run-command: forbid using run_command with piped output
[git/raj.git] / imap-send.c
blobd69887da5a8530b204a5f5baf7081787224fc3bd
1 /*
2 * git-imap-send - drops patches into an imap Drafts folder
3 * derived from isync/mbsync - mailbox synchronizer
5 * Copyright (C) 2000-2002 Michael R. Elkins <me@mutt.org>
6 * Copyright (C) 2002-2004 Oswald Buddenhagen <ossi@users.sf.net>
7 * Copyright (C) 2004 Theodore Y. Ts'o <tytso@mit.edu>
8 * Copyright (C) 2006 Mike McCormack
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 #include "cache.h"
26 #include "credential.h"
27 #include "exec_cmd.h"
28 #include "run-command.h"
29 #include "parse-options.h"
30 #ifdef NO_OPENSSL
31 typedef void *SSL;
32 #endif
33 #ifdef USE_CURL_FOR_IMAP_SEND
34 #include "http.h"
35 #endif
37 static int verbosity;
38 static int use_curl; /* strictly opt in */
40 static const char * const imap_send_usage[] = { "git imap-send [-v] [-q] [--[no-]curl] < <mbox>", NULL };
42 static struct option imap_send_options[] = {
43 OPT__VERBOSITY(&verbosity),
44 OPT_BOOL(0, "curl", &use_curl, "use libcurl to communicate with the IMAP server"),
45 OPT_END()
48 #undef DRV_OK
49 #define DRV_OK 0
50 #define DRV_MSG_BAD -1
51 #define DRV_BOX_BAD -2
52 #define DRV_STORE_BAD -3
54 __attribute__((format (printf, 1, 2)))
55 static void imap_info(const char *, ...);
56 __attribute__((format (printf, 1, 2)))
57 static void imap_warn(const char *, ...);
59 static char *next_arg(char **);
61 __attribute__((format (printf, 3, 4)))
62 static int nfsnprintf(char *buf, int blen, const char *fmt, ...);
64 static int nfvasprintf(char **strp, const char *fmt, va_list ap)
66 int len;
67 char tmp[8192];
69 len = vsnprintf(tmp, sizeof(tmp), fmt, ap);
70 if (len < 0)
71 die("Fatal: Out of memory");
72 if (len >= sizeof(tmp))
73 die("imap command overflow!");
74 *strp = xmemdupz(tmp, len);
75 return len;
78 struct imap_server_conf {
79 char *name;
80 char *tunnel;
81 char *host;
82 int port;
83 char *folder;
84 char *user;
85 char *pass;
86 int use_ssl;
87 int ssl_verify;
88 int use_html;
89 char *auth_method;
92 static struct imap_server_conf server = {
93 NULL, /* name */
94 NULL, /* tunnel */
95 NULL, /* host */
96 0, /* port */
97 NULL, /* folder */
98 NULL, /* user */
99 NULL, /* pass */
100 0, /* use_ssl */
101 1, /* ssl_verify */
102 0, /* use_html */
103 NULL, /* auth_method */
106 struct imap_socket {
107 int fd[2];
108 SSL *ssl;
111 struct imap_buffer {
112 struct imap_socket sock;
113 int bytes;
114 int offset;
115 char buf[1024];
118 struct imap_cmd;
120 struct imap {
121 int uidnext; /* from SELECT responses */
122 unsigned caps, rcaps; /* CAPABILITY results */
123 /* command queue */
124 int nexttag, num_in_progress, literal_pending;
125 struct imap_cmd *in_progress, **in_progress_append;
126 struct imap_buffer buf; /* this is BIG, so put it last */
129 struct imap_store {
130 /* currently open mailbox */
131 const char *name; /* foreign! maybe preset? */
132 int uidvalidity;
133 struct imap *imap;
134 const char *prefix;
137 struct imap_cmd_cb {
138 int (*cont)(struct imap_store *ctx, struct imap_cmd *cmd, const char *prompt);
139 void (*done)(struct imap_store *ctx, struct imap_cmd *cmd, int response);
140 void *ctx;
141 char *data;
142 int dlen;
143 int uid;
146 struct imap_cmd {
147 struct imap_cmd *next;
148 struct imap_cmd_cb cb;
149 char *cmd;
150 int tag;
153 #define CAP(cap) (imap->caps & (1 << (cap)))
155 enum CAPABILITY {
156 NOLOGIN = 0,
157 UIDPLUS,
158 LITERALPLUS,
159 NAMESPACE,
160 STARTTLS,
161 AUTH_CRAM_MD5
164 static const char *cap_list[] = {
165 "LOGINDISABLED",
166 "UIDPLUS",
167 "LITERAL+",
168 "NAMESPACE",
169 "STARTTLS",
170 "AUTH=CRAM-MD5",
173 #define RESP_OK 0
174 #define RESP_NO 1
175 #define RESP_BAD 2
177 static int get_cmd_result(struct imap_store *ctx, struct imap_cmd *tcmd);
180 #ifndef NO_OPENSSL
181 static void ssl_socket_perror(const char *func)
183 fprintf(stderr, "%s: %s\n", func, ERR_error_string(ERR_get_error(), NULL));
185 #endif
187 static void socket_perror(const char *func, struct imap_socket *sock, int ret)
189 #ifndef NO_OPENSSL
190 if (sock->ssl) {
191 int sslerr = SSL_get_error(sock->ssl, ret);
192 switch (sslerr) {
193 case SSL_ERROR_NONE:
194 break;
195 case SSL_ERROR_SYSCALL:
196 perror("SSL_connect");
197 break;
198 default:
199 ssl_socket_perror("SSL_connect");
200 break;
202 } else
203 #endif
205 if (ret < 0)
206 perror(func);
207 else
208 fprintf(stderr, "%s: unexpected EOF\n", func);
212 #ifdef NO_OPENSSL
213 static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int verify)
215 fprintf(stderr, "SSL requested but SSL support not compiled in\n");
216 return -1;
219 #else
221 static int host_matches(const char *host, const char *pattern)
223 if (pattern[0] == '*' && pattern[1] == '.') {
224 pattern += 2;
225 if (!(host = strchr(host, '.')))
226 return 0;
227 host++;
230 return *host && *pattern && !strcasecmp(host, pattern);
233 static int verify_hostname(X509 *cert, const char *hostname)
235 int len;
236 X509_NAME *subj;
237 char cname[1000];
238 int i, found;
239 STACK_OF(GENERAL_NAME) *subj_alt_names;
241 /* try the DNS subjectAltNames */
242 found = 0;
243 if ((subj_alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL))) {
244 int num_subj_alt_names = sk_GENERAL_NAME_num(subj_alt_names);
245 for (i = 0; !found && i < num_subj_alt_names; i++) {
246 GENERAL_NAME *subj_alt_name = sk_GENERAL_NAME_value(subj_alt_names, i);
247 if (subj_alt_name->type == GEN_DNS &&
248 strlen((const char *)subj_alt_name->d.ia5->data) == (size_t)subj_alt_name->d.ia5->length &&
249 host_matches(hostname, (const char *)(subj_alt_name->d.ia5->data)))
250 found = 1;
252 sk_GENERAL_NAME_pop_free(subj_alt_names, GENERAL_NAME_free);
254 if (found)
255 return 0;
257 /* try the common name */
258 if (!(subj = X509_get_subject_name(cert)))
259 return error("cannot get certificate subject");
260 if ((len = X509_NAME_get_text_by_NID(subj, NID_commonName, cname, sizeof(cname))) < 0)
261 return error("cannot get certificate common name");
262 if (strlen(cname) == (size_t)len && host_matches(hostname, cname))
263 return 0;
264 return error("certificate owner '%s' does not match hostname '%s'",
265 cname, hostname);
268 static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int verify)
270 #if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
271 const SSL_METHOD *meth;
272 #else
273 SSL_METHOD *meth;
274 #endif
275 SSL_CTX *ctx;
276 int ret;
277 X509 *cert;
279 SSL_library_init();
280 SSL_load_error_strings();
282 if (use_tls_only)
283 meth = TLSv1_method();
284 else
285 meth = SSLv23_method();
287 if (!meth) {
288 ssl_socket_perror("SSLv23_method");
289 return -1;
292 ctx = SSL_CTX_new(meth);
294 if (verify)
295 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
297 if (!SSL_CTX_set_default_verify_paths(ctx)) {
298 ssl_socket_perror("SSL_CTX_set_default_verify_paths");
299 return -1;
301 sock->ssl = SSL_new(ctx);
302 if (!sock->ssl) {
303 ssl_socket_perror("SSL_new");
304 return -1;
306 if (!SSL_set_rfd(sock->ssl, sock->fd[0])) {
307 ssl_socket_perror("SSL_set_rfd");
308 return -1;
310 if (!SSL_set_wfd(sock->ssl, sock->fd[1])) {
311 ssl_socket_perror("SSL_set_wfd");
312 return -1;
315 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
317 * SNI (RFC4366)
318 * OpenSSL does not document this function, but the implementation
319 * returns 1 on success, 0 on failure after calling SSLerr().
321 ret = SSL_set_tlsext_host_name(sock->ssl, server.host);
322 if (ret != 1)
323 warning("SSL_set_tlsext_host_name(%s) failed.", server.host);
324 #endif
326 ret = SSL_connect(sock->ssl);
327 if (ret <= 0) {
328 socket_perror("SSL_connect", sock, ret);
329 return -1;
332 if (verify) {
333 /* make sure the hostname matches that of the certificate */
334 cert = SSL_get_peer_certificate(sock->ssl);
335 if (!cert)
336 return error("unable to get peer certificate.");
337 if (verify_hostname(cert, server.host) < 0)
338 return -1;
341 return 0;
343 #endif
345 static int socket_read(struct imap_socket *sock, char *buf, int len)
347 ssize_t n;
348 #ifndef NO_OPENSSL
349 if (sock->ssl)
350 n = SSL_read(sock->ssl, buf, len);
351 else
352 #endif
353 n = xread(sock->fd[0], buf, len);
354 if (n <= 0) {
355 socket_perror("read", sock, n);
356 close(sock->fd[0]);
357 close(sock->fd[1]);
358 sock->fd[0] = sock->fd[1] = -1;
360 return n;
363 static int socket_write(struct imap_socket *sock, const char *buf, int len)
365 int n;
366 #ifndef NO_OPENSSL
367 if (sock->ssl)
368 n = SSL_write(sock->ssl, buf, len);
369 else
370 #endif
371 n = write_in_full(sock->fd[1], buf, len);
372 if (n != len) {
373 socket_perror("write", sock, n);
374 close(sock->fd[0]);
375 close(sock->fd[1]);
376 sock->fd[0] = sock->fd[1] = -1;
378 return n;
381 static void socket_shutdown(struct imap_socket *sock)
383 #ifndef NO_OPENSSL
384 if (sock->ssl) {
385 SSL_shutdown(sock->ssl);
386 SSL_free(sock->ssl);
388 #endif
389 close(sock->fd[0]);
390 close(sock->fd[1]);
393 /* simple line buffering */
394 static int buffer_gets(struct imap_buffer *b, char **s)
396 int n;
397 int start = b->offset;
399 *s = b->buf + start;
401 for (;;) {
402 /* make sure we have enough data to read the \r\n sequence */
403 if (b->offset + 1 >= b->bytes) {
404 if (start) {
405 /* shift down used bytes */
406 *s = b->buf;
408 assert(start <= b->bytes);
409 n = b->bytes - start;
411 if (n)
412 memmove(b->buf, b->buf + start, n);
413 b->offset -= start;
414 b->bytes = n;
415 start = 0;
418 n = socket_read(&b->sock, b->buf + b->bytes,
419 sizeof(b->buf) - b->bytes);
421 if (n <= 0)
422 return -1;
424 b->bytes += n;
427 if (b->buf[b->offset] == '\r') {
428 assert(b->offset + 1 < b->bytes);
429 if (b->buf[b->offset + 1] == '\n') {
430 b->buf[b->offset] = 0; /* terminate the string */
431 b->offset += 2; /* next line */
432 if (0 < verbosity)
433 puts(*s);
434 return 0;
438 b->offset++;
440 /* not reached */
443 static void imap_info(const char *msg, ...)
445 va_list va;
447 if (0 <= verbosity) {
448 va_start(va, msg);
449 vprintf(msg, va);
450 va_end(va);
451 fflush(stdout);
455 static void imap_warn(const char *msg, ...)
457 va_list va;
459 if (-2 < verbosity) {
460 va_start(va, msg);
461 vfprintf(stderr, msg, va);
462 va_end(va);
466 static char *next_arg(char **s)
468 char *ret;
470 if (!s || !*s)
471 return NULL;
472 while (isspace((unsigned char) **s))
473 (*s)++;
474 if (!**s) {
475 *s = NULL;
476 return NULL;
478 if (**s == '"') {
479 ++*s;
480 ret = *s;
481 *s = strchr(*s, '"');
482 } else {
483 ret = *s;
484 while (**s && !isspace((unsigned char) **s))
485 (*s)++;
487 if (*s) {
488 if (**s)
489 *(*s)++ = 0;
490 if (!**s)
491 *s = NULL;
493 return ret;
496 static int nfsnprintf(char *buf, int blen, const char *fmt, ...)
498 int ret;
499 va_list va;
501 va_start(va, fmt);
502 if (blen <= 0 || (unsigned)(ret = vsnprintf(buf, blen, fmt, va)) >= (unsigned)blen)
503 die("Fatal: buffer too small. Please report a bug.");
504 va_end(va);
505 return ret;
508 static struct imap_cmd *issue_imap_cmd(struct imap_store *ctx,
509 struct imap_cmd_cb *cb,
510 const char *fmt, va_list ap)
512 struct imap *imap = ctx->imap;
513 struct imap_cmd *cmd;
514 int n, bufl;
515 char buf[1024];
517 cmd = xmalloc(sizeof(struct imap_cmd));
518 nfvasprintf(&cmd->cmd, fmt, ap);
519 cmd->tag = ++imap->nexttag;
521 if (cb)
522 cmd->cb = *cb;
523 else
524 memset(&cmd->cb, 0, sizeof(cmd->cb));
526 while (imap->literal_pending)
527 get_cmd_result(ctx, NULL);
529 if (!cmd->cb.data)
530 bufl = nfsnprintf(buf, sizeof(buf), "%d %s\r\n", cmd->tag, cmd->cmd);
531 else
532 bufl = nfsnprintf(buf, sizeof(buf), "%d %s{%d%s}\r\n",
533 cmd->tag, cmd->cmd, cmd->cb.dlen,
534 CAP(LITERALPLUS) ? "+" : "");
536 if (0 < verbosity) {
537 if (imap->num_in_progress)
538 printf("(%d in progress) ", imap->num_in_progress);
539 if (!starts_with(cmd->cmd, "LOGIN"))
540 printf(">>> %s", buf);
541 else
542 printf(">>> %d LOGIN <user> <pass>\n", cmd->tag);
544 if (socket_write(&imap->buf.sock, buf, bufl) != bufl) {
545 free(cmd->cmd);
546 free(cmd);
547 if (cb)
548 free(cb->data);
549 return NULL;
551 if (cmd->cb.data) {
552 if (CAP(LITERALPLUS)) {
553 n = socket_write(&imap->buf.sock, cmd->cb.data, cmd->cb.dlen);
554 free(cmd->cb.data);
555 if (n != cmd->cb.dlen ||
556 socket_write(&imap->buf.sock, "\r\n", 2) != 2) {
557 free(cmd->cmd);
558 free(cmd);
559 return NULL;
561 cmd->cb.data = NULL;
562 } else
563 imap->literal_pending = 1;
564 } else if (cmd->cb.cont)
565 imap->literal_pending = 1;
566 cmd->next = NULL;
567 *imap->in_progress_append = cmd;
568 imap->in_progress_append = &cmd->next;
569 imap->num_in_progress++;
570 return cmd;
573 __attribute__((format (printf, 3, 4)))
574 static int imap_exec(struct imap_store *ctx, struct imap_cmd_cb *cb,
575 const char *fmt, ...)
577 va_list ap;
578 struct imap_cmd *cmdp;
580 va_start(ap, fmt);
581 cmdp = issue_imap_cmd(ctx, cb, fmt, ap);
582 va_end(ap);
583 if (!cmdp)
584 return RESP_BAD;
586 return get_cmd_result(ctx, cmdp);
589 __attribute__((format (printf, 3, 4)))
590 static int imap_exec_m(struct imap_store *ctx, struct imap_cmd_cb *cb,
591 const char *fmt, ...)
593 va_list ap;
594 struct imap_cmd *cmdp;
596 va_start(ap, fmt);
597 cmdp = issue_imap_cmd(ctx, cb, fmt, ap);
598 va_end(ap);
599 if (!cmdp)
600 return DRV_STORE_BAD;
602 switch (get_cmd_result(ctx, cmdp)) {
603 case RESP_BAD: return DRV_STORE_BAD;
604 case RESP_NO: return DRV_MSG_BAD;
605 default: return DRV_OK;
609 static int skip_imap_list_l(char **sp, int level)
611 char *s = *sp;
613 for (;;) {
614 while (isspace((unsigned char)*s))
615 s++;
616 if (level && *s == ')') {
617 s++;
618 break;
620 if (*s == '(') {
621 /* sublist */
622 s++;
623 if (skip_imap_list_l(&s, level + 1))
624 goto bail;
625 } else if (*s == '"') {
626 /* quoted string */
627 s++;
628 for (; *s != '"'; s++)
629 if (!*s)
630 goto bail;
631 s++;
632 } else {
633 /* atom */
634 for (; *s && !isspace((unsigned char)*s); s++)
635 if (level && *s == ')')
636 break;
639 if (!level)
640 break;
641 if (!*s)
642 goto bail;
644 *sp = s;
645 return 0;
647 bail:
648 return -1;
651 static void skip_list(char **sp)
653 skip_imap_list_l(sp, 0);
656 static void parse_capability(struct imap *imap, char *cmd)
658 char *arg;
659 unsigned i;
661 imap->caps = 0x80000000;
662 while ((arg = next_arg(&cmd)))
663 for (i = 0; i < ARRAY_SIZE(cap_list); i++)
664 if (!strcmp(cap_list[i], arg))
665 imap->caps |= 1 << i;
666 imap->rcaps = imap->caps;
669 static int parse_response_code(struct imap_store *ctx, struct imap_cmd_cb *cb,
670 char *s)
672 struct imap *imap = ctx->imap;
673 char *arg, *p;
675 if (*s != '[')
676 return RESP_OK; /* no response code */
677 s++;
678 if (!(p = strchr(s, ']'))) {
679 fprintf(stderr, "IMAP error: malformed response code\n");
680 return RESP_BAD;
682 *p++ = 0;
683 arg = next_arg(&s);
684 if (!strcmp("UIDVALIDITY", arg)) {
685 if (!(arg = next_arg(&s)) || !(ctx->uidvalidity = atoi(arg))) {
686 fprintf(stderr, "IMAP error: malformed UIDVALIDITY status\n");
687 return RESP_BAD;
689 } else if (!strcmp("UIDNEXT", arg)) {
690 if (!(arg = next_arg(&s)) || !(imap->uidnext = atoi(arg))) {
691 fprintf(stderr, "IMAP error: malformed NEXTUID status\n");
692 return RESP_BAD;
694 } else if (!strcmp("CAPABILITY", arg)) {
695 parse_capability(imap, s);
696 } else if (!strcmp("ALERT", arg)) {
697 /* RFC2060 says that these messages MUST be displayed
698 * to the user
700 for (; isspace((unsigned char)*p); p++);
701 fprintf(stderr, "*** IMAP ALERT *** %s\n", p);
702 } else if (cb && cb->ctx && !strcmp("APPENDUID", arg)) {
703 if (!(arg = next_arg(&s)) || !(ctx->uidvalidity = atoi(arg)) ||
704 !(arg = next_arg(&s)) || !(*(int *)cb->ctx = atoi(arg))) {
705 fprintf(stderr, "IMAP error: malformed APPENDUID status\n");
706 return RESP_BAD;
709 return RESP_OK;
712 static int get_cmd_result(struct imap_store *ctx, struct imap_cmd *tcmd)
714 struct imap *imap = ctx->imap;
715 struct imap_cmd *cmdp, **pcmdp;
716 char *cmd, *arg, *arg1;
717 int n, resp, resp2, tag;
719 for (;;) {
720 if (buffer_gets(&imap->buf, &cmd))
721 return RESP_BAD;
723 arg = next_arg(&cmd);
724 if (*arg == '*') {
725 arg = next_arg(&cmd);
726 if (!arg) {
727 fprintf(stderr, "IMAP error: unable to parse untagged response\n");
728 return RESP_BAD;
731 if (!strcmp("NAMESPACE", arg)) {
732 /* rfc2342 NAMESPACE response. */
733 skip_list(&cmd); /* Personal mailboxes */
734 skip_list(&cmd); /* Others' mailboxes */
735 skip_list(&cmd); /* Shared mailboxes */
736 } else if (!strcmp("OK", arg) || !strcmp("BAD", arg) ||
737 !strcmp("NO", arg) || !strcmp("BYE", arg)) {
738 if ((resp = parse_response_code(ctx, NULL, cmd)) != RESP_OK)
739 return resp;
740 } else if (!strcmp("CAPABILITY", arg)) {
741 parse_capability(imap, cmd);
742 } else if ((arg1 = next_arg(&cmd))) {
743 ; /*
744 * Unhandled response-data with at least two words.
745 * Ignore it.
747 * NEEDSWORK: Previously this case handled '<num> EXISTS'
748 * and '<num> RECENT' but as a probably-unintended side
749 * effect it ignores other unrecognized two-word
750 * responses. imap-send doesn't ever try to read
751 * messages or mailboxes these days, so consider
752 * eliminating this case.
754 } else {
755 fprintf(stderr, "IMAP error: unable to parse untagged response\n");
756 return RESP_BAD;
758 } else if (!imap->in_progress) {
759 fprintf(stderr, "IMAP error: unexpected reply: %s %s\n", arg, cmd ? cmd : "");
760 return RESP_BAD;
761 } else if (*arg == '+') {
762 /* This can happen only with the last command underway, as
763 it enforces a round-trip. */
764 cmdp = (struct imap_cmd *)((char *)imap->in_progress_append -
765 offsetof(struct imap_cmd, next));
766 if (cmdp->cb.data) {
767 n = socket_write(&imap->buf.sock, cmdp->cb.data, cmdp->cb.dlen);
768 free(cmdp->cb.data);
769 cmdp->cb.data = NULL;
770 if (n != (int)cmdp->cb.dlen)
771 return RESP_BAD;
772 } else if (cmdp->cb.cont) {
773 if (cmdp->cb.cont(ctx, cmdp, cmd))
774 return RESP_BAD;
775 } else {
776 fprintf(stderr, "IMAP error: unexpected command continuation request\n");
777 return RESP_BAD;
779 if (socket_write(&imap->buf.sock, "\r\n", 2) != 2)
780 return RESP_BAD;
781 if (!cmdp->cb.cont)
782 imap->literal_pending = 0;
783 if (!tcmd)
784 return DRV_OK;
785 } else {
786 tag = atoi(arg);
787 for (pcmdp = &imap->in_progress; (cmdp = *pcmdp); pcmdp = &cmdp->next)
788 if (cmdp->tag == tag)
789 goto gottag;
790 fprintf(stderr, "IMAP error: unexpected tag %s\n", arg);
791 return RESP_BAD;
792 gottag:
793 if (!(*pcmdp = cmdp->next))
794 imap->in_progress_append = pcmdp;
795 imap->num_in_progress--;
796 if (cmdp->cb.cont || cmdp->cb.data)
797 imap->literal_pending = 0;
798 arg = next_arg(&cmd);
799 if (!strcmp("OK", arg))
800 resp = DRV_OK;
801 else {
802 if (!strcmp("NO", arg))
803 resp = RESP_NO;
804 else /*if (!strcmp("BAD", arg))*/
805 resp = RESP_BAD;
806 fprintf(stderr, "IMAP command '%s' returned response (%s) - %s\n",
807 !starts_with(cmdp->cmd, "LOGIN") ?
808 cmdp->cmd : "LOGIN <user> <pass>",
809 arg, cmd ? cmd : "");
811 if ((resp2 = parse_response_code(ctx, &cmdp->cb, cmd)) > resp)
812 resp = resp2;
813 if (cmdp->cb.done)
814 cmdp->cb.done(ctx, cmdp, resp);
815 free(cmdp->cb.data);
816 free(cmdp->cmd);
817 free(cmdp);
818 if (!tcmd || tcmd == cmdp)
819 return resp;
822 /* not reached */
825 static void imap_close_server(struct imap_store *ictx)
827 struct imap *imap = ictx->imap;
829 if (imap->buf.sock.fd[0] != -1) {
830 imap_exec(ictx, NULL, "LOGOUT");
831 socket_shutdown(&imap->buf.sock);
833 free(imap);
836 static void imap_close_store(struct imap_store *ctx)
838 imap_close_server(ctx);
839 free(ctx);
842 #ifndef NO_OPENSSL
845 * hexchar() and cram() functions are based on the code from the isync
846 * project (http://isync.sf.net/).
848 static char hexchar(unsigned int b)
850 return b < 10 ? '0' + b : 'a' + (b - 10);
853 #define ENCODED_SIZE(n) (4*((n+2)/3))
854 static char *cram(const char *challenge_64, const char *user, const char *pass)
856 int i, resp_len, encoded_len, decoded_len;
857 HMAC_CTX hmac;
858 unsigned char hash[16];
859 char hex[33];
860 char *response, *response_64, *challenge;
863 * length of challenge_64 (i.e. base-64 encoded string) is a good
864 * enough upper bound for challenge (decoded result).
866 encoded_len = strlen(challenge_64);
867 challenge = xmalloc(encoded_len);
868 decoded_len = EVP_DecodeBlock((unsigned char *)challenge,
869 (unsigned char *)challenge_64, encoded_len);
870 if (decoded_len < 0)
871 die("invalid challenge %s", challenge_64);
872 HMAC_Init(&hmac, (unsigned char *)pass, strlen(pass), EVP_md5());
873 HMAC_Update(&hmac, (unsigned char *)challenge, decoded_len);
874 HMAC_Final(&hmac, hash, NULL);
875 HMAC_CTX_cleanup(&hmac);
877 hex[32] = 0;
878 for (i = 0; i < 16; i++) {
879 hex[2 * i] = hexchar((hash[i] >> 4) & 0xf);
880 hex[2 * i + 1] = hexchar(hash[i] & 0xf);
883 /* response: "<user> <digest in hex>" */
884 resp_len = strlen(user) + 1 + strlen(hex) + 1;
885 response = xmalloc(resp_len);
886 sprintf(response, "%s %s", user, hex);
888 response_64 = xmalloc(ENCODED_SIZE(resp_len) + 1);
889 encoded_len = EVP_EncodeBlock((unsigned char *)response_64,
890 (unsigned char *)response, resp_len);
891 if (encoded_len < 0)
892 die("EVP_EncodeBlock error");
893 response_64[encoded_len] = '\0';
894 return (char *)response_64;
897 #else
899 static char *cram(const char *challenge_64, const char *user, const char *pass)
901 die("If you want to use CRAM-MD5 authenticate method, "
902 "you have to build git-imap-send with OpenSSL library.");
905 #endif
907 static int auth_cram_md5(struct imap_store *ctx, struct imap_cmd *cmd, const char *prompt)
909 int ret;
910 char *response;
912 response = cram(prompt, server.user, server.pass);
914 ret = socket_write(&ctx->imap->buf.sock, response, strlen(response));
915 if (ret != strlen(response))
916 return error("IMAP error: sending response failed");
918 free(response);
920 return 0;
923 static struct imap_store *imap_open_store(struct imap_server_conf *srvc, char *folder)
925 struct credential cred = CREDENTIAL_INIT;
926 struct imap_store *ctx;
927 struct imap *imap;
928 char *arg, *rsp;
929 int s = -1, preauth;
931 ctx = xcalloc(1, sizeof(*ctx));
933 ctx->imap = imap = xcalloc(1, sizeof(*imap));
934 imap->buf.sock.fd[0] = imap->buf.sock.fd[1] = -1;
935 imap->in_progress_append = &imap->in_progress;
937 /* open connection to IMAP server */
939 if (srvc->tunnel) {
940 struct child_process tunnel = CHILD_PROCESS_INIT;
942 imap_info("Starting tunnel '%s'... ", srvc->tunnel);
944 argv_array_push(&tunnel.args, srvc->tunnel);
945 tunnel.use_shell = 1;
946 tunnel.in = -1;
947 tunnel.out = -1;
948 if (start_command(&tunnel))
949 die("cannot start proxy %s", srvc->tunnel);
951 imap->buf.sock.fd[0] = tunnel.out;
952 imap->buf.sock.fd[1] = tunnel.in;
954 imap_info("ok\n");
955 } else {
956 #ifndef NO_IPV6
957 struct addrinfo hints, *ai0, *ai;
958 int gai;
959 char portstr[6];
961 snprintf(portstr, sizeof(portstr), "%d", srvc->port);
963 memset(&hints, 0, sizeof(hints));
964 hints.ai_socktype = SOCK_STREAM;
965 hints.ai_protocol = IPPROTO_TCP;
967 imap_info("Resolving %s... ", srvc->host);
968 gai = getaddrinfo(srvc->host, portstr, &hints, &ai);
969 if (gai) {
970 fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(gai));
971 goto bail;
973 imap_info("ok\n");
975 for (ai0 = ai; ai; ai = ai->ai_next) {
976 char addr[NI_MAXHOST];
978 s = socket(ai->ai_family, ai->ai_socktype,
979 ai->ai_protocol);
980 if (s < 0)
981 continue;
983 getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
984 sizeof(addr), NULL, 0, NI_NUMERICHOST);
985 imap_info("Connecting to [%s]:%s... ", addr, portstr);
987 if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0) {
988 close(s);
989 s = -1;
990 perror("connect");
991 continue;
994 break;
996 freeaddrinfo(ai0);
997 #else /* NO_IPV6 */
998 struct hostent *he;
999 struct sockaddr_in addr;
1001 memset(&addr, 0, sizeof(addr));
1002 addr.sin_port = htons(srvc->port);
1003 addr.sin_family = AF_INET;
1005 imap_info("Resolving %s... ", srvc->host);
1006 he = gethostbyname(srvc->host);
1007 if (!he) {
1008 perror("gethostbyname");
1009 goto bail;
1011 imap_info("ok\n");
1013 addr.sin_addr.s_addr = *((int *) he->h_addr_list[0]);
1015 s = socket(PF_INET, SOCK_STREAM, 0);
1017 imap_info("Connecting to %s:%hu... ", inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
1018 if (connect(s, (struct sockaddr *)&addr, sizeof(addr))) {
1019 close(s);
1020 s = -1;
1021 perror("connect");
1023 #endif
1024 if (s < 0) {
1025 fputs("Error: unable to connect to server.\n", stderr);
1026 goto bail;
1029 imap->buf.sock.fd[0] = s;
1030 imap->buf.sock.fd[1] = dup(s);
1032 if (srvc->use_ssl &&
1033 ssl_socket_connect(&imap->buf.sock, 0, srvc->ssl_verify)) {
1034 close(s);
1035 goto bail;
1037 imap_info("ok\n");
1040 /* read the greeting string */
1041 if (buffer_gets(&imap->buf, &rsp)) {
1042 fprintf(stderr, "IMAP error: no greeting response\n");
1043 goto bail;
1045 arg = next_arg(&rsp);
1046 if (!arg || *arg != '*' || (arg = next_arg(&rsp)) == NULL) {
1047 fprintf(stderr, "IMAP error: invalid greeting response\n");
1048 goto bail;
1050 preauth = 0;
1051 if (!strcmp("PREAUTH", arg))
1052 preauth = 1;
1053 else if (strcmp("OK", arg) != 0) {
1054 fprintf(stderr, "IMAP error: unknown greeting response\n");
1055 goto bail;
1057 parse_response_code(ctx, NULL, rsp);
1058 if (!imap->caps && imap_exec(ctx, NULL, "CAPABILITY") != RESP_OK)
1059 goto bail;
1061 if (!preauth) {
1062 #ifndef NO_OPENSSL
1063 if (!srvc->use_ssl && CAP(STARTTLS)) {
1064 if (imap_exec(ctx, NULL, "STARTTLS") != RESP_OK)
1065 goto bail;
1066 if (ssl_socket_connect(&imap->buf.sock, 1,
1067 srvc->ssl_verify))
1068 goto bail;
1069 /* capabilities may have changed, so get the new capabilities */
1070 if (imap_exec(ctx, NULL, "CAPABILITY") != RESP_OK)
1071 goto bail;
1073 #endif
1074 imap_info("Logging in...\n");
1075 if (!srvc->user || !srvc->pass) {
1076 cred.protocol = xstrdup(srvc->use_ssl ? "imaps" : "imap");
1077 cred.host = xstrdup(srvc->host);
1079 if (srvc->user)
1080 cred.username = xstrdup(srvc->user);
1081 if (srvc->pass)
1082 cred.password = xstrdup(srvc->pass);
1084 credential_fill(&cred);
1086 if (!srvc->user)
1087 srvc->user = xstrdup(cred.username);
1088 if (!srvc->pass)
1089 srvc->pass = xstrdup(cred.password);
1092 if (CAP(NOLOGIN)) {
1093 fprintf(stderr, "Skipping account %s@%s, server forbids LOGIN\n", srvc->user, srvc->host);
1094 goto bail;
1097 if (srvc->auth_method) {
1098 struct imap_cmd_cb cb;
1100 if (!strcmp(srvc->auth_method, "CRAM-MD5")) {
1101 if (!CAP(AUTH_CRAM_MD5)) {
1102 fprintf(stderr, "You specified"
1103 "CRAM-MD5 as authentication method, "
1104 "but %s doesn't support it.\n", srvc->host);
1105 goto bail;
1107 /* CRAM-MD5 */
1109 memset(&cb, 0, sizeof(cb));
1110 cb.cont = auth_cram_md5;
1111 if (imap_exec(ctx, &cb, "AUTHENTICATE CRAM-MD5") != RESP_OK) {
1112 fprintf(stderr, "IMAP error: AUTHENTICATE CRAM-MD5 failed\n");
1113 goto bail;
1115 } else {
1116 fprintf(stderr, "Unknown authentication method:%s\n", srvc->host);
1117 goto bail;
1119 } else {
1120 if (!imap->buf.sock.ssl)
1121 imap_warn("*** IMAP Warning *** Password is being "
1122 "sent in the clear\n");
1123 if (imap_exec(ctx, NULL, "LOGIN \"%s\" \"%s\"", srvc->user, srvc->pass) != RESP_OK) {
1124 fprintf(stderr, "IMAP error: LOGIN failed\n");
1125 goto bail;
1128 } /* !preauth */
1130 if (cred.username)
1131 credential_approve(&cred);
1132 credential_clear(&cred);
1134 /* check the target mailbox exists */
1135 ctx->name = folder;
1136 switch (imap_exec(ctx, NULL, "EXAMINE \"%s\"", ctx->name)) {
1137 case RESP_OK:
1138 /* ok */
1139 break;
1140 case RESP_BAD:
1141 fprintf(stderr, "IMAP error: could not check mailbox\n");
1142 goto out;
1143 case RESP_NO:
1144 if (imap_exec(ctx, NULL, "CREATE \"%s\"", ctx->name) == RESP_OK) {
1145 imap_info("Created missing mailbox\n");
1146 } else {
1147 fprintf(stderr, "IMAP error: could not create missing mailbox\n");
1148 goto out;
1150 break;
1153 ctx->prefix = "";
1154 return ctx;
1156 bail:
1157 if (cred.username)
1158 credential_reject(&cred);
1159 credential_clear(&cred);
1161 out:
1162 imap_close_store(ctx);
1163 return NULL;
1167 * Insert CR characters as necessary in *msg to ensure that every LF
1168 * character in *msg is preceded by a CR.
1170 static void lf_to_crlf(struct strbuf *msg)
1172 char *new;
1173 size_t i, j;
1174 char lastc;
1176 /* First pass: tally, in j, the size of the new string: */
1177 for (i = j = 0, lastc = '\0'; i < msg->len; i++) {
1178 if (msg->buf[i] == '\n' && lastc != '\r')
1179 j++; /* a CR will need to be added here */
1180 lastc = msg->buf[i];
1181 j++;
1184 new = xmalloc(j + 1);
1187 * Second pass: write the new string. Note that this loop is
1188 * otherwise identical to the first pass.
1190 for (i = j = 0, lastc = '\0'; i < msg->len; i++) {
1191 if (msg->buf[i] == '\n' && lastc != '\r')
1192 new[j++] = '\r';
1193 lastc = new[j++] = msg->buf[i];
1195 strbuf_attach(msg, new, j, j + 1);
1199 * Store msg to IMAP. Also detach and free the data from msg->data,
1200 * leaving msg->data empty.
1202 static int imap_store_msg(struct imap_store *ctx, struct strbuf *msg)
1204 struct imap *imap = ctx->imap;
1205 struct imap_cmd_cb cb;
1206 const char *prefix, *box;
1207 int ret;
1209 lf_to_crlf(msg);
1210 memset(&cb, 0, sizeof(cb));
1212 cb.dlen = msg->len;
1213 cb.data = strbuf_detach(msg, NULL);
1215 box = ctx->name;
1216 prefix = !strcmp(box, "INBOX") ? "" : ctx->prefix;
1217 ret = imap_exec_m(ctx, &cb, "APPEND \"%s%s\" ", prefix, box);
1218 imap->caps = imap->rcaps;
1219 if (ret != DRV_OK)
1220 return ret;
1222 return DRV_OK;
1225 static void wrap_in_html(struct strbuf *msg)
1227 struct strbuf buf = STRBUF_INIT;
1228 static char *content_type = "Content-Type: text/html;\n";
1229 static char *pre_open = "<pre>\n";
1230 static char *pre_close = "</pre>\n";
1231 const char *body = strstr(msg->buf, "\n\n");
1233 if (!body)
1234 return; /* Headers but no body; no wrapping needed */
1236 body += 2;
1238 strbuf_add(&buf, msg->buf, body - msg->buf - 1);
1239 strbuf_addstr(&buf, content_type);
1240 strbuf_addch(&buf, '\n');
1241 strbuf_addstr(&buf, pre_open);
1242 strbuf_addstr_xml_quoted(&buf, body);
1243 strbuf_addstr(&buf, pre_close);
1245 strbuf_release(msg);
1246 *msg = buf;
1249 #define CHUNKSIZE 0x1000
1251 static int read_message(FILE *f, struct strbuf *all_msgs)
1253 do {
1254 if (strbuf_fread(all_msgs, CHUNKSIZE, f) <= 0)
1255 break;
1256 } while (!feof(f));
1258 return ferror(f) ? -1 : 0;
1261 static int count_messages(struct strbuf *all_msgs)
1263 int count = 0;
1264 char *p = all_msgs->buf;
1266 while (1) {
1267 if (starts_with(p, "From ")) {
1268 p = strstr(p+5, "\nFrom: ");
1269 if (!p) break;
1270 p = strstr(p+7, "\nDate: ");
1271 if (!p) break;
1272 p = strstr(p+7, "\nSubject: ");
1273 if (!p) break;
1274 p += 10;
1275 count++;
1277 p = strstr(p+5, "\nFrom ");
1278 if (!p)
1279 break;
1280 p++;
1282 return count;
1286 * Copy the next message from all_msgs, starting at offset *ofs, to
1287 * msg. Update *ofs to the start of the following message. Return
1288 * true iff a message was successfully copied.
1290 static int split_msg(struct strbuf *all_msgs, struct strbuf *msg, int *ofs)
1292 char *p, *data;
1293 size_t len;
1295 if (*ofs >= all_msgs->len)
1296 return 0;
1298 data = &all_msgs->buf[*ofs];
1299 len = all_msgs->len - *ofs;
1301 if (len < 5 || !starts_with(data, "From "))
1302 return 0;
1304 p = strchr(data, '\n');
1305 if (p) {
1306 p++;
1307 len -= p - data;
1308 *ofs += p - data;
1309 data = p;
1312 p = strstr(data, "\nFrom ");
1313 if (p)
1314 len = &p[1] - data;
1316 strbuf_add(msg, data, len);
1317 *ofs += len;
1318 return 1;
1321 static void git_imap_config(void)
1323 const char *val = NULL;
1325 git_config_get_bool("imap.sslverify", &server.ssl_verify);
1326 git_config_get_bool("imap.preformattedhtml", &server.use_html);
1327 git_config_get_string("imap.folder", &server.folder);
1329 if (!git_config_get_value("imap.host", &val)) {
1330 if (!val) {
1331 git_die_config("imap.host", "Missing value for 'imap.host'");
1332 } else {
1333 if (starts_with(val, "imap:"))
1334 val += 5;
1335 else if (starts_with(val, "imaps:")) {
1336 val += 6;
1337 server.use_ssl = 1;
1339 if (starts_with(val, "//"))
1340 val += 2;
1341 server.host = xstrdup(val);
1345 git_config_get_string("imap.user", &server.user);
1346 git_config_get_string("imap.pass", &server.pass);
1347 git_config_get_int("imap.port", &server.port);
1348 git_config_get_string("imap.tunnel", &server.tunnel);
1349 git_config_get_string("imap.authmethod", &server.auth_method);
1352 static int append_msgs_to_imap(struct imap_server_conf *server,
1353 struct strbuf* all_msgs, int total)
1355 struct strbuf msg = STRBUF_INIT;
1356 struct imap_store *ctx = NULL;
1357 int ofs = 0;
1358 int r;
1359 int n = 0;
1361 ctx = imap_open_store(server, server->folder);
1362 if (!ctx) {
1363 fprintf(stderr, "failed to open store\n");
1364 return 1;
1366 ctx->name = server->folder;
1368 fprintf(stderr, "sending %d message%s\n", total, (total != 1) ? "s" : "");
1369 while (1) {
1370 unsigned percent = n * 100 / total;
1372 fprintf(stderr, "%4u%% (%d/%d) done\r", percent, n, total);
1374 if (!split_msg(all_msgs, &msg, &ofs))
1375 break;
1376 if (server->use_html)
1377 wrap_in_html(&msg);
1378 r = imap_store_msg(ctx, &msg);
1379 if (r != DRV_OK)
1380 break;
1381 n++;
1383 fprintf(stderr, "\n");
1385 imap_close_store(ctx);
1387 return 0;
1390 #ifdef USE_CURL_FOR_IMAP_SEND
1391 static CURL *setup_curl(struct imap_server_conf *srvc)
1393 CURL *curl;
1394 struct strbuf path = STRBUF_INIT;
1396 if (curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK)
1397 die("curl_global_init failed");
1399 curl = curl_easy_init();
1401 if (!curl)
1402 die("curl_easy_init failed");
1404 curl_easy_setopt(curl, CURLOPT_USERNAME, server.user);
1405 curl_easy_setopt(curl, CURLOPT_PASSWORD, server.pass);
1407 strbuf_addstr(&path, server.host);
1408 if (!path.len || path.buf[path.len - 1] != '/')
1409 strbuf_addch(&path, '/');
1410 strbuf_addstr(&path, server.folder);
1412 curl_easy_setopt(curl, CURLOPT_URL, path.buf);
1413 strbuf_release(&path);
1414 curl_easy_setopt(curl, CURLOPT_PORT, server.port);
1416 if (server.auth_method) {
1417 struct strbuf auth = STRBUF_INIT;
1418 strbuf_addstr(&auth, "AUTH=");
1419 strbuf_addstr(&auth, server.auth_method);
1420 curl_easy_setopt(curl, CURLOPT_LOGIN_OPTIONS, auth.buf);
1421 strbuf_release(&auth);
1424 if (!server.use_ssl)
1425 curl_easy_setopt(curl, CURLOPT_USE_SSL, (long)CURLUSESSL_TRY);
1427 curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, server.ssl_verify);
1428 curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, server.ssl_verify);
1430 curl_easy_setopt(curl, CURLOPT_READFUNCTION, fread_buffer);
1432 curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
1434 if (0 < verbosity || getenv("GIT_CURL_VERBOSE"))
1435 curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
1437 return curl;
1440 static int curl_append_msgs_to_imap(struct imap_server_conf *server,
1441 struct strbuf* all_msgs, int total) {
1442 int ofs = 0;
1443 int n = 0;
1444 struct buffer msgbuf = { STRBUF_INIT, 0 };
1445 CURL *curl;
1446 CURLcode res = CURLE_OK;
1448 curl = setup_curl(server);
1449 curl_easy_setopt(curl, CURLOPT_READDATA, &msgbuf);
1451 fprintf(stderr, "sending %d message%s\n", total, (total != 1) ? "s" : "");
1452 while (1) {
1453 unsigned percent = n * 100 / total;
1454 int prev_len;
1456 fprintf(stderr, "%4u%% (%d/%d) done\r", percent, n, total);
1458 prev_len = msgbuf.buf.len;
1459 if (!split_msg(all_msgs, &msgbuf.buf, &ofs))
1460 break;
1461 if (server->use_html)
1462 wrap_in_html(&msgbuf.buf);
1463 lf_to_crlf(&msgbuf.buf);
1465 curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE,
1466 (curl_off_t)(msgbuf.buf.len-prev_len));
1468 res = curl_easy_perform(curl);
1470 if(res != CURLE_OK) {
1471 fprintf(stderr, "curl_easy_perform() failed: %s\n",
1472 curl_easy_strerror(res));
1473 break;
1476 n++;
1478 fprintf(stderr, "\n");
1480 curl_easy_cleanup(curl);
1481 curl_global_cleanup();
1483 return 0;
1485 #endif
1487 int main(int argc, char **argv)
1489 struct strbuf all_msgs = STRBUF_INIT;
1490 int total;
1491 int nongit_ok;
1493 git_extract_argv0_path(argv[0]);
1495 git_setup_gettext();
1497 setup_git_directory_gently(&nongit_ok);
1498 git_imap_config();
1500 argc = parse_options(argc, (const char **)argv, "", imap_send_options, imap_send_usage, 0);
1502 if (argc)
1503 usage_with_options(imap_send_usage, imap_send_options);
1505 #ifndef USE_CURL_FOR_IMAP_SEND
1506 if (use_curl) {
1507 warning("--use-curl not supported in this build");
1508 use_curl = 0;
1510 #endif
1512 if (!server.port)
1513 server.port = server.use_ssl ? 993 : 143;
1515 if (!server.folder) {
1516 fprintf(stderr, "no imap store specified\n");
1517 return 1;
1519 if (!server.host) {
1520 if (!server.tunnel) {
1521 fprintf(stderr, "no imap host specified\n");
1522 return 1;
1524 server.host = "tunnel";
1527 /* read the messages */
1528 if (read_message(stdin, &all_msgs)) {
1529 fprintf(stderr, "error reading input\n");
1530 return 1;
1533 if (all_msgs.len == 0) {
1534 fprintf(stderr, "nothing to send\n");
1535 return 1;
1538 total = count_messages(&all_msgs);
1539 if (!total) {
1540 fprintf(stderr, "no messages to send\n");
1541 return 1;
1544 /* write it to the imap server */
1546 if (server.tunnel)
1547 return append_msgs_to_imap(&server, &all_msgs, total);
1549 #ifdef USE_CURL_FOR_IMAP_SEND
1550 if (use_curl)
1551 return curl_append_msgs_to_imap(&server, &all_msgs, total);
1552 #endif
1554 return append_msgs_to_imap(&server, &all_msgs, total);