1 /*@ S-nail - a mail user agent derived from Berkeley Mail.
2 *@ URL parsing, credential handling and crypto hooks.
3 *@ .netrc parser quite loosely based upon NetBSD usr.bin/ftp/
4 *@ $NetBSD: ruserpass.c,v 1.33 2007/04/17 05:52:04 lukem Exp $
6 * Copyright (c) 2014 Steffen (Daode) Nurpmeso <sdaoden@users.sf.net>.
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 #ifndef HAVE_AMALGAMATION
26 /* NetBSD usr.bin/ftp/ruserpass.c uses 100 bytes for that, we need four
27 * concurrently (dummy, host, user, pass), so make it a KB */
28 # define NRC_TOKEN_MAXLEN (1024 / 4)
43 struct nrc_node
*nrc_next
;
44 struct nrc_node
*nrc_result
; /* In match phase, former possible one */
45 ui32_t nrc_mlen
; /* Length of machine name */
46 ui32_t nrc_ulen
; /* Length of user name */
47 ui32_t nrc_plen
; /* Length of password */
48 char nrc_dat
[VFIELD_SIZE(4)];
50 # define NRC_NODE_ERR ((struct nrc_node*)-1)
52 static struct nrc_node
*_nrc_list
;
53 #endif /* HAVE_NETRC */
55 /* Find the last @ before a slash
56 * TODO Casts off the const but this is ok here; obsolete function! */
57 #ifdef HAVE_SOCKETS /* temporary (we'll have file://..) */
58 static char * _url_last_at_before_slash(char const *sp
);
62 /* Initialize .netrc cache */
63 static void _nrc_init(void);
64 static enum nrc_token
__nrc_token(FILE *fi
, char buffer
[NRC_TOKEN_MAXLEN
]);
66 /* We shall lookup a machine in .netrc says ok_blook(netrc_lookup).
67 * only_pass is true then the lookup is for the password only, otherwise we
68 * look for a user (and add password only if we have an exact machine match) */
69 static bool_t
_nrc_lookup(struct url
*urlp
, bool_t only_pass
);
71 /* 0=no match; 1=exact match; -1=wildcard match */
72 static int __nrc_host_match(struct nrc_node
const *nrc
,
73 struct url
const *urlp
);
74 static bool_t
__nrc_find_user(struct url
*urlp
,
75 struct nrc_node
const *nrc
);
76 static bool_t
__nrc_find_pass(struct url
*urlp
, bool_t user_match
,
77 struct nrc_node
const *nrc
);
78 #endif /* HAVE_NETRC */
80 /* The password can also be gained through external agents */
82 static bool_t
_agent_shell_lookup(struct url
*urlp
, char const *comm
);
87 _url_last_at_before_slash(char const *sp
)
93 for (cp
= sp
; (c
= *cp
) != '\0'; ++cp
)
96 while (cp
> sp
&& *--cp
!= '@')
109 char buffer
[NRC_TOKEN_MAXLEN
], host
[NRC_TOKEN_MAXLEN
],
110 user
[NRC_TOKEN_MAXLEN
], pass
[NRC_TOKEN_MAXLEN
], *netrc_load
;
115 struct nrc_node
*ntail
= NULL
/* CC happy */, *nhead
= NULL
,
119 if ((netrc_load
= getenv("NETRC")/* TODO */) == NULL
)
120 netrc_load
= UNCONST(NETRC
);
121 if ((netrc_load
= file_expand(netrc_load
)) == NULL
)
124 if ((fi
= Fopen(netrc_load
, "r")) == NULL
) {
125 fprintf(stderr
, _("Cannot open `%s'\n"), netrc_load
);
129 /* Be simple and apply rigid (permission) check(s) */
130 if (fstat(fileno(fi
), &sb
) == -1 || !S_ISREG(sb
.st_mode
) ||
131 (sb
.st_mode
& (S_IRWXG
| S_IRWXO
))) {
133 _("Not a regular file, or accessible by non-user: `%s'\n"),
140 switch((t
= __nrc_token(fi
, buffer
))) {
145 default: /* Doesn't happen (but on error?), keep CC happy */
148 /* We ignore the default entry (require an exact host match), and we also
149 * ignore anything after such an entry (faulty syntax) */
154 /* Normalize HOST to lowercase */
156 if (!seen_default
&& (t
= __nrc_token(fi
, host
)) != NRC_INPUT
)
160 for (cp
= host
; *cp
!= '\0'; ++cp
)
161 *cp
= lowerconv(*cp
);
164 *user
= *pass
= '\0';
165 while ((t
= __nrc_token(fi
, buffer
)) != NRC_NONE
&& t
!= NRC_MACHINE
&&
169 if ((t
= __nrc_token(fi
, user
)) != NRC_INPUT
)
173 if ((t
= __nrc_token(fi
, pass
)) != NRC_INPUT
)
177 if ((t
= __nrc_token(fi
, buffer
)) != NRC_INPUT
)
181 if ((t
= __nrc_token(fi
, buffer
)) != NRC_INPUT
)
185 while ((c
= getc(fi
)) != EOF
)
186 if (c
== '\n') { /* xxx */
200 if (!seen_default
&& (*user
!= '\0' || *pass
!= '\0')) {
201 size_t hl
= strlen(host
), ul
= strlen(user
), pl
= strlen(pass
);
202 struct nrc_node
*nx
= smalloc(sizeof(*nx
) -
203 VFIELD_SIZEOF(struct nrc_node
, nrc_dat
) + hl
+1 + ul
+1 + pl
+1);
206 ntail
->nrc_next
= nx
;
214 memcpy(nx
->nrc_dat
, host
, ++hl
);
215 memcpy(nx
->nrc_dat
+ hl
, user
, ++ul
);
216 memcpy(nx
->nrc_dat
+ hl
+ ul
, pass
, ++pl
);
218 if (t
== NRC_MACHINE
)
220 if (t
== NRC_DEFAULT
)
231 if (options
& OPT_D_V
)
232 fprintf(stderr
, _("Errors occurred while parsing `%s'\n"), netrc_load
);
235 if (nrc
== NRC_NODE_ERR
)
236 while (nhead
!= NULL
) {
238 nhead
= nhead
->nrc_next
;
245 static enum nrc_token
246 __nrc_token(FILE *fi
, char buffer
[NRC_TOKEN_MAXLEN
])
250 enum nrc_token rv
= NRC_NONE
;
254 if (feof(fi
) || ferror(fi
))
257 while ((c
= getc(fi
)) != EOF
&& whitechar(c
))
263 /* Is it a quoted token? At least IBM syntax also supports ' quotes */
264 if (c
== '"' || c
== '\'') {
267 /* Not requiring the closing QM is (Net)BSD syntax */
268 while ((c
= getc(fi
)) != EOF
&& c
!= quotec
) {
269 /* Backslash escaping the next character is (Net)BSD syntax */
271 if ((c
= getc(fi
)) == EOF
)
274 if (PTRCMP(cp
, ==, buffer
+ NRC_TOKEN_MAXLEN
)) {
281 while ((c
= getc(fi
)) != EOF
&& !whitechar(c
)) {
282 /* Backslash escaping the next character is (Net)BSD syntax */
283 if (c
== '\\' && (c
= getc(fi
)) == EOF
)
286 if (PTRCMP(cp
, ==, buffer
+ NRC_TOKEN_MAXLEN
)) {
295 do {/*rv = NRC_NONE*/} while (0);
296 else if (!strcmp(buffer
, "default"))
298 else if (!strcmp(buffer
, "login"))
300 else if (!strcmp(buffer
, "password") || !strcmp(buffer
, "passwd"))
302 else if (!strcmp(buffer
, "account"))
304 else if (!strcmp(buffer
, "macdef"))
306 else if (!strcmp(buffer
, "machine"))
311 if (c
== EOF
&& !feof(fi
))
318 _nrc_lookup(struct url
*urlp
, bool_t only_pass
) /* TODO optimize; too tricky!! */
320 struct nrc_node
*nrc
, *nrc_wild
, *nrc_exact
;
324 assert(!only_pass
|| urlp
->url_user
.s
!= NULL
);
325 assert(only_pass
|| urlp
->url_user
.s
== NULL
);
327 if (_nrc_list
== NULL
)
329 if (_nrc_list
== NRC_NODE_ERR
)
332 nrc_wild
= nrc_exact
= NULL
;
333 for (nrc
= _nrc_list
; nrc
!= NULL
; nrc
= nrc
->nrc_next
)
334 switch (__nrc_host_match(nrc
, urlp
)) {
336 nrc
->nrc_result
= nrc_exact
;
340 nrc
->nrc_result
= nrc_wild
;
347 /* TODO _nrc_lookup(): PAIN! init: build sorted tree, single walk that!!
348 * TODO then: verify .netrc (unique fallback entries etc.) */
349 if (!only_pass
&& !__nrc_find_user(urlp
, nrc_exact
) &&
350 !__nrc_find_user(urlp
, nrc_wild
))
353 if (__nrc_find_pass(urlp
, TRU1
, nrc_exact
) ||
354 __nrc_find_pass(urlp
, TRU1
, nrc_wild
) ||
355 /* Do not try to find a password without exact user match unless we've
356 * been called during credential lookup, a.k.a. the second time */
358 __nrc_find_pass(urlp
, FAL0
, nrc_exact
) ||
359 __nrc_find_pass(urlp
, FAL0
, nrc_wild
))
367 __nrc_host_match(struct nrc_node
const *nrc
, struct url
const *urlp
)
374 /* Find a matching machine -- entries are all lowercase normalized */
375 if (nrc
->nrc_mlen
== urlp
->url_host
.l
) {
376 if (LIKELY(!memcmp(nrc
->nrc_dat
, urlp
->url_host
.s
, urlp
->url_host
.l
)))
381 /* Cannot be an exact match, but maybe the .netrc machine starts with
382 * a `*.' glob, which we recognize as an extension, meaning "skip
383 * a single subdomain, then match the rest" */
384 d1
= nrc
->nrc_dat
+ 2;
386 if (l1
<= 2 || d1
[-1] != '.' || d1
[-2] != '*')
390 /* Brute skipping over one subdomain, no RFC 1035 or RFC 1122 checks;
391 * in fact this even succeeds for `.host.com', but - why care, here? */
392 d2
= urlp
->url_host
.s
;
393 l2
= urlp
->url_host
.l
;
400 if (l2
== l1
&& !memcmp(d1
, d2
, l1
))
401 /* This matches, but we won't use it directly but watch out for an
402 * exact match first! */
410 __nrc_find_user(struct url
*urlp
, struct nrc_node
const *nrc
)
414 for (; nrc
!= NULL
; nrc
= nrc
->nrc_result
)
415 if (nrc
->nrc_ulen
> 0 && urlp
->url_user
.s
== NULL
) {
416 /* Fake it was part of URL otherwise XXX */
417 urlp
->url_had_user
= TRU1
;
418 /* That buffer will be duplicated by url_parse() in this case! */
419 urlp
->url_user
.s
= UNCONST(nrc
->nrc_dat
+ nrc
->nrc_mlen
+1);
420 urlp
->url_user
.l
= nrc
->nrc_ulen
;
425 return (nrc
!= NULL
);
429 __nrc_find_pass(struct url
*urlp
, bool_t user_match
, struct nrc_node
const *nrc
)
433 for (; nrc
!= NULL
; nrc
= nrc
->nrc_result
) {
434 if (user_match
&& (nrc
->nrc_ulen
!= urlp
->url_user
.l
||
435 memcmp(nrc
->nrc_dat
+ nrc
->nrc_mlen
+1, urlp
->url_user
.s
,
438 if (nrc
->nrc_plen
== 0)
441 /* We are responsible for duplicating this buffer! */
442 urlp
->url_pass
.s
= savestrbuf(nrc
->nrc_dat
+ nrc
->nrc_mlen
+1 +
443 nrc
->nrc_ulen
+ 1, (urlp
->url_pass
.l
= nrc
->nrc_plen
));
448 return (nrc
!= NULL
);
450 #endif /* HAVE_NETRC */
454 _agent_shell_lookup(struct url
*urlp
, char const *comm
)
457 char const *env_addon
[8];
460 union {char const *cp
; int c
; sighandler_type sht
;} u
;
465 env_addon
[0] = str_concat_csvl(&s
, AGENT_USER
, "=", urlp
->url_user
.s
,
467 env_addon
[1] = str_concat_csvl(&s
, AGENT_USER_ENC
, "=", urlp
->url_user_enc
.s
,
469 env_addon
[2] = str_concat_csvl(&s
, AGENT_HOST
, "=", urlp
->url_host
.s
,
471 env_addon
[3] = str_concat_csvl(&s
, AGENT_HOST_PORT
, "=", urlp
->url_h_p
.s
,
475 if ((u
.cp
= ok_vlook(SHELL
)) == NULL
)
477 if ((pbuf
= Popen(comm
, "r", u
.cp
, env_addon
, -1)) == NULL
) {
478 fprintf(stderr
, _("*agent-shell-lookup* startup failed (`%s')\n"),
483 for (s
.s
= NULL
, s
.l
= cl
= l
= 0; (u
.c
= getc(pbuf
)) != EOF
; ++cl
) {
484 if (u
.c
== '\n') /* xxx */
487 if (l
== sizeof(buf
) - 1) {
488 n_str_add_buf(&s
, buf
, l
);
493 n_str_add_buf(&s
, buf
, l
);
495 if (!Pclose(pbuf
, TRU1
)) {
496 if (options
& OPT_D_V
)
497 fprintf(stderr
, _("*agent-shell-lookup* execution failure (`%s')\n"),
502 /* We are responsible for duplicating this buffer! */
504 urlp
->url_pass
.s
= savestrbuf(s
.s
, urlp
->url_pass
.l
= s
.l
);
506 urlp
->url_pass
.s
= UNCONST(""), urlp
->url_pass
.l
= 0;
517 (urlxenc
)(char const *cp
, bool_t ispath SALLOC_DEBUG_ARGS
)
522 np
= n
= (salloc
)(strlen(cp
) * 3 +1 SALLOC_DEBUG_ARGSCALL
);
524 for (; (c1
= *cp
) != '\0'; ++cp
) {
525 /* (RFC 1738) RFC 3986, 2.3 Unreserved Characters:
526 * ALPHA / DIGIT / "-" / "." / "_" / "~"
527 * However add a special is[file]path mode for file-system friendliness */
528 if (alnumchar(c1
) || c1
== '_')
531 if (c1
!= '-' && c1
!= '.' && c1
!= '~')
534 } else if (PTRCMP(np
, >, n
) && (*cp
== '-' || *cp
== '.')) /* XXX imap */
539 mime_char_to_hexseq(np
+ 1, c1
);
549 (urlxdec
)(char const *cp SALLOC_DEBUG_ARGS
)
555 np
= n
= (salloc
)(strlen(cp
) +1 SALLOC_DEBUG_ARGSCALL
);
557 while ((c
= (uc_it
)*cp
++) != '\0') {
558 if (c
== '%' && cp
[0] != '\0' && cp
[1] != '\0') {
560 if (LIKELY((c
= mime_hexseq_to_char(cp
)) >= '\0'))
572 #ifdef HAVE_SOCKETS /* Note: not indented for that -- later: file:// etc.! */
574 url_parse(struct url
*urlp
, enum cproto cproto
, char const *data
)
576 #if defined HAVE_SMTP && defined HAVE_POP3 && defined HAVE_IMAP
579 #if defined HAVE_SMTP || defined HAVE_POP3 || defined HAVE_IMAP
587 memset(urlp
, 0, sizeof *urlp
);
588 urlp
->url_input
= data
;
589 urlp
->url_cproto
= cproto
;
591 /* Network protocol */
592 #define _protox(X,Y) \
593 urlp->url_portno = Y;\
594 memcpy(urlp->url_proto, X "://", sizeof(X "://"));\
595 urlp->url_proto[sizeof(X) -1] = '\0';\
596 urlp->url_proto_len = sizeof(X) -1;\
597 urlp->url_proto_xlen = sizeof(X "://") -1
598 #define __if(X,Y,Z) \
599 if (!ascncasecmp(data, X "://", sizeof(X "://") -1)) {\
601 data += sizeof(X "://") -1;\
602 do { Z; } while (0);\
605 #define _if(X,Y) __if(X, Y, (void)0)
607 # define _ifs(X,Y) __if(X, Y, urlp->url_needs_tls = TRU1)
609 # define _ifs(X,Y) goto jeproto;
616 _if ("submission", 587)
627 _protox("pop3", 110);
636 _protox("imap", 143);
648 if (strstr(data
, "://") != NULL
) {
649 #if !defined __ALLPROTO || !defined HAVE_SSL
652 fprintf(stderr
, _("URL `proto://' prefix invalid: `%s'\n"),
658 /* User and password, I */
660 if ((cp
= _url_last_at_before_slash(data
)) != NULL
) {
661 size_t l
= PTR2SIZE(cp
- data
);
662 char const *d
= data
;
663 char *ub
= ac_alloc(l
+1);
665 urlp
->url_had_user
= TRU1
;
668 /* And also have a password? */
669 if ((cp
= memchr(d
, ':', l
)) != NULL
) {
670 size_t i
= PTR2SIZE(cp
- d
);
673 memcpy(ub
, cp
+ 1, l
);
675 urlp
->url_pass
.l
= strlen(urlp
->url_pass
.s
= urlxdec(ub
));
677 if (strcmp(ub
, urlxenc(urlp
->url_pass
.s
, FAL0
))) {
679 _("String is not properly URL percent encoded: `%s'\n"), ub
);
687 urlp
->url_user
.l
= strlen(urlp
->url_user
.s
= urlxdec(ub
));
688 urlp
->url_user_enc
.l
= strlen(
689 urlp
->url_user_enc
.s
= urlxenc(urlp
->url_user
.s
, FAL0
));
691 if (urlp
->url_user_enc
.l
!= l
|| memcmp(urlp
->url_user_enc
.s
, ub
, l
)) {
693 _("String is not properly URL percent encoded: `%s'\n"), ub
);
700 /* Servername and port -- and possible path suffix */
701 if ((cp
= strchr(data
, ':')) != NULL
) { /* TODO URL parse, IPv6 support */
705 urlp
->url_port
= x
= savestr(x
= cp
+ 1);
706 if ((x
= strchr(x
, '/')) != NULL
)
708 l
= strtol(urlp
->url_port
, &eptr
, 10);
709 if (*eptr
!= '\0' || l
<= 0 || UICMP(32, l
, >=, 0xFFFFu
)) {
710 fprintf(stderr
, _("URL with invalid port number: `%s'\n"),
714 urlp
->url_portno
= (ui16_t
)l
;
716 if ((x
= strchr(data
, '/')) != NULL
)
717 data
= savestrbuf(data
, PTR2SIZE(x
- data
));
718 cp
= UNCONST(data
+ strlen(data
));
721 /* A (non-empty) path may only occur with IMAP */
722 if (x
!= NULL
&& x
[1] != '\0') {
723 if (cproto
!= CPROTO_IMAP
) {
724 fprintf(stderr
, _("URL protocol doesn't support paths: `%s'\n"),
728 urlp
->url_path
.l
= strlen(++x
);
729 urlp
->url_path
.s
= savestrbuf(x
, urlp
->url_path
.l
);
732 urlp
->url_host
.s
= savestrbuf(data
, urlp
->url_host
.l
= PTR2SIZE(cp
- data
));
734 for (cp
= urlp
->url_host
.s
, i
= urlp
->url_host
.l
; i
!= 0; ++cp
, --i
)
735 *cp
= lowerconv(*cp
);
738 /* .url_h_p: HOST:PORT */
740 struct str
*s
= &urlp
->url_h_p
;
742 s
->s
= salloc(urlp
->url_host
.l
+ 1 + sizeof("65536")-1 +1);
743 memcpy(s
->s
, urlp
->url_host
.s
, i
= urlp
->url_host
.l
);
744 if (urlp
->url_port
!= NULL
) {
745 size_t j
= strlen(urlp
->url_port
);
747 memcpy(s
->s
+ i
, urlp
->url_port
, j
);
755 * If there was no user in the URL, do we have *user-HOST* or *user*? */
756 if (!urlp
->url_had_user
) {
757 if ((urlp
->url_user
.s
= xok_vlook(user
, urlp
, OXM_PLAIN
| OXM_H_P
))
759 /* No, check wether .netrc lookup is desired */
761 if (!ok_blook(v15_compat
) ||
762 !xok_blook(netrc_lookup
, urlp
, OXM_PLAIN
| OXM_H_P
) ||
763 !_nrc_lookup(urlp
, FAL0
))
765 urlp
->url_user
.s
= UNCONST(myname
);
768 urlp
->url_user
.l
= strlen(urlp
->url_user
.s
);
769 urlp
->url_user
.s
= savestrbuf(urlp
->url_user
.s
, urlp
->url_user
.l
);
770 urlp
->url_user_enc
.l
= strlen(
771 urlp
->url_user_enc
.s
= urlxenc(urlp
->url_user
.s
, FAL0
));
774 /* And then there are a lot of prebuild string combinations TODO do lazy */
776 /* .url_u_h: .url_user@.url_host
777 * For SMTP we apply ridiculously complicated *v15-compat* plus
778 * *smtp-hostname* / *hostname* dependent rules */
782 if (cproto
== CPROTO_SMTP
&& ok_blook(v15_compat
) &&
783 (cp
= ok_vlook(smtp_hostname
)) != NULL
) {
786 h
.s
= savestrbuf(cp
, h
.l
= strlen(cp
));
791 i
= urlp
->url_user
.l
;
793 s
->s
= salloc(i
+ 1 + h
.l
+1);
795 memcpy(s
->s
, urlp
->url_user
.s
, i
);
798 memcpy(s
->s
+ i
, h
.s
, h
.l
+1);
803 /* .url_u_h_p: .url_user@.url_host[:.url_port] */
804 { struct str
*s
= &urlp
->url_u_h_p
;
805 size_t i
= urlp
->url_user
.l
;
807 s
->s
= salloc(i
+ 1 + urlp
->url_h_p
.l
+1);
809 memcpy(s
->s
, urlp
->url_user
.s
, i
);
812 memcpy(s
->s
+ i
, urlp
->url_h_p
.s
, urlp
->url_h_p
.l
+1);
813 i
+= urlp
->url_h_p
.l
;
817 /* .url_eu_h_p: .url_user_enc@.url_host[:.url_port] */
818 { struct str
*s
= &urlp
->url_eu_h_p
;
819 size_t i
= urlp
->url_user_enc
.l
;
821 s
->s
= salloc(i
+ 1 + urlp
->url_h_p
.l
+1);
823 memcpy(s
->s
, urlp
->url_user_enc
.s
, i
);
826 memcpy(s
->s
+ i
, urlp
->url_h_p
.s
, urlp
->url_h_p
.l
+1);
827 i
+= urlp
->url_h_p
.l
;
831 /* .url_p_u_h_p: .url_proto://.url_u_h_p */
833 char *ud
= salloc((i
= urlp
->url_proto_xlen
+ urlp
->url_u_h_p
.l
) +1);
835 urlp
->url_proto
[urlp
->url_proto_len
] = ':';
836 memcpy(sstpcpy(ud
, urlp
->url_proto
), urlp
->url_u_h_p
.s
,
837 urlp
->url_u_h_p
.l
+1);
838 urlp
->url_proto
[urlp
->url_proto_len
] = '\0';
840 urlp
->url_p_u_h_p
= ud
;
843 /* .url_p_eu_h_p, .url_p_eu_h_p_p: .url_proto://.url_eu_h_p[/.url_path] */
845 char *ud
= salloc((i
= urlp
->url_proto_xlen
+ urlp
->url_eu_h_p
.l
) +
846 1 + urlp
->url_path
.l
+1);
848 urlp
->url_proto
[urlp
->url_proto_len
] = ':';
849 memcpy(sstpcpy(ud
, urlp
->url_proto
), urlp
->url_eu_h_p
.s
,
850 urlp
->url_eu_h_p
.l
+1);
851 urlp
->url_proto
[urlp
->url_proto_len
] = '\0';
853 if (urlp
->url_path
.l
== 0)
854 urlp
->url_p_eu_h_p
= urlp
->url_p_eu_h_p_p
= ud
;
856 urlp
->url_p_eu_h_p
= savestrbuf(ud
, i
);
857 urlp
->url_p_eu_h_p_p
= ud
;
860 memcpy(ud
, urlp
->url_path
.s
, urlp
->url_path
.l
+1);
865 #endif /* __ANYPROTO */
874 ccred_lookup_old(struct ccred
*ccp
, enum cproto cproto
, char const *addr
)
876 char const *pname
, *pxstr
, *authdef
;
877 size_t pxlen
, addrlen
, i
;
880 enum {NONE
=0, WANT_PASS
=1<<0, REQ_PASS
=1<<1, WANT_USER
=1<<2, REQ_USER
=1<<3}
882 bool_t addr_is_nuser
= FAL0
; /* XXX v15.0 legacy! v15_compat */
885 memset(ccp
, 0, sizeof *ccp
);
892 pxlen
= sizeof("smtp-auth") -1;
893 authmask
= AUTHTYPE_NONE
| AUTHTYPE_PLAIN
| AUTHTYPE_LOGIN
|
894 AUTHTYPE_CRAM_MD5
| AUTHTYPE_GSSAPI
;
896 addr_is_nuser
= TRU1
;
901 pxlen
= sizeof("pop3-auth") -1;
902 authmask
= AUTHTYPE_PLAIN
;
908 pxlen
= sizeof("imap-auth") -1;
909 authmask
= AUTHTYPE_LOGIN
| AUTHTYPE_CRAM_MD5
| AUTHTYPE_GSSAPI
;
914 ccp
->cc_cproto
= cproto
;
915 addrlen
= strlen(addr
);
916 vbuf
= ac_alloc(pxlen
+ addrlen
+ sizeof("-password-")-1 +1);
917 memcpy(vbuf
, pxstr
, pxlen
);
919 /* Authentication type */
921 memcpy(vbuf
+ pxlen
+ 1, addr
, addrlen
+1);
922 if ((s
= vok_vlook(vbuf
)) == NULL
) {
924 if ((s
= vok_vlook(vbuf
)) == NULL
)
925 s
= UNCONST(authdef
);
928 if (!asccasecmp(s
, "none")) {
929 ccp
->cc_auth
= "NONE";
930 ccp
->cc_authtype
= AUTHTYPE_NONE
;
932 } else if (!asccasecmp(s
, "plain")) {
933 ccp
->cc_auth
= "PLAIN";
934 ccp
->cc_authtype
= AUTHTYPE_PLAIN
;
935 ware
= REQ_PASS
| REQ_USER
;
936 } else if (!asccasecmp(s
, "login")) {
937 ccp
->cc_auth
= "LOGIN";
938 ccp
->cc_authtype
= AUTHTYPE_LOGIN
;
939 ware
= REQ_PASS
| REQ_USER
;
940 } else if (!asccasecmp(s
, "cram-md5")) {
941 ccp
->cc_auth
= "CRAM-MD5";
942 ccp
->cc_authtype
= AUTHTYPE_CRAM_MD5
;
943 ware
= REQ_PASS
| REQ_USER
;
944 } else if (!asccasecmp(s
, "gssapi")) {
945 ccp
->cc_auth
= "GSS-API";
946 ccp
->cc_authtype
= AUTHTYPE_GSSAPI
;
951 if (!(ccp
->cc_authtype
& authmask
)) {
952 fprintf(stderr
, _("Unsupported %s authentication method: %s\n"),
958 if (ccp
->cc_authtype
== AUTHTYPE_CRAM_MD5
) {
959 fprintf(stderr
, _("No CRAM-MD5 support compiled in.\n"));
965 if (ccp
->cc_authtype
== AUTHTYPE_GSSAPI
) {
966 fprintf(stderr
, _("No GSS-API support compiled in.\n"));
973 if (!(ware
& (WANT_USER
| REQ_USER
)))
976 if (!addr_is_nuser
) {
977 if ((s
= _url_last_at_before_slash(addr
)) != NULL
) {
978 ccp
->cc_user
.s
= urlxdec(savestrbuf(addr
, PTR2SIZE(s
- addr
)));
979 ccp
->cc_user
.l
= strlen(ccp
->cc_user
.s
);
980 } else if (ware
& REQ_USER
)
985 memcpy(vbuf
+ pxlen
, "-user-", i
= sizeof("-user-") -1);
987 memcpy(vbuf
+ i
, addr
, addrlen
+1);
988 if ((s
= vok_vlook(vbuf
)) == NULL
) {
990 if ((s
= vok_vlook(vbuf
)) == NULL
&& (ware
& REQ_USER
)) {
991 if ((s
= getuser(NULL
)) == NULL
) {
992 jgetuser
: /* TODO v15.0: today we simply bail, but we should call getuser().
993 * TODO even better: introduce `PROTO-user' and `PROTO-pass' and
994 * TODO check that first, then! change control flow, grow `vbuf' */
995 fprintf(stderr
, _("A user is necessary for %s authentication.\n"),
1002 ccp
->cc_user
.l
= strlen(ccp
->cc_user
.s
= savestr(s
));
1006 if (!(ware
& (WANT_PASS
| REQ_PASS
)))
1009 if (!addr_is_nuser
) {
1010 memcpy(vbuf
, "password-", i
= sizeof("password-") -1);
1012 memcpy(vbuf
+ pxlen
, "-password-", i
= sizeof("-password-") -1);
1015 memcpy(vbuf
+ i
, addr
, addrlen
+1);
1016 if ((s
= vok_vlook(vbuf
)) == NULL
) {
1018 if ((!addr_is_nuser
|| (s
= vok_vlook(vbuf
)) == NULL
) &&
1019 (ware
& REQ_PASS
)) {
1020 if ((s
= getpassword(NULL
)) == NULL
) {
1022 _("A password is necessary for %s authentication.\n"), pname
);
1029 ccp
->cc_pass
.l
= strlen(ccp
->cc_pass
.s
= savestr(s
));
1033 if (ccp
!= NULL
&& (options
& OPT_D_VV
))
1034 fprintf(stderr
, _("Credentials: host `%s', user `%s', pass `%s'\n"),
1035 addr
, (ccp
->cc_user
.s
!= NULL
? ccp
->cc_user
.s
: ""),
1036 (ccp
->cc_pass
.s
!= NULL
? ccp
->cc_pass
.s
: ""));
1038 return (ccp
!= NULL
);
1042 ccred_lookup(struct ccred
*ccp
, struct url
*urlp
)
1044 char const *pstr
, *authdef
;
1046 enum okeys authokey
;
1048 enum {NONE
=0, WANT_PASS
=1<<0, REQ_PASS
=1<<1, WANT_USER
=1<<2, REQ_USER
=1<<3}
1052 memset(ccp
, 0, sizeof *ccp
);
1053 ccp
->cc_user
= urlp
->url_user
;
1055 switch ((ccp
->cc_cproto
= urlp
->url_cproto
)) {
1059 authokey
= ok_v_smtp_auth
;
1060 authmask
= AUTHTYPE_NONE
| AUTHTYPE_PLAIN
| AUTHTYPE_LOGIN
|
1061 AUTHTYPE_CRAM_MD5
| AUTHTYPE_GSSAPI
;
1066 authokey
= ok_v_pop3_auth
;
1067 authmask
= AUTHTYPE_PLAIN
;
1072 authokey
= ok_v_imap_auth
;
1073 authmask
= AUTHTYPE_LOGIN
| AUTHTYPE_CRAM_MD5
| AUTHTYPE_GSSAPI
;
1078 /* Authentication type */
1079 if ((s
= xok_VLOOK(authokey
, urlp
, OXM_ALL
)) == NULL
)
1080 s
= UNCONST(authdef
);
1082 if (!asccasecmp(s
, "none")) {
1083 ccp
->cc_auth
= "NONE";
1084 ccp
->cc_authtype
= AUTHTYPE_NONE
;
1086 } else if (!asccasecmp(s
, "plain")) {
1087 ccp
->cc_auth
= "PLAIN";
1088 ccp
->cc_authtype
= AUTHTYPE_PLAIN
;
1089 ware
= REQ_PASS
| REQ_USER
;
1090 } else if (!asccasecmp(s
, "login")) {
1091 ccp
->cc_auth
= "LOGIN";
1092 ccp
->cc_authtype
= AUTHTYPE_LOGIN
;
1093 ware
= REQ_PASS
| REQ_USER
;
1094 } else if (!asccasecmp(s
, "cram-md5")) {
1095 ccp
->cc_auth
= "CRAM-MD5";
1096 ccp
->cc_authtype
= AUTHTYPE_CRAM_MD5
;
1097 ware
= REQ_PASS
| REQ_USER
;
1098 } else if (!asccasecmp(s
, "gssapi")) {
1099 ccp
->cc_auth
= "GSS-API";
1100 ccp
->cc_authtype
= AUTHTYPE_GSSAPI
;
1105 if (!(ccp
->cc_authtype
& authmask
)) {
1106 fprintf(stderr
, _("Unsupported %s authentication method: %s\n"), pstr
, s
);
1111 if (ccp
->cc_authtype
== AUTHTYPE_CRAM_MD5
) {
1112 fprintf(stderr
, _("No CRAM-MD5 support compiled in.\n"));
1117 # ifndef HAVE_GSSAPI
1118 if (ccp
->cc_authtype
== AUTHTYPE_GSSAPI
) {
1119 fprintf(stderr
, _("No GSS-API support compiled in.\n"));
1126 if ((ccp
->cc_pass
= urlp
->url_pass
).s
!= NULL
)
1129 if ((s
= xok_vlook(password
, urlp
, OXM_ALL
)) != NULL
)
1132 if ((s
= xok_vlook(agent_shell_lookup
, urlp
, OXM_ALL
)) != NULL
) {
1133 if (!_agent_shell_lookup(urlp
, s
)) {
1136 } else if (urlp
->url_pass
.s
!= NULL
) {
1137 ccp
->cc_pass
= urlp
->url_pass
;
1143 if (xok_blook(netrc_lookup
, urlp
, OXM_ALL
) && _nrc_lookup(urlp
, TRU1
)) {
1144 ccp
->cc_pass
= urlp
->url_pass
;
1148 if (ware
& REQ_PASS
) {
1149 if ((s
= getpassword(NULL
)) != NULL
)
1151 ccp
->cc_pass
.l
= strlen(ccp
->cc_pass
.s
= savestr(s
));
1153 fprintf(stderr
, _("A password is necessary for %s authentication.\n"),
1160 if (ccp
!= NULL
&& (options
& OPT_D_VV
))
1161 fprintf(stderr
, _("Credentials: host `%s', user `%s', pass `%s'\n"),
1162 urlp
->url_h_p
.s
, (ccp
->cc_user
.s
!= NULL
? ccp
->cc_user
.s
: ""),
1163 (ccp
->cc_pass
.s
!= NULL
? ccp
->cc_pass
.s
: ""));
1165 return (ccp
!= NULL
);
1167 #endif /* HAVE_SOCKETS */
1174 struct nrc_node
*nrc
;
1179 if (argv
[1] != NULL
)
1181 if (!asccasecmp(*argv
, "show"))
1183 if (!asccasecmp(*argv
, "clear"))
1186 fprintf(stderr
, "Synopsis: netrc: %s\n",
1187 _("Either <show> (default) or <clear> the .netrc cache"));
1191 return (v
== NULL
? !STOP
: !OKAY
); /* xxx 1:bad 0:good -- do some */
1197 if (_nrc_list
== NULL
)
1199 if (_nrc_list
== NRC_NODE_ERR
) {
1200 fprintf(stderr
, _("Interpolate what file?\n"));
1205 if ((fp
= Ftmp(NULL
, "netrc", OF_RDWR
| OF_UNLINK
| OF_REGISTER
, 0600)
1212 for (l
= 0, nrc
= _nrc_list
; nrc
!= NULL
; ++l
, nrc
= nrc
->nrc_next
) {
1213 fprintf(fp
, _("Host %s: "), nrc
->nrc_dat
);
1214 if (nrc
->nrc_ulen
> 0)
1215 fprintf(fp
, _("user %s, "), nrc
->nrc_dat
+ nrc
->nrc_mlen
+1);
1217 fputs(_("no user, "), fp
);
1218 if (nrc
->nrc_plen
> 0)
1219 fprintf(fp
, _("password %s.\n"),
1220 nrc
->nrc_dat
+ nrc
->nrc_mlen
+1 + nrc
->nrc_ulen
+1);
1222 fputs(_("no password.\n"), fp
);
1225 page_or_print(fp
, l
);
1231 if (_nrc_list
== NRC_NODE_ERR
)
1233 while ((nrc
= _nrc_list
) != NULL
) {
1234 _nrc_list
= nrc
->nrc_next
;
1239 #endif /* HAVE_NETRC */
1243 md5tohex(char hex
[MD5TOHEX_SIZE
], void const *vp
)
1245 char const *cp
= vp
;
1249 for (i
= 0; i
< MD5TOHEX_SIZE
/ 2; ++i
) {
1251 # define __hex(n) ((n) > 9 ? (n) - 10 + 'a' : (n) + '0')
1252 hex
[j
] = __hex((cp
[i
] & 0xF0) >> 4);
1253 hex
[++j
] = __hex(cp
[i
] & 0x0F);
1261 cram_md5_string(struct str
const *user
, struct str
const *pass
,
1265 char digest
[16], *cp
;
1269 in
.s
= UNCONST(b64
);
1270 in
.l
= strlen(in
.s
);
1271 b64_decode(&out
, &in
, NULL
);
1272 assert(out
.s
!= NULL
);
1274 hmac_md5((uc_it
*)out
.s
, out
.l
, (uc_it
*)pass
->s
, pass
->l
, digest
);
1276 cp
= md5tohex(salloc(MD5TOHEX_SIZE
+1), digest
);
1278 in
.l
= user
->l
+ MD5TOHEX_SIZE
+1;
1279 in
.s
= ac_alloc(user
->l
+ 1 + MD5TOHEX_SIZE
+1);
1280 memcpy(in
.s
, user
->s
, user
->l
);
1281 in
.s
[user
->l
] = ' ';
1282 memcpy(in
.s
+ user
->l
+ 1, cp
, MD5TOHEX_SIZE
);
1283 b64_encode(&out
, &in
, B64_SALLOC
| B64_CRLF
);
1290 hmac_md5(unsigned char *text
, int text_len
, unsigned char *key
, int key_len
,
1294 * This code is taken from
1296 * Network Working Group H. Krawczyk
1297 * Request for Comments: 2104 IBM
1298 * Category: Informational M. Bellare
1305 * HMAC: Keyed-Hashing for Message Authentication
1308 unsigned char k_ipad
[65]; /* inner padding - key XORd with ipad */
1309 unsigned char k_opad
[65]; /* outer padding - key XORd with opad */
1310 unsigned char tk
[16];
1314 /* if key is longer than 64 bytes reset it to key=MD5(key) */
1319 md5_update(&tctx
, key
, key_len
);
1320 md5_final(tk
, &tctx
);
1326 /* the HMAC_MD5 transform looks like:
1328 * MD5(K XOR opad, MD5(K XOR ipad, text))
1330 * where K is an n byte key
1331 * ipad is the byte 0x36 repeated 64 times
1332 * opad is the byte 0x5c repeated 64 times
1333 * and text is the data being protected */
1335 /* start out by storing key in pads */
1336 memset(k_ipad
, 0, sizeof k_ipad
);
1337 memset(k_opad
, 0, sizeof k_opad
);
1338 memcpy(k_ipad
, key
, key_len
);
1339 memcpy(k_opad
, key
, key_len
);
1341 /* XOR key with ipad and opad values */
1342 for (i
=0; i
<64; i
++) {
1347 /* perform inner MD5 */
1348 md5_init(&context
); /* init context for 1st pass */
1349 md5_update(&context
, k_ipad
, 64); /* start with inner pad */
1350 md5_update(&context
, text
, text_len
); /* then text of datagram */
1351 md5_final(digest
, &context
); /* finish up 1st pass */
1353 /* perform outer MD5 */
1354 md5_init(&context
); /* init context for 2nd pass */
1355 md5_update(&context
, k_opad
, 64); /* start with outer pad */
1356 md5_update(&context
, digest
, 16); /* then results of 1st hash */
1357 md5_final(digest
, &context
); /* finish up 2nd pass */
1360 #endif /* HAVE_MD5 */