy\n")); gss_release_buffer (&min_stat, &send_token); goto err_abort_cmd; } @@ -188,32 +167,24 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method) ((char *) send_token.value)[0] = 0; buf_size = ntohl (*((long *) send_token.value)); gss_release_buffer (&min_stat, &send_token); - dprint (2, (debugfile, "Unwrapped security level flags: %c%c%c\n", - server_conf_flags & GSS_AUTH_P_NONE ? 'N' : '-', - server_conf_flags & GSS_AUTH_P_INTEGRITY ? 'I' : '-', - server_conf_flags & GSS_AUTH_P_PRIVACY ? 'P' : '-')); - dprint (2, (debugfile, "Maximum GSS token size is %ld\n", buf_size)); /* agree to terms (hack!) */ buf_size = htonl (buf_size); /* not relevant without integrity/privacy */ memcpy (buf1, &buf_size, 4); buf1[0] = GSS_AUTH_P_NONE; /* server decides if principal can log in as user */ - strncpy (buf1 + 4, idata->conn->account.user, sizeof (buf1) - 4); + m_strcpy(buf1 + 4, sizeof(buf1) - 4, idata->conn->account.user); request_buf.value = buf1; - request_buf.length = 4 + mutt_strlen (idata->conn->account.user) + 1; + request_buf.length = 4 + m_strlen(idata->conn->account.user) + 1; maj_stat = gss_wrap (&min_stat, context, 0, GSS_C_QOP_DEFAULT, &request_buf, &cflags, &send_token); if (maj_stat != GSS_S_COMPLETE) { - dprint (2, (debugfile, "Error creating login request\n")); goto err_abort_cmd; } mutt_to_base64 ((unsigned char *) buf1, send_token.value, send_token.length, sizeof (buf1) - 2); - dprint (2, (debugfile, "Requesting authorisation as %s\n", - idata->conn->account.user)); - safe_strcat (buf1, sizeof (buf1), "\r\n"); + m_strcat(buf1, sizeof(buf1), "\r\n"); mutt_socket_write (idata->conn, buf1); /* Joy of victory or agony of defeat? */ @@ -221,15 +192,11 @@ imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method) rc = imap_cmd_step (idata); while (rc == IMAP_CMD_CONTINUE); if (rc == IMAP_CMD_RESPOND) { - dprint (1, (debugfile, "Unexpected server continuation request.\n")); goto err_abort_cmd; } if (imap_code (idata->cmd.buf)) { /* flush the security context */ - dprint (2, (debugfile, "Releasing GSS credentials\n")); maj_stat = gss_delete_sec_context (&min_stat, &context, &send_token); - if (maj_stat != GSS_S_COMPLETE) - dprint (1, (debugfile, "Error releasing credentials\n")); /* send_token may contain a notification to the server to flush * credentials. RFC 1731 doesn't specify what to do, and since this @@ -253,3 +220,5 @@ bail: mutt_sleep (2); return IMAP_AUTH_FAILURE; } + +#endif /* USE_GSS */