search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
x
[heimdal.git] / appl / popper / pop_init.c
bloba2924877ddcc80f2f63eeafc3a117cc1b64a35fc
1 /*
2 * Copyright (c) 1989 Regents of the University of California.
3 * All rights reserved. The Berkeley software License Agreement
4 * specifies the terms and conditions for redistribution.
5 */
6
7 #include <popper.h>
8 RCSID("$Id$");
9
10
11 #if defined(KRB5)
12
13 static int
14 pop_net_read(POP *p, int fd, void *buf, size_t len)
15 {
16 #ifdef KRB5
17 return krb5_net_read(p->context, &fd, buf, len);
18 #else
19 #error must define KRB5
20 #endif
21 }
22 #endif
23
24 static char *addr_log;
25
26 static void
27 pop_write_addr(POP *p, struct sockaddr *addr)
28 {
29 char ts[32];
30 char as[128];
31 time_t t;
32 FILE *f;
33 if(addr_log == NULL)
34 return;
35 t = time(NULL);
36 strftime(ts, sizeof(ts), "%Y%m%d%H%M%S", localtime(&t));
37 if(inet_ntop (addr->sa_family, socket_get_address(addr),
38 as, sizeof(as)) == NULL) {
39 pop_log(p, POP_PRIORITY, "failed to print address");
40 return;
41 }
42
43 f = fopen(addr_log, "a");
44 if(f == NULL) {
45 pop_log(p, POP_PRIORITY, "failed to open address log (%s)", addr_log);
46 return;
47 }
48 fprintf(f, "%s %s\n", as, ts);
49 fclose(f);
50 }
51
52 #ifdef KRB5
53 static int
54 krb5_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr)
55 {
56 krb5_error_code ret;
57 krb5_auth_context auth_context = NULL;
58 uint32_t len;
59 krb5_ticket *ticket;
60 char *server;
61
62 if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
63 return -1;
64 len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]);
65
66 if (krb5_net_read(p->context, &s, buf, len) != len)
67 return -1;
68 if (len != sizeof(KRB5_SENDAUTH_VERSION)
69 || memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0)
70 return -1;
71
72 ret = krb5_recvauth (p->context,
73 &auth_context,
74 &s,
75 "KPOPV1.0",
76 NULL, /* let rd_req figure out what server to use */
77 KRB5_RECVAUTH_IGNORE_VERSION,
78 NULL,
79 &ticket);
80 if (ret) {
81 pop_log(p, POP_PRIORITY, "krb5_recvauth: %s",
82 krb5_get_err_text(p->context, ret));
83 return -1;
84 }
85
86
87 ret = krb5_unparse_name(p->context, ticket->server, &server);
88 if(ret) {
89 pop_log(p, POP_PRIORITY, "krb5_unparse_name: %s",
90 krb5_get_err_text(p->context, ret));
91 ret = -1;
92 goto out;
93 }
94 /* does this make sense? */
95 if(strncmp(server, "pop/", 4) != 0) {
96 pop_log(p, POP_PRIORITY,
97 "Got ticket for service `%s'", server);
98 ret = -1;
99 goto out;
100 } else if(p->debug)
101 pop_log(p, POP_DEBUG,
102 "Accepted ticket for service `%s'", server);
103 free(server);
104 out:
105 krb5_auth_con_free (p->context, auth_context);
106 krb5_copy_principal (p->context, ticket->client, &p->principal);
107 krb5_free_ticket (p->context, ticket);
108
109 return ret;
110 }
111 #endif
112
113 static int
114 krb_authenticate(POP *p, struct sockaddr *addr)
115 {
116 #if defined(KRB5)
117 u_char buf[BUFSIZ];
118
119 if (pop_net_read (p, 0, buf, 4) != 4) {
120 pop_msg(p, POP_FAILURE, "Reading four bytes: %s",
121 strerror(errno));
122 exit (1);
123 }
124 if (krb5_authenticate (p, 0, buf, addr) == 0){
125 pop_write_addr(p, addr);
126 p->version = 5;
127 return POP_SUCCESS;
128 }
129 #endif
130 exit (1);
131
132 return(POP_SUCCESS);
133 }
134
135 static int
136 plain_authenticate (POP *p, struct sockaddr *addr)
137 {
138 return(POP_SUCCESS);
139 }
140
141 static int kerberos_flag;
142 static char *auth_str;
143 static int debug_flag;
144 static int interactive_flag;
145 static char *port_str;
146 static char *trace_file;
147 static int timeout;
148 static int help_flag;
149 static int version_flag;
150
151 static struct getargs args[] = {
152 #if defined(KRB5)
153 { "kerberos", 'k', arg_flag, &kerberos_flag, "use kerberos" },
154 #endif
155 { "auth-mode", 'a', arg_string, &auth_str, "required authentication",
156 "plaintext"
157 #ifdef OTP
158 "|otp"
159 #endif
160 #ifdef SASL
161 "|sasl"
162 #endif
163 },
164 { "debug", 'd', arg_flag, &debug_flag },
165 { "interactive", 'i', arg_flag, &interactive_flag, "create new socket" },
166 { "port", 'p', arg_string, &port_str, "port to listen to", "port" },
167 { "trace-file", 't', arg_string, &trace_file, "trace all command to file", "file" },
168 { "timeout", 'T', arg_integer, &timeout, "timeout", "seconds" },
169 { "address-log", 0, arg_string, &addr_log, "enable address log", "file" },
170 { "help", 'h', arg_flag, &help_flag },
171 { "version", 'v', arg_flag, &version_flag }
172 };
173
174 static int num_args = sizeof(args) / sizeof(args[0]);
175
176 /*
177 * init: Start a Post Office Protocol session
178 */
179
180 static int
181 pop_getportbyname(POP *p, const char *service,
182 const char *proto, short def)
183 {
184 #ifdef KRB5
185 return krb5_getportbyname(p->context, service, proto, def);
186 #else
187 return htons(default);
188 #endif
189 }
190
191 int
192 pop_init(POP *p,int argcount,char **argmessage)
193 {
194 struct sockaddr_storage cs_ss;
195 struct sockaddr *cs = (struct sockaddr *)&cs_ss;
196 socklen_t len;
197 char * trace_file_name = "/tmp/popper-trace";
198 int portnum = 0;
199 int optind = 0;
200 int error;
201
202 /* Initialize the POP parameter block */
203 memset (p, 0, sizeof(POP));
204
205 setprogname(argmessage[0]);
206
207 /* Save my name in a global variable */
208 p->myname = (char*)getprogname();
209
210 /* Get the name of our host */
211 gethostname(p->myhost,MaxHostNameLen);
212
213 #ifdef KRB5
214 {
215 krb5_error_code ret;
216
217 ret = krb5_init_context (&p->context);
218 if (ret)
219 errx (1, "krb5_init_context failed: %d", ret);
220
221 krb5_openlog(p->context, p->myname, &p->logf);
222 krb5_set_warn_dest(p->context, p->logf);
223 }
224 #else
225 /* Open the log file */
226 roken_openlog(p->myname,POP_LOGOPTS,POP_FACILITY);
227 #endif
228
229 p->auth_level = AUTH_NONE;
230
231 if(getarg(args, num_args, argcount, argmessage, &optind)){
232 arg_printusage(args, num_args, NULL, "");
233 exit(1);
234 }
235 if(help_flag){
236 arg_printusage(args, num_args, NULL, "");
237 exit(0);
238 }
239 if(version_flag){
240 print_version(NULL);
241 exit(0);
242 }
243
244 argcount -= optind;
245 argmessage += optind;
246
247 if (argcount != 0) {
248 arg_printusage(args, num_args, NULL, "");
249 exit(1);
250 }
251
252 if(auth_str){
253 if (strcasecmp (auth_str, "plaintext") == 0 ||
254 strcasecmp (auth_str, "none") == 0)
255 p->auth_level = AUTH_NONE;
256 else if(strcasecmp(auth_str, "otp") == 0) {
257 #ifdef OTP
258 p->auth_level = AUTH_OTP;
259 #else
260 pop_log (p, POP_PRIORITY, "support for OTP not enabled");
261 exit(1);
262 #endif
263 } else if(strcasecmp(auth_str, "sasl") == 0) {
264 #ifdef SASL
265 p->auth_level = AUTH_SASL;
266 #else
267 pop_log (p, POP_PRIORITY, "support for SASL not enabled");
268 exit(1);
269 #endif
270 } else {
271 pop_log (p, POP_PRIORITY, "bad value for -a: %s", auth_str);
272 exit(1);
273 }
274 }
275 /* Debugging requested */
276 p->debug = debug_flag;
277
278 if(port_str)
279 portnum = htons(atoi(port_str));
280 if(trace_file){
281 p->debug++;
282 if ((p->trace = fopen(trace_file, "a+")) == NULL) {
283 pop_log(p, POP_PRIORITY,
284 "Unable to open trace file \"%s\", err = %d",
285 optarg,errno);
286 exit (1);
287 }
288 trace_file_name = trace_file;
289 }
290
291 #if defined(KRB5)
292 p->kerberosp = kerberos_flag;
293 #endif
294
295 if(timeout)
296 pop_timeout = timeout;
297
298 /* Fake inetd */
299 if (interactive_flag) {
300 if (portnum == 0)
301 portnum = p->kerberosp ?
302 pop_getportbyname(p, "kpop", "tcp", 1109) :
303 pop_getportbyname(p, "pop", "tcp", 110);
304 mini_inetd (portnum);
305 }
306
307 /* Get the address and socket of the client to whom I am speaking */
308 len = sizeof(cs_ss);
309 if (getpeername(STDIN_FILENO, cs, &len) < 0) {
310 pop_log(p,POP_PRIORITY,
311 "Unable to obtain socket and address of client, err = %d",errno);
312 exit (1);
313 }
314
315 /* Save the dotted decimal form of the client's IP address
316 in the POP parameter block */
317 inet_ntop (cs->sa_family, socket_get_address (cs),
318 p->ipaddr, sizeof(p->ipaddr));
319
320 /* Save the client's port */
321 p->ipport = ntohs(socket_get_port (cs));
322
323 /* Get the canonical name of the host to whom I am speaking */
324 error = getnameinfo_verified (cs, len, p->client, sizeof(p->client),
325 NULL, 0, 0);
326 if (error) {
327 pop_log (p, POP_PRIORITY,
328 "getnameinfo: %s", gai_strerror (error));
329 strlcpy (p->client, p->ipaddr, sizeof(p->client));
330 }
331
332 /* Create input file stream for TCP/IP communication */
333 if ((p->input = fdopen(STDIN_FILENO,"r")) == NULL){
334 pop_log(p,POP_PRIORITY,
335 "Unable to open communication stream for input, err = %d",errno);
336 exit (1);
337 }
338
339 /* Create output file stream for TCP/IP communication */
340 if ((p->output = fdopen(STDOUT_FILENO,"w")) == NULL){
341 pop_log(p,POP_PRIORITY,
342 "Unable to open communication stream for output, err = %d",errno);
343 exit (1);
344 }
345
346 pop_log(p,POP_PRIORITY,
347 "(v%s) Servicing request from \"%s\" at %s\n",
348 VERSION,p->client,p->ipaddr);
349
350 #ifdef DEBUG
351 if (p->trace)
352 pop_log(p,POP_PRIORITY,
353 "Tracing session and debugging information in file \"%s\"",
354 trace_file_name);
355 else if (p->debug)
356 pop_log(p,POP_PRIORITY,"Debugging turned on");
357 #endif /* DEBUG */
358
359
360 if(p->kerberosp)
361 return krb_authenticate(p, cs);
362 else
363 return plain_authenticate(p, cs);
364 }
Heimdal