From 85fd0dfe747c58f2da62074ddd90a598397a4848 Mon Sep 17 00:00:00 2001 From: Pierre Habouzit Date: Sat, 12 May 2007 11:17:08 +0200 Subject: [PATCH] Impose the use of SASL2, so that we can drop a lot of useless old dead code. Signed-off-by: Pierre Habouzit --- configure.ac | 21 +----- doconfig.sh | 3 +- imap/Makefile.am | 10 +-- imap/auth.c | 8 --- imap/auth.h | 6 -- imap/auth_anon.c | 61 ------------------ imap/auth_cram.c | 164 ----------------------------------------------- main.c | 5 -- mutt_sasl.c | 4 -- mutt_sasl.h | 2 - pop/pop_auth.c | 18 +----- 11 files changed, 7 insertions(+), 295 deletions(-) delete mode 100644 imap/auth_anon.c delete mode 100644 imap/auth_cram.c diff --git a/configure.ac b/configure.ac index 3473f36..f48c031 100644 --- a/configure.ac +++ b/configure.ac @@ -382,25 +382,8 @@ fi AM_CONDITIONAL(USE_SSL, test x$need_ssl = xyes) AC_SUBST(MUTT_SSL_OBJECTS) -AC_ARG_WITH(sasl2, AC_HELP_STRING([--with-sasl2[=PFX]], - [Use Cyrus SASL library version 2 for POP/IMAP authentication]),[ - if test "$with_sasl2" != "no"; then - if test "$with_sasl2" != "yes"; then - CPPFLAGS="$CPPFLAGS -I$with_sasl2/include" - LDFLAGS="$LDFLAGS -L$with_sasl2/lib" - fi - - saved_LIBS="$LIBS" - - AC_CHECK_LIB(sasl2, sasl_client_init,,AC_MSG_ERROR([could not find libsasl2])) - MUTTLIBS="$MUTTLIBS -lsasl2" - LIBS="$saved_LIBS" - AC_DEFINE(USE_SASL,1, - [Define if want to use version 2 of the Cyrus SASL library.]) - need_sasl=yes - fi -]) -AM_CONDITIONAL(USE_SASL, test x$need_sasl = xyes) +AC_CHECK_LIB(sasl2, sasl_client_init,,AC_MSG_ERROR([could not find libsasl2])) +MUTTLIBS="$MUTTLIBS -lsasl2" AC_ARG_WITH(idn, AC_HELP_STRING([--with-idn], [Use GNU libidn for domain names]),[ if test x$with_idn != xno ; then diff --git a/doconfig.sh b/doconfig.sh index c5cd8e3..7bf6ef8 100755 --- a/doconfig.sh +++ b/doconfig.sh @@ -1,6 +1,5 @@ ./autogen.sh ./configure -C --prefix=/usr --sysconfdir=/etc --mandir=/usr/share/man \ --with-sharedir=/usr/share/mutt-ng --with-docdir=/usr/share/doc/mutt-ng \ - --with-mailpath=/var/mail --enable-fcntl --with-sasl2 \ - --with-idn --with-curses --enable-nntp --with-gss --with-gnutls \ + --with-mailpath=/var/mail --enable-fcntl --with-idn --with-curses --enable-nntp --with-gss --with-gnutls \ --with-libesmtp --enable-gpgme --enable-hcache --enable-doc diff --git a/imap/Makefile.am b/imap/Makefile.am index fb51379..446e7c6 100644 --- a/imap/Makefile.am +++ b/imap/Makefile.am @@ -1,10 +1,4 @@ -if USE_SASL -AUTHENTICATORS = auth_sasl.c -else -AUTHENTICATORS = auth_anon.c auth_cram.c -endif - -EXTRA_DIST = BUGS README TODO auth_anon.c auth_cram.c auth_gss.c auth_sasl.c +EXTRA_DIST = BUGS README TODO INCLUDES = -I$(top_srcdir) -I$(top_srcdir)/intl @@ -12,6 +6,6 @@ noinst_LIBRARIES = libimap.a noinst_HEADERS = auth.h imap_private.h message.h libimap_a_SOURCES = auth.c auth_login.c browse.c command.c imap.c imap.h \ - message.c utf7.c util.c $(AUTHENTICATORS) auth_gss.c + message.c utf7.c util.c auth_sasl.c auth_gss.c -include $(top_builddir)/tools/cflags.mk diff --git a/imap/auth.c b/imap/auth.c index 143fde0..8ee355b 100644 --- a/imap/auth.c +++ b/imap/auth.c @@ -18,20 +18,12 @@ #include "auth.h" static imap_auth_t imap_authenticators[] = { -#ifdef USE_SASL {imap_auth_sasl, NULL}, -#else - {imap_auth_anon, "anonymous"}, -#endif #ifdef USE_GSS {imap_auth_gss, "gssapi"}, #endif /* SASL includes CRAM-MD5 (and GSSAPI, but that's not enabled by default) */ -#ifndef USE_SASL - {imap_auth_cram_md5, "cram-md5"}, -#endif {imap_auth_login, "login"}, - {NULL, NULL} }; diff --git a/imap/auth.h b/imap/auth.h index df1fb75..8deda56 100644 --- a/imap/auth.h +++ b/imap/auth.h @@ -29,17 +29,11 @@ typedef struct { } imap_auth_t; /* external authenticator prototypes */ -#ifndef USE_SASL -imap_auth_res_t imap_auth_anon (IMAP_DATA * idata, const char *method); -imap_auth_res_t imap_auth_cram_md5 (IMAP_DATA * idata, const char *method); -#endif imap_auth_res_t imap_auth_login (IMAP_DATA * idata, const char *method); #ifdef USE_GSS imap_auth_res_t imap_auth_gss (IMAP_DATA * idata, const char *method); #endif -#ifdef USE_SASL imap_auth_res_t imap_auth_sasl (IMAP_DATA * idata, const char *method); -#endif #endif /* _IMAP_AUTH_H */ diff --git a/imap/auth_anon.c b/imap/auth_anon.c deleted file mode 100644 index 47ccf40..0000000 --- a/imap/auth_anon.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright notice from original mutt: - * Copyright (C) 1999-2000 Brendan Cully - * - * This file is part of mutt-ng, see http://www.muttng.org/. - * It's licensed under the GNU General Public License, - * please see the file GPL in the top level source directory. - */ - -/* IMAP login/authentication code */ - -#include - -#include "mutt.h" -#include "imap_private.h" -#include "auth.h" - -/* this is basically a stripped-down version of the cram-md5 method. */ -imap_auth_res_t imap_auth_anon (IMAP_DATA * idata, const char *method __attribute__ ((unused))) -{ - int rc; - - if (!mutt_bit_isset (idata->capabilities, AUTH_ANON)) - return IMAP_AUTH_UNAVAIL; - - if (mutt_account_getuser (&idata->conn->account)) - return IMAP_AUTH_FAILURE; - - if (idata->conn->account.user[0] != '\0') - return IMAP_AUTH_UNAVAIL; - - mutt_message _("Authenticating (anonymous)..."); - - imap_cmd_start (idata, "AUTHENTICATE ANONYMOUS"); - - do - rc = imap_cmd_step (idata); - while (rc == IMAP_CMD_CONTINUE); - - if (rc != IMAP_CMD_RESPOND) { - goto bail; - } - - mutt_socket_write (idata->conn, "ZHVtbXkK\r\n"); /* base64 ("dummy") */ - - do - rc = imap_cmd_step (idata); - while (rc == IMAP_CMD_CONTINUE); - - if (rc != IMAP_CMD_OK) { - goto bail; - } - - if (imap_code (idata->cmd.buf)) - return IMAP_AUTH_SUCCESS; - -bail: - mutt_error _("Anonymous authentication failed."); - mutt_sleep (2); - return IMAP_AUTH_FAILURE; -} diff --git a/imap/auth_cram.c b/imap/auth_cram.c deleted file mode 100644 index 7e00d6c..0000000 --- a/imap/auth_cram.c +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright notice from original mutt: - * Copyright (C) 1999-2000 Brendan Cully - * - * This file is part of mutt-ng, see http://www.muttng.org/. - * It's licensed under the GNU General Public License, - * please see the file GPL in the top level source directory. - */ - -/* IMAP login/authentication code */ - -#include - -#include "mutt.h" -#include "imap_private.h" -#include "auth.h" - -#define MD5_BLOCK_LEN 64 -#define MD5_DIGEST_LEN 16 - -#include - -/* forward declarations */ -static void hmac_md5 (const char *password, char *challenge, - unsigned char *response); - -/* imap_auth_cram_md5: AUTH=CRAM-MD5 support. */ -imap_auth_res_t imap_auth_cram_md5 (IMAP_DATA * idata, const char *method __attribute__ ((unused))) -{ - char ibuf[LONG_STRING * 2], obuf[LONG_STRING]; - unsigned char hmac_response[MD5_DIGEST_LEN]; - int len; - int rc; - - if (!mutt_bit_isset (idata->capabilities, ACRAM_MD5)) - return IMAP_AUTH_UNAVAIL; - - mutt_message _("Authenticating (CRAM-MD5)..."); - - /* get auth info */ - if (mutt_account_getlogin (&idata->conn->account)) - return IMAP_AUTH_FAILURE; - if (mutt_account_getpass (&idata->conn->account)) - return IMAP_AUTH_FAILURE; - - imap_cmd_start (idata, "AUTHENTICATE CRAM-MD5"); - - /* From RFC 2195: - * The data encoded in the first ready response contains a presumptively - * arbitrary string of random digits, a timestamp, and the fully-qualified - * primary host name of the server. The syntax of the unencoded form must - * correspond to that of an RFC 822 'msg-id' [RFC822] as described in [POP3]. - */ - do - rc = imap_cmd_step (idata); - while (rc == IMAP_CMD_CONTINUE); - - if (rc != IMAP_CMD_RESPOND) { - goto bail; - } - - if ((len = mutt_from_base64 (obuf, idata->cmd.buf + 2)) == -1) { - goto bail; - } - - obuf[len] = '\0'; - - /* The client makes note of the data and then responds with a string - * consisting of the user name, a space, and a 'digest'. The latter is - * computed by applying the keyed MD5 algorithm from [KEYED-MD5] where the - * key is a shared secret and the digested text is the timestamp (including - * angle-brackets). - * - * Note: The user name shouldn't be quoted. Since the digest can't contain - * spaces, there is no ambiguity. Some servers get this wrong, we'll work - * around them when the bug report comes in. Until then, we'll remain - * blissfully RFC-compliant. - */ - hmac_md5 (idata->conn->account.pass, obuf, hmac_response); - /* dubious optimisation I saw elsewhere: make the whole string in one call */ - snprintf (obuf, sizeof (obuf), - "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", - idata->conn->account.user, - hmac_response[0], hmac_response[1], hmac_response[2], - hmac_response[3], hmac_response[4], hmac_response[5], - hmac_response[6], hmac_response[7], hmac_response[8], - hmac_response[9], hmac_response[10], hmac_response[11], - hmac_response[12], hmac_response[13], hmac_response[14], - hmac_response[15]); - - /* XXX - ibuf must be long enough to store the base64 encoding of obuf, - * plus the additional debris - */ - - mutt_to_base64 ((unsigned char *) ibuf, (unsigned char *) obuf, - m_strlen(obuf), sizeof (ibuf) - 2); - m_strcat(ibuf, sizeof(ibuf), "\r\n"); - mutt_socket_write (idata->conn, ibuf); - - do - rc = imap_cmd_step (idata); - while (rc == IMAP_CMD_CONTINUE); - - if (rc != IMAP_CMD_OK) { - goto bail; - } - - if (imap_code (idata->cmd.buf)) - return IMAP_AUTH_SUCCESS; - -bail: - mutt_error _("CRAM-MD5 authentication failed."); - mutt_sleep (2); - return IMAP_AUTH_FAILURE; -} - -/* hmac_md5: produce CRAM-MD5 challenge response. */ -static void hmac_md5 (const char *password, char *challenge, - unsigned char *response) -{ - MD5_CTX ctx; - unsigned char ipad[MD5_BLOCK_LEN], opad[MD5_BLOCK_LEN]; - unsigned char secret[MD5_BLOCK_LEN + 1]; - unsigned char hash_passwd[MD5_DIGEST_LEN]; - unsigned int secret_len, chal_len; - int i; - - secret_len = m_strlen(password); - chal_len = m_strlen(challenge); - - /* passwords longer than MD5_BLOCK_LEN bytes are substituted with their MD5 - * digests */ - if (secret_len > MD5_BLOCK_LEN) { - MD5Init (&ctx); - MD5Update (&ctx, (unsigned char *) password, secret_len); - MD5Final (hash_passwd, &ctx); - m_strcpy((char *)secret, MD5_DIGEST_LEN, (char *)hash_passwd); - secret_len = MD5_DIGEST_LEN; - } - else - m_strcpy((char *)secret, sizeof(secret), password); - - p_clear(ipad, 1); - p_clear(opad, 1); - memcpy (ipad, secret, secret_len); - memcpy (opad, secret, secret_len); - - for (i = 0; i < MD5_BLOCK_LEN; i++) { - ipad[i] ^= 0x36; - opad[i] ^= 0x5c; - } - - /* inner hash: challenge and ipadded secret */ - MD5Init (&ctx); - MD5Update (&ctx, ipad, MD5_BLOCK_LEN); - MD5Update (&ctx, (unsigned char *) challenge, chal_len); - MD5Final (response, &ctx); - - /* outer hash: inner hash and opadded secret */ - MD5Init (&ctx); - MD5Update (&ctx, opad, MD5_BLOCK_LEN); - MD5Update (&ctx, response, MD5_DIGEST_LEN); - MD5Final (response, &ctx); -} diff --git a/main.c b/main.c index eecea74..8da5c92 100644 --- a/main.c +++ b/main.c @@ -248,11 +248,6 @@ static void show_version (void) #else "-USE_GNUTLS " #endif -#ifdef USE_SASL - "+USE_SASL " -#else - "-USE_SASL " -#endif #ifdef USE_LIBESMTP "+USE_LIBESMTP " #else diff --git a/mutt_sasl.c b/mutt_sasl.c index 219c36d..dd97bfa 100644 --- a/mutt_sasl.c +++ b/mutt_sasl.c @@ -11,8 +11,6 @@ #include -#ifdef USE_SASL - #include #include #include @@ -457,5 +455,3 @@ fail: conn->sockdata = sasldata; return -1; } - -#endif /* USE_SASL */ diff --git a/mutt_sasl.h b/mutt_sasl.h index e3c3961..8e1cd18 100644 --- a/mutt_sasl.h +++ b/mutt_sasl.h @@ -13,7 +13,6 @@ #define _MUTT_SASL_H_ 1 #include -#ifdef USE_SASL #include #include @@ -41,5 +40,4 @@ typedef struct { int (*msasl_write) (CONNECTION * conn, const char *buf, ssize_t count); } SASL_DATA; -#endif /* USE_SASL */ #endif /* _MUTT_SASL_H_ */ diff --git a/pop/pop_auth.c b/pop/pop_auth.c index 04c1e39..d86ea30 100644 --- a/pop/pop_auth.c +++ b/pop/pop_auth.c @@ -15,13 +15,10 @@ #include "mutt.h" #include "pop.h" -#ifdef USE_SASL #include #include #include "mutt_sasl.h" -#endif -#ifdef USE_SASL /* SASL authenticator */ static pop_auth_res_t pop_auth_sasl (POP_DATA * pop_data, const char *method) { @@ -32,9 +29,7 @@ static pop_auth_res_t pop_auth_sasl (POP_DATA * pop_data, const char *method) char inbuf[LONG_STRING]; const char *mech; -#ifdef USE_SASL const char *pc = NULL; -#endif unsigned int len, olen; unsigned char client_start; @@ -46,10 +41,8 @@ static pop_auth_res_t pop_auth_sasl (POP_DATA * pop_data, const char *method) method = pop_data->auth_list; for (;;) { -#ifdef USE_SASL - rc = - sasl_client_start (saslconn, method, &interaction, &pc, &olen, &mech); -#endif + rc = sasl_client_start (saslconn, method, &interaction, &pc, &olen, + &mech); if (rc != SASL_INTERACT) break; mutt_sasl_interact (interaction); @@ -80,11 +73,9 @@ static pop_auth_res_t pop_auth_sasl (POP_DATA * pop_data, const char *method) if (rc != SASL_CONTINUE) break; -#ifdef USE_SASL if (!m_strncmp(inbuf, "+ ", 2) && sasl_decode64 (inbuf, strlen (inbuf), buf, LONG_STRING - 1, &len) != SASL_OK) -#endif { goto bail; } @@ -110,9 +101,7 @@ static pop_auth_res_t pop_auth_sasl (POP_DATA * pop_data, const char *method) /* sasl_client_st(art|ep) allocate pc with malloc, expect me to * free it */ -#ifndef USE_SASL p_delete(&pc); -#endif } } @@ -140,7 +129,6 @@ bail: return POP_A_FAILURE; } -#endif /* Get the server timestamp for APOP authentication */ void pop_apop_timestamp (POP_DATA * pop_data, char *buf) @@ -253,9 +241,7 @@ static pop_auth_res_t pop_auth_user (POP_DATA * pop_data, } static pop_auth_t pop_authenticators[] = { -#ifdef USE_SASL {pop_auth_sasl, NULL}, -#endif {pop_auth_apop, "apop"}, {pop_auth_user, "user"}, {NULL, NULL} -- 2.20.1