search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'topic/wysh'
[s-mailx.git] / urlcrecry.c
blob9e1d888c7837551adcb51e3a5cda9f355efece30
1 /*@ S-nail - a mail user agent derived from Berkeley Mail.
2 *@ URL parsing, credential handling and crypto hooks.
3 *@ .netrc parser quite loosely based upon NetBSD usr.bin/ftp/
4 *@ $NetBSD: ruserpass.c,v 1.33 2007/04/17 05:52:04 lukem Exp $
5 *
6 * Copyright (c) 2014 - 2015 Steffen (Daode) Nurpmeso <sdaoden@users.sf.net>.
7 *
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20 #undef n_FILE
21 #define n_FILE urlcrecry
22
23 #ifndef HAVE_AMALGAMATION
24 # include "nail.h"
25 #endif
26
27 #ifdef HAVE_NETRC
28 /* NetBSD usr.bin/ftp/ruserpass.c uses 100 bytes for that, we need four
29 * concurrently (dummy, host, user, pass), so make it a KB */
30 # define NRC_TOKEN_MAXLEN (1024 / 4)
31
32 enum nrc_token {
33 NRC_ERROR = -1,
34 NRC_NONE = 0,
35 NRC_DEFAULT,
36 NRC_LOGIN,
37 NRC_PASSWORD,
38 NRC_ACCOUNT,
39 NRC_MACDEF,
40 NRC_MACHINE,
41 NRC_INPUT
42 };
43
44 struct nrc_node {
45 struct nrc_node *nrc_next;
46 struct nrc_node *nrc_result; /* In match phase, former possible one */
47 ui32_t nrc_mlen; /* Length of machine name */
48 ui32_t nrc_ulen; /* Length of user name */
49 ui32_t nrc_plen; /* Length of password */
50 char nrc_dat[VFIELD_SIZE(sizeof(ui32_t))];
51 };
52 # define NRC_NODE_ERR ((struct nrc_node*)-1)
53
54 static struct nrc_node *_nrc_list;
55 #endif /* HAVE_NETRC */
56
57 /* Find the last @ before a slash
58 * TODO Casts off the const but this is ok here; obsolete function! */
59 #ifdef HAVE_SOCKETS /* temporary (we'll have file://..) */
60 static char * _url_last_at_before_slash(char const *sp);
61 #endif
62
63 #ifdef HAVE_NETRC
64 /* Initialize .netrc cache */
65 static void _nrc_init(void);
66 static enum nrc_token __nrc_token(FILE *fi, char buffer[NRC_TOKEN_MAXLEN],
67 bool_t *nl_last);
68
69 /* We shall lookup a machine in .netrc says ok_blook(netrc_lookup).
70 * only_pass is true then the lookup is for the password only, otherwise we
71 * look for a user (and add password only if we have an exact machine match) */
72 static bool_t _nrc_lookup(struct url *urlp, bool_t only_pass);
73
74 /* 0=no match; 1=exact match; -1=wildcard match */
75 static int __nrc_host_match(struct nrc_node const *nrc,
76 struct url const *urlp);
77 static bool_t __nrc_find_user(struct url *urlp,
78 struct nrc_node const *nrc);
79 static bool_t __nrc_find_pass(struct url *urlp, bool_t user_match,
80 struct nrc_node const *nrc);
81 #endif /* HAVE_NETRC */
82
83 /* The password can also be gained through external agents */
84 #ifdef HAVE_AGENT
85 static bool_t _agent_shell_lookup(struct url *urlp, char const *comm);
86 #endif
87
88 #ifdef HAVE_SOCKETS
89 static char *
90 _url_last_at_before_slash(char const *sp)
91 {
92 char const *cp;
93 char c;
94 NYD2_ENTER;
95
96 for (cp = sp; (c = *cp) != '\0'; ++cp)
97 if (c == '/')
98 break;
99 while (cp > sp && *--cp != '@')
100 ;
101 if (*cp != '@')
102 cp = NULL;
103 NYD2_LEAVE;
104 return UNCONST(cp);
105 }
106 #endif
107
108 #ifdef HAVE_NETRC
109 static void
110 _nrc_init(void)
111 {
112 char buffer[NRC_TOKEN_MAXLEN], host[NRC_TOKEN_MAXLEN],
113 user[NRC_TOKEN_MAXLEN], pass[NRC_TOKEN_MAXLEN], *netrc_load;
114 struct stat sb;
115 FILE *fi;
116 enum nrc_token t;
117 bool_t seen_default, nl_last;
118 struct nrc_node *ntail = NULL /* CC happy */, *nhead = NULL,
119 *nrc = NRC_NODE_ERR;
120 NYD_ENTER;
121
122 if ((netrc_load = file_expand(ok_vlook(NETRC))) == NULL)
123 goto j_leave;
124
125 if ((fi = Fopen(netrc_load, "r")) == NULL) {
126 n_err(_("Cannot open \"%s\"\n"), netrc_load);
127 goto j_leave;
128 }
129
130 /* Be simple and apply rigid (permission) check(s) */
131 if (fstat(fileno(fi), &sb) == -1 || !S_ISREG(sb.st_mode) ||
132 (sb.st_mode & (S_IRWXG | S_IRWXO))) {
133 n_err(_("Not a regular file, or accessible by non-user: \"%s\"\n"),
134 netrc_load);
135 goto jleave;
136 }
137
138 seen_default = FAL0;
139 nl_last = TRU1;
140 jnext:
141 switch((t = __nrc_token(fi, buffer, &nl_last))) {
142 case NRC_NONE:
143 break;
144 default: /* Doesn't happen (but on error?), keep CC happy */
145 case NRC_DEFAULT:
146 jdef:
147 /* We ignore the default entry (require an exact host match), and we also
148 * ignore anything after such an entry (faulty syntax) */
149 seen_default = TRU1;
150 /* FALLTHRU */
151 case NRC_MACHINE:
152 jm_h:
153 /* Normalize HOST to lowercase */
154 *host = '\0';
155 if (!seen_default && (t = __nrc_token(fi, host, &nl_last)) != NRC_INPUT)
156 goto jerr;
157 else {
158 char *cp;
159 for (cp = host; *cp != '\0'; ++cp)
160 *cp = lowerconv(*cp);
161 }
162
163 *user = *pass = '\0';
164 while ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_NONE &&
165 t != NRC_MACHINE && t != NRC_DEFAULT) {
166 switch(t) {
167 case NRC_LOGIN:
168 if ((t = __nrc_token(fi, user, &nl_last)) != NRC_INPUT)
169 goto jerr;
170 break;
171 case NRC_PASSWORD:
172 if ((t = __nrc_token(fi, pass, &nl_last)) != NRC_INPUT)
173 goto jerr;
174 break;
175 case NRC_ACCOUNT:
176 if ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_INPUT)
177 goto jerr;
178 break;
179 case NRC_MACDEF:
180 if ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_INPUT)
181 goto jerr;
182 else {
183 int i = 0, c;
184 while ((c = getc(fi)) != EOF)
185 if (c == '\n') { /* xxx */
186 /* Don't care about comments here, since we parse until
187 * we've seen two successive newline characters */
188 if (i)
189 break;
190 i = 1;
191 } else
192 i = 0;
193 }
194 break;
195 default:
196 case NRC_ERROR:
197 goto jerr;
198 }
199 }
200
201 if (!seen_default && (*user != '\0' || *pass != '\0')) {
202 size_t hl = strlen(host), ul = strlen(user), pl = strlen(pass);
203 struct nrc_node *nx = smalloc(sizeof(*nx) -
204 VFIELD_SIZEOF(struct nrc_node, nrc_dat) + hl +1 + ul +1 + pl +1);
205
206 if (nhead != NULL)
207 ntail->nrc_next = nx;
208 else
209 nhead = nx;
210 ntail = nx;
211 nx->nrc_next = NULL;
212 nx->nrc_mlen = hl;
213 nx->nrc_ulen = ul;
214 nx->nrc_plen = pl;
215 memcpy(nx->nrc_dat, host, ++hl);
216 memcpy(nx->nrc_dat + hl, user, ++ul);
217 memcpy(nx->nrc_dat + hl + ul, pass, ++pl);
218 }
219 if (t == NRC_MACHINE)
220 goto jm_h;
221 if (t == NRC_DEFAULT)
222 goto jdef;
223 if (t != NRC_NONE)
224 goto jnext;
225 break;
226 case NRC_ERROR:
227 jerr:
228 if (options & OPT_D_V)
229 n_err(_("Errors occurred while parsing \"%s\"\n"), netrc_load);
230 assert(nrc == NRC_NODE_ERR);
231 goto jleave;
232 }
233
234 if (nhead != NULL)
235 nrc = nhead;
236 jleave:
237 Fclose(fi);
238 if (nrc == NRC_NODE_ERR)
239 while (nhead != NULL) {
240 ntail = nhead;
241 nhead = nhead->nrc_next;
242 free(ntail);
243 }
244 j_leave:
245 _nrc_list = nrc;
246 NYD_LEAVE;
247 }
248
249 static enum nrc_token
250 __nrc_token(FILE *fi, char buffer[NRC_TOKEN_MAXLEN], bool_t *nl_last)
251 {
252 int c;
253 char *cp;
254 enum nrc_token rv;
255 NYD2_ENTER;
256
257 rv = NRC_NONE;
258 for (;;) {
259 bool_t seen_nl;
260
261 c = EOF;
262 if (feof(fi) || ferror(fi))
263 goto jleave;
264
265 for (seen_nl = *nl_last; (c = getc(fi)) != EOF && whitechar(c);)
266 seen_nl |= (c == '\n');
267
268 if (c == EOF)
269 goto jleave;
270 /* fetchmail and derived parsers support comments */
271 if ((*nl_last = seen_nl) && c == '#') {
272 while ((c = getc(fi)) != EOF && c != '\n')
273 ;
274 continue;
275 }
276 break;
277 }
278
279 cp = buffer;
280 /* Is it a quoted token? At least IBM syntax also supports ' quotes */
281 if (c == '"' || c == '\'') {
282 int quotec = c;
283
284 /* Not requiring the closing QM is (Net)BSD syntax */
285 while ((c = getc(fi)) != EOF && c != quotec) {
286 /* Backslash escaping the next character is (Net)BSD syntax */
287 if (c == '\\')
288 if ((c = getc(fi)) == EOF)
289 break;
290 *cp++ = c;
291 if (PTRCMP(cp, ==, buffer + NRC_TOKEN_MAXLEN)) {
292 rv = NRC_ERROR;
293 goto jleave;
294 }
295 }
296 } else {
297 *cp++ = c;
298 while ((c = getc(fi)) != EOF && !whitechar(c)) {
299 /* Backslash escaping the next character is (Net)BSD syntax */
300 if (c == '\\' && (c = getc(fi)) == EOF)
301 break;
302 *cp++ = c;
303 if (PTRCMP(cp, ==, buffer + NRC_TOKEN_MAXLEN)) {
304 rv = NRC_ERROR;
305 goto jleave;
306 }
307 }
308 *nl_last = (c == '\n');
309 }
310 *cp = '\0';
311
312 if (*buffer == '\0')
313 do {/*rv = NRC_NONE*/} while (0);
314 else if (!strcmp(buffer, "default"))
315 rv = NRC_DEFAULT;
316 else if (!strcmp(buffer, "login"))
317 rv = NRC_LOGIN;
318 else if (!strcmp(buffer, "password") || !strcmp(buffer, "passwd"))
319 rv = NRC_PASSWORD;
320 else if (!strcmp(buffer, "account"))
321 rv = NRC_ACCOUNT;
322 else if (!strcmp(buffer, "macdef"))
323 rv = NRC_MACDEF;
324 else if (!strcmp(buffer, "machine"))
325 rv = NRC_MACHINE;
326 else
327 rv = NRC_INPUT;
328 jleave:
329 if (c == EOF && !feof(fi))
330 rv = NRC_ERROR;
331 NYD2_LEAVE;
332 return rv;
333 }
334
335 static bool_t
336 _nrc_lookup(struct url *urlp, bool_t only_pass)
337 {
338 struct nrc_node *nrc, *nrc_wild, *nrc_exact;
339 bool_t rv = FAL0;
340 NYD_ENTER;
341
342 assert(!only_pass || urlp->url_user.s != NULL);
343 assert(only_pass || urlp->url_user.s == NULL);
344
345 if (_nrc_list == NULL)
346 _nrc_init();
347 if (_nrc_list == NRC_NODE_ERR)
348 goto jleave;
349
350 nrc_wild = nrc_exact = NULL;
351 for (nrc = _nrc_list; nrc != NULL; nrc = nrc->nrc_next)
352 switch (__nrc_host_match(nrc, urlp)) {
353 case 1:
354 nrc->nrc_result = nrc_exact;
355 nrc_exact = nrc;
356 continue;
357 case -1:
358 nrc->nrc_result = nrc_wild;
359 nrc_wild = nrc;
360 /* FALLTHRU */
361 case 0:
362 continue;
363 }
364
365 if (!only_pass && urlp->url_user.s == NULL) {
366 /* Must be an unambiguous entry of its kind */
367 if (nrc_exact != NULL && nrc_exact->nrc_result != NULL)
368 goto jleave;
369 if (__nrc_find_user(urlp, nrc_exact))
370 goto j_user;
371
372 if (nrc_wild != NULL && nrc_wild->nrc_result != NULL)
373 goto jleave;
374 if (!__nrc_find_user(urlp, nrc_wild))
375 goto jleave;
376 j_user:
377 ;
378 }
379
380 if (__nrc_find_pass(urlp, TRU1, nrc_exact) ||
381 __nrc_find_pass(urlp, TRU1, nrc_wild) ||
382 /* Do not try to find a password without exact user match unless we've
383 * been called during credential lookup, a.k.a. the second time */
384 !only_pass ||
385 __nrc_find_pass(urlp, FAL0, nrc_exact) ||
386 __nrc_find_pass(urlp, FAL0, nrc_wild))
387 rv = TRU1;
388 jleave:
389 NYD_LEAVE;
390 return rv;
391 }
392
393 static int
394 __nrc_host_match(struct nrc_node const *nrc, struct url const *urlp)
395 {
396 char const *d2, *d1;
397 size_t l2, l1;
398 int rv = 0;
399 NYD2_ENTER;
400
401 /* Find a matching machine -- entries are all lowercase normalized */
402 if (nrc->nrc_mlen == urlp->url_host.l) {
403 if (LIKELY(!memcmp(nrc->nrc_dat, urlp->url_host.s, urlp->url_host.l)))
404 rv = 1;
405 goto jleave;
406 }
407
408 /* Cannot be an exact match, but maybe the .netrc machine starts with
409 * a "*." glob, which we recognize as an extension, meaning "skip
410 * a single subdomain, then match the rest" */
411 d1 = nrc->nrc_dat + 2;
412 l1 = nrc->nrc_mlen;
413 if (l1 <= 2 || d1[-1] != '.' || d1[-2] != '*')
414 goto jleave;
415 l1 -= 2;
416
417 /* Brute skipping over one subdomain, no RFC 1035 or RFC 1122 checks;
418 * in fact this even succeeds for ".host.com", but - why care, here? */
419 d2 = urlp->url_host.s;
420 l2 = urlp->url_host.l;
421 while (l2 > 0) {
422 --l2;
423 if (*d2++ == '.')
424 break;
425 }
426
427 if (l2 == l1 && !memcmp(d1, d2, l1))
428 /* This matches, but we won't use it directly but watch out for an
429 * exact match first! */
430 rv = -1;
431 jleave:
432 NYD2_LEAVE;
433 return rv;
434 }
435
436 static bool_t
437 __nrc_find_user(struct url *urlp, struct nrc_node const *nrc)
438 {
439 NYD2_ENTER;
440
441 for (; nrc != NULL; nrc = nrc->nrc_result)
442 if (nrc->nrc_ulen > 0) {
443 /* Fake it was part of URL otherwise XXX */
444 urlp->url_had_user = TRU1;
445 /* That buffer will be duplicated by url_parse() in this case! */
446 urlp->url_user.s = UNCONST(nrc->nrc_dat + nrc->nrc_mlen +1);
447 urlp->url_user.l = nrc->nrc_ulen;
448 break;
449 }
450
451 NYD2_LEAVE;
452 return (nrc != NULL);
453 }
454
455 static bool_t
456 __nrc_find_pass(struct url *urlp, bool_t user_match, struct nrc_node const *nrc)
457 {
458 NYD2_ENTER;
459
460 for (; nrc != NULL; nrc = nrc->nrc_result) {
461 bool_t um = (nrc->nrc_ulen == urlp->url_user.l &&
462 !memcmp(nrc->nrc_dat + nrc->nrc_mlen +1, urlp->url_user.s,
463 urlp->url_user.l));
464
465 if (user_match) {
466 if (!um)
467 continue;
468 } else if (!um && nrc->nrc_ulen > 0)
469 continue;
470 if (nrc->nrc_plen == 0)
471 continue;
472
473 /* We are responsible for duplicating this buffer! */
474 urlp->url_pass.s = savestrbuf(nrc->nrc_dat + nrc->nrc_mlen +1 +
475 nrc->nrc_ulen + 1, (urlp->url_pass.l = nrc->nrc_plen));
476 break;
477 }
478
479 NYD2_LEAVE;
480 return (nrc != NULL);
481 }
482 #endif /* HAVE_NETRC */
483
484 #ifdef HAVE_AGENT
485 static bool_t
486 _agent_shell_lookup(struct url *urlp, char const *comm)
487 {
488 char buf[128];
489 char const *env_addon[8];
490 struct str s;
491 FILE *pbuf;
492 union {char const *cp; int c; sighandler_type sht;} u;
493 size_t cl, l;
494 bool_t rv = FAL0;
495 NYD2_ENTER;
496
497 env_addon[0] = str_concat_csvl(&s, AGENT_USER, "=", urlp->url_user.s,
498 NULL)->s;
499 env_addon[1] = str_concat_csvl(&s, AGENT_USER_ENC, "=", urlp->url_user_enc.s,
500 NULL)->s;
501 env_addon[2] = str_concat_csvl(&s, AGENT_HOST, "=", urlp->url_host.s,
502 NULL)->s;
503 env_addon[3] = str_concat_csvl(&s, AGENT_HOST_PORT, "=", urlp->url_h_p.s,
504 NULL)->s;
505
506 env_addon[4] = str_concat_csvl(&s, NAILENV_TMPDIR, "=", tempdir, NULL)->s;
507 env_addon[5] = str_concat_csvl(&s, "TMPDIR", "=", tempdir, NULL)->s;
508
509 env_addon[6] = NULL;
510
511 if ((pbuf = Popen(comm, "r", ok_vlook(SHELL), env_addon, -1)) == NULL) {
512 n_err(_("*agent-shell-lookup* startup failed (`%s')\n"), comm);
513 goto jleave;
514 }
515
516 for (s.s = NULL, s.l = cl = l = 0; (u.c = getc(pbuf)) != EOF; ++cl) {
517 if (u.c == '\n') /* xxx */
518 continue;
519 buf[l++] = u.c;
520 if (l == sizeof(buf) - 1) {
521 n_str_add_buf(&s, buf, l);
522 l = 0;
523 }
524 }
525 if (l > 0)
526 n_str_add_buf(&s, buf, l);
527
528 if (!Pclose(pbuf, TRU1)) {
529 if (options & OPT_D_V)
530 n_err(_("*agent-shell-lookup* execution failure (`%s')\n"), comm);
531 goto jleave;
532 }
533
534 /* We are responsible for duplicating this buffer! */
535 if (s.s != NULL)
536 urlp->url_pass.s = savestrbuf(s.s, urlp->url_pass.l = s.l);
537 else if (cl > 0)
538 urlp->url_pass.s = UNCONST(""), urlp->url_pass.l = 0;
539 rv = TRU1;
540 jleave:
541 if (s.s != NULL)
542 free(s.s);
543 NYD2_LEAVE;
544 return rv;
545 }
546 #endif
547
548 FL char *
549 (urlxenc)(char const *cp, bool_t ispath SALLOC_DEBUG_ARGS)
550 {
551 char *n, *np, c1;
552 NYD2_ENTER;
553
554 np = n = (salloc)(strlen(cp) * 3 +1 SALLOC_DEBUG_ARGSCALL);
555
556 for (; (c1 = *cp) != '\0'; ++cp) {
557 /* (RFC 1738) RFC 3986, 2.3 Unreserved Characters:
558 * ALPHA / DIGIT / "-" / "." / "_" / "~"
559 * However add a special is[file]path mode for file-system friendliness */
560 if (alnumchar(c1) || c1 == '_')
561 *np++ = c1;
562 else if (!ispath) {
563 if (c1 != '-' && c1 != '.' && c1 != '~')
564 goto jesc;
565 *np++ = c1;
566 } else if (PTRCMP(np, >, n) && (*cp == '-' || *cp == '.')) /* XXX imap */
567 *np++ = c1;
568 else {
569 jesc:
570 np[0] = '%';
571 n_c_to_hex_base16(np + 1, c1);
572 np += 3;
573 }
574 }
575 *np = '\0';
576 NYD2_LEAVE;
577 return n;
578 }
579
580 FL char *
581 (urlxdec)(char const *cp SALLOC_DEBUG_ARGS)
582 {
583 char *n, *np;
584 si32_t c;
585 NYD2_ENTER;
586
587 np = n = (salloc)(strlen(cp) +1 SALLOC_DEBUG_ARGSCALL);
588
589 while ((c = (uc_i)*cp++) != '\0') {
590 if (c == '%' && cp[0] != '\0' && cp[1] != '\0') {
591 si32_t o = c;
592 if (LIKELY((c = n_c_from_hex_base16(cp)) >= '\0'))
593 cp += 2;
594 else
595 c = o;
596 }
597 *np++ = (char)c;
598 }
599 *np = '\0';
600 NYD2_LEAVE;
601 return n;
602 }
603
604 #ifdef HAVE_SOCKETS /* Note: not indented for that -- later: file:// etc.! */
605 FL char const *
606 url_servbyname(struct url const *urlp, ui16_t *irv_or_null)
607 {
608 static struct {
609 char const name[14];
610 char const port[8];
611 ui16_t portno;
612 } const tbl[] = {
613 { "smtp", "25", 25},
614 { "submission", "587", 587},
615 { "smtps", "465", 465},
616 { "pop3", "110", 110},
617 { "pop3s", "995", 995},
618 { "imap", "143", 143},
619 { "imaps", "993", 993}
620 };
621 char const *rv;
622 size_t i;
623 NYD_ENTER;
624
625 for (rv = NULL, i = 0; i < NELEM(tbl); ++i)
626 if (!asccasecmp(tbl[i].name, urlp->url_proto)) {
627 rv = tbl[i].port;
628 if (irv_or_null != NULL)
629 *irv_or_null = tbl[i].portno;
630 break;
631 }
632 NYD_LEAVE;
633 return rv;
634 }
635
636 FL bool_t
637 url_parse(struct url *urlp, enum cproto cproto, char const *data)
638 {
639 #if defined HAVE_SMTP && defined HAVE_POP3
640 # define __ALLPROTO
641 #endif
642 #if defined HAVE_SMTP || defined HAVE_POP3
643 # define __ANYPROTO
644 char *cp, *x;
645 #endif
646 bool_t rv = FAL0;
647 NYD_ENTER;
648 UNUSED(data);
649
650 memset(urlp, 0, sizeof *urlp);
651 urlp->url_input = data;
652 urlp->url_cproto = cproto;
653
654 /* Network protocol */
655 #define _protox(X,Y) \
656 urlp->url_portno = Y;\
657 memcpy(urlp->url_proto, X "://", sizeof(X "://"));\
658 urlp->url_proto[sizeof(X) -1] = '\0';\
659 urlp->url_proto_len = sizeof(X) -1;\
660 urlp->url_proto_xlen = sizeof(X "://") -1
661 #define __if(X,Y,Z) \
662 if (!ascncasecmp(data, X "://", sizeof(X "://") -1)) {\
663 _protox(X, Y);\
664 data += sizeof(X "://") -1;\
665 do { Z; } while (0);\
666 goto juser;\
667 }
668 #define _if(X,Y) __if(X, Y, (void)0)
669 #ifdef HAVE_SSL
670 # define _ifs(X,Y) __if(X, Y, urlp->url_needs_tls = TRU1)
671 #else
672 # define _ifs(X,Y) goto jeproto;
673 #endif
674
675 switch (cproto) {
676 case CPROTO_SMTP:
677 #ifdef HAVE_SMTP
678 _if ("smtp", 25)
679 _if ("submission", 587)
680 _ifs ("smtps", 465)
681 _protox("smtp", 25);
682 break;
683 #else
684 goto jeproto;
685 #endif
686 case CPROTO_POP3:
687 #ifdef HAVE_POP3
688 _if ("pop3", 110)
689 _ifs ("pop3s", 995)
690 _protox("pop3", 110);
691 break;
692 #else
693 goto jeproto;
694 #endif
695 #if 0
696 case CPROTO_IMAP:
697 _if ("imap", 143)
698 _ifs ("imaps", 993)
699 _protox("imap", 143);
700 break;
701 goto jeproto;
702 #endif
703 }
704
705 #undef _ifs
706 #undef _if
707 #undef __if
708 #undef _protox
709
710 if (strstr(data, "://") != NULL) {
711 #if !defined __ALLPROTO || !defined HAVE_SSL
712 jeproto:
713 #endif
714 n_err(_("URL \"proto://\" prefix invalid: \"%s\"\n"), urlp->url_input);
715 goto jleave;
716 }
717 #ifdef __ANYPROTO
718
719 /* User and password, I */
720 juser:
721 if ((cp = _url_last_at_before_slash(data)) != NULL) {
722 size_t l = PTR2SIZE(cp - data);
723 char const *d = data;
724 char *ub = ac_alloc(l +1);
725
726 urlp->url_had_user = TRU1;
727 data = cp + 1;
728
729 /* And also have a password? */
730 if ((cp = memchr(d, ':', l)) != NULL) {
731 size_t i = PTR2SIZE(cp - d);
732
733 l -= i + 1;
734 memcpy(ub, cp + 1, l);
735 ub[l] = '\0';
736 urlp->url_pass.l = strlen(urlp->url_pass.s = urlxdec(ub));
737
738 if (strcmp(ub, urlxenc(urlp->url_pass.s, FAL0))) {
739 n_err(_("String is not properly URL percent encoded: \"%s\"\n"),
740 ub);
741 goto jleave;
742 }
743 l = i;
744 }
745
746 memcpy(ub, d, l);
747 ub[l] = '\0';
748 urlp->url_user.l = strlen(urlp->url_user.s = urlxdec(ub));
749 urlp->url_user_enc.l = strlen(
750 urlp->url_user_enc.s = urlxenc(urlp->url_user.s, FAL0));
751
752 if (urlp->url_user_enc.l != l || memcmp(urlp->url_user_enc.s, ub, l)) {
753 n_err(_("String is not properly URL percent encoded: \"%s\"\n"), ub);
754 goto jleave;
755 }
756
757 ac_free(ub);
758 }
759
760 /* Servername and port -- and possible path suffix */
761 if ((cp = strchr(data, ':')) != NULL) { /* TODO URL parse, IPv6 support */
762 char *eptr;
763 long l;
764
765 urlp->url_port = x = savestr(x = cp + 1);
766 if ((x = strchr(x, '/')) != NULL)
767 *x = '\0';
768 l = strtol(urlp->url_port, &eptr, 10);
769 if (*eptr != '\0' || l <= 0 || UICMP(32, l, >=, 0xFFFFu)) {
770 n_err(_("URL with invalid port number: \"%s\"\n"), urlp->url_input);
771 goto jleave;
772 }
773 urlp->url_portno = (ui16_t)l;
774 } else {
775 if ((x = strchr(data, '/')) != NULL)
776 data = savestrbuf(data, PTR2SIZE(x - data));
777 cp = UNCONST(data + strlen(data));
778 }
779
780 /* A (non-empty) path may only occur with IMAP */
781 if (x != NULL && x[1] != '\0') {
782 #if 0
783 if (cproto != CPROTO_IMAP) {
784 #endif
785 n_err(_("URL protocol doesn't support paths: \"%s\"\n"),
786 urlp->url_input);
787 goto jleave;
788 #if 0
789 }
790 urlp->url_path.l = strlen(++x);
791 urlp->url_path.s = savestrbuf(x, urlp->url_path.l);
792 #endif
793 }
794
795 urlp->url_host.s = savestrbuf(data, urlp->url_host.l = PTR2SIZE(cp - data));
796 { size_t i;
797 for (cp = urlp->url_host.s, i = urlp->url_host.l; i != 0; ++cp, --i)
798 *cp = lowerconv(*cp);
799 }
800
801 /* .url_h_p: HOST:PORT */
802 { size_t i;
803 struct str *s = &urlp->url_h_p;
804
805 s->s = salloc(urlp->url_host.l + 1 + sizeof("65536")-1 +1);
806 memcpy(s->s, urlp->url_host.s, i = urlp->url_host.l);
807 if (urlp->url_port != NULL) {
808 size_t j = strlen(urlp->url_port);
809 s->s[i++] = ':';
810 memcpy(s->s + i, urlp->url_port, j);
811 i += j;
812 }
813 s->s[i] = '\0';
814 s->l = i;
815 }
816
817 /* User, II
818 * If there was no user in the URL, do we have *user-HOST* or *user*? */
819 if (!urlp->url_had_user) {
820 if ((urlp->url_user.s = xok_vlook(user, urlp, OXM_PLAIN | OXM_H_P))
821 == NULL) {
822 /* No, check wether .netrc lookup is desired */
823 # ifdef HAVE_NETRC
824 if (!ok_blook(v15_compat) ||
825 !xok_blook(netrc_lookup, urlp, OXM_PLAIN | OXM_H_P) ||
826 !_nrc_lookup(urlp, FAL0))
827 # endif
828 urlp->url_user.s = UNCONST(myname);
829 }
830
831 urlp->url_user.l = strlen(urlp->url_user.s);
832 urlp->url_user.s = savestrbuf(urlp->url_user.s, urlp->url_user.l);
833 urlp->url_user_enc.l = strlen(
834 urlp->url_user_enc.s = urlxenc(urlp->url_user.s, FAL0));
835 }
836
837 /* And then there are a lot of prebuild string combinations TODO do lazy */
838
839 /* .url_u_h: .url_user@.url_host
840 * For SMTP we apply ridiculously complicated *v15-compat* plus
841 * *smtp-hostname* / *hostname* dependent rules */
842 { struct str h, *s;
843 size_t i;
844
845 if (cproto == CPROTO_SMTP && ok_blook(v15_compat) &&
846 (cp = ok_vlook(smtp_hostname)) != NULL) {
847 if (*cp == '\0')
848 cp = nodename(1);
849 h.s = savestrbuf(cp, h.l = strlen(cp));
850 } else
851 h = urlp->url_host;
852
853 s = &urlp->url_u_h;
854 i = urlp->url_user.l;
855
856 s->s = salloc(i + 1 + h.l +1);
857 if (i > 0) {
858 memcpy(s->s, urlp->url_user.s, i);
859 s->s[i++] = '@';
860 }
861 memcpy(s->s + i, h.s, h.l +1);
862 i += h.l;
863 s->l = i;
864 }
865
866 /* .url_u_h_p: .url_user@.url_host[:.url_port] */
867 { struct str *s = &urlp->url_u_h_p;
868 size_t i = urlp->url_user.l;
869
870 s->s = salloc(i + 1 + urlp->url_h_p.l +1);
871 if (i > 0) {
872 memcpy(s->s, urlp->url_user.s, i);
873 s->s[i++] = '@';
874 }
875 memcpy(s->s + i, urlp->url_h_p.s, urlp->url_h_p.l +1);
876 i += urlp->url_h_p.l;
877 s->l = i;
878 }
879
880 /* .url_eu_h_p: .url_user_enc@.url_host[:.url_port] */
881 { struct str *s = &urlp->url_eu_h_p;
882 size_t i = urlp->url_user_enc.l;
883
884 s->s = salloc(i + 1 + urlp->url_h_p.l +1);
885 if (i > 0) {
886 memcpy(s->s, urlp->url_user_enc.s, i);
887 s->s[i++] = '@';
888 }
889 memcpy(s->s + i, urlp->url_h_p.s, urlp->url_h_p.l +1);
890 i += urlp->url_h_p.l;
891 s->l = i;
892 }
893
894 /* .url_p_u_h_p: .url_proto://.url_u_h_p */
895 { size_t i;
896 char *ud = salloc((i = urlp->url_proto_xlen + urlp->url_u_h_p.l) +1);
897
898 urlp->url_proto[urlp->url_proto_len] = ':';
899 memcpy(sstpcpy(ud, urlp->url_proto), urlp->url_u_h_p.s,
900 urlp->url_u_h_p.l +1);
901 urlp->url_proto[urlp->url_proto_len] = '\0';
902
903 urlp->url_p_u_h_p = ud;
904 }
905
906 /* .url_p_eu_h_p, .url_p_eu_h_p_p: .url_proto://.url_eu_h_p[/.url_path] */
907 { size_t i;
908 char *ud = salloc((i = urlp->url_proto_xlen + urlp->url_eu_h_p.l) +
909 1 + urlp->url_path.l +1);
910
911 urlp->url_proto[urlp->url_proto_len] = ':';
912 memcpy(sstpcpy(ud, urlp->url_proto), urlp->url_eu_h_p.s,
913 urlp->url_eu_h_p.l +1);
914 urlp->url_proto[urlp->url_proto_len] = '\0';
915
916 if (urlp->url_path.l == 0)
917 urlp->url_p_eu_h_p = urlp->url_p_eu_h_p_p = ud;
918 else {
919 urlp->url_p_eu_h_p = savestrbuf(ud, i);
920 urlp->url_p_eu_h_p_p = ud;
921 ud += i;
922 *ud++ = '/';
923 memcpy(ud, urlp->url_path.s, urlp->url_path.l +1);
924 }
925 }
926
927 rv = TRU1;
928 #endif /* __ANYPROTO */
929 jleave:
930 NYD_LEAVE;
931 return rv;
932 #undef __ANYPROTO
933 #undef __ALLPROTO
934 }
935
936 FL bool_t
937 ccred_lookup_old(struct ccred *ccp, enum cproto cproto, char const *addr)
938 {
939 char const *pname, *pxstr, *authdef;
940 size_t pxlen, addrlen, i;
941 char *vbuf, *s;
942 ui8_t authmask;
943 enum {NONE=0, WANT_PASS=1<<0, REQ_PASS=1<<1, WANT_USER=1<<2, REQ_USER=1<<3}
944 ware = NONE;
945 bool_t addr_is_nuser = FAL0; /* XXX v15.0 legacy! v15_compat */
946 NYD_ENTER;
947
948 memset(ccp, 0, sizeof *ccp);
949
950 switch (cproto) {
951 default:
952 case CPROTO_SMTP:
953 pname = "SMTP";
954 pxstr = "smtp-auth";
955 pxlen = sizeof("smtp-auth") -1;
956 authmask = AUTHTYPE_NONE | AUTHTYPE_PLAIN | AUTHTYPE_LOGIN |
957 AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
958 authdef = "none";
959 addr_is_nuser = TRU1;
960 break;
961 case CPROTO_POP3:
962 pname = "POP3";
963 pxstr = "pop3-auth";
964 pxlen = sizeof("pop3-auth") -1;
965 authmask = AUTHTYPE_PLAIN;
966 authdef = "plain";
967 break;
968 }
969
970 ccp->cc_cproto = cproto;
971 addrlen = strlen(addr);
972 vbuf = ac_alloc(pxlen + addrlen + sizeof("-password-")-1 +1);
973 memcpy(vbuf, pxstr, pxlen);
974
975 /* Authentication type */
976 vbuf[pxlen] = '-';
977 memcpy(vbuf + pxlen + 1, addr, addrlen +1);
978 if ((s = vok_vlook(vbuf)) == NULL) {
979 vbuf[pxlen] = '\0';
980 if ((s = vok_vlook(vbuf)) == NULL)
981 s = UNCONST(authdef);
982 }
983
984 if (!asccasecmp(s, "none")) {
985 ccp->cc_auth = "NONE";
986 ccp->cc_authtype = AUTHTYPE_NONE;
987 /*ware = NONE;*/
988 } else if (!asccasecmp(s, "plain")) {
989 ccp->cc_auth = "PLAIN";
990 ccp->cc_authtype = AUTHTYPE_PLAIN;
991 ware = REQ_PASS | REQ_USER;
992 } else if (!asccasecmp(s, "login")) {
993 ccp->cc_auth = "LOGIN";
994 ccp->cc_authtype = AUTHTYPE_LOGIN;
995 ware = REQ_PASS | REQ_USER;
996 } else if (!asccasecmp(s, "cram-md5")) {
997 ccp->cc_auth = "CRAM-MD5";
998 ccp->cc_authtype = AUTHTYPE_CRAM_MD5;
999 ware = REQ_PASS | REQ_USER;
1000 } else if (!asccasecmp(s, "gssapi")) {
1001 ccp->cc_auth = "GSS-API";
1002 ccp->cc_authtype = AUTHTYPE_GSSAPI;
1003 ware = REQ_USER;
1004 } /* no else */
1005
1006 /* Verify method */
1007 if (!(ccp->cc_authtype & authmask)) {
1008 n_err(_("Unsupported %s authentication method: %s\n"), pname, s);
1009 ccp = NULL;
1010 goto jleave;
1011 }
1012 # ifndef HAVE_MD5
1013 if (ccp->cc_authtype == AUTHTYPE_CRAM_MD5) {
1014 n_err(_("No CRAM-MD5 support compiled in\n"));
1015 ccp = NULL;
1016 goto jleave;
1017 }
1018 # endif
1019 # ifndef HAVE_GSSAPI
1020 if (ccp->cc_authtype == AUTHTYPE_GSSAPI) {
1021 n_err(_("No GSS-API support compiled in\n"));
1022 ccp = NULL;
1023 goto jleave;
1024 }
1025 # endif
1026
1027 /* User name */
1028 if (!(ware & (WANT_USER | REQ_USER)))
1029 goto jpass;
1030
1031 if (!addr_is_nuser) {
1032 if ((s = _url_last_at_before_slash(addr)) != NULL) {
1033 ccp->cc_user.s = urlxdec(savestrbuf(addr, PTR2SIZE(s - addr)));
1034 ccp->cc_user.l = strlen(ccp->cc_user.s);
1035 } else if (ware & REQ_USER)
1036 goto jgetuser;
1037 goto jpass;
1038 }
1039
1040 memcpy(vbuf + pxlen, "-user-", i = sizeof("-user-") -1);
1041 i += pxlen;
1042 memcpy(vbuf + i, addr, addrlen +1);
1043 if ((s = vok_vlook(vbuf)) == NULL) {
1044 vbuf[--i] = '\0';
1045 if ((s = vok_vlook(vbuf)) == NULL && (ware & REQ_USER)) {
1046 if ((s = getuser(NULL)) == NULL) {
1047 jgetuser: /* TODO v15.0: today we simply bail, but we should call getuser().
1048 * TODO even better: introduce "PROTO-user" and "PROTO-pass" and
1049 * TODO check that first, then! change control flow, grow vbuf */
1050 n_err(_("A user is necessary for %s authentication\n"), pname);
1051 ccp = NULL;
1052 goto jleave;
1053 }
1054 }
1055 }
1056 ccp->cc_user.l = strlen(ccp->cc_user.s = savestr(s));
1057
1058 /* Password */
1059 jpass:
1060 if (!(ware & (WANT_PASS | REQ_PASS)))
1061 goto jleave;
1062
1063 if (!addr_is_nuser) {
1064 memcpy(vbuf, "password-", i = sizeof("password-") -1);
1065 } else {
1066 memcpy(vbuf + pxlen, "-password-", i = sizeof("-password-") -1);
1067 i += pxlen;
1068 }
1069 memcpy(vbuf + i, addr, addrlen +1);
1070 if ((s = vok_vlook(vbuf)) == NULL) {
1071 vbuf[--i] = '\0';
1072 if ((!addr_is_nuser || (s = vok_vlook(vbuf)) == NULL) &&
1073 (ware & REQ_PASS)) {
1074 if ((s = getpassword(NULL)) == NULL) {
1075 n_err(_("A password is necessary for %s authentication\n"),
1076 pname);
1077 ccp = NULL;
1078 goto jleave;
1079 }
1080 }
1081 }
1082 if (s != NULL)
1083 ccp->cc_pass.l = strlen(ccp->cc_pass.s = savestr(s));
1084
1085 jleave:
1086 ac_free(vbuf);
1087 if (ccp != NULL && (options & OPT_D_VV))
1088 n_err(_("Credentials: host \"%s\", user \"%s\", pass \"%s\"\n"),
1089 addr, (ccp->cc_user.s != NULL ? ccp->cc_user.s : ""),
1090 (ccp->cc_pass.s != NULL ? ccp->cc_pass.s : ""));
1091 NYD_LEAVE;
1092 return (ccp != NULL);
1093 }
1094
1095 FL bool_t
1096 ccred_lookup(struct ccred *ccp, struct url *urlp)
1097 {
1098 char const *pstr, *authdef;
1099 char *s;
1100 enum okeys authokey;
1101 ui8_t authmask;
1102 enum {NONE=0, WANT_PASS=1<<0, REQ_PASS=1<<1, WANT_USER=1<<2, REQ_USER=1<<3}
1103 ware = NONE;
1104 NYD_ENTER;
1105
1106 memset(ccp, 0, sizeof *ccp);
1107 ccp->cc_user = urlp->url_user;
1108
1109 switch ((ccp->cc_cproto = urlp->url_cproto)) {
1110 default:
1111 case CPROTO_SMTP:
1112 pstr = "smtp";
1113 authokey = ok_v_smtp_auth;
1114 authmask = AUTHTYPE_NONE | AUTHTYPE_PLAIN | AUTHTYPE_LOGIN |
1115 AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
1116 authdef = "plain";
1117 break;
1118 case CPROTO_POP3:
1119 pstr = "pop3";
1120 authokey = ok_v_pop3_auth;
1121 authmask = AUTHTYPE_PLAIN;
1122 authdef = "plain";
1123 break;
1124 }
1125
1126 /* Authentication type */
1127 if ((s = xok_VLOOK(authokey, urlp, OXM_ALL)) == NULL)
1128 s = UNCONST(authdef);
1129
1130 if (!asccasecmp(s, "none")) {
1131 ccp->cc_auth = "NONE";
1132 ccp->cc_authtype = AUTHTYPE_NONE;
1133 /*ware = NONE;*/
1134 } else if (!asccasecmp(s, "plain")) {
1135 ccp->cc_auth = "PLAIN";
1136 ccp->cc_authtype = AUTHTYPE_PLAIN;
1137 ware = REQ_PASS | REQ_USER;
1138 } else if (!asccasecmp(s, "login")) {
1139 ccp->cc_auth = "LOGIN";
1140 ccp->cc_authtype = AUTHTYPE_LOGIN;
1141 ware = REQ_PASS | REQ_USER;
1142 } else if (!asccasecmp(s, "cram-md5")) {
1143 ccp->cc_auth = "CRAM-MD5";
1144 ccp->cc_authtype = AUTHTYPE_CRAM_MD5;
1145 ware = REQ_PASS | REQ_USER;
1146 } else if (!asccasecmp(s, "gssapi")) {
1147 ccp->cc_auth = "GSS-API";
1148 ccp->cc_authtype = AUTHTYPE_GSSAPI;
1149 ware = REQ_USER;
1150 } /* no else */
1151
1152 /* Verify method */
1153 if (!(ccp->cc_authtype & authmask)) {
1154 n_err(_("Unsupported %s authentication method: %s\n"), pstr, s);
1155 ccp = NULL;
1156 goto jleave;
1157 }
1158 # ifndef HAVE_MD5
1159 if (ccp->cc_authtype == AUTHTYPE_CRAM_MD5) {
1160 n_err(_("No CRAM-MD5 support compiled in\n"));
1161 ccp = NULL;
1162 goto jleave;
1163 }
1164 # endif
1165 # ifndef HAVE_GSSAPI
1166 if (ccp->cc_authtype == AUTHTYPE_GSSAPI) {
1167 n_err(_("No GSS-API support compiled in\n"));
1168 ccp = NULL;
1169 goto jleave;
1170 }
1171 # endif
1172
1173 /* Password */
1174 ccp->cc_pass = urlp->url_pass;
1175 if (ccp->cc_pass.s != NULL)
1176 goto jleave;
1177
1178 if ((s = xok_vlook(password, urlp, OXM_ALL)) != NULL)
1179 goto js2pass;
1180 # ifdef HAVE_AGENT
1181 if ((s = xok_vlook(agent_shell_lookup, urlp, OXM_ALL)) != NULL) {
1182 if (!_agent_shell_lookup(urlp, s)) {
1183 ccp = NULL;
1184 goto jleave;
1185 } else if (urlp->url_pass.s != NULL) {
1186 ccp->cc_pass = urlp->url_pass;
1187 goto jleave;
1188 }
1189 }
1190 # endif
1191 # ifdef HAVE_NETRC
1192 if (xok_blook(netrc_lookup, urlp, OXM_ALL) && _nrc_lookup(urlp, TRU1)) {
1193 ccp->cc_pass = urlp->url_pass;
1194 goto jleave;
1195 }
1196 # endif
1197 if (ware & REQ_PASS) {
1198 if ((s = getpassword(NULL)) != NULL)
1199 js2pass:
1200 ccp->cc_pass.l = strlen(ccp->cc_pass.s = savestr(s));
1201 else {
1202 n_err(_("A password is necessary for %s authentication\n"), pstr);
1203 ccp = NULL;
1204 }
1205 }
1206
1207 jleave:
1208 if (ccp != NULL && (options & OPT_D_VV))
1209 n_err(_("Credentials: host \"%s\", user \"%s\", pass \"%s\"\n"),
1210 urlp->url_h_p.s, (ccp->cc_user.s != NULL ? ccp->cc_user.s : ""),
1211 (ccp->cc_pass.s != NULL ? ccp->cc_pass.s : ""));
1212 NYD_LEAVE;
1213 return (ccp != NULL);
1214 }
1215 #endif /* HAVE_SOCKETS */
1216
1217 #ifdef HAVE_NETRC
1218 FL int
1219 c_netrc(void *v)
1220 {
1221 char **argv = v;
1222 struct nrc_node *nrc;
1223 bool_t load_only;
1224 NYD_ENTER;
1225
1226 load_only = FAL0;
1227 if (*argv == NULL)
1228 goto jlist;
1229 if (argv[1] != NULL)
1230 goto jerr;
1231 if (!asccasecmp(*argv, "show"))
1232 goto jlist;
1233 load_only = TRU1;
1234 if (!asccasecmp(*argv, "load"))
1235 goto jlist;
1236 if (!asccasecmp(*argv, "clear"))
1237 goto jclear;
1238 jerr:
1239 n_err(_("Synopsis: netrc: (<show> or) <clear> the .netrc cache\n"));
1240 v = NULL;
1241 jleave:
1242 NYD_LEAVE;
1243 return (v == NULL ? !STOP : !OKAY); /* xxx 1:bad 0:good -- do some */
1244
1245 jlist: {
1246 FILE *fp;
1247 size_t l;
1248
1249 if (_nrc_list == NULL)
1250 _nrc_init();
1251 if (_nrc_list == NRC_NODE_ERR) {
1252 n_err(_("Interpolate what file?\n"));
1253 v = NULL;
1254 goto jleave;
1255 }
1256 if (load_only)
1257 goto jleave;
1258
1259 if ((fp = Ftmp(NULL, "netrc", OF_RDWR | OF_UNLINK | OF_REGISTER)) == NULL) {
1260 n_perr(_("tmpfile"), 0);
1261 v = NULL;
1262 goto jleave;
1263 }
1264
1265 for (l = 0, nrc = _nrc_list; nrc != NULL; ++l, nrc = nrc->nrc_next) {
1266 fprintf(fp, _("machine %s "), nrc->nrc_dat);
1267 if (nrc->nrc_ulen > 0)
1268 fprintf(fp, _("login \"%s\" "),
1269 string_quote(nrc->nrc_dat + nrc->nrc_mlen +1));
1270 if (nrc->nrc_plen > 0)
1271 fprintf(fp, _("password \"%s\"\n"),
1272 string_quote(nrc->nrc_dat + nrc->nrc_mlen +1 + nrc->nrc_ulen +1));
1273 else
1274 putc('\n', fp);
1275 }
1276
1277 page_or_print(fp, l);
1278 Fclose(fp);
1279 }
1280 goto jleave;
1281
1282 jclear:
1283 if (_nrc_list == NRC_NODE_ERR)
1284 _nrc_list = NULL;
1285 while ((nrc = _nrc_list) != NULL) {
1286 _nrc_list = nrc->nrc_next;
1287 free(nrc);
1288 }
1289 goto jleave;
1290 }
1291 #endif /* HAVE_NETRC */
1292
1293 #ifdef HAVE_MD5
1294 FL char *
1295 md5tohex(char hex[MD5TOHEX_SIZE], void const *vp)
1296 {
1297 char const *cp = vp;
1298 size_t i, j;
1299 NYD_ENTER;
1300
1301 for (i = 0; i < MD5TOHEX_SIZE / 2; ++i) {
1302 j = i << 1;
1303 # define __hex(n) ((n) > 9 ? (n) - 10 + 'a' : (n) + '0')
1304 hex[j] = __hex((cp[i] & 0xF0) >> 4);
1305 hex[++j] = __hex(cp[i] & 0x0F);
1306 # undef __hex
1307 }
1308 NYD_LEAVE;
1309 return hex;
1310 }
1311
1312 FL char *
1313 cram_md5_string(struct str const *user, struct str const *pass,
1314 char const *b64)
1315 {
1316 struct str in, out;
1317 char digest[16], *cp;
1318 NYD_ENTER;
1319
1320 out.s = NULL;
1321 in.s = UNCONST(b64);
1322 in.l = strlen(in.s);
1323 b64_decode(&out, &in, NULL);
1324 assert(out.s != NULL);
1325
1326 hmac_md5((uc_i*)out.s, out.l, (uc_i*)pass->s, pass->l, digest);
1327 free(out.s);
1328 cp = md5tohex(salloc(MD5TOHEX_SIZE +1), digest);
1329
1330 in.l = user->l + MD5TOHEX_SIZE +1;
1331 in.s = ac_alloc(user->l + 1 + MD5TOHEX_SIZE +1);
1332 memcpy(in.s, user->s, user->l);
1333 in.s[user->l] = ' ';
1334 memcpy(in.s + user->l + 1, cp, MD5TOHEX_SIZE);
1335 b64_encode(&out, &in, B64_SALLOC | B64_CRLF);
1336 ac_free(in.s);
1337 NYD_LEAVE;
1338 return out.s;
1339 }
1340
1341 FL void
1342 hmac_md5(unsigned char *text, int text_len, unsigned char *key, int key_len,
1343 void *digest)
1344 {
1345 /*
1346 * This code is taken from
1347 *
1348 * Network Working Group H. Krawczyk
1349 * Request for Comments: 2104 IBM
1350 * Category: Informational M. Bellare
1351 * UCSD
1352 * R. Canetti
1353 * IBM
1354 * February 1997
1355 *
1356 *
1357 * HMAC: Keyed-Hashing for Message Authentication
1358 */
1359 md5_ctx context;
1360 unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */
1361 unsigned char k_opad[65]; /* outer padding - key XORd with opad */
1362 unsigned char tk[16];
1363 int i;
1364 NYD_ENTER;
1365
1366 /* if key is longer than 64 bytes reset it to key=MD5(key) */
1367 if (key_len > 64) {
1368 md5_ctx tctx;
1369
1370 md5_init(&tctx);
1371 md5_update(&tctx, key, key_len);
1372 md5_final(tk, &tctx);
1373
1374 key = tk;
1375 key_len = 16;
1376 }
1377
1378 /* the HMAC_MD5 transform looks like:
1379 *
1380 * MD5(K XOR opad, MD5(K XOR ipad, text))
1381 *
1382 * where K is an n byte key
1383 * ipad is the byte 0x36 repeated 64 times
1384 * opad is the byte 0x5c repeated 64 times
1385 * and text is the data being protected */
1386
1387 /* start out by storing key in pads */
1388 memset(k_ipad, 0, sizeof k_ipad);
1389 memset(k_opad, 0, sizeof k_opad);
1390 memcpy(k_ipad, key, key_len);
1391 memcpy(k_opad, key, key_len);
1392
1393 /* XOR key with ipad and opad values */
1394 for (i=0; i<64; i++) {
1395 k_ipad[i] ^= 0x36;
1396 k_opad[i] ^= 0x5c;
1397 }
1398
1399 /* perform inner MD5 */
1400 md5_init(&context); /* init context for 1st pass */
1401 md5_update(&context, k_ipad, 64); /* start with inner pad */
1402 md5_update(&context, text, text_len); /* then text of datagram */
1403 md5_final(digest, &context); /* finish up 1st pass */
1404
1405 /* perform outer MD5 */
1406 md5_init(&context); /* init context for 2nd pass */
1407 md5_update(&context, k_opad, 64); /* start with outer pad */
1408 md5_update(&context, digest, 16); /* then results of 1st hash */
1409 md5_final(digest, &context); /* finish up 2nd pass */
1410 NYD_LEAVE;
1411 }
1412 #endif /* HAVE_MD5 */
1413
1414 /* s-it-mode */
A mail processing system intended to provide the functionality of the POSIX mailx(1) command