search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Strip off version numbers from dir name
[dockapps.git] / wmbiff / wmbiff / Imap4Client.c
blobbe5d972ccb389677a9a6cf2ab12616e23e3d597a
1 /* rewrite of the IMAP code by Neil Spring
2 * (nspring@cs.washington.edu) to support gnutls and
3 * persistent connections to servers. */
4
5 /* Originally written by Yong-iL Joh (tolkien@mizi.com),
6 * modified by Jorge Garcia (Jorge.Garcia@uv.es), and
7 * modified by Jay Francis (jtf@u880.org) to support
8 * CRAM-MD5 */
9
10 #ifdef HAVE_CONFIG_H
11 #include <config.h>
12 #endif
13
14 #include "Client.h"
15 #include "charutil.h"
16 #include "tlsComm.h"
17 #include "passwordMgr.h"
18 #include "regulo.h"
19 #include "MessageList.h"
20
21 #include <sys/types.h>
22 #include <stdio.h>
23 #include <assert.h>
24 #include <unistd.h>
25 #include <errno.h>
26 #include <time.h>
27 #include <ctype.h>
28 #include <strings.h>
29
30 #ifdef USE_DMALLOC
31 #include <dmalloc.h>
32 #endif
33
34 #define PCU (pc->u).pop_imap
35
36 extern int Relax;
37
38 #define IMAP_DM(pc, lvl, args...) DM(pc, lvl, "imap4: " args)
39
40 #ifdef HAVE_MEMFROB
41 #define DEFROB(x) memfrob(x, x ## _len)
42 #define ENFROB(x) memfrob(x, x ## _len)
43 #else
44 #define DEFROB(x)
45 #define ENFROB(x)
46 #endif
47
48 /* this array maps server:port pairs to file descriptors, so
49 that when more than one mailbox is queried from a server,
50 we only use one socket. It's limited in size by the
51 number of different mailboxes displayed. */
52 #define FDMAP_SIZE 5
53 static struct fdmap_struct {
54 char *user_server_port; /* tuple, in string form */
55 /*@owned@ */ struct connection_state *cs;
56 } fdmap[FDMAP_SIZE];
57
58 static void ask_user_for_password( /*@notnull@ */ Pop3 pc,
59 int bFlushCache);
60
61 /* authentication callbacks */
62 #ifdef HAVE_GCRYPT_H
63 static int authenticate_md5( /*@notnull@ */ Pop3 pc,
64 struct connection_state *scs,
65 const char *capabilities);
66 #endif
67 static int authenticate_plaintext( /*@notnull@ */ Pop3 pc,
68 struct connection_state *scs,
69 const char *capabilities);
70
71 /* the auth_methods array maps authentication identifiers
72 to the callback that will attempt to authenticate */
73 static struct imap_authentication_method {
74 const char *name;
75 /* callback returns 1 if successful, 0 if failed */
76 int (*auth_callback) ( /*@notnull@ */ Pop3 pc,
77 struct connection_state * scs,
78 const char *capabilities);
79 } auth_methods[] = {
80 {
81 #ifdef HAVE_GCRYPT_H
82 "cram-md5", authenticate_md5}, {
83 #endif
84 "plaintext", authenticate_plaintext}, {
85 NULL, NULL}
86 };
87
88
89 /* recover a socket from the connection cache */
90 /*@null@*/
91 /*@dependent@*/
92 static struct connection_state *state_for_pcu(Pop3 pc)
93 {
94 char *connection_id;
95 struct connection_state *retval = NULL;
96 int i;
97 connection_id =
98 malloc(strlen(PCU.userName) + strlen(PCU.serverName) + 22);
99 sprintf(connection_id, "%s|%s|%d", PCU.userName, PCU.serverName,
100 PCU.serverPort);
101 for (i = 0; i < FDMAP_SIZE; i++)
102 if (fdmap[i].user_server_port != NULL &&
103 (strcmp(connection_id, fdmap[i].user_server_port) == 0)) {
104 retval = fdmap[i].cs;
105 }
106 free(connection_id);
107 return (retval);
108 }
109
110 /* bind to the connection cache */
111 static void bind_state_to_pcu(Pop3 pc,
112 /*@owned@ */ struct connection_state *scs)
113 {
114 char *connection_id;
115 int i;
116 if (scs == NULL) {
117 abort();
118 }
119 connection_id =
120 malloc(strlen(PCU.userName) + strlen(PCU.serverName) + 22);
121 sprintf(connection_id, "%s|%s|%d", PCU.userName, PCU.serverName,
122 PCU.serverPort);
123 for (i = 0; i < FDMAP_SIZE && fdmap[i].cs != NULL; i++);
124 if (i == FDMAP_SIZE) {
125 /* should never happen */
126 IMAP_DM(pc, DEBUG_ERROR,
127 "Tried to open too many IMAP connections. Sorry!\n");
128 exit(EXIT_FAILURE);
129 }
130 fdmap[i].user_server_port = connection_id;
131 fdmap[i].cs = scs;
132 }
133
134 /* remove from the connection cache */
135 static
136 /*@owned@*/
137 /*@null@*/
138 struct connection_state *unbind(
139 /*@returned@*/ struct connection_state
140 *scs)
141 {
142 int i;
143 struct connection_state *retval = NULL;
144 assert(scs != NULL);
145
146 for (i = 0; i < FDMAP_SIZE && fdmap[i].cs != scs; i++);
147 if (i < FDMAP_SIZE) {
148 free(fdmap[i].user_server_port);
149 fdmap[i].user_server_port = NULL;
150 retval = fdmap[i].cs;
151 fdmap[i].cs = NULL;
152 }
153 return (retval);
154 }
155
156 /* creates a connection to the server, if a matching one doesn't exist. */
157 /* *always* returns null, just declared this wasy to match other protocols. */
158 /*@null@*/
159 FILE *imap_open(Pop3 pc)
160 {
161 static int complained_already; /* we have to succeed once before
162 complaining again about failure */
163 struct connection_state *scs;
164 struct imap_authentication_method *a;
165 char *connection_name;
166 int sd;
167 char capabilities[BUF_SIZE];
168 char buf[BUF_SIZE];
169
170
171 if (state_for_pcu(pc) != NULL) {
172 /* don't need to open. */
173 return NULL;
174 }
175
176 /* got this far; we're going to create a connection_state
177 structure, although it might be a blacklist entry */
178 connection_name = malloc(strlen(PCU.serverName) + 20);
179 sprintf(connection_name, "%s:%d", PCU.serverName, PCU.serverPort);
180
181 assert(pc != NULL);
182
183 /* no cached connection */
184 sd = sock_connect((const char *) PCU.serverName, PCU.serverPort);
185 if (sd == -1) {
186 if (complained_already == 0) {
187 IMAP_DM(pc, DEBUG_ERROR, "Couldn't connect to %s:%d: %s\n",
188 PCU.serverName, PCU.serverPort,
189 errno ? strerror(errno) : "");
190 complained_already = 1;
191 }
192 if (errno == ETIMEDOUT) {
193 /* temporarily bump the interval, in a crude way:
194 fast forward time so that the mailbox isn't
195 checked for a while. */
196 pc->prevtime = time(0) + 60 * 5; /* now + 60 seconds per min * 5 minutes */
197 /* TCP's retry (how much time has elapsed while
198 the connect times out) is around 3 minutes;
199 here we just try to allow checking local
200 mailboxes more often while remote things are
201 unavailable or disconnected. */
202 }
203 return NULL;
204 }
205
206 /* build the connection using STARTTLS */
207 if (PCU.dossl != 0 && (PCU.serverPort == 143)) {
208 /* setup an unencrypted binding long enough to invoke STARTTLS */
209 scs = initialize_unencrypted(sd, connection_name, pc);
210
211 /* can we? */
212 tlscomm_printf(scs, "a000 CAPABILITY\r\n");
213 if (tlscomm_expect(scs, "* CAPABILITY", capabilities, BUF_SIZE) ==
214 0)
215 goto communication_failure;
216
217 if (!strstr(capabilities, "STARTTLS")) {
218 IMAP_DM(pc, DEBUG_ERROR,
219 "server doesn't support ssl imap on port 143.");
220 goto communication_failure;
221 }
222
223 /* we sure can! */
224 IMAP_DM(pc, DEBUG_INFO, "Negotiating TLS within IMAP");
225 tlscomm_printf(scs, "a001 STARTTLS\r\n");
226
227 if (tlscomm_expect(scs, "a001 ", buf, BUF_SIZE) == 0)
228 goto communication_failure;
229
230 if (strstr(buf, "a001 OK") == 0) {
231 /* we didn't see the success message in the response */
232 IMAP_DM(pc, DEBUG_ERROR, "couldn't negotiate tls. :(\n");
233 goto communication_failure;
234 }
235
236 /* we don't need the unencrypted state anymore */
237 /* note that communication_failure will close the
238 socket and free via tls_close() */
239 free(scs); /* fall through will scs = initialize_gnutls(sd); */
240 }
241
242 /* either we've negotiated ssl from starttls, or
243 we're starting an encrypted connection now */
244 if (PCU.dossl != 0) {
245 scs = initialize_gnutls(sd, connection_name, pc, PCU.serverName);
246 if (scs == NULL) {
247 IMAP_DM(pc, DEBUG_ERROR, "Failed to initialize TLS\n");
248 return NULL;
249 }
250 } else {
251 scs = initialize_unencrypted(sd, connection_name, pc);
252 }
253
254 /* authenticate; first find out how */
255 /* note that capabilities may have changed since last
256 time we may have asked, if we called STARTTLS, my
257 server will allow plain password login within an
258 encrypted session. */
259 tlscomm_printf(scs, "a000 CAPABILITY\r\n");
260 if (tlscomm_expect(scs, "* CAPABILITY", capabilities, BUF_SIZE) == 0) {
261 IMAP_DM(pc, DEBUG_ERROR, "unable to query capability string");
262 goto communication_failure;
263 }
264
265 /* try each authentication method in turn. */
266 for (a = auth_methods; a->name != NULL; a++) {
267 /* was it specified or did the user leave it up to us? */
268 if (PCU.authList[0] == '\0'
269 || strstr(PCU.authList, a->name) != NULL)
270 /* try the authentication method */
271 if ((a->auth_callback(pc, scs, capabilities)) != 0) {
272 /* store this well setup connection in the cache */
273 bind_state_to_pcu(pc, scs);
274 complained_already = 0;
275 return NULL;
276 }
277 }
278
279 /* if authentication worked, we won't get here */
280 IMAP_DM(pc, DEBUG_ERROR,
281 "All authentication methods failed for '%s@%s:%d'\n",
282 PCU.userName, PCU.serverName, PCU.serverPort);
283 communication_failure:
284 tlscomm_printf(scs, "a002 LOGOUT\r\n");
285 tlscomm_close(scs);
286 return NULL;
287
288 }
289
290 void imap_cacheHeaders( /*@notnull@ */ Pop3 pc);
291
292 int imap_checkmail( /*@notnull@ */ Pop3 pc)
293 {
294 /* recover connection state from the cache */
295 struct connection_state *scs = state_for_pcu(pc);
296 char buf[BUF_SIZE];
297 static int command_id;
298
299 /* if it's not in the cache, try to open */
300 if (scs == NULL) {
301 IMAP_DM(pc, DEBUG_INFO, "Need new connection to %s@%s\n",
302 PCU.userName, PCU.serverName);
303 (void) imap_open(pc);
304 scs = state_for_pcu(pc);
305 }
306 if (scs == NULL) {
307 return -1;
308 }
309
310 if (tlscomm_is_blacklisted(scs) != 0) {
311 /* unresponsive server, don't bother. */
312 return -1;
313 }
314
315 /* if we've got it by now, try the status query */
316 command_id++;
317 tlscomm_printf(scs, "a%03d STATUS %s (MESSAGES UNSEEN)\r\n",
318 command_id % 1000, pc->path);
319 if (tlscomm_expect(scs, "* STATUS", buf, 127) != 0) {
320 /* a valid response? */
321 // doesn't support spaces: (void) sscanf(buf, "* STATUS %*s (MESSAGES %d UNSEEN %d)",
322 const char *msg;
323 msg = strstr(buf, "(MESSAGES");
324 if (msg != NULL)
325 (void) sscanf(msg, "(MESSAGES %d UNSEEN %d)",
326 &(pc->TotalMsgs), &(pc->UnreadMsgs));
327 /* update the cached headers if evidence that change
328 has occurred; not necessarily complete. */
329 if (pc->UnreadMsgs != pc->OldUnreadMsgs ||
330 pc->TotalMsgs != pc->OldMsgs) {
331 if (PCU.wantCacheHeaders) {
332 imap_cacheHeaders(pc);
333 }
334 }
335 } else {
336 /* something went wrong. bail. */
337 tlscomm_close(unbind(scs));
338 return -1;
339 }
340 return 0;
341 }
342
343 void
344 imap_releaseHeaders(Pop3 pc __attribute__ ((unused)), struct msglst *h)
345 {
346 assert(h != NULL);
347 /* allow the list to be released next time around */
348 if (h->in_use <= 0) {
349 /* free the old one */
350 while (h != NULL) {
351 struct msglst *n = h->next;
352 free(h);
353 h = n;
354 }
355 } else {
356 h->in_use--;
357 }
358 }
359
360 void imap_cacheHeaders( /*@notnull@ */ Pop3 pc)
361 {
362 struct connection_state *scs = state_for_pcu(pc);
363 char *msgid;
364 char buf[BUF_SIZE];
365
366 if (scs == NULL) {
367 (void) imap_open(pc);
368 scs = state_for_pcu(pc);
369 }
370 if (scs == NULL) {
371 return;
372 }
373 if (tlscomm_is_blacklisted(scs) != 0) {
374 return;
375 }
376
377 if (pc->headerCache != NULL) {
378 /* decrement the reference count, and free our version */
379 imap_releaseHeaders(pc, pc->headerCache);
380 pc->headerCache = NULL;
381 }
382
383 IMAP_DM(pc, DEBUG_INFO, "working headers\n");
384
385 tlscomm_printf(scs, "a004 EXAMINE %s\r\n", pc->path);
386 if (tlscomm_expect(scs, "a004 OK", buf, 127) == 0) {
387 tlscomm_close(unbind(scs));
388 return;
389 }
390 IMAP_DM(pc, DEBUG_INFO, "examine ok\n");
391
392 /* if we've got it by now, try the status query */
393 tlscomm_printf(scs, "a005 SEARCH UNSEEN\r\n");
394 if (tlscomm_expect(scs, "* SEARCH", buf, 127) == 0) {
395 tlscomm_close(unbind(scs));
396 return;
397 }
398 IMAP_DM(pc, DEBUG_INFO, "search: %s", buf);
399 if (strlen(buf) < 9)
400 return; /* search turned up nothing */
401 msgid = strtok(buf + 9, " \r\n");
402 pc->headerCache = NULL;
403 /* the isdigit cruft is to deal with EOL */
404 if (msgid != NULL && isdigit(msgid[0]))
405 do {
406 struct msglst *m = malloc(sizeof(struct msglst));
407 char hdrbuf[128];
408 int fetch_command_done = FALSE;
409 tlscomm_printf(scs, "a04 FETCH %s (FLAGS "
410 "BODY[HEADER.FIELDS (FROM SUBJECT)])\r\n",
411 msgid);
412 if (tlscomm_expect(scs, "* ", hdrbuf, 127)) {
413 m->subj[0] = '\0';
414 m->from[0] = '\0';
415 while (m->subj[0] == '\0' || m->from[0] == '\0') {
416 if (tlscomm_expect(scs, "", hdrbuf, 127)) {
417 if (strncasecmp(hdrbuf, "Subject:", 8) == 0) {
418 strncpy(m->subj, hdrbuf + 9, SUBJ_LEN - 1);
419 m->subj[SUBJ_LEN - 1] = '\0';
420 } else if (strncasecmp(hdrbuf, "From: ", 5) == 0) {
421 strncpy(m->from, hdrbuf + 6, FROM_LEN - 1);
422 m->from[FROM_LEN - 1] = '\0';
423 } else if (strncasecmp
424 (hdrbuf, "a04 OK FETCH", 5) == 0) {
425 /* server says we're done getting this header, which
426 may occur if the message has no subject */
427 if (m->from[0] == '\0') {
428 strcpy(m->from, " ");
429 }
430 if (m->subj[0] == '\0') {
431 strcpy(m->subj, "(no subject)");
432 }
433 fetch_command_done = TRUE;
434 }
435 } else {
436 IMAP_DM(pc, DEBUG_ERROR,
437 "timedout looking for headers.: %s",
438 hdrbuf);
439 strcpy(m->from, "wmbiff");
440 strcpy(m->subj, "failure");
441 }
442 }
443 IMAP_DM(pc, DEBUG_INFO, "From: '%s' Subj: '%s'\n",
444 m->from, m->subj);
445 m->next = pc->headerCache;
446 pc->headerCache = m;
447 pc->headerCache->in_use = 0; /* initialize that it isn't locked */
448 } else {
449 IMAP_DM(pc, DEBUG_ERROR, "error fetching: %s", hdrbuf);
450 }
451 if (!fetch_command_done) {
452 tlscomm_expect(scs, "a04 OK", hdrbuf, 127);
453 }
454 }
455 while ((msgid = strtok(NULL, " \r\n")) != NULL
456 && isdigit(msgid[0]));
457
458 tlscomm_printf(scs, "a06 CLOSE\r\n"); /* return to polling state */
459 /* may be unneeded tlscomm_expect(scs, "a06 OK CLOSE\r\n" ); see if it worked? */
460 IMAP_DM(pc, DEBUG_INFO, "worked headers\n");
461 }
462
463 /* a client is asking for the headers, hand em a reference, increase the
464 one-bit reference counter */
465 struct msglst *imap_getHeaders( /*@notnull@ */ Pop3 pc)
466 {
467 if (pc->headerCache == NULL)
468 imap_cacheHeaders(pc);
469 if (pc->headerCache != NULL)
470 pc->headerCache->in_use = 1;
471 return pc->headerCache;
472 }
473
474 /* parse the config line to setup the Pop3 structure */
475 int imap4Create( /*@notnull@ */ Pop3 pc, const char *const str)
476 {
477 int i;
478 int matchedchars;
479 /* special characters aren't allowed in hostnames, rfc 1034 */
480 const char *regexes[] = {
481 // type : username : password @ hostname (/ name)?(:port)?
482 ".*imaps?:([^: ]{1,32}):([^@]{0,32})@([A-Za-z1-9][-A-Za-z0-9_.]+)(/(\"[^\"]+\")|([^:@ ]+))?(:[0-9]+)?( *([CcAaPp][-A-Za-z5 ]*))?$",
483 ".*imaps?:([^: ]{1,32}) ([^ ]{1,32}) ([A-Za-z1-9][-A-Za-z0-9_.]+)(/(\"[^\"]+\")|([^: ]+))?( [0-9]+)?( *([CcAaPp][-A-Za-z5 ]*))?$",
484 NULL
485 };
486 char *unaliased_str;
487
488 struct regulo regulos[] = {
489 {1, PCU.userName, regulo_strcpy},
490 {2, PCU.password, regulo_strcpy},
491 {3, PCU.serverName, regulo_strcpy},
492 {4, pc->path, regulo_strcpy_skip1},
493 {7, &PCU.serverPort, regulo_atoi},
494 {9, PCU.authList, regulo_strcpy_tolower},
495 {0, NULL, NULL}
496 };
497
498 if (Relax) {
499 regexes[0] =
500 ".*imaps?:([^: ]{1,32}):([^@]{0,32})@([^/: ]+)(/(\"[^\"]+\")|([^:@ ]+))?(:[0-9]+)?( *(.*))?$";
501 regexes[1] =
502 ".*imaps?:([^: ]{1,32}) ([^ ]{1,32}) ([^/: ]+)(/(\"[^\"]+\")|([^: ]+))?( [0-9]+)?( *(.*))?$";
503 }
504
505
506 /* IMAP4 format: imap:user:password@server/mailbox[:port] */
507 /* If 'str' line is badly formatted, wmbiff won't display the mailbox. */
508 if (strncmp("sslimap:", str, 8) == 0 || strncmp("imaps:", str, 6) == 0) {
509 #ifdef HAVE_GNUTLS_GNUTLS_H
510 static int haveBeenWarned;
511 PCU.dossl = 1;
512 if (!haveBeenWarned) {
513 printf("wmbiff uses gnutls for TLS/SSL encryption support:\n"
514 " If you distribute software that uses gnutls, don't forget\n"
515 " to warn the users of your software that gnutls is at a\n"
516 " testing phase and may be totally insecure.\n"
517 "\nConsider yourself warned.\n");
518 haveBeenWarned = 1;
519 }
520 #else
521 printf("This copy of wmbiff was not compiled with gnutls;\n"
522 "imaps is unavailable. Exiting to protect your\n"
523 "passwords and privacy.\n");
524 exit(EXIT_FAILURE);
525 #endif
526 } else {
527 PCU.dossl = 0;
528 }
529
530 /* defaults */
531 PCU.serverPort = (PCU.dossl != 0) ? 993 : 143;
532 PCU.authList[0] = '\0';
533
534 /* argh, str and pc->path are aliases, so we can't just write the default
535 value into the string we're about to parse. */
536 unaliased_str = strdup(str);
537 strcpy(pc->path, "INBOX");
538
539 for (matchedchars = 0, i = 0;
540 regexes[i] != NULL && matchedchars <= 0; i++) {
541 matchedchars = regulo_match(regexes[i], unaliased_str, regulos);
542 }
543
544 /* failed to match either regex */
545 if (matchedchars <= 0) {
546 pc->label[0] = '\0';
547 IMAP_DM(pc, DEBUG_ERROR, "Couldn't parse line %s (%d)\n"
548 " If this used to work, run wmbiff with the -relax option, and\n"
549 " send mail to wmbiff-devel@lists.sourceforge.net with the hostname\n"
550 " of your mail server.\n", unaliased_str, matchedchars);
551 return -1;
552 }
553
554 PCU.password_len = strlen(PCU.password);
555 if (PCU.password[0] == '\0') {
556 PCU.interactive_password = 1;
557 } else {
558 ENFROB(PCU.password);
559 }
560
561 // grab_authList(unaliased_str + matchedchars, PCU.authList);
562
563 free(unaliased_str);
564
565 IMAP_DM(pc, DEBUG_INFO, "userName= '%s'\n", PCU.userName);
566 IMAP_DM(pc, DEBUG_INFO, "password is %d characters long\n",
567 (int) PCU.password_len);
568 IMAP_DM(pc, DEBUG_INFO, "serverName= '%s'\n", PCU.serverName);
569 IMAP_DM(pc, DEBUG_INFO, "serverPath= '%s'\n", pc->path);
570 IMAP_DM(pc, DEBUG_INFO, "serverPort= '%d'\n", PCU.serverPort);
571 IMAP_DM(pc, DEBUG_INFO, "authList= '%s'\n", PCU.authList);
572
573 if (strcmp(pc->action, "msglst") == 0 ||
574 strcmp(pc->fetchcmd, "msglst") == 0 ||
575 strcmp(pc->button2, "msglst") == 0) {
576 PCU.wantCacheHeaders = 1;
577 } else {
578 PCU.wantCacheHeaders = 0;
579 }
580 pc->checkMail = imap_checkmail;
581 pc->getHeaders = imap_getHeaders;
582 pc->releaseHeaders = imap_releaseHeaders;
583 pc->TotalMsgs = 0;
584 pc->UnreadMsgs = 0;
585 pc->OldMsgs = -1;
586 pc->OldUnreadMsgs = -1;
587 return 0;
588 }
589
590 static int authenticate_plaintext( /*@notnull@ */ Pop3 pc,
591 struct connection_state *scs,
592 const char *capabilities)
593 {
594 char buf[BUF_SIZE];
595 /* is login prohibited? */
596 /* "An IMAP client which complies with [rfc2525, section 3.2]
597 * MUST NOT issue the LOGIN command if this capability is present.
598 */
599 if (strstr(capabilities, "LOGINDISABLED")) {
600 IMAP_DM(pc, DEBUG_ERROR,
601 "Plaintext auth prohibited by server: (LOGINDISABLED).\n");
602 goto plaintext_failed;
603 }
604
605 ask_user_for_password(pc, 0);
606 do {
607 /* login */
608 DEFROB(PCU.password);
609 tlscomm_printf(scs, "a001 LOGIN %s \"%s\"\r\n", PCU.userName,
610 PCU.password);
611 ENFROB(PCU.password);
612 if (tlscomm_expect(scs, "a001 ", buf, BUF_SIZE) == 0) {
613 IMAP_DM(pc, DEBUG_ERROR,
614 "Did not get a response to the LOGIN command.\n");
615 goto plaintext_failed;
616 }
617
618 if (buf[5] != 'O') {
619 IMAP_DM(pc, DEBUG_ERROR, "IMAP Login failed: %s\n", buf);
620 /* if we're prompting the user, ask again, else fail */
621 if (PCU.interactive_password) {
622 PCU.password[0] = '\0';
623 ask_user_for_password(pc, 1); /* 1=overwrite the cache */
624 } else {
625 goto plaintext_failed;
626 }
627 } else {
628 return (1);
629 }
630 }
631 while (1);
632
633 plaintext_failed:
634 return (0);
635 }
636
637 #ifdef HAVE_GCRYPT_H
638 static int
639 authenticate_md5(Pop3 pc,
640 struct connection_state *scs, const char *capabilities)
641 {
642 char buf[BUF_SIZE];
643 char buf2[BUF_SIZE];
644 unsigned char *md5;
645 gcry_md_hd_t gmh;
646 gcry_error_t rc;
647
648 if (!strstr(capabilities, "AUTH=CRAM-MD5")) {
649 /* server doesn't support cram-md5. */
650 return 0;
651 }
652
653 tlscomm_printf(scs, "a007 AUTHENTICATE CRAM-MD5\r\n");
654 if (tlscomm_expect(scs, "+ ", buf, BUF_SIZE) == 0)
655 goto expect_failure;
656
657 Decode_Base64(buf + 2, buf2);
658 IMAP_DM(pc, DEBUG_INFO, "CRAM-MD5 challenge: %s\n", buf2);
659
660 strcpy(buf, PCU.userName);
661 strcat(buf, " ");
662 ask_user_for_password(pc, 0);
663 rc = gcry_md_open(&gmh, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC);
664 if (rc != 0) {
665 IMAP_DM(pc, DEBUG_INFO, "unable to initialize gcrypt md5\n");
666 return 0;
667 }
668 DEFROB(PCU.password);
669 gcry_md_setkey(gmh, PCU.password, strlen(PCU.password));
670 ENFROB(PCU.password);
671 gcry_md_write(gmh, (unsigned char *) buf2, strlen(buf2));
672 gcry_md_final(gmh);
673 md5 = gcry_md_read(gmh, 0);
674 Bin2Hex(md5, 16, buf2);
675 gcry_md_close(gmh);
676
677 strcat(buf, buf2);
678 IMAP_DM(pc, DEBUG_INFO, "CRAM-MD5 response: %s\n", buf);
679 Encode_Base64(buf, buf2);
680
681 tlscomm_printf(scs, "%s\r\n", buf2);
682 if (tlscomm_expect(scs, "a007 ", buf, BUF_SIZE) == 0)
683 goto expect_failure;
684
685 if (!strncmp(buf, "a007 OK", 7))
686 return 1; /* AUTH successful */
687
688 IMAP_DM(pc, DEBUG_ERROR,
689 "CRAM-MD5 AUTH failed for user '%s@%s:%d'\n",
690 PCU.userName, PCU.serverName, PCU.serverPort);
691 IMAP_DM(pc, DEBUG_INFO, "It said %s", buf);
692 return 0;
693
694 expect_failure:
695 IMAP_DM(pc, DEBUG_ERROR,
696 "tlscomm_expect failed during cram-md5 auth: %s", buf);
697 IMAP_DM(pc, DEBUG_ERROR, "failed to authenticate using cram-md5.");
698 return 0;
699 }
700 #endif
701
702 static void ask_user_for_password( /*@notnull@ */ Pop3 pc, int bFlushCache)
703 {
704 /* see if we already have a password, as provided in the config file, or
705 already requested from the user. */
706 if (PCU.interactive_password) {
707 if (strlen(PCU.password) == 0) {
708 /* we need to grab the password from the user. */
709 char *password;
710 IMAP_DM(pc, DEBUG_INFO, "asking for password %d\n",
711 bFlushCache);
712 password =
713 passwordFor(PCU.userName, PCU.serverName, pc, bFlushCache);
714 if (password != NULL) {
715 if (strlen(password) + 1 > BUF_SMALL) {
716 DMA(DEBUG_ERROR, "Password is too long.\n");
717 memset(PCU.password, 0, BUF_SMALL - 1);
718 } else {
719 strncpy(PCU.password, password, BUF_SMALL - 1);
720 PCU.password_len = strlen(PCU.password);
721 }
722 free(password);
723 ENFROB(PCU.password);
724 }
725 }
726 }
727 }
728
729 /* vim:set ts=4: */
730 /*
731 * Local Variables:
732 * tab-width: 4
733 * c-indent-level: 4
734 * c-basic-offset: 4
735 * End:
736 */
Window Maker dockapps collection