search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
THANKS: v14.7.3
[s-mailx.git] / urlcrecry.c
blob4069e39cfe12a270363e4c559ba53e36b179ae0d
1 /*@ S-nail - a mail user agent derived from Berkeley Mail.
2 *@ URL parsing, credential handling and crypto hooks.
3 *@ .netrc parser quite loosely based upon NetBSD usr.bin/ftp/
4 *@ $NetBSD: ruserpass.c,v 1.33 2007/04/17 05:52:04 lukem Exp $
5 *
6 * Copyright (c) 2014 Steffen (Daode) Nurpmeso <sdaoden@users.sf.net>.
7 *
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20
21 #ifndef HAVE_AMALGAMATION
22 # include "nail.h"
23 #endif
24
25 #ifdef HAVE_NETRC
26 /* NetBSD usr.bin/ftp/ruserpass.c uses 100 bytes for that, we need four
27 * concurrently (dummy, host, user, pass), so make it a KB */
28 # define NRC_TOKEN_MAXLEN (1024 / 4)
29
30 enum nrc_token {
31 NRC_ERROR = -1,
32 NRC_NONE = 0,
33 NRC_DEFAULT,
34 NRC_LOGIN,
35 NRC_PASSWORD,
36 NRC_ACCOUNT,
37 NRC_MACDEF,
38 NRC_MACHINE,
39 NRC_INPUT
40 };
41
42 struct nrc_node {
43 struct nrc_node *nrc_next;
44 struct nrc_node *nrc_result; /* In match phase, former possible one */
45 ui32_t nrc_mlen; /* Length of machine name */
46 ui32_t nrc_ulen; /* Length of user name */
47 ui32_t nrc_plen; /* Length of password */
48 char nrc_dat[VFIELD_SIZE(4)];
49 };
50 # define NRC_NODE_ERR ((struct nrc_node*)-1)
51
52 static struct nrc_node *_nrc_list;
53 #endif /* HAVE_NETRC */
54
55 /* Find the last @ before a slash
56 * TODO Casts off the const but this is ok here; obsolete function! */
57 #ifdef HAVE_SOCKETS /* temporary (we'll have file://..) */
58 static char * _url_last_at_before_slash(char const *sp);
59 #endif
60
61 #ifdef HAVE_NETRC
62 /* Initialize .netrc cache */
63 static void _nrc_init(void);
64 static enum nrc_token __nrc_token(FILE *fi, char buffer[NRC_TOKEN_MAXLEN]);
65
66 /* We shall lookup a machine in .netrc says ok_blook(netrc_lookup).
67 * only_pass is true then the lookup is for the password only, otherwise we
68 * look for a user (and add password only if we have an exact machine match) */
69 static bool_t _nrc_lookup(struct url *urlp, bool_t only_pass);
70
71 /* 0=no match; 1=exact match; -1=wildcard match */
72 static int __nrc_host_match(struct nrc_node const *nrc,
73 struct url const *urlp);
74 static bool_t __nrc_find_user(struct url *urlp,
75 struct nrc_node const *nrc);
76 static bool_t __nrc_find_pass(struct url *urlp, bool_t user_match,
77 struct nrc_node const *nrc);
78 #endif /* HAVE_NETRC */
79
80 /* The password can also be gained through external agents */
81 #ifdef HAVE_AGENT
82 static bool_t _agent_shell_lookup(struct url *urlp, char const *comm);
83 #endif
84
85 #ifdef HAVE_SOCKETS
86 static char *
87 _url_last_at_before_slash(char const *sp)
88 {
89 char const *cp;
90 char c;
91 NYD2_ENTER;
92
93 for (cp = sp; (c = *cp) != '\0'; ++cp)
94 if (c == '/')
95 break;
96 while (cp > sp && *--cp != '@')
97 ;
98 if (*cp != '@')
99 cp = NULL;
100 NYD2_LEAVE;
101 return UNCONST(cp);
102 }
103 #endif
104
105 #ifdef HAVE_NETRC
106 static void
107 _nrc_init(void)
108 {
109 char buffer[NRC_TOKEN_MAXLEN], host[NRC_TOKEN_MAXLEN],
110 user[NRC_TOKEN_MAXLEN], pass[NRC_TOKEN_MAXLEN], *netrc_load;
111 struct stat sb;
112 FILE *fi;
113 enum nrc_token t;
114 bool_t seen_default;
115 struct nrc_node *ntail = NULL /* CC happy */, *nhead = NULL,
116 *nrc = NRC_NODE_ERR;
117 NYD_ENTER;
118
119 if ((netrc_load = getenv("NETRC")/* TODO */) == NULL)
120 netrc_load = UNCONST(NETRC);
121 if ((netrc_load = file_expand(netrc_load)) == NULL)
122 goto jleave;
123
124 if ((fi = Fopen(netrc_load, "r")) == NULL) {
125 fprintf(stderr, _("Cannot open `%s'\n"), netrc_load);
126 goto jleave;
127 }
128
129 /* Be simple and apply rigid (permission) check(s) */
130 if (fstat(fileno(fi), &sb) == -1 || !S_ISREG(sb.st_mode) ||
131 (sb.st_mode & (S_IRWXG | S_IRWXO))) {
132 fprintf(stderr,
133 _("Not a regular file, or accessible by non-user: `%s'\n"),
134 netrc_load);
135 goto jleave;
136 }
137
138 seen_default = FAL0;
139 jnext:
140 switch((t = __nrc_token(fi, buffer))) {
141 case NRC_ERROR:
142 goto jerr;
143 case NRC_NONE:
144 break;
145 default: /* Doesn't happen (but on error?), keep CC happy */
146 case NRC_DEFAULT:
147 jdef:
148 /* We ignore the default entry (require an exact host match), and we also
149 * ignore anything after such an entry (faulty syntax) */
150 seen_default = TRU1;
151 /* FALLTHRU */
152 case NRC_MACHINE:
153 jm_h:
154 /* Normalize HOST to lowercase */
155 *host = '\0';
156 if (!seen_default && (t = __nrc_token(fi, host)) != NRC_INPUT)
157 goto jerr;
158 else {
159 char *cp;
160 for (cp = host; *cp != '\0'; ++cp)
161 *cp = lowerconv(*cp);
162 }
163
164 *user = *pass = '\0';
165 while ((t = __nrc_token(fi, buffer)) != NRC_NONE && t != NRC_MACHINE &&
166 t != NRC_DEFAULT) {
167 switch(t) {
168 case NRC_LOGIN:
169 if ((t = __nrc_token(fi, user)) != NRC_INPUT)
170 goto jerr;
171 break;
172 case NRC_PASSWORD:
173 if ((t = __nrc_token(fi, pass)) != NRC_INPUT)
174 goto jerr;
175 break;
176 case NRC_ACCOUNT:
177 if ((t = __nrc_token(fi, buffer)) != NRC_INPUT)
178 goto jerr;
179 break;
180 case NRC_MACDEF:
181 if ((t = __nrc_token(fi, buffer)) != NRC_INPUT)
182 goto jerr;
183 else {
184 int i = 0, c;
185 while ((c = getc(fi)) != EOF)
186 if (c == '\n') { /* xxx */
187 if (i)
188 break;
189 i = 1;
190 } else
191 i = 0;
192 }
193 break;
194 default:
195 case NRC_ERROR:
196 goto jerr;
197 }
198 }
199
200 if (!seen_default && (*user != '\0' || *pass != '\0')) {
201 size_t hl = strlen(host), ul = strlen(user), pl = strlen(pass);
202 struct nrc_node *nx = smalloc(sizeof(*nx) -
203 VFIELD_SIZEOF(struct nrc_node, nrc_dat) + hl +1 + ul +1 + pl +1);
204
205 if (nhead != NULL)
206 ntail->nrc_next = nx;
207 else
208 nhead = nx;
209 ntail = nx;
210 nx->nrc_next = NULL;
211 nx->nrc_mlen = hl;
212 nx->nrc_ulen = ul;
213 nx->nrc_plen = pl;
214 memcpy(nx->nrc_dat, host, ++hl);
215 memcpy(nx->nrc_dat + hl, user, ++ul);
216 memcpy(nx->nrc_dat + hl + ul, pass, ++pl);
217 }
218 if (t == NRC_MACHINE)
219 goto jm_h;
220 if (t == NRC_DEFAULT)
221 goto jdef;
222 if (t != NRC_NONE)
223 goto jnext;
224 break;
225 }
226
227 if (nhead != NULL)
228 nrc = nhead;
229 else
230 jerr:
231 if (options & OPT_D_V)
232 fprintf(stderr, _("Errors occurred while parsing `%s'\n"), netrc_load);
233 Fclose(fi);
234 jleave:
235 if (nrc == NRC_NODE_ERR)
236 while (nhead != NULL) {
237 ntail = nhead;
238 nhead = nhead->nrc_next;
239 free(ntail);
240 }
241 _nrc_list = nrc;
242 NYD_LEAVE;
243 }
244
245 static enum nrc_token
246 __nrc_token(FILE *fi, char buffer[NRC_TOKEN_MAXLEN])
247 {
248 int c;
249 char *cp;
250 enum nrc_token rv = NRC_NONE;
251 NYD2_ENTER;
252
253 c = EOF;
254 if (feof(fi) || ferror(fi))
255 goto jleave;
256
257 while ((c = getc(fi)) != EOF && whitechar(c))
258 ;
259 if (c == EOF)
260 goto jleave;
261
262 cp = buffer;
263 /* Is it a quoted token? At least IBM syntax also supports ' quotes */
264 if (c == '"' || c == '\'') {
265 int quotec = c;
266
267 /* Not requiring the closing QM is (Net)BSD syntax */
268 while ((c = getc(fi)) != EOF && c != quotec) {
269 /* Backslash escaping the next character is (Net)BSD syntax */
270 if (c == '\\')
271 if ((c = getc(fi)) == EOF)
272 break;
273 *cp++ = c;
274 if (PTRCMP(cp, ==, buffer + NRC_TOKEN_MAXLEN)) {
275 rv = NRC_ERROR;
276 goto jleave;
277 }
278 }
279 } else {
280 *cp++ = c;
281 while ((c = getc(fi)) != EOF && !whitechar(c)) {
282 /* Backslash escaping the next character is (Net)BSD syntax */
283 if (c == '\\' && (c = getc(fi)) == EOF)
284 break;
285 *cp++ = c;
286 if (PTRCMP(cp, ==, buffer + NRC_TOKEN_MAXLEN)) {
287 rv = NRC_ERROR;
288 goto jleave;
289 }
290 }
291 }
292 *cp = '\0';
293
294 if (*buffer == '\0')
295 do {/*rv = NRC_NONE*/} while (0);
296 else if (!strcmp(buffer, "default"))
297 rv = NRC_DEFAULT;
298 else if (!strcmp(buffer, "login"))
299 rv = NRC_LOGIN;
300 else if (!strcmp(buffer, "password") || !strcmp(buffer, "passwd"))
301 rv = NRC_PASSWORD;
302 else if (!strcmp(buffer, "account"))
303 rv = NRC_ACCOUNT;
304 else if (!strcmp(buffer, "macdef"))
305 rv = NRC_MACDEF;
306 else if (!strcmp(buffer, "machine"))
307 rv = NRC_MACHINE;
308 else
309 rv = NRC_INPUT;
310 jleave:
311 if (c == EOF && !feof(fi))
312 rv = NRC_ERROR;
313 NYD2_LEAVE;
314 return rv;
315 }
316
317 static bool_t
318 _nrc_lookup(struct url *urlp, bool_t only_pass) /* TODO optimize; too tricky!! */
319 {
320 struct nrc_node *nrc, *nrc_wild, *nrc_exact;
321 bool_t rv = FAL0;
322 NYD_ENTER;
323
324 assert(!only_pass || urlp->url_user.s != NULL);
325 assert(only_pass || urlp->url_user.s == NULL);
326
327 if (_nrc_list == NULL)
328 _nrc_init();
329 if (_nrc_list == NRC_NODE_ERR)
330 goto jleave;
331
332 nrc_wild = nrc_exact = NULL;
333 for (nrc = _nrc_list; nrc != NULL; nrc = nrc->nrc_next)
334 switch (__nrc_host_match(nrc, urlp)) {
335 case 1:
336 nrc->nrc_result = nrc_exact;
337 nrc_exact = nrc;
338 continue;
339 case -1:
340 nrc->nrc_result = nrc_wild;
341 nrc_wild = nrc;
342 /* FALLTHRU */
343 case 0:
344 continue;
345 }
346
347 /* TODO _nrc_lookup(): PAIN! init: build sorted tree, single walk that!!
348 * TODO then: verify .netrc (unique fallback entries etc.) */
349 if (!only_pass && !__nrc_find_user(urlp, nrc_exact) &&
350 !__nrc_find_user(urlp, nrc_wild))
351 goto jleave;
352
353 if (__nrc_find_pass(urlp, TRU1, nrc_exact) ||
354 __nrc_find_pass(urlp, TRU1, nrc_wild) ||
355 /* Do not try to find a password without exact user match unless we've
356 * been called during credential lookup, a.k.a. the second time */
357 !only_pass ||
358 __nrc_find_pass(urlp, FAL0, nrc_exact) ||
359 __nrc_find_pass(urlp, FAL0, nrc_wild))
360 rv = TRU1;
361 jleave:
362 NYD_LEAVE;
363 return rv;
364 }
365
366 static int
367 __nrc_host_match(struct nrc_node const *nrc, struct url const *urlp)
368 {
369 char const *d2, *d1;
370 size_t l2, l1;
371 int rv = 0;
372 NYD2_ENTER;
373
374 /* Find a matching machine -- entries are all lowercase normalized */
375 if (nrc->nrc_mlen == urlp->url_host.l) {
376 if (LIKELY(!memcmp(nrc->nrc_dat, urlp->url_host.s, urlp->url_host.l)))
377 rv = 1;
378 goto jleave;
379 }
380
381 /* Cannot be an exact match, but maybe the .netrc machine starts with
382 * a `*.' glob, which we recognize as an extension, meaning "skip
383 * a single subdomain, then match the rest" */
384 d1 = nrc->nrc_dat + 2;
385 l1 = nrc->nrc_mlen;
386 if (l1 <= 2 || d1[-1] != '.' || d1[-2] != '*')
387 goto jleave;
388 l1 -= 2;
389
390 /* Brute skipping over one subdomain, no RFC 1035 or RFC 1122 checks;
391 * in fact this even succeeds for `.host.com', but - why care, here? */
392 d2 = urlp->url_host.s;
393 l2 = urlp->url_host.l;
394 while (l2 > 0) {
395 --l2;
396 if (*d2++ == '.')
397 break;
398 }
399
400 if (l2 == l1 && !memcmp(d1, d2, l1))
401 /* This matches, but we won't use it directly but watch out for an
402 * exact match first! */
403 rv = -1;
404 jleave:
405 NYD2_LEAVE;
406 return rv;
407 }
408
409 static bool_t
410 __nrc_find_user(struct url *urlp, struct nrc_node const *nrc)
411 {
412 NYD2_ENTER;
413
414 for (; nrc != NULL; nrc = nrc->nrc_result)
415 if (nrc->nrc_ulen > 0 && urlp->url_user.s == NULL) {
416 /* Fake it was part of URL otherwise XXX */
417 urlp->url_had_user = TRU1;
418 /* That buffer will be duplicated by url_parse() in this case! */
419 urlp->url_user.s = UNCONST(nrc->nrc_dat + nrc->nrc_mlen +1);
420 urlp->url_user.l = nrc->nrc_ulen;
421 break;
422 }
423
424 NYD2_LEAVE;
425 return (nrc != NULL);
426 }
427
428 static bool_t
429 __nrc_find_pass(struct url *urlp, bool_t user_match, struct nrc_node const *nrc)
430 {
431 NYD2_ENTER;
432
433 for (; nrc != NULL; nrc = nrc->nrc_result) {
434 if (user_match && (nrc->nrc_ulen != urlp->url_user.l ||
435 memcmp(nrc->nrc_dat + nrc->nrc_mlen +1, urlp->url_user.s,
436 urlp->url_user.l)))
437 continue;
438 if (nrc->nrc_plen == 0)
439 continue;
440
441 /* We are responsible for duplicating this buffer! */
442 urlp->url_pass.s = savestrbuf(nrc->nrc_dat + nrc->nrc_mlen +1 +
443 nrc->nrc_ulen + 1, (urlp->url_pass.l = nrc->nrc_plen));
444 break;
445 }
446
447 NYD2_LEAVE;
448 return (nrc != NULL);
449 }
450 #endif /* HAVE_NETRC */
451
452 #ifdef HAVE_AGENT
453 static bool_t
454 _agent_shell_lookup(struct url *urlp, char const *comm)
455 {
456 char buf[128];
457 char const *env_addon[8];
458 struct str s;
459 FILE *pbuf;
460 union {char const *cp; int c; sighandler_type sht;} u;
461 size_t cl, l;
462 bool_t rv = FAL0;
463 NYD2_ENTER;
464
465 env_addon[0] = str_concat_csvl(&s, AGENT_USER, "=", urlp->url_user.s,
466 NULL)->s;
467 env_addon[1] = str_concat_csvl(&s, AGENT_USER_ENC, "=", urlp->url_user_enc.s,
468 NULL)->s;
469 env_addon[2] = str_concat_csvl(&s, AGENT_HOST, "=", urlp->url_host.s,
470 NULL)->s;
471 env_addon[3] = str_concat_csvl(&s, AGENT_HOST_PORT, "=", urlp->url_h_p.s,
472 NULL)->s;
473 env_addon[4] = NULL;
474
475 if ((u.cp = ok_vlook(SHELL)) == NULL)
476 u.cp = XSHELL;
477 if ((pbuf = Popen(comm, "r", u.cp, env_addon, -1)) == NULL) {
478 fprintf(stderr, _("*agent-shell-lookup* startup failed (`%s')\n"),
479 comm);
480 goto jleave;
481 }
482
483 for (s.s = NULL, s.l = cl = l = 0; (u.c = getc(pbuf)) != EOF; ++cl) {
484 if (u.c == '\n') /* xxx */
485 continue;
486 buf[l++] = u.c;
487 if (l == sizeof(buf) - 1) {
488 n_str_add_buf(&s, buf, l);
489 l = 0;
490 }
491 }
492 if (l > 0)
493 n_str_add_buf(&s, buf, l);
494
495 if (!Pclose(pbuf, TRU1)) {
496 if (options & OPT_D_V)
497 fprintf(stderr, _("*agent-shell-lookup* execution failure (`%s')\n"),
498 comm);
499 goto jleave;
500 }
501
502 /* We are responsible for duplicating this buffer! */
503 if (s.s != NULL)
504 urlp->url_pass.s = savestrbuf(s.s, urlp->url_pass.l = s.l);
505 else if (cl > 0)
506 urlp->url_pass.s = UNCONST(""), urlp->url_pass.l = 0;
507 rv = TRU1;
508 jleave:
509 if (s.s != NULL)
510 free(s.s);
511 NYD2_LEAVE;
512 return rv;
513 }
514 #endif
515
516 FL char *
517 (urlxenc)(char const *cp, bool_t ispath SALLOC_DEBUG_ARGS)
518 {
519 char *n, *np, c1;
520 NYD2_ENTER;
521
522 np = n = (salloc)(strlen(cp) * 3 +1 SALLOC_DEBUG_ARGSCALL);
523
524 for (; (c1 = *cp) != '\0'; ++cp) {
525 /* (RFC 1738) RFC 3986, 2.3 Unreserved Characters:
526 * ALPHA / DIGIT / "-" / "." / "_" / "~"
527 * However add a special is[file]path mode for file-system friendliness */
528 if (alnumchar(c1) || c1 == '_')
529 *np++ = c1;
530 else if (!ispath) {
531 if (c1 != '-' && c1 != '.' && c1 != '~')
532 goto jesc;
533 *np++ = c1;
534 } else if (PTRCMP(np, >, n) && (*cp == '-' || *cp == '.')) /* XXX imap */
535 *np++ = c1;
536 else {
537 jesc:
538 np[0] = '%';
539 mime_char_to_hexseq(np + 1, c1);
540 np += 3;
541 }
542 }
543 *np = '\0';
544 NYD2_LEAVE;
545 return n;
546 }
547
548 FL char *
549 (urlxdec)(char const *cp SALLOC_DEBUG_ARGS)
550 {
551 char *n, *np;
552 si32_t c;
553 NYD2_ENTER;
554
555 np = n = (salloc)(strlen(cp) +1 SALLOC_DEBUG_ARGSCALL);
556
557 while ((c = (uc_it)*cp++) != '\0') {
558 if (c == '%' && cp[0] != '\0' && cp[1] != '\0') {
559 si32_t o = c;
560 if (LIKELY((c = mime_hexseq_to_char(cp)) >= '\0'))
561 cp += 2;
562 else
563 c = o;
564 }
565 *np++ = (char)c;
566 }
567 *np = '\0';
568 NYD2_LEAVE;
569 return n;
570 }
571
572 #ifdef HAVE_SOCKETS /* Note: not indented for that -- later: file:// etc.! */
573 FL bool_t
574 url_parse(struct url *urlp, enum cproto cproto, char const *data)
575 {
576 #if defined HAVE_SMTP && defined HAVE_POP3 && defined HAVE_IMAP
577 # define __ALLPROTO
578 #endif
579 #if defined HAVE_SMTP || defined HAVE_POP3 || defined HAVE_IMAP
580 # define __ANYPROTO
581 char *cp, *x;
582 #endif
583 bool_t rv = FAL0;
584 NYD_ENTER;
585 UNUSED(data);
586
587 memset(urlp, 0, sizeof *urlp);
588 urlp->url_input = data;
589 urlp->url_cproto = cproto;
590
591 /* Network protocol */
592 #define _protox(X,Y) \
593 urlp->url_portno = Y;\
594 memcpy(urlp->url_proto, X "://", sizeof(X "://"));\
595 urlp->url_proto[sizeof(X) -1] = '\0';\
596 urlp->url_proto_len = sizeof(X) -1;\
597 urlp->url_proto_xlen = sizeof(X "://") -1
598 #define __if(X,Y,Z) \
599 if (!ascncasecmp(data, X "://", sizeof(X "://") -1)) {\
600 _protox(X, Y);\
601 data += sizeof(X "://") -1;\
602 do { Z; } while (0);\
603 goto juser;\
604 }
605 #define _if(X,Y) __if(X, Y, (void)0)
606 #ifdef HAVE_SSL
607 # define _ifs(X,Y) __if(X, Y, urlp->url_needs_tls = TRU1)
608 #else
609 # define _ifs(X,Y) goto jeproto;
610 #endif
611
612 switch (cproto) {
613 case CPROTO_SMTP:
614 #ifdef HAVE_SMTP
615 _if ("smtp", 25)
616 _if ("submission", 587)
617 _ifs ("smtps", 465)
618 _protox("smtp", 25);
619 break;
620 #else
621 goto jeproto;
622 #endif
623 case CPROTO_POP3:
624 #ifdef HAVE_POP3
625 _if ("pop3", 110)
626 _ifs ("pop3s", 995)
627 _protox("pop3", 110);
628 break;
629 #else
630 goto jeproto;
631 #endif
632 case CPROTO_IMAP:
633 #ifdef HAVE_IMAP
634 _if ("imap", 143)
635 _ifs ("imaps", 993)
636 _protox("imap", 143);
637 break;
638 #else
639 goto jeproto;
640 #endif
641 }
642
643 #undef _ifs
644 #undef _if
645 #undef __if
646 #undef _protox
647
648 if (strstr(data, "://") != NULL) {
649 #if !defined __ALLPROTO || !defined HAVE_SSL
650 jeproto:
651 #endif
652 fprintf(stderr, _("URL `proto://' prefix invalid: `%s'\n"),
653 urlp->url_input);
654 goto jleave;
655 }
656 #ifdef __ANYPROTO
657
658 /* User and password, I */
659 juser:
660 if ((cp = _url_last_at_before_slash(data)) != NULL) {
661 size_t l = PTR2SIZE(cp - data);
662 char const *d = data;
663 char *ub = ac_alloc(l +1);
664
665 urlp->url_had_user = TRU1;
666 data = cp + 1;
667
668 /* And also have a password? */
669 if ((cp = memchr(d, ':', l)) != NULL) {
670 size_t i = PTR2SIZE(cp - d);
671
672 l -= i + 1;
673 memcpy(ub, cp + 1, l);
674 ub[l] = '\0';
675 urlp->url_pass.l = strlen(urlp->url_pass.s = urlxdec(ub));
676
677 if (strcmp(ub, urlxenc(urlp->url_pass.s, FAL0))) {
678 fprintf(stderr,
679 _("String is not properly URL percent encoded: `%s'\n"), ub);
680 goto jleave;
681 }
682 l = i;
683 }
684
685 memcpy(ub, d, l);
686 ub[l] = '\0';
687 urlp->url_user.l = strlen(urlp->url_user.s = urlxdec(ub));
688 urlp->url_user_enc.l = strlen(
689 urlp->url_user_enc.s = urlxenc(urlp->url_user.s, FAL0));
690
691 if (urlp->url_user_enc.l != l || memcmp(urlp->url_user_enc.s, ub, l)) {
692 fprintf(stderr,
693 _("String is not properly URL percent encoded: `%s'\n"), ub);
694 goto jleave;
695 }
696
697 ac_free(ub);
698 }
699
700 /* Servername and port -- and possible path suffix */
701 if ((cp = strchr(data, ':')) != NULL) { /* TODO URL parse, IPv6 support */
702 char *eptr;
703 long l;
704
705 urlp->url_port = x = savestr(x = cp + 1);
706 if ((x = strchr(x, '/')) != NULL)
707 *x = '\0';
708 l = strtol(urlp->url_port, &eptr, 10);
709 if (*eptr != '\0' || l <= 0 || UICMP(32, l, >=, 0xFFFFu)) {
710 fprintf(stderr, _("URL with invalid port number: `%s'\n"),
711 urlp->url_input);
712 goto jleave;
713 }
714 urlp->url_portno = (ui16_t)l;
715 } else {
716 if ((x = strchr(data, '/')) != NULL)
717 data = savestrbuf(data, PTR2SIZE(x - data));
718 cp = UNCONST(data + strlen(data));
719 }
720
721 /* A (non-empty) path may only occur with IMAP */
722 if (x != NULL && x[1] != '\0') {
723 if (cproto != CPROTO_IMAP) {
724 fprintf(stderr, _("URL protocol doesn't support paths: `%s'\n"),
725 urlp->url_input);
726 goto jleave;
727 }
728 urlp->url_path.l = strlen(++x);
729 urlp->url_path.s = savestrbuf(x, urlp->url_path.l);
730 }
731
732 urlp->url_host.s = savestrbuf(data, urlp->url_host.l = PTR2SIZE(cp - data));
733 { size_t i;
734 for (cp = urlp->url_host.s, i = urlp->url_host.l; i != 0; ++cp, --i)
735 *cp = lowerconv(*cp);
736 }
737
738 /* .url_h_p: HOST:PORT */
739 { size_t i;
740 struct str *s = &urlp->url_h_p;
741
742 s->s = salloc(urlp->url_host.l + 1 + sizeof("65536")-1 +1);
743 memcpy(s->s, urlp->url_host.s, i = urlp->url_host.l);
744 if (urlp->url_port != NULL) {
745 size_t j = strlen(urlp->url_port);
746 s->s[i++] = ':';
747 memcpy(s->s + i, urlp->url_port, j);
748 i += j;
749 }
750 s->s[i] = '\0';
751 s->l = i;
752 }
753
754 /* User, II
755 * If there was no user in the URL, do we have *user-HOST* or *user*? */
756 if (!urlp->url_had_user) {
757 if ((urlp->url_user.s = xok_vlook(user, urlp, OXM_PLAIN | OXM_H_P))
758 == NULL) {
759 /* No, check wether .netrc lookup is desired */
760 #ifdef HAVE_NETRC
761 if (!ok_blook(v15_compat) ||
762 !xok_blook(netrc_lookup, urlp, OXM_PLAIN | OXM_H_P) ||
763 !_nrc_lookup(urlp, FAL0))
764 #endif
765 urlp->url_user.s = UNCONST(myname);
766 }
767
768 urlp->url_user.l = strlen(urlp->url_user.s);
769 urlp->url_user.s = savestrbuf(urlp->url_user.s, urlp->url_user.l);
770 urlp->url_user_enc.l = strlen(
771 urlp->url_user_enc.s = urlxenc(urlp->url_user.s, FAL0));
772 }
773
774 /* And then there are a lot of prebuild string combinations TODO do lazy */
775
776 /* .url_u_h: .url_user@.url_host
777 * For SMTP we apply ridiculously complicated *v15-compat* plus
778 * *smtp-hostname* / *hostname* dependent rules */
779 { struct str h, *s;
780 size_t i;
781
782 if (cproto == CPROTO_SMTP && ok_blook(v15_compat) &&
783 (cp = ok_vlook(smtp_hostname)) != NULL) {
784 if (*cp == '\0')
785 cp = nodename(1);
786 h.s = savestrbuf(cp, h.l = strlen(cp));
787 } else
788 h = urlp->url_host;
789
790 s = &urlp->url_u_h;
791 i = urlp->url_user.l;
792
793 s->s = salloc(i + 1 + h.l +1);
794 if (i > 0) {
795 memcpy(s->s, urlp->url_user.s, i);
796 s->s[i++] = '@';
797 }
798 memcpy(s->s + i, h.s, h.l +1);
799 i += h.l;
800 s->l = i;
801 }
802
803 /* .url_u_h_p: .url_user@.url_host[:.url_port] */
804 { struct str *s = &urlp->url_u_h_p;
805 size_t i = urlp->url_user.l;
806
807 s->s = salloc(i + 1 + urlp->url_h_p.l +1);
808 if (i > 0) {
809 memcpy(s->s, urlp->url_user.s, i);
810 s->s[i++] = '@';
811 }
812 memcpy(s->s + i, urlp->url_h_p.s, urlp->url_h_p.l +1);
813 i += urlp->url_h_p.l;
814 s->l = i;
815 }
816
817 /* .url_eu_h_p: .url_user_enc@.url_host[:.url_port] */
818 { struct str *s = &urlp->url_eu_h_p;
819 size_t i = urlp->url_user_enc.l;
820
821 s->s = salloc(i + 1 + urlp->url_h_p.l +1);
822 if (i > 0) {
823 memcpy(s->s, urlp->url_user_enc.s, i);
824 s->s[i++] = '@';
825 }
826 memcpy(s->s + i, urlp->url_h_p.s, urlp->url_h_p.l +1);
827 i += urlp->url_h_p.l;
828 s->l = i;
829 }
830
831 /* .url_p_u_h_p: .url_proto://.url_u_h_p */
832 { size_t i;
833 char *ud = salloc((i = urlp->url_proto_xlen + urlp->url_u_h_p.l) +1);
834
835 urlp->url_proto[urlp->url_proto_len] = ':';
836 memcpy(sstpcpy(ud, urlp->url_proto), urlp->url_u_h_p.s,
837 urlp->url_u_h_p.l +1);
838 urlp->url_proto[urlp->url_proto_len] = '\0';
839
840 urlp->url_p_u_h_p = ud;
841 }
842
843 /* .url_p_eu_h_p, .url_p_eu_h_p_p: .url_proto://.url_eu_h_p[/.url_path] */
844 { size_t i;
845 char *ud = salloc((i = urlp->url_proto_xlen + urlp->url_eu_h_p.l) +
846 1 + urlp->url_path.l +1);
847
848 urlp->url_proto[urlp->url_proto_len] = ':';
849 memcpy(sstpcpy(ud, urlp->url_proto), urlp->url_eu_h_p.s,
850 urlp->url_eu_h_p.l +1);
851 urlp->url_proto[urlp->url_proto_len] = '\0';
852
853 if (urlp->url_path.l == 0)
854 urlp->url_p_eu_h_p = urlp->url_p_eu_h_p_p = ud;
855 else {
856 urlp->url_p_eu_h_p = savestrbuf(ud, i);
857 urlp->url_p_eu_h_p_p = ud;
858 ud += i;
859 *ud++ = '/';
860 memcpy(ud, urlp->url_path.s, urlp->url_path.l +1);
861 }
862 }
863
864 rv = TRU1;
865 #endif /* __ANYPROTO */
866 jleave:
867 NYD_LEAVE;
868 return rv;
869 #undef __ANYPROTO
870 #undef __ALLPROTO
871 }
872
873 FL bool_t
874 ccred_lookup_old(struct ccred *ccp, enum cproto cproto, char const *addr)
875 {
876 char const *pname, *pxstr, *authdef;
877 size_t pxlen, addrlen, i;
878 char *vbuf, *s;
879 ui8_t authmask;
880 enum {NONE=0, WANT_PASS=1<<0, REQ_PASS=1<<1, WANT_USER=1<<2, REQ_USER=1<<3}
881 ware = NONE;
882 bool_t addr_is_nuser = FAL0; /* XXX v15.0 legacy! v15_compat */
883 NYD_ENTER;
884
885 memset(ccp, 0, sizeof *ccp);
886
887 switch (cproto) {
888 default:
889 case CPROTO_SMTP:
890 pname = "SMTP";
891 pxstr = "smtp-auth";
892 pxlen = sizeof("smtp-auth") -1;
893 authmask = AUTHTYPE_NONE | AUTHTYPE_PLAIN | AUTHTYPE_LOGIN |
894 AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
895 authdef = "none";
896 addr_is_nuser = TRU1;
897 break;
898 case CPROTO_POP3:
899 pname = "POP3";
900 pxstr = "pop3-auth";
901 pxlen = sizeof("pop3-auth") -1;
902 authmask = AUTHTYPE_PLAIN;
903 authdef = "plain";
904 break;
905 case CPROTO_IMAP:
906 pname = "IMAP";
907 pxstr = "imap-auth";
908 pxlen = sizeof("imap-auth") -1;
909 authmask = AUTHTYPE_LOGIN | AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
910 authdef = "login";
911 break;
912 }
913
914 ccp->cc_cproto = cproto;
915 addrlen = strlen(addr);
916 vbuf = ac_alloc(pxlen + addrlen + sizeof("-password-")-1 +1);
917 memcpy(vbuf, pxstr, pxlen);
918
919 /* Authentication type */
920 vbuf[pxlen] = '-';
921 memcpy(vbuf + pxlen + 1, addr, addrlen +1);
922 if ((s = vok_vlook(vbuf)) == NULL) {
923 vbuf[pxlen] = '\0';
924 if ((s = vok_vlook(vbuf)) == NULL)
925 s = UNCONST(authdef);
926 }
927
928 if (!asccasecmp(s, "none")) {
929 ccp->cc_auth = "NONE";
930 ccp->cc_authtype = AUTHTYPE_NONE;
931 /*ware = NONE;*/
932 } else if (!asccasecmp(s, "plain")) {
933 ccp->cc_auth = "PLAIN";
934 ccp->cc_authtype = AUTHTYPE_PLAIN;
935 ware = REQ_PASS | REQ_USER;
936 } else if (!asccasecmp(s, "login")) {
937 ccp->cc_auth = "LOGIN";
938 ccp->cc_authtype = AUTHTYPE_LOGIN;
939 ware = REQ_PASS | REQ_USER;
940 } else if (!asccasecmp(s, "cram-md5")) {
941 ccp->cc_auth = "CRAM-MD5";
942 ccp->cc_authtype = AUTHTYPE_CRAM_MD5;
943 ware = REQ_PASS | REQ_USER;
944 } else if (!asccasecmp(s, "gssapi")) {
945 ccp->cc_auth = "GSS-API";
946 ccp->cc_authtype = AUTHTYPE_GSSAPI;
947 ware = REQ_USER;
948 } /* no else */
949
950 /* Verify method */
951 if (!(ccp->cc_authtype & authmask)) {
952 fprintf(stderr, _("Unsupported %s authentication method: %s\n"),
953 pname, s);
954 ccp = NULL;
955 goto jleave;
956 }
957 # ifndef HAVE_MD5
958 if (ccp->cc_authtype == AUTHTYPE_CRAM_MD5) {
959 fprintf(stderr, _("No CRAM-MD5 support compiled in.\n"));
960 ccp = NULL;
961 goto jleave;
962 }
963 # endif
964 # ifndef HAVE_GSSAPI
965 if (ccp->cc_authtype == AUTHTYPE_GSSAPI) {
966 fprintf(stderr, _("No GSS-API support compiled in.\n"));
967 ccp = NULL;
968 goto jleave;
969 }
970 # endif
971
972 /* User name */
973 if (!(ware & (WANT_USER | REQ_USER)))
974 goto jpass;
975
976 if (!addr_is_nuser) {
977 if ((s = _url_last_at_before_slash(addr)) != NULL) {
978 ccp->cc_user.s = urlxdec(savestrbuf(addr, PTR2SIZE(s - addr)));
979 ccp->cc_user.l = strlen(ccp->cc_user.s);
980 } else if (ware & REQ_USER)
981 goto jgetuser;
982 goto jpass;
983 }
984
985 memcpy(vbuf + pxlen, "-user-", i = sizeof("-user-") -1);
986 i += pxlen;
987 memcpy(vbuf + i, addr, addrlen +1);
988 if ((s = vok_vlook(vbuf)) == NULL) {
989 vbuf[--i] = '\0';
990 if ((s = vok_vlook(vbuf)) == NULL && (ware & REQ_USER)) {
991 if ((s = getuser(NULL)) == NULL) {
992 jgetuser: /* TODO v15.0: today we simply bail, but we should call getuser().
993 * TODO even better: introduce `PROTO-user' and `PROTO-pass' and
994 * TODO check that first, then! change control flow, grow `vbuf' */
995 fprintf(stderr, _("A user is necessary for %s authentication.\n"),
996 pname);
997 ccp = NULL;
998 goto jleave;
999 }
1000 }
1001 }
1002 ccp->cc_user.l = strlen(ccp->cc_user.s = savestr(s));
1003
1004 /* Password */
1005 jpass:
1006 if (!(ware & (WANT_PASS | REQ_PASS)))
1007 goto jleave;
1008
1009 if (!addr_is_nuser) {
1010 memcpy(vbuf, "password-", i = sizeof("password-") -1);
1011 } else {
1012 memcpy(vbuf + pxlen, "-password-", i = sizeof("-password-") -1);
1013 i += pxlen;
1014 }
1015 memcpy(vbuf + i, addr, addrlen +1);
1016 if ((s = vok_vlook(vbuf)) == NULL) {
1017 vbuf[--i] = '\0';
1018 if ((!addr_is_nuser || (s = vok_vlook(vbuf)) == NULL) &&
1019 (ware & REQ_PASS)) {
1020 if ((s = getpassword(NULL)) == NULL) {
1021 fprintf(stderr,
1022 _("A password is necessary for %s authentication.\n"), pname);
1023 ccp = NULL;
1024 goto jleave;
1025 }
1026 }
1027 }
1028 if (s != NULL)
1029 ccp->cc_pass.l = strlen(ccp->cc_pass.s = savestr(s));
1030
1031 jleave:
1032 ac_free(vbuf);
1033 if (ccp != NULL && (options & OPT_D_VV))
1034 fprintf(stderr, _("Credentials: host `%s', user `%s', pass `%s'\n"),
1035 addr, (ccp->cc_user.s != NULL ? ccp->cc_user.s : ""),
1036 (ccp->cc_pass.s != NULL ? ccp->cc_pass.s : ""));
1037 NYD_LEAVE;
1038 return (ccp != NULL);
1039 }
1040
1041 FL bool_t
1042 ccred_lookup(struct ccred *ccp, struct url *urlp)
1043 {
1044 char const *pstr, *authdef;
1045 char *s;
1046 enum okeys authokey;
1047 ui8_t authmask;
1048 enum {NONE=0, WANT_PASS=1<<0, REQ_PASS=1<<1, WANT_USER=1<<2, REQ_USER=1<<3}
1049 ware = NONE;
1050 NYD_ENTER;
1051
1052 memset(ccp, 0, sizeof *ccp);
1053 ccp->cc_user = urlp->url_user;
1054
1055 switch ((ccp->cc_cproto = urlp->url_cproto)) {
1056 default:
1057 case CPROTO_SMTP:
1058 pstr = "smtp";
1059 authokey = ok_v_smtp_auth;
1060 authmask = AUTHTYPE_NONE | AUTHTYPE_PLAIN | AUTHTYPE_LOGIN |
1061 AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
1062 authdef = "none";
1063 break;
1064 case CPROTO_POP3:
1065 pstr = "pop3";
1066 authokey = ok_v_pop3_auth;
1067 authmask = AUTHTYPE_PLAIN;
1068 authdef = "plain";
1069 break;
1070 case CPROTO_IMAP:
1071 pstr = "imap";
1072 authokey = ok_v_imap_auth;
1073 authmask = AUTHTYPE_LOGIN | AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
1074 authdef = "login";
1075 break;
1076 }
1077
1078 /* Authentication type */
1079 if ((s = xok_VLOOK(authokey, urlp, OXM_ALL)) == NULL)
1080 s = UNCONST(authdef);
1081
1082 if (!asccasecmp(s, "none")) {
1083 ccp->cc_auth = "NONE";
1084 ccp->cc_authtype = AUTHTYPE_NONE;
1085 /*ware = NONE;*/
1086 } else if (!asccasecmp(s, "plain")) {
1087 ccp->cc_auth = "PLAIN";
1088 ccp->cc_authtype = AUTHTYPE_PLAIN;
1089 ware = REQ_PASS | REQ_USER;
1090 } else if (!asccasecmp(s, "login")) {
1091 ccp->cc_auth = "LOGIN";
1092 ccp->cc_authtype = AUTHTYPE_LOGIN;
1093 ware = REQ_PASS | REQ_USER;
1094 } else if (!asccasecmp(s, "cram-md5")) {
1095 ccp->cc_auth = "CRAM-MD5";
1096 ccp->cc_authtype = AUTHTYPE_CRAM_MD5;
1097 ware = REQ_PASS | REQ_USER;
1098 } else if (!asccasecmp(s, "gssapi")) {
1099 ccp->cc_auth = "GSS-API";
1100 ccp->cc_authtype = AUTHTYPE_GSSAPI;
1101 ware = REQ_USER;
1102 } /* no else */
1103
1104 /* Verify method */
1105 if (!(ccp->cc_authtype & authmask)) {
1106 fprintf(stderr, _("Unsupported %s authentication method: %s\n"), pstr, s);
1107 ccp = NULL;
1108 goto jleave;
1109 }
1110 # ifndef HAVE_MD5
1111 if (ccp->cc_authtype == AUTHTYPE_CRAM_MD5) {
1112 fprintf(stderr, _("No CRAM-MD5 support compiled in.\n"));
1113 ccp = NULL;
1114 goto jleave;
1115 }
1116 # endif
1117 # ifndef HAVE_GSSAPI
1118 if (ccp->cc_authtype == AUTHTYPE_GSSAPI) {
1119 fprintf(stderr, _("No GSS-API support compiled in.\n"));
1120 ccp = NULL;
1121 goto jleave;
1122 }
1123 # endif
1124
1125 /* Password */
1126 if ((ccp->cc_pass = urlp->url_pass).s != NULL)
1127 goto jleave;
1128
1129 if ((s = xok_vlook(password, urlp, OXM_ALL)) != NULL)
1130 goto js2pass;
1131 # ifdef HAVE_AGENT
1132 if ((s = xok_vlook(agent_shell_lookup, urlp, OXM_ALL)) != NULL) {
1133 if (!_agent_shell_lookup(urlp, s)) {
1134 ccp = NULL;
1135 goto jleave;
1136 } else if (urlp->url_pass.s != NULL) {
1137 ccp->cc_pass = urlp->url_pass;
1138 goto jleave;
1139 }
1140 }
1141 # endif
1142 # ifdef HAVE_NETRC
1143 if (xok_blook(netrc_lookup, urlp, OXM_ALL) && _nrc_lookup(urlp, TRU1)) {
1144 ccp->cc_pass = urlp->url_pass;
1145 goto jleave;
1146 }
1147 # endif
1148 if (ware & REQ_PASS) {
1149 if ((s = getpassword(NULL)) != NULL)
1150 js2pass:
1151 ccp->cc_pass.l = strlen(ccp->cc_pass.s = savestr(s));
1152 else {
1153 fprintf(stderr, _("A password is necessary for %s authentication.\n"),
1154 pstr);
1155 ccp = NULL;
1156 }
1157 }
1158
1159 jleave:
1160 if (ccp != NULL && (options & OPT_D_VV))
1161 fprintf(stderr, _("Credentials: host `%s', user `%s', pass `%s'\n"),
1162 urlp->url_h_p.s, (ccp->cc_user.s != NULL ? ccp->cc_user.s : ""),
1163 (ccp->cc_pass.s != NULL ? ccp->cc_pass.s : ""));
1164 NYD_LEAVE;
1165 return (ccp != NULL);
1166 }
1167 #endif /* HAVE_SOCKETS */
1168
1169 #ifdef HAVE_NETRC
1170 FL int
1171 c_netrc(void *v)
1172 {
1173 char **argv = v;
1174 struct nrc_node *nrc;
1175 NYD_ENTER;
1176
1177 if (*argv == NULL)
1178 goto jlist;
1179 if (argv[1] != NULL)
1180 goto jerr;
1181 if (!asccasecmp(*argv, "show"))
1182 goto jlist;
1183 if (!asccasecmp(*argv, "clear"))
1184 goto jclear;
1185 jerr:
1186 fprintf(stderr, "Synopsis: netrc: %s\n",
1187 _("Either <show> (default) or <clear> the .netrc cache"));
1188 v = NULL;
1189 jleave:
1190 NYD_LEAVE;
1191 return (v == NULL ? !STOP : !OKAY); /* xxx 1:bad 0:good -- do some */
1192
1193 jlist: {
1194 FILE *fp;
1195 size_t l;
1196
1197 if (_nrc_list == NULL)
1198 _nrc_init();
1199 if (_nrc_list == NRC_NODE_ERR) {
1200 fprintf(stderr, _("Interpolate what file?\n"));
1201 v = NULL;
1202 goto jleave;
1203 }
1204
1205 if ((fp = Ftmp(NULL, "netrc", OF_RDWR | OF_UNLINK | OF_REGISTER, 0600)
1206 ) == NULL) {
1207 perror("tmpfile");
1208 v = NULL;
1209 goto jleave;
1210 }
1211
1212 for (l = 0, nrc = _nrc_list; nrc != NULL; ++l, nrc = nrc->nrc_next) {
1213 fprintf(fp, _("Host %s: "), nrc->nrc_dat);
1214 if (nrc->nrc_ulen > 0)
1215 fprintf(fp, _("user %s, "), nrc->nrc_dat + nrc->nrc_mlen +1);
1216 else
1217 fputs(_("no user, "), fp);
1218 if (nrc->nrc_plen > 0)
1219 fprintf(fp, _("password %s.\n"),
1220 nrc->nrc_dat + nrc->nrc_mlen +1 + nrc->nrc_ulen +1);
1221 else
1222 fputs(_("no password.\n"), fp);
1223 }
1224
1225 page_or_print(fp, l);
1226 Fclose(fp);
1227 }
1228 goto jleave;
1229
1230 jclear:
1231 if (_nrc_list == NRC_NODE_ERR)
1232 _nrc_list = NULL;
1233 while ((nrc = _nrc_list) != NULL) {
1234 _nrc_list = nrc->nrc_next;
1235 free(nrc);
1236 }
1237 goto jleave;
1238 }
1239 #endif /* HAVE_NETRC */
1240
1241 #ifdef HAVE_MD5
1242 FL char *
1243 md5tohex(char hex[MD5TOHEX_SIZE], void const *vp)
1244 {
1245 char const *cp = vp;
1246 size_t i, j;
1247 NYD_ENTER;
1248
1249 for (i = 0; i < MD5TOHEX_SIZE / 2; ++i) {
1250 j = i << 1;
1251 # define __hex(n) ((n) > 9 ? (n) - 10 + 'a' : (n) + '0')
1252 hex[j] = __hex((cp[i] & 0xF0) >> 4);
1253 hex[++j] = __hex(cp[i] & 0x0F);
1254 # undef __hex
1255 }
1256 NYD_LEAVE;
1257 return hex;
1258 }
1259
1260 FL char *
1261 cram_md5_string(struct str const *user, struct str const *pass,
1262 char const *b64)
1263 {
1264 struct str in, out;
1265 char digest[16], *cp;
1266 NYD_ENTER;
1267
1268 out.s = NULL;
1269 in.s = UNCONST(b64);
1270 in.l = strlen(in.s);
1271 b64_decode(&out, &in, NULL);
1272 assert(out.s != NULL);
1273
1274 hmac_md5((uc_it*)out.s, out.l, (uc_it*)pass->s, pass->l, digest);
1275 free(out.s);
1276 cp = md5tohex(salloc(MD5TOHEX_SIZE +1), digest);
1277
1278 in.l = user->l + MD5TOHEX_SIZE +1;
1279 in.s = ac_alloc(user->l + 1 + MD5TOHEX_SIZE +1);
1280 memcpy(in.s, user->s, user->l);
1281 in.s[user->l] = ' ';
1282 memcpy(in.s + user->l + 1, cp, MD5TOHEX_SIZE);
1283 b64_encode(&out, &in, B64_SALLOC | B64_CRLF);
1284 ac_free(in.s);
1285 NYD_LEAVE;
1286 return out.s;
1287 }
1288
1289 FL void
1290 hmac_md5(unsigned char *text, int text_len, unsigned char *key, int key_len,
1291 void *digest)
1292 {
1293 /*
1294 * This code is taken from
1295 *
1296 * Network Working Group H. Krawczyk
1297 * Request for Comments: 2104 IBM
1298 * Category: Informational M. Bellare
1299 * UCSD
1300 * R. Canetti
1301 * IBM
1302 * February 1997
1303 *
1304 *
1305 * HMAC: Keyed-Hashing for Message Authentication
1306 */
1307 md5_ctx context;
1308 unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */
1309 unsigned char k_opad[65]; /* outer padding - key XORd with opad */
1310 unsigned char tk[16];
1311 int i;
1312 NYD_ENTER;
1313
1314 /* if key is longer than 64 bytes reset it to key=MD5(key) */
1315 if (key_len > 64) {
1316 md5_ctx tctx;
1317
1318 md5_init(&tctx);
1319 md5_update(&tctx, key, key_len);
1320 md5_final(tk, &tctx);
1321
1322 key = tk;
1323 key_len = 16;
1324 }
1325
1326 /* the HMAC_MD5 transform looks like:
1327 *
1328 * MD5(K XOR opad, MD5(K XOR ipad, text))
1329 *
1330 * where K is an n byte key
1331 * ipad is the byte 0x36 repeated 64 times
1332 * opad is the byte 0x5c repeated 64 times
1333 * and text is the data being protected */
1334
1335 /* start out by storing key in pads */
1336 memset(k_ipad, 0, sizeof k_ipad);
1337 memset(k_opad, 0, sizeof k_opad);
1338 memcpy(k_ipad, key, key_len);
1339 memcpy(k_opad, key, key_len);
1340
1341 /* XOR key with ipad and opad values */
1342 for (i=0; i<64; i++) {
1343 k_ipad[i] ^= 0x36;
1344 k_opad[i] ^= 0x5c;
1345 }
1346
1347 /* perform inner MD5 */
1348 md5_init(&context); /* init context for 1st pass */
1349 md5_update(&context, k_ipad, 64); /* start with inner pad */
1350 md5_update(&context, text, text_len); /* then text of datagram */
1351 md5_final(digest, &context); /* finish up 1st pass */
1352
1353 /* perform outer MD5 */
1354 md5_init(&context); /* init context for 2nd pass */
1355 md5_update(&context, k_opad, 64); /* start with outer pad */
1356 md5_update(&context, digest, 16); /* then results of 1st hash */
1357 md5_final(digest, &context); /* finish up 2nd pass */
1358 NYD_LEAVE;
1359 }
1360 #endif /* HAVE_MD5 */
1361
1362 /* s-it-mode */
A mail processing system intended to provide the functionality of the POSIX mailx(1) command