search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
url_servbyname() -> n_servbyname(); "support" file://
[s-mailx.git] / urlcrecry.c
blob985f53dc931e4cb80eb6dc9cae2e538783dcaed5
1 /*@ S-nail - a mail user agent derived from Berkeley Mail.
2 *@ URL parsing, credential handling and crypto hooks.
3 *@ .netrc parser quite loosely based upon NetBSD usr.bin/ftp/
4 *@ $NetBSD: ruserpass.c,v 1.33 2007/04/17 05:52:04 lukem Exp $
5 *
6 * Copyright (c) 2014 - 2015 Steffen (Daode) Nurpmeso <sdaoden@users.sf.net>.
7 *
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20 #undef n_FILE
21 #define n_FILE urlcrecry
22
23 #ifndef HAVE_AMALGAMATION
24 # include "nail.h"
25 #endif
26
27 #ifdef HAVE_NETRC
28 /* NetBSD usr.bin/ftp/ruserpass.c uses 100 bytes for that, we need four
29 * concurrently (dummy, host, user, pass), so make it a KB */
30 # define NRC_TOKEN_MAXLEN (1024 / 4)
31
32 enum nrc_token {
33 NRC_ERROR = -1,
34 NRC_NONE = 0,
35 NRC_DEFAULT,
36 NRC_LOGIN,
37 NRC_PASSWORD,
38 NRC_ACCOUNT,
39 NRC_MACDEF,
40 NRC_MACHINE,
41 NRC_INPUT
42 };
43
44 struct nrc_node {
45 struct nrc_node *nrc_next;
46 struct nrc_node *nrc_result; /* In match phase, former possible one */
47 ui32_t nrc_mlen; /* Length of machine name */
48 ui32_t nrc_ulen; /* Length of user name */
49 ui32_t nrc_plen; /* Length of password */
50 char nrc_dat[VFIELD_SIZE(sizeof(ui32_t))];
51 };
52 # define NRC_NODE_ERR ((struct nrc_node*)-1)
53
54 static struct nrc_node *_nrc_list;
55 #endif /* HAVE_NETRC */
56
57 /* Find the last @ before a slash
58 * TODO Casts off the const but this is ok here; obsolete function! */
59 #ifdef HAVE_SOCKETS /* temporary (we'll have file://..) */
60 static char * _url_last_at_before_slash(char const *sp);
61 #endif
62
63 #ifdef HAVE_NETRC
64 /* Initialize .netrc cache */
65 static void _nrc_init(void);
66 static enum nrc_token __nrc_token(FILE *fi, char buffer[NRC_TOKEN_MAXLEN],
67 bool_t *nl_last);
68
69 /* We shall lookup a machine in .netrc says ok_blook(netrc_lookup).
70 * only_pass is true then the lookup is for the password only, otherwise we
71 * look for a user (and add password only if we have an exact machine match) */
72 static bool_t _nrc_lookup(struct url *urlp, bool_t only_pass);
73
74 /* 0=no match; 1=exact match; -1=wildcard match */
75 static int __nrc_host_match(struct nrc_node const *nrc,
76 struct url const *urlp);
77 static bool_t __nrc_find_user(struct url *urlp,
78 struct nrc_node const *nrc);
79 static bool_t __nrc_find_pass(struct url *urlp, bool_t user_match,
80 struct nrc_node const *nrc);
81 #endif /* HAVE_NETRC */
82
83 /* The password can also be gained through external agents TODO v15-compat */
84 #ifdef HAVE_AGENT
85 static bool_t _agent_shell_lookup(struct url *urlp, char const *comm);
86 #endif
87
88 #ifdef HAVE_SOCKETS
89 static char *
90 _url_last_at_before_slash(char const *sp)
91 {
92 char const *cp;
93 char c;
94 NYD2_ENTER;
95
96 for (cp = sp; (c = *cp) != '\0'; ++cp)
97 if (c == '/')
98 break;
99 while (cp > sp && *--cp != '@')
100 ;
101 if (*cp != '@')
102 cp = NULL;
103 NYD2_LEAVE;
104 return UNCONST(cp);
105 }
106 #endif
107
108 #ifdef HAVE_NETRC
109 static void
110 _nrc_init(void)
111 {
112 struct n_sigman sm;
113 char buffer[NRC_TOKEN_MAXLEN], host[NRC_TOKEN_MAXLEN],
114 user[NRC_TOKEN_MAXLEN], pass[NRC_TOKEN_MAXLEN], *netrc_load;
115 struct stat sb;
116 FILE *fi;
117 enum nrc_token t;
118 bool_t ispipe, seen_default, nl_last;
119 struct nrc_node *ntail, *nhead, *nrc;
120 NYD_ENTER;
121
122 UNINIT(ntail, NULL);
123 nhead = NULL;
124 nrc = NRC_NODE_ERR;
125 ispipe = FAL0;
126 fi = NULL;
127
128 n_SIGMAN_ENTER_SWITCH(&sm, n_SIGMAN_ALL) {
129 case 0:
130 break;
131 default:
132 goto jleave;
133 }
134
135 if ((netrc_load = ok_vlook(netrc_pipe)) != NULL) {
136 ispipe = TRU1;
137 if ((fi = Popen(netrc_load, "r", ok_vlook(SHELL), NULL, COMMAND_FD_NULL)
138 ) == NULL) {
139 n_perr(netrc_load, 0);
140 goto j_leave;
141 }
142 } else {
143 if ((netrc_load = file_expand(ok_vlook(NETRC))) == NULL)
144 goto j_leave;
145
146 if ((fi = Fopen(netrc_load, "r")) == NULL) {
147 n_err(_("Cannot open \"%s\"\n"), netrc_load);
148 goto j_leave;
149 }
150
151 /* Be simple and apply rigid (permission) check(s) */
152 if (fstat(fileno(fi), &sb) == -1 || !S_ISREG(sb.st_mode) ||
153 (sb.st_mode & (S_IRWXG | S_IRWXO))) {
154 n_err(_("Not a regular file, or accessible by non-user: \"%s\"\n"),
155 netrc_load);
156 goto jleave;
157 }
158 }
159
160 seen_default = FAL0;
161 nl_last = TRU1;
162 jnext:
163 switch((t = __nrc_token(fi, buffer, &nl_last))) {
164 case NRC_NONE:
165 break;
166 default: /* Doesn't happen (but on error?), keep CC happy */
167 case NRC_DEFAULT:
168 jdef:
169 /* We ignore the default entry (require an exact host match), and we also
170 * ignore anything after such an entry (faulty syntax) */
171 seen_default = TRU1;
172 /* FALLTHRU */
173 case NRC_MACHINE:
174 jm_h:
175 /* Normalize HOST to lowercase */
176 *host = '\0';
177 if (!seen_default && (t = __nrc_token(fi, host, &nl_last)) != NRC_INPUT)
178 goto jerr;
179 else {
180 char *cp;
181 for (cp = host; *cp != '\0'; ++cp)
182 *cp = lowerconv(*cp);
183 }
184
185 *user = *pass = '\0';
186 while ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_NONE &&
187 t != NRC_MACHINE && t != NRC_DEFAULT) {
188 switch(t) {
189 case NRC_LOGIN:
190 if ((t = __nrc_token(fi, user, &nl_last)) != NRC_INPUT)
191 goto jerr;
192 break;
193 case NRC_PASSWORD:
194 if ((t = __nrc_token(fi, pass, &nl_last)) != NRC_INPUT)
195 goto jerr;
196 break;
197 case NRC_ACCOUNT:
198 if ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_INPUT)
199 goto jerr;
200 break;
201 case NRC_MACDEF:
202 if ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_INPUT)
203 goto jerr;
204 else {
205 int i = 0, c;
206 while ((c = getc(fi)) != EOF)
207 if (c == '\n') { /* xxx */
208 /* Don't care about comments here, since we parse until
209 * we've seen two successive newline characters */
210 if (i)
211 break;
212 i = 1;
213 } else
214 i = 0;
215 }
216 break;
217 default:
218 case NRC_ERROR:
219 goto jerr;
220 }
221 }
222
223 if (!seen_default && (*user != '\0' || *pass != '\0')) {
224 size_t hl = strlen(host), ul = strlen(user), pl = strlen(pass);
225 struct nrc_node *nx = smalloc(sizeof(*nx) -
226 VFIELD_SIZEOF(struct nrc_node, nrc_dat) + hl +1 + ul +1 + pl +1);
227
228 if (nhead != NULL)
229 ntail->nrc_next = nx;
230 else
231 nhead = nx;
232 ntail = nx;
233 nx->nrc_next = NULL;
234 nx->nrc_mlen = hl;
235 nx->nrc_ulen = ul;
236 nx->nrc_plen = pl;
237 memcpy(nx->nrc_dat, host, ++hl);
238 memcpy(nx->nrc_dat + hl, user, ++ul);
239 memcpy(nx->nrc_dat + hl + ul, pass, ++pl);
240 }
241 if (t == NRC_MACHINE)
242 goto jm_h;
243 if (t == NRC_DEFAULT)
244 goto jdef;
245 if (t != NRC_NONE)
246 goto jnext;
247 break;
248 case NRC_ERROR:
249 jerr:
250 if (options & OPT_D_V)
251 n_err(_("Errors occurred while parsing \"%s\"\n"), netrc_load);
252 assert(nrc == NRC_NODE_ERR);
253 goto jleave;
254 }
255
256 if (nhead != NULL)
257 nrc = nhead;
258 n_sigman_cleanup_ping(&sm);
259 jleave:
260 if (fi != NULL) {
261 if (ispipe)
262 Pclose(fi, TRU1);
263 else
264 Fclose(fi);
265 }
266 if (nrc == NRC_NODE_ERR)
267 while (nhead != NULL) {
268 ntail = nhead;
269 nhead = nhead->nrc_next;
270 free(ntail);
271 }
272 j_leave:
273 _nrc_list = nrc;
274 NYD_LEAVE;
275 n_sigman_leave(&sm, n_SIGMAN_VIPSIGS_NTTYOUT);
276 }
277
278 static enum nrc_token
279 __nrc_token(FILE *fi, char buffer[NRC_TOKEN_MAXLEN], bool_t *nl_last)
280 {
281 int c;
282 char *cp;
283 enum nrc_token rv;
284 NYD2_ENTER;
285
286 rv = NRC_NONE;
287 for (;;) {
288 bool_t seen_nl;
289
290 c = EOF;
291 if (feof(fi) || ferror(fi))
292 goto jleave;
293
294 for (seen_nl = *nl_last; (c = getc(fi)) != EOF && whitechar(c);)
295 seen_nl |= (c == '\n');
296
297 if (c == EOF)
298 goto jleave;
299 /* fetchmail and derived parsers support comments */
300 if ((*nl_last = seen_nl) && c == '#') {
301 while ((c = getc(fi)) != EOF && c != '\n')
302 ;
303 continue;
304 }
305 break;
306 }
307
308 cp = buffer;
309 /* Is it a quoted token? At least IBM syntax also supports ' quotes */
310 if (c == '"' || c == '\'') {
311 int quotec = c;
312
313 /* Not requiring the closing QM is (Net)BSD syntax */
314 while ((c = getc(fi)) != EOF && c != quotec) {
315 /* Backslash escaping the next character is (Net)BSD syntax */
316 if (c == '\\')
317 if ((c = getc(fi)) == EOF)
318 break;
319 *cp++ = c;
320 if (PTRCMP(cp, ==, buffer + NRC_TOKEN_MAXLEN)) {
321 rv = NRC_ERROR;
322 goto jleave;
323 }
324 }
325 } else {
326 *cp++ = c;
327 while ((c = getc(fi)) != EOF && !whitechar(c)) {
328 /* Backslash escaping the next character is (Net)BSD syntax */
329 if (c == '\\' && (c = getc(fi)) == EOF)
330 break;
331 *cp++ = c;
332 if (PTRCMP(cp, ==, buffer + NRC_TOKEN_MAXLEN)) {
333 rv = NRC_ERROR;
334 goto jleave;
335 }
336 }
337 *nl_last = (c == '\n');
338 }
339 *cp = '\0';
340
341 if (*buffer == '\0')
342 do {/*rv = NRC_NONE*/} while (0);
343 else if (!strcmp(buffer, "default"))
344 rv = NRC_DEFAULT;
345 else if (!strcmp(buffer, "login"))
346 rv = NRC_LOGIN;
347 else if (!strcmp(buffer, "password") || !strcmp(buffer, "passwd"))
348 rv = NRC_PASSWORD;
349 else if (!strcmp(buffer, "account"))
350 rv = NRC_ACCOUNT;
351 else if (!strcmp(buffer, "macdef"))
352 rv = NRC_MACDEF;
353 else if (!strcmp(buffer, "machine"))
354 rv = NRC_MACHINE;
355 else
356 rv = NRC_INPUT;
357 jleave:
358 if (c == EOF && !feof(fi))
359 rv = NRC_ERROR;
360 NYD2_LEAVE;
361 return rv;
362 }
363
364 static bool_t
365 _nrc_lookup(struct url *urlp, bool_t only_pass)
366 {
367 struct nrc_node *nrc, *nrc_wild, *nrc_exact;
368 bool_t rv = FAL0;
369 NYD_ENTER;
370
371 assert(!only_pass || urlp->url_user.s != NULL);
372 assert(only_pass || urlp->url_user.s == NULL);
373
374 if (_nrc_list == NULL)
375 _nrc_init();
376 if (_nrc_list == NRC_NODE_ERR)
377 goto jleave;
378
379 nrc_wild = nrc_exact = NULL;
380 for (nrc = _nrc_list; nrc != NULL; nrc = nrc->nrc_next)
381 switch (__nrc_host_match(nrc, urlp)) {
382 case 1:
383 nrc->nrc_result = nrc_exact;
384 nrc_exact = nrc;
385 continue;
386 case -1:
387 nrc->nrc_result = nrc_wild;
388 nrc_wild = nrc;
389 /* FALLTHRU */
390 case 0:
391 continue;
392 }
393
394 if (!only_pass && urlp->url_user.s == NULL) {
395 /* Must be an unambiguous entry of its kind */
396 if (nrc_exact != NULL && nrc_exact->nrc_result != NULL)
397 goto jleave;
398 if (__nrc_find_user(urlp, nrc_exact))
399 goto j_user;
400
401 if (nrc_wild != NULL && nrc_wild->nrc_result != NULL)
402 goto jleave;
403 if (!__nrc_find_user(urlp, nrc_wild))
404 goto jleave;
405 j_user:
406 ;
407 }
408
409 if (__nrc_find_pass(urlp, TRU1, nrc_exact) ||
410 __nrc_find_pass(urlp, TRU1, nrc_wild) ||
411 /* Do not try to find a password without exact user match unless we've
412 * been called during credential lookup, a.k.a. the second time */
413 !only_pass ||
414 __nrc_find_pass(urlp, FAL0, nrc_exact) ||
415 __nrc_find_pass(urlp, FAL0, nrc_wild))
416 rv = TRU1;
417 jleave:
418 NYD_LEAVE;
419 return rv;
420 }
421
422 static int
423 __nrc_host_match(struct nrc_node const *nrc, struct url const *urlp)
424 {
425 char const *d2, *d1;
426 size_t l2, l1;
427 int rv = 0;
428 NYD2_ENTER;
429
430 /* Find a matching machine -- entries are all lowercase normalized */
431 if (nrc->nrc_mlen == urlp->url_host.l) {
432 if (LIKELY(!memcmp(nrc->nrc_dat, urlp->url_host.s, urlp->url_host.l)))
433 rv = 1;
434 goto jleave;
435 }
436
437 /* Cannot be an exact match, but maybe the .netrc machine starts with
438 * a "*." glob, which we recognize as an extension, meaning "skip
439 * a single subdomain, then match the rest" */
440 d1 = nrc->nrc_dat + 2;
441 l1 = nrc->nrc_mlen;
442 if (l1 <= 2 || d1[-1] != '.' || d1[-2] != '*')
443 goto jleave;
444 l1 -= 2;
445
446 /* Brute skipping over one subdomain, no RFC 1035 or RFC 1122 checks;
447 * in fact this even succeeds for ".host.com", but - why care, here? */
448 d2 = urlp->url_host.s;
449 l2 = urlp->url_host.l;
450 while (l2 > 0) {
451 --l2;
452 if (*d2++ == '.')
453 break;
454 }
455
456 if (l2 == l1 && !memcmp(d1, d2, l1))
457 /* This matches, but we won't use it directly but watch out for an
458 * exact match first! */
459 rv = -1;
460 jleave:
461 NYD2_LEAVE;
462 return rv;
463 }
464
465 static bool_t
466 __nrc_find_user(struct url *urlp, struct nrc_node const *nrc)
467 {
468 NYD2_ENTER;
469
470 for (; nrc != NULL; nrc = nrc->nrc_result)
471 if (nrc->nrc_ulen > 0) {
472 /* Fake it was part of URL otherwise XXX */
473 urlp->url_had_user = TRU1;
474 /* That buffer will be duplicated by url_parse() in this case! */
475 urlp->url_user.s = UNCONST(nrc->nrc_dat + nrc->nrc_mlen +1);
476 urlp->url_user.l = nrc->nrc_ulen;
477 break;
478 }
479
480 NYD2_LEAVE;
481 return (nrc != NULL);
482 }
483
484 static bool_t
485 __nrc_find_pass(struct url *urlp, bool_t user_match, struct nrc_node const *nrc)
486 {
487 NYD2_ENTER;
488
489 for (; nrc != NULL; nrc = nrc->nrc_result) {
490 bool_t um = (nrc->nrc_ulen == urlp->url_user.l &&
491 !memcmp(nrc->nrc_dat + nrc->nrc_mlen +1, urlp->url_user.s,
492 urlp->url_user.l));
493
494 if (user_match) {
495 if (!um)
496 continue;
497 } else if (!um && nrc->nrc_ulen > 0)
498 continue;
499 if (nrc->nrc_plen == 0)
500 continue;
501
502 /* We are responsible for duplicating this buffer! */
503 urlp->url_pass.s = savestrbuf(nrc->nrc_dat + nrc->nrc_mlen +1 +
504 nrc->nrc_ulen + 1, (urlp->url_pass.l = nrc->nrc_plen));
505 break;
506 }
507
508 NYD2_LEAVE;
509 return (nrc != NULL);
510 }
511 #endif /* HAVE_NETRC */
512
513 #ifdef HAVE_AGENT
514 static bool_t
515 _agent_shell_lookup(struct url *urlp, char const *comm) /* TODO v15-compat */
516 {
517 char buf[128];
518 char const *env_addon[8];
519 struct str s;
520 FILE *pbuf;
521 union {char const *cp; int c; sighandler_type sht;} u;
522 size_t cl, l;
523 bool_t rv = FAL0;
524 NYD2_ENTER;
525
526 env_addon[0] = str_concat_csvl(&s, AGENT_USER, "=", urlp->url_user.s,
527 NULL)->s;
528 env_addon[1] = str_concat_csvl(&s, AGENT_USER_ENC, "=", urlp->url_user_enc.s,
529 NULL)->s;
530 env_addon[2] = str_concat_csvl(&s, AGENT_HOST, "=", urlp->url_host.s,
531 NULL)->s;
532 env_addon[3] = str_concat_csvl(&s, AGENT_HOST_PORT, "=", urlp->url_h_p.s,
533 NULL)->s;
534
535 env_addon[4] = str_concat_csvl(&s, NAILENV_TMPDIR, "=", tempdir, NULL)->s;
536 env_addon[5] = str_concat_csvl(&s, "TMPDIR", "=", tempdir, NULL)->s;
537
538 env_addon[6] = NULL;
539
540 if ((pbuf = Popen(comm, "r", ok_vlook(SHELL), env_addon, -1)) == NULL) {
541 n_err(_("*agent-shell-lookup* startup failed (\"%s\")\n"), comm);
542 goto jleave;
543 }
544
545 for (s.s = NULL, s.l = cl = l = 0; (u.c = getc(pbuf)) != EOF; ++cl) {
546 if (u.c == '\n') /* xxx */
547 continue;
548 buf[l++] = u.c;
549 if (l == sizeof(buf) - 1) {
550 n_str_add_buf(&s, buf, l);
551 l = 0;
552 }
553 }
554 if (l > 0)
555 n_str_add_buf(&s, buf, l);
556
557 if (!Pclose(pbuf, TRU1)) {
558 n_err(_("*agent-shell-lookup* execution failure (\"%s\")\n"), comm);
559 goto jleave;
560 }
561
562 /* We are responsible for duplicating this buffer! */
563 if (s.s != NULL)
564 urlp->url_pass.s = savestrbuf(s.s, urlp->url_pass.l = s.l);
565 else if (cl > 0)
566 urlp->url_pass.s = UNCONST(""), urlp->url_pass.l = 0;
567 rv = TRU1;
568 jleave:
569 if (s.s != NULL)
570 free(s.s);
571 NYD2_LEAVE;
572 return rv;
573 }
574 #endif /* HAVE_AGENT */
575
576 FL char *
577 (urlxenc)(char const *cp, bool_t ispath SALLOC_DEBUG_ARGS)
578 {
579 char *n, *np, c1;
580 NYD2_ENTER;
581
582 np = n = (salloc)(strlen(cp) * 3 +1 SALLOC_DEBUG_ARGSCALL);
583
584 for (; (c1 = *cp) != '\0'; ++cp) {
585 /* (RFC 1738) RFC 3986, 2.3 Unreserved Characters:
586 * ALPHA / DIGIT / "-" / "." / "_" / "~"
587 * However add a special is[file]path mode for file-system friendliness */
588 if (alnumchar(c1) || c1 == '_')
589 *np++ = c1;
590 else if (!ispath) {
591 if (c1 != '-' && c1 != '.' && c1 != '~')
592 goto jesc;
593 *np++ = c1;
594 } else if (PTRCMP(np, >, n) && (*cp == '-' || *cp == '.')) /* XXX imap */
595 *np++ = c1;
596 else {
597 jesc:
598 np[0] = '%';
599 n_c_to_hex_base16(np + 1, c1);
600 np += 3;
601 }
602 }
603 *np = '\0';
604 NYD2_LEAVE;
605 return n;
606 }
607
608 FL char *
609 (urlxdec)(char const *cp SALLOC_DEBUG_ARGS)
610 {
611 char *n, *np;
612 si32_t c;
613 NYD2_ENTER;
614
615 np = n = (salloc)(strlen(cp) +1 SALLOC_DEBUG_ARGSCALL);
616
617 while ((c = (uc_i)*cp++) != '\0') {
618 if (c == '%' && cp[0] != '\0' && cp[1] != '\0') {
619 si32_t o = c;
620 if (LIKELY((c = n_c_from_hex_base16(cp)) >= '\0'))
621 cp += 2;
622 else
623 c = o;
624 }
625 *np++ = (char)c;
626 }
627 *np = '\0';
628 NYD2_LEAVE;
629 return n;
630 }
631
632 FL char const *
633 n_servbyname(char const *proto, ui16_t *irv_or_null){
634 static struct{
635 char const name[14];
636 char const port[8];
637 ui16_t portno;
638 } const tbl[] = {
639 { "smtp", "25", 25},
640 { "submission", "587", 587},
641 { "smtps", "465", 465},
642 { "pop3", "110", 110},
643 { "pop3s", "995", 995},
644 { "imap", "143", 143},
645 { "imaps", "993", 993},
646 { "file", "", 0}
647 };
648 char const *rv;
649 size_t l, i;
650 NYD2_ENTER;
651
652 for(rv = proto; *rv != '\0'; ++rv)
653 if(*rv == ':')
654 break;
655 l = PTR2SIZE(rv - proto);
656
657 for(rv = NULL, i = 0; i < NELEM(tbl); ++i)
658 if(!ascncasecmp(tbl[i].name, proto, l)){
659 rv = tbl[i].port;
660 if(irv_or_null != NULL)
661 *irv_or_null = tbl[i].portno;
662 break;
663 }
664 NYD2_LEAVE;
665 return rv;
666 }
667
668 #ifdef HAVE_SOCKETS /* Note: not indented for that -- later: file:// etc.! */
669 FL bool_t
670 url_parse(struct url *urlp, enum cproto cproto, char const *data)
671 {
672 #if defined HAVE_SMTP && defined HAVE_POP3
673 # define __ALLPROTO
674 #endif
675 #if defined HAVE_SMTP || defined HAVE_POP3
676 # define __ANYPROTO
677 char *cp, *x;
678 #endif
679 bool_t rv = FAL0;
680 NYD_ENTER;
681 UNUSED(data);
682
683 memset(urlp, 0, sizeof *urlp);
684 urlp->url_input = data;
685 urlp->url_cproto = cproto;
686
687 /* Network protocol */
688 #define _protox(X,Y) \
689 urlp->url_portno = Y;\
690 memcpy(urlp->url_proto, X "://", sizeof(X "://"));\
691 urlp->url_proto[sizeof(X) -1] = '\0';\
692 urlp->url_proto_len = sizeof(X) -1;\
693 urlp->url_proto_xlen = sizeof(X "://") -1
694 #define __if(X,Y,Z) \
695 if (!ascncasecmp(data, X "://", sizeof(X "://") -1)) {\
696 _protox(X, Y);\
697 data += sizeof(X "://") -1;\
698 do { Z; } while (0);\
699 goto juser;\
700 }
701 #define _if(X,Y) __if(X, Y, (void)0)
702 #ifdef HAVE_SSL
703 # define _ifs(X,Y) __if(X, Y, urlp->url_needs_tls = TRU1)
704 #else
705 # define _ifs(X,Y) goto jeproto;
706 #endif
707
708 switch (cproto) {
709 case CPROTO_SMTP:
710 #ifdef HAVE_SMTP
711 _if ("smtp", 25)
712 _if ("submission", 587)
713 _ifs ("smtps", 465)
714 _protox("smtp", 25);
715 break;
716 #else
717 goto jeproto;
718 #endif
719 case CPROTO_POP3:
720 #ifdef HAVE_POP3
721 _if ("pop3", 110)
722 _ifs ("pop3s", 995)
723 _protox("pop3", 110);
724 break;
725 #else
726 goto jeproto;
727 #endif
728 #if 0
729 case CPROTO_IMAP:
730 _if ("imap", 143)
731 _ifs ("imaps", 993)
732 _protox("imap", 143);
733 break;
734 goto jeproto;
735 #endif
736 }
737
738 #undef _ifs
739 #undef _if
740 #undef __if
741 #undef _protox
742
743 if (strstr(data, "://") != NULL) {
744 #if !defined __ALLPROTO || !defined HAVE_SSL
745 jeproto:
746 #endif
747 n_err(_("URL \"proto://\" prefix invalid: \"%s\"\n"), urlp->url_input);
748 goto jleave;
749 }
750 #ifdef __ANYPROTO
751
752 /* User and password, I */
753 juser:
754 if ((cp = _url_last_at_before_slash(data)) != NULL) {
755 size_t l = PTR2SIZE(cp - data);
756 char const *d = data;
757 char *ub = ac_alloc(l +1);
758
759 urlp->url_had_user = TRU1;
760 data = cp + 1;
761
762 /* And also have a password? */
763 if ((cp = memchr(d, ':', l)) != NULL) {
764 size_t i = PTR2SIZE(cp - d);
765
766 l -= i + 1;
767 memcpy(ub, cp + 1, l);
768 ub[l] = '\0';
769 urlp->url_pass.l = strlen(urlp->url_pass.s = urlxdec(ub));
770
771 if (strcmp(ub, urlxenc(urlp->url_pass.s, FAL0))) {
772 n_err(_("String is not properly URL percent encoded: \"%s\"\n"),
773 ub);
774 goto jleave;
775 }
776 l = i;
777 }
778
779 memcpy(ub, d, l);
780 ub[l] = '\0';
781 urlp->url_user.l = strlen(urlp->url_user.s = urlxdec(ub));
782 urlp->url_user_enc.l = strlen(
783 urlp->url_user_enc.s = urlxenc(urlp->url_user.s, FAL0));
784
785 if (urlp->url_user_enc.l != l || memcmp(urlp->url_user_enc.s, ub, l)) {
786 n_err(_("String is not properly URL percent encoded: \"%s\"\n"), ub);
787 goto jleave;
788 }
789
790 ac_free(ub);
791 }
792
793 /* Servername and port -- and possible path suffix */
794 if ((cp = strchr(data, ':')) != NULL) { /* TODO URL parse, IPv6 support */
795 char *eptr;
796 long l;
797
798 urlp->url_port = x = savestr(x = cp + 1);
799 if ((x = strchr(x, '/')) != NULL)
800 *x = '\0';
801 l = strtol(urlp->url_port, &eptr, 10);
802 if (*eptr != '\0' || l <= 0 || UICMP(32, l, >=, 0xFFFFu)) {
803 n_err(_("URL with invalid port number: \"%s\"\n"), urlp->url_input);
804 goto jleave;
805 }
806 urlp->url_portno = (ui16_t)l;
807 } else {
808 if ((x = strchr(data, '/')) != NULL)
809 data = savestrbuf(data, PTR2SIZE(x - data));
810 cp = UNCONST(data + strlen(data));
811 }
812
813 /* A (non-empty) path may only occur with IMAP */
814 if (x != NULL && x[1] != '\0') {
815 #if 0
816 if (cproto != CPROTO_IMAP) {
817 #endif
818 n_err(_("URL protocol doesn't support paths: \"%s\"\n"),
819 urlp->url_input);
820 goto jleave;
821 #if 0
822 }
823 urlp->url_path.l = strlen(++x);
824 urlp->url_path.s = savestrbuf(x, urlp->url_path.l);
825 #endif
826 }
827
828 urlp->url_host.s = savestrbuf(data, urlp->url_host.l = PTR2SIZE(cp - data));
829 { size_t i;
830 for (cp = urlp->url_host.s, i = urlp->url_host.l; i != 0; ++cp, --i)
831 *cp = lowerconv(*cp);
832 }
833
834 /* .url_h_p: HOST:PORT */
835 { size_t i;
836 struct str *s = &urlp->url_h_p;
837
838 s->s = salloc(urlp->url_host.l + 1 + sizeof("65536")-1 +1);
839 memcpy(s->s, urlp->url_host.s, i = urlp->url_host.l);
840 if (urlp->url_port != NULL) {
841 size_t j = strlen(urlp->url_port);
842 s->s[i++] = ':';
843 memcpy(s->s + i, urlp->url_port, j);
844 i += j;
845 }
846 s->s[i] = '\0';
847 s->l = i;
848 }
849
850 /* User, II
851 * If there was no user in the URL, do we have *user-HOST* or *user*? */
852 if (!urlp->url_had_user) {
853 if ((urlp->url_user.s = xok_vlook(user, urlp, OXM_PLAIN | OXM_H_P))
854 == NULL) {
855 /* No, check wether .netrc lookup is desired */
856 # ifdef HAVE_NETRC
857 if (!ok_blook(v15_compat) ||
858 !xok_blook(netrc_lookup, urlp, OXM_PLAIN | OXM_H_P) ||
859 !_nrc_lookup(urlp, FAL0))
860 # endif
861 urlp->url_user.s = UNCONST(myname);
862 }
863
864 urlp->url_user.l = strlen(urlp->url_user.s);
865 urlp->url_user.s = savestrbuf(urlp->url_user.s, urlp->url_user.l);
866 urlp->url_user_enc.l = strlen(
867 urlp->url_user_enc.s = urlxenc(urlp->url_user.s, FAL0));
868 }
869
870 /* And then there are a lot of prebuild string combinations TODO do lazy */
871
872 /* .url_u_h: .url_user@.url_host
873 * For SMTP we apply ridiculously complicated *v15-compat* plus
874 * *smtp-hostname* / *hostname* dependent rules */
875 { struct str h, *s;
876 size_t i;
877
878 if (cproto == CPROTO_SMTP && ok_blook(v15_compat) &&
879 (cp = ok_vlook(smtp_hostname)) != NULL) {
880 if (*cp == '\0')
881 cp = nodename(1);
882 h.s = savestrbuf(cp, h.l = strlen(cp));
883 } else
884 h = urlp->url_host;
885
886 s = &urlp->url_u_h;
887 i = urlp->url_user.l;
888
889 s->s = salloc(i + 1 + h.l +1);
890 if (i > 0) {
891 memcpy(s->s, urlp->url_user.s, i);
892 s->s[i++] = '@';
893 }
894 memcpy(s->s + i, h.s, h.l +1);
895 i += h.l;
896 s->l = i;
897 }
898
899 /* .url_u_h_p: .url_user@.url_host[:.url_port] */
900 { struct str *s = &urlp->url_u_h_p;
901 size_t i = urlp->url_user.l;
902
903 s->s = salloc(i + 1 + urlp->url_h_p.l +1);
904 if (i > 0) {
905 memcpy(s->s, urlp->url_user.s, i);
906 s->s[i++] = '@';
907 }
908 memcpy(s->s + i, urlp->url_h_p.s, urlp->url_h_p.l +1);
909 i += urlp->url_h_p.l;
910 s->l = i;
911 }
912
913 /* .url_eu_h_p: .url_user_enc@.url_host[:.url_port] */
914 { struct str *s = &urlp->url_eu_h_p;
915 size_t i = urlp->url_user_enc.l;
916
917 s->s = salloc(i + 1 + urlp->url_h_p.l +1);
918 if (i > 0) {
919 memcpy(s->s, urlp->url_user_enc.s, i);
920 s->s[i++] = '@';
921 }
922 memcpy(s->s + i, urlp->url_h_p.s, urlp->url_h_p.l +1);
923 i += urlp->url_h_p.l;
924 s->l = i;
925 }
926
927 /* .url_p_u_h_p: .url_proto://.url_u_h_p */
928 { size_t i;
929 char *ud = salloc((i = urlp->url_proto_xlen + urlp->url_u_h_p.l) +1);
930
931 urlp->url_proto[urlp->url_proto_len] = ':';
932 memcpy(sstpcpy(ud, urlp->url_proto), urlp->url_u_h_p.s,
933 urlp->url_u_h_p.l +1);
934 urlp->url_proto[urlp->url_proto_len] = '\0';
935
936 urlp->url_p_u_h_p = ud;
937 }
938
939 /* .url_p_eu_h_p, .url_p_eu_h_p_p: .url_proto://.url_eu_h_p[/.url_path] */
940 { size_t i;
941 char *ud = salloc((i = urlp->url_proto_xlen + urlp->url_eu_h_p.l) +
942 1 + urlp->url_path.l +1);
943
944 urlp->url_proto[urlp->url_proto_len] = ':';
945 memcpy(sstpcpy(ud, urlp->url_proto), urlp->url_eu_h_p.s,
946 urlp->url_eu_h_p.l +1);
947 urlp->url_proto[urlp->url_proto_len] = '\0';
948
949 if (urlp->url_path.l == 0)
950 urlp->url_p_eu_h_p = urlp->url_p_eu_h_p_p = ud;
951 else {
952 urlp->url_p_eu_h_p = savestrbuf(ud, i);
953 urlp->url_p_eu_h_p_p = ud;
954 ud += i;
955 *ud++ = '/';
956 memcpy(ud, urlp->url_path.s, urlp->url_path.l +1);
957 }
958 }
959
960 rv = TRU1;
961 #endif /* __ANYPROTO */
962 jleave:
963 NYD_LEAVE;
964 return rv;
965 #undef __ANYPROTO
966 #undef __ALLPROTO
967 }
968
969 FL bool_t
970 ccred_lookup_old(struct ccred *ccp, enum cproto cproto, char const *addr)
971 {
972 char const *pname, *pxstr, *authdef;
973 size_t pxlen, addrlen, i;
974 char *vbuf, *s;
975 ui8_t authmask;
976 enum {NONE=0, WANT_PASS=1<<0, REQ_PASS=1<<1, WANT_USER=1<<2, REQ_USER=1<<3}
977 ware = NONE;
978 bool_t addr_is_nuser = FAL0; /* XXX v15.0 legacy! v15_compat */
979 NYD_ENTER;
980
981 memset(ccp, 0, sizeof *ccp);
982
983 switch (cproto) {
984 default:
985 case CPROTO_SMTP:
986 pname = "SMTP";
987 pxstr = "smtp-auth";
988 pxlen = sizeof("smtp-auth") -1;
989 authmask = AUTHTYPE_NONE | AUTHTYPE_PLAIN | AUTHTYPE_LOGIN |
990 AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
991 authdef = "none";
992 addr_is_nuser = TRU1;
993 break;
994 case CPROTO_POP3:
995 pname = "POP3";
996 pxstr = "pop3-auth";
997 pxlen = sizeof("pop3-auth") -1;
998 authmask = AUTHTYPE_PLAIN;
999 authdef = "plain";
1000 break;
1001 }
1002
1003 ccp->cc_cproto = cproto;
1004 addrlen = strlen(addr);
1005 vbuf = ac_alloc(pxlen + addrlen + sizeof("-password-")-1 +1);
1006 memcpy(vbuf, pxstr, pxlen);
1007
1008 /* Authentication type */
1009 vbuf[pxlen] = '-';
1010 memcpy(vbuf + pxlen + 1, addr, addrlen +1);
1011 if ((s = vok_vlook(vbuf)) == NULL) {
1012 vbuf[pxlen] = '\0';
1013 if ((s = vok_vlook(vbuf)) == NULL)
1014 s = UNCONST(authdef);
1015 }
1016
1017 if (!asccasecmp(s, "none")) {
1018 ccp->cc_auth = "NONE";
1019 ccp->cc_authtype = AUTHTYPE_NONE;
1020 /*ware = NONE;*/
1021 } else if (!asccasecmp(s, "plain")) {
1022 ccp->cc_auth = "PLAIN";
1023 ccp->cc_authtype = AUTHTYPE_PLAIN;
1024 ware = REQ_PASS | REQ_USER;
1025 } else if (!asccasecmp(s, "login")) {
1026 ccp->cc_auth = "LOGIN";
1027 ccp->cc_authtype = AUTHTYPE_LOGIN;
1028 ware = REQ_PASS | REQ_USER;
1029 } else if (!asccasecmp(s, "cram-md5")) {
1030 ccp->cc_auth = "CRAM-MD5";
1031 ccp->cc_authtype = AUTHTYPE_CRAM_MD5;
1032 ware = REQ_PASS | REQ_USER;
1033 } else if (!asccasecmp(s, "gssapi")) {
1034 ccp->cc_auth = "GSS-API";
1035 ccp->cc_authtype = AUTHTYPE_GSSAPI;
1036 ware = REQ_USER;
1037 } /* no else */
1038
1039 /* Verify method */
1040 if (!(ccp->cc_authtype & authmask)) {
1041 n_err(_("Unsupported %s authentication method: %s\n"), pname, s);
1042 ccp = NULL;
1043 goto jleave;
1044 }
1045 # ifndef HAVE_MD5
1046 if (ccp->cc_authtype == AUTHTYPE_CRAM_MD5) {
1047 n_err(_("No CRAM-MD5 support compiled in\n"));
1048 ccp = NULL;
1049 goto jleave;
1050 }
1051 # endif
1052 # ifndef HAVE_GSSAPI
1053 if (ccp->cc_authtype == AUTHTYPE_GSSAPI) {
1054 n_err(_("No GSS-API support compiled in\n"));
1055 ccp = NULL;
1056 goto jleave;
1057 }
1058 # endif
1059
1060 /* User name */
1061 if (!(ware & (WANT_USER | REQ_USER)))
1062 goto jpass;
1063
1064 if (!addr_is_nuser) {
1065 if ((s = _url_last_at_before_slash(addr)) != NULL) {
1066 ccp->cc_user.s = urlxdec(savestrbuf(addr, PTR2SIZE(s - addr)));
1067 ccp->cc_user.l = strlen(ccp->cc_user.s);
1068 } else if (ware & REQ_USER)
1069 goto jgetuser;
1070 goto jpass;
1071 }
1072
1073 memcpy(vbuf + pxlen, "-user-", i = sizeof("-user-") -1);
1074 i += pxlen;
1075 memcpy(vbuf + i, addr, addrlen +1);
1076 if ((s = vok_vlook(vbuf)) == NULL) {
1077 vbuf[--i] = '\0';
1078 if ((s = vok_vlook(vbuf)) == NULL && (ware & REQ_USER)) {
1079 if ((s = getuser(NULL)) == NULL) {
1080 jgetuser: /* TODO v15.0: today we simply bail, but we should call getuser().
1081 * TODO even better: introduce "PROTO-user" and "PROTO-pass" and
1082 * TODO check that first, then! change control flow, grow vbuf */
1083 n_err(_("A user is necessary for %s authentication\n"), pname);
1084 ccp = NULL;
1085 goto jleave;
1086 }
1087 }
1088 }
1089 ccp->cc_user.l = strlen(ccp->cc_user.s = savestr(s));
1090
1091 /* Password */
1092 jpass:
1093 if (!(ware & (WANT_PASS | REQ_PASS)))
1094 goto jleave;
1095
1096 if (!addr_is_nuser) {
1097 memcpy(vbuf, "password-", i = sizeof("password-") -1);
1098 } else {
1099 memcpy(vbuf + pxlen, "-password-", i = sizeof("-password-") -1);
1100 i += pxlen;
1101 }
1102 memcpy(vbuf + i, addr, addrlen +1);
1103 if ((s = vok_vlook(vbuf)) == NULL) {
1104 vbuf[--i] = '\0';
1105 if ((!addr_is_nuser || (s = vok_vlook(vbuf)) == NULL) &&
1106 (ware & REQ_PASS)) {
1107 if ((s = getpassword(NULL)) == NULL) {
1108 n_err(_("A password is necessary for %s authentication\n"),
1109 pname);
1110 ccp = NULL;
1111 goto jleave;
1112 }
1113 }
1114 }
1115 if (s != NULL)
1116 ccp->cc_pass.l = strlen(ccp->cc_pass.s = savestr(s));
1117
1118 jleave:
1119 ac_free(vbuf);
1120 if (ccp != NULL && (options & OPT_D_VV))
1121 n_err(_("Credentials: host \"%s\", user \"%s\", pass \"%s\"\n"),
1122 addr, (ccp->cc_user.s != NULL ? ccp->cc_user.s : ""),
1123 (ccp->cc_pass.s != NULL ? ccp->cc_pass.s : ""));
1124 NYD_LEAVE;
1125 return (ccp != NULL);
1126 }
1127
1128 FL bool_t
1129 ccred_lookup(struct ccred *ccp, struct url *urlp)
1130 {
1131 char const *pstr, *authdef;
1132 char *s;
1133 enum okeys authokey;
1134 ui8_t authmask;
1135 enum {NONE=0, WANT_PASS=1<<0, REQ_PASS=1<<1, WANT_USER=1<<2, REQ_USER=1<<3}
1136 ware = NONE;
1137 NYD_ENTER;
1138
1139 memset(ccp, 0, sizeof *ccp);
1140 ccp->cc_user = urlp->url_user;
1141
1142 switch ((ccp->cc_cproto = urlp->url_cproto)) {
1143 default:
1144 case CPROTO_SMTP:
1145 pstr = "smtp";
1146 authokey = ok_v_smtp_auth;
1147 authmask = AUTHTYPE_NONE | AUTHTYPE_PLAIN | AUTHTYPE_LOGIN |
1148 AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
1149 authdef = "plain";
1150 break;
1151 case CPROTO_POP3:
1152 pstr = "pop3";
1153 authokey = ok_v_pop3_auth;
1154 authmask = AUTHTYPE_PLAIN;
1155 authdef = "plain";
1156 break;
1157 }
1158
1159 /* Authentication type */
1160 if ((s = xok_VLOOK(authokey, urlp, OXM_ALL)) == NULL)
1161 s = UNCONST(authdef);
1162
1163 if (!asccasecmp(s, "none")) {
1164 ccp->cc_auth = "NONE";
1165 ccp->cc_authtype = AUTHTYPE_NONE;
1166 /*ware = NONE;*/
1167 } else if (!asccasecmp(s, "plain")) {
1168 ccp->cc_auth = "PLAIN";
1169 ccp->cc_authtype = AUTHTYPE_PLAIN;
1170 ware = REQ_PASS | REQ_USER;
1171 } else if (!asccasecmp(s, "login")) {
1172 ccp->cc_auth = "LOGIN";
1173 ccp->cc_authtype = AUTHTYPE_LOGIN;
1174 ware = REQ_PASS | REQ_USER;
1175 } else if (!asccasecmp(s, "cram-md5")) {
1176 ccp->cc_auth = "CRAM-MD5";
1177 ccp->cc_authtype = AUTHTYPE_CRAM_MD5;
1178 ware = REQ_PASS | REQ_USER;
1179 } else if (!asccasecmp(s, "gssapi")) {
1180 ccp->cc_auth = "GSS-API";
1181 ccp->cc_authtype = AUTHTYPE_GSSAPI;
1182 ware = REQ_USER;
1183 } /* no else */
1184
1185 /* Verify method */
1186 if (!(ccp->cc_authtype & authmask)) {
1187 n_err(_("Unsupported %s authentication method: %s\n"), pstr, s);
1188 ccp = NULL;
1189 goto jleave;
1190 }
1191 # ifndef HAVE_MD5
1192 if (ccp->cc_authtype == AUTHTYPE_CRAM_MD5) {
1193 n_err(_("No CRAM-MD5 support compiled in\n"));
1194 ccp = NULL;
1195 goto jleave;
1196 }
1197 # endif
1198 # ifndef HAVE_GSSAPI
1199 if (ccp->cc_authtype == AUTHTYPE_GSSAPI) {
1200 n_err(_("No GSS-API support compiled in\n"));
1201 ccp = NULL;
1202 goto jleave;
1203 }
1204 # endif
1205
1206 /* Password */
1207 ccp->cc_pass = urlp->url_pass;
1208 if (ccp->cc_pass.s != NULL)
1209 goto jleave;
1210
1211 if ((s = xok_vlook(password, urlp, OXM_ALL)) != NULL)
1212 goto js2pass;
1213 # ifdef HAVE_AGENT /* TODO v15-compat obsolete */
1214 if ((s = xok_vlook(agent_shell_lookup, urlp, OXM_ALL)) != NULL) {
1215 OBSOLETE(_("*agent-shell-lookup* will vanish. Please use encrypted "
1216 "~/.netrc (via *netrc-pipe*), or simply `source' an encrypted file"));
1217 if (!_agent_shell_lookup(urlp, s)) {
1218 ccp = NULL;
1219 goto jleave;
1220 } else if (urlp->url_pass.s != NULL) {
1221 ccp->cc_pass = urlp->url_pass;
1222 goto jleave;
1223 }
1224 }
1225 # endif
1226 # ifdef HAVE_NETRC
1227 if (xok_blook(netrc_lookup, urlp, OXM_ALL) && _nrc_lookup(urlp, TRU1)) {
1228 ccp->cc_pass = urlp->url_pass;
1229 goto jleave;
1230 }
1231 # endif
1232 if (ware & REQ_PASS) {
1233 if ((s = getpassword(NULL)) != NULL)
1234 js2pass:
1235 ccp->cc_pass.l = strlen(ccp->cc_pass.s = savestr(s));
1236 else {
1237 n_err(_("A password is necessary for %s authentication\n"), pstr);
1238 ccp = NULL;
1239 }
1240 }
1241
1242 jleave:
1243 if (ccp != NULL && (options & OPT_D_VV))
1244 n_err(_("Credentials: host \"%s\", user \"%s\", pass \"%s\"\n"),
1245 urlp->url_h_p.s, (ccp->cc_user.s != NULL ? ccp->cc_user.s : ""),
1246 (ccp->cc_pass.s != NULL ? ccp->cc_pass.s : ""));
1247 NYD_LEAVE;
1248 return (ccp != NULL);
1249 }
1250 #endif /* HAVE_SOCKETS */
1251
1252 #ifdef HAVE_NETRC
1253 FL int
1254 c_netrc(void *v)
1255 {
1256 char **argv = v;
1257 struct nrc_node *nrc;
1258 bool_t load_only;
1259 NYD_ENTER;
1260
1261 load_only = FAL0;
1262 if (*argv == NULL)
1263 goto jlist;
1264 if (argv[1] != NULL)
1265 goto jerr;
1266 if (!asccasecmp(*argv, "show"))
1267 goto jlist;
1268 load_only = TRU1;
1269 if (!asccasecmp(*argv, "load"))
1270 goto jlist;
1271 if (!asccasecmp(*argv, "clear"))
1272 goto jclear;
1273 jerr:
1274 n_err(_("Synopsis: netrc: (<show> or) <clear> the .netrc cache\n"));
1275 v = NULL;
1276 jleave:
1277 NYD_LEAVE;
1278 return (v == NULL ? !STOP : !OKAY); /* xxx 1:bad 0:good -- do some */
1279
1280 jlist: {
1281 FILE *fp;
1282 size_t l;
1283
1284 if (_nrc_list == NULL)
1285 _nrc_init();
1286 if (_nrc_list == NRC_NODE_ERR) {
1287 n_err(_("Interpolate what file?\n"));
1288 v = NULL;
1289 goto jleave;
1290 }
1291 if (load_only)
1292 goto jleave;
1293
1294 if ((fp = Ftmp(NULL, "netrc", OF_RDWR | OF_UNLINK | OF_REGISTER)) == NULL) {
1295 n_perr(_("tmpfile"), 0);
1296 v = NULL;
1297 goto jleave;
1298 }
1299
1300 for (l = 0, nrc = _nrc_list; nrc != NULL; ++l, nrc = nrc->nrc_next) {
1301 fprintf(fp, _("machine %s "), nrc->nrc_dat);
1302 if (nrc->nrc_ulen > 0)
1303 fprintf(fp, _("login \"%s\" "),
1304 string_quote(nrc->nrc_dat + nrc->nrc_mlen +1));
1305 if (nrc->nrc_plen > 0)
1306 fprintf(fp, _("password \"%s\"\n"),
1307 string_quote(nrc->nrc_dat + nrc->nrc_mlen +1 + nrc->nrc_ulen +1));
1308 else
1309 putc('\n', fp);
1310 }
1311
1312 page_or_print(fp, l);
1313 Fclose(fp);
1314 }
1315 goto jleave;
1316
1317 jclear:
1318 if (_nrc_list == NRC_NODE_ERR)
1319 _nrc_list = NULL;
1320 while ((nrc = _nrc_list) != NULL) {
1321 _nrc_list = nrc->nrc_next;
1322 free(nrc);
1323 }
1324 goto jleave;
1325 }
1326 #endif /* HAVE_NETRC */
1327
1328 #ifdef HAVE_MD5
1329 FL char *
1330 md5tohex(char hex[MD5TOHEX_SIZE], void const *vp)
1331 {
1332 char const *cp = vp;
1333 size_t i, j;
1334 NYD_ENTER;
1335
1336 for (i = 0; i < MD5TOHEX_SIZE / 2; ++i) {
1337 j = i << 1;
1338 # define __hex(n) ((n) > 9 ? (n) - 10 + 'a' : (n) + '0')
1339 hex[j] = __hex((cp[i] & 0xF0) >> 4);
1340 hex[++j] = __hex(cp[i] & 0x0F);
1341 # undef __hex
1342 }
1343 NYD_LEAVE;
1344 return hex;
1345 }
1346
1347 FL char *
1348 cram_md5_string(struct str const *user, struct str const *pass,
1349 char const *b64)
1350 {
1351 struct str in, out;
1352 char digest[16], *cp;
1353 NYD_ENTER;
1354
1355 out.s = NULL;
1356 in.s = UNCONST(b64);
1357 in.l = strlen(in.s);
1358 b64_decode(&out, &in, NULL);
1359 assert(out.s != NULL);
1360
1361 hmac_md5((uc_i*)out.s, out.l, (uc_i*)pass->s, pass->l, digest);
1362 free(out.s);
1363 cp = md5tohex(salloc(MD5TOHEX_SIZE +1), digest);
1364
1365 in.l = user->l + MD5TOHEX_SIZE +1;
1366 in.s = ac_alloc(user->l + 1 + MD5TOHEX_SIZE +1);
1367 memcpy(in.s, user->s, user->l);
1368 in.s[user->l] = ' ';
1369 memcpy(in.s + user->l + 1, cp, MD5TOHEX_SIZE);
1370 b64_encode(&out, &in, B64_SALLOC | B64_CRLF);
1371 ac_free(in.s);
1372 NYD_LEAVE;
1373 return out.s;
1374 }
1375
1376 FL void
1377 hmac_md5(unsigned char *text, int text_len, unsigned char *key, int key_len,
1378 void *digest)
1379 {
1380 /*
1381 * This code is taken from
1382 *
1383 * Network Working Group H. Krawczyk
1384 * Request for Comments: 2104 IBM
1385 * Category: Informational M. Bellare
1386 * UCSD
1387 * R. Canetti
1388 * IBM
1389 * February 1997
1390 *
1391 *
1392 * HMAC: Keyed-Hashing for Message Authentication
1393 */
1394 md5_ctx context;
1395 unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */
1396 unsigned char k_opad[65]; /* outer padding - key XORd with opad */
1397 unsigned char tk[16];
1398 int i;
1399 NYD_ENTER;
1400
1401 /* if key is longer than 64 bytes reset it to key=MD5(key) */
1402 if (key_len > 64) {
1403 md5_ctx tctx;
1404
1405 md5_init(&tctx);
1406 md5_update(&tctx, key, key_len);
1407 md5_final(tk, &tctx);
1408
1409 key = tk;
1410 key_len = 16;
1411 }
1412
1413 /* the HMAC_MD5 transform looks like:
1414 *
1415 * MD5(K XOR opad, MD5(K XOR ipad, text))
1416 *
1417 * where K is an n byte key
1418 * ipad is the byte 0x36 repeated 64 times
1419 * opad is the byte 0x5c repeated 64 times
1420 * and text is the data being protected */
1421
1422 /* start out by storing key in pads */
1423 memset(k_ipad, 0, sizeof k_ipad);
1424 memset(k_opad, 0, sizeof k_opad);
1425 memcpy(k_ipad, key, key_len);
1426 memcpy(k_opad, key, key_len);
1427
1428 /* XOR key with ipad and opad values */
1429 for (i=0; i<64; i++) {
1430 k_ipad[i] ^= 0x36;
1431 k_opad[i] ^= 0x5c;
1432 }
1433
1434 /* perform inner MD5 */
1435 md5_init(&context); /* init context for 1st pass */
1436 md5_update(&context, k_ipad, 64); /* start with inner pad */
1437 md5_update(&context, text, text_len); /* then text of datagram */
1438 md5_final(digest, &context); /* finish up 1st pass */
1439
1440 /* perform outer MD5 */
1441 md5_init(&context); /* init context for 2nd pass */
1442 md5_update(&context, k_opad, 64); /* start with outer pad */
1443 md5_update(&context, digest, 16); /* then results of 1st hash */
1444 md5_final(digest, &context); /* finish up 2nd pass */
1445 NYD_LEAVE;
1446 }
1447 #endif /* HAVE_MD5 */
1448
1449 /* s-it-mode */
A mail processing system intended to provide the functionality of the POSIX mailx(1) command