1 /*@ S-nail - a mail user agent derived from Berkeley Mail.
2 *@ URL parsing, credential handling and crypto hooks.
3 *@ .netrc parser quite loosely based upon NetBSD usr.bin/ftp/
4 *@ $NetBSD: ruserpass.c,v 1.33 2007/04/17 05:52:04 lukem Exp $
6 * Copyright (c) 2014 - 2015 Steffen (Daode) Nurpmeso <sdaoden@users.sf.net>.
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 #define n_FILE urlcrecry
23 #ifndef HAVE_AMALGAMATION
28 /* NetBSD usr.bin/ftp/ruserpass.c uses 100 bytes for that, we need four
29 * concurrently (dummy, host, user, pass), so make it a KB */
30 # define NRC_TOKEN_MAXLEN (1024 / 4)
45 struct nrc_node
*nrc_next
;
46 struct nrc_node
*nrc_result
; /* In match phase, former possible one */
47 ui32_t nrc_mlen
; /* Length of machine name */
48 ui32_t nrc_ulen
; /* Length of user name */
49 ui32_t nrc_plen
; /* Length of password */
50 char nrc_dat
[VFIELD_SIZE(sizeof(ui32_t
))];
52 # define NRC_NODE_ERR ((struct nrc_node*)-1)
54 static struct nrc_node
*_nrc_list
;
55 #endif /* HAVE_NETRC */
57 /* Find the last @ before a slash
58 * TODO Casts off the const but this is ok here; obsolete function! */
59 #ifdef HAVE_SOCKETS /* temporary (we'll have file://..) */
60 static char * _url_last_at_before_slash(char const *sp
);
64 /* Initialize .netrc cache */
65 static void _nrc_init(void);
66 static enum nrc_token
__nrc_token(FILE *fi
, char buffer
[NRC_TOKEN_MAXLEN
]);
68 /* We shall lookup a machine in .netrc says ok_blook(netrc_lookup).
69 * only_pass is true then the lookup is for the password only, otherwise we
70 * look for a user (and add password only if we have an exact machine match) */
71 static bool_t
_nrc_lookup(struct url
*urlp
, bool_t only_pass
);
73 /* 0=no match; 1=exact match; -1=wildcard match */
74 static int __nrc_host_match(struct nrc_node
const *nrc
,
75 struct url
const *urlp
);
76 static bool_t
__nrc_find_user(struct url
*urlp
,
77 struct nrc_node
const *nrc
);
78 static bool_t
__nrc_find_pass(struct url
*urlp
, bool_t user_match
,
79 struct nrc_node
const *nrc
);
80 #endif /* HAVE_NETRC */
82 /* The password can also be gained through external agents */
84 static bool_t
_agent_shell_lookup(struct url
*urlp
, char const *comm
);
89 _url_last_at_before_slash(char const *sp
)
95 for (cp
= sp
; (c
= *cp
) != '\0'; ++cp
)
98 while (cp
> sp
&& *--cp
!= '@')
111 char buffer
[NRC_TOKEN_MAXLEN
], host
[NRC_TOKEN_MAXLEN
],
112 user
[NRC_TOKEN_MAXLEN
], pass
[NRC_TOKEN_MAXLEN
], *netrc_load
;
117 struct nrc_node
*ntail
= NULL
/* CC happy */, *nhead
= NULL
,
121 if ((netrc_load
= env_vlook("NETRC", FAL0
)) == NULL
)
122 netrc_load
= UNCONST(NETRC
);
123 if ((netrc_load
= file_expand(netrc_load
)) == NULL
)
126 if ((fi
= Fopen(netrc_load
, "r")) == NULL
) {
127 n_err(_("Cannot open \"%s\"\n"), netrc_load
);
131 /* Be simple and apply rigid (permission) check(s) */
132 if (fstat(fileno(fi
), &sb
) == -1 || !S_ISREG(sb
.st_mode
) ||
133 (sb
.st_mode
& (S_IRWXG
| S_IRWXO
))) {
134 n_err(_("Not a regular file, or accessible by non-user: \"%s\"\n"),
141 switch((t
= __nrc_token(fi
, buffer
))) {
144 default: /* Doesn't happen (but on error?), keep CC happy */
147 /* We ignore the default entry (require an exact host match), and we also
148 * ignore anything after such an entry (faulty syntax) */
153 /* Normalize HOST to lowercase */
155 if (!seen_default
&& (t
= __nrc_token(fi
, host
)) != NRC_INPUT
)
159 for (cp
= host
; *cp
!= '\0'; ++cp
)
160 *cp
= lowerconv(*cp
);
163 *user
= *pass
= '\0';
164 while ((t
= __nrc_token(fi
, buffer
)) != NRC_NONE
&& t
!= NRC_MACHINE
&&
168 if ((t
= __nrc_token(fi
, user
)) != NRC_INPUT
)
172 if ((t
= __nrc_token(fi
, pass
)) != NRC_INPUT
)
176 if ((t
= __nrc_token(fi
, buffer
)) != NRC_INPUT
)
180 if ((t
= __nrc_token(fi
, buffer
)) != NRC_INPUT
)
184 while ((c
= getc(fi
)) != EOF
)
185 if (c
== '\n') { /* xxx */
199 if (!seen_default
&& (*user
!= '\0' || *pass
!= '\0')) {
200 size_t hl
= strlen(host
), ul
= strlen(user
), pl
= strlen(pass
);
201 struct nrc_node
*nx
= smalloc(sizeof(*nx
) -
202 VFIELD_SIZEOF(struct nrc_node
, nrc_dat
) + hl
+1 + ul
+1 + pl
+1);
205 ntail
->nrc_next
= nx
;
213 memcpy(nx
->nrc_dat
, host
, ++hl
);
214 memcpy(nx
->nrc_dat
+ hl
, user
, ++ul
);
215 memcpy(nx
->nrc_dat
+ hl
+ ul
, pass
, ++pl
);
217 if (t
== NRC_MACHINE
)
219 if (t
== NRC_DEFAULT
)
226 if (options
& OPT_D_V
)
227 n_err(_("Errors occurred while parsing \"%s\"\n"), netrc_load
);
228 assert(nrc
== NRC_NODE_ERR
);
236 if (nrc
== NRC_NODE_ERR
)
237 while (nhead
!= NULL
) {
239 nhead
= nhead
->nrc_next
;
247 static enum nrc_token
248 __nrc_token(FILE *fi
, char buffer
[NRC_TOKEN_MAXLEN
])
252 enum nrc_token rv
= NRC_NONE
;
256 if (feof(fi
) || ferror(fi
))
259 while ((c
= getc(fi
)) != EOF
&& whitechar(c
))
265 /* Is it a quoted token? At least IBM syntax also supports ' quotes */
266 if (c
== '"' || c
== '\'') {
269 /* Not requiring the closing QM is (Net)BSD syntax */
270 while ((c
= getc(fi
)) != EOF
&& c
!= quotec
) {
271 /* Backslash escaping the next character is (Net)BSD syntax */
273 if ((c
= getc(fi
)) == EOF
)
276 if (PTRCMP(cp
, ==, buffer
+ NRC_TOKEN_MAXLEN
)) {
283 while ((c
= getc(fi
)) != EOF
&& !whitechar(c
)) {
284 /* Backslash escaping the next character is (Net)BSD syntax */
285 if (c
== '\\' && (c
= getc(fi
)) == EOF
)
288 if (PTRCMP(cp
, ==, buffer
+ NRC_TOKEN_MAXLEN
)) {
297 do {/*rv = NRC_NONE*/} while (0);
298 else if (!strcmp(buffer
, "default"))
300 else if (!strcmp(buffer
, "login"))
302 else if (!strcmp(buffer
, "password") || !strcmp(buffer
, "passwd"))
304 else if (!strcmp(buffer
, "account"))
306 else if (!strcmp(buffer
, "macdef"))
308 else if (!strcmp(buffer
, "machine"))
313 if (c
== EOF
&& !feof(fi
))
320 _nrc_lookup(struct url
*urlp
, bool_t only_pass
)
322 struct nrc_node
*nrc
, *nrc_wild
, *nrc_exact
;
326 assert(!only_pass
|| urlp
->url_user
.s
!= NULL
);
327 assert(only_pass
|| urlp
->url_user
.s
== NULL
);
329 if (_nrc_list
== NULL
)
331 if (_nrc_list
== NRC_NODE_ERR
)
334 nrc_wild
= nrc_exact
= NULL
;
335 for (nrc
= _nrc_list
; nrc
!= NULL
; nrc
= nrc
->nrc_next
)
336 switch (__nrc_host_match(nrc
, urlp
)) {
338 nrc
->nrc_result
= nrc_exact
;
342 nrc
->nrc_result
= nrc_wild
;
349 if (!only_pass
&& urlp
->url_user
.s
== NULL
) {
350 /* Must be an unambiguous entry of its kind */
351 if (nrc_exact
!= NULL
&& nrc_exact
->nrc_result
!= NULL
)
353 if (__nrc_find_user(urlp
, nrc_exact
))
356 if (nrc_wild
!= NULL
&& nrc_wild
->nrc_result
!= NULL
)
358 if (!__nrc_find_user(urlp
, nrc_wild
))
364 if (__nrc_find_pass(urlp
, TRU1
, nrc_exact
) ||
365 __nrc_find_pass(urlp
, TRU1
, nrc_wild
) ||
366 /* Do not try to find a password without exact user match unless we've
367 * been called during credential lookup, a.k.a. the second time */
369 __nrc_find_pass(urlp
, FAL0
, nrc_exact
) ||
370 __nrc_find_pass(urlp
, FAL0
, nrc_wild
))
378 __nrc_host_match(struct nrc_node
const *nrc
, struct url
const *urlp
)
385 /* Find a matching machine -- entries are all lowercase normalized */
386 if (nrc
->nrc_mlen
== urlp
->url_host
.l
) {
387 if (LIKELY(!memcmp(nrc
->nrc_dat
, urlp
->url_host
.s
, urlp
->url_host
.l
)))
392 /* Cannot be an exact match, but maybe the .netrc machine starts with
393 * a "*." glob, which we recognize as an extension, meaning "skip
394 * a single subdomain, then match the rest" */
395 d1
= nrc
->nrc_dat
+ 2;
397 if (l1
<= 2 || d1
[-1] != '.' || d1
[-2] != '*')
401 /* Brute skipping over one subdomain, no RFC 1035 or RFC 1122 checks;
402 * in fact this even succeeds for ".host.com", but - why care, here? */
403 d2
= urlp
->url_host
.s
;
404 l2
= urlp
->url_host
.l
;
411 if (l2
== l1
&& !memcmp(d1
, d2
, l1
))
412 /* This matches, but we won't use it directly but watch out for an
413 * exact match first! */
421 __nrc_find_user(struct url
*urlp
, struct nrc_node
const *nrc
)
425 for (; nrc
!= NULL
; nrc
= nrc
->nrc_result
)
426 if (nrc
->nrc_ulen
> 0) {
427 /* Fake it was part of URL otherwise XXX */
428 urlp
->url_had_user
= TRU1
;
429 /* That buffer will be duplicated by url_parse() in this case! */
430 urlp
->url_user
.s
= UNCONST(nrc
->nrc_dat
+ nrc
->nrc_mlen
+1);
431 urlp
->url_user
.l
= nrc
->nrc_ulen
;
436 return (nrc
!= NULL
);
440 __nrc_find_pass(struct url
*urlp
, bool_t user_match
, struct nrc_node
const *nrc
)
444 for (; nrc
!= NULL
; nrc
= nrc
->nrc_result
) {
445 bool_t um
= (nrc
->nrc_ulen
== urlp
->url_user
.l
&&
446 !memcmp(nrc
->nrc_dat
+ nrc
->nrc_mlen
+1, urlp
->url_user
.s
,
452 } else if (!um
&& nrc
->nrc_ulen
> 0)
454 if (nrc
->nrc_plen
== 0)
457 /* We are responsible for duplicating this buffer! */
458 urlp
->url_pass
.s
= savestrbuf(nrc
->nrc_dat
+ nrc
->nrc_mlen
+1 +
459 nrc
->nrc_ulen
+ 1, (urlp
->url_pass
.l
= nrc
->nrc_plen
));
464 return (nrc
!= NULL
);
466 #endif /* HAVE_NETRC */
470 _agent_shell_lookup(struct url
*urlp
, char const *comm
)
473 char const *env_addon
[8];
476 union {char const *cp
; int c
; sighandler_type sht
;} u
;
481 env_addon
[0] = str_concat_csvl(&s
, AGENT_USER
, "=", urlp
->url_user
.s
,
483 env_addon
[1] = str_concat_csvl(&s
, AGENT_USER_ENC
, "=", urlp
->url_user_enc
.s
,
485 env_addon
[2] = str_concat_csvl(&s
, AGENT_HOST
, "=", urlp
->url_host
.s
,
487 env_addon
[3] = str_concat_csvl(&s
, AGENT_HOST_PORT
, "=", urlp
->url_h_p
.s
,
490 env_addon
[4] = str_concat_csvl(&s
, NAILENV_TMPDIR
, "=", tempdir
, NULL
)->s
;
491 env_addon
[5] = str_concat_csvl(&s
, "TMPDIR", "=", tempdir
, NULL
)->s
;
495 if ((u
.cp
= ok_vlook(SHELL
)) == NULL
)
497 if ((pbuf
= Popen(comm
, "r", u
.cp
, env_addon
, -1)) == NULL
) {
498 n_err(_("*agent-shell-lookup* startup failed (`%s')\n"), comm
);
502 for (s
.s
= NULL
, s
.l
= cl
= l
= 0; (u
.c
= getc(pbuf
)) != EOF
; ++cl
) {
503 if (u
.c
== '\n') /* xxx */
506 if (l
== sizeof(buf
) - 1) {
507 n_str_add_buf(&s
, buf
, l
);
512 n_str_add_buf(&s
, buf
, l
);
514 if (!Pclose(pbuf
, TRU1
)) {
515 if (options
& OPT_D_V
)
516 n_err(_("*agent-shell-lookup* execution failure (`%s')\n"), comm
);
520 /* We are responsible for duplicating this buffer! */
522 urlp
->url_pass
.s
= savestrbuf(s
.s
, urlp
->url_pass
.l
= s
.l
);
524 urlp
->url_pass
.s
= UNCONST(""), urlp
->url_pass
.l
= 0;
535 (urlxenc
)(char const *cp
, bool_t ispath SALLOC_DEBUG_ARGS
)
540 np
= n
= (salloc
)(strlen(cp
) * 3 +1 SALLOC_DEBUG_ARGSCALL
);
542 for (; (c1
= *cp
) != '\0'; ++cp
) {
543 /* (RFC 1738) RFC 3986, 2.3 Unreserved Characters:
544 * ALPHA / DIGIT / "-" / "." / "_" / "~"
545 * However add a special is[file]path mode for file-system friendliness */
546 if (alnumchar(c1
) || c1
== '_')
549 if (c1
!= '-' && c1
!= '.' && c1
!= '~')
552 } else if (PTRCMP(np
, >, n
) && (*cp
== '-' || *cp
== '.')) /* XXX imap */
557 mime_char_to_hexseq(np
+ 1, c1
);
567 (urlxdec
)(char const *cp SALLOC_DEBUG_ARGS
)
573 np
= n
= (salloc
)(strlen(cp
) +1 SALLOC_DEBUG_ARGSCALL
);
575 while ((c
= (uc_i
)*cp
++) != '\0') {
576 if (c
== '%' && cp
[0] != '\0' && cp
[1] != '\0') {
578 if (LIKELY((c
= mime_hexseq_to_char(cp
)) >= '\0'))
590 #ifdef HAVE_SOCKETS /* Note: not indented for that -- later: file:// etc.! */
592 url_servbyname(struct url
const *urlp
, ui16_t
*irv_or_null
)
600 { "submission", "587", 587},
601 { "smtps", "465", 465},
602 { "pop3", "110", 110},
603 { "pop3s", "995", 995},
604 { "imap", "143", 143},
605 { "imaps", "993", 993}
611 for (rv
= NULL
, i
= 0; i
< NELEM(tbl
); ++i
)
612 if (!asccasecmp(tbl
[i
].name
, urlp
->url_proto
)) {
614 if (irv_or_null
!= NULL
)
615 *irv_or_null
= tbl
[i
].portno
;
623 url_parse(struct url
*urlp
, enum cproto cproto
, char const *data
)
625 #if defined HAVE_SMTP && defined HAVE_POP3 && defined HAVE_IMAP
628 #if defined HAVE_SMTP || defined HAVE_POP3 || defined HAVE_IMAP
636 memset(urlp
, 0, sizeof *urlp
);
637 urlp
->url_input
= data
;
638 urlp
->url_cproto
= cproto
;
640 /* Network protocol */
641 #define _protox(X,Y) \
642 urlp->url_portno = Y;\
643 memcpy(urlp->url_proto, X "://", sizeof(X "://"));\
644 urlp->url_proto[sizeof(X) -1] = '\0';\
645 urlp->url_proto_len = sizeof(X) -1;\
646 urlp->url_proto_xlen = sizeof(X "://") -1
647 #define __if(X,Y,Z) \
648 if (!ascncasecmp(data, X "://", sizeof(X "://") -1)) {\
650 data += sizeof(X "://") -1;\
651 do { Z; } while (0);\
654 #define _if(X,Y) __if(X, Y, (void)0)
656 # define _ifs(X,Y) __if(X, Y, urlp->url_needs_tls = TRU1)
658 # define _ifs(X,Y) goto jeproto;
665 _if ("submission", 587)
676 _protox("pop3", 110);
685 _protox("imap", 143);
697 if (strstr(data
, "://") != NULL
) {
698 #if !defined __ALLPROTO || !defined HAVE_SSL
701 n_err(_("URL \"proto://\" prefix invalid: \"%s\"\n"), urlp
->url_input
);
706 /* User and password, I */
708 if ((cp
= _url_last_at_before_slash(data
)) != NULL
) {
709 size_t l
= PTR2SIZE(cp
- data
);
710 char const *d
= data
;
711 char *ub
= ac_alloc(l
+1);
713 urlp
->url_had_user
= TRU1
;
716 /* And also have a password? */
717 if ((cp
= memchr(d
, ':', l
)) != NULL
) {
718 size_t i
= PTR2SIZE(cp
- d
);
721 memcpy(ub
, cp
+ 1, l
);
723 urlp
->url_pass
.l
= strlen(urlp
->url_pass
.s
= urlxdec(ub
));
725 if (strcmp(ub
, urlxenc(urlp
->url_pass
.s
, FAL0
))) {
726 n_err(_("String is not properly URL percent encoded: \"%s\"\n"),
735 urlp
->url_user
.l
= strlen(urlp
->url_user
.s
= urlxdec(ub
));
736 urlp
->url_user_enc
.l
= strlen(
737 urlp
->url_user_enc
.s
= urlxenc(urlp
->url_user
.s
, FAL0
));
739 if (urlp
->url_user_enc
.l
!= l
|| memcmp(urlp
->url_user_enc
.s
, ub
, l
)) {
740 n_err(_("String is not properly URL percent encoded: \"%s\"\n"), ub
);
747 /* Servername and port -- and possible path suffix */
748 if ((cp
= strchr(data
, ':')) != NULL
) { /* TODO URL parse, IPv6 support */
752 urlp
->url_port
= x
= savestr(x
= cp
+ 1);
753 if ((x
= strchr(x
, '/')) != NULL
)
755 l
= strtol(urlp
->url_port
, &eptr
, 10);
756 if (*eptr
!= '\0' || l
<= 0 || UICMP(32, l
, >=, 0xFFFFu
)) {
757 n_err(_("URL with invalid port number: \"%s\"\n"), urlp
->url_input
);
760 urlp
->url_portno
= (ui16_t
)l
;
762 if ((x
= strchr(data
, '/')) != NULL
)
763 data
= savestrbuf(data
, PTR2SIZE(x
- data
));
764 cp
= UNCONST(data
+ strlen(data
));
767 /* A (non-empty) path may only occur with IMAP */
768 if (x
!= NULL
&& x
[1] != '\0') {
769 if (cproto
!= CPROTO_IMAP
) {
770 n_err(_("URL protocol doesn't support paths: \"%s\"\n"),
774 urlp
->url_path
.l
= strlen(++x
);
775 urlp
->url_path
.s
= savestrbuf(x
, urlp
->url_path
.l
);
778 urlp
->url_host
.s
= savestrbuf(data
, urlp
->url_host
.l
= PTR2SIZE(cp
- data
));
780 for (cp
= urlp
->url_host
.s
, i
= urlp
->url_host
.l
; i
!= 0; ++cp
, --i
)
781 *cp
= lowerconv(*cp
);
784 /* .url_h_p: HOST:PORT */
786 struct str
*s
= &urlp
->url_h_p
;
788 s
->s
= salloc(urlp
->url_host
.l
+ 1 + sizeof("65536")-1 +1);
789 memcpy(s
->s
, urlp
->url_host
.s
, i
= urlp
->url_host
.l
);
790 if (urlp
->url_port
!= NULL
) {
791 size_t j
= strlen(urlp
->url_port
);
793 memcpy(s
->s
+ i
, urlp
->url_port
, j
);
801 * If there was no user in the URL, do we have *user-HOST* or *user*? */
802 if (!urlp
->url_had_user
) {
803 if ((urlp
->url_user
.s
= xok_vlook(user
, urlp
, OXM_PLAIN
| OXM_H_P
))
805 /* No, check wether .netrc lookup is desired */
807 if (!ok_blook(v15_compat
) ||
808 !xok_blook(netrc_lookup
, urlp
, OXM_PLAIN
| OXM_H_P
) ||
809 !_nrc_lookup(urlp
, FAL0
))
811 urlp
->url_user
.s
= UNCONST(myname
);
814 urlp
->url_user
.l
= strlen(urlp
->url_user
.s
);
815 urlp
->url_user
.s
= savestrbuf(urlp
->url_user
.s
, urlp
->url_user
.l
);
816 urlp
->url_user_enc
.l
= strlen(
817 urlp
->url_user_enc
.s
= urlxenc(urlp
->url_user
.s
, FAL0
));
820 /* And then there are a lot of prebuild string combinations TODO do lazy */
822 /* .url_u_h: .url_user@.url_host
823 * For SMTP we apply ridiculously complicated *v15-compat* plus
824 * *smtp-hostname* / *hostname* dependent rules */
828 if (cproto
== CPROTO_SMTP
&& ok_blook(v15_compat
) &&
829 (cp
= ok_vlook(smtp_hostname
)) != NULL
) {
832 h
.s
= savestrbuf(cp
, h
.l
= strlen(cp
));
837 i
= urlp
->url_user
.l
;
839 s
->s
= salloc(i
+ 1 + h
.l
+1);
841 memcpy(s
->s
, urlp
->url_user
.s
, i
);
844 memcpy(s
->s
+ i
, h
.s
, h
.l
+1);
849 /* .url_u_h_p: .url_user@.url_host[:.url_port] */
850 { struct str
*s
= &urlp
->url_u_h_p
;
851 size_t i
= urlp
->url_user
.l
;
853 s
->s
= salloc(i
+ 1 + urlp
->url_h_p
.l
+1);
855 memcpy(s
->s
, urlp
->url_user
.s
, i
);
858 memcpy(s
->s
+ i
, urlp
->url_h_p
.s
, urlp
->url_h_p
.l
+1);
859 i
+= urlp
->url_h_p
.l
;
863 /* .url_eu_h_p: .url_user_enc@.url_host[:.url_port] */
864 { struct str
*s
= &urlp
->url_eu_h_p
;
865 size_t i
= urlp
->url_user_enc
.l
;
867 s
->s
= salloc(i
+ 1 + urlp
->url_h_p
.l
+1);
869 memcpy(s
->s
, urlp
->url_user_enc
.s
, i
);
872 memcpy(s
->s
+ i
, urlp
->url_h_p
.s
, urlp
->url_h_p
.l
+1);
873 i
+= urlp
->url_h_p
.l
;
877 /* .url_p_u_h_p: .url_proto://.url_u_h_p */
879 char *ud
= salloc((i
= urlp
->url_proto_xlen
+ urlp
->url_u_h_p
.l
) +1);
881 urlp
->url_proto
[urlp
->url_proto_len
] = ':';
882 memcpy(sstpcpy(ud
, urlp
->url_proto
), urlp
->url_u_h_p
.s
,
883 urlp
->url_u_h_p
.l
+1);
884 urlp
->url_proto
[urlp
->url_proto_len
] = '\0';
886 urlp
->url_p_u_h_p
= ud
;
889 /* .url_p_eu_h_p, .url_p_eu_h_p_p: .url_proto://.url_eu_h_p[/.url_path] */
891 char *ud
= salloc((i
= urlp
->url_proto_xlen
+ urlp
->url_eu_h_p
.l
) +
892 1 + urlp
->url_path
.l
+1);
894 urlp
->url_proto
[urlp
->url_proto_len
] = ':';
895 memcpy(sstpcpy(ud
, urlp
->url_proto
), urlp
->url_eu_h_p
.s
,
896 urlp
->url_eu_h_p
.l
+1);
897 urlp
->url_proto
[urlp
->url_proto_len
] = '\0';
899 if (urlp
->url_path
.l
== 0)
900 urlp
->url_p_eu_h_p
= urlp
->url_p_eu_h_p_p
= ud
;
902 urlp
->url_p_eu_h_p
= savestrbuf(ud
, i
);
903 urlp
->url_p_eu_h_p_p
= ud
;
906 memcpy(ud
, urlp
->url_path
.s
, urlp
->url_path
.l
+1);
911 #endif /* __ANYPROTO */
920 ccred_lookup_old(struct ccred
*ccp
, enum cproto cproto
, char const *addr
)
922 char const *pname
, *pxstr
, *authdef
;
923 size_t pxlen
, addrlen
, i
;
926 enum {NONE
=0, WANT_PASS
=1<<0, REQ_PASS
=1<<1, WANT_USER
=1<<2, REQ_USER
=1<<3}
928 bool_t addr_is_nuser
= FAL0
; /* XXX v15.0 legacy! v15_compat */
931 memset(ccp
, 0, sizeof *ccp
);
938 pxlen
= sizeof("smtp-auth") -1;
939 authmask
= AUTHTYPE_NONE
| AUTHTYPE_PLAIN
| AUTHTYPE_LOGIN
|
940 AUTHTYPE_CRAM_MD5
| AUTHTYPE_GSSAPI
;
942 addr_is_nuser
= TRU1
;
947 pxlen
= sizeof("pop3-auth") -1;
948 authmask
= AUTHTYPE_PLAIN
;
954 pxlen
= sizeof("imap-auth") -1;
955 authmask
= AUTHTYPE_LOGIN
| AUTHTYPE_CRAM_MD5
| AUTHTYPE_GSSAPI
;
960 ccp
->cc_cproto
= cproto
;
961 addrlen
= strlen(addr
);
962 vbuf
= ac_alloc(pxlen
+ addrlen
+ sizeof("-password-")-1 +1);
963 memcpy(vbuf
, pxstr
, pxlen
);
965 /* Authentication type */
967 memcpy(vbuf
+ pxlen
+ 1, addr
, addrlen
+1);
968 if ((s
= vok_vlook(vbuf
)) == NULL
) {
970 if ((s
= vok_vlook(vbuf
)) == NULL
)
971 s
= UNCONST(authdef
);
974 if (!asccasecmp(s
, "none")) {
975 ccp
->cc_auth
= "NONE";
976 ccp
->cc_authtype
= AUTHTYPE_NONE
;
978 } else if (!asccasecmp(s
, "plain")) {
979 ccp
->cc_auth
= "PLAIN";
980 ccp
->cc_authtype
= AUTHTYPE_PLAIN
;
981 ware
= REQ_PASS
| REQ_USER
;
982 } else if (!asccasecmp(s
, "login")) {
983 ccp
->cc_auth
= "LOGIN";
984 ccp
->cc_authtype
= AUTHTYPE_LOGIN
;
985 ware
= REQ_PASS
| REQ_USER
;
986 } else if (!asccasecmp(s
, "cram-md5")) {
987 ccp
->cc_auth
= "CRAM-MD5";
988 ccp
->cc_authtype
= AUTHTYPE_CRAM_MD5
;
989 ware
= REQ_PASS
| REQ_USER
;
990 } else if (!asccasecmp(s
, "gssapi")) {
991 ccp
->cc_auth
= "GSS-API";
992 ccp
->cc_authtype
= AUTHTYPE_GSSAPI
;
997 if (!(ccp
->cc_authtype
& authmask
)) {
998 n_err(_("Unsupported %s authentication method: %s\n"), pname
, s
);
1003 if (ccp
->cc_authtype
== AUTHTYPE_CRAM_MD5
) {
1004 n_err(_("No CRAM-MD5 support compiled in\n"));
1009 # ifndef HAVE_GSSAPI
1010 if (ccp
->cc_authtype
== AUTHTYPE_GSSAPI
) {
1011 n_err(_("No GSS-API support compiled in\n"));
1018 if (!(ware
& (WANT_USER
| REQ_USER
)))
1021 if (!addr_is_nuser
) {
1022 if ((s
= _url_last_at_before_slash(addr
)) != NULL
) {
1023 ccp
->cc_user
.s
= urlxdec(savestrbuf(addr
, PTR2SIZE(s
- addr
)));
1024 ccp
->cc_user
.l
= strlen(ccp
->cc_user
.s
);
1025 } else if (ware
& REQ_USER
)
1030 memcpy(vbuf
+ pxlen
, "-user-", i
= sizeof("-user-") -1);
1032 memcpy(vbuf
+ i
, addr
, addrlen
+1);
1033 if ((s
= vok_vlook(vbuf
)) == NULL
) {
1035 if ((s
= vok_vlook(vbuf
)) == NULL
&& (ware
& REQ_USER
)) {
1036 if ((s
= getuser(NULL
)) == NULL
) {
1037 jgetuser
: /* TODO v15.0: today we simply bail, but we should call getuser().
1038 * TODO even better: introduce "PROTO-user" and "PROTO-pass" and
1039 * TODO check that first, then! change control flow, grow vbuf */
1040 n_err(_("A user is necessary for %s authentication\n"), pname
);
1046 ccp
->cc_user
.l
= strlen(ccp
->cc_user
.s
= savestr(s
));
1050 if (!(ware
& (WANT_PASS
| REQ_PASS
)))
1053 if (!addr_is_nuser
) {
1054 memcpy(vbuf
, "password-", i
= sizeof("password-") -1);
1056 memcpy(vbuf
+ pxlen
, "-password-", i
= sizeof("-password-") -1);
1059 memcpy(vbuf
+ i
, addr
, addrlen
+1);
1060 if ((s
= vok_vlook(vbuf
)) == NULL
) {
1062 if ((!addr_is_nuser
|| (s
= vok_vlook(vbuf
)) == NULL
) &&
1063 (ware
& REQ_PASS
)) {
1064 if ((s
= getpassword(NULL
)) == NULL
) {
1065 n_err(_("A password is necessary for %s authentication\n"),
1073 ccp
->cc_pass
.l
= strlen(ccp
->cc_pass
.s
= savestr(s
));
1077 if (ccp
!= NULL
&& (options
& OPT_D_VV
))
1078 n_err(_("Credentials: host \"%s\", user \"%s\", pass \"%s\"\n"),
1079 addr
, (ccp
->cc_user
.s
!= NULL
? ccp
->cc_user
.s
: ""),
1080 (ccp
->cc_pass
.s
!= NULL
? ccp
->cc_pass
.s
: ""));
1082 return (ccp
!= NULL
);
1086 ccred_lookup(struct ccred
*ccp
, struct url
*urlp
)
1088 char const *pstr
, *authdef
;
1090 enum okeys authokey
;
1092 enum {NONE
=0, WANT_PASS
=1<<0, REQ_PASS
=1<<1, WANT_USER
=1<<2, REQ_USER
=1<<3}
1096 memset(ccp
, 0, sizeof *ccp
);
1097 ccp
->cc_user
= urlp
->url_user
;
1099 switch ((ccp
->cc_cproto
= urlp
->url_cproto
)) {
1103 authokey
= ok_v_smtp_auth
;
1104 authmask
= AUTHTYPE_NONE
| AUTHTYPE_PLAIN
| AUTHTYPE_LOGIN
|
1105 AUTHTYPE_CRAM_MD5
| AUTHTYPE_GSSAPI
;
1110 authokey
= ok_v_pop3_auth
;
1111 authmask
= AUTHTYPE_PLAIN
;
1116 authokey
= ok_v_imap_auth
;
1117 authmask
= AUTHTYPE_LOGIN
| AUTHTYPE_CRAM_MD5
| AUTHTYPE_GSSAPI
;
1122 /* Authentication type */
1123 if ((s
= xok_VLOOK(authokey
, urlp
, OXM_ALL
)) == NULL
)
1124 s
= UNCONST(authdef
);
1126 if (!asccasecmp(s
, "none")) {
1127 ccp
->cc_auth
= "NONE";
1128 ccp
->cc_authtype
= AUTHTYPE_NONE
;
1130 } else if (!asccasecmp(s
, "plain")) {
1131 ccp
->cc_auth
= "PLAIN";
1132 ccp
->cc_authtype
= AUTHTYPE_PLAIN
;
1133 ware
= REQ_PASS
| REQ_USER
;
1134 } else if (!asccasecmp(s
, "login")) {
1135 ccp
->cc_auth
= "LOGIN";
1136 ccp
->cc_authtype
= AUTHTYPE_LOGIN
;
1137 ware
= REQ_PASS
| REQ_USER
;
1138 } else if (!asccasecmp(s
, "cram-md5")) {
1139 ccp
->cc_auth
= "CRAM-MD5";
1140 ccp
->cc_authtype
= AUTHTYPE_CRAM_MD5
;
1141 ware
= REQ_PASS
| REQ_USER
;
1142 } else if (!asccasecmp(s
, "gssapi")) {
1143 ccp
->cc_auth
= "GSS-API";
1144 ccp
->cc_authtype
= AUTHTYPE_GSSAPI
;
1149 if (!(ccp
->cc_authtype
& authmask
)) {
1150 n_err(_("Unsupported %s authentication method: %s\n"), pstr
, s
);
1155 if (ccp
->cc_authtype
== AUTHTYPE_CRAM_MD5
) {
1156 n_err(_("No CRAM-MD5 support compiled in\n"));
1161 # ifndef HAVE_GSSAPI
1162 if (ccp
->cc_authtype
== AUTHTYPE_GSSAPI
) {
1163 n_err(_("No GSS-API support compiled in\n"));
1170 ccp
->cc_pass
= urlp
->url_pass
;
1171 if (ccp
->cc_pass
.s
!= NULL
)
1174 if ((s
= xok_vlook(password
, urlp
, OXM_ALL
)) != NULL
)
1177 if ((s
= xok_vlook(agent_shell_lookup
, urlp
, OXM_ALL
)) != NULL
) {
1178 if (!_agent_shell_lookup(urlp
, s
)) {
1181 } else if (urlp
->url_pass
.s
!= NULL
) {
1182 ccp
->cc_pass
= urlp
->url_pass
;
1188 if (xok_blook(netrc_lookup
, urlp
, OXM_ALL
) && _nrc_lookup(urlp
, TRU1
)) {
1189 ccp
->cc_pass
= urlp
->url_pass
;
1193 if (ware
& REQ_PASS
) {
1194 if ((s
= getpassword(NULL
)) != NULL
)
1196 ccp
->cc_pass
.l
= strlen(ccp
->cc_pass
.s
= savestr(s
));
1198 n_err(_("A password is necessary for %s authentication\n"), pstr
);
1204 if (ccp
!= NULL
&& (options
& OPT_D_VV
))
1205 n_err(_("Credentials: host \"%s\", user \"%s\", pass \"%s\"\n"),
1206 urlp
->url_h_p
.s
, (ccp
->cc_user
.s
!= NULL
? ccp
->cc_user
.s
: ""),
1207 (ccp
->cc_pass
.s
!= NULL
? ccp
->cc_pass
.s
: ""));
1209 return (ccp
!= NULL
);
1211 #endif /* HAVE_SOCKETS */
1218 struct nrc_node
*nrc
;
1223 if (argv
[1] != NULL
)
1225 if (!asccasecmp(*argv
, "show"))
1227 if (!asccasecmp(*argv
, "clear"))
1230 n_err(_("Synopsis: netrc: (<show> or) <clear> the .netrc cache\n"));
1234 return (v
== NULL
? !STOP
: !OKAY
); /* xxx 1:bad 0:good -- do some */
1240 if (_nrc_list
== NULL
)
1242 if (_nrc_list
== NRC_NODE_ERR
) {
1243 n_err(_("Interpolate what file?\n"));
1248 if ((fp
= Ftmp(NULL
, "netrc", OF_RDWR
| OF_UNLINK
| OF_REGISTER
, 0600)
1250 n_perr(_("tmpfile"), 0);
1255 for (l
= 0, nrc
= _nrc_list
; nrc
!= NULL
; ++l
, nrc
= nrc
->nrc_next
) {
1256 fprintf(fp
, _("machine %s "), nrc
->nrc_dat
);
1257 if (nrc
->nrc_ulen
> 0)
1258 fprintf(fp
, _("login \"%s\" "),
1259 string_quote(nrc
->nrc_dat
+ nrc
->nrc_mlen
+1));
1260 if (nrc
->nrc_plen
> 0)
1261 fprintf(fp
, _("password \"%s\"\n"),
1262 string_quote(nrc
->nrc_dat
+ nrc
->nrc_mlen
+1 + nrc
->nrc_ulen
+1));
1267 page_or_print(fp
, l
);
1273 if (_nrc_list
== NRC_NODE_ERR
)
1275 while ((nrc
= _nrc_list
) != NULL
) {
1276 _nrc_list
= nrc
->nrc_next
;
1281 #endif /* HAVE_NETRC */
1285 md5tohex(char hex
[MD5TOHEX_SIZE
], void const *vp
)
1287 char const *cp
= vp
;
1291 for (i
= 0; i
< MD5TOHEX_SIZE
/ 2; ++i
) {
1293 # define __hex(n) ((n) > 9 ? (n) - 10 + 'a' : (n) + '0')
1294 hex
[j
] = __hex((cp
[i
] & 0xF0) >> 4);
1295 hex
[++j
] = __hex(cp
[i
] & 0x0F);
1303 cram_md5_string(struct str
const *user
, struct str
const *pass
,
1307 char digest
[16], *cp
;
1311 in
.s
= UNCONST(b64
);
1312 in
.l
= strlen(in
.s
);
1313 b64_decode(&out
, &in
, NULL
);
1314 assert(out
.s
!= NULL
);
1316 hmac_md5((uc_i
*)out
.s
, out
.l
, (uc_i
*)pass
->s
, pass
->l
, digest
);
1318 cp
= md5tohex(salloc(MD5TOHEX_SIZE
+1), digest
);
1320 in
.l
= user
->l
+ MD5TOHEX_SIZE
+1;
1321 in
.s
= ac_alloc(user
->l
+ 1 + MD5TOHEX_SIZE
+1);
1322 memcpy(in
.s
, user
->s
, user
->l
);
1323 in
.s
[user
->l
] = ' ';
1324 memcpy(in
.s
+ user
->l
+ 1, cp
, MD5TOHEX_SIZE
);
1325 b64_encode(&out
, &in
, B64_SALLOC
| B64_CRLF
);
1332 hmac_md5(unsigned char *text
, int text_len
, unsigned char *key
, int key_len
,
1336 * This code is taken from
1338 * Network Working Group H. Krawczyk
1339 * Request for Comments: 2104 IBM
1340 * Category: Informational M. Bellare
1347 * HMAC: Keyed-Hashing for Message Authentication
1350 unsigned char k_ipad
[65]; /* inner padding - key XORd with ipad */
1351 unsigned char k_opad
[65]; /* outer padding - key XORd with opad */
1352 unsigned char tk
[16];
1356 /* if key is longer than 64 bytes reset it to key=MD5(key) */
1361 md5_update(&tctx
, key
, key_len
);
1362 md5_final(tk
, &tctx
);
1368 /* the HMAC_MD5 transform looks like:
1370 * MD5(K XOR opad, MD5(K XOR ipad, text))
1372 * where K is an n byte key
1373 * ipad is the byte 0x36 repeated 64 times
1374 * opad is the byte 0x5c repeated 64 times
1375 * and text is the data being protected */
1377 /* start out by storing key in pads */
1378 memset(k_ipad
, 0, sizeof k_ipad
);
1379 memset(k_opad
, 0, sizeof k_opad
);
1380 memcpy(k_ipad
, key
, key_len
);
1381 memcpy(k_opad
, key
, key_len
);
1383 /* XOR key with ipad and opad values */
1384 for (i
=0; i
<64; i
++) {
1389 /* perform inner MD5 */
1390 md5_init(&context
); /* init context for 1st pass */
1391 md5_update(&context
, k_ipad
, 64); /* start with inner pad */
1392 md5_update(&context
, text
, text_len
); /* then text of datagram */
1393 md5_final(digest
, &context
); /* finish up 1st pass */
1395 /* perform outer MD5 */
1396 md5_init(&context
); /* init context for 2nd pass */
1397 md5_update(&context
, k_opad
, 64); /* start with outer pad */
1398 md5_update(&context
, digest
, 16); /* then results of 1st hash */
1399 md5_final(digest
, &context
); /* finish up 2nd pass */
1402 #endif /* HAVE_MD5 */