search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
C****Y BSD signal handling! Try improve ^C stability..
[s-mailx.git] / urlcrecry.c
blobc8f362be5a34a1568c2d00118999a0be4b67b9bb
1 /*@ S-nail - a mail user agent derived from Berkeley Mail.
2 *@ URL parsing, credential handling and crypto hooks.
3 *@ .netrc parser quite loosely based upon NetBSD usr.bin/ftp/
4 *@ $NetBSD: ruserpass.c,v 1.33 2007/04/17 05:52:04 lukem Exp $
5 *
6 * Copyright (c) 2014 - 2017 Steffen (Daode) Nurpmeso <steffen@sdaoden.eu>.
7 *
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20 #undef n_FILE
21 #define n_FILE urlcrecry
22
23 #ifndef HAVE_AMALGAMATION
24 # include "nail.h"
25 #endif
26
27 #ifdef HAVE_NETRC
28 /* NetBSD usr.bin/ftp/ruserpass.c uses 100 bytes for that, we need four
29 * concurrently (dummy, host, user, pass), so make it a KB */
30 # define NRC_TOKEN_MAXLEN (1024 / 4)
31
32 enum nrc_token {
33 NRC_ERROR = -1,
34 NRC_NONE = 0,
35 NRC_DEFAULT,
36 NRC_LOGIN,
37 NRC_PASSWORD,
38 NRC_ACCOUNT,
39 NRC_MACDEF,
40 NRC_MACHINE,
41 NRC_INPUT
42 };
43
44 struct nrc_node {
45 struct nrc_node *nrc_next;
46 struct nrc_node *nrc_result; /* In match phase, former possible one */
47 ui32_t nrc_mlen; /* Length of machine name */
48 ui32_t nrc_ulen; /* Length of user name */
49 ui32_t nrc_plen; /* Length of password */
50 char nrc_dat[n_VFIELD_SIZE(sizeof(ui32_t))];
51 };
52 # define NRC_NODE_ERR ((struct nrc_node*)-1)
53
54 static struct nrc_node *_nrc_list;
55 #endif /* HAVE_NETRC */
56
57 /* Find the last @ before a slash
58 * TODO Casts off the const but this is ok here; obsolete function! */
59 #ifdef HAVE_SOCKETS /* temporary (we'll have file://..) */
60 static char * _url_last_at_before_slash(char const *sp);
61 #endif
62
63 #ifdef HAVE_NETRC
64 /* Initialize .netrc cache */
65 static void _nrc_init(void);
66 static enum nrc_token __nrc_token(FILE *fi, char buffer[NRC_TOKEN_MAXLEN],
67 bool_t *nl_last);
68
69 /* We shall lookup a machine in .netrc says ok_blook(netrc_lookup).
70 * only_pass is true then the lookup is for the password only, otherwise we
71 * look for a user (and add password only if we have an exact machine match) */
72 static bool_t _nrc_lookup(struct url *urlp, bool_t only_pass);
73
74 /* 0=no match; 1=exact match; -1=wildcard match */
75 static int __nrc_host_match(struct nrc_node const *nrc,
76 struct url const *urlp);
77 static bool_t __nrc_find_user(struct url *urlp,
78 struct nrc_node const *nrc);
79 static bool_t __nrc_find_pass(struct url *urlp, bool_t user_match,
80 struct nrc_node const *nrc);
81 #endif /* HAVE_NETRC */
82
83 /* The password can also be gained through external agents TODO v15-compat */
84 #ifdef HAVE_AGENT
85 static bool_t _agent_shell_lookup(struct url *urlp, char const *comm);
86 #endif
87
88 #ifdef HAVE_SOCKETS
89 static char *
90 _url_last_at_before_slash(char const *sp)
91 {
92 char const *cp;
93 char c;
94 NYD2_ENTER;
95
96 for (cp = sp; (c = *cp) != '\0'; ++cp)
97 if (c == '/')
98 break;
99 while (cp > sp && *--cp != '@')
100 ;
101 if (*cp != '@')
102 cp = NULL;
103 NYD2_LEAVE;
104 return n_UNCONST(cp);
105 }
106 #endif
107
108 #ifdef HAVE_NETRC
109 static void
110 _nrc_init(void)
111 {
112 struct n_sigman sm;
113 char buffer[NRC_TOKEN_MAXLEN], host[NRC_TOKEN_MAXLEN],
114 user[NRC_TOKEN_MAXLEN], pass[NRC_TOKEN_MAXLEN], *netrc_load;
115 struct stat sb;
116 FILE * volatile fi;
117 enum nrc_token t;
118 bool_t volatile ispipe;
119 bool_t seen_default, nl_last;
120 struct nrc_node * volatile ntail, * volatile nhead, * volatile nrc;
121 NYD_ENTER;
122
123 n_UNINIT(ntail, NULL);
124 nhead = NULL;
125 nrc = NRC_NODE_ERR;
126 ispipe = FAL0;
127 fi = NULL;
128
129 n_SIGMAN_ENTER_SWITCH(&sm, n_SIGMAN_ALL) {
130 case 0:
131 break;
132 default:
133 goto jleave;
134 }
135
136 if ((netrc_load = ok_vlook(netrc_pipe)) != NULL) {
137 ispipe = TRU1;
138 if ((fi = Popen(netrc_load, "r", ok_vlook(SHELL), NULL, n_CHILD_FD_NULL)
139 ) == NULL) {
140 n_perr(netrc_load, 0);
141 goto j_leave;
142 }
143 } else {
144 if ((netrc_load = fexpand(ok_vlook(NETRC), FEXP_LOCAL | FEXP_NOPROTO)
145 ) == NULL)
146 goto j_leave;
147
148 if ((fi = Fopen(netrc_load, "r")) == NULL) {
149 n_err(_("Cannot open %s\n"), n_shexp_quote_cp(netrc_load, FAL0));
150 goto j_leave;
151 }
152
153 /* Be simple and apply rigid (permission) check(s) */
154 if (fstat(fileno(fi), &sb) == -1 || !S_ISREG(sb.st_mode) ||
155 (sb.st_mode & (S_IRWXG | S_IRWXO))) {
156 n_err(_("Not a regular file, or accessible by non-user: %s\n"),
157 n_shexp_quote_cp(netrc_load, FAL0));
158 goto jleave;
159 }
160 }
161
162 seen_default = FAL0;
163 nl_last = TRU1;
164 jnext:
165 switch((t = __nrc_token(fi, buffer, &nl_last))) {
166 case NRC_NONE:
167 break;
168 default: /* Doesn't happen (but on error?), keep CC happy */
169 case NRC_DEFAULT:
170 jdef:
171 /* We ignore the default entry (require an exact host match), and we also
172 * ignore anything after such an entry (faulty syntax) */
173 seen_default = TRU1;
174 /* FALLTHRU */
175 case NRC_MACHINE:
176 jm_h:
177 /* Normalize HOST to lowercase */
178 *host = '\0';
179 if (!seen_default && (t = __nrc_token(fi, host, &nl_last)) != NRC_INPUT)
180 goto jerr;
181 else {
182 char *cp;
183 for (cp = host; *cp != '\0'; ++cp)
184 *cp = lowerconv(*cp);
185 }
186
187 *user = *pass = '\0';
188 while ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_NONE &&
189 t != NRC_MACHINE && t != NRC_DEFAULT) {
190 switch(t) {
191 case NRC_LOGIN:
192 if ((t = __nrc_token(fi, user, &nl_last)) != NRC_INPUT)
193 goto jerr;
194 break;
195 case NRC_PASSWORD:
196 if ((t = __nrc_token(fi, pass, &nl_last)) != NRC_INPUT)
197 goto jerr;
198 break;
199 case NRC_ACCOUNT:
200 if ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_INPUT)
201 goto jerr;
202 break;
203 case NRC_MACDEF:
204 if ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_INPUT)
205 goto jerr;
206 else {
207 int i = 0, c;
208 while ((c = getc(fi)) != EOF)
209 if (c == '\n') { /* xxx */
210 /* Don't care about comments here, since we parse until
211 * we've seen two successive newline characters */
212 if (i)
213 break;
214 i = 1;
215 } else
216 i = 0;
217 }
218 break;
219 default:
220 case NRC_ERROR:
221 goto jerr;
222 }
223 }
224
225 if (!seen_default && (*user != '\0' || *pass != '\0')) {
226 size_t hl = strlen(host), ul = strlen(user), pl = strlen(pass);
227 struct nrc_node *nx = smalloc(n_VSTRUCT_SIZEOF(struct nrc_node,
228 nrc_dat) + hl +1 + ul +1 + pl +1);
229
230 if (nhead != NULL)
231 ntail->nrc_next = nx;
232 else
233 nhead = nx;
234 ntail = nx;
235 nx->nrc_next = NULL;
236 nx->nrc_mlen = hl;
237 nx->nrc_ulen = ul;
238 nx->nrc_plen = pl;
239 memcpy(nx->nrc_dat, host, ++hl);
240 memcpy(nx->nrc_dat + hl, user, ++ul);
241 memcpy(nx->nrc_dat + hl + ul, pass, ++pl);
242 }
243 if (t == NRC_MACHINE)
244 goto jm_h;
245 if (t == NRC_DEFAULT)
246 goto jdef;
247 if (t != NRC_NONE)
248 goto jnext;
249 break;
250 case NRC_ERROR:
251 jerr:
252 if(n_poption & n_PO_D_V)
253 n_err(_("Errors occurred while parsing %s\n"),
254 n_shexp_quote_cp(netrc_load, FAL0));
255 assert(nrc == NRC_NODE_ERR);
256 goto jleave;
257 }
258
259 if (nhead != NULL)
260 nrc = nhead;
261 n_sigman_cleanup_ping(&sm);
262 jleave:
263 if (fi != NULL) {
264 if (ispipe)
265 Pclose(fi, TRU1);
266 else
267 Fclose(fi);
268 }
269 if (nrc == NRC_NODE_ERR)
270 while (nhead != NULL) {
271 ntail = nhead;
272 nhead = nhead->nrc_next;
273 free(ntail);
274 }
275 j_leave:
276 _nrc_list = nrc;
277 NYD_LEAVE;
278 n_sigman_leave(&sm, n_SIGMAN_VIPSIGS_NTTYOUT);
279 }
280
281 static enum nrc_token
282 __nrc_token(FILE *fi, char buffer[NRC_TOKEN_MAXLEN], bool_t *nl_last)
283 {
284 int c;
285 char *cp;
286 enum nrc_token rv;
287 NYD2_ENTER;
288
289 rv = NRC_NONE;
290 for (;;) {
291 bool_t seen_nl;
292
293 c = EOF;
294 if (feof(fi) || ferror(fi))
295 goto jleave;
296
297 for (seen_nl = *nl_last; (c = getc(fi)) != EOF && whitechar(c);)
298 seen_nl |= (c == '\n');
299
300 if (c == EOF)
301 goto jleave;
302 /* fetchmail and derived parsers support comments */
303 if ((*nl_last = seen_nl) && c == '#') {
304 while ((c = getc(fi)) != EOF && c != '\n')
305 ;
306 continue;
307 }
308 break;
309 }
310
311 cp = buffer;
312 /* Is it a quoted token? At least IBM syntax also supports ' quotes */
313 if (c == '"' || c == '\'') {
314 int quotec = c;
315
316 /* Not requiring the closing QM is (Net)BSD syntax */
317 while ((c = getc(fi)) != EOF && c != quotec) {
318 /* Reverse solidus escaping the next character is (Net)BSD syntax */
319 if (c == '\\')
320 if ((c = getc(fi)) == EOF)
321 break;
322 *cp++ = c;
323 if (PTRCMP(cp, ==, buffer + NRC_TOKEN_MAXLEN)) {
324 rv = NRC_ERROR;
325 goto jleave;
326 }
327 }
328 } else {
329 *cp++ = c;
330 while ((c = getc(fi)) != EOF && !whitechar(c)) {
331 /* Rverse solidus escaping the next character is (Net)BSD syntax */
332 if (c == '\\' && (c = getc(fi)) == EOF)
333 break;
334 *cp++ = c;
335 if (PTRCMP(cp, ==, buffer + NRC_TOKEN_MAXLEN)) {
336 rv = NRC_ERROR;
337 goto jleave;
338 }
339 }
340 *nl_last = (c == '\n');
341 }
342 *cp = '\0';
343
344 if (*buffer == '\0')
345 do {/*rv = NRC_NONE*/} while (0);
346 else if (!strcmp(buffer, "default"))
347 rv = NRC_DEFAULT;
348 else if (!strcmp(buffer, "login"))
349 rv = NRC_LOGIN;
350 else if (!strcmp(buffer, "password") || !strcmp(buffer, "passwd"))
351 rv = NRC_PASSWORD;
352 else if (!strcmp(buffer, "account"))
353 rv = NRC_ACCOUNT;
354 else if (!strcmp(buffer, "macdef"))
355 rv = NRC_MACDEF;
356 else if (!strcmp(buffer, "machine"))
357 rv = NRC_MACHINE;
358 else
359 rv = NRC_INPUT;
360 jleave:
361 if (c == EOF && !feof(fi))
362 rv = NRC_ERROR;
363 NYD2_LEAVE;
364 return rv;
365 }
366
367 static bool_t
368 _nrc_lookup(struct url *urlp, bool_t only_pass)
369 {
370 struct nrc_node *nrc, *nrc_wild, *nrc_exact;
371 bool_t rv = FAL0;
372 NYD_ENTER;
373
374 assert(!only_pass || urlp->url_user.s != NULL);
375 assert(only_pass || urlp->url_user.s == NULL);
376
377 if (_nrc_list == NULL)
378 _nrc_init();
379 if (_nrc_list == NRC_NODE_ERR)
380 goto jleave;
381
382 nrc_wild = nrc_exact = NULL;
383 for (nrc = _nrc_list; nrc != NULL; nrc = nrc->nrc_next)
384 switch (__nrc_host_match(nrc, urlp)) {
385 case 1:
386 nrc->nrc_result = nrc_exact;
387 nrc_exact = nrc;
388 continue;
389 case -1:
390 nrc->nrc_result = nrc_wild;
391 nrc_wild = nrc;
392 /* FALLTHRU */
393 case 0:
394 continue;
395 }
396
397 if (!only_pass && urlp->url_user.s == NULL) {
398 /* Must be an unambiguous entry of its kind */
399 if (nrc_exact != NULL && nrc_exact->nrc_result != NULL)
400 goto jleave;
401 if (__nrc_find_user(urlp, nrc_exact))
402 goto j_user;
403
404 if (nrc_wild != NULL && nrc_wild->nrc_result != NULL)
405 goto jleave;
406 if (!__nrc_find_user(urlp, nrc_wild))
407 goto jleave;
408 j_user:
409 ;
410 }
411
412 if (__nrc_find_pass(urlp, TRU1, nrc_exact) ||
413 __nrc_find_pass(urlp, TRU1, nrc_wild) ||
414 /* Do not try to find a password without exact user match unless we've
415 * been called during credential lookup, a.k.a. the second time */
416 !only_pass ||
417 __nrc_find_pass(urlp, FAL0, nrc_exact) ||
418 __nrc_find_pass(urlp, FAL0, nrc_wild))
419 rv = TRU1;
420 jleave:
421 NYD_LEAVE;
422 return rv;
423 }
424
425 static int
426 __nrc_host_match(struct nrc_node const *nrc, struct url const *urlp)
427 {
428 char const *d2, *d1;
429 size_t l2, l1;
430 int rv = 0;
431 NYD2_ENTER;
432
433 /* Find a matching machine -- entries are all lowercase normalized */
434 if (nrc->nrc_mlen == urlp->url_host.l) {
435 if (n_LIKELY(!memcmp(nrc->nrc_dat, urlp->url_host.s, urlp->url_host.l)))
436 rv = 1;
437 goto jleave;
438 }
439
440 /* Cannot be an exact match, but maybe the .netrc machine starts with
441 * a "*." glob, which we recognize as an extension, meaning "skip
442 * a single subdomain, then match the rest" */
443 d1 = nrc->nrc_dat + 2;
444 l1 = nrc->nrc_mlen;
445 if (l1 <= 2 || d1[-1] != '.' || d1[-2] != '*')
446 goto jleave;
447 l1 -= 2;
448
449 /* Brute skipping over one subdomain, no RFC 1035 or RFC 1122 checks;
450 * in fact this even succeeds for ".host.com", but - why care, here? */
451 d2 = urlp->url_host.s;
452 l2 = urlp->url_host.l;
453 while (l2 > 0) {
454 --l2;
455 if (*d2++ == '.')
456 break;
457 }
458
459 if (l2 == l1 && !memcmp(d1, d2, l1))
460 /* This matches, but we won't use it directly but watch out for an
461 * exact match first! */
462 rv = -1;
463 jleave:
464 NYD2_LEAVE;
465 return rv;
466 }
467
468 static bool_t
469 __nrc_find_user(struct url *urlp, struct nrc_node const *nrc)
470 {
471 NYD2_ENTER;
472
473 for (; nrc != NULL; nrc = nrc->nrc_result)
474 if (nrc->nrc_ulen > 0) {
475 /* Fake it was part of URL otherwise XXX */
476 urlp->url_flags |= n_URL_HAD_USER;
477 /* That buffer will be duplicated by url_parse() in this case! */
478 urlp->url_user.s = n_UNCONST(nrc->nrc_dat + nrc->nrc_mlen +1);
479 urlp->url_user.l = nrc->nrc_ulen;
480 break;
481 }
482
483 NYD2_LEAVE;
484 return (nrc != NULL);
485 }
486
487 static bool_t
488 __nrc_find_pass(struct url *urlp, bool_t user_match, struct nrc_node const *nrc)
489 {
490 NYD2_ENTER;
491
492 for (; nrc != NULL; nrc = nrc->nrc_result) {
493 bool_t um = (nrc->nrc_ulen == urlp->url_user.l &&
494 !memcmp(nrc->nrc_dat + nrc->nrc_mlen +1, urlp->url_user.s,
495 urlp->url_user.l));
496
497 if (user_match) {
498 if (!um)
499 continue;
500 } else if (!um && nrc->nrc_ulen > 0)
501 continue;
502 if (nrc->nrc_plen == 0)
503 continue;
504
505 /* We are responsible for duplicating this buffer! */
506 urlp->url_pass.s = savestrbuf(nrc->nrc_dat + nrc->nrc_mlen +1 +
507 nrc->nrc_ulen + 1, (urlp->url_pass.l = nrc->nrc_plen));
508 break;
509 }
510
511 NYD2_LEAVE;
512 return (nrc != NULL);
513 }
514 #endif /* HAVE_NETRC */
515
516 #ifdef HAVE_AGENT
517 static bool_t
518 _agent_shell_lookup(struct url *urlp, char const *comm) /* TODO v15-compat */
519 {
520 char buf[128];
521 char const *env_addon[8];
522 struct str s;
523 FILE *pbuf;
524 union {int c; sighandler_type sht;} u;
525 size_t cl, l;
526 bool_t rv = FAL0;
527 NYD2_ENTER;
528
529 env_addon[0] = str_concat_csvl(&s, "NAIL_USER", "=", urlp->url_user.s,
530 NULL)->s;
531 env_addon[1] = str_concat_csvl(&s,
532 "NAIL_USER_ENC", "=", urlp->url_user_enc.s, NULL)->s;
533 env_addon[2] = str_concat_csvl(&s, "NAIL_HOST", "=", urlp->url_host.s,
534 NULL)->s;
535 env_addon[3] = str_concat_csvl(&s, "NAIL_HOST_PORT", "=", urlp->url_h_p.s,
536 NULL)->s;
537 env_addon[4] = NULL;
538
539 if ((pbuf = Popen(comm, "r", ok_vlook(SHELL), env_addon, -1)) == NULL) {
540 n_err(_("*agent-shell-lookup* startup failed (%s)\n"), comm);
541 goto jleave;
542 }
543
544 for (s.s = NULL, s.l = cl = l = 0; (u.c = getc(pbuf)) != EOF; ++cl) {
545 if (u.c == '\n') /* xxx */
546 continue;
547 buf[l++] = u.c;
548 if (l == sizeof(buf) - 1) {
549 n_str_add_buf(&s, buf, l);
550 l = 0;
551 }
552 }
553 if (l > 0)
554 n_str_add_buf(&s, buf, l);
555
556 if (!Pclose(pbuf, TRU1)) {
557 n_err(_("*agent-shell-lookup* execution failure (%s)\n"), comm);
558 goto jleave;
559 }
560
561 /* We are responsible for duplicating this buffer! */
562 if (s.s != NULL)
563 urlp->url_pass.s = savestrbuf(s.s, urlp->url_pass.l = s.l);
564 else if (cl > 0)
565 urlp->url_pass.s = n_UNCONST(n_empty), urlp->url_pass.l = 0;
566 rv = TRU1;
567 jleave:
568 if (s.s != NULL)
569 free(s.s);
570 NYD2_LEAVE;
571 return rv;
572 }
573 #endif /* HAVE_AGENT */
574
575 FL char *
576 (urlxenc)(char const *cp, bool_t ispath n_MEMORY_DEBUG_ARGS)
577 {
578 char *n, *np, c1;
579 NYD2_ENTER;
580
581 /* C99 */{
582 size_t i;
583
584 i = strlen(cp);
585 if(i >= UIZ_MAX / 3){
586 n = NULL;
587 goto jleave;
588 }
589 i *= 3;
590 ++i;
591 np = n = (n_autorec_alloc_from_pool)(NULL, i n_MEMORY_DEBUG_ARGSCALL);
592 }
593
594 for (; (c1 = *cp) != '\0'; ++cp) {
595 /* (RFC 1738) RFC 3986, 2.3 Unreserved Characters:
596 * ALPHA / DIGIT / "-" / "." / "_" / "~"
597 * However add a special is[file]path mode for file-system friendliness */
598 if (alnumchar(c1) || c1 == '_')
599 *np++ = c1;
600 else if (!ispath) {
601 if (c1 != '-' && c1 != '.' && c1 != '~')
602 goto jesc;
603 *np++ = c1;
604 } else if (PTRCMP(np, >, n) && (*cp == '-' || *cp == '.')) /* XXX imap */
605 *np++ = c1;
606 else {
607 jesc:
608 np[0] = '%';
609 n_c_to_hex_base16(np + 1, c1);
610 np += 3;
611 }
612 }
613 *np = '\0';
614 jleave:
615 NYD2_LEAVE;
616 return n;
617 }
618
619 FL char *
620 (urlxdec)(char const *cp n_MEMORY_DEBUG_ARGS)
621 {
622 char *n, *np;
623 si32_t c;
624 NYD2_ENTER;
625
626 np = n = (n_autorec_alloc_from_pool)(NULL, strlen(cp) +1
627 n_MEMORY_DEBUG_ARGSCALL);
628
629 while ((c = (uc_i)*cp++) != '\0') {
630 if (c == '%' && cp[0] != '\0' && cp[1] != '\0') {
631 si32_t o = c;
632 if (n_LIKELY((c = n_c_from_hex_base16(cp)) >= '\0'))
633 cp += 2;
634 else
635 c = o;
636 }
637 *np++ = (char)c;
638 }
639 *np = '\0';
640 NYD2_LEAVE;
641 return n;
642 }
643
644 FL int
645 c_urlcodec(void *v){
646 bool_t ispath;
647 size_t alen;
648 char const **argv, *varname, *varres, *act, *cp;
649 NYD_ENTER;
650
651 argv = v;
652 varname = (n_pstate & n_PS_ARGMOD_VPUT) ? *argv++ : NULL;
653
654 act = *argv;
655 for(cp = act; *cp != '\0' && !blankspacechar(*cp); ++cp)
656 ;
657 if((ispath = (*act == 'p'))){
658 if(!ascncasecmp(++act, "ath", 3))
659 act += 3;
660 }
661 if(act >= cp)
662 goto jesynopsis;
663 alen = PTR2SIZE(cp - act);
664 if(*cp != '\0')
665 ++cp;
666
667 if(is_ascncaseprefix(act, "encode", alen)){
668 if((varres = urlxenc(cp, ispath)) == NULL){
669 varres = cp;
670 v = NULL;
671 }
672 }else if(is_ascncaseprefix(act, "decode", alen)){
673 if((varres = urlxdec(cp)) == NULL){
674 varres = cp;
675 v = NULL;
676 }
677 }else
678 goto jesynopsis;
679
680 assert(cp != NULL);
681 if(varname != NULL){
682 if(!n_var_vset(varname, (uintptr_t)varres)){
683 cp = NULL;
684 v = NULL;
685 }
686 }else{
687 struct str in, out;
688
689 in.l = strlen(in.s = n_UNCONST(varres));
690 makeprint(&in, &out);
691 if(fprintf(n_stdout, "%s\n", out.s) < 0)
692 cp = NULL;
693 free(out.s);
694 }
695
696 if(v != NULL)
697 n_pstate_var__em = n_0;
698 jleave:
699 NYD_LEAVE;
700 return (cp != NULL ? 0 : 1);
701 jesynopsis:
702 n_err(_("Synopsis: urlcodec: "
703 "<[path]e[ncode]|[path]d[ecode]> <rest-of-line>\n"));
704 cp = NULL;
705 goto jleave;
706 }
707
708 FL int
709 c_urlencode(void *v) /* XXX IDNA?? */
710 {
711 char **ap;
712 NYD_ENTER;
713
714 n_OBSOLETE("`urlencode': please use `urlcodec enc[ode]' instead");
715
716 for (ap = v; *ap != NULL; ++ap) {
717 char *in = *ap, *out = urlxenc(in, FAL0);
718
719 if(out == NULL)
720 out = n_UNCONST(V_(n_error));
721 fprintf(n_stdout,
722 " in: <%s> (%" PRIuZ " bytes)\nout: <%s> (%" PRIuZ " bytes)\n",
723 in, strlen(in), out, strlen(out));
724 }
725 NYD_LEAVE;
726 return 0;
727 }
728
729 FL int
730 c_urldecode(void *v) /* XXX IDNA?? */
731 {
732 char **ap;
733 NYD_ENTER;
734
735 n_OBSOLETE("`urldecode': please use `urlcodec dec[ode]' instead");
736
737 for (ap = v; *ap != NULL; ++ap) {
738 char *in = *ap, *out = urlxdec(in);
739
740 if(out == NULL)
741 out = n_UNCONST(V_(n_error));
742 fprintf(n_stdout,
743 " in: <%s> (%" PRIuZ " bytes)\nout: <%s> (%" PRIuZ " bytes)\n",
744 in, strlen(in), out, strlen(out));
745 }
746 NYD_LEAVE;
747 return 0;
748 }
749
750 FL char *
751 url_mailto_to_address(char const *mailtop){ /* TODO hack! RFC 6068; factory? */
752 size_t i;
753 char *rv;
754 char const *mailtop_orig;
755 NYD_ENTER;
756
757 if(!is_prefix("mailto:", mailtop_orig = mailtop)){
758 rv = NULL;
759 goto jleave;
760 }
761 mailtop += sizeof("mailto:") -1;
762
763 /* TODO This is all intermediate, and for now just enough to understand
764 * TODO a little bit of a little more advanced List-Post: headers. */
765 /* Strip any hfield additions, keep only to addr-spec's */
766 if((rv = strchr(mailtop, '?')) != NULL)
767 rv = savestrbuf(mailtop, i = PTR2SIZE(rv - mailtop));
768 else
769 rv = savestrbuf(mailtop, i = strlen(mailtop));
770
771 i = strlen(rv);
772
773 /* Simply perform percent-decoding if there is a percent % */
774 if(memchr(rv, '%', i) != NULL){
775 char *rv_base;
776 bool_t err;
777
778 for(err = FAL0, mailtop = rv_base = rv; i > 0;){
779 char c;
780
781 if((c = *mailtop++) == '%'){
782 si32_t cc;
783
784 if(i < 3 || (cc = n_c_from_hex_base16(mailtop)) < 0){
785 if(!err && (err = TRU1, n_poption & n_PO_D_V))
786 n_err(_("Invalid RFC 6068 'mailto' URL: %s\n"),
787 n_shexp_quote_cp(mailtop_orig, FAL0));
788 goto jhex_putc;
789 }
790 *rv++ = (char)cc;
791 mailtop += 2;
792 i -= 3;
793 }else{
794 jhex_putc:
795 *rv++ = c;
796 --i;
797 }
798 }
799 *rv = '\0';
800 rv = rv_base;
801 }
802 jleave:
803 NYD_LEAVE;
804 return rv;
805 }
806
807 FL char const *
808 n_servbyname(char const *proto, ui16_t *irv_or_null){
809 static struct{
810 char const name[14];
811 char const port[8];
812 ui16_t portno;
813 } const tbl[] = {
814 { "smtp", "25", 25},
815 { "submission", "587", 587},
816 { "smtps", "465", 465},
817 { "pop3", "110", 110},
818 { "pop3s", "995", 995},
819 { "imap", "143", 143},
820 { "imaps", "993", 993},
821 { "file", "", 0}
822 };
823 char const *rv;
824 size_t l, i;
825 NYD2_ENTER;
826
827 for(rv = proto; *rv != '\0'; ++rv)
828 if(*rv == ':')
829 break;
830 l = PTR2SIZE(rv - proto);
831
832 for(rv = NULL, i = 0; i < n_NELEM(tbl); ++i)
833 if(!ascncasecmp(tbl[i].name, proto, l)){
834 rv = tbl[i].port;
835 if(irv_or_null != NULL)
836 *irv_or_null = tbl[i].portno;
837 break;
838 }
839 NYD2_LEAVE;
840 return rv;
841 }
842
843 #ifdef HAVE_SOCKETS /* Note: not indented for that -- later: file:// etc.! */
844 FL bool_t
845 url_parse(struct url *urlp, enum cproto cproto, char const *data)
846 {
847 #if defined HAVE_SMTP && defined HAVE_POP3
848 # define a_ALLPROTO
849 #endif
850 #if defined HAVE_SMTP || defined HAVE_POP3
851 # define a_ANYPROTO
852 char *cp, *x;
853 #endif
854 bool_t rv = FAL0;
855 NYD_ENTER;
856 n_UNUSED(data);
857
858 memset(urlp, 0, sizeof *urlp);
859 urlp->url_input = data;
860 urlp->url_cproto = cproto;
861
862 /* Network protocol */
863 #define a_PROTOX(X,Y,Z) \
864 urlp->url_portno = Y;\
865 memcpy(urlp->url_proto, X "://", sizeof(X "://"));\
866 urlp->url_proto[sizeof(X) -1] = '\0';\
867 urlp->url_proto_len = sizeof(X) -1;\
868 urlp->url_proto_xlen = sizeof(X "://") -1;\
869 do{ Z; }while(0)
870 #define a__IF(X,Y,Z) \
871 if(!ascncasecmp(data, X "://", sizeof(X "://") -1)){\
872 a_PROTOX(X, Y, Z);\
873 data += sizeof(X "://") -1;\
874 goto juser;\
875 }
876 #define a_IF(X,Y) a__IF(X, Y, (void)0)
877 #ifdef HAVE_SSL
878 # define a_IFS(X,Y) a__IF(X, Y, urlp->url_flags |= n_URL_TLS_REQUIRED)
879 # define a_IFs(X,Y) a__IF(X, Y, urlp->url_flags |= n_URL_TLS_OPTIONAL)
880 #else
881 # define a_IFS(X,Y) goto jeproto;
882 # define a_IFs(X,Y) a_IF(X, Y)
883 #endif
884
885 switch(cproto){
886 case CPROTO_CCRED:
887 /* The special S/MIME etc. credential lookup */
888 #ifdef HAVE_SSL
889 a_PROTOX("ccred", 0, (void)0);
890 break;
891 #else
892 goto jeproto;
893 #endif
894 case CPROTO_SMTP:
895 #ifdef HAVE_SMTP
896 a_IFS("smtps", 465)
897 a_IFs("smtp", 25)
898 a_IFs("submission", 587)
899 a_PROTOX("smtp", 25, urlp->url_flags |= n_URL_TLS_OPTIONAL);
900 break;
901 #else
902 goto jeproto;
903 #endif
904 case CPROTO_POP3:
905 #ifdef HAVE_POP3
906 a_IFS("pop3s", 995)
907 a_IFs("pop3", 110)
908 a_PROTOX("pop3", 110, urlp->url_flags |= n_URL_TLS_OPTIONAL);
909 break;
910 #else
911 goto jeproto;
912 #endif
913 #if 0
914 case CPROTO_IMAP:
915 a_IFS("imaps", 993)
916 a_IFs("imap", 143)
917 a_PROTOX("imap", 143, urlp->url_flags |= n_URL_TLS_OPTIONAL);
918 break;
919 else
920 goto jeproto;
921 #endif
922 }
923
924 #undef a_PROTOX
925 #undef a__IF
926 #undef a_IF
927 #undef a_IFS
928 #undef a_IFs
929
930 if (strstr(data, "://") != NULL) {
931 #if !defined a_ALLPROTO || !defined HAVE_SSL
932 jeproto:
933 #endif
934 n_err(_("URL proto:// prefix invalid: %s\n"), urlp->url_input);
935 goto jleave;
936 }
937 #ifdef a_ANYPROTO
938
939 /* User and password, I */
940 juser:
941 if ((cp = _url_last_at_before_slash(data)) != NULL) {
942 size_t l;
943 char const *urlpe, *d;
944 char *ub;
945
946 l = PTR2SIZE(cp - data);
947 ub = ac_alloc(l +1);
948 d = data;
949 urlp->url_flags |= n_URL_HAD_USER;
950 data = &cp[1];
951
952 /* And also have a password? */
953 if((cp = memchr(d, ':', l)) != NULL){
954 size_t i = PTR2SIZE(cp - d);
955
956 l -= i + 1;
957 memcpy(ub, cp + 1, l);
958 ub[l] = '\0';
959
960 if((urlp->url_pass.s = urlxdec(ub)) == NULL)
961 goto jurlp_err;
962 urlp->url_pass.l = strlen(urlp->url_pass.s);
963 if((urlpe = urlxenc(urlp->url_pass.s, FAL0)) == NULL)
964 goto jurlp_err;
965 if(strcmp(ub, urlpe))
966 goto jurlp_err;
967 l = i;
968 }
969
970 memcpy(ub, d, l);
971 ub[l] = '\0';
972 if((urlp->url_user.s = urlxdec(ub)) == NULL)
973 goto jurlp_err;
974 urlp->url_user.l = strlen(urlp->url_user.s);
975 if((urlp->url_user_enc.s = urlxenc(urlp->url_user.s, FAL0)) == NULL)
976 goto jurlp_err;
977 urlp->url_user_enc.l = strlen(urlp->url_user_enc.s);
978
979 if(urlp->url_user_enc.l != l || memcmp(urlp->url_user_enc.s, ub, l)){
980 jurlp_err:
981 n_err(_("String is not properly URL percent encoded: %s\n"), ub);
982 d = NULL;
983 }
984
985 ac_free(ub);
986 if(d == NULL)
987 goto jleave;
988 }
989
990 /* Servername and port -- and possible path suffix */
991 if ((cp = strchr(data, ':')) != NULL) { /* TODO URL parse, use IPAddress! */
992 urlp->url_port = x = savestr(x = &cp[1]);
993 if ((x = strchr(x, '/')) != NULL) {
994 *x = '\0';
995 while(*++x == '/')
996 ;
997 }
998
999 if((n_idec_ui16_cp(&urlp->url_portno, urlp->url_port, 10, NULL
1000 ) & (n_IDEC_STATE_EMASK | n_IDEC_STATE_CONSUMED)
1001 ) != n_IDEC_STATE_CONSUMED){
1002 n_err(_("URL with invalid port number: %s\n"), urlp->url_input);
1003 goto jleave;
1004 }
1005 } else {
1006 if ((x = strchr(data, '/')) != NULL) {
1007 data = savestrbuf(data, PTR2SIZE(x - data));
1008 while(*++x == '/')
1009 ;
1010 }
1011 cp = n_UNCONST(data + strlen(data));
1012 }
1013
1014 /* A (non-empty) path may only occur with IMAP */
1015 if (x != NULL && *x != '\0') {
1016 /* Take care not to count adjacent slashes for real, on either end */
1017 char *x2;
1018 size_t i;
1019
1020 for(x2 = savestrbuf(x, i = strlen(x)); i > 0; --i)
1021 if(x2[i - 1] != '/')
1022 break;
1023 x2[i] = '\0';
1024
1025 if (i > 0) {
1026 #if 0
1027 if (cproto != CPROTO_IMAP) {
1028 #endif
1029 n_err(_("URL protocol doesn't support paths: \"%s\"\n"),
1030 urlp->url_input);
1031 goto jleave;
1032 #if 0
1033 }
1034 urlp->url_path.l = i;
1035 urlp->url_path.s = x2;
1036 #endif
1037 }
1038 }
1039
1040 urlp->url_host.s = savestrbuf(data, urlp->url_host.l = PTR2SIZE(cp - data));
1041 { size_t i;
1042 for (cp = urlp->url_host.s, i = urlp->url_host.l; i != 0; ++cp, --i)
1043 *cp = lowerconv(*cp);
1044 }
1045
1046 /* .url_h_p: HOST:PORT */
1047 { size_t i;
1048 struct str *s = &urlp->url_h_p;
1049
1050 s->s = salloc(urlp->url_host.l + 1 + sizeof("65536")-1 +1);
1051 memcpy(s->s, urlp->url_host.s, i = urlp->url_host.l);
1052 if (urlp->url_port != NULL) {
1053 size_t j = strlen(urlp->url_port);
1054 s->s[i++] = ':';
1055 memcpy(s->s + i, urlp->url_port, j);
1056 i += j;
1057 }
1058 s->s[i] = '\0';
1059 s->l = i;
1060 }
1061
1062 /* User, II
1063 * If there was no user in the URL, do we have *user-HOST* or *user*? */
1064 if (!(urlp->url_flags & n_URL_HAD_USER)) {
1065 if ((urlp->url_user.s = xok_vlook(user, urlp, OXM_PLAIN | OXM_H_P))
1066 == NULL) {
1067 /* No, check whether .netrc lookup is desired */
1068 # ifdef HAVE_NETRC
1069 if (!ok_blook(v15_compat) ||
1070 !xok_blook(netrc_lookup, urlp, OXM_PLAIN | OXM_H_P) ||
1071 !_nrc_lookup(urlp, FAL0))
1072 # endif
1073 urlp->url_user.s = n_UNCONST(ok_vlook(LOGNAME));
1074 }
1075
1076 urlp->url_user.l = strlen(urlp->url_user.s);
1077 urlp->url_user.s = savestrbuf(urlp->url_user.s, urlp->url_user.l);
1078 if((urlp->url_user_enc.s = urlxenc(urlp->url_user.s, FAL0)) == NULL){
1079 n_err(_("Cannot URL encode %s\n"), urlp->url_user.s);
1080 goto jleave;
1081 }
1082 urlp->url_user_enc.l = strlen(urlp->url_user_enc.s);
1083 }
1084
1085 /* And then there are a lot of prebuild string combinations TODO do lazy */
1086
1087 /* .url_u_h: .url_user@.url_host
1088 * For SMTP we apply ridiculously complicated *v15-compat* plus
1089 * *smtp-hostname* / *hostname* dependent rules */
1090 { struct str h, *s;
1091 size_t i;
1092
1093 if (cproto == CPROTO_SMTP && ok_blook(v15_compat) &&
1094 (cp = ok_vlook(smtp_hostname)) != NULL) {
1095 if (*cp == '\0')
1096 cp = nodename(1);
1097 h.s = savestrbuf(cp, h.l = strlen(cp));
1098 } else
1099 h = urlp->url_host;
1100
1101 s = &urlp->url_u_h;
1102 i = urlp->url_user.l;
1103
1104 s->s = salloc(i + 1 + h.l +1);
1105 if (i > 0) {
1106 memcpy(s->s, urlp->url_user.s, i);
1107 s->s[i++] = '@';
1108 }
1109 memcpy(s->s + i, h.s, h.l +1);
1110 i += h.l;
1111 s->l = i;
1112 }
1113
1114 /* .url_u_h_p: .url_user@.url_host[:.url_port] */
1115 { struct str *s = &urlp->url_u_h_p;
1116 size_t i = urlp->url_user.l;
1117
1118 s->s = salloc(i + 1 + urlp->url_h_p.l +1);
1119 if (i > 0) {
1120 memcpy(s->s, urlp->url_user.s, i);
1121 s->s[i++] = '@';
1122 }
1123 memcpy(s->s + i, urlp->url_h_p.s, urlp->url_h_p.l +1);
1124 i += urlp->url_h_p.l;
1125 s->l = i;
1126 }
1127
1128 /* .url_eu_h_p: .url_user_enc@.url_host[:.url_port] */
1129 { struct str *s = &urlp->url_eu_h_p;
1130 size_t i = urlp->url_user_enc.l;
1131
1132 s->s = salloc(i + 1 + urlp->url_h_p.l +1);
1133 if (i > 0) {
1134 memcpy(s->s, urlp->url_user_enc.s, i);
1135 s->s[i++] = '@';
1136 }
1137 memcpy(s->s + i, urlp->url_h_p.s, urlp->url_h_p.l +1);
1138 i += urlp->url_h_p.l;
1139 s->l = i;
1140 }
1141
1142 /* .url_p_u_h_p: .url_proto://.url_u_h_p */
1143 { size_t i;
1144 char *ud = salloc((i = urlp->url_proto_xlen + urlp->url_u_h_p.l) +1);
1145
1146 urlp->url_proto[urlp->url_proto_len] = ':';
1147 memcpy(sstpcpy(ud, urlp->url_proto), urlp->url_u_h_p.s,
1148 urlp->url_u_h_p.l +1);
1149 urlp->url_proto[urlp->url_proto_len] = '\0';
1150
1151 urlp->url_p_u_h_p = ud;
1152 }
1153
1154 /* .url_p_eu_h_p, .url_p_eu_h_p_p: .url_proto://.url_eu_h_p[/.url_path] */
1155 { size_t i;
1156 char *ud = salloc((i = urlp->url_proto_xlen + urlp->url_eu_h_p.l) +
1157 1 + urlp->url_path.l +1);
1158
1159 urlp->url_proto[urlp->url_proto_len] = ':';
1160 memcpy(sstpcpy(ud, urlp->url_proto), urlp->url_eu_h_p.s,
1161 urlp->url_eu_h_p.l +1);
1162 urlp->url_proto[urlp->url_proto_len] = '\0';
1163
1164 if (urlp->url_path.l == 0)
1165 urlp->url_p_eu_h_p = urlp->url_p_eu_h_p_p = ud;
1166 else {
1167 urlp->url_p_eu_h_p = savestrbuf(ud, i);
1168 urlp->url_p_eu_h_p_p = ud;
1169 ud += i;
1170 *ud++ = '/';
1171 memcpy(ud, urlp->url_path.s, urlp->url_path.l +1);
1172 }
1173 }
1174
1175 rv = TRU1;
1176 #endif /* a_ANYPROTO */
1177 jleave:
1178 NYD_LEAVE;
1179 return rv;
1180 #undef a_ANYPROTO
1181 #undef a_ALLPROTO
1182 }
1183
1184 FL bool_t
1185 ccred_lookup_old(struct ccred *ccp, enum cproto cproto, char const *addr)
1186 {
1187 char const *pname, *pxstr, *authdef, *s;
1188 size_t pxlen, addrlen, i;
1189 char *vbuf;
1190 ui8_t authmask;
1191 enum {NONE=0, WANT_PASS=1<<0, REQ_PASS=1<<1, WANT_USER=1<<2, REQ_USER=1<<3}
1192 ware = NONE;
1193 bool_t addr_is_nuser = FAL0; /* XXX v15.0 legacy! v15_compat */
1194 NYD_ENTER;
1195
1196 n_OBSOLETE(_("Use of old-style credentials, which will vanish in v15!\n"
1197 " Please read the manual section "
1198 "\"On URL syntax and credential lookup\""));
1199
1200 memset(ccp, 0, sizeof *ccp);
1201
1202 switch (cproto) {
1203 default:
1204 case CPROTO_SMTP:
1205 pname = "SMTP";
1206 pxstr = "smtp-auth";
1207 pxlen = sizeof("smtp-auth") -1;
1208 authmask = AUTHTYPE_NONE | AUTHTYPE_PLAIN | AUTHTYPE_LOGIN |
1209 AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
1210 authdef = "none";
1211 addr_is_nuser = TRU1;
1212 break;
1213 case CPROTO_POP3:
1214 pname = "POP3";
1215 pxstr = "pop3-auth";
1216 pxlen = sizeof("pop3-auth") -1;
1217 authmask = AUTHTYPE_PLAIN;
1218 authdef = "plain";
1219 break;
1220 }
1221
1222 ccp->cc_cproto = cproto;
1223 addrlen = strlen(addr);
1224 vbuf = ac_alloc(pxlen + addrlen + sizeof("-password-")-1 +1);
1225 memcpy(vbuf, pxstr, pxlen);
1226
1227 /* Authentication type */
1228 vbuf[pxlen] = '-';
1229 memcpy(vbuf + pxlen + 1, addr, addrlen +1);
1230 if ((s = n_var_vlook(vbuf, FAL0)) == NULL) {
1231 vbuf[pxlen] = '\0';
1232 if ((s = n_var_vlook(vbuf, FAL0)) == NULL)
1233 s = n_UNCONST(authdef);
1234 }
1235
1236 if (!asccasecmp(s, "none")) {
1237 ccp->cc_auth = "NONE";
1238 ccp->cc_authtype = AUTHTYPE_NONE;
1239 /*ware = NONE;*/
1240 } else if (!asccasecmp(s, "plain")) {
1241 ccp->cc_auth = "PLAIN";
1242 ccp->cc_authtype = AUTHTYPE_PLAIN;
1243 ware = REQ_PASS | REQ_USER;
1244 } else if (!asccasecmp(s, "login")) {
1245 ccp->cc_auth = "LOGIN";
1246 ccp->cc_authtype = AUTHTYPE_LOGIN;
1247 ware = REQ_PASS | REQ_USER;
1248 } else if (!asccasecmp(s, "cram-md5")) {
1249 ccp->cc_auth = "CRAM-MD5";
1250 ccp->cc_authtype = AUTHTYPE_CRAM_MD5;
1251 ware = REQ_PASS | REQ_USER;
1252 } else if (!asccasecmp(s, "gssapi")) {
1253 ccp->cc_auth = "GSS-API";
1254 ccp->cc_authtype = AUTHTYPE_GSSAPI;
1255 ware = REQ_USER;
1256 } /* no else */
1257
1258 /* Verify method */
1259 if (!(ccp->cc_authtype & authmask)) {
1260 n_err(_("Unsupported %s authentication method: %s\n"), pname, s);
1261 ccp = NULL;
1262 goto jleave;
1263 }
1264 # ifndef HAVE_MD5
1265 if (ccp->cc_authtype == AUTHTYPE_CRAM_MD5) {
1266 n_err(_("No CRAM-MD5 support compiled in\n"));
1267 ccp = NULL;
1268 goto jleave;
1269 }
1270 # endif
1271 # ifndef HAVE_GSSAPI
1272 if (ccp->cc_authtype == AUTHTYPE_GSSAPI) {
1273 n_err(_("No GSS-API support compiled in\n"));
1274 ccp = NULL;
1275 goto jleave;
1276 }
1277 # endif
1278
1279 /* User name */
1280 if (!(ware & (WANT_USER | REQ_USER)))
1281 goto jpass;
1282
1283 if (!addr_is_nuser) {
1284 if ((s = _url_last_at_before_slash(addr)) != NULL) {
1285 char *cp;
1286
1287 cp = savestrbuf(addr, PTR2SIZE(s - addr));
1288
1289 if((ccp->cc_user.s = urlxdec(cp)) == NULL){
1290 n_err(_("String is not properly URL percent encoded: %s\n"), cp);
1291 ccp = NULL;
1292 goto jleave;
1293 }
1294 ccp->cc_user.l = strlen(ccp->cc_user.s);
1295 } else if (ware & REQ_USER)
1296 goto jgetuser;
1297 goto jpass;
1298 }
1299
1300 memcpy(vbuf + pxlen, "-user-", i = sizeof("-user-") -1);
1301 i += pxlen;
1302 memcpy(vbuf + i, addr, addrlen +1);
1303 if ((s = n_var_vlook(vbuf, FAL0)) == NULL) {
1304 vbuf[--i] = '\0';
1305 if ((s = n_var_vlook(vbuf, FAL0)) == NULL && (ware & REQ_USER)) {
1306 if ((s = getuser(NULL)) == NULL) {
1307 jgetuser: /* TODO v15.0: today we simply bail, but we should call getuser().
1308 * TODO even better: introduce "PROTO-user" and "PROTO-pass" and
1309 * TODO check that first, then! change control flow, grow vbuf */
1310 n_err(_("A user is necessary for %s authentication\n"), pname);
1311 ccp = NULL;
1312 goto jleave;
1313 }
1314 }
1315 }
1316 ccp->cc_user.l = strlen(ccp->cc_user.s = savestr(s));
1317
1318 /* Password */
1319 jpass:
1320 if (!(ware & (WANT_PASS | REQ_PASS)))
1321 goto jleave;
1322
1323 if (!addr_is_nuser) {
1324 memcpy(vbuf, "password-", i = sizeof("password-") -1);
1325 } else {
1326 memcpy(vbuf + pxlen, "-password-", i = sizeof("-password-") -1);
1327 i += pxlen;
1328 }
1329 memcpy(vbuf + i, addr, addrlen +1);
1330 if ((s = n_var_vlook(vbuf, FAL0)) == NULL) {
1331 vbuf[--i] = '\0';
1332 if ((!addr_is_nuser || (s = n_var_vlook(vbuf, FAL0)) == NULL) &&
1333 (ware & REQ_PASS)) {
1334 if ((s = getpassword(savecat(_("Password for "), pname))) == NULL) {
1335 n_err(_("A password is necessary for %s authentication\n"),
1336 pname);
1337 ccp = NULL;
1338 goto jleave;
1339 }
1340 }
1341 }
1342 if (s != NULL)
1343 ccp->cc_pass.l = strlen(ccp->cc_pass.s = savestr(s));
1344
1345 jleave:
1346 ac_free(vbuf);
1347 if (ccp != NULL && (n_poption & n_PO_D_VV))
1348 n_err(_("Credentials: host %s, user %s, pass %s\n"),
1349 addr, (ccp->cc_user.s != NULL ? ccp->cc_user.s : n_empty),
1350 (ccp->cc_pass.s != NULL ? ccp->cc_pass.s : n_empty));
1351 NYD_LEAVE;
1352 return (ccp != NULL);
1353 }
1354
1355 FL bool_t
1356 ccred_lookup(struct ccred *ccp, struct url *urlp)
1357 {
1358 char *s;
1359 char const *pstr, *authdef;
1360 ui8_t authmask;
1361 enum okeys authokey;
1362 enum {NONE=0, WANT_PASS=1<<0, REQ_PASS=1<<1, WANT_USER=1<<2, REQ_USER=1<<3}
1363 ware;
1364 NYD_ENTER;
1365
1366 memset(ccp, 0, sizeof *ccp);
1367 ccp->cc_user = urlp->url_user;
1368
1369 ware = NONE;
1370
1371 switch ((ccp->cc_cproto = urlp->url_cproto)) {
1372 case CPROTO_CCRED:
1373 authokey = (enum okeys)-1;
1374 authmask = AUTHTYPE_PLAIN;
1375 authdef = "plain";
1376 pstr = "ccred";
1377 break;
1378 default:
1379 case CPROTO_SMTP:
1380 authokey = ok_v_smtp_auth;
1381 authmask = AUTHTYPE_NONE | AUTHTYPE_PLAIN | AUTHTYPE_LOGIN |
1382 AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
1383 authdef = "plain";
1384 pstr = "smtp";
1385 break;
1386 case CPROTO_POP3:
1387 authokey = ok_v_pop3_auth;
1388 authmask = AUTHTYPE_PLAIN;
1389 authdef = "plain";
1390 pstr = "pop3";
1391 break;
1392 }
1393
1394 /* Authentication type */
1395 if (authokey == (enum okeys)-1 ||
1396 (s = xok_VLOOK(authokey, urlp, OXM_ALL)) == NULL)
1397 s = n_UNCONST(authdef);
1398
1399 if (!asccasecmp(s, "none")) {
1400 ccp->cc_auth = "NONE";
1401 ccp->cc_authtype = AUTHTYPE_NONE;
1402 /*ware = NONE;*/
1403 } else if (!asccasecmp(s, "plain")) {
1404 ccp->cc_auth = "PLAIN";
1405 ccp->cc_authtype = AUTHTYPE_PLAIN;
1406 ware = REQ_PASS | REQ_USER;
1407 } else if (!asccasecmp(s, "login")) {
1408 ccp->cc_auth = "LOGIN";
1409 ccp->cc_authtype = AUTHTYPE_LOGIN;
1410 ware = REQ_PASS | REQ_USER;
1411 } else if (!asccasecmp(s, "cram-md5")) {
1412 ccp->cc_auth = "CRAM-MD5";
1413 ccp->cc_authtype = AUTHTYPE_CRAM_MD5;
1414 ware = REQ_PASS | REQ_USER;
1415 } else if (!asccasecmp(s, "gssapi")) {
1416 ccp->cc_auth = "GSS-API";
1417 ccp->cc_authtype = AUTHTYPE_GSSAPI;
1418 ware = REQ_USER;
1419 } /* no else */
1420
1421 /* Verify method */
1422 if (!(ccp->cc_authtype & authmask)) {
1423 n_err(_("Unsupported %s authentication method: %s\n"), pstr, s);
1424 ccp = NULL;
1425 goto jleave;
1426 }
1427 # ifndef HAVE_MD5
1428 if (ccp->cc_authtype == AUTHTYPE_CRAM_MD5) {
1429 n_err(_("No CRAM-MD5 support compiled in\n"));
1430 ccp = NULL;
1431 goto jleave;
1432 }
1433 # endif
1434 # ifndef HAVE_GSSAPI
1435 if (ccp->cc_authtype == AUTHTYPE_GSSAPI) {
1436 n_err(_("No GSS-API support compiled in\n"));
1437 ccp = NULL;
1438 goto jleave;
1439 }
1440 # endif
1441
1442 /* Password */
1443 ccp->cc_pass = urlp->url_pass;
1444 if (ccp->cc_pass.s != NULL)
1445 goto jleave;
1446
1447 if ((s = xok_vlook(password, urlp, OXM_ALL)) != NULL)
1448 goto js2pass;
1449 # ifdef HAVE_AGENT /* TODO v15-compat obsolete */
1450 if ((s = xok_vlook(agent_shell_lookup, urlp, OXM_ALL)) != NULL) {
1451 n_OBSOLETE(_("*agent-shell-lookup* will vanish. Please use encrypted "
1452 "~/.netrc (via *netrc-pipe*), or simply `source' an encrypted file"));
1453 if (!_agent_shell_lookup(urlp, s)) {
1454 ccp = NULL;
1455 goto jleave;
1456 } else if (urlp->url_pass.s != NULL) {
1457 ccp->cc_pass = urlp->url_pass;
1458 goto jleave;
1459 }
1460 }
1461 # endif
1462 # ifdef HAVE_NETRC
1463 if (xok_blook(netrc_lookup, urlp, OXM_ALL) && _nrc_lookup(urlp, TRU1)) {
1464 ccp->cc_pass = urlp->url_pass;
1465 goto jleave;
1466 }
1467 # endif
1468 if (ware & REQ_PASS) {
1469 if((s = getpassword(savecat(urlp->url_u_h.s, _(" requires a password: ")))
1470 ) != NULL)
1471 js2pass:
1472 ccp->cc_pass.l = strlen(ccp->cc_pass.s = savestr(s));
1473 else {
1474 n_err(_("A password is necessary for %s authentication\n"), pstr);
1475 ccp = NULL;
1476 }
1477 }
1478
1479 jleave:
1480 if(ccp != NULL && (n_poption & n_PO_D_VV))
1481 n_err(_("Credentials: host %s, user %s, pass %s\n"),
1482 urlp->url_h_p.s, (ccp->cc_user.s != NULL ? ccp->cc_user.s : n_empty),
1483 (ccp->cc_pass.s != NULL ? ccp->cc_pass.s : n_empty));
1484 NYD_LEAVE;
1485 return (ccp != NULL);
1486 }
1487 #endif /* HAVE_SOCKETS */
1488
1489 #ifdef HAVE_NETRC
1490 FL int
1491 c_netrc(void *v)
1492 {
1493 char **argv = v;
1494 struct nrc_node *nrc;
1495 bool_t load_only;
1496 NYD_ENTER;
1497
1498 load_only = FAL0;
1499 if (*argv == NULL)
1500 goto jlist;
1501 if (argv[1] != NULL)
1502 goto jerr;
1503 if (!asccasecmp(*argv, "show"))
1504 goto jlist;
1505 load_only = TRU1;
1506 if (!asccasecmp(*argv, "load"))
1507 goto jlist;
1508 if (!asccasecmp(*argv, "clear"))
1509 goto jclear;
1510 jerr:
1511 n_err(_("Synopsis: netrc: (<show> or) <clear> the .netrc cache\n"));
1512 v = NULL;
1513 jleave:
1514 NYD_LEAVE;
1515 return (v == NULL ? !STOP : !OKAY); /* xxx 1:bad 0:good -- do some */
1516
1517 jlist: {
1518 FILE *fp;
1519 size_t l;
1520
1521 if (_nrc_list == NULL)
1522 _nrc_init();
1523 if (_nrc_list == NRC_NODE_ERR) {
1524 n_err(_("Interpolate what file?\n"));
1525 v = NULL;
1526 goto jleave;
1527 }
1528 if (load_only)
1529 goto jleave;
1530
1531 if ((fp = Ftmp(NULL, "netrc", OF_RDWR | OF_UNLINK | OF_REGISTER)) == NULL) {
1532 n_perr(_("tmpfile"), 0);
1533 v = NULL;
1534 goto jleave;
1535 }
1536
1537 for (l = 0, nrc = _nrc_list; nrc != NULL; ++l, nrc = nrc->nrc_next) {
1538 fprintf(fp, _("machine %s "), nrc->nrc_dat); /* XXX quote? */
1539 if (nrc->nrc_ulen > 0)
1540 fprintf(fp, _("login \"%s\" "),
1541 string_quote(nrc->nrc_dat + nrc->nrc_mlen +1));
1542 if (nrc->nrc_plen > 0)
1543 fprintf(fp, _("password \"%s\"\n"),
1544 string_quote(nrc->nrc_dat + nrc->nrc_mlen +1 + nrc->nrc_ulen +1));
1545 else
1546 putc('\n', fp);
1547 }
1548
1549 page_or_print(fp, l);
1550 Fclose(fp);
1551 }
1552 goto jleave;
1553
1554 jclear:
1555 if (_nrc_list == NRC_NODE_ERR)
1556 _nrc_list = NULL;
1557 while ((nrc = _nrc_list) != NULL) {
1558 _nrc_list = nrc->nrc_next;
1559 free(nrc);
1560 }
1561 goto jleave;
1562 }
1563 #endif /* HAVE_NETRC */
1564
1565 #ifdef HAVE_MD5
1566 FL char *
1567 md5tohex(char hex[MD5TOHEX_SIZE], void const *vp)
1568 {
1569 char const *cp = vp;
1570 size_t i, j;
1571 NYD_ENTER;
1572
1573 for (i = 0; i < MD5TOHEX_SIZE / 2; ++i) {
1574 j = i << 1;
1575 # define __hex(n) ((n) > 9 ? (n) - 10 + 'a' : (n) + '0')
1576 hex[j] = __hex((cp[i] & 0xF0) >> 4);
1577 hex[++j] = __hex(cp[i] & 0x0F);
1578 # undef __hex
1579 }
1580 NYD_LEAVE;
1581 return hex;
1582 }
1583
1584 FL char *
1585 cram_md5_string(struct str const *user, struct str const *pass,
1586 char const *b64)
1587 {
1588 struct str in, out;
1589 char digest[16], *cp;
1590 NYD_ENTER;
1591
1592 out.s = NULL;
1593 if(user->l >= UIZ_MAX - 1 - MD5TOHEX_SIZE - 1)
1594 goto jleave;
1595 if(pass->l >= INT_MAX)
1596 goto jleave;
1597
1598 in.s = n_UNCONST(b64);
1599 in.l = strlen(in.s);
1600 if(!b64_decode(&out, &in))
1601 goto jleave;
1602 if(out.l >= INT_MAX){
1603 free(out.s);
1604 out.s = NULL;
1605 goto jleave;
1606 }
1607
1608 hmac_md5((uc_i*)out.s, out.l, (uc_i*)pass->s, pass->l, digest);
1609 free(out.s);
1610 cp = md5tohex(salloc(MD5TOHEX_SIZE +1), digest);
1611
1612 in.l = user->l + MD5TOHEX_SIZE +1;
1613 in.s = ac_alloc(user->l + 1 + MD5TOHEX_SIZE +1);
1614 memcpy(in.s, user->s, user->l);
1615 in.s[user->l] = ' ';
1616 memcpy(&in.s[user->l + 1], cp, MD5TOHEX_SIZE);
1617 if(b64_encode(&out, &in, B64_SALLOC | B64_CRLF) == NULL)
1618 out.s = NULL;
1619 ac_free(in.s);
1620 jleave:
1621 NYD_LEAVE;
1622 return out.s;
1623 }
1624
1625 FL void
1626 hmac_md5(unsigned char *text, int text_len, unsigned char *key, int key_len,
1627 void *digest)
1628 {
1629 /*
1630 * This code is taken from
1631 *
1632 * Network Working Group H. Krawczyk
1633 * Request for Comments: 2104 IBM
1634 * Category: Informational M. Bellare
1635 * UCSD
1636 * R. Canetti
1637 * IBM
1638 * February 1997
1639 *
1640 *
1641 * HMAC: Keyed-Hashing for Message Authentication
1642 */
1643 md5_ctx context;
1644 unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */
1645 unsigned char k_opad[65]; /* outer padding - key XORd with opad */
1646 unsigned char tk[16];
1647 int i;
1648 NYD_ENTER;
1649
1650 /* if key is longer than 64 bytes reset it to key=MD5(key) */
1651 if (key_len > 64) {
1652 md5_ctx tctx;
1653
1654 md5_init(&tctx);
1655 md5_update(&tctx, key, key_len);
1656 md5_final(tk, &tctx);
1657
1658 key = tk;
1659 key_len = 16;
1660 }
1661
1662 /* the HMAC_MD5 transform looks like:
1663 *
1664 * MD5(K XOR opad, MD5(K XOR ipad, text))
1665 *
1666 * where K is an n byte key
1667 * ipad is the byte 0x36 repeated 64 times
1668 * opad is the byte 0x5c repeated 64 times
1669 * and text is the data being protected */
1670
1671 /* start out by storing key in pads */
1672 memset(k_ipad, 0, sizeof k_ipad);
1673 memset(k_opad, 0, sizeof k_opad);
1674 memcpy(k_ipad, key, key_len);
1675 memcpy(k_opad, key, key_len);
1676
1677 /* XOR key with ipad and opad values */
1678 for (i=0; i<64; i++) {
1679 k_ipad[i] ^= 0x36;
1680 k_opad[i] ^= 0x5c;
1681 }
1682
1683 /* perform inner MD5 */
1684 md5_init(&context); /* init context for 1st pass */
1685 md5_update(&context, k_ipad, 64); /* start with inner pad */
1686 md5_update(&context, text, text_len); /* then text of datagram */
1687 md5_final(digest, &context); /* finish up 1st pass */
1688
1689 /* perform outer MD5 */
1690 md5_init(&context); /* init context for 2nd pass */
1691 md5_update(&context, k_opad, 64); /* start with outer pad */
1692 md5_update(&context, digest, 16); /* then results of 1st hash */
1693 md5_final(digest, &context); /* finish up 2nd pass */
1694 NYD_LEAVE;
1695 }
1696 #endif /* HAVE_MD5 */
1697
1698 /* s-it-mode */
A mail processing system intended to provide the functionality of the POSIX mailx(1) command