search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
THANKS: Thomas Dickey
[s-mailx.git] / urlcrecry.c
blobfa29bcf8fae2e0316beb6f6c66ac569f639b4549
1 /*@ S-nail - a mail user agent derived from Berkeley Mail.
2 *@ URL parsing, credential handling and crypto hooks.
3 *@ .netrc parser quite loosely based upon NetBSD usr.bin/ftp/
4 *@ $NetBSD: ruserpass.c,v 1.33 2007/04/17 05:52:04 lukem Exp $
5 *
6 * Copyright (c) 2014 - 2015 Steffen (Daode) Nurpmeso <sdaoden@users.sf.net>.
7 *
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20 #undef n_FILE
21 #define n_FILE urlcrecry
22
23 #ifndef HAVE_AMALGAMATION
24 # include "nail.h"
25 #endif
26
27 #ifdef HAVE_NETRC
28 /* NetBSD usr.bin/ftp/ruserpass.c uses 100 bytes for that, we need four
29 * concurrently (dummy, host, user, pass), so make it a KB */
30 # define NRC_TOKEN_MAXLEN (1024 / 4)
31
32 enum nrc_token {
33 NRC_ERROR = -1,
34 NRC_NONE = 0,
35 NRC_DEFAULT,
36 NRC_LOGIN,
37 NRC_PASSWORD,
38 NRC_ACCOUNT,
39 NRC_MACDEF,
40 NRC_MACHINE,
41 NRC_INPUT
42 };
43
44 struct nrc_node {
45 struct nrc_node *nrc_next;
46 struct nrc_node *nrc_result; /* In match phase, former possible one */
47 ui32_t nrc_mlen; /* Length of machine name */
48 ui32_t nrc_ulen; /* Length of user name */
49 ui32_t nrc_plen; /* Length of password */
50 char nrc_dat[VFIELD_SIZE(sizeof(ui32_t))];
51 };
52 # define NRC_NODE_ERR ((struct nrc_node*)-1)
53
54 static struct nrc_node *_nrc_list;
55 #endif /* HAVE_NETRC */
56
57 /* Find the last @ before a slash
58 * TODO Casts off the const but this is ok here; obsolete function! */
59 #ifdef HAVE_SOCKETS /* temporary (we'll have file://..) */
60 static char * _url_last_at_before_slash(char const *sp);
61 #endif
62
63 #ifdef HAVE_NETRC
64 /* Initialize .netrc cache */
65 static void _nrc_init(void);
66 static enum nrc_token __nrc_token(FILE *fi, char buffer[NRC_TOKEN_MAXLEN],
67 bool_t *nl_last);
68
69 /* We shall lookup a machine in .netrc says ok_blook(netrc_lookup).
70 * only_pass is true then the lookup is for the password only, otherwise we
71 * look for a user (and add password only if we have an exact machine match) */
72 static bool_t _nrc_lookup(struct url *urlp, bool_t only_pass);
73
74 /* 0=no match; 1=exact match; -1=wildcard match */
75 static int __nrc_host_match(struct nrc_node const *nrc,
76 struct url const *urlp);
77 static bool_t __nrc_find_user(struct url *urlp,
78 struct nrc_node const *nrc);
79 static bool_t __nrc_find_pass(struct url *urlp, bool_t user_match,
80 struct nrc_node const *nrc);
81 #endif /* HAVE_NETRC */
82
83 /* The password can also be gained through external agents */
84 #ifdef HAVE_AGENT
85 static bool_t _agent_shell_lookup(struct url *urlp, char const *comm);
86 #endif
87
88 #ifdef HAVE_SOCKETS
89 static char *
90 _url_last_at_before_slash(char const *sp)
91 {
92 char const *cp;
93 char c;
94 NYD2_ENTER;
95
96 for (cp = sp; (c = *cp) != '\0'; ++cp)
97 if (c == '/')
98 break;
99 while (cp > sp && *--cp != '@')
100 ;
101 if (*cp != '@')
102 cp = NULL;
103 NYD2_LEAVE;
104 return UNCONST(cp);
105 }
106 #endif
107
108 #ifdef HAVE_NETRC
109 static void
110 _nrc_init(void)
111 {
112 char buffer[NRC_TOKEN_MAXLEN], host[NRC_TOKEN_MAXLEN],
113 user[NRC_TOKEN_MAXLEN], pass[NRC_TOKEN_MAXLEN], *netrc_load;
114 struct stat sb;
115 FILE *fi;
116 enum nrc_token t;
117 bool_t seen_default, nl_last;
118 struct nrc_node *ntail = NULL /* CC happy */, *nhead = NULL,
119 *nrc = NRC_NODE_ERR;
120 NYD_ENTER;
121
122 if ((netrc_load = env_vlook("NETRC", FAL0)) == NULL)
123 netrc_load = UNCONST(NETRC);
124 if ((netrc_load = file_expand(netrc_load)) == NULL)
125 goto j_leave;
126
127 if ((fi = Fopen(netrc_load, "r")) == NULL) {
128 n_err(_("Cannot open \"%s\"\n"), netrc_load);
129 goto j_leave;
130 }
131
132 /* Be simple and apply rigid (permission) check(s) */
133 if (fstat(fileno(fi), &sb) == -1 || !S_ISREG(sb.st_mode) ||
134 (sb.st_mode & (S_IRWXG | S_IRWXO))) {
135 n_err(_("Not a regular file, or accessible by non-user: \"%s\"\n"),
136 netrc_load);
137 goto jleave;
138 }
139
140 seen_default = FAL0;
141 nl_last = TRU1;
142 jnext:
143 switch((t = __nrc_token(fi, buffer, &nl_last))) {
144 case NRC_NONE:
145 break;
146 default: /* Doesn't happen (but on error?), keep CC happy */
147 case NRC_DEFAULT:
148 jdef:
149 /* We ignore the default entry (require an exact host match), and we also
150 * ignore anything after such an entry (faulty syntax) */
151 seen_default = TRU1;
152 /* FALLTHRU */
153 case NRC_MACHINE:
154 jm_h:
155 /* Normalize HOST to lowercase */
156 *host = '\0';
157 if (!seen_default && (t = __nrc_token(fi, host, &nl_last)) != NRC_INPUT)
158 goto jerr;
159 else {
160 char *cp;
161 for (cp = host; *cp != '\0'; ++cp)
162 *cp = lowerconv(*cp);
163 }
164
165 *user = *pass = '\0';
166 while ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_NONE &&
167 t != NRC_MACHINE && t != NRC_DEFAULT) {
168 switch(t) {
169 case NRC_LOGIN:
170 if ((t = __nrc_token(fi, user, &nl_last)) != NRC_INPUT)
171 goto jerr;
172 break;
173 case NRC_PASSWORD:
174 if ((t = __nrc_token(fi, pass, &nl_last)) != NRC_INPUT)
175 goto jerr;
176 break;
177 case NRC_ACCOUNT:
178 if ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_INPUT)
179 goto jerr;
180 break;
181 case NRC_MACDEF:
182 if ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_INPUT)
183 goto jerr;
184 else {
185 int i = 0, c;
186 while ((c = getc(fi)) != EOF)
187 if (c == '\n') { /* xxx */
188 /* Don't care about comments here, since we parse until
189 * we've seen two successive newline characters */
190 if (i)
191 break;
192 i = 1;
193 } else
194 i = 0;
195 }
196 break;
197 default:
198 case NRC_ERROR:
199 goto jerr;
200 }
201 }
202
203 if (!seen_default && (*user != '\0' || *pass != '\0')) {
204 size_t hl = strlen(host), ul = strlen(user), pl = strlen(pass);
205 struct nrc_node *nx = smalloc(sizeof(*nx) -
206 VFIELD_SIZEOF(struct nrc_node, nrc_dat) + hl +1 + ul +1 + pl +1);
207
208 if (nhead != NULL)
209 ntail->nrc_next = nx;
210 else
211 nhead = nx;
212 ntail = nx;
213 nx->nrc_next = NULL;
214 nx->nrc_mlen = hl;
215 nx->nrc_ulen = ul;
216 nx->nrc_plen = pl;
217 memcpy(nx->nrc_dat, host, ++hl);
218 memcpy(nx->nrc_dat + hl, user, ++ul);
219 memcpy(nx->nrc_dat + hl + ul, pass, ++pl);
220 }
221 if (t == NRC_MACHINE)
222 goto jm_h;
223 if (t == NRC_DEFAULT)
224 goto jdef;
225 if (t != NRC_NONE)
226 goto jnext;
227 break;
228 case NRC_ERROR:
229 jerr:
230 if (options & OPT_D_V)
231 n_err(_("Errors occurred while parsing \"%s\"\n"), netrc_load);
232 assert(nrc == NRC_NODE_ERR);
233 goto jleave;
234 }
235
236 if (nhead != NULL)
237 nrc = nhead;
238 jleave:
239 Fclose(fi);
240 if (nrc == NRC_NODE_ERR)
241 while (nhead != NULL) {
242 ntail = nhead;
243 nhead = nhead->nrc_next;
244 free(ntail);
245 }
246 j_leave:
247 _nrc_list = nrc;
248 NYD_LEAVE;
249 }
250
251 static enum nrc_token
252 __nrc_token(FILE *fi, char buffer[NRC_TOKEN_MAXLEN], bool_t *nl_last)
253 {
254 int c;
255 char *cp;
256 enum nrc_token rv;
257 NYD2_ENTER;
258
259 rv = NRC_NONE;
260 for (;;) {
261 bool_t seen_nl;
262
263 c = EOF;
264 if (feof(fi) || ferror(fi))
265 goto jleave;
266
267 for (seen_nl = *nl_last; (c = getc(fi)) != EOF && whitechar(c);)
268 seen_nl |= (c == '\n');
269
270 if (c == EOF)
271 goto jleave;
272 /* fetchmail and derived parsers support comments */
273 if ((*nl_last = seen_nl) && c == '#') {
274 while ((c = getc(fi)) != EOF && c != '\n')
275 ;
276 continue;
277 }
278 break;
279 }
280
281 cp = buffer;
282 /* Is it a quoted token? At least IBM syntax also supports ' quotes */
283 if (c == '"' || c == '\'') {
284 int quotec = c;
285
286 /* Not requiring the closing QM is (Net)BSD syntax */
287 while ((c = getc(fi)) != EOF && c != quotec) {
288 /* Backslash escaping the next character is (Net)BSD syntax */
289 if (c == '\\')
290 if ((c = getc(fi)) == EOF)
291 break;
292 *cp++ = c;
293 if (PTRCMP(cp, ==, buffer + NRC_TOKEN_MAXLEN)) {
294 rv = NRC_ERROR;
295 goto jleave;
296 }
297 }
298 } else {
299 *cp++ = c;
300 while ((c = getc(fi)) != EOF && !whitechar(c)) {
301 /* Backslash escaping the next character is (Net)BSD syntax */
302 if (c == '\\' && (c = getc(fi)) == EOF)
303 break;
304 *cp++ = c;
305 if (PTRCMP(cp, ==, buffer + NRC_TOKEN_MAXLEN)) {
306 rv = NRC_ERROR;
307 goto jleave;
308 }
309 }
310 *nl_last = (c == '\n');
311 }
312 *cp = '\0';
313
314 if (*buffer == '\0')
315 do {/*rv = NRC_NONE*/} while (0);
316 else if (!strcmp(buffer, "default"))
317 rv = NRC_DEFAULT;
318 else if (!strcmp(buffer, "login"))
319 rv = NRC_LOGIN;
320 else if (!strcmp(buffer, "password") || !strcmp(buffer, "passwd"))
321 rv = NRC_PASSWORD;
322 else if (!strcmp(buffer, "account"))
323 rv = NRC_ACCOUNT;
324 else if (!strcmp(buffer, "macdef"))
325 rv = NRC_MACDEF;
326 else if (!strcmp(buffer, "machine"))
327 rv = NRC_MACHINE;
328 else
329 rv = NRC_INPUT;
330 jleave:
331 if (c == EOF && !feof(fi))
332 rv = NRC_ERROR;
333 NYD2_LEAVE;
334 return rv;
335 }
336
337 static bool_t
338 _nrc_lookup(struct url *urlp, bool_t only_pass)
339 {
340 struct nrc_node *nrc, *nrc_wild, *nrc_exact;
341 bool_t rv = FAL0;
342 NYD_ENTER;
343
344 assert(!only_pass || urlp->url_user.s != NULL);
345 assert(only_pass || urlp->url_user.s == NULL);
346
347 if (_nrc_list == NULL)
348 _nrc_init();
349 if (_nrc_list == NRC_NODE_ERR)
350 goto jleave;
351
352 nrc_wild = nrc_exact = NULL;
353 for (nrc = _nrc_list; nrc != NULL; nrc = nrc->nrc_next)
354 switch (__nrc_host_match(nrc, urlp)) {
355 case 1:
356 nrc->nrc_result = nrc_exact;
357 nrc_exact = nrc;
358 continue;
359 case -1:
360 nrc->nrc_result = nrc_wild;
361 nrc_wild = nrc;
362 /* FALLTHRU */
363 case 0:
364 continue;
365 }
366
367 if (!only_pass && urlp->url_user.s == NULL) {
368 /* Must be an unambiguous entry of its kind */
369 if (nrc_exact != NULL && nrc_exact->nrc_result != NULL)
370 goto jleave;
371 if (__nrc_find_user(urlp, nrc_exact))
372 goto j_user;
373
374 if (nrc_wild != NULL && nrc_wild->nrc_result != NULL)
375 goto jleave;
376 if (!__nrc_find_user(urlp, nrc_wild))
377 goto jleave;
378 j_user:
379 ;
380 }
381
382 if (__nrc_find_pass(urlp, TRU1, nrc_exact) ||
383 __nrc_find_pass(urlp, TRU1, nrc_wild) ||
384 /* Do not try to find a password without exact user match unless we've
385 * been called during credential lookup, a.k.a. the second time */
386 !only_pass ||
387 __nrc_find_pass(urlp, FAL0, nrc_exact) ||
388 __nrc_find_pass(urlp, FAL0, nrc_wild))
389 rv = TRU1;
390 jleave:
391 NYD_LEAVE;
392 return rv;
393 }
394
395 static int
396 __nrc_host_match(struct nrc_node const *nrc, struct url const *urlp)
397 {
398 char const *d2, *d1;
399 size_t l2, l1;
400 int rv = 0;
401 NYD2_ENTER;
402
403 /* Find a matching machine -- entries are all lowercase normalized */
404 if (nrc->nrc_mlen == urlp->url_host.l) {
405 if (LIKELY(!memcmp(nrc->nrc_dat, urlp->url_host.s, urlp->url_host.l)))
406 rv = 1;
407 goto jleave;
408 }
409
410 /* Cannot be an exact match, but maybe the .netrc machine starts with
411 * a "*." glob, which we recognize as an extension, meaning "skip
412 * a single subdomain, then match the rest" */
413 d1 = nrc->nrc_dat + 2;
414 l1 = nrc->nrc_mlen;
415 if (l1 <= 2 || d1[-1] != '.' || d1[-2] != '*')
416 goto jleave;
417 l1 -= 2;
418
419 /* Brute skipping over one subdomain, no RFC 1035 or RFC 1122 checks;
420 * in fact this even succeeds for ".host.com", but - why care, here? */
421 d2 = urlp->url_host.s;
422 l2 = urlp->url_host.l;
423 while (l2 > 0) {
424 --l2;
425 if (*d2++ == '.')
426 break;
427 }
428
429 if (l2 == l1 && !memcmp(d1, d2, l1))
430 /* This matches, but we won't use it directly but watch out for an
431 * exact match first! */
432 rv = -1;
433 jleave:
434 NYD2_LEAVE;
435 return rv;
436 }
437
438 static bool_t
439 __nrc_find_user(struct url *urlp, struct nrc_node const *nrc)
440 {
441 NYD2_ENTER;
442
443 for (; nrc != NULL; nrc = nrc->nrc_result)
444 if (nrc->nrc_ulen > 0) {
445 /* Fake it was part of URL otherwise XXX */
446 urlp->url_had_user = TRU1;
447 /* That buffer will be duplicated by url_parse() in this case! */
448 urlp->url_user.s = UNCONST(nrc->nrc_dat + nrc->nrc_mlen +1);
449 urlp->url_user.l = nrc->nrc_ulen;
450 break;
451 }
452
453 NYD2_LEAVE;
454 return (nrc != NULL);
455 }
456
457 static bool_t
458 __nrc_find_pass(struct url *urlp, bool_t user_match, struct nrc_node const *nrc)
459 {
460 NYD2_ENTER;
461
462 for (; nrc != NULL; nrc = nrc->nrc_result) {
463 bool_t um = (nrc->nrc_ulen == urlp->url_user.l &&
464 !memcmp(nrc->nrc_dat + nrc->nrc_mlen +1, urlp->url_user.s,
465 urlp->url_user.l));
466
467 if (user_match) {
468 if (!um)
469 continue;
470 } else if (!um && nrc->nrc_ulen > 0)
471 continue;
472 if (nrc->nrc_plen == 0)
473 continue;
474
475 /* We are responsible for duplicating this buffer! */
476 urlp->url_pass.s = savestrbuf(nrc->nrc_dat + nrc->nrc_mlen +1 +
477 nrc->nrc_ulen + 1, (urlp->url_pass.l = nrc->nrc_plen));
478 break;
479 }
480
481 NYD2_LEAVE;
482 return (nrc != NULL);
483 }
484 #endif /* HAVE_NETRC */
485
486 #ifdef HAVE_AGENT
487 static bool_t
488 _agent_shell_lookup(struct url *urlp, char const *comm)
489 {
490 char buf[128];
491 char const *env_addon[8];
492 struct str s;
493 FILE *pbuf;
494 union {char const *cp; int c; sighandler_type sht;} u;
495 size_t cl, l;
496 bool_t rv = FAL0;
497 NYD2_ENTER;
498
499 env_addon[0] = str_concat_csvl(&s, AGENT_USER, "=", urlp->url_user.s,
500 NULL)->s;
501 env_addon[1] = str_concat_csvl(&s, AGENT_USER_ENC, "=", urlp->url_user_enc.s,
502 NULL)->s;
503 env_addon[2] = str_concat_csvl(&s, AGENT_HOST, "=", urlp->url_host.s,
504 NULL)->s;
505 env_addon[3] = str_concat_csvl(&s, AGENT_HOST_PORT, "=", urlp->url_h_p.s,
506 NULL)->s;
507
508 env_addon[4] = str_concat_csvl(&s, NAILENV_TMPDIR, "=", tempdir, NULL)->s;
509 env_addon[5] = str_concat_csvl(&s, "TMPDIR", "=", tempdir, NULL)->s;
510
511 env_addon[6] = NULL;
512
513 if ((u.cp = ok_vlook(SHELL)) == NULL)
514 u.cp = XSHELL;
515 if ((pbuf = Popen(comm, "r", u.cp, env_addon, -1)) == NULL) {
516 n_err(_("*agent-shell-lookup* startup failed (`%s')\n"), comm);
517 goto jleave;
518 }
519
520 for (s.s = NULL, s.l = cl = l = 0; (u.c = getc(pbuf)) != EOF; ++cl) {
521 if (u.c == '\n') /* xxx */
522 continue;
523 buf[l++] = u.c;
524 if (l == sizeof(buf) - 1) {
525 n_str_add_buf(&s, buf, l);
526 l = 0;
527 }
528 }
529 if (l > 0)
530 n_str_add_buf(&s, buf, l);
531
532 if (!Pclose(pbuf, TRU1)) {
533 if (options & OPT_D_V)
534 n_err(_("*agent-shell-lookup* execution failure (`%s')\n"), comm);
535 goto jleave;
536 }
537
538 /* We are responsible for duplicating this buffer! */
539 if (s.s != NULL)
540 urlp->url_pass.s = savestrbuf(s.s, urlp->url_pass.l = s.l);
541 else if (cl > 0)
542 urlp->url_pass.s = UNCONST(""), urlp->url_pass.l = 0;
543 rv = TRU1;
544 jleave:
545 if (s.s != NULL)
546 free(s.s);
547 NYD2_LEAVE;
548 return rv;
549 }
550 #endif
551
552 FL char *
553 (urlxenc)(char const *cp, bool_t ispath SALLOC_DEBUG_ARGS)
554 {
555 char *n, *np, c1;
556 NYD2_ENTER;
557
558 np = n = (salloc)(strlen(cp) * 3 +1 SALLOC_DEBUG_ARGSCALL);
559
560 for (; (c1 = *cp) != '\0'; ++cp) {
561 /* (RFC 1738) RFC 3986, 2.3 Unreserved Characters:
562 * ALPHA / DIGIT / "-" / "." / "_" / "~"
563 * However add a special is[file]path mode for file-system friendliness */
564 if (alnumchar(c1) || c1 == '_')
565 *np++ = c1;
566 else if (!ispath) {
567 if (c1 != '-' && c1 != '.' && c1 != '~')
568 goto jesc;
569 *np++ = c1;
570 } else if (PTRCMP(np, >, n) && (*cp == '-' || *cp == '.')) /* XXX imap */
571 *np++ = c1;
572 else {
573 jesc:
574 np[0] = '%';
575 mime_char_to_hexseq(np + 1, c1);
576 np += 3;
577 }
578 }
579 *np = '\0';
580 NYD2_LEAVE;
581 return n;
582 }
583
584 FL char *
585 (urlxdec)(char const *cp SALLOC_DEBUG_ARGS)
586 {
587 char *n, *np;
588 si32_t c;
589 NYD2_ENTER;
590
591 np = n = (salloc)(strlen(cp) +1 SALLOC_DEBUG_ARGSCALL);
592
593 while ((c = (uc_i)*cp++) != '\0') {
594 if (c == '%' && cp[0] != '\0' && cp[1] != '\0') {
595 si32_t o = c;
596 if (LIKELY((c = mime_hexseq_to_char(cp)) >= '\0'))
597 cp += 2;
598 else
599 c = o;
600 }
601 *np++ = (char)c;
602 }
603 *np = '\0';
604 NYD2_LEAVE;
605 return n;
606 }
607
608 #ifdef HAVE_SOCKETS /* Note: not indented for that -- later: file:// etc.! */
609 FL char const *
610 url_servbyname(struct url const *urlp, ui16_t *irv_or_null)
611 {
612 static struct {
613 char const name[14];
614 char const port[8];
615 ui16_t portno;
616 } const tbl[] = {
617 { "smtp", "25", 25},
618 { "submission", "587", 587},
619 { "smtps", "465", 465},
620 { "pop3", "110", 110},
621 { "pop3s", "995", 995},
622 { "imap", "143", 143},
623 { "imaps", "993", 993}
624 };
625 char const *rv;
626 size_t i;
627 NYD_ENTER;
628
629 for (rv = NULL, i = 0; i < NELEM(tbl); ++i)
630 if (!asccasecmp(tbl[i].name, urlp->url_proto)) {
631 rv = tbl[i].port;
632 if (irv_or_null != NULL)
633 *irv_or_null = tbl[i].portno;
634 break;
635 }
636 NYD_LEAVE;
637 return rv;
638 }
639
640 FL bool_t
641 url_parse(struct url *urlp, enum cproto cproto, char const *data)
642 {
643 #if defined HAVE_SMTP && defined HAVE_POP3
644 # define __ALLPROTO
645 #endif
646 #if defined HAVE_SMTP || defined HAVE_POP3
647 # define __ANYPROTO
648 char *cp, *x;
649 #endif
650 bool_t rv = FAL0;
651 NYD_ENTER;
652 UNUSED(data);
653
654 memset(urlp, 0, sizeof *urlp);
655 urlp->url_input = data;
656 urlp->url_cproto = cproto;
657
658 /* Network protocol */
659 #define _protox(X,Y) \
660 urlp->url_portno = Y;\
661 memcpy(urlp->url_proto, X "://", sizeof(X "://"));\
662 urlp->url_proto[sizeof(X) -1] = '\0';\
663 urlp->url_proto_len = sizeof(X) -1;\
664 urlp->url_proto_xlen = sizeof(X "://") -1
665 #define __if(X,Y,Z) \
666 if (!ascncasecmp(data, X "://", sizeof(X "://") -1)) {\
667 _protox(X, Y);\
668 data += sizeof(X "://") -1;\
669 do { Z; } while (0);\
670 goto juser;\
671 }
672 #define _if(X,Y) __if(X, Y, (void)0)
673 #ifdef HAVE_SSL
674 # define _ifs(X,Y) __if(X, Y, urlp->url_needs_tls = TRU1)
675 #else
676 # define _ifs(X,Y) goto jeproto;
677 #endif
678
679 switch (cproto) {
680 case CPROTO_SMTP:
681 #ifdef HAVE_SMTP
682 _if ("smtp", 25)
683 _if ("submission", 587)
684 _ifs ("smtps", 465)
685 _protox("smtp", 25);
686 break;
687 #else
688 goto jeproto;
689 #endif
690 case CPROTO_POP3:
691 #ifdef HAVE_POP3
692 _if ("pop3", 110)
693 _ifs ("pop3s", 995)
694 _protox("pop3", 110);
695 break;
696 #else
697 goto jeproto;
698 #endif
699 #if 0
700 case CPROTO_IMAP:
701 _if ("imap", 143)
702 _ifs ("imaps", 993)
703 _protox("imap", 143);
704 break;
705 goto jeproto;
706 #endif
707 }
708
709 #undef _ifs
710 #undef _if
711 #undef __if
712 #undef _protox
713
714 if (strstr(data, "://") != NULL) {
715 #if !defined __ALLPROTO || !defined HAVE_SSL
716 jeproto:
717 #endif
718 n_err(_("URL \"proto://\" prefix invalid: \"%s\"\n"), urlp->url_input);
719 goto jleave;
720 }
721 #ifdef __ANYPROTO
722
723 /* User and password, I */
724 juser:
725 if ((cp = _url_last_at_before_slash(data)) != NULL) {
726 size_t l = PTR2SIZE(cp - data);
727 char const *d = data;
728 char *ub = ac_alloc(l +1);
729
730 urlp->url_had_user = TRU1;
731 data = cp + 1;
732
733 /* And also have a password? */
734 if ((cp = memchr(d, ':', l)) != NULL) {
735 size_t i = PTR2SIZE(cp - d);
736
737 l -= i + 1;
738 memcpy(ub, cp + 1, l);
739 ub[l] = '\0';
740 urlp->url_pass.l = strlen(urlp->url_pass.s = urlxdec(ub));
741
742 if (strcmp(ub, urlxenc(urlp->url_pass.s, FAL0))) {
743 n_err(_("String is not properly URL percent encoded: \"%s\"\n"),
744 ub);
745 goto jleave;
746 }
747 l = i;
748 }
749
750 memcpy(ub, d, l);
751 ub[l] = '\0';
752 urlp->url_user.l = strlen(urlp->url_user.s = urlxdec(ub));
753 urlp->url_user_enc.l = strlen(
754 urlp->url_user_enc.s = urlxenc(urlp->url_user.s, FAL0));
755
756 if (urlp->url_user_enc.l != l || memcmp(urlp->url_user_enc.s, ub, l)) {
757 n_err(_("String is not properly URL percent encoded: \"%s\"\n"), ub);
758 goto jleave;
759 }
760
761 ac_free(ub);
762 }
763
764 /* Servername and port -- and possible path suffix */
765 if ((cp = strchr(data, ':')) != NULL) { /* TODO URL parse, IPv6 support */
766 char *eptr;
767 long l;
768
769 urlp->url_port = x = savestr(x = cp + 1);
770 if ((x = strchr(x, '/')) != NULL)
771 *x = '\0';
772 l = strtol(urlp->url_port, &eptr, 10);
773 if (*eptr != '\0' || l <= 0 || UICMP(32, l, >=, 0xFFFFu)) {
774 n_err(_("URL with invalid port number: \"%s\"\n"), urlp->url_input);
775 goto jleave;
776 }
777 urlp->url_portno = (ui16_t)l;
778 } else {
779 if ((x = strchr(data, '/')) != NULL)
780 data = savestrbuf(data, PTR2SIZE(x - data));
781 cp = UNCONST(data + strlen(data));
782 }
783
784 /* A (non-empty) path may only occur with IMAP */
785 if (x != NULL && x[1] != '\0') {
786 #if 0
787 if (cproto != CPROTO_IMAP) {
788 #endif
789 n_err(_("URL protocol doesn't support paths: \"%s\"\n"),
790 urlp->url_input);
791 goto jleave;
792 #if 0
793 }
794 urlp->url_path.l = strlen(++x);
795 urlp->url_path.s = savestrbuf(x, urlp->url_path.l);
796 #endif
797 }
798
799 urlp->url_host.s = savestrbuf(data, urlp->url_host.l = PTR2SIZE(cp - data));
800 { size_t i;
801 for (cp = urlp->url_host.s, i = urlp->url_host.l; i != 0; ++cp, --i)
802 *cp = lowerconv(*cp);
803 }
804
805 /* .url_h_p: HOST:PORT */
806 { size_t i;
807 struct str *s = &urlp->url_h_p;
808
809 s->s = salloc(urlp->url_host.l + 1 + sizeof("65536")-1 +1);
810 memcpy(s->s, urlp->url_host.s, i = urlp->url_host.l);
811 if (urlp->url_port != NULL) {
812 size_t j = strlen(urlp->url_port);
813 s->s[i++] = ':';
814 memcpy(s->s + i, urlp->url_port, j);
815 i += j;
816 }
817 s->s[i] = '\0';
818 s->l = i;
819 }
820
821 /* User, II
822 * If there was no user in the URL, do we have *user-HOST* or *user*? */
823 if (!urlp->url_had_user) {
824 if ((urlp->url_user.s = xok_vlook(user, urlp, OXM_PLAIN | OXM_H_P))
825 == NULL) {
826 /* No, check wether .netrc lookup is desired */
827 # ifdef HAVE_NETRC
828 if (!ok_blook(v15_compat) ||
829 !xok_blook(netrc_lookup, urlp, OXM_PLAIN | OXM_H_P) ||
830 !_nrc_lookup(urlp, FAL0))
831 # endif
832 urlp->url_user.s = UNCONST(myname);
833 }
834
835 urlp->url_user.l = strlen(urlp->url_user.s);
836 urlp->url_user.s = savestrbuf(urlp->url_user.s, urlp->url_user.l);
837 urlp->url_user_enc.l = strlen(
838 urlp->url_user_enc.s = urlxenc(urlp->url_user.s, FAL0));
839 }
840
841 /* And then there are a lot of prebuild string combinations TODO do lazy */
842
843 /* .url_u_h: .url_user@.url_host
844 * For SMTP we apply ridiculously complicated *v15-compat* plus
845 * *smtp-hostname* / *hostname* dependent rules */
846 { struct str h, *s;
847 size_t i;
848
849 if (cproto == CPROTO_SMTP && ok_blook(v15_compat) &&
850 (cp = ok_vlook(smtp_hostname)) != NULL) {
851 if (*cp == '\0')
852 cp = nodename(1);
853 h.s = savestrbuf(cp, h.l = strlen(cp));
854 } else
855 h = urlp->url_host;
856
857 s = &urlp->url_u_h;
858 i = urlp->url_user.l;
859
860 s->s = salloc(i + 1 + h.l +1);
861 if (i > 0) {
862 memcpy(s->s, urlp->url_user.s, i);
863 s->s[i++] = '@';
864 }
865 memcpy(s->s + i, h.s, h.l +1);
866 i += h.l;
867 s->l = i;
868 }
869
870 /* .url_u_h_p: .url_user@.url_host[:.url_port] */
871 { struct str *s = &urlp->url_u_h_p;
872 size_t i = urlp->url_user.l;
873
874 s->s = salloc(i + 1 + urlp->url_h_p.l +1);
875 if (i > 0) {
876 memcpy(s->s, urlp->url_user.s, i);
877 s->s[i++] = '@';
878 }
879 memcpy(s->s + i, urlp->url_h_p.s, urlp->url_h_p.l +1);
880 i += urlp->url_h_p.l;
881 s->l = i;
882 }
883
884 /* .url_eu_h_p: .url_user_enc@.url_host[:.url_port] */
885 { struct str *s = &urlp->url_eu_h_p;
886 size_t i = urlp->url_user_enc.l;
887
888 s->s = salloc(i + 1 + urlp->url_h_p.l +1);
889 if (i > 0) {
890 memcpy(s->s, urlp->url_user_enc.s, i);
891 s->s[i++] = '@';
892 }
893 memcpy(s->s + i, urlp->url_h_p.s, urlp->url_h_p.l +1);
894 i += urlp->url_h_p.l;
895 s->l = i;
896 }
897
898 /* .url_p_u_h_p: .url_proto://.url_u_h_p */
899 { size_t i;
900 char *ud = salloc((i = urlp->url_proto_xlen + urlp->url_u_h_p.l) +1);
901
902 urlp->url_proto[urlp->url_proto_len] = ':';
903 memcpy(sstpcpy(ud, urlp->url_proto), urlp->url_u_h_p.s,
904 urlp->url_u_h_p.l +1);
905 urlp->url_proto[urlp->url_proto_len] = '\0';
906
907 urlp->url_p_u_h_p = ud;
908 }
909
910 /* .url_p_eu_h_p, .url_p_eu_h_p_p: .url_proto://.url_eu_h_p[/.url_path] */
911 { size_t i;
912 char *ud = salloc((i = urlp->url_proto_xlen + urlp->url_eu_h_p.l) +
913 1 + urlp->url_path.l +1);
914
915 urlp->url_proto[urlp->url_proto_len] = ':';
916 memcpy(sstpcpy(ud, urlp->url_proto), urlp->url_eu_h_p.s,
917 urlp->url_eu_h_p.l +1);
918 urlp->url_proto[urlp->url_proto_len] = '\0';
919
920 if (urlp->url_path.l == 0)
921 urlp->url_p_eu_h_p = urlp->url_p_eu_h_p_p = ud;
922 else {
923 urlp->url_p_eu_h_p = savestrbuf(ud, i);
924 urlp->url_p_eu_h_p_p = ud;
925 ud += i;
926 *ud++ = '/';
927 memcpy(ud, urlp->url_path.s, urlp->url_path.l +1);
928 }
929 }
930
931 rv = TRU1;
932 #endif /* __ANYPROTO */
933 jleave:
934 NYD_LEAVE;
935 return rv;
936 #undef __ANYPROTO
937 #undef __ALLPROTO
938 }
939
940 FL bool_t
941 ccred_lookup_old(struct ccred *ccp, enum cproto cproto, char const *addr)
942 {
943 char const *pname, *pxstr, *authdef;
944 size_t pxlen, addrlen, i;
945 char *vbuf, *s;
946 ui8_t authmask;
947 enum {NONE=0, WANT_PASS=1<<0, REQ_PASS=1<<1, WANT_USER=1<<2, REQ_USER=1<<3}
948 ware = NONE;
949 bool_t addr_is_nuser = FAL0; /* XXX v15.0 legacy! v15_compat */
950 NYD_ENTER;
951
952 memset(ccp, 0, sizeof *ccp);
953
954 switch (cproto) {
955 default:
956 case CPROTO_SMTP:
957 pname = "SMTP";
958 pxstr = "smtp-auth";
959 pxlen = sizeof("smtp-auth") -1;
960 authmask = AUTHTYPE_NONE | AUTHTYPE_PLAIN | AUTHTYPE_LOGIN |
961 AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
962 authdef = "none";
963 addr_is_nuser = TRU1;
964 break;
965 case CPROTO_POP3:
966 pname = "POP3";
967 pxstr = "pop3-auth";
968 pxlen = sizeof("pop3-auth") -1;
969 authmask = AUTHTYPE_PLAIN;
970 authdef = "plain";
971 break;
972 }
973
974 ccp->cc_cproto = cproto;
975 addrlen = strlen(addr);
976 vbuf = ac_alloc(pxlen + addrlen + sizeof("-password-")-1 +1);
977 memcpy(vbuf, pxstr, pxlen);
978
979 /* Authentication type */
980 vbuf[pxlen] = '-';
981 memcpy(vbuf + pxlen + 1, addr, addrlen +1);
982 if ((s = vok_vlook(vbuf)) == NULL) {
983 vbuf[pxlen] = '\0';
984 if ((s = vok_vlook(vbuf)) == NULL)
985 s = UNCONST(authdef);
986 }
987
988 if (!asccasecmp(s, "none")) {
989 ccp->cc_auth = "NONE";
990 ccp->cc_authtype = AUTHTYPE_NONE;
991 /*ware = NONE;*/
992 } else if (!asccasecmp(s, "plain")) {
993 ccp->cc_auth = "PLAIN";
994 ccp->cc_authtype = AUTHTYPE_PLAIN;
995 ware = REQ_PASS | REQ_USER;
996 } else if (!asccasecmp(s, "login")) {
997 ccp->cc_auth = "LOGIN";
998 ccp->cc_authtype = AUTHTYPE_LOGIN;
999 ware = REQ_PASS | REQ_USER;
1000 } else if (!asccasecmp(s, "cram-md5")) {
1001 ccp->cc_auth = "CRAM-MD5";
1002 ccp->cc_authtype = AUTHTYPE_CRAM_MD5;
1003 ware = REQ_PASS | REQ_USER;
1004 } else if (!asccasecmp(s, "gssapi")) {
1005 ccp->cc_auth = "GSS-API";
1006 ccp->cc_authtype = AUTHTYPE_GSSAPI;
1007 ware = REQ_USER;
1008 } /* no else */
1009
1010 /* Verify method */
1011 if (!(ccp->cc_authtype & authmask)) {
1012 n_err(_("Unsupported %s authentication method: %s\n"), pname, s);
1013 ccp = NULL;
1014 goto jleave;
1015 }
1016 # ifndef HAVE_MD5
1017 if (ccp->cc_authtype == AUTHTYPE_CRAM_MD5) {
1018 n_err(_("No CRAM-MD5 support compiled in\n"));
1019 ccp = NULL;
1020 goto jleave;
1021 }
1022 # endif
1023 # ifndef HAVE_GSSAPI
1024 if (ccp->cc_authtype == AUTHTYPE_GSSAPI) {
1025 n_err(_("No GSS-API support compiled in\n"));
1026 ccp = NULL;
1027 goto jleave;
1028 }
1029 # endif
1030
1031 /* User name */
1032 if (!(ware & (WANT_USER | REQ_USER)))
1033 goto jpass;
1034
1035 if (!addr_is_nuser) {
1036 if ((s = _url_last_at_before_slash(addr)) != NULL) {
1037 ccp->cc_user.s = urlxdec(savestrbuf(addr, PTR2SIZE(s - addr)));
1038 ccp->cc_user.l = strlen(ccp->cc_user.s);
1039 } else if (ware & REQ_USER)
1040 goto jgetuser;
1041 goto jpass;
1042 }
1043
1044 memcpy(vbuf + pxlen, "-user-", i = sizeof("-user-") -1);
1045 i += pxlen;
1046 memcpy(vbuf + i, addr, addrlen +1);
1047 if ((s = vok_vlook(vbuf)) == NULL) {
1048 vbuf[--i] = '\0';
1049 if ((s = vok_vlook(vbuf)) == NULL && (ware & REQ_USER)) {
1050 if ((s = getuser(NULL)) == NULL) {
1051 jgetuser: /* TODO v15.0: today we simply bail, but we should call getuser().
1052 * TODO even better: introduce "PROTO-user" and "PROTO-pass" and
1053 * TODO check that first, then! change control flow, grow vbuf */
1054 n_err(_("A user is necessary for %s authentication\n"), pname);
1055 ccp = NULL;
1056 goto jleave;
1057 }
1058 }
1059 }
1060 ccp->cc_user.l = strlen(ccp->cc_user.s = savestr(s));
1061
1062 /* Password */
1063 jpass:
1064 if (!(ware & (WANT_PASS | REQ_PASS)))
1065 goto jleave;
1066
1067 if (!addr_is_nuser) {
1068 memcpy(vbuf, "password-", i = sizeof("password-") -1);
1069 } else {
1070 memcpy(vbuf + pxlen, "-password-", i = sizeof("-password-") -1);
1071 i += pxlen;
1072 }
1073 memcpy(vbuf + i, addr, addrlen +1);
1074 if ((s = vok_vlook(vbuf)) == NULL) {
1075 vbuf[--i] = '\0';
1076 if ((!addr_is_nuser || (s = vok_vlook(vbuf)) == NULL) &&
1077 (ware & REQ_PASS)) {
1078 if ((s = getpassword(NULL)) == NULL) {
1079 n_err(_("A password is necessary for %s authentication\n"),
1080 pname);
1081 ccp = NULL;
1082 goto jleave;
1083 }
1084 }
1085 }
1086 if (s != NULL)
1087 ccp->cc_pass.l = strlen(ccp->cc_pass.s = savestr(s));
1088
1089 jleave:
1090 ac_free(vbuf);
1091 if (ccp != NULL && (options & OPT_D_VV))
1092 n_err(_("Credentials: host \"%s\", user \"%s\", pass \"%s\"\n"),
1093 addr, (ccp->cc_user.s != NULL ? ccp->cc_user.s : ""),
1094 (ccp->cc_pass.s != NULL ? ccp->cc_pass.s : ""));
1095 NYD_LEAVE;
1096 return (ccp != NULL);
1097 }
1098
1099 FL bool_t
1100 ccred_lookup(struct ccred *ccp, struct url *urlp)
1101 {
1102 char const *pstr, *authdef;
1103 char *s;
1104 enum okeys authokey;
1105 ui8_t authmask;
1106 enum {NONE=0, WANT_PASS=1<<0, REQ_PASS=1<<1, WANT_USER=1<<2, REQ_USER=1<<3}
1107 ware = NONE;
1108 NYD_ENTER;
1109
1110 memset(ccp, 0, sizeof *ccp);
1111 ccp->cc_user = urlp->url_user;
1112
1113 switch ((ccp->cc_cproto = urlp->url_cproto)) {
1114 default:
1115 case CPROTO_SMTP:
1116 pstr = "smtp";
1117 authokey = ok_v_smtp_auth;
1118 authmask = AUTHTYPE_NONE | AUTHTYPE_PLAIN | AUTHTYPE_LOGIN |
1119 AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
1120 authdef = "plain";
1121 break;
1122 case CPROTO_POP3:
1123 pstr = "pop3";
1124 authokey = ok_v_pop3_auth;
1125 authmask = AUTHTYPE_PLAIN;
1126 authdef = "plain";
1127 break;
1128 }
1129
1130 /* Authentication type */
1131 if ((s = xok_VLOOK(authokey, urlp, OXM_ALL)) == NULL)
1132 s = UNCONST(authdef);
1133
1134 if (!asccasecmp(s, "none")) {
1135 ccp->cc_auth = "NONE";
1136 ccp->cc_authtype = AUTHTYPE_NONE;
1137 /*ware = NONE;*/
1138 } else if (!asccasecmp(s, "plain")) {
1139 ccp->cc_auth = "PLAIN";
1140 ccp->cc_authtype = AUTHTYPE_PLAIN;
1141 ware = REQ_PASS | REQ_USER;
1142 } else if (!asccasecmp(s, "login")) {
1143 ccp->cc_auth = "LOGIN";
1144 ccp->cc_authtype = AUTHTYPE_LOGIN;
1145 ware = REQ_PASS | REQ_USER;
1146 } else if (!asccasecmp(s, "cram-md5")) {
1147 ccp->cc_auth = "CRAM-MD5";
1148 ccp->cc_authtype = AUTHTYPE_CRAM_MD5;
1149 ware = REQ_PASS | REQ_USER;
1150 } else if (!asccasecmp(s, "gssapi")) {
1151 ccp->cc_auth = "GSS-API";
1152 ccp->cc_authtype = AUTHTYPE_GSSAPI;
1153 ware = REQ_USER;
1154 } /* no else */
1155
1156 /* Verify method */
1157 if (!(ccp->cc_authtype & authmask)) {
1158 n_err(_("Unsupported %s authentication method: %s\n"), pstr, s);
1159 ccp = NULL;
1160 goto jleave;
1161 }
1162 # ifndef HAVE_MD5
1163 if (ccp->cc_authtype == AUTHTYPE_CRAM_MD5) {
1164 n_err(_("No CRAM-MD5 support compiled in\n"));
1165 ccp = NULL;
1166 goto jleave;
1167 }
1168 # endif
1169 # ifndef HAVE_GSSAPI
1170 if (ccp->cc_authtype == AUTHTYPE_GSSAPI) {
1171 n_err(_("No GSS-API support compiled in\n"));
1172 ccp = NULL;
1173 goto jleave;
1174 }
1175 # endif
1176
1177 /* Password */
1178 ccp->cc_pass = urlp->url_pass;
1179 if (ccp->cc_pass.s != NULL)
1180 goto jleave;
1181
1182 if ((s = xok_vlook(password, urlp, OXM_ALL)) != NULL)
1183 goto js2pass;
1184 # ifdef HAVE_AGENT
1185 if ((s = xok_vlook(agent_shell_lookup, urlp, OXM_ALL)) != NULL) {
1186 if (!_agent_shell_lookup(urlp, s)) {
1187 ccp = NULL;
1188 goto jleave;
1189 } else if (urlp->url_pass.s != NULL) {
1190 ccp->cc_pass = urlp->url_pass;
1191 goto jleave;
1192 }
1193 }
1194 # endif
1195 # ifdef HAVE_NETRC
1196 if (xok_blook(netrc_lookup, urlp, OXM_ALL) && _nrc_lookup(urlp, TRU1)) {
1197 ccp->cc_pass = urlp->url_pass;
1198 goto jleave;
1199 }
1200 # endif
1201 if (ware & REQ_PASS) {
1202 if ((s = getpassword(NULL)) != NULL)
1203 js2pass:
1204 ccp->cc_pass.l = strlen(ccp->cc_pass.s = savestr(s));
1205 else {
1206 n_err(_("A password is necessary for %s authentication\n"), pstr);
1207 ccp = NULL;
1208 }
1209 }
1210
1211 jleave:
1212 if (ccp != NULL && (options & OPT_D_VV))
1213 n_err(_("Credentials: host \"%s\", user \"%s\", pass \"%s\"\n"),
1214 urlp->url_h_p.s, (ccp->cc_user.s != NULL ? ccp->cc_user.s : ""),
1215 (ccp->cc_pass.s != NULL ? ccp->cc_pass.s : ""));
1216 NYD_LEAVE;
1217 return (ccp != NULL);
1218 }
1219 #endif /* HAVE_SOCKETS */
1220
1221 #ifdef HAVE_NETRC
1222 FL int
1223 c_netrc(void *v)
1224 {
1225 char **argv = v;
1226 struct nrc_node *nrc;
1227 bool_t load_only;
1228 NYD_ENTER;
1229
1230 load_only = FAL0;
1231 if (*argv == NULL)
1232 goto jlist;
1233 if (argv[1] != NULL)
1234 goto jerr;
1235 if (!asccasecmp(*argv, "show"))
1236 goto jlist;
1237 load_only = TRU1;
1238 if (!asccasecmp(*argv, "load"))
1239 goto jlist;
1240 if (!asccasecmp(*argv, "clear"))
1241 goto jclear;
1242 jerr:
1243 n_err(_("Synopsis: netrc: (<show> or) <clear> the .netrc cache\n"));
1244 v = NULL;
1245 jleave:
1246 NYD_LEAVE;
1247 return (v == NULL ? !STOP : !OKAY); /* xxx 1:bad 0:good -- do some */
1248
1249 jlist: {
1250 FILE *fp;
1251 size_t l;
1252
1253 if (_nrc_list == NULL)
1254 _nrc_init();
1255 if (_nrc_list == NRC_NODE_ERR) {
1256 n_err(_("Interpolate what file?\n"));
1257 v = NULL;
1258 goto jleave;
1259 }
1260 if (load_only)
1261 goto jleave;
1262
1263 if ((fp = Ftmp(NULL, "netrc", OF_RDWR | OF_UNLINK | OF_REGISTER)) == NULL) {
1264 n_perr(_("tmpfile"), 0);
1265 v = NULL;
1266 goto jleave;
1267 }
1268
1269 for (l = 0, nrc = _nrc_list; nrc != NULL; ++l, nrc = nrc->nrc_next) {
1270 fprintf(fp, _("machine %s "), nrc->nrc_dat);
1271 if (nrc->nrc_ulen > 0)
1272 fprintf(fp, _("login \"%s\" "),
1273 string_quote(nrc->nrc_dat + nrc->nrc_mlen +1));
1274 if (nrc->nrc_plen > 0)
1275 fprintf(fp, _("password \"%s\"\n"),
1276 string_quote(nrc->nrc_dat + nrc->nrc_mlen +1 + nrc->nrc_ulen +1));
1277 else
1278 putc('\n', fp);
1279 }
1280
1281 page_or_print(fp, l);
1282 Fclose(fp);
1283 }
1284 goto jleave;
1285
1286 jclear:
1287 if (_nrc_list == NRC_NODE_ERR)
1288 _nrc_list = NULL;
1289 while ((nrc = _nrc_list) != NULL) {
1290 _nrc_list = nrc->nrc_next;
1291 free(nrc);
1292 }
1293 goto jleave;
1294 }
1295 #endif /* HAVE_NETRC */
1296
1297 #ifdef HAVE_MD5
1298 FL char *
1299 md5tohex(char hex[MD5TOHEX_SIZE], void const *vp)
1300 {
1301 char const *cp = vp;
1302 size_t i, j;
1303 NYD_ENTER;
1304
1305 for (i = 0; i < MD5TOHEX_SIZE / 2; ++i) {
1306 j = i << 1;
1307 # define __hex(n) ((n) > 9 ? (n) - 10 + 'a' : (n) + '0')
1308 hex[j] = __hex((cp[i] & 0xF0) >> 4);
1309 hex[++j] = __hex(cp[i] & 0x0F);
1310 # undef __hex
1311 }
1312 NYD_LEAVE;
1313 return hex;
1314 }
1315
1316 FL char *
1317 cram_md5_string(struct str const *user, struct str const *pass,
1318 char const *b64)
1319 {
1320 struct str in, out;
1321 char digest[16], *cp;
1322 NYD_ENTER;
1323
1324 out.s = NULL;
1325 in.s = UNCONST(b64);
1326 in.l = strlen(in.s);
1327 b64_decode(&out, &in, NULL);
1328 assert(out.s != NULL);
1329
1330 hmac_md5((uc_i*)out.s, out.l, (uc_i*)pass->s, pass->l, digest);
1331 free(out.s);
1332 cp = md5tohex(salloc(MD5TOHEX_SIZE +1), digest);
1333
1334 in.l = user->l + MD5TOHEX_SIZE +1;
1335 in.s = ac_alloc(user->l + 1 + MD5TOHEX_SIZE +1);
1336 memcpy(in.s, user->s, user->l);
1337 in.s[user->l] = ' ';
1338 memcpy(in.s + user->l + 1, cp, MD5TOHEX_SIZE);
1339 b64_encode(&out, &in, B64_SALLOC | B64_CRLF);
1340 ac_free(in.s);
1341 NYD_LEAVE;
1342 return out.s;
1343 }
1344
1345 FL void
1346 hmac_md5(unsigned char *text, int text_len, unsigned char *key, int key_len,
1347 void *digest)
1348 {
1349 /*
1350 * This code is taken from
1351 *
1352 * Network Working Group H. Krawczyk
1353 * Request for Comments: 2104 IBM
1354 * Category: Informational M. Bellare
1355 * UCSD
1356 * R. Canetti
1357 * IBM
1358 * February 1997
1359 *
1360 *
1361 * HMAC: Keyed-Hashing for Message Authentication
1362 */
1363 md5_ctx context;
1364 unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */
1365 unsigned char k_opad[65]; /* outer padding - key XORd with opad */
1366 unsigned char tk[16];
1367 int i;
1368 NYD_ENTER;
1369
1370 /* if key is longer than 64 bytes reset it to key=MD5(key) */
1371 if (key_len > 64) {
1372 md5_ctx tctx;
1373
1374 md5_init(&tctx);
1375 md5_update(&tctx, key, key_len);
1376 md5_final(tk, &tctx);
1377
1378 key = tk;
1379 key_len = 16;
1380 }
1381
1382 /* the HMAC_MD5 transform looks like:
1383 *
1384 * MD5(K XOR opad, MD5(K XOR ipad, text))
1385 *
1386 * where K is an n byte key
1387 * ipad is the byte 0x36 repeated 64 times
1388 * opad is the byte 0x5c repeated 64 times
1389 * and text is the data being protected */
1390
1391 /* start out by storing key in pads */
1392 memset(k_ipad, 0, sizeof k_ipad);
1393 memset(k_opad, 0, sizeof k_opad);
1394 memcpy(k_ipad, key, key_len);
1395 memcpy(k_opad, key, key_len);
1396
1397 /* XOR key with ipad and opad values */
1398 for (i=0; i<64; i++) {
1399 k_ipad[i] ^= 0x36;
1400 k_opad[i] ^= 0x5c;
1401 }
1402
1403 /* perform inner MD5 */
1404 md5_init(&context); /* init context for 1st pass */
1405 md5_update(&context, k_ipad, 64); /* start with inner pad */
1406 md5_update(&context, text, text_len); /* then text of datagram */
1407 md5_final(digest, &context); /* finish up 1st pass */
1408
1409 /* perform outer MD5 */
1410 md5_init(&context); /* init context for 2nd pass */
1411 md5_update(&context, k_opad, 64); /* start with outer pad */
1412 md5_update(&context, digest, 16); /* then results of 1st hash */
1413 md5_final(digest, &context); /* finish up 2nd pass */
1414 NYD_LEAVE;
1415 }
1416 #endif /* HAVE_MD5 */
1417
1418 /* s-it-mode */
A mail processing system intended to provide the functionality of the POSIX mailx(1) command