search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
imap_path_decode(): err: do not "savestrbuf(,buflen * 2)"
[s-mailx.git] / urlcrecry.c
blobaa48db7fb54b647b6d9603befb096eaba99ce9e4
1 /*@ S-nail - a mail user agent derived from Berkeley Mail.
2 *@ URL parsing, credential handling and crypto hooks.
3 *@ .netrc parser quite loosely based upon NetBSD usr.bin/ftp/
4 *@ $NetBSD: ruserpass.c,v 1.33 2007/04/17 05:52:04 lukem Exp $
5 *
6 * Copyright (c) 2014 - 2015 Steffen (Daode) Nurpmeso <sdaoden@users.sf.net>.
7 *
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20 #undef n_FILE
21 #define n_FILE urlcrecry
22
23 #ifndef HAVE_AMALGAMATION
24 # include "nail.h"
25 #endif
26
27 #ifdef HAVE_NETRC
28 /* NetBSD usr.bin/ftp/ruserpass.c uses 100 bytes for that, we need four
29 * concurrently (dummy, host, user, pass), so make it a KB */
30 # define NRC_TOKEN_MAXLEN (1024 / 4)
31
32 enum nrc_token {
33 NRC_ERROR = -1,
34 NRC_NONE = 0,
35 NRC_DEFAULT,
36 NRC_LOGIN,
37 NRC_PASSWORD,
38 NRC_ACCOUNT,
39 NRC_MACDEF,
40 NRC_MACHINE,
41 NRC_INPUT
42 };
43
44 struct nrc_node {
45 struct nrc_node *nrc_next;
46 struct nrc_node *nrc_result; /* In match phase, former possible one */
47 ui32_t nrc_mlen; /* Length of machine name */
48 ui32_t nrc_ulen; /* Length of user name */
49 ui32_t nrc_plen; /* Length of password */
50 char nrc_dat[VFIELD_SIZE(sizeof(ui32_t))];
51 };
52 # define NRC_NODE_ERR ((struct nrc_node*)-1)
53
54 static struct nrc_node *_nrc_list;
55 #endif /* HAVE_NETRC */
56
57 /* Find the last @ before a slash
58 * TODO Casts off the const but this is ok here; obsolete function! */
59 #ifdef HAVE_SOCKETS /* temporary (we'll have file://..) */
60 static char * _url_last_at_before_slash(char const *sp);
61 #endif
62
63 #ifdef HAVE_NETRC
64 /* Initialize .netrc cache */
65 static void _nrc_init(void);
66 static enum nrc_token __nrc_token(FILE *fi, char buffer[NRC_TOKEN_MAXLEN]);
67
68 /* We shall lookup a machine in .netrc says ok_blook(netrc_lookup).
69 * only_pass is true then the lookup is for the password only, otherwise we
70 * look for a user (and add password only if we have an exact machine match) */
71 static bool_t _nrc_lookup(struct url *urlp, bool_t only_pass);
72
73 /* 0=no match; 1=exact match; -1=wildcard match */
74 static int __nrc_host_match(struct nrc_node const *nrc,
75 struct url const *urlp);
76 static bool_t __nrc_find_user(struct url *urlp,
77 struct nrc_node const *nrc);
78 static bool_t __nrc_find_pass(struct url *urlp, bool_t user_match,
79 struct nrc_node const *nrc);
80 #endif /* HAVE_NETRC */
81
82 /* The password can also be gained through external agents */
83 #ifdef HAVE_AGENT
84 static bool_t _agent_shell_lookup(struct url *urlp, char const *comm);
85 #endif
86
87 #ifdef HAVE_SOCKETS
88 static char *
89 _url_last_at_before_slash(char const *sp)
90 {
91 char const *cp;
92 char c;
93 NYD2_ENTER;
94
95 for (cp = sp; (c = *cp) != '\0'; ++cp)
96 if (c == '/')
97 break;
98 while (cp > sp && *--cp != '@')
99 ;
100 if (*cp != '@')
101 cp = NULL;
102 NYD2_LEAVE;
103 return UNCONST(cp);
104 }
105 #endif
106
107 #ifdef HAVE_NETRC
108 static void
109 _nrc_init(void)
110 {
111 char buffer[NRC_TOKEN_MAXLEN], host[NRC_TOKEN_MAXLEN],
112 user[NRC_TOKEN_MAXLEN], pass[NRC_TOKEN_MAXLEN], *netrc_load;
113 struct stat sb;
114 FILE *fi;
115 enum nrc_token t;
116 bool_t seen_default;
117 struct nrc_node *ntail = NULL /* CC happy */, *nhead = NULL,
118 *nrc = NRC_NODE_ERR;
119 NYD_ENTER;
120
121 if ((netrc_load = env_vlook("NETRC", FAL0)) == NULL)
122 netrc_load = UNCONST(NETRC);
123 if ((netrc_load = file_expand(netrc_load)) == NULL)
124 goto j_leave;
125
126 if ((fi = Fopen(netrc_load, "r")) == NULL) {
127 n_err(_("Cannot open \"%s\"\n"), netrc_load);
128 goto j_leave;
129 }
130
131 /* Be simple and apply rigid (permission) check(s) */
132 if (fstat(fileno(fi), &sb) == -1 || !S_ISREG(sb.st_mode) ||
133 (sb.st_mode & (S_IRWXG | S_IRWXO))) {
134 n_err(_("Not a regular file, or accessible by non-user: \"%s\"\n"),
135 netrc_load);
136 goto jleave;
137 }
138
139 seen_default = FAL0;
140 jnext:
141 switch((t = __nrc_token(fi, buffer))) {
142 case NRC_NONE:
143 break;
144 default: /* Doesn't happen (but on error?), keep CC happy */
145 case NRC_DEFAULT:
146 jdef:
147 /* We ignore the default entry (require an exact host match), and we also
148 * ignore anything after such an entry (faulty syntax) */
149 seen_default = TRU1;
150 /* FALLTHRU */
151 case NRC_MACHINE:
152 jm_h:
153 /* Normalize HOST to lowercase */
154 *host = '\0';
155 if (!seen_default && (t = __nrc_token(fi, host)) != NRC_INPUT)
156 goto jerr;
157 else {
158 char *cp;
159 for (cp = host; *cp != '\0'; ++cp)
160 *cp = lowerconv(*cp);
161 }
162
163 *user = *pass = '\0';
164 while ((t = __nrc_token(fi, buffer)) != NRC_NONE && t != NRC_MACHINE &&
165 t != NRC_DEFAULT) {
166 switch(t) {
167 case NRC_LOGIN:
168 if ((t = __nrc_token(fi, user)) != NRC_INPUT)
169 goto jerr;
170 break;
171 case NRC_PASSWORD:
172 if ((t = __nrc_token(fi, pass)) != NRC_INPUT)
173 goto jerr;
174 break;
175 case NRC_ACCOUNT:
176 if ((t = __nrc_token(fi, buffer)) != NRC_INPUT)
177 goto jerr;
178 break;
179 case NRC_MACDEF:
180 if ((t = __nrc_token(fi, buffer)) != NRC_INPUT)
181 goto jerr;
182 else {
183 int i = 0, c;
184 while ((c = getc(fi)) != EOF)
185 if (c == '\n') { /* xxx */
186 if (i)
187 break;
188 i = 1;
189 } else
190 i = 0;
191 }
192 break;
193 default:
194 case NRC_ERROR:
195 goto jerr;
196 }
197 }
198
199 if (!seen_default && (*user != '\0' || *pass != '\0')) {
200 size_t hl = strlen(host), ul = strlen(user), pl = strlen(pass);
201 struct nrc_node *nx = smalloc(sizeof(*nx) -
202 VFIELD_SIZEOF(struct nrc_node, nrc_dat) + hl +1 + ul +1 + pl +1);
203
204 if (nhead != NULL)
205 ntail->nrc_next = nx;
206 else
207 nhead = nx;
208 ntail = nx;
209 nx->nrc_next = NULL;
210 nx->nrc_mlen = hl;
211 nx->nrc_ulen = ul;
212 nx->nrc_plen = pl;
213 memcpy(nx->nrc_dat, host, ++hl);
214 memcpy(nx->nrc_dat + hl, user, ++ul);
215 memcpy(nx->nrc_dat + hl + ul, pass, ++pl);
216 }
217 if (t == NRC_MACHINE)
218 goto jm_h;
219 if (t == NRC_DEFAULT)
220 goto jdef;
221 if (t != NRC_NONE)
222 goto jnext;
223 break;
224 case NRC_ERROR:
225 jerr:
226 if (options & OPT_D_V)
227 n_err(_("Errors occurred while parsing \"%s\"\n"), netrc_load);
228 assert(nrc == NRC_NODE_ERR);
229 goto jleave;
230 }
231
232 if (nhead != NULL)
233 nrc = nhead;
234 jleave:
235 Fclose(fi);
236 if (nrc == NRC_NODE_ERR)
237 while (nhead != NULL) {
238 ntail = nhead;
239 nhead = nhead->nrc_next;
240 free(ntail);
241 }
242 j_leave:
243 _nrc_list = nrc;
244 NYD_LEAVE;
245 }
246
247 static enum nrc_token
248 __nrc_token(FILE *fi, char buffer[NRC_TOKEN_MAXLEN])
249 {
250 int c;
251 char *cp;
252 enum nrc_token rv = NRC_NONE;
253 NYD2_ENTER;
254
255 c = EOF;
256 if (feof(fi) || ferror(fi))
257 goto jleave;
258
259 while ((c = getc(fi)) != EOF && whitechar(c))
260 ;
261 if (c == EOF)
262 goto jleave;
263
264 cp = buffer;
265 /* Is it a quoted token? At least IBM syntax also supports ' quotes */
266 if (c == '"' || c == '\'') {
267 int quotec = c;
268
269 /* Not requiring the closing QM is (Net)BSD syntax */
270 while ((c = getc(fi)) != EOF && c != quotec) {
271 /* Backslash escaping the next character is (Net)BSD syntax */
272 if (c == '\\')
273 if ((c = getc(fi)) == EOF)
274 break;
275 *cp++ = c;
276 if (PTRCMP(cp, ==, buffer + NRC_TOKEN_MAXLEN)) {
277 rv = NRC_ERROR;
278 goto jleave;
279 }
280 }
281 } else {
282 *cp++ = c;
283 while ((c = getc(fi)) != EOF && !whitechar(c)) {
284 /* Backslash escaping the next character is (Net)BSD syntax */
285 if (c == '\\' && (c = getc(fi)) == EOF)
286 break;
287 *cp++ = c;
288 if (PTRCMP(cp, ==, buffer + NRC_TOKEN_MAXLEN)) {
289 rv = NRC_ERROR;
290 goto jleave;
291 }
292 }
293 }
294 *cp = '\0';
295
296 if (*buffer == '\0')
297 do {/*rv = NRC_NONE*/} while (0);
298 else if (!strcmp(buffer, "default"))
299 rv = NRC_DEFAULT;
300 else if (!strcmp(buffer, "login"))
301 rv = NRC_LOGIN;
302 else if (!strcmp(buffer, "password") || !strcmp(buffer, "passwd"))
303 rv = NRC_PASSWORD;
304 else if (!strcmp(buffer, "account"))
305 rv = NRC_ACCOUNT;
306 else if (!strcmp(buffer, "macdef"))
307 rv = NRC_MACDEF;
308 else if (!strcmp(buffer, "machine"))
309 rv = NRC_MACHINE;
310 else
311 rv = NRC_INPUT;
312 jleave:
313 if (c == EOF && !feof(fi))
314 rv = NRC_ERROR;
315 NYD2_LEAVE;
316 return rv;
317 }
318
319 static bool_t
320 _nrc_lookup(struct url *urlp, bool_t only_pass)
321 {
322 struct nrc_node *nrc, *nrc_wild, *nrc_exact;
323 bool_t rv = FAL0;
324 NYD_ENTER;
325
326 assert(!only_pass || urlp->url_user.s != NULL);
327 assert(only_pass || urlp->url_user.s == NULL);
328
329 if (_nrc_list == NULL)
330 _nrc_init();
331 if (_nrc_list == NRC_NODE_ERR)
332 goto jleave;
333
334 nrc_wild = nrc_exact = NULL;
335 for (nrc = _nrc_list; nrc != NULL; nrc = nrc->nrc_next)
336 switch (__nrc_host_match(nrc, urlp)) {
337 case 1:
338 nrc->nrc_result = nrc_exact;
339 nrc_exact = nrc;
340 continue;
341 case -1:
342 nrc->nrc_result = nrc_wild;
343 nrc_wild = nrc;
344 /* FALLTHRU */
345 case 0:
346 continue;
347 }
348
349 if (!only_pass && urlp->url_user.s == NULL) {
350 /* Must be an unambiguous entry of its kind */
351 if (nrc_exact != NULL && nrc_exact->nrc_result != NULL)
352 goto jleave;
353 if (__nrc_find_user(urlp, nrc_exact))
354 goto j_user;
355
356 if (nrc_wild != NULL && nrc_wild->nrc_result != NULL)
357 goto jleave;
358 if (!__nrc_find_user(urlp, nrc_wild))
359 goto jleave;
360 j_user:
361 ;
362 }
363
364 if (__nrc_find_pass(urlp, TRU1, nrc_exact) ||
365 __nrc_find_pass(urlp, TRU1, nrc_wild) ||
366 /* Do not try to find a password without exact user match unless we've
367 * been called during credential lookup, a.k.a. the second time */
368 !only_pass ||
369 __nrc_find_pass(urlp, FAL0, nrc_exact) ||
370 __nrc_find_pass(urlp, FAL0, nrc_wild))
371 rv = TRU1;
372 jleave:
373 NYD_LEAVE;
374 return rv;
375 }
376
377 static int
378 __nrc_host_match(struct nrc_node const *nrc, struct url const *urlp)
379 {
380 char const *d2, *d1;
381 size_t l2, l1;
382 int rv = 0;
383 NYD2_ENTER;
384
385 /* Find a matching machine -- entries are all lowercase normalized */
386 if (nrc->nrc_mlen == urlp->url_host.l) {
387 if (LIKELY(!memcmp(nrc->nrc_dat, urlp->url_host.s, urlp->url_host.l)))
388 rv = 1;
389 goto jleave;
390 }
391
392 /* Cannot be an exact match, but maybe the .netrc machine starts with
393 * a "*." glob, which we recognize as an extension, meaning "skip
394 * a single subdomain, then match the rest" */
395 d1 = nrc->nrc_dat + 2;
396 l1 = nrc->nrc_mlen;
397 if (l1 <= 2 || d1[-1] != '.' || d1[-2] != '*')
398 goto jleave;
399 l1 -= 2;
400
401 /* Brute skipping over one subdomain, no RFC 1035 or RFC 1122 checks;
402 * in fact this even succeeds for ".host.com", but - why care, here? */
403 d2 = urlp->url_host.s;
404 l2 = urlp->url_host.l;
405 while (l2 > 0) {
406 --l2;
407 if (*d2++ == '.')
408 break;
409 }
410
411 if (l2 == l1 && !memcmp(d1, d2, l1))
412 /* This matches, but we won't use it directly but watch out for an
413 * exact match first! */
414 rv = -1;
415 jleave:
416 NYD2_LEAVE;
417 return rv;
418 }
419
420 static bool_t
421 __nrc_find_user(struct url *urlp, struct nrc_node const *nrc)
422 {
423 NYD2_ENTER;
424
425 for (; nrc != NULL; nrc = nrc->nrc_result)
426 if (nrc->nrc_ulen > 0) {
427 /* Fake it was part of URL otherwise XXX */
428 urlp->url_had_user = TRU1;
429 /* That buffer will be duplicated by url_parse() in this case! */
430 urlp->url_user.s = UNCONST(nrc->nrc_dat + nrc->nrc_mlen +1);
431 urlp->url_user.l = nrc->nrc_ulen;
432 break;
433 }
434
435 NYD2_LEAVE;
436 return (nrc != NULL);
437 }
438
439 static bool_t
440 __nrc_find_pass(struct url *urlp, bool_t user_match, struct nrc_node const *nrc)
441 {
442 NYD2_ENTER;
443
444 for (; nrc != NULL; nrc = nrc->nrc_result) {
445 bool_t um = (nrc->nrc_ulen == urlp->url_user.l &&
446 !memcmp(nrc->nrc_dat + nrc->nrc_mlen +1, urlp->url_user.s,
447 urlp->url_user.l));
448
449 if (user_match) {
450 if (!um)
451 continue;
452 } else if (!um && nrc->nrc_ulen > 0)
453 continue;
454 if (nrc->nrc_plen == 0)
455 continue;
456
457 /* We are responsible for duplicating this buffer! */
458 urlp->url_pass.s = savestrbuf(nrc->nrc_dat + nrc->nrc_mlen +1 +
459 nrc->nrc_ulen + 1, (urlp->url_pass.l = nrc->nrc_plen));
460 break;
461 }
462
463 NYD2_LEAVE;
464 return (nrc != NULL);
465 }
466 #endif /* HAVE_NETRC */
467
468 #ifdef HAVE_AGENT
469 static bool_t
470 _agent_shell_lookup(struct url *urlp, char const *comm)
471 {
472 char buf[128];
473 char const *env_addon[8];
474 struct str s;
475 FILE *pbuf;
476 union {char const *cp; int c; sighandler_type sht;} u;
477 size_t cl, l;
478 bool_t rv = FAL0;
479 NYD2_ENTER;
480
481 env_addon[0] = str_concat_csvl(&s, AGENT_USER, "=", urlp->url_user.s,
482 NULL)->s;
483 env_addon[1] = str_concat_csvl(&s, AGENT_USER_ENC, "=", urlp->url_user_enc.s,
484 NULL)->s;
485 env_addon[2] = str_concat_csvl(&s, AGENT_HOST, "=", urlp->url_host.s,
486 NULL)->s;
487 env_addon[3] = str_concat_csvl(&s, AGENT_HOST_PORT, "=", urlp->url_h_p.s,
488 NULL)->s;
489
490 env_addon[4] = str_concat_csvl(&s, NAILENV_TMPDIR, "=", tempdir, NULL)->s;
491 env_addon[5] = str_concat_csvl(&s, "TMPDIR", "=", tempdir, NULL)->s;
492
493 env_addon[6] = NULL;
494
495 if ((u.cp = ok_vlook(SHELL)) == NULL)
496 u.cp = XSHELL;
497 if ((pbuf = Popen(comm, "r", u.cp, env_addon, -1)) == NULL) {
498 n_err(_("*agent-shell-lookup* startup failed (`%s')\n"), comm);
499 goto jleave;
500 }
501
502 for (s.s = NULL, s.l = cl = l = 0; (u.c = getc(pbuf)) != EOF; ++cl) {
503 if (u.c == '\n') /* xxx */
504 continue;
505 buf[l++] = u.c;
506 if (l == sizeof(buf) - 1) {
507 n_str_add_buf(&s, buf, l);
508 l = 0;
509 }
510 }
511 if (l > 0)
512 n_str_add_buf(&s, buf, l);
513
514 if (!Pclose(pbuf, TRU1)) {
515 if (options & OPT_D_V)
516 n_err(_("*agent-shell-lookup* execution failure (`%s')\n"), comm);
517 goto jleave;
518 }
519
520 /* We are responsible for duplicating this buffer! */
521 if (s.s != NULL)
522 urlp->url_pass.s = savestrbuf(s.s, urlp->url_pass.l = s.l);
523 else if (cl > 0)
524 urlp->url_pass.s = UNCONST(""), urlp->url_pass.l = 0;
525 rv = TRU1;
526 jleave:
527 if (s.s != NULL)
528 free(s.s);
529 NYD2_LEAVE;
530 return rv;
531 }
532 #endif
533
534 FL char *
535 (urlxenc)(char const *cp, bool_t ispath SALLOC_DEBUG_ARGS)
536 {
537 char *n, *np, c1;
538 NYD2_ENTER;
539
540 np = n = (salloc)(strlen(cp) * 3 +1 SALLOC_DEBUG_ARGSCALL);
541
542 for (; (c1 = *cp) != '\0'; ++cp) {
543 /* (RFC 1738) RFC 3986, 2.3 Unreserved Characters:
544 * ALPHA / DIGIT / "-" / "." / "_" / "~"
545 * However add a special is[file]path mode for file-system friendliness */
546 if (alnumchar(c1) || c1 == '_')
547 *np++ = c1;
548 else if (!ispath) {
549 if (c1 != '-' && c1 != '.' && c1 != '~')
550 goto jesc;
551 *np++ = c1;
552 } else if (PTRCMP(np, >, n) && (*cp == '-' || *cp == '.')) /* XXX imap */
553 *np++ = c1;
554 else {
555 jesc:
556 np[0] = '%';
557 mime_char_to_hexseq(np + 1, c1);
558 np += 3;
559 }
560 }
561 *np = '\0';
562 NYD2_LEAVE;
563 return n;
564 }
565
566 FL char *
567 (urlxdec)(char const *cp SALLOC_DEBUG_ARGS)
568 {
569 char *n, *np;
570 si32_t c;
571 NYD2_ENTER;
572
573 np = n = (salloc)(strlen(cp) +1 SALLOC_DEBUG_ARGSCALL);
574
575 while ((c = (uc_i)*cp++) != '\0') {
576 if (c == '%' && cp[0] != '\0' && cp[1] != '\0') {
577 si32_t o = c;
578 if (LIKELY((c = mime_hexseq_to_char(cp)) >= '\0'))
579 cp += 2;
580 else
581 c = o;
582 }
583 *np++ = (char)c;
584 }
585 *np = '\0';
586 NYD2_LEAVE;
587 return n;
588 }
589
590 FL int
591 c_urlcodec(void *v){
592 bool_t ispath;
593 char const **argv, *cp, *res;
594 NYD_ENTER;
595
596 if(*(cp = *(argv = v)) == 'p'){
597 if(!ascncasecmp(++cp, "ath", 3))
598 cp += 3;
599 ispath = TRU1;
600 }
601
602 if(is_prefix(cp, "encode")){
603 while((cp = *++argv) != NULL){
604 res = urlxenc(cp, ispath);
605 printf(" in: %s (%" PRIuZ " bytes)\nout: %s (%" PRIuZ " bytes)\n",
606 cp, strlen(cp), res, strlen(res));
607 }
608 }else if(is_prefix(cp, "decode")){
609 struct str in, out;
610
611 while((cp = *++argv) != NULL){
612 res = urlxdec(cp);
613 in.l = strlen(in.s = UNCONST(res)); /* logical */
614 makeprint(&in, &out);
615 printf(" in: %s (%" PRIuZ " bytes)\nout: %s (%" PRIuZ " bytes)\n",
616 cp, strlen(cp), out.s, in.l);
617 free(out.s);
618 }
619 }else{
620 n_err(_("`urlcodec': invalid subcommand: %s\n"), *argv);
621 cp = NULL;
622 }
623 NYD_LEAVE;
624 return (cp != NULL ? OKAY : STOP);
625 }
626
627 FL char *
628 url_mailto_to_address(char const *mailtop){ /* TODO hack! RFC 6068; factory? */
629 size_t i;
630 char *rv;
631 char const *mailtop_orig;
632 NYD_ENTER;
633
634 if(!is_prefix("mailto:", mailtop_orig = mailtop)){
635 rv = NULL;
636 goto jleave;
637 }
638 mailtop += sizeof("mailto:") -1;
639
640 /* TODO This is all intermediate, and for now just enough to understand
641 * TODO a little bit of a little more advanced List-Post: headers. */
642 /* Strip any hfield additions, keep only to addr-spec's */
643 if((rv = strchr(mailtop, '?')) != NULL)
644 rv = savestrbuf(mailtop, i = PTR2SIZE(rv - mailtop));
645 else
646 rv = savestrbuf(mailtop, i = strlen(mailtop));
647
648 i = strlen(rv);
649
650 /* Simply perform percent-decoding if there is a percent % */
651 if(memchr(rv, '%', i) != NULL){
652 char *rv_base;
653 bool_t err;
654
655 for(err = FAL0, mailtop = rv_base = rv; i > 0;){
656 char c;
657
658 if((c = *mailtop++) == '%'){
659 si32_t cc;
660
661 if(i < 3 || (cc = mime_hexseq_to_char(mailtop)) < 0){
662 if(!err && (err = TRU1, options & OPT_D_V))
663 n_err(_("Invalid RFC 6068 'mailto' URL: %s\n"), mailtop_orig);
664 goto jhex_putc;
665 }
666 *rv++ = (char)cc;
667 mailtop += 2;
668 i -= 3;
669 }else{
670 jhex_putc:
671 *rv++ = c;
672 --i;
673 }
674 }
675 *rv = '\0';
676 rv = rv_base;
677 }
678 jleave:
679 NYD_LEAVE;
680 return rv;
681 }
682
683 #ifdef HAVE_SOCKETS /* Note: not indented for that -- later: file:// etc.! */
684 FL char const *
685 url_servbyname(struct url const *urlp, ui16_t *irv_or_null)
686 {
687 static struct {
688 char const name[14];
689 char const port[8];
690 ui16_t portno;
691 } const tbl[] = {
692 { "smtp", "25", 25},
693 { "submission", "587", 587},
694 { "smtps", "465", 465},
695 { "pop3", "110", 110},
696 { "pop3s", "995", 995},
697 { "imap", "143", 143},
698 { "imaps", "993", 993}
699 };
700 char const *rv;
701 size_t i;
702 NYD_ENTER;
703
704 for (rv = NULL, i = 0; i < NELEM(tbl); ++i)
705 if (!asccasecmp(tbl[i].name, urlp->url_proto)) {
706 rv = tbl[i].port;
707 if (irv_or_null != NULL)
708 *irv_or_null = tbl[i].portno;
709 break;
710 }
711 NYD_LEAVE;
712 return rv;
713 }
714
715 FL bool_t
716 url_parse(struct url *urlp, enum cproto cproto, char const *data)
717 {
718 #if defined HAVE_SMTP && defined HAVE_POP3 && defined HAVE_IMAP
719 # define __ALLPROTO
720 #endif
721 #if defined HAVE_SMTP || defined HAVE_POP3 || defined HAVE_IMAP
722 # define __ANYPROTO
723 char *cp, *x;
724 #endif
725 bool_t rv = FAL0;
726 NYD_ENTER;
727 UNUSED(data);
728
729 memset(urlp, 0, sizeof *urlp);
730 urlp->url_input = data;
731 urlp->url_cproto = cproto;
732
733 /* Network protocol */
734 #define _protox(X,Y) \
735 urlp->url_portno = Y;\
736 memcpy(urlp->url_proto, X "://", sizeof(X "://"));\
737 urlp->url_proto[sizeof(X) -1] = '\0';\
738 urlp->url_proto_len = sizeof(X) -1;\
739 urlp->url_proto_xlen = sizeof(X "://") -1
740 #define __if(X,Y,Z) \
741 if (!ascncasecmp(data, X "://", sizeof(X "://") -1)) {\
742 _protox(X, Y);\
743 data += sizeof(X "://") -1;\
744 do { Z; } while (0);\
745 goto juser;\
746 }
747 #define _if(X,Y) __if(X, Y, (void)0)
748 #ifdef HAVE_SSL
749 # define _ifs(X,Y) __if(X, Y, urlp->url_needs_tls = TRU1)
750 #else
751 # define _ifs(X,Y) goto jeproto;
752 #endif
753
754 switch (cproto) {
755 case CPROTO_SMTP:
756 #ifdef HAVE_SMTP
757 _if ("smtp", 25)
758 _if ("submission", 587)
759 _ifs ("smtps", 465)
760 _protox("smtp", 25);
761 break;
762 #else
763 goto jeproto;
764 #endif
765 case CPROTO_POP3:
766 #ifdef HAVE_POP3
767 _if ("pop3", 110)
768 _ifs ("pop3s", 995)
769 _protox("pop3", 110);
770 break;
771 #else
772 goto jeproto;
773 #endif
774 case CPROTO_IMAP:
775 #ifdef HAVE_IMAP
776 _if ("imap", 143)
777 _ifs ("imaps", 993)
778 _protox("imap", 143);
779 break;
780 #else
781 goto jeproto;
782 #endif
783 }
784
785 #undef _ifs
786 #undef _if
787 #undef __if
788 #undef _protox
789
790 if (strstr(data, "://") != NULL) {
791 #if !defined __ALLPROTO || !defined HAVE_SSL
792 jeproto:
793 #endif
794 n_err(_("URL \"proto://\" prefix invalid: \"%s\"\n"), urlp->url_input);
795 goto jleave;
796 }
797 #ifdef __ANYPROTO
798
799 /* User and password, I */
800 juser:
801 if ((cp = _url_last_at_before_slash(data)) != NULL) {
802 size_t l = PTR2SIZE(cp - data);
803 char const *d = data;
804 char *ub = ac_alloc(l +1);
805
806 urlp->url_had_user = TRU1;
807 data = cp + 1;
808
809 /* And also have a password? */
810 if ((cp = memchr(d, ':', l)) != NULL) {
811 size_t i = PTR2SIZE(cp - d);
812
813 l -= i + 1;
814 memcpy(ub, cp + 1, l);
815 ub[l] = '\0';
816 urlp->url_pass.l = strlen(urlp->url_pass.s = urlxdec(ub));
817
818 if (strcmp(ub, urlxenc(urlp->url_pass.s, FAL0))) {
819 n_err(_("String is not properly URL percent encoded: \"%s\"\n"),
820 ub);
821 goto jleave;
822 }
823 l = i;
824 }
825
826 memcpy(ub, d, l);
827 ub[l] = '\0';
828 urlp->url_user.l = strlen(urlp->url_user.s = urlxdec(ub));
829 urlp->url_user_enc.l = strlen(
830 urlp->url_user_enc.s = urlxenc(urlp->url_user.s, FAL0));
831
832 if (urlp->url_user_enc.l != l || memcmp(urlp->url_user_enc.s, ub, l)) {
833 n_err(_("String is not properly URL percent encoded: \"%s\"\n"), ub);
834 goto jleave;
835 }
836
837 ac_free(ub);
838 }
839
840 /* Servername and port -- and possible path suffix */
841 if ((cp = strchr(data, ':')) != NULL) { /* TODO URL parse, IPv6 support */
842 char *eptr;
843 long l;
844
845 urlp->url_port = x = savestr(x = &cp[1]);
846 if ((x = strchr(x, '/')) != NULL) {
847 *x = '\0';
848 while(*++x == '/')
849 ;
850 }
851 l = strtol(urlp->url_port, &eptr, 10);
852 if (*eptr != '\0' || l <= 0 || UICMP(32, l, >=, 0xFFFFu)) {
853 n_err(_("URL with invalid port number: \"%s\"\n"), urlp->url_input);
854 goto jleave;
855 }
856 urlp->url_portno = (ui16_t)l;
857 } else {
858 if ((x = strchr(data, '/')) != NULL) {
859 data = savestrbuf(data, PTR2SIZE(x - data));
860 while(*++x == '/')
861 ;
862 }
863 cp = UNCONST(data + strlen(data));
864 }
865
866 /* A (non-empty) path may only occur with IMAP */
867 if (x != NULL && *x) {
868 size_t i;
869
870 if((i = strlen(x)) > 0){
871 if(x[i - 1] == '/'){
872 while(i-- > 0 && x[i - 1] == '/')
873 ;
874 /* If the name ends with a slash, we need to append INBOX for IMAP */
875 if(cproto == CPROTO_IMAP){
876 urlp->url_path.s = salloc(i + sizeof("/INBOX"));
877 memcpy(urlp->url_path.s, x, i);
878 memcpy(&urlp->url_path.s[i], "/INBOX", sizeof("/INBOX"));
879 urlp->url_path.l = i + sizeof("/INBOX") -1;
880 }else
881 urlp->url_path.l = i;
882 }else if(cproto == CPROTO_IMAP){
883 urlp->url_path.s = x;
884 urlp->url_path.l = i;
885 }else{
886 n_err(_("URL protocol doesn't support paths: \"%s\"\n"),
887 urlp->url_input);
888 goto jleave;
889 }
890 }
891 }
892 /* */
893 if(cproto == CPROTO_IMAP && urlp->url_path.s == NULL)
894 urlp->url_path.s = savestrbuf("INBOX",
895 urlp->url_path.l = sizeof("INBOX") -1);
896
897 urlp->url_host.s = savestrbuf(data, urlp->url_host.l = PTR2SIZE(cp - data));
898 { size_t i;
899 for (cp = urlp->url_host.s, i = urlp->url_host.l; i != 0; ++cp, --i)
900 *cp = lowerconv(*cp);
901 }
902
903 /* .url_h_p: HOST:PORT */
904 { size_t i;
905 struct str *s = &urlp->url_h_p;
906
907 s->s = salloc(urlp->url_host.l + 1 + sizeof("65536")-1 +1);
908 memcpy(s->s, urlp->url_host.s, i = urlp->url_host.l);
909 if (urlp->url_port != NULL) {
910 size_t j = strlen(urlp->url_port);
911 s->s[i++] = ':';
912 memcpy(s->s + i, urlp->url_port, j);
913 i += j;
914 }
915 s->s[i] = '\0';
916 s->l = i;
917 }
918
919 /* User, II
920 * If there was no user in the URL, do we have *user-HOST* or *user*? */
921 if (!urlp->url_had_user) {
922 if ((urlp->url_user.s = xok_vlook(user, urlp, OXM_PLAIN | OXM_H_P))
923 == NULL) {
924 /* No, check wether .netrc lookup is desired */
925 # ifdef HAVE_NETRC
926 if (!ok_blook(v15_compat) ||
927 !xok_blook(netrc_lookup, urlp, OXM_PLAIN | OXM_H_P) ||
928 !_nrc_lookup(urlp, FAL0))
929 # endif
930 urlp->url_user.s = UNCONST(myname);
931 }
932
933 urlp->url_user.l = strlen(urlp->url_user.s);
934 urlp->url_user.s = savestrbuf(urlp->url_user.s, urlp->url_user.l);
935 urlp->url_user_enc.l = strlen(
936 urlp->url_user_enc.s = urlxenc(urlp->url_user.s, FAL0));
937 }
938
939 /* And then there are a lot of prebuild string combinations TODO do lazy */
940
941 /* .url_u_h: .url_user@.url_host
942 * For SMTP we apply ridiculously complicated *v15-compat* plus
943 * *smtp-hostname* / *hostname* dependent rules */
944 { struct str h, *s;
945 size_t i;
946
947 if (cproto == CPROTO_SMTP && ok_blook(v15_compat) &&
948 (cp = ok_vlook(smtp_hostname)) != NULL) {
949 if (*cp == '\0')
950 cp = nodename(1);
951 h.s = savestrbuf(cp, h.l = strlen(cp));
952 } else
953 h = urlp->url_host;
954
955 s = &urlp->url_u_h;
956 i = urlp->url_user.l;
957
958 s->s = salloc(i + 1 + h.l +1);
959 if (i > 0) {
960 memcpy(s->s, urlp->url_user.s, i);
961 s->s[i++] = '@';
962 }
963 memcpy(s->s + i, h.s, h.l +1);
964 i += h.l;
965 s->l = i;
966 }
967
968 /* .url_u_h_p: .url_user@.url_host[:.url_port] */
969 { struct str *s = &urlp->url_u_h_p;
970 size_t i = urlp->url_user.l;
971
972 s->s = salloc(i + 1 + urlp->url_h_p.l +1);
973 if (i > 0) {
974 memcpy(s->s, urlp->url_user.s, i);
975 s->s[i++] = '@';
976 }
977 memcpy(s->s + i, urlp->url_h_p.s, urlp->url_h_p.l +1);
978 i += urlp->url_h_p.l;
979 s->l = i;
980 }
981
982 /* .url_eu_h_p: .url_user_enc@.url_host[:.url_port] */
983 { struct str *s = &urlp->url_eu_h_p;
984 size_t i = urlp->url_user_enc.l;
985
986 s->s = salloc(i + 1 + urlp->url_h_p.l +1);
987 if (i > 0) {
988 memcpy(s->s, urlp->url_user_enc.s, i);
989 s->s[i++] = '@';
990 }
991 memcpy(s->s + i, urlp->url_h_p.s, urlp->url_h_p.l +1);
992 i += urlp->url_h_p.l;
993 s->l = i;
994 }
995
996 /* .url_p_u_h_p: .url_proto://.url_u_h_p */
997 { size_t i;
998 char *ud = salloc((i = urlp->url_proto_xlen + urlp->url_u_h_p.l) +1);
999
1000 urlp->url_proto[urlp->url_proto_len] = ':';
1001 memcpy(sstpcpy(ud, urlp->url_proto), urlp->url_u_h_p.s,
1002 urlp->url_u_h_p.l +1);
1003 urlp->url_proto[urlp->url_proto_len] = '\0';
1004
1005 urlp->url_p_u_h_p = ud;
1006 }
1007
1008 /* .url_p_eu_h_p, .url_p_eu_h_p_p: .url_proto://.url_eu_h_p[/.url_path] */
1009 { size_t i;
1010 char *ud = salloc((i = urlp->url_proto_xlen + urlp->url_eu_h_p.l) +
1011 1 + urlp->url_path.l +1);
1012
1013 urlp->url_proto[urlp->url_proto_len] = ':';
1014 memcpy(sstpcpy(ud, urlp->url_proto), urlp->url_eu_h_p.s,
1015 urlp->url_eu_h_p.l +1);
1016 urlp->url_proto[urlp->url_proto_len] = '\0';
1017
1018 if (urlp->url_path.l == 0)
1019 urlp->url_p_eu_h_p = urlp->url_p_eu_h_p_p = ud;
1020 else {
1021 urlp->url_p_eu_h_p = savestrbuf(ud, i);
1022 urlp->url_p_eu_h_p_p = ud;
1023 ud += i;
1024 *ud++ = '/';
1025 memcpy(ud, urlp->url_path.s, urlp->url_path.l +1);
1026 }
1027 }
1028
1029 rv = TRU1;
1030 #endif /* __ANYPROTO */
1031 jleave:
1032 NYD_LEAVE;
1033 return rv;
1034 #undef __ANYPROTO
1035 #undef __ALLPROTO
1036 }
1037
1038 FL bool_t
1039 ccred_lookup_old(struct ccred *ccp, enum cproto cproto, char const *addr)
1040 {
1041 char const *pname, *pxstr, *authdef;
1042 size_t pxlen, addrlen, i;
1043 char *vbuf, *s;
1044 ui8_t authmask;
1045 enum {NONE=0, WANT_PASS=1<<0, REQ_PASS=1<<1, WANT_USER=1<<2, REQ_USER=1<<3}
1046 ware = NONE;
1047 bool_t addr_is_nuser = FAL0; /* XXX v15.0 legacy! v15_compat */
1048 NYD_ENTER;
1049
1050 memset(ccp, 0, sizeof *ccp);
1051
1052 switch (cproto) {
1053 default:
1054 case CPROTO_SMTP:
1055 pname = "SMTP";
1056 pxstr = "smtp-auth";
1057 pxlen = sizeof("smtp-auth") -1;
1058 authmask = AUTHTYPE_NONE | AUTHTYPE_PLAIN | AUTHTYPE_LOGIN |
1059 AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
1060 authdef = "none";
1061 addr_is_nuser = TRU1;
1062 break;
1063 case CPROTO_POP3:
1064 pname = "POP3";
1065 pxstr = "pop3-auth";
1066 pxlen = sizeof("pop3-auth") -1;
1067 authmask = AUTHTYPE_PLAIN;
1068 authdef = "plain";
1069 break;
1070 case CPROTO_IMAP:
1071 pname = "IMAP";
1072 pxstr = "imap-auth";
1073 pxlen = sizeof("imap-auth") -1;
1074 authmask = AUTHTYPE_LOGIN | AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
1075 authdef = "login";
1076 break;
1077 }
1078
1079 ccp->cc_cproto = cproto;
1080 addrlen = strlen(addr);
1081 vbuf = ac_alloc(pxlen + addrlen + sizeof("-password-")-1 +1);
1082 memcpy(vbuf, pxstr, pxlen);
1083
1084 /* Authentication type */
1085 vbuf[pxlen] = '-';
1086 memcpy(vbuf + pxlen + 1, addr, addrlen +1);
1087 if ((s = vok_vlook(vbuf)) == NULL) {
1088 vbuf[pxlen] = '\0';
1089 if ((s = vok_vlook(vbuf)) == NULL)
1090 s = UNCONST(authdef);
1091 }
1092
1093 if (!asccasecmp(s, "none")) {
1094 ccp->cc_auth = "NONE";
1095 ccp->cc_authtype = AUTHTYPE_NONE;
1096 /*ware = NONE;*/
1097 } else if (!asccasecmp(s, "plain")) {
1098 ccp->cc_auth = "PLAIN";
1099 ccp->cc_authtype = AUTHTYPE_PLAIN;
1100 ware = REQ_PASS | REQ_USER;
1101 } else if (!asccasecmp(s, "login")) {
1102 ccp->cc_auth = "LOGIN";
1103 ccp->cc_authtype = AUTHTYPE_LOGIN;
1104 ware = REQ_PASS | REQ_USER;
1105 } else if (!asccasecmp(s, "cram-md5")) {
1106 ccp->cc_auth = "CRAM-MD5";
1107 ccp->cc_authtype = AUTHTYPE_CRAM_MD5;
1108 ware = REQ_PASS | REQ_USER;
1109 } else if (!asccasecmp(s, "gssapi")) {
1110 ccp->cc_auth = "GSS-API";
1111 ccp->cc_authtype = AUTHTYPE_GSSAPI;
1112 ware = REQ_USER;
1113 } /* no else */
1114
1115 /* Verify method */
1116 if (!(ccp->cc_authtype & authmask)) {
1117 n_err(_("Unsupported %s authentication method: %s\n"), pname, s);
1118 ccp = NULL;
1119 goto jleave;
1120 }
1121 # ifndef HAVE_MD5
1122 if (ccp->cc_authtype == AUTHTYPE_CRAM_MD5) {
1123 n_err(_("No CRAM-MD5 support compiled in\n"));
1124 ccp = NULL;
1125 goto jleave;
1126 }
1127 # endif
1128 # ifndef HAVE_GSSAPI
1129 if (ccp->cc_authtype == AUTHTYPE_GSSAPI) {
1130 n_err(_("No GSS-API support compiled in\n"));
1131 ccp = NULL;
1132 goto jleave;
1133 }
1134 # endif
1135
1136 /* User name */
1137 if (!(ware & (WANT_USER | REQ_USER)))
1138 goto jpass;
1139
1140 if (!addr_is_nuser) {
1141 if ((s = _url_last_at_before_slash(addr)) != NULL) {
1142 ccp->cc_user.s = urlxdec(savestrbuf(addr, PTR2SIZE(s - addr)));
1143 ccp->cc_user.l = strlen(ccp->cc_user.s);
1144 } else if (ware & REQ_USER)
1145 goto jgetuser;
1146 goto jpass;
1147 }
1148
1149 memcpy(vbuf + pxlen, "-user-", i = sizeof("-user-") -1);
1150 i += pxlen;
1151 memcpy(vbuf + i, addr, addrlen +1);
1152 if ((s = vok_vlook(vbuf)) == NULL) {
1153 vbuf[--i] = '\0';
1154 if ((s = vok_vlook(vbuf)) == NULL && (ware & REQ_USER)) {
1155 if ((s = getuser(NULL)) == NULL) {
1156 jgetuser: /* TODO v15.0: today we simply bail, but we should call getuser().
1157 * TODO even better: introduce "PROTO-user" and "PROTO-pass" and
1158 * TODO check that first, then! change control flow, grow vbuf */
1159 n_err(_("A user is necessary for %s authentication\n"), pname);
1160 ccp = NULL;
1161 goto jleave;
1162 }
1163 }
1164 }
1165 ccp->cc_user.l = strlen(ccp->cc_user.s = savestr(s));
1166
1167 /* Password */
1168 jpass:
1169 if (!(ware & (WANT_PASS | REQ_PASS)))
1170 goto jleave;
1171
1172 if (!addr_is_nuser) {
1173 memcpy(vbuf, "password-", i = sizeof("password-") -1);
1174 } else {
1175 memcpy(vbuf + pxlen, "-password-", i = sizeof("-password-") -1);
1176 i += pxlen;
1177 }
1178 memcpy(vbuf + i, addr, addrlen +1);
1179 if ((s = vok_vlook(vbuf)) == NULL) {
1180 vbuf[--i] = '\0';
1181 if ((!addr_is_nuser || (s = vok_vlook(vbuf)) == NULL) &&
1182 (ware & REQ_PASS)) {
1183 if ((s = getpassword(NULL)) == NULL) {
1184 n_err(_("A password is necessary for %s authentication\n"),
1185 pname);
1186 ccp = NULL;
1187 goto jleave;
1188 }
1189 }
1190 }
1191 if (s != NULL)
1192 ccp->cc_pass.l = strlen(ccp->cc_pass.s = savestr(s));
1193
1194 jleave:
1195 ac_free(vbuf);
1196 if (ccp != NULL && (options & OPT_D_VV))
1197 n_err(_("Credentials: host \"%s\", user \"%s\", pass \"%s\"\n"),
1198 addr, (ccp->cc_user.s != NULL ? ccp->cc_user.s : ""),
1199 (ccp->cc_pass.s != NULL ? ccp->cc_pass.s : ""));
1200 NYD_LEAVE;
1201 return (ccp != NULL);
1202 }
1203
1204 FL bool_t
1205 ccred_lookup(struct ccred *ccp, struct url *urlp)
1206 {
1207 char const *pstr, *authdef;
1208 char *s;
1209 enum okeys authokey;
1210 ui8_t authmask;
1211 enum {NONE=0, WANT_PASS=1<<0, REQ_PASS=1<<1, WANT_USER=1<<2, REQ_USER=1<<3}
1212 ware = NONE;
1213 NYD_ENTER;
1214
1215 memset(ccp, 0, sizeof *ccp);
1216 ccp->cc_user = urlp->url_user;
1217
1218 switch ((ccp->cc_cproto = urlp->url_cproto)) {
1219 default:
1220 case CPROTO_SMTP:
1221 pstr = "smtp";
1222 authokey = ok_v_smtp_auth;
1223 authmask = AUTHTYPE_NONE | AUTHTYPE_PLAIN | AUTHTYPE_LOGIN |
1224 AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
1225 authdef = "plain";
1226 break;
1227 case CPROTO_POP3:
1228 pstr = "pop3";
1229 authokey = ok_v_pop3_auth;
1230 authmask = AUTHTYPE_PLAIN;
1231 authdef = "plain";
1232 break;
1233 case CPROTO_IMAP:
1234 pstr = "imap";
1235 authokey = ok_v_imap_auth;
1236 authmask = AUTHTYPE_LOGIN | AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
1237 authdef = "login";
1238 break;
1239 }
1240
1241 /* Authentication type */
1242 if ((s = xok_VLOOK(authokey, urlp, OXM_ALL)) == NULL)
1243 s = UNCONST(authdef);
1244
1245 if (!asccasecmp(s, "none")) {
1246 ccp->cc_auth = "NONE";
1247 ccp->cc_authtype = AUTHTYPE_NONE;
1248 /*ware = NONE;*/
1249 } else if (!asccasecmp(s, "plain")) {
1250 ccp->cc_auth = "PLAIN";
1251 ccp->cc_authtype = AUTHTYPE_PLAIN;
1252 ware = REQ_PASS | REQ_USER;
1253 } else if (!asccasecmp(s, "login")) {
1254 ccp->cc_auth = "LOGIN";
1255 ccp->cc_authtype = AUTHTYPE_LOGIN;
1256 ware = REQ_PASS | REQ_USER;
1257 } else if (!asccasecmp(s, "cram-md5")) {
1258 ccp->cc_auth = "CRAM-MD5";
1259 ccp->cc_authtype = AUTHTYPE_CRAM_MD5;
1260 ware = REQ_PASS | REQ_USER;
1261 } else if (!asccasecmp(s, "gssapi")) {
1262 ccp->cc_auth = "GSS-API";
1263 ccp->cc_authtype = AUTHTYPE_GSSAPI;
1264 ware = REQ_USER;
1265 } /* no else */
1266
1267 /* Verify method */
1268 if (!(ccp->cc_authtype & authmask)) {
1269 n_err(_("Unsupported %s authentication method: %s\n"), pstr, s);
1270 ccp = NULL;
1271 goto jleave;
1272 }
1273 # ifndef HAVE_MD5
1274 if (ccp->cc_authtype == AUTHTYPE_CRAM_MD5) {
1275 n_err(_("No CRAM-MD5 support compiled in\n"));
1276 ccp = NULL;
1277 goto jleave;
1278 }
1279 # endif
1280 # ifndef HAVE_GSSAPI
1281 if (ccp->cc_authtype == AUTHTYPE_GSSAPI) {
1282 n_err(_("No GSS-API support compiled in\n"));
1283 ccp = NULL;
1284 goto jleave;
1285 }
1286 # endif
1287
1288 /* Password */
1289 ccp->cc_pass = urlp->url_pass;
1290 if (ccp->cc_pass.s != NULL)
1291 goto jleave;
1292
1293 if ((s = xok_vlook(password, urlp, OXM_ALL)) != NULL)
1294 goto js2pass;
1295 # ifdef HAVE_AGENT
1296 if ((s = xok_vlook(agent_shell_lookup, urlp, OXM_ALL)) != NULL) {
1297 if (!_agent_shell_lookup(urlp, s)) {
1298 ccp = NULL;
1299 goto jleave;
1300 } else if (urlp->url_pass.s != NULL) {
1301 ccp->cc_pass = urlp->url_pass;
1302 goto jleave;
1303 }
1304 }
1305 # endif
1306 # ifdef HAVE_NETRC
1307 if (xok_blook(netrc_lookup, urlp, OXM_ALL) && _nrc_lookup(urlp, TRU1)) {
1308 ccp->cc_pass = urlp->url_pass;
1309 goto jleave;
1310 }
1311 # endif
1312 if (ware & REQ_PASS) {
1313 if ((s = getpassword(NULL)) != NULL)
1314 js2pass:
1315 ccp->cc_pass.l = strlen(ccp->cc_pass.s = savestr(s));
1316 else {
1317 n_err(_("A password is necessary for %s authentication\n"), pstr);
1318 ccp = NULL;
1319 }
1320 }
1321
1322 jleave:
1323 if (ccp != NULL && (options & OPT_D_VV))
1324 n_err(_("Credentials: host \"%s\", user \"%s\", pass \"%s\"\n"),
1325 urlp->url_h_p.s, (ccp->cc_user.s != NULL ? ccp->cc_user.s : ""),
1326 (ccp->cc_pass.s != NULL ? ccp->cc_pass.s : ""));
1327 NYD_LEAVE;
1328 return (ccp != NULL);
1329 }
1330 #endif /* HAVE_SOCKETS */
1331
1332 #ifdef HAVE_NETRC
1333 FL int
1334 c_netrc(void *v)
1335 {
1336 char **argv = v;
1337 struct nrc_node *nrc;
1338 NYD_ENTER;
1339
1340 if (*argv == NULL)
1341 goto jlist;
1342 if (argv[1] != NULL)
1343 goto jerr;
1344 if (!asccasecmp(*argv, "show"))
1345 goto jlist;
1346 if (!asccasecmp(*argv, "clear"))
1347 goto jclear;
1348 jerr:
1349 n_err(_("Synopsis: netrc: (<show> or) <clear> the .netrc cache\n"));
1350 v = NULL;
1351 jleave:
1352 NYD_LEAVE;
1353 return (v == NULL ? !STOP : !OKAY); /* xxx 1:bad 0:good -- do some */
1354
1355 jlist: {
1356 FILE *fp;
1357 size_t l;
1358
1359 if (_nrc_list == NULL)
1360 _nrc_init();
1361 if (_nrc_list == NRC_NODE_ERR) {
1362 n_err(_("Interpolate what file?\n"));
1363 v = NULL;
1364 goto jleave;
1365 }
1366
1367 if ((fp = Ftmp(NULL, "netrc", OF_RDWR | OF_UNLINK | OF_REGISTER, 0600)
1368 ) == NULL) {
1369 n_perr(_("tmpfile"), 0);
1370 v = NULL;
1371 goto jleave;
1372 }
1373
1374 for (l = 0, nrc = _nrc_list; nrc != NULL; ++l, nrc = nrc->nrc_next) {
1375 fprintf(fp, _("machine %s "), nrc->nrc_dat);
1376 if (nrc->nrc_ulen > 0)
1377 fprintf(fp, _("login \"%s\" "),
1378 string_quote(nrc->nrc_dat + nrc->nrc_mlen +1));
1379 if (nrc->nrc_plen > 0)
1380 fprintf(fp, _("password \"%s\"\n"),
1381 string_quote(nrc->nrc_dat + nrc->nrc_mlen +1 + nrc->nrc_ulen +1));
1382 else
1383 putc('\n', fp);
1384 }
1385
1386 page_or_print(fp, l);
1387 Fclose(fp);
1388 }
1389 goto jleave;
1390
1391 jclear:
1392 if (_nrc_list == NRC_NODE_ERR)
1393 _nrc_list = NULL;
1394 while ((nrc = _nrc_list) != NULL) {
1395 _nrc_list = nrc->nrc_next;
1396 free(nrc);
1397 }
1398 goto jleave;
1399 }
1400 #endif /* HAVE_NETRC */
1401
1402 #ifdef HAVE_MD5
1403 FL char *
1404 md5tohex(char hex[MD5TOHEX_SIZE], void const *vp)
1405 {
1406 char const *cp = vp;
1407 size_t i, j;
1408 NYD_ENTER;
1409
1410 for (i = 0; i < MD5TOHEX_SIZE / 2; ++i) {
1411 j = i << 1;
1412 # define __hex(n) ((n) > 9 ? (n) - 10 + 'a' : (n) + '0')
1413 hex[j] = __hex((cp[i] & 0xF0) >> 4);
1414 hex[++j] = __hex(cp[i] & 0x0F);
1415 # undef __hex
1416 }
1417 NYD_LEAVE;
1418 return hex;
1419 }
1420
1421 FL char *
1422 cram_md5_string(struct str const *user, struct str const *pass,
1423 char const *b64)
1424 {
1425 struct str in, out;
1426 char digest[16], *cp;
1427 NYD_ENTER;
1428
1429 out.s = NULL;
1430 in.s = UNCONST(b64);
1431 in.l = strlen(in.s);
1432 b64_decode(&out, &in, NULL);
1433 assert(out.s != NULL);
1434
1435 hmac_md5((uc_i*)out.s, out.l, (uc_i*)pass->s, pass->l, digest);
1436 free(out.s);
1437 cp = md5tohex(salloc(MD5TOHEX_SIZE +1), digest);
1438
1439 in.l = user->l + MD5TOHEX_SIZE +1;
1440 in.s = ac_alloc(user->l + 1 + MD5TOHEX_SIZE +1);
1441 memcpy(in.s, user->s, user->l);
1442 in.s[user->l] = ' ';
1443 memcpy(in.s + user->l + 1, cp, MD5TOHEX_SIZE);
1444 b64_encode(&out, &in, B64_SALLOC | B64_CRLF);
1445 ac_free(in.s);
1446 NYD_LEAVE;
1447 return out.s;
1448 }
1449
1450 FL void
1451 hmac_md5(unsigned char *text, int text_len, unsigned char *key, int key_len,
1452 void *digest)
1453 {
1454 /*
1455 * This code is taken from
1456 *
1457 * Network Working Group H. Krawczyk
1458 * Request for Comments: 2104 IBM
1459 * Category: Informational M. Bellare
1460 * UCSD
1461 * R. Canetti
1462 * IBM
1463 * February 1997
1464 *
1465 *
1466 * HMAC: Keyed-Hashing for Message Authentication
1467 */
1468 md5_ctx context;
1469 unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */
1470 unsigned char k_opad[65]; /* outer padding - key XORd with opad */
1471 unsigned char tk[16];
1472 int i;
1473 NYD_ENTER;
1474
1475 /* if key is longer than 64 bytes reset it to key=MD5(key) */
1476 if (key_len > 64) {
1477 md5_ctx tctx;
1478
1479 md5_init(&tctx);
1480 md5_update(&tctx, key, key_len);
1481 md5_final(tk, &tctx);
1482
1483 key = tk;
1484 key_len = 16;
1485 }
1486
1487 /* the HMAC_MD5 transform looks like:
1488 *
1489 * MD5(K XOR opad, MD5(K XOR ipad, text))
1490 *
1491 * where K is an n byte key
1492 * ipad is the byte 0x36 repeated 64 times
1493 * opad is the byte 0x5c repeated 64 times
1494 * and text is the data being protected */
1495
1496 /* start out by storing key in pads */
1497 memset(k_ipad, 0, sizeof k_ipad);
1498 memset(k_opad, 0, sizeof k_opad);
1499 memcpy(k_ipad, key, key_len);
1500 memcpy(k_opad, key, key_len);
1501
1502 /* XOR key with ipad and opad values */
1503 for (i=0; i<64; i++) {
1504 k_ipad[i] ^= 0x36;
1505 k_opad[i] ^= 0x5c;
1506 }
1507
1508 /* perform inner MD5 */
1509 md5_init(&context); /* init context for 1st pass */
1510 md5_update(&context, k_ipad, 64); /* start with inner pad */
1511 md5_update(&context, text, text_len); /* then text of datagram */
1512 md5_final(digest, &context); /* finish up 1st pass */
1513
1514 /* perform outer MD5 */
1515 md5_init(&context); /* init context for 2nd pass */
1516 md5_update(&context, k_opad, 64); /* start with outer pad */
1517 md5_update(&context, digest, 16); /* then results of 1st hash */
1518 md5_final(digest, &context); /* finish up 2nd pass */
1519 NYD_LEAVE;
1520 }
1521 #endif /* HAVE_MD5 */
1522
1523 /* s-it-mode */
A mail processing system intended to provide the functionality of the POSIX mailx(1) command