search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Show the Content-Description:, as applicable
[s-mailx.git] / urlcrecry.c
blobaf47fe95ed86f6705303f5b6f6e7a230334d3f8a
1 /*@ S-nail - a mail user agent derived from Berkeley Mail.
2 *@ URL parsing, credential handling and crypto hooks.
3 *@ .netrc parser quite loosely based upon NetBSD usr.bin/ftp/
4 *@ $NetBSD: ruserpass.c,v 1.33 2007/04/17 05:52:04 lukem Exp $
5 *
6 * Copyright (c) 2014 - 2016 Steffen (Daode) Nurpmeso <steffen@sdaoden.eu>.
7 *
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20 #undef n_FILE
21 #define n_FILE urlcrecry
22
23 #ifndef HAVE_AMALGAMATION
24 # include "nail.h"
25 #endif
26
27 #ifdef HAVE_NETRC
28 /* NetBSD usr.bin/ftp/ruserpass.c uses 100 bytes for that, we need four
29 * concurrently (dummy, host, user, pass), so make it a KB */
30 # define NRC_TOKEN_MAXLEN (1024 / 4)
31
32 enum nrc_token {
33 NRC_ERROR = -1,
34 NRC_NONE = 0,
35 NRC_DEFAULT,
36 NRC_LOGIN,
37 NRC_PASSWORD,
38 NRC_ACCOUNT,
39 NRC_MACDEF,
40 NRC_MACHINE,
41 NRC_INPUT
42 };
43
44 struct nrc_node {
45 struct nrc_node *nrc_next;
46 struct nrc_node *nrc_result; /* In match phase, former possible one */
47 ui32_t nrc_mlen; /* Length of machine name */
48 ui32_t nrc_ulen; /* Length of user name */
49 ui32_t nrc_plen; /* Length of password */
50 char nrc_dat[n_VFIELD_SIZE(sizeof(ui32_t))];
51 };
52 # define NRC_NODE_ERR ((struct nrc_node*)-1)
53
54 static struct nrc_node *_nrc_list;
55 #endif /* HAVE_NETRC */
56
57 /* Find the last @ before a slash
58 * TODO Casts off the const but this is ok here; obsolete function! */
59 #ifdef HAVE_SOCKETS /* temporary (we'll have file://..) */
60 static char * _url_last_at_before_slash(char const *sp);
61 #endif
62
63 #ifdef HAVE_NETRC
64 /* Initialize .netrc cache */
65 static void _nrc_init(void);
66 static enum nrc_token __nrc_token(FILE *fi, char buffer[NRC_TOKEN_MAXLEN],
67 bool_t *nl_last);
68
69 /* We shall lookup a machine in .netrc says ok_blook(netrc_lookup).
70 * only_pass is true then the lookup is for the password only, otherwise we
71 * look for a user (and add password only if we have an exact machine match) */
72 static bool_t _nrc_lookup(struct url *urlp, bool_t only_pass);
73
74 /* 0=no match; 1=exact match; -1=wildcard match */
75 static int __nrc_host_match(struct nrc_node const *nrc,
76 struct url const *urlp);
77 static bool_t __nrc_find_user(struct url *urlp,
78 struct nrc_node const *nrc);
79 static bool_t __nrc_find_pass(struct url *urlp, bool_t user_match,
80 struct nrc_node const *nrc);
81 #endif /* HAVE_NETRC */
82
83 /* The password can also be gained through external agents TODO v15-compat */
84 #ifdef HAVE_AGENT
85 static bool_t _agent_shell_lookup(struct url *urlp, char const *comm);
86 #endif
87
88 #ifdef HAVE_SOCKETS
89 static char *
90 _url_last_at_before_slash(char const *sp)
91 {
92 char const *cp;
93 char c;
94 NYD2_ENTER;
95
96 for (cp = sp; (c = *cp) != '\0'; ++cp)
97 if (c == '/')
98 break;
99 while (cp > sp && *--cp != '@')
100 ;
101 if (*cp != '@')
102 cp = NULL;
103 NYD2_LEAVE;
104 return n_UNCONST(cp);
105 }
106 #endif
107
108 #ifdef HAVE_NETRC
109 static void
110 _nrc_init(void)
111 {
112 struct n_sigman sm;
113 char buffer[NRC_TOKEN_MAXLEN], host[NRC_TOKEN_MAXLEN],
114 user[NRC_TOKEN_MAXLEN], pass[NRC_TOKEN_MAXLEN], *netrc_load;
115 struct stat sb;
116 FILE * fi;
117 enum nrc_token t;
118 bool_t ispipe, seen_default, nl_last;
119 struct nrc_node *ntail, *nhead, *nrc;
120 NYD_ENTER;
121
122 n_UNINIT(ntail, NULL);
123 nhead = NULL;
124 nrc = NRC_NODE_ERR;
125 ispipe = FAL0;
126 fi = NULL;
127
128 n_SIGMAN_ENTER_SWITCH(&sm, n_SIGMAN_ALL) {
129 case 0:
130 break;
131 default:
132 goto jleave;
133 }
134
135 if ((netrc_load = ok_vlook(netrc_pipe)) != NULL) {
136 ispipe = TRU1;
137 if ((fi = Popen(netrc_load, "r", ok_vlook(SHELL), NULL, COMMAND_FD_NULL)
138 ) == NULL) {
139 n_perr(netrc_load, 0);
140 goto j_leave;
141 }
142 } else {
143 if ((netrc_load = fexpand(ok_vlook(NETRC), FEXP_LOCAL | FEXP_NOPROTO)
144 ) == NULL)
145 goto j_leave;
146
147 if ((fi = Fopen(netrc_load, "r")) == NULL) {
148 n_err(_("Cannot open %s\n"), n_shexp_quote_cp(netrc_load, FAL0));
149 goto j_leave;
150 }
151
152 /* Be simple and apply rigid (permission) check(s) */
153 if (fstat(fileno(fi), &sb) == -1 || !S_ISREG(sb.st_mode) ||
154 (sb.st_mode & (S_IRWXG | S_IRWXO))) {
155 n_err(_("Not a regular file, or accessible by non-user: %s\n"),
156 n_shexp_quote_cp(netrc_load, FAL0));
157 goto jleave;
158 }
159 }
160
161 seen_default = FAL0;
162 nl_last = TRU1;
163 jnext:
164 switch((t = __nrc_token(fi, buffer, &nl_last))) {
165 case NRC_NONE:
166 break;
167 default: /* Doesn't happen (but on error?), keep CC happy */
168 case NRC_DEFAULT:
169 jdef:
170 /* We ignore the default entry (require an exact host match), and we also
171 * ignore anything after such an entry (faulty syntax) */
172 seen_default = TRU1;
173 /* FALLTHRU */
174 case NRC_MACHINE:
175 jm_h:
176 /* Normalize HOST to lowercase */
177 *host = '\0';
178 if (!seen_default && (t = __nrc_token(fi, host, &nl_last)) != NRC_INPUT)
179 goto jerr;
180 else {
181 char *cp;
182 for (cp = host; *cp != '\0'; ++cp)
183 *cp = lowerconv(*cp);
184 }
185
186 *user = *pass = '\0';
187 while ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_NONE &&
188 t != NRC_MACHINE && t != NRC_DEFAULT) {
189 switch(t) {
190 case NRC_LOGIN:
191 if ((t = __nrc_token(fi, user, &nl_last)) != NRC_INPUT)
192 goto jerr;
193 break;
194 case NRC_PASSWORD:
195 if ((t = __nrc_token(fi, pass, &nl_last)) != NRC_INPUT)
196 goto jerr;
197 break;
198 case NRC_ACCOUNT:
199 if ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_INPUT)
200 goto jerr;
201 break;
202 case NRC_MACDEF:
203 if ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_INPUT)
204 goto jerr;
205 else {
206 int i = 0, c;
207 while ((c = getc(fi)) != EOF)
208 if (c == '\n') { /* xxx */
209 /* Don't care about comments here, since we parse until
210 * we've seen two successive newline characters */
211 if (i)
212 break;
213 i = 1;
214 } else
215 i = 0;
216 }
217 break;
218 default:
219 case NRC_ERROR:
220 goto jerr;
221 }
222 }
223
224 if (!seen_default && (*user != '\0' || *pass != '\0')) {
225 size_t hl = strlen(host), ul = strlen(user), pl = strlen(pass);
226 struct nrc_node *nx = smalloc(n_VSTRUCT_SIZEOF(struct nrc_node,
227 nrc_dat) + hl +1 + ul +1 + pl +1);
228
229 if (nhead != NULL)
230 ntail->nrc_next = nx;
231 else
232 nhead = nx;
233 ntail = nx;
234 nx->nrc_next = NULL;
235 nx->nrc_mlen = hl;
236 nx->nrc_ulen = ul;
237 nx->nrc_plen = pl;
238 memcpy(nx->nrc_dat, host, ++hl);
239 memcpy(nx->nrc_dat + hl, user, ++ul);
240 memcpy(nx->nrc_dat + hl + ul, pass, ++pl);
241 }
242 if (t == NRC_MACHINE)
243 goto jm_h;
244 if (t == NRC_DEFAULT)
245 goto jdef;
246 if (t != NRC_NONE)
247 goto jnext;
248 break;
249 case NRC_ERROR:
250 jerr:
251 if (options & OPT_D_V)
252 n_err(_("Errors occurred while parsing %s\n"),
253 n_shexp_quote_cp(netrc_load, FAL0));
254 assert(nrc == NRC_NODE_ERR);
255 goto jleave;
256 }
257
258 if (nhead != NULL)
259 nrc = nhead;
260 n_sigman_cleanup_ping(&sm);
261 jleave:
262 if (fi != NULL) {
263 if (ispipe)
264 Pclose(fi, TRU1);
265 else
266 Fclose(fi);
267 }
268 if (nrc == NRC_NODE_ERR)
269 while (nhead != NULL) {
270 ntail = nhead;
271 nhead = nhead->nrc_next;
272 free(ntail);
273 }
274 j_leave:
275 _nrc_list = nrc;
276 NYD_LEAVE;
277 n_sigman_leave(&sm, n_SIGMAN_VIPSIGS_NTTYOUT);
278 }
279
280 static enum nrc_token
281 __nrc_token(FILE *fi, char buffer[NRC_TOKEN_MAXLEN], bool_t *nl_last)
282 {
283 int c;
284 char *cp;
285 enum nrc_token rv;
286 NYD2_ENTER;
287
288 rv = NRC_NONE;
289 for (;;) {
290 bool_t seen_nl;
291
292 c = EOF;
293 if (feof(fi) || ferror(fi))
294 goto jleave;
295
296 for (seen_nl = *nl_last; (c = getc(fi)) != EOF && whitechar(c);)
297 seen_nl |= (c == '\n');
298
299 if (c == EOF)
300 goto jleave;
301 /* fetchmail and derived parsers support comments */
302 if ((*nl_last = seen_nl) && c == '#') {
303 while ((c = getc(fi)) != EOF && c != '\n')
304 ;
305 continue;
306 }
307 break;
308 }
309
310 cp = buffer;
311 /* Is it a quoted token? At least IBM syntax also supports ' quotes */
312 if (c == '"' || c == '\'') {
313 int quotec = c;
314
315 /* Not requiring the closing QM is (Net)BSD syntax */
316 while ((c = getc(fi)) != EOF && c != quotec) {
317 /* Backslash escaping the next character is (Net)BSD syntax */
318 if (c == '\\')
319 if ((c = getc(fi)) == EOF)
320 break;
321 *cp++ = c;
322 if (PTRCMP(cp, ==, buffer + NRC_TOKEN_MAXLEN)) {
323 rv = NRC_ERROR;
324 goto jleave;
325 }
326 }
327 } else {
328 *cp++ = c;
329 while ((c = getc(fi)) != EOF && !whitechar(c)) {
330 /* Backslash escaping the next character is (Net)BSD syntax */
331 if (c == '\\' && (c = getc(fi)) == EOF)
332 break;
333 *cp++ = c;
334 if (PTRCMP(cp, ==, buffer + NRC_TOKEN_MAXLEN)) {
335 rv = NRC_ERROR;
336 goto jleave;
337 }
338 }
339 *nl_last = (c == '\n');
340 }
341 *cp = '\0';
342
343 if (*buffer == '\0')
344 do {/*rv = NRC_NONE*/} while (0);
345 else if (!strcmp(buffer, "default"))
346 rv = NRC_DEFAULT;
347 else if (!strcmp(buffer, "login"))
348 rv = NRC_LOGIN;
349 else if (!strcmp(buffer, "password") || !strcmp(buffer, "passwd"))
350 rv = NRC_PASSWORD;
351 else if (!strcmp(buffer, "account"))
352 rv = NRC_ACCOUNT;
353 else if (!strcmp(buffer, "macdef"))
354 rv = NRC_MACDEF;
355 else if (!strcmp(buffer, "machine"))
356 rv = NRC_MACHINE;
357 else
358 rv = NRC_INPUT;
359 jleave:
360 if (c == EOF && !feof(fi))
361 rv = NRC_ERROR;
362 NYD2_LEAVE;
363 return rv;
364 }
365
366 static bool_t
367 _nrc_lookup(struct url *urlp, bool_t only_pass)
368 {
369 struct nrc_node *nrc, *nrc_wild, *nrc_exact;
370 bool_t rv = FAL0;
371 NYD_ENTER;
372
373 assert(!only_pass || urlp->url_user.s != NULL);
374 assert(only_pass || urlp->url_user.s == NULL);
375
376 if (_nrc_list == NULL)
377 _nrc_init();
378 if (_nrc_list == NRC_NODE_ERR)
379 goto jleave;
380
381 nrc_wild = nrc_exact = NULL;
382 for (nrc = _nrc_list; nrc != NULL; nrc = nrc->nrc_next)
383 switch (__nrc_host_match(nrc, urlp)) {
384 case 1:
385 nrc->nrc_result = nrc_exact;
386 nrc_exact = nrc;
387 continue;
388 case -1:
389 nrc->nrc_result = nrc_wild;
390 nrc_wild = nrc;
391 /* FALLTHRU */
392 case 0:
393 continue;
394 }
395
396 if (!only_pass && urlp->url_user.s == NULL) {
397 /* Must be an unambiguous entry of its kind */
398 if (nrc_exact != NULL && nrc_exact->nrc_result != NULL)
399 goto jleave;
400 if (__nrc_find_user(urlp, nrc_exact))
401 goto j_user;
402
403 if (nrc_wild != NULL && nrc_wild->nrc_result != NULL)
404 goto jleave;
405 if (!__nrc_find_user(urlp, nrc_wild))
406 goto jleave;
407 j_user:
408 ;
409 }
410
411 if (__nrc_find_pass(urlp, TRU1, nrc_exact) ||
412 __nrc_find_pass(urlp, TRU1, nrc_wild) ||
413 /* Do not try to find a password without exact user match unless we've
414 * been called during credential lookup, a.k.a. the second time */
415 !only_pass ||
416 __nrc_find_pass(urlp, FAL0, nrc_exact) ||
417 __nrc_find_pass(urlp, FAL0, nrc_wild))
418 rv = TRU1;
419 jleave:
420 NYD_LEAVE;
421 return rv;
422 }
423
424 static int
425 __nrc_host_match(struct nrc_node const *nrc, struct url const *urlp)
426 {
427 char const *d2, *d1;
428 size_t l2, l1;
429 int rv = 0;
430 NYD2_ENTER;
431
432 /* Find a matching machine -- entries are all lowercase normalized */
433 if (nrc->nrc_mlen == urlp->url_host.l) {
434 if (n_LIKELY(!memcmp(nrc->nrc_dat, urlp->url_host.s, urlp->url_host.l)))
435 rv = 1;
436 goto jleave;
437 }
438
439 /* Cannot be an exact match, but maybe the .netrc machine starts with
440 * a "*." glob, which we recognize as an extension, meaning "skip
441 * a single subdomain, then match the rest" */
442 d1 = nrc->nrc_dat + 2;
443 l1 = nrc->nrc_mlen;
444 if (l1 <= 2 || d1[-1] != '.' || d1[-2] != '*')
445 goto jleave;
446 l1 -= 2;
447
448 /* Brute skipping over one subdomain, no RFC 1035 or RFC 1122 checks;
449 * in fact this even succeeds for ".host.com", but - why care, here? */
450 d2 = urlp->url_host.s;
451 l2 = urlp->url_host.l;
452 while (l2 > 0) {
453 --l2;
454 if (*d2++ == '.')
455 break;
456 }
457
458 if (l2 == l1 && !memcmp(d1, d2, l1))
459 /* This matches, but we won't use it directly but watch out for an
460 * exact match first! */
461 rv = -1;
462 jleave:
463 NYD2_LEAVE;
464 return rv;
465 }
466
467 static bool_t
468 __nrc_find_user(struct url *urlp, struct nrc_node const *nrc)
469 {
470 NYD2_ENTER;
471
472 for (; nrc != NULL; nrc = nrc->nrc_result)
473 if (nrc->nrc_ulen > 0) {
474 /* Fake it was part of URL otherwise XXX */
475 urlp->url_had_user = TRU1;
476 /* That buffer will be duplicated by url_parse() in this case! */
477 urlp->url_user.s = n_UNCONST(nrc->nrc_dat + nrc->nrc_mlen +1);
478 urlp->url_user.l = nrc->nrc_ulen;
479 break;
480 }
481
482 NYD2_LEAVE;
483 return (nrc != NULL);
484 }
485
486 static bool_t
487 __nrc_find_pass(struct url *urlp, bool_t user_match, struct nrc_node const *nrc)
488 {
489 NYD2_ENTER;
490
491 for (; nrc != NULL; nrc = nrc->nrc_result) {
492 bool_t um = (nrc->nrc_ulen == urlp->url_user.l &&
493 !memcmp(nrc->nrc_dat + nrc->nrc_mlen +1, urlp->url_user.s,
494 urlp->url_user.l));
495
496 if (user_match) {
497 if (!um)
498 continue;
499 } else if (!um && nrc->nrc_ulen > 0)
500 continue;
501 if (nrc->nrc_plen == 0)
502 continue;
503
504 /* We are responsible for duplicating this buffer! */
505 urlp->url_pass.s = savestrbuf(nrc->nrc_dat + nrc->nrc_mlen +1 +
506 nrc->nrc_ulen + 1, (urlp->url_pass.l = nrc->nrc_plen));
507 break;
508 }
509
510 NYD2_LEAVE;
511 return (nrc != NULL);
512 }
513 #endif /* HAVE_NETRC */
514
515 #ifdef HAVE_AGENT
516 static bool_t
517 _agent_shell_lookup(struct url *urlp, char const *comm) /* TODO v15-compat */
518 {
519 char buf[128];
520 char const *env_addon[8];
521 struct str s;
522 FILE *pbuf;
523 union {int c; sighandler_type sht;} u;
524 size_t cl, l;
525 bool_t rv = FAL0;
526 NYD2_ENTER;
527
528 env_addon[0] = str_concat_csvl(&s, AGENT_USER, "=", urlp->url_user.s,
529 NULL)->s;
530 env_addon[1] = str_concat_csvl(&s, AGENT_USER_ENC, "=", urlp->url_user_enc.s,
531 NULL)->s;
532 env_addon[2] = str_concat_csvl(&s, AGENT_HOST, "=", urlp->url_host.s,
533 NULL)->s;
534 env_addon[3] = str_concat_csvl(&s, AGENT_HOST_PORT, "=", urlp->url_h_p.s,
535 NULL)->s;
536 env_addon[4] = str_concat_csvl(&s, NAILENV_TMPDIR, /* TODO v15 */
537 "=", ok_vlook(TMPDIR), NULL)->s;
538
539 env_addon[5] = NULL;
540
541 if ((pbuf = Popen(comm, "r", ok_vlook(SHELL), env_addon, -1)) == NULL) {
542 n_err(_("*agent-shell-lookup* startup failed (%s)\n"), comm);
543 goto jleave;
544 }
545
546 for (s.s = NULL, s.l = cl = l = 0; (u.c = getc(pbuf)) != EOF; ++cl) {
547 if (u.c == '\n') /* xxx */
548 continue;
549 buf[l++] = u.c;
550 if (l == sizeof(buf) - 1) {
551 n_str_add_buf(&s, buf, l);
552 l = 0;
553 }
554 }
555 if (l > 0)
556 n_str_add_buf(&s, buf, l);
557
558 if (!Pclose(pbuf, TRU1)) {
559 n_err(_("*agent-shell-lookup* execution failure (%s)\n"), comm);
560 goto jleave;
561 }
562
563 /* We are responsible for duplicating this buffer! */
564 if (s.s != NULL)
565 urlp->url_pass.s = savestrbuf(s.s, urlp->url_pass.l = s.l);
566 else if (cl > 0)
567 urlp->url_pass.s = n_UNCONST(n_empty), urlp->url_pass.l = 0;
568 rv = TRU1;
569 jleave:
570 if (s.s != NULL)
571 free(s.s);
572 NYD2_LEAVE;
573 return rv;
574 }
575 #endif /* HAVE_AGENT */
576
577 FL char *
578 (urlxenc)(char const *cp, bool_t ispath n_MEMORY_DEBUG_ARGS)
579 {
580 char *n, *np, c1;
581 NYD2_ENTER;
582
583 /* C99 */{
584 size_t i;
585
586 i = strlen(cp);
587 if(i >= UIZ_MAX / 3){
588 n = NULL;
589 goto jleave;
590 }
591 i *= 3;
592 ++i;
593 np = n = (n_autorec_alloc)(NULL, i n_MEMORY_DEBUG_ARGSCALL);
594 }
595
596 for (; (c1 = *cp) != '\0'; ++cp) {
597 /* (RFC 1738) RFC 3986, 2.3 Unreserved Characters:
598 * ALPHA / DIGIT / "-" / "." / "_" / "~"
599 * However add a special is[file]path mode for file-system friendliness */
600 if (alnumchar(c1) || c1 == '_')
601 *np++ = c1;
602 else if (!ispath) {
603 if (c1 != '-' && c1 != '.' && c1 != '~')
604 goto jesc;
605 *np++ = c1;
606 } else if (PTRCMP(np, >, n) && (*cp == '-' || *cp == '.')) /* XXX imap */
607 *np++ = c1;
608 else {
609 jesc:
610 np[0] = '%';
611 n_c_to_hex_base16(np + 1, c1);
612 np += 3;
613 }
614 }
615 *np = '\0';
616 jleave:
617 NYD2_LEAVE;
618 return n;
619 }
620
621 FL char *
622 (urlxdec)(char const *cp n_MEMORY_DEBUG_ARGS)
623 {
624 char *n, *np;
625 si32_t c;
626 NYD2_ENTER;
627
628 np = n = (n_autorec_alloc)(NULL, strlen(cp) +1 n_MEMORY_DEBUG_ARGSCALL);
629
630 while ((c = (uc_i)*cp++) != '\0') {
631 if (c == '%' && cp[0] != '\0' && cp[1] != '\0') {
632 si32_t o = c;
633 if (n_LIKELY((c = n_c_from_hex_base16(cp)) >= '\0'))
634 cp += 2;
635 else
636 c = o;
637 }
638 *np++ = (char)c;
639 }
640 *np = '\0';
641 NYD2_LEAVE;
642 return n;
643 }
644
645 FL int
646 c_urlcodec(void *v){
647 bool_t ispath;
648 char const **argv, *cp, *res;
649 NYD_ENTER;
650
651 if(*(cp = *(argv = v)) == 'p'){
652 if(!ascncasecmp(++cp, "ath", 3))
653 cp += 3;
654 ispath = TRU1;
655 }
656
657 if(is_prefix(cp, "encode")){
658 while((cp = *++argv) != NULL){
659 if((res = urlxenc(cp, ispath)) == NULL)
660 res = V_(n_error);
661 printf(" in: %s (%" PRIuZ " bytes)\nout: %s (%" PRIuZ " bytes)\n",
662 cp, strlen(cp), res, strlen(res));
663 }
664 }else if(is_prefix(cp, "decode")){
665 struct str in, out;
666
667 while((cp = *++argv) != NULL){
668 if((res = urlxdec(cp)) == NULL)
669 res = V_(n_error);
670 in.l = strlen(in.s = n_UNCONST(res)); /* logical */
671 makeprint(&in, &out);
672 printf(" in: %s (%" PRIuZ " bytes)\nout: %s (%" PRIuZ " bytes)\n",
673 cp, strlen(cp), out.s, in.l);
674 free(out.s);
675 }
676 }else{
677 n_err(_("`urlcodec': invalid subcommand: %s\n"), *argv);
678 cp = NULL;
679 }
680 NYD_LEAVE;
681 return (cp != NULL ? OKAY : STOP);
682 }
683
684 FL int
685 c_urlencode(void *v) /* XXX IDNA?? */
686 {
687 char **ap;
688 NYD_ENTER;
689
690 OBSOLETE("`urlencode': please use `urlcodec enc[ode]' instead");
691
692 for (ap = v; *ap != NULL; ++ap) {
693 char *in = *ap, *out = urlxenc(in, FAL0);
694
695 if(out == NULL)
696 out = n_UNCONST(V_(n_error));
697 printf(" in: <%s> (%" PRIuZ " bytes)\nout: <%s> (%" PRIuZ " bytes)\n",
698 in, strlen(in), out, strlen(out));
699 }
700 NYD_LEAVE;
701 return 0;
702 }
703
704 FL int
705 c_urldecode(void *v) /* XXX IDNA?? */
706 {
707 char **ap;
708 NYD_ENTER;
709
710 OBSOLETE("`urldecode': please use `urlcodec dec[ode]' instead");
711
712 for (ap = v; *ap != NULL; ++ap) {
713 char *in = *ap, *out = urlxdec(in);
714
715 if(out == NULL)
716 out = n_UNCONST(V_(n_error));
717 printf(" in: <%s> (%" PRIuZ " bytes)\nout: <%s> (%" PRIuZ " bytes)\n",
718 in, strlen(in), out, strlen(out));
719 }
720 NYD_LEAVE;
721 return 0;
722 }
723
724 FL char *
725 url_mailto_to_address(char const *mailtop){ /* TODO hack! RFC 6068; factory? */
726 size_t i;
727 char *rv;
728 char const *mailtop_orig;
729 NYD_ENTER;
730
731 if(!is_prefix("mailto:", mailtop_orig = mailtop)){
732 rv = NULL;
733 goto jleave;
734 }
735 mailtop += sizeof("mailto:") -1;
736
737 /* TODO This is all intermediate, and for now just enough to understand
738 * TODO a little bit of a little more advanced List-Post: headers. */
739 /* Strip any hfield additions, keep only to addr-spec's */
740 if((rv = strchr(mailtop, '?')) != NULL)
741 rv = savestrbuf(mailtop, i = PTR2SIZE(rv - mailtop));
742 else
743 rv = savestrbuf(mailtop, i = strlen(mailtop));
744
745 i = strlen(rv);
746
747 /* Simply perform percent-decoding if there is a percent % */
748 if(memchr(rv, '%', i) != NULL){
749 char *rv_base;
750 bool_t err;
751
752 for(err = FAL0, mailtop = rv_base = rv; i > 0;){
753 char c;
754
755 if((c = *mailtop++) == '%'){
756 si32_t cc;
757
758 if(i < 3 || (cc = n_c_from_hex_base16(mailtop)) < 0){
759 if(!err && (err = TRU1, options & OPT_D_V))
760 n_err(_("Invalid RFC 6068 'mailto' URL: %s\n"),
761 n_shexp_quote_cp(mailtop_orig, FAL0));
762 goto jhex_putc;
763 }
764 *rv++ = (char)cc;
765 mailtop += 2;
766 i -= 3;
767 }else{
768 jhex_putc:
769 *rv++ = c;
770 --i;
771 }
772 }
773 *rv = '\0';
774 rv = rv_base;
775 }
776 jleave:
777 NYD_LEAVE;
778 return rv;
779 }
780
781 FL char const *
782 n_servbyname(char const *proto, ui16_t *irv_or_null){
783 static struct{
784 char const name[14];
785 char const port[8];
786 ui16_t portno;
787 } const tbl[] = {
788 { "smtp", "25", 25},
789 { "submission", "587", 587},
790 { "smtps", "465", 465},
791 { "pop3", "110", 110},
792 { "pop3s", "995", 995},
793 { "imap", "143", 143},
794 { "imaps", "993", 993},
795 { "file", "", 0}
796 };
797 char const *rv;
798 size_t l, i;
799 NYD2_ENTER;
800
801 for(rv = proto; *rv != '\0'; ++rv)
802 if(*rv == ':')
803 break;
804 l = PTR2SIZE(rv - proto);
805
806 for(rv = NULL, i = 0; i < n_NELEM(tbl); ++i)
807 if(!ascncasecmp(tbl[i].name, proto, l)){
808 rv = tbl[i].port;
809 if(irv_or_null != NULL)
810 *irv_or_null = tbl[i].portno;
811 break;
812 }
813 NYD2_LEAVE;
814 return rv;
815 }
816
817 #ifdef HAVE_SOCKETS /* Note: not indented for that -- later: file:// etc.! */
818 FL bool_t
819 url_parse(struct url *urlp, enum cproto cproto, char const *data)
820 {
821 #if defined HAVE_SMTP && defined HAVE_POP3
822 # define __ALLPROTO
823 #endif
824 #if defined HAVE_SMTP || defined HAVE_POP3
825 # define __ANYPROTO
826 char *cp, *x;
827 #endif
828 bool_t rv = FAL0;
829 NYD_ENTER;
830 n_UNUSED(data);
831
832 memset(urlp, 0, sizeof *urlp);
833 urlp->url_input = data;
834 urlp->url_cproto = cproto;
835
836 /* Network protocol */
837 #define _protox(X,Y) \
838 urlp->url_portno = Y;\
839 memcpy(urlp->url_proto, X "://", sizeof(X "://"));\
840 urlp->url_proto[sizeof(X) -1] = '\0';\
841 urlp->url_proto_len = sizeof(X) -1;\
842 urlp->url_proto_xlen = sizeof(X "://") -1
843 #define __if(X,Y,Z) \
844 if (!ascncasecmp(data, X "://", sizeof(X "://") -1)) {\
845 _protox(X, Y);\
846 data += sizeof(X "://") -1;\
847 do { Z; } while (0);\
848 goto juser;\
849 }
850 #define _if(X,Y) __if(X, Y, (void)0)
851 #ifdef HAVE_SSL
852 # define _ifs(X,Y) __if(X, Y, urlp->url_needs_tls = TRU1)
853 #else
854 # define _ifs(X,Y) goto jeproto;
855 #endif
856
857 switch (cproto) {
858 case CPROTO_SMTP:
859 #ifdef HAVE_SMTP
860 _if ("smtp", 25)
861 _if ("submission", 587)
862 _ifs ("smtps", 465)
863 _protox("smtp", 25);
864 break;
865 #else
866 goto jeproto;
867 #endif
868 case CPROTO_POP3:
869 #ifdef HAVE_POP3
870 _if ("pop3", 110)
871 _ifs ("pop3s", 995)
872 _protox("pop3", 110);
873 break;
874 #else
875 goto jeproto;
876 #endif
877 #if 0
878 case CPROTO_IMAP:
879 _if ("imap", 143)
880 _ifs ("imaps", 993)
881 _protox("imap", 143);
882 break;
883 goto jeproto;
884 #endif
885 }
886
887 #undef _ifs
888 #undef _if
889 #undef __if
890 #undef _protox
891
892 if (strstr(data, "://") != NULL) {
893 #if !defined __ALLPROTO || !defined HAVE_SSL
894 jeproto:
895 #endif
896 n_err(_("URL proto:// prefix invalid: %s\n"), urlp->url_input);
897 goto jleave;
898 }
899 #ifdef __ANYPROTO
900
901 /* User and password, I */
902 juser:
903 if ((cp = _url_last_at_before_slash(data)) != NULL) {
904 size_t l;
905 char const *urlpe, *d;
906 char *ub;
907
908 l = PTR2SIZE(cp - data);
909 ub = ac_alloc(l +1);
910 d = data;
911 urlp->url_had_user = TRU1;
912 data = &cp[1];
913
914 /* And also have a password? */
915 if((cp = memchr(d, ':', l)) != NULL){
916 size_t i = PTR2SIZE(cp - d);
917
918 l -= i + 1;
919 memcpy(ub, cp + 1, l);
920 ub[l] = '\0';
921
922 if((urlp->url_pass.s = urlxdec(ub)) == NULL)
923 goto jurlp_err;
924 urlp->url_pass.l = strlen(urlp->url_pass.s);
925 if((urlpe = urlxenc(urlp->url_pass.s, FAL0)) == NULL)
926 goto jurlp_err;
927 if(strcmp(ub, urlpe))
928 goto jurlp_err;
929 l = i;
930 }
931
932 memcpy(ub, d, l);
933 ub[l] = '\0';
934 if((urlp->url_user.s = urlxdec(ub)) == NULL)
935 goto jurlp_err;
936 urlp->url_user.l = strlen(urlp->url_user.s);
937 if((urlp->url_user_enc.s = urlxenc(urlp->url_user.s, FAL0)) == NULL)
938 goto jurlp_err;
939 urlp->url_user_enc.l = strlen(urlp->url_user_enc.s);
940
941 if(urlp->url_user_enc.l != l || memcmp(urlp->url_user_enc.s, ub, l)){
942 jurlp_err:
943 n_err(_("String is not properly URL percent encoded: %s\n"), ub);
944 d = NULL;
945 }
946
947 ac_free(ub);
948 if(d == NULL)
949 goto jleave;
950 }
951
952 /* Servername and port -- and possible path suffix */
953 if ((cp = strchr(data, ':')) != NULL) { /* TODO URL parse, IPv6 support */
954 char *eptr;
955 long l;
956
957 urlp->url_port = x = savestr(x = &cp[1]);
958 if ((x = strchr(x, '/')) != NULL) {
959 *x = '\0';
960 while(*++x == '/')
961 ;
962 }
963 l = strtol(urlp->url_port, &eptr, 10);
964 if (*eptr != '\0' || l <= 0 || UICMP(32, l, >=, 0xFFFFu)) {
965 n_err(_("URL with invalid port number: %s\n"), urlp->url_input);
966 goto jleave;
967 }
968 urlp->url_portno = (ui16_t)l;
969 } else {
970 if ((x = strchr(data, '/')) != NULL) {
971 data = savestrbuf(data, PTR2SIZE(x - data));
972 while(*++x == '/')
973 ;
974 }
975 cp = n_UNCONST(data + strlen(data));
976 }
977
978 /* A (non-empty) path may only occur with IMAP */
979 if (x != NULL && *x != '\0') {
980 /* Take care not to count adjacent slashes for real, on either end */
981 char *x2;
982 size_t i;
983
984 for(x2 = savestrbuf(x, i = strlen(x)); i > 0; --i)
985 if(x2[i - 1] != '/')
986 break;
987 x2[i] = '\0';
988
989 if (i > 0) {
990 #if 0
991 if (cproto != CPROTO_IMAP) {
992 #endif
993 n_err(_("URL protocol doesn't support paths: \"%s\"\n"),
994 urlp->url_input);
995 goto jleave;
996 #if 0
997 }
998 urlp->url_path.l = i;
999 urlp->url_path.s = x2;
1000 #endif
1001 }
1002 }
1003
1004 urlp->url_host.s = savestrbuf(data, urlp->url_host.l = PTR2SIZE(cp - data));
1005 { size_t i;
1006 for (cp = urlp->url_host.s, i = urlp->url_host.l; i != 0; ++cp, --i)
1007 *cp = lowerconv(*cp);
1008 }
1009
1010 /* .url_h_p: HOST:PORT */
1011 { size_t i;
1012 struct str *s = &urlp->url_h_p;
1013
1014 s->s = salloc(urlp->url_host.l + 1 + sizeof("65536")-1 +1);
1015 memcpy(s->s, urlp->url_host.s, i = urlp->url_host.l);
1016 if (urlp->url_port != NULL) {
1017 size_t j = strlen(urlp->url_port);
1018 s->s[i++] = ':';
1019 memcpy(s->s + i, urlp->url_port, j);
1020 i += j;
1021 }
1022 s->s[i] = '\0';
1023 s->l = i;
1024 }
1025
1026 /* User, II
1027 * If there was no user in the URL, do we have *user-HOST* or *user*? */
1028 if (!urlp->url_had_user) {
1029 if ((urlp->url_user.s = xok_vlook(user, urlp, OXM_PLAIN | OXM_H_P))
1030 == NULL) {
1031 /* No, check whether .netrc lookup is desired */
1032 # ifdef HAVE_NETRC
1033 if (!ok_blook(v15_compat) ||
1034 !xok_blook(netrc_lookup, urlp, OXM_PLAIN | OXM_H_P) ||
1035 !_nrc_lookup(urlp, FAL0))
1036 # endif
1037 urlp->url_user.s = n_UNCONST(myname);
1038 }
1039
1040 urlp->url_user.l = strlen(urlp->url_user.s);
1041 urlp->url_user.s = savestrbuf(urlp->url_user.s, urlp->url_user.l);
1042 if((urlp->url_user_enc.s = urlxenc(urlp->url_user.s, FAL0)) == NULL){
1043 n_err(_("Cannot URL encode %s\n"), urlp->url_user.s);
1044 goto jleave;
1045 }
1046 urlp->url_user_enc.l = strlen(urlp->url_user_enc.s);
1047 }
1048
1049 /* And then there are a lot of prebuild string combinations TODO do lazy */
1050
1051 /* .url_u_h: .url_user@.url_host
1052 * For SMTP we apply ridiculously complicated *v15-compat* plus
1053 * *smtp-hostname* / *hostname* dependent rules */
1054 { struct str h, *s;
1055 size_t i;
1056
1057 if (cproto == CPROTO_SMTP && ok_blook(v15_compat) &&
1058 (cp = ok_vlook(smtp_hostname)) != NULL) {
1059 if (*cp == '\0')
1060 cp = nodename(1);
1061 h.s = savestrbuf(cp, h.l = strlen(cp));
1062 } else
1063 h = urlp->url_host;
1064
1065 s = &urlp->url_u_h;
1066 i = urlp->url_user.l;
1067
1068 s->s = salloc(i + 1 + h.l +1);
1069 if (i > 0) {
1070 memcpy(s->s, urlp->url_user.s, i);
1071 s->s[i++] = '@';
1072 }
1073 memcpy(s->s + i, h.s, h.l +1);
1074 i += h.l;
1075 s->l = i;
1076 }
1077
1078 /* .url_u_h_p: .url_user@.url_host[:.url_port] */
1079 { struct str *s = &urlp->url_u_h_p;
1080 size_t i = urlp->url_user.l;
1081
1082 s->s = salloc(i + 1 + urlp->url_h_p.l +1);
1083 if (i > 0) {
1084 memcpy(s->s, urlp->url_user.s, i);
1085 s->s[i++] = '@';
1086 }
1087 memcpy(s->s + i, urlp->url_h_p.s, urlp->url_h_p.l +1);
1088 i += urlp->url_h_p.l;
1089 s->l = i;
1090 }
1091
1092 /* .url_eu_h_p: .url_user_enc@.url_host[:.url_port] */
1093 { struct str *s = &urlp->url_eu_h_p;
1094 size_t i = urlp->url_user_enc.l;
1095
1096 s->s = salloc(i + 1 + urlp->url_h_p.l +1);
1097 if (i > 0) {
1098 memcpy(s->s, urlp->url_user_enc.s, i);
1099 s->s[i++] = '@';
1100 }
1101 memcpy(s->s + i, urlp->url_h_p.s, urlp->url_h_p.l +1);
1102 i += urlp->url_h_p.l;
1103 s->l = i;
1104 }
1105
1106 /* .url_p_u_h_p: .url_proto://.url_u_h_p */
1107 { size_t i;
1108 char *ud = salloc((i = urlp->url_proto_xlen + urlp->url_u_h_p.l) +1);
1109
1110 urlp->url_proto[urlp->url_proto_len] = ':';
1111 memcpy(sstpcpy(ud, urlp->url_proto), urlp->url_u_h_p.s,
1112 urlp->url_u_h_p.l +1);
1113 urlp->url_proto[urlp->url_proto_len] = '\0';
1114
1115 urlp->url_p_u_h_p = ud;
1116 }
1117
1118 /* .url_p_eu_h_p, .url_p_eu_h_p_p: .url_proto://.url_eu_h_p[/.url_path] */
1119 { size_t i;
1120 char *ud = salloc((i = urlp->url_proto_xlen + urlp->url_eu_h_p.l) +
1121 1 + urlp->url_path.l +1);
1122
1123 urlp->url_proto[urlp->url_proto_len] = ':';
1124 memcpy(sstpcpy(ud, urlp->url_proto), urlp->url_eu_h_p.s,
1125 urlp->url_eu_h_p.l +1);
1126 urlp->url_proto[urlp->url_proto_len] = '\0';
1127
1128 if (urlp->url_path.l == 0)
1129 urlp->url_p_eu_h_p = urlp->url_p_eu_h_p_p = ud;
1130 else {
1131 urlp->url_p_eu_h_p = savestrbuf(ud, i);
1132 urlp->url_p_eu_h_p_p = ud;
1133 ud += i;
1134 *ud++ = '/';
1135 memcpy(ud, urlp->url_path.s, urlp->url_path.l +1);
1136 }
1137 }
1138
1139 rv = TRU1;
1140 #endif /* __ANYPROTO */
1141 jleave:
1142 NYD_LEAVE;
1143 return rv;
1144 #undef __ANYPROTO
1145 #undef __ALLPROTO
1146 }
1147
1148 FL bool_t
1149 ccred_lookup_old(struct ccred *ccp, enum cproto cproto, char const *addr)
1150 {
1151 char const *pname, *pxstr, *authdef;
1152 size_t pxlen, addrlen, i;
1153 char *vbuf, *s;
1154 ui8_t authmask;
1155 enum {NONE=0, WANT_PASS=1<<0, REQ_PASS=1<<1, WANT_USER=1<<2, REQ_USER=1<<3}
1156 ware = NONE;
1157 bool_t addr_is_nuser = FAL0; /* XXX v15.0 legacy! v15_compat */
1158 NYD_ENTER;
1159
1160 memset(ccp, 0, sizeof *ccp);
1161
1162 switch (cproto) {
1163 default:
1164 case CPROTO_SMTP:
1165 pname = "SMTP";
1166 pxstr = "smtp-auth";
1167 pxlen = sizeof("smtp-auth") -1;
1168 authmask = AUTHTYPE_NONE | AUTHTYPE_PLAIN | AUTHTYPE_LOGIN |
1169 AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
1170 authdef = "none";
1171 addr_is_nuser = TRU1;
1172 break;
1173 case CPROTO_POP3:
1174 pname = "POP3";
1175 pxstr = "pop3-auth";
1176 pxlen = sizeof("pop3-auth") -1;
1177 authmask = AUTHTYPE_PLAIN;
1178 authdef = "plain";
1179 break;
1180 }
1181
1182 ccp->cc_cproto = cproto;
1183 addrlen = strlen(addr);
1184 vbuf = ac_alloc(pxlen + addrlen + sizeof("-password-")-1 +1);
1185 memcpy(vbuf, pxstr, pxlen);
1186
1187 /* Authentication type */
1188 vbuf[pxlen] = '-';
1189 memcpy(vbuf + pxlen + 1, addr, addrlen +1);
1190 if ((s = vok_vlook(vbuf)) == NULL) {
1191 vbuf[pxlen] = '\0';
1192 if ((s = vok_vlook(vbuf)) == NULL)
1193 s = n_UNCONST(authdef);
1194 }
1195
1196 if (!asccasecmp(s, "none")) {
1197 ccp->cc_auth = "NONE";
1198 ccp->cc_authtype = AUTHTYPE_NONE;
1199 /*ware = NONE;*/
1200 } else if (!asccasecmp(s, "plain")) {
1201 ccp->cc_auth = "PLAIN";
1202 ccp->cc_authtype = AUTHTYPE_PLAIN;
1203 ware = REQ_PASS | REQ_USER;
1204 } else if (!asccasecmp(s, "login")) {
1205 ccp->cc_auth = "LOGIN";
1206 ccp->cc_authtype = AUTHTYPE_LOGIN;
1207 ware = REQ_PASS | REQ_USER;
1208 } else if (!asccasecmp(s, "cram-md5")) {
1209 ccp->cc_auth = "CRAM-MD5";
1210 ccp->cc_authtype = AUTHTYPE_CRAM_MD5;
1211 ware = REQ_PASS | REQ_USER;
1212 } else if (!asccasecmp(s, "gssapi")) {
1213 ccp->cc_auth = "GSS-API";
1214 ccp->cc_authtype = AUTHTYPE_GSSAPI;
1215 ware = REQ_USER;
1216 } /* no else */
1217
1218 /* Verify method */
1219 if (!(ccp->cc_authtype & authmask)) {
1220 n_err(_("Unsupported %s authentication method: %s\n"), pname, s);
1221 ccp = NULL;
1222 goto jleave;
1223 }
1224 # ifndef HAVE_MD5
1225 if (ccp->cc_authtype == AUTHTYPE_CRAM_MD5) {
1226 n_err(_("No CRAM-MD5 support compiled in\n"));
1227 ccp = NULL;
1228 goto jleave;
1229 }
1230 # endif
1231 # ifndef HAVE_GSSAPI
1232 if (ccp->cc_authtype == AUTHTYPE_GSSAPI) {
1233 n_err(_("No GSS-API support compiled in\n"));
1234 ccp = NULL;
1235 goto jleave;
1236 }
1237 # endif
1238
1239 /* User name */
1240 if (!(ware & (WANT_USER | REQ_USER)))
1241 goto jpass;
1242
1243 if (!addr_is_nuser) {
1244 if ((s = _url_last_at_before_slash(addr)) != NULL) {
1245 char *cp;
1246
1247 cp = savestrbuf(addr, PTR2SIZE(s - addr));
1248
1249 if((ccp->cc_user.s = urlxdec(cp)) == NULL){
1250 n_err(_("String is not properly URL percent encoded: %s\n"), cp);
1251 ccp = NULL;
1252 goto jleave;
1253 }
1254 ccp->cc_user.l = strlen(ccp->cc_user.s);
1255 } else if (ware & REQ_USER)
1256 goto jgetuser;
1257 goto jpass;
1258 }
1259
1260 memcpy(vbuf + pxlen, "-user-", i = sizeof("-user-") -1);
1261 i += pxlen;
1262 memcpy(vbuf + i, addr, addrlen +1);
1263 if ((s = vok_vlook(vbuf)) == NULL) {
1264 vbuf[--i] = '\0';
1265 if ((s = vok_vlook(vbuf)) == NULL && (ware & REQ_USER)) {
1266 if ((s = getuser(NULL)) == NULL) {
1267 jgetuser: /* TODO v15.0: today we simply bail, but we should call getuser().
1268 * TODO even better: introduce "PROTO-user" and "PROTO-pass" and
1269 * TODO check that first, then! change control flow, grow vbuf */
1270 n_err(_("A user is necessary for %s authentication\n"), pname);
1271 ccp = NULL;
1272 goto jleave;
1273 }
1274 }
1275 }
1276 ccp->cc_user.l = strlen(ccp->cc_user.s = savestr(s));
1277
1278 /* Password */
1279 jpass:
1280 if (!(ware & (WANT_PASS | REQ_PASS)))
1281 goto jleave;
1282
1283 if (!addr_is_nuser) {
1284 memcpy(vbuf, "password-", i = sizeof("password-") -1);
1285 } else {
1286 memcpy(vbuf + pxlen, "-password-", i = sizeof("-password-") -1);
1287 i += pxlen;
1288 }
1289 memcpy(vbuf + i, addr, addrlen +1);
1290 if ((s = vok_vlook(vbuf)) == NULL) {
1291 vbuf[--i] = '\0';
1292 if ((!addr_is_nuser || (s = vok_vlook(vbuf)) == NULL) &&
1293 (ware & REQ_PASS)) {
1294 if ((s = getpassword(NULL)) == NULL) {
1295 n_err(_("A password is necessary for %s authentication\n"),
1296 pname);
1297 ccp = NULL;
1298 goto jleave;
1299 }
1300 }
1301 }
1302 if (s != NULL)
1303 ccp->cc_pass.l = strlen(ccp->cc_pass.s = savestr(s));
1304
1305 jleave:
1306 ac_free(vbuf);
1307 if (ccp != NULL && (options & OPT_D_VV))
1308 n_err(_("Credentials: host %s, user %s, pass %s\n"),
1309 addr, (ccp->cc_user.s != NULL ? ccp->cc_user.s : n_empty),
1310 (ccp->cc_pass.s != NULL ? ccp->cc_pass.s : n_empty));
1311 NYD_LEAVE;
1312 return (ccp != NULL);
1313 }
1314
1315 FL bool_t
1316 ccred_lookup(struct ccred *ccp, struct url *urlp)
1317 {
1318 char const *pstr, *authdef;
1319 char *s;
1320 enum okeys authokey;
1321 ui8_t authmask;
1322 enum {NONE=0, WANT_PASS=1<<0, REQ_PASS=1<<1, WANT_USER=1<<2, REQ_USER=1<<3}
1323 ware = NONE;
1324 NYD_ENTER;
1325
1326 memset(ccp, 0, sizeof *ccp);
1327 ccp->cc_user = urlp->url_user;
1328
1329 switch ((ccp->cc_cproto = urlp->url_cproto)) {
1330 default:
1331 case CPROTO_SMTP:
1332 pstr = "smtp";
1333 authokey = ok_v_smtp_auth;
1334 authmask = AUTHTYPE_NONE | AUTHTYPE_PLAIN | AUTHTYPE_LOGIN |
1335 AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
1336 authdef = "plain";
1337 break;
1338 case CPROTO_POP3:
1339 pstr = "pop3";
1340 authokey = ok_v_pop3_auth;
1341 authmask = AUTHTYPE_PLAIN;
1342 authdef = "plain";
1343 break;
1344 }
1345
1346 /* Authentication type */
1347 if ((s = xok_VLOOK(authokey, urlp, OXM_ALL)) == NULL)
1348 s = n_UNCONST(authdef);
1349
1350 if (!asccasecmp(s, "none")) {
1351 ccp->cc_auth = "NONE";
1352 ccp->cc_authtype = AUTHTYPE_NONE;
1353 /*ware = NONE;*/
1354 } else if (!asccasecmp(s, "plain")) {
1355 ccp->cc_auth = "PLAIN";
1356 ccp->cc_authtype = AUTHTYPE_PLAIN;
1357 ware = REQ_PASS | REQ_USER;
1358 } else if (!asccasecmp(s, "login")) {
1359 ccp->cc_auth = "LOGIN";
1360 ccp->cc_authtype = AUTHTYPE_LOGIN;
1361 ware = REQ_PASS | REQ_USER;
1362 } else if (!asccasecmp(s, "cram-md5")) {
1363 ccp->cc_auth = "CRAM-MD5";
1364 ccp->cc_authtype = AUTHTYPE_CRAM_MD5;
1365 ware = REQ_PASS | REQ_USER;
1366 } else if (!asccasecmp(s, "gssapi")) {
1367 ccp->cc_auth = "GSS-API";
1368 ccp->cc_authtype = AUTHTYPE_GSSAPI;
1369 ware = REQ_USER;
1370 } /* no else */
1371
1372 /* Verify method */
1373 if (!(ccp->cc_authtype & authmask)) {
1374 n_err(_("Unsupported %s authentication method: %s\n"), pstr, s);
1375 ccp = NULL;
1376 goto jleave;
1377 }
1378 # ifndef HAVE_MD5
1379 if (ccp->cc_authtype == AUTHTYPE_CRAM_MD5) {
1380 n_err(_("No CRAM-MD5 support compiled in\n"));
1381 ccp = NULL;
1382 goto jleave;
1383 }
1384 # endif
1385 # ifndef HAVE_GSSAPI
1386 if (ccp->cc_authtype == AUTHTYPE_GSSAPI) {
1387 n_err(_("No GSS-API support compiled in\n"));
1388 ccp = NULL;
1389 goto jleave;
1390 }
1391 # endif
1392
1393 /* Password */
1394 ccp->cc_pass = urlp->url_pass;
1395 if (ccp->cc_pass.s != NULL)
1396 goto jleave;
1397
1398 if ((s = xok_vlook(password, urlp, OXM_ALL)) != NULL)
1399 goto js2pass;
1400 # ifdef HAVE_AGENT /* TODO v15-compat obsolete */
1401 if ((s = xok_vlook(agent_shell_lookup, urlp, OXM_ALL)) != NULL) {
1402 OBSOLETE(_("*agent-shell-lookup* will vanish. Please use encrypted "
1403 "~/.netrc (via *netrc-pipe*), or simply `source' an encrypted file"));
1404 if (!_agent_shell_lookup(urlp, s)) {
1405 ccp = NULL;
1406 goto jleave;
1407 } else if (urlp->url_pass.s != NULL) {
1408 ccp->cc_pass = urlp->url_pass;
1409 goto jleave;
1410 }
1411 }
1412 # endif
1413 # ifdef HAVE_NETRC
1414 if (xok_blook(netrc_lookup, urlp, OXM_ALL) && _nrc_lookup(urlp, TRU1)) {
1415 ccp->cc_pass = urlp->url_pass;
1416 goto jleave;
1417 }
1418 # endif
1419 if (ware & REQ_PASS) {
1420 if ((s = getpassword(NULL)) != NULL)
1421 js2pass:
1422 ccp->cc_pass.l = strlen(ccp->cc_pass.s = savestr(s));
1423 else {
1424 n_err(_("A password is necessary for %s authentication\n"), pstr);
1425 ccp = NULL;
1426 }
1427 }
1428
1429 jleave:
1430 if (ccp != NULL && (options & OPT_D_VV))
1431 n_err(_("Credentials: host %s, user %s, pass %s\n"),
1432 urlp->url_h_p.s, (ccp->cc_user.s != NULL ? ccp->cc_user.s : n_empty),
1433 (ccp->cc_pass.s != NULL ? ccp->cc_pass.s : n_empty));
1434 NYD_LEAVE;
1435 return (ccp != NULL);
1436 }
1437 #endif /* HAVE_SOCKETS */
1438
1439 #ifdef HAVE_NETRC
1440 FL int
1441 c_netrc(void *v)
1442 {
1443 char **argv = v;
1444 struct nrc_node *nrc;
1445 bool_t load_only;
1446 NYD_ENTER;
1447
1448 load_only = FAL0;
1449 if (*argv == NULL)
1450 goto jlist;
1451 if (argv[1] != NULL)
1452 goto jerr;
1453 if (!asccasecmp(*argv, "show"))
1454 goto jlist;
1455 load_only = TRU1;
1456 if (!asccasecmp(*argv, "load"))
1457 goto jlist;
1458 if (!asccasecmp(*argv, "clear"))
1459 goto jclear;
1460 jerr:
1461 n_err(_("Synopsis: netrc: (<show> or) <clear> the .netrc cache\n"));
1462 v = NULL;
1463 jleave:
1464 NYD_LEAVE;
1465 return (v == NULL ? !STOP : !OKAY); /* xxx 1:bad 0:good -- do some */
1466
1467 jlist: {
1468 FILE *fp;
1469 size_t l;
1470
1471 if (_nrc_list == NULL)
1472 _nrc_init();
1473 if (_nrc_list == NRC_NODE_ERR) {
1474 n_err(_("Interpolate what file?\n"));
1475 v = NULL;
1476 goto jleave;
1477 }
1478 if (load_only)
1479 goto jleave;
1480
1481 if ((fp = Ftmp(NULL, "netrc", OF_RDWR | OF_UNLINK | OF_REGISTER)) == NULL) {
1482 n_perr(_("tmpfile"), 0);
1483 v = NULL;
1484 goto jleave;
1485 }
1486
1487 for (l = 0, nrc = _nrc_list; nrc != NULL; ++l, nrc = nrc->nrc_next) {
1488 fprintf(fp, _("machine %s "), nrc->nrc_dat); /* XXX quote? */
1489 if (nrc->nrc_ulen > 0)
1490 fprintf(fp, _("login \"%s\" "),
1491 string_quote(nrc->nrc_dat + nrc->nrc_mlen +1));
1492 if (nrc->nrc_plen > 0)
1493 fprintf(fp, _("password \"%s\"\n"),
1494 string_quote(nrc->nrc_dat + nrc->nrc_mlen +1 + nrc->nrc_ulen +1));
1495 else
1496 putc('\n', fp);
1497 }
1498
1499 page_or_print(fp, l);
1500 Fclose(fp);
1501 }
1502 goto jleave;
1503
1504 jclear:
1505 if (_nrc_list == NRC_NODE_ERR)
1506 _nrc_list = NULL;
1507 while ((nrc = _nrc_list) != NULL) {
1508 _nrc_list = nrc->nrc_next;
1509 free(nrc);
1510 }
1511 goto jleave;
1512 }
1513 #endif /* HAVE_NETRC */
1514
1515 #ifdef HAVE_MD5
1516 FL char *
1517 md5tohex(char hex[MD5TOHEX_SIZE], void const *vp)
1518 {
1519 char const *cp = vp;
1520 size_t i, j;
1521 NYD_ENTER;
1522
1523 for (i = 0; i < MD5TOHEX_SIZE / 2; ++i) {
1524 j = i << 1;
1525 # define __hex(n) ((n) > 9 ? (n) - 10 + 'a' : (n) + '0')
1526 hex[j] = __hex((cp[i] & 0xF0) >> 4);
1527 hex[++j] = __hex(cp[i] & 0x0F);
1528 # undef __hex
1529 }
1530 NYD_LEAVE;
1531 return hex;
1532 }
1533
1534 FL char *
1535 cram_md5_string(struct str const *user, struct str const *pass,
1536 char const *b64)
1537 {
1538 struct str in, out;
1539 char digest[16], *cp;
1540 NYD_ENTER;
1541
1542 out.s = NULL;
1543 if(user->l >= UIZ_MAX - 1 - MD5TOHEX_SIZE - 1)
1544 goto jleave;
1545 if(pass->l >= INT_MAX)
1546 goto jleave;
1547
1548 in.s = n_UNCONST(b64);
1549 in.l = strlen(in.s);
1550 if(!b64_decode(&out, &in))
1551 goto jleave;
1552 if(out.l >= INT_MAX){
1553 free(out.s);
1554 out.s = NULL;
1555 goto jleave;
1556 }
1557
1558 hmac_md5((uc_i*)out.s, out.l, (uc_i*)pass->s, pass->l, digest);
1559 free(out.s);
1560 cp = md5tohex(salloc(MD5TOHEX_SIZE +1), digest);
1561
1562 in.l = user->l + MD5TOHEX_SIZE +1;
1563 in.s = ac_alloc(user->l + 1 + MD5TOHEX_SIZE +1);
1564 memcpy(in.s, user->s, user->l);
1565 in.s[user->l] = ' ';
1566 memcpy(&in.s[user->l + 1], cp, MD5TOHEX_SIZE);
1567 if(b64_encode(&out, &in, B64_SALLOC | B64_CRLF) == NULL)
1568 out.s = NULL;
1569 ac_free(in.s);
1570 jleave:
1571 NYD_LEAVE;
1572 return out.s;
1573 }
1574
1575 FL void
1576 hmac_md5(unsigned char *text, int text_len, unsigned char *key, int key_len,
1577 void *digest)
1578 {
1579 /*
1580 * This code is taken from
1581 *
1582 * Network Working Group H. Krawczyk
1583 * Request for Comments: 2104 IBM
1584 * Category: Informational M. Bellare
1585 * UCSD
1586 * R. Canetti
1587 * IBM
1588 * February 1997
1589 *
1590 *
1591 * HMAC: Keyed-Hashing for Message Authentication
1592 */
1593 md5_ctx context;
1594 unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */
1595 unsigned char k_opad[65]; /* outer padding - key XORd with opad */
1596 unsigned char tk[16];
1597 int i;
1598 NYD_ENTER;
1599
1600 /* if key is longer than 64 bytes reset it to key=MD5(key) */
1601 if (key_len > 64) {
1602 md5_ctx tctx;
1603
1604 md5_init(&tctx);
1605 md5_update(&tctx, key, key_len);
1606 md5_final(tk, &tctx);
1607
1608 key = tk;
1609 key_len = 16;
1610 }
1611
1612 /* the HMAC_MD5 transform looks like:
1613 *
1614 * MD5(K XOR opad, MD5(K XOR ipad, text))
1615 *
1616 * where K is an n byte key
1617 * ipad is the byte 0x36 repeated 64 times
1618 * opad is the byte 0x5c repeated 64 times
1619 * and text is the data being protected */
1620
1621 /* start out by storing key in pads */
1622 memset(k_ipad, 0, sizeof k_ipad);
1623 memset(k_opad, 0, sizeof k_opad);
1624 memcpy(k_ipad, key, key_len);
1625 memcpy(k_opad, key, key_len);
1626
1627 /* XOR key with ipad and opad values */
1628 for (i=0; i<64; i++) {
1629 k_ipad[i] ^= 0x36;
1630 k_opad[i] ^= 0x5c;
1631 }
1632
1633 /* perform inner MD5 */
1634 md5_init(&context); /* init context for 1st pass */
1635 md5_update(&context, k_ipad, 64); /* start with inner pad */
1636 md5_update(&context, text, text_len); /* then text of datagram */
1637 md5_final(digest, &context); /* finish up 1st pass */
1638
1639 /* perform outer MD5 */
1640 md5_init(&context); /* init context for 2nd pass */
1641 md5_update(&context, k_opad, 64); /* start with outer pad */
1642 md5_update(&context, digest, 16); /* then results of 1st hash */
1643 md5_final(digest, &context); /* finish up 2nd pass */
1644 NYD_LEAVE;
1645 }
1646 #endif /* HAVE_MD5 */
1647
1648 /* s-it-mode */
A mail processing system intended to provide the functionality of the POSIX mailx(1) command