X-Git-Url: http://git.madism.org/?p=apps%2Fmadmutt.git;a=blobdiff_plain;f=mutt_sasl.c;h=94783ae15545ba3bf69d6ac3885441954215290b;hp=ea3438797b99bf84e370daa535b52d843f2bfc5b;hb=9afa66139f6099fc06d9866d4283191e43b0e17a;hpb=814a01519c9605d479201b99eb16c97b0ad8635d diff --git a/mutt_sasl.c b/mutt_sasl.c index ea34387..94783ae 100644 --- a/mutt_sasl.c +++ b/mutt_sasl.c @@ -21,17 +21,13 @@ #include "lib/mem.h" #include "lib/debug.h" -#ifdef USE_SASL2 #include #include #include -#else -#include -#endif + #include #include -#ifdef USE_SASL2 static int getnameinfo_err (int ret) { int err; @@ -73,16 +69,13 @@ static int getnameinfo_err (int ret) } return err; } -#endif /* arbitrary. SASL will probably use a smaller buffer anyway. OTOH it's * been a while since I've had access to an SASL server which negotiated * a protection buffer. */ #define M_SASL_MAXBUF 65536 -#ifdef USE_SASL2 #define IP_PORT_BUFLEN 1024 -#endif static sasl_callback_t mutt_sasl_callbacks[5]; @@ -103,7 +96,6 @@ static int mutt_sasl_conn_read (CONNECTION * conn, char *buf, size_t len); static int mutt_sasl_conn_write (CONNECTION * conn, const char *buf, size_t count); -#ifdef USE_SASL2 /* utility function, stolen from sasl2 sample code */ static int iptostring (const struct sockaddr *addr, socklen_t addrlen, char *out, unsigned outlen) @@ -123,17 +115,16 @@ static int iptostring (const struct sockaddr *addr, socklen_t addrlen, if (ret) return getnameinfo_err (ret); - if (outlen < safe_strlen (hbuf) + safe_strlen (pbuf) + 2) + if (outlen < str_len (hbuf) + str_len (pbuf) + 2) return SASL_BUFOVER; snprintf (out, outlen, "%s;%s", hbuf, pbuf); return SASL_OK; } -#endif /* mutt_sasl_start: called before doing a SASL exchange - initialises library - * (if neccessary). */ + * (if necessary). */ int mutt_sasl_start (void) { static unsigned char sasl_init = 0; @@ -172,13 +163,9 @@ int mutt_sasl_client_new (CONNECTION * conn, sasl_conn_t ** saslconn) { sasl_security_properties_t secprops; -#ifdef USE_SASL2 struct sockaddr_storage local, remote; socklen_t size; char iplocalport[IP_PORT_BUFLEN], ipremoteport[IP_PORT_BUFLEN]; -#else - sasl_external_properties_t extprops; -#endif const char *service; int rc; @@ -197,7 +184,6 @@ int mutt_sasl_client_new (CONNECTION * conn, sasl_conn_t ** saslconn) return -1; } -#ifdef USE_SASL2 size = sizeof (local); if (getsockname (conn->fd, (struct sockaddr *) &local, &size)) { debug_print (1, ("getsockname for local failed\n")); @@ -230,12 +216,6 @@ int mutt_sasl_client_new (CONNECTION * conn, sasl_conn_t ** saslconn) sasl_client_new (service, conn->account.host, iplocalport, ipremoteport, mutt_sasl_get_callbacks (&conn->account), 0, saslconn); -#else - rc = sasl_client_new (service, conn->account.host, - mutt_sasl_get_callbacks (&conn->account), - SASL_SECURITY_LAYER, saslconn); -#endif - if (rc != SASL_OK) { debug_print (1, ("Error allocating SASL connection\n")); return -1; @@ -243,9 +223,8 @@ int mutt_sasl_client_new (CONNECTION * conn, sasl_conn_t ** saslconn) /*** set sasl IP properties, necessary for use with krb4 ***/ /* Do we need to fail if this fails? I would assume having these unset - * would just disable KRB4. Who wrote this code? I'm not sure how this - * interacts with the NSS code either, since that mucks with the fd. */ -#ifndef USE_SASL2 /* with SASLv2 this all happens in sasl_client_new */ + * would just disable KRB4. Who wrote this code? + */ { struct sockaddr_in local, remote; socklen_t size; @@ -272,7 +251,6 @@ int mutt_sasl_client_new (CONNECTION * conn, sasl_conn_t ** saslconn) } #endif } -#endif /* set security properties. We use NOPLAINTEXT globally, since we can * just fall back to LOGIN in the IMAP case anyway. If that doesn't @@ -288,35 +266,20 @@ int mutt_sasl_client_new (CONNECTION * conn, sasl_conn_t ** saslconn) return -1; } - /* we currently don't have an SSF finder for NSS (I don't know the API). - * If someone does it'd probably be trivial to write mutt_nss_get_ssf(). - * I have a feeling more SSL code could be shared between those two files, - * but I haven't looked into it yet, since I still don't know the APIs. */ -#if (defined(USE_SSL) || defined(USE_GNUTLS) && !defined(USE_NSS)) - if (conn->account.flags & M_ACCT_SSL) { -#ifdef USE_SASL2 /* I'm not sure this actually has an effect, at least with SASLv2 */ + if (conn->ssf) { debug_print (2, ("External SSF: %d\n", conn->ssf)); if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &(conn->ssf)) != SASL_OK) -#else - memset (&extprops, 0, sizeof (extprops)); - extprops.ssf = conn->ssf; - debug_print (2, ("External SSF: %d\n", extprops.ssf)); - if (sasl_setprop (*saslconn, SASL_SSF_EXTERNAL, &extprops) != SASL_OK) -#endif { debug_print (1, ("Error setting external properties\n")); return -1; } -#ifdef USE_SASL2 debug_print (2, ("External authentication name: %s\n", conn->account.user)); if (sasl_setprop (*saslconn, SASL_AUTH_EXTERNAL, conn->account.user) != SASL_OK) { debug_print (1, ("Error setting external properties\n")); return -1; } -#endif } -#endif return 0; } @@ -327,12 +290,12 @@ sasl_callback_t *mutt_sasl_get_callbacks (ACCOUNT * account) callback = mutt_sasl_callbacks; - callback->id = SASL_CB_AUTHNAME; + callback->id = SASL_CB_USER; callback->proc = mutt_sasl_cb_authname; callback->context = account; callback++; - callback->id = SASL_CB_USER; + callback->id = SASL_CB_AUTHNAME; callback->proc = mutt_sasl_cb_authname; callback->context = account; callback++; @@ -367,9 +330,9 @@ int mutt_sasl_interact (sasl_interact_t * interaction) if (mutt_get_field (prompt, resp, sizeof (resp), 0)) return SASL_FAIL; - interaction->len = safe_strlen (resp) + 1; - interaction->result = safe_malloc (interaction->len); - memcpy (interaction->result, resp, interaction->len); + interaction->len = str_len (resp) + 1; + interaction->result = mem_malloc (interaction->len); + memcpy ((char*) interaction->result, resp, interaction->len); interaction++; } @@ -395,24 +358,16 @@ int mutt_sasl_interact (sasl_interact_t * interaction) * for the read/write methods. */ void mutt_sasl_setup_conn (CONNECTION * conn, sasl_conn_t * saslconn) { - SASL_DATA *sasldata = (SASL_DATA *) safe_malloc (sizeof (SASL_DATA)); + SASL_DATA *sasldata = (SASL_DATA *) mem_malloc (sizeof (SASL_DATA)); sasldata->saslconn = saslconn; /* get ssf so we know whether we have to (en|de)code read/write */ -#ifdef USE_SASL2 sasl_getprop (saslconn, SASL_SSF, (const void **) &sasldata->ssf); -#else - sasl_getprop (saslconn, SASL_SSF, (void **) &sasldata->ssf); -#endif debug_print (3, ("SASL protection strength: %u\n", *sasldata->ssf)); /* Add SASL SSF to transport SSF */ conn->ssf += *sasldata->ssf; -#ifdef USE_SASL2 sasl_getprop (saslconn, SASL_MAXOUTBUF, (const void **) &sasldata->pbufsize); -#else - sasl_getprop (saslconn, SASL_MAXOUTBUF, (void **) &sasldata->pbufsize); -#endif debug_print (3, ("SASL protection buffer size: %u\n", *sasldata->pbufsize)); /* clear input buffer */ @@ -435,6 +390,10 @@ void mutt_sasl_setup_conn (CONNECTION * conn, sasl_conn_t * saslconn) conn->conn_write = mutt_sasl_conn_write; } +void mutt_sasl_done (void) { + sasl_done (); +} + /* mutt_sasl_cb_log: callback to log SASL messages */ static int mutt_sasl_cb_log (void *context, int priority, const char *message) { @@ -443,8 +402,7 @@ static int mutt_sasl_cb_log (void *context, int priority, const char *message) return SASL_OK; } -/* mutt_sasl_cb_authname: callback to retrieve authname or user (mutt - * doesn't distinguish, even if some SASL plugins do) from ACCOUNT */ +/* mutt_sasl_cb_authname: callback to retrieve authname or user from ACCOUNT */ static int mutt_sasl_cb_authname (void *context, int id, const char **result, unsigned *len) { @@ -461,13 +419,18 @@ static int mutt_sasl_cb_authname (void *context, int id, const char **result, id == SASL_CB_AUTHNAME ? "authname" : "user", account->host, account->port)); - if (mutt_account_getuser (account)) - return SASL_FAIL; - - *result = account->user; + if (id == SASL_CB_AUTHNAME) { + if (mutt_account_getlogin (account)) + return SASL_FAIL; + *result = account->login; + } else { + if (mutt_account_getuser (account)) + return SASL_FAIL; + *result = account->user; + } if (len) - *len = safe_strlen (*result); + *len = str_len (*result); return SASL_OK; } @@ -482,16 +445,16 @@ static int mutt_sasl_cb_pass (sasl_conn_t * conn, void *context, int id, return SASL_BADPARAM; debug_print (2, ("getting password for %s@%s:%u\n", - account->user, account->host, account->port)); + account->login, account->host, account->port)); if (mutt_account_getpass (account)) return SASL_FAIL; - len = safe_strlen (account->pass); + len = str_len (account->pass); - *psecret = (sasl_secret_t *) safe_malloc (sizeof (sasl_secret_t) + len); + *psecret = (sasl_secret_t *) mem_malloc (sizeof (sasl_secret_t) + len); (*psecret)->len = len; - strcpy ((*psecret)->data, account->pass); /* __STRCPY_CHECKED__ */ + strcpy ((char*) (*psecret)->data, account->pass); /* __STRCPY_CHECKED__ */ return SASL_OK; } @@ -531,10 +494,8 @@ static int mutt_sasl_conn_close (CONNECTION * conn) /* release sasl resources */ sasl_dispose (&sasldata->saslconn); -#ifndef USE_SASL2 - FREE (&sasldata->buf); -#endif - FREE (&sasldata); + mem_free (&sasldata->buf); + mem_free (&sasldata); /* call underlying close */ rc = (conn->conn_close) (conn); @@ -564,9 +525,7 @@ static int mutt_sasl_conn_read (CONNECTION * conn, char *buf, size_t len) conn->sockdata = sasldata->sockdata; -#ifndef USE_SASL2 - FREE (&sasldata->buf); -#endif + mem_free (&sasldata->buf); sasldata->bpos = 0; sasldata->blen = 0; @@ -611,11 +570,7 @@ static int mutt_sasl_conn_write (CONNECTION * conn, const char *buf, SASL_DATA *sasldata; int rc; -#ifdef USE_SASL2 const char *pbuf; -#else - char *pbuf; -#endif unsigned int olen, plen; sasldata = (SASL_DATA *) conn->sockdata; @@ -635,9 +590,7 @@ static int mutt_sasl_conn_write (CONNECTION * conn, const char *buf, } rc = (sasldata->msasl_write) (conn, pbuf, plen); -#ifndef USE_SASL2 - FREE (&pbuf); -#endif + mem_free (&pbuf); if (rc != plen) goto fail;