From 55a276b42d6e3fa25bb4f8debf91bb97ad37ce33 Mon Sep 17 00:00:00 2001 From: Pierre Habouzit Date: Sat, 12 May 2007 11:26:13 +0200 Subject: [PATCH] drop GSS as well, users will have to use correctly configured sasl. Signed-off-by: Pierre Habouzit --- configure.ac | 13 --- doconfig.sh | 2 +- imap/Makefile.am | 2 +- imap/auth.c | 4 - imap/auth.h | 4 - imap/auth_gss.c | 224 ----------------------------------------------- main.c | 5 -- 7 files changed, 2 insertions(+), 252 deletions(-) delete mode 100644 imap/auth_gss.c diff --git a/configure.ac b/configure.ac index f48c031..8fd5613 100644 --- a/configure.ac +++ b/configure.ac @@ -332,19 +332,6 @@ AC_CHECK_FUNCS(getaddrinfo) dnl -- imap dependencies -- -AC_ARG_WITH(gss, AC_HELP_STRING([--with-gss], [Compile in GSSAPI authentication for IMAP]),[ - if test x$with_gss != xno; then - PKG_CHECK_MODULES(GSSAPI,libgssapi,[ - CPPFLAGS="$CPPFLAGS $GSSAPI_CFLAGS" - MUTTLIBS="$MUTTLIBS $GSSAPI_LIBS" - AC_DEFINE(USE_GSS,1,[ Define if you have GSSAPI libraries available ]) - AC_CHECK_HEADERS(xom.h) - ],[ - AC_MSG_ERROR([could not find libgssapi]) - ]) - fi -]) - AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl[=PFX]], [Compile in SSL support for POP/IMAP]), [ if test "$with_ssl" != "no"; then if test "$with_ssl" != "yes"; then diff --git a/doconfig.sh b/doconfig.sh index 7bf6ef8..8818647 100755 --- a/doconfig.sh +++ b/doconfig.sh @@ -1,5 +1,5 @@ ./autogen.sh ./configure -C --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man \ --with-sharedir=/usr/share/mutt-ng --with-docdir=/usr/share/doc/mutt-ng \ - --with-mailpath=/var/mail --enable-fcntl --with-idn --with-curses --enable-nntp --with-gss --with-gnutls \ + --with-mailpath=/var/mail --enable-fcntl --with-idn --with-curses --enable-nntp --with-gnutls \ --with-libesmtp --enable-gpgme --enable-hcache --enable-doc diff --git a/imap/Makefile.am b/imap/Makefile.am index 446e7c6..0009dc5 100644 --- a/imap/Makefile.am +++ b/imap/Makefile.am @@ -6,6 +6,6 @@ noinst_LIBRARIES = libimap.a noinst_HEADERS = auth.h imap_private.h message.h libimap_a_SOURCES = auth.c auth_login.c browse.c command.c imap.c imap.h \ - message.c utf7.c util.c auth_sasl.c auth_gss.c + message.c utf7.c util.c auth_sasl.c -include $(top_builddir)/tools/cflags.mk diff --git a/imap/auth.c b/imap/auth.c index 8ee355b..8b32807 100644 --- a/imap/auth.c +++ b/imap/auth.c @@ -19,10 +19,6 @@ static imap_auth_t imap_authenticators[] = { {imap_auth_sasl, NULL}, -#ifdef USE_GSS - {imap_auth_gss, "gssapi"}, -#endif - /* SASL includes CRAM-MD5 (and GSSAPI, but that's not enabled by default) */ {imap_auth_login, "login"}, {NULL, NULL} }; diff --git a/imap/auth.h b/imap/auth.h index 8deda56..4dab11d 100644 --- a/imap/auth.h +++ b/imap/auth.h @@ -30,10 +30,6 @@ typedef struct { /* external authenticator prototypes */ imap_auth_res_t imap_auth_login (IMAP_DATA * idata, const char *method); - -#ifdef USE_GSS -imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method); -#endif imap_auth_res_t imap_auth_sasl (IMAP_DATA * idata, const char *method); #endif /* _IMAP_AUTH_H */ diff --git a/imap/auth_gss.c b/imap/auth_gss.c deleted file mode 100644 index 6e82a26..0000000 --- a/imap/auth_gss.c +++ /dev/null @@ -1,224 +0,0 @@ -/* - * Copyright notice from original mutt: - * Copyright (C) 1999-2000 Brendan Cully - * - * This file is part of mutt-ng, see http://www.muttng.org/. - * It's licensed under the GNU General Public License, - * please see the file GPL in the top level source directory. - */ - -/* GSS login/authentication code */ - -#include - -#ifdef USE_GSS - -#include - -#ifdef HAVE_HEIMDAL -# include -# define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE -#else -# include -# include -#endif - -#define GSS_BUFSIZE 8192 - -#define GSS_AUTH_P_NONE 1 -#define GSS_AUTH_P_INTEGRITY 2 -#define GSS_AUTH_P_PRIVACY 4 - -#include "mutt.h" -#include "imap_private.h" -#include "auth.h" - -/* imap_auth_gss: AUTH=GSSAPI support. */ -imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method __attribute__ ((unused))) -{ - gss_buffer_desc request_buf, send_token; - gss_buffer_t sec_token; - gss_name_t target_name; - gss_ctx_id_t context; - gss_qop_t quality; - int cflags; - OM_uint32 maj_stat, min_stat; - char buf1[GSS_BUFSIZE], buf2[GSS_BUFSIZE], server_conf_flags; - unsigned long buf_size; - int rc; - - if (!mutt_bit_isset (idata->capabilities, AGSSAPI)) - return IMAP_AUTH_UNAVAIL; - - if (mutt_account_getuser (&idata->conn->account)) - return IMAP_AUTH_FAILURE; - - /* get an IMAP service ticket for the server */ - snprintf (buf1, sizeof (buf1), "imap@%s", idata->conn->account.host); - request_buf.value = buf1; - request_buf.length = m_strlen(buf1) + 1; - maj_stat = gss_import_name (&min_stat, &request_buf, gss_nt_service_name, - &target_name); - if (maj_stat != GSS_S_COMPLETE) { - return IMAP_AUTH_UNAVAIL; - } - - /* Acquire initial credentials - without a TGT GSSAPI is UNAVAIL */ - sec_token = GSS_C_NO_BUFFER; - context = GSS_C_NO_CONTEXT; - - /* build token */ - maj_stat = gss_init_sec_context (&min_stat, GSS_C_NO_CREDENTIAL, &context, - target_name, GSS_C_NO_OID, - GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG, 0, - GSS_C_NO_CHANNEL_BINDINGS, sec_token, NULL, - &send_token, (unsigned int *) &cflags, - NULL); - if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) { - gss_release_name (&min_stat, &target_name); - - return IMAP_AUTH_UNAVAIL; - } - - /* now begin login */ - mutt_message _("Authenticating (GSSAPI)..."); - - imap_cmd_start (idata, "AUTHENTICATE GSSAPI"); - - /* expect a null continuation response ("+") */ - do - rc = imap_cmd_step (idata); - while (rc == IMAP_CMD_CONTINUE); - - if (rc != IMAP_CMD_RESPOND) { - gss_release_name (&min_stat, &target_name); - goto bail; - } - - /* now start the security context initialisation loop... */ - mutt_to_base64 ((unsigned char *) buf1, send_token.value, send_token.length, - sizeof (buf1) - 2); - gss_release_buffer (&min_stat, &send_token); - m_strcat(buf1, sizeof(buf1), "\r\n"); - mutt_socket_write (idata->conn, buf1); - - while (maj_stat == GSS_S_CONTINUE_NEEDED) { - /* Read server data */ - do - rc = imap_cmd_step (idata); - while (rc == IMAP_CMD_CONTINUE); - - if (rc != IMAP_CMD_RESPOND) { - gss_release_name (&min_stat, &target_name); - goto bail; - } - - request_buf.length = mutt_from_base64 (buf2, idata->cmd.buf + 2); - request_buf.value = buf2; - sec_token = &request_buf; - - /* Write client data */ - maj_stat = gss_init_sec_context (&min_stat, GSS_C_NO_CREDENTIAL, &context, - target_name, GSS_C_NO_OID, - GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG, - 0, GSS_C_NO_CHANNEL_BINDINGS, sec_token, - NULL, &send_token, - (unsigned int *) &cflags, NULL); - if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) { - gss_release_name (&min_stat, &target_name); - - goto err_abort_cmd; - } - mutt_to_base64 ((unsigned char *) buf1, send_token.value, - send_token.length, sizeof (buf1) - 2); - gss_release_buffer (&min_stat, &send_token); - m_strcat(buf1, sizeof(buf1), "\r\n"); - mutt_socket_write (idata->conn, buf1); - } - - gss_release_name (&min_stat, &target_name); - - /* get security flags and buffer size */ - do - rc = imap_cmd_step (idata); - while (rc == IMAP_CMD_CONTINUE); - - if (rc != IMAP_CMD_RESPOND) { - goto bail; - } - request_buf.length = mutt_from_base64 (buf2, idata->cmd.buf + 2); - request_buf.value = buf2; - - maj_stat = gss_unwrap (&min_stat, context, &request_buf, &send_token, - &cflags, &quality); - if (maj_stat != GSS_S_COMPLETE) { - gss_release_buffer (&min_stat, &send_token); - goto err_abort_cmd; - } - - /* first octet is security levels supported. We want NONE */ - server_conf_flags = ((char *) send_token.value)[0]; - if (!(((char *) send_token.value)[0] & GSS_AUTH_P_NONE)) { - gss_release_buffer (&min_stat, &send_token); - goto err_abort_cmd; - } - - /* we don't care about buffer size if we don't wrap content. But here it is */ - ((char *) send_token.value)[0] = 0; - buf_size = ntohl (*((long *) send_token.value)); - gss_release_buffer (&min_stat, &send_token); - - /* agree to terms (hack!) */ - buf_size = htonl (buf_size); /* not relevant without integrity/privacy */ - memcpy (buf1, &buf_size, 4); - buf1[0] = GSS_AUTH_P_NONE; - /* server decides if principal can log in as user */ - m_strcpy(buf1 + 4, sizeof(buf1) - 4, idata->conn->account.user); - request_buf.value = buf1; - request_buf.length = 4 + m_strlen(idata->conn->account.user) + 1; - maj_stat = gss_wrap (&min_stat, context, 0, GSS_C_QOP_DEFAULT, &request_buf, - &cflags, &send_token); - if (maj_stat != GSS_S_COMPLETE) { - goto err_abort_cmd; - } - - mutt_to_base64 ((unsigned char *) buf1, send_token.value, send_token.length, - sizeof (buf1) - 2); - m_strcat(buf1, sizeof(buf1), "\r\n"); - mutt_socket_write (idata->conn, buf1); - - /* Joy of victory or agony of defeat? */ - do - rc = imap_cmd_step (idata); - while (rc == IMAP_CMD_CONTINUE); - if (rc == IMAP_CMD_RESPOND) { - goto err_abort_cmd; - } - if (imap_code (idata->cmd.buf)) { - /* flush the security context */ - maj_stat = gss_delete_sec_context (&min_stat, &context, &send_token); - - /* send_token may contain a notification to the server to flush - * credentials. RFC 1731 doesn't specify what to do, and since this - * support is only for authentication, we'll assume the server knows - * enough to flush its own credentials */ - gss_release_buffer (&min_stat, &send_token); - - return IMAP_AUTH_SUCCESS; - } - else - goto bail; - -err_abort_cmd: - mutt_socket_write (idata->conn, "*\r\n"); - do - rc = imap_cmd_step (idata); - while (rc == IMAP_CMD_CONTINUE); - -bail: - mutt_error _("GSSAPI authentication failed."); - mutt_sleep (2); - return IMAP_AUTH_FAILURE; -} - -#endif /* USE_GSS */ diff --git a/main.c b/main.c index 8da5c92..f13f5a5 100644 --- a/main.c +++ b/main.c @@ -233,11 +233,6 @@ static void show_version (void) #else "-USE_NNTP " #endif -#ifdef USE_GSS - "+USE_GSS " -#else - "-USE_GSS " -#endif #ifdef USE_SSL "+USE_SSL " #else -- 2.20.1