1 /*@ S-nail - a mail user agent derived from Berkeley Mail.
2 *@ URL parsing, credential handling and crypto hooks.
3 *@ .netrc parser quite loosely based upon NetBSD usr.bin/ftp/
4 *@ $NetBSD: ruserpass.c,v 1.33 2007/04/17 05:52:04 lukem Exp $
6 * Copyright (c) 2014 - 2018 Steffen (Daode) Nurpmeso <steffen@sdaoden.eu>.
7 * SPDX-License-Identifier: ISC
9 * Permission to use, copy, modify, and/or distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 #define n_FILE urlcrecry
24 #ifndef HAVE_AMALGAMATION
29 /* NetBSD usr.bin/ftp/ruserpass.c uses 100 bytes for that, we need four
30 * concurrently (dummy, host, user, pass), so make it a KB */
31 # define NRC_TOKEN_MAXLEN (1024 / 4)
46 struct nrc_node
*nrc_next
;
47 struct nrc_node
*nrc_result
; /* In match phase, former possible one */
48 ui32_t nrc_mlen
; /* Length of machine name */
49 ui32_t nrc_ulen
; /* Length of user name */
50 ui32_t nrc_plen
; /* Length of password */
51 char nrc_dat
[n_VFIELD_SIZE(sizeof(ui32_t
))];
53 # define NRC_NODE_ERR ((struct nrc_node*)-1)
55 static struct nrc_node
*_nrc_list
;
56 #endif /* HAVE_NETRC */
58 /* Find the last @ before a slash
59 * TODO Casts off the const but this is ok here; obsolete function! */
60 #ifdef HAVE_SOCKETS /* temporary (we'll have file://..) */
61 static char * _url_last_at_before_slash(char const *sp
);
65 /* Initialize .netrc cache */
66 static void _nrc_init(void);
67 static enum nrc_token
__nrc_token(FILE *fi
, char buffer
[NRC_TOKEN_MAXLEN
],
70 /* We shall lookup a machine in .netrc says ok_blook(netrc_lookup).
71 * only_pass is true then the lookup is for the password only, otherwise we
72 * look for a user (and add password only if we have an exact machine match) */
73 static bool_t
_nrc_lookup(struct url
*urlp
, bool_t only_pass
);
75 /* 0=no match; 1=exact match; -1=wildcard match */
76 static int __nrc_host_match(struct nrc_node
const *nrc
,
77 struct url
const *urlp
);
78 static bool_t
__nrc_find_user(struct url
*urlp
,
79 struct nrc_node
const *nrc
);
80 static bool_t
__nrc_find_pass(struct url
*urlp
, bool_t user_match
,
81 struct nrc_node
const *nrc
);
82 #endif /* HAVE_NETRC */
84 /* The password can also be gained through external agents TODO v15-compat */
86 static bool_t
_agent_shell_lookup(struct url
*urlp
, char const *comm
);
91 _url_last_at_before_slash(char const *sp
)
97 for (cp
= sp
; (c
= *cp
) != '\0'; ++cp
)
100 while (cp
> sp
&& *--cp
!= '@')
105 return n_UNCONST(cp
);
113 char buffer
[NRC_TOKEN_MAXLEN
], host
[NRC_TOKEN_MAXLEN
],
114 user
[NRC_TOKEN_MAXLEN
], pass
[NRC_TOKEN_MAXLEN
], *netrc_load
;
118 bool_t
volatile ispipe
;
119 bool_t seen_default
, nl_last
;
120 struct nrc_node
* volatile ntail
, * volatile nhead
, * volatile nrc
;
123 n_UNINIT(ntail
, NULL
);
129 hold_all_sigs(); /* todo */
131 if ((netrc_load
= ok_vlook(netrc_pipe
)) != NULL
) {
133 if ((fi
= Popen(netrc_load
, "r", ok_vlook(SHELL
), NULL
, n_CHILD_FD_NULL
)
135 n_perr(netrc_load
, 0);
139 if ((netrc_load
= fexpand(ok_vlook(NETRC
), FEXP_LOCAL
| FEXP_NOPROTO
)
143 if ((fi
= Fopen(netrc_load
, "r")) == NULL
) {
144 n_err(_("Cannot open %s\n"), n_shexp_quote_cp(netrc_load
, FAL0
));
148 /* Be simple and apply rigid (permission) check(s) */
149 if (fstat(fileno(fi
), &sb
) == -1 || !S_ISREG(sb
.st_mode
) ||
150 (sb
.st_mode
& (S_IRWXG
| S_IRWXO
))) {
151 n_err(_("Not a regular file, or accessible by non-user: %s\n"),
152 n_shexp_quote_cp(netrc_load
, FAL0
));
160 switch((t
= __nrc_token(fi
, buffer
, &nl_last
))) {
163 default: /* Doesn't happen (but on error?), keep CC happy */
166 /* We ignore the default entry (require an exact host match), and we also
167 * ignore anything after such an entry (faulty syntax) */
172 /* Normalize HOST to lowercase */
174 if (!seen_default
&& (t
= __nrc_token(fi
, host
, &nl_last
)) != NRC_INPUT
)
178 for (cp
= host
; *cp
!= '\0'; ++cp
)
179 *cp
= lowerconv(*cp
);
182 *user
= *pass
= '\0';
183 while ((t
= __nrc_token(fi
, buffer
, &nl_last
)) != NRC_NONE
&&
184 t
!= NRC_MACHINE
&& t
!= NRC_DEFAULT
) {
187 if ((t
= __nrc_token(fi
, user
, &nl_last
)) != NRC_INPUT
)
191 if ((t
= __nrc_token(fi
, pass
, &nl_last
)) != NRC_INPUT
)
195 if ((t
= __nrc_token(fi
, buffer
, &nl_last
)) != NRC_INPUT
)
199 if ((t
= __nrc_token(fi
, buffer
, &nl_last
)) != NRC_INPUT
)
203 while ((c
= getc(fi
)) != EOF
)
204 if (c
== '\n') { /* xxx */
205 /* Don't care about comments here, since we parse until
206 * we've seen two successive newline characters */
220 if (!seen_default
&& (*user
!= '\0' || *pass
!= '\0')) {
221 size_t hl
= strlen(host
), ul
= strlen(user
), pl
= strlen(pass
);
222 struct nrc_node
*nx
= n_alloc(n_VSTRUCT_SIZEOF(struct nrc_node
,
223 nrc_dat
) + hl
+1 + ul
+1 + pl
+1);
226 ntail
->nrc_next
= nx
;
234 memcpy(nx
->nrc_dat
, host
, ++hl
);
235 memcpy(nx
->nrc_dat
+ hl
, user
, ++ul
);
236 memcpy(nx
->nrc_dat
+ hl
+ ul
, pass
, ++pl
);
238 if (t
== NRC_MACHINE
)
240 if (t
== NRC_DEFAULT
)
247 if(n_poption
& n_PO_D_V
)
248 n_err(_("Errors occurred while parsing %s\n"),
249 n_shexp_quote_cp(netrc_load
, FAL0
));
250 assert(nrc
== NRC_NODE_ERR
);
263 if (nrc
== NRC_NODE_ERR
)
264 while (nhead
!= NULL
) {
266 nhead
= nhead
->nrc_next
;
275 static enum nrc_token
276 __nrc_token(FILE *fi
, char buffer
[NRC_TOKEN_MAXLEN
], bool_t
*nl_last
)
288 if (feof(fi
) || ferror(fi
))
291 for (seen_nl
= *nl_last
; (c
= getc(fi
)) != EOF
&& whitechar(c
);)
292 seen_nl
|= (c
== '\n');
296 /* fetchmail and derived parsers support comments */
297 if ((*nl_last
= seen_nl
) && c
== '#') {
298 while ((c
= getc(fi
)) != EOF
&& c
!= '\n')
306 /* Is it a quoted token? At least IBM syntax also supports ' quotes */
307 if (c
== '"' || c
== '\'') {
310 /* Not requiring the closing QM is (Net)BSD syntax */
311 while ((c
= getc(fi
)) != EOF
&& c
!= quotec
) {
312 /* Reverse solidus escaping the next character is (Net)BSD syntax */
314 if ((c
= getc(fi
)) == EOF
)
317 if (PTRCMP(cp
, ==, buffer
+ NRC_TOKEN_MAXLEN
)) {
324 while ((c
= getc(fi
)) != EOF
&& !whitechar(c
)) {
325 /* Rverse solidus escaping the next character is (Net)BSD syntax */
326 if (c
== '\\' && (c
= getc(fi
)) == EOF
)
329 if (PTRCMP(cp
, ==, buffer
+ NRC_TOKEN_MAXLEN
)) {
334 *nl_last
= (c
== '\n');
339 do {/*rv = NRC_NONE*/} while (0);
340 else if (!strcmp(buffer
, "default"))
342 else if (!strcmp(buffer
, "login"))
344 else if (!strcmp(buffer
, "password") || !strcmp(buffer
, "passwd"))
346 else if (!strcmp(buffer
, "account"))
348 else if (!strcmp(buffer
, "macdef"))
350 else if (!strcmp(buffer
, "machine"))
355 if (c
== EOF
&& !feof(fi
))
362 _nrc_lookup(struct url
*urlp
, bool_t only_pass
)
364 struct nrc_node
*nrc
, *nrc_wild
, *nrc_exact
;
368 assert(!only_pass
|| urlp
->url_user
.s
!= NULL
);
369 assert(only_pass
|| urlp
->url_user
.s
== NULL
);
371 if (_nrc_list
== NULL
)
373 if (_nrc_list
== NRC_NODE_ERR
)
376 nrc_wild
= nrc_exact
= NULL
;
377 for (nrc
= _nrc_list
; nrc
!= NULL
; nrc
= nrc
->nrc_next
)
378 switch (__nrc_host_match(nrc
, urlp
)) {
380 nrc
->nrc_result
= nrc_exact
;
384 nrc
->nrc_result
= nrc_wild
;
391 if (!only_pass
&& urlp
->url_user
.s
== NULL
) {
392 /* Must be an unambiguous entry of its kind */
393 if (nrc_exact
!= NULL
&& nrc_exact
->nrc_result
!= NULL
)
395 if (__nrc_find_user(urlp
, nrc_exact
))
398 if (nrc_wild
!= NULL
&& nrc_wild
->nrc_result
!= NULL
)
400 if (!__nrc_find_user(urlp
, nrc_wild
))
406 if (__nrc_find_pass(urlp
, TRU1
, nrc_exact
) ||
407 __nrc_find_pass(urlp
, TRU1
, nrc_wild
) ||
408 /* Do not try to find a password without exact user match unless we've
409 * been called during credential lookup, a.k.a. the second time */
411 __nrc_find_pass(urlp
, FAL0
, nrc_exact
) ||
412 __nrc_find_pass(urlp
, FAL0
, nrc_wild
))
420 __nrc_host_match(struct nrc_node
const *nrc
, struct url
const *urlp
)
427 /* Find a matching machine -- entries are all lowercase normalized */
428 if (nrc
->nrc_mlen
== urlp
->url_host
.l
) {
429 if (n_LIKELY(!memcmp(nrc
->nrc_dat
, urlp
->url_host
.s
, urlp
->url_host
.l
)))
434 /* Cannot be an exact match, but maybe the .netrc machine starts with
435 * a "*." glob, which we recognize as an extension, meaning "skip
436 * a single subdomain, then match the rest" */
437 d1
= nrc
->nrc_dat
+ 2;
439 if (l1
<= 2 || d1
[-1] != '.' || d1
[-2] != '*')
443 /* Brute skipping over one subdomain, no RFC 1035 or RFC 1122 checks;
444 * in fact this even succeeds for ".host.com", but - why care, here? */
445 d2
= urlp
->url_host
.s
;
446 l2
= urlp
->url_host
.l
;
453 if (l2
== l1
&& !memcmp(d1
, d2
, l1
))
454 /* This matches, but we won't use it directly but watch out for an
455 * exact match first! */
463 __nrc_find_user(struct url
*urlp
, struct nrc_node
const *nrc
)
467 for (; nrc
!= NULL
; nrc
= nrc
->nrc_result
)
468 if (nrc
->nrc_ulen
> 0) {
469 /* Fake it was part of URL otherwise XXX */
470 urlp
->url_flags
|= n_URL_HAD_USER
;
471 /* That buffer will be duplicated by url_parse() in this case! */
472 urlp
->url_user
.s
= n_UNCONST(nrc
->nrc_dat
+ nrc
->nrc_mlen
+1);
473 urlp
->url_user
.l
= nrc
->nrc_ulen
;
478 return (nrc
!= NULL
);
482 __nrc_find_pass(struct url
*urlp
, bool_t user_match
, struct nrc_node
const *nrc
)
486 for (; nrc
!= NULL
; nrc
= nrc
->nrc_result
) {
487 bool_t um
= (nrc
->nrc_ulen
== urlp
->url_user
.l
&&
488 !memcmp(nrc
->nrc_dat
+ nrc
->nrc_mlen
+1, urlp
->url_user
.s
,
494 } else if (!um
&& nrc
->nrc_ulen
> 0)
496 if (nrc
->nrc_plen
== 0)
499 /* We are responsible for duplicating this buffer! */
500 urlp
->url_pass
.s
= savestrbuf(nrc
->nrc_dat
+ nrc
->nrc_mlen
+1 +
501 nrc
->nrc_ulen
+ 1, (urlp
->url_pass
.l
= nrc
->nrc_plen
));
506 return (nrc
!= NULL
);
508 #endif /* HAVE_NETRC */
512 _agent_shell_lookup(struct url
*urlp
, char const *comm
) /* TODO v15-compat */
515 char const *env_addon
[8];
518 union {int c
; sighandler_type sht
;} u
;
523 env_addon
[0] = str_concat_csvl(&s
, "NAIL_USER", "=", urlp
->url_user
.s
,
525 env_addon
[1] = str_concat_csvl(&s
,
526 "NAIL_USER_ENC", "=", urlp
->url_user_enc
.s
, NULL
)->s
;
527 env_addon
[2] = str_concat_csvl(&s
, "NAIL_HOST", "=", urlp
->url_host
.s
,
529 env_addon
[3] = str_concat_csvl(&s
, "NAIL_HOST_PORT", "=", urlp
->url_h_p
.s
,
533 if ((pbuf
= Popen(comm
, "r", ok_vlook(SHELL
), env_addon
, -1)) == NULL
) {
534 n_err(_("*agent-shell-lookup* startup failed (%s)\n"), comm
);
538 for (s
.s
= NULL
, s
.l
= cl
= l
= 0; (u
.c
= getc(pbuf
)) != EOF
; ++cl
) {
539 if (u
.c
== '\n') /* xxx */
542 if (l
== sizeof(buf
) - 1) {
543 n_str_add_buf(&s
, buf
, l
);
548 n_str_add_buf(&s
, buf
, l
);
550 if (!Pclose(pbuf
, TRU1
)) {
551 n_err(_("*agent-shell-lookup* execution failure (%s)\n"), comm
);
555 /* We are responsible for duplicating this buffer! */
557 urlp
->url_pass
.s
= savestrbuf(s
.s
, urlp
->url_pass
.l
= s
.l
);
559 urlp
->url_pass
.s
= n_UNCONST(n_empty
), urlp
->url_pass
.l
= 0;
567 #endif /* HAVE_AGENT */
570 (urlxenc
)(char const *cp
, bool_t ispath n_MEMORY_DEBUG_ARGS
)
579 if(i
>= UIZ_MAX
/ 3){
585 np
= n
= (n_autorec_alloc_from_pool
)(NULL
, i n_MEMORY_DEBUG_ARGSCALL
);
588 for (; (c1
= *cp
) != '\0'; ++cp
) {
589 /* (RFC 1738) RFC 3986, 2.3 Unreserved Characters:
590 * ALPHA / DIGIT / "-" / "." / "_" / "~"
591 * However add a special is[file]path mode for file-system friendliness */
592 if (alnumchar(c1
) || c1
== '_')
595 if (c1
!= '-' && c1
!= '.' && c1
!= '~')
598 } else if (PTRCMP(np
, >, n
) && (*cp
== '-' || *cp
== '.')) /* XXX imap */
603 n_c_to_hex_base16(np
+ 1, c1
);
614 (urlxdec
)(char const *cp n_MEMORY_DEBUG_ARGS
)
620 np
= n
= (n_autorec_alloc_from_pool
)(NULL
, strlen(cp
) +1
621 n_MEMORY_DEBUG_ARGSCALL
);
623 while ((c
= (uc_i
)*cp
++) != '\0') {
624 if (c
== '%' && cp
[0] != '\0' && cp
[1] != '\0') {
626 if (n_LIKELY((c
= n_c_from_hex_base16(cp
)) >= '\0'))
639 c_urlcodec(void *vp
){
642 char const **argv
, *varname
, *varres
, *act
, *cp
;
646 varname
= (n_pstate
& n_PS_ARGMOD_VPUT
) ? *argv
++ : NULL
;
649 for(cp
= act
; *cp
!= '\0' && !blankspacechar(*cp
); ++cp
)
651 if((ispath
= (*act
== 'p'))){
652 if(!ascncasecmp(++act
, "ath", 3))
657 alen
= PTR2SIZE(cp
- act
);
661 n_pstate_err_no
= n_ERR_NONE
;
663 if(is_ascncaseprefix(act
, "encode", alen
))
664 varres
= urlxenc(cp
, ispath
);
665 else if(is_ascncaseprefix(act
, "decode", alen
))
666 varres
= urlxdec(cp
);
671 n_pstate_err_no
= n_ERR_CANCELED
;
677 if(!n_var_vset(varname
, (uintptr_t)varres
)){
678 n_pstate_err_no
= n_ERR_NOTSUP
;
684 in
.l
= strlen(in
.s
= n_UNCONST(varres
));
685 makeprint(&in
, &out
);
686 if(fprintf(n_stdout
, "%s\n", out
.s
) < 0){
687 n_pstate_err_no
= n_err_no
;
695 return (vp
!= NULL
? 0 : 1);
697 n_err(_("Synopsis: urlcodec: "
698 "<[path]e[ncode]|[path]d[ecode]> <rest-of-line>\n"));
699 n_pstate_err_no
= n_ERR_INVAL
;
705 c_urlencode(void *v
) /* XXX IDNA?? */
710 n_OBSOLETE("`urlencode': please use `urlcodec enc[ode]' instead");
712 for (ap
= v
; *ap
!= NULL
; ++ap
) {
713 char *in
= *ap
, *out
= urlxenc(in
, FAL0
);
716 out
= n_UNCONST(V_(n_error
));
718 " in: <%s> (%" PRIuZ
" bytes)\nout: <%s> (%" PRIuZ
" bytes)\n",
719 in
, strlen(in
), out
, strlen(out
));
726 c_urldecode(void *v
) /* XXX IDNA?? */
731 n_OBSOLETE("`urldecode': please use `urlcodec dec[ode]' instead");
733 for (ap
= v
; *ap
!= NULL
; ++ap
) {
734 char *in
= *ap
, *out
= urlxdec(in
);
737 out
= n_UNCONST(V_(n_error
));
739 " in: <%s> (%" PRIuZ
" bytes)\nout: <%s> (%" PRIuZ
" bytes)\n",
740 in
, strlen(in
), out
, strlen(out
));
747 url_mailto_to_address(char const *mailtop
){ /* TODO hack! RFC 6068; factory? */
750 char const *mailtop_orig
;
753 if(!is_prefix("mailto:", mailtop_orig
= mailtop
)){
757 mailtop
+= sizeof("mailto:") -1;
759 /* TODO This is all intermediate, and for now just enough to understand
760 * TODO a little bit of a little more advanced List-Post: headers. */
761 /* Strip any hfield additions, keep only to addr-spec's */
762 if((rv
= strchr(mailtop
, '?')) != NULL
)
763 rv
= savestrbuf(mailtop
, i
= PTR2SIZE(rv
- mailtop
));
765 rv
= savestrbuf(mailtop
, i
= strlen(mailtop
));
769 /* Simply perform percent-decoding if there is a percent % */
770 if(memchr(rv
, '%', i
) != NULL
){
774 for(err
= FAL0
, mailtop
= rv_base
= rv
; i
> 0;){
777 if((c
= *mailtop
++) == '%'){
780 if(i
< 3 || (cc
= n_c_from_hex_base16(mailtop
)) < 0){
781 if(!err
&& (err
= TRU1
, n_poption
& n_PO_D_V
))
782 n_err(_("Invalid RFC 6068 'mailto' URL: %s\n"),
783 n_shexp_quote_cp(mailtop_orig
, FAL0
));
804 n_servbyname(char const *proto
, ui16_t
*irv_or_null
){
811 { "smtps", "465", 465},
812 { "submission", "587", 587},
813 { "submissions", "465", 465},
814 { "pop3", "110", 110},
815 { "pop3s", "995", 995},
816 { "imap", "143", 143},
817 { "imaps", "993", 993},
824 for(rv
= proto
; *rv
!= '\0'; ++rv
)
827 l
= PTR2SIZE(rv
- proto
);
829 for(rv
= NULL
, i
= 0; i
< n_NELEM(tbl
); ++i
)
830 if(!ascncasecmp(tbl
[i
].name
, proto
, l
)){
832 if(irv_or_null
!= NULL
)
833 *irv_or_null
= tbl
[i
].portno
;
840 #ifdef HAVE_SOCKETS /* Note: not indented for that -- later: file:// etc.! */
842 url_parse(struct url
*urlp
, enum cproto cproto
, char const *data
)
844 #if defined HAVE_SMTP && defined HAVE_POP3 && defined HAVE_IMAP
847 #if defined HAVE_SMTP || defined HAVE_POP3 || defined HAVE_IMAP || \
856 memset(urlp
, 0, sizeof *urlp
);
857 urlp
->url_input
= data
;
858 urlp
->url_cproto
= cproto
;
860 /* Network protocol */
861 #define a_PROTOX(X,Y,Z) \
862 urlp->url_portno = Y;\
863 memcpy(urlp->url_proto, X "://\0", sizeof(X "://\0"));\
864 urlp->url_proto[sizeof(X) -1] = '\0';\
865 urlp->url_proto_len = sizeof(X) -1;\
867 #define a_PRIVPROTOX(X,Y,Z) \
868 do{ a_PROTOX(X, Y, Z); }while(0)
869 #define a__IF(X,Y,Z) \
870 if(!ascncasecmp(data, X "://", sizeof(X "://") -1)){\
872 data += sizeof(X "://") -1;\
875 #define a_IF(X,Y) a__IF(X, Y, (void)0)
877 # define a_IFS(X,Y) a__IF(X, Y, urlp->url_flags |= n_URL_TLS_REQUIRED)
878 # define a_IFs(X,Y) a__IF(X, Y, urlp->url_flags |= n_URL_TLS_OPTIONAL)
880 # define a_IFS(X,Y) goto jeproto;
881 # define a_IFs(X,Y) a_IF(X, Y)
885 case CPROTO_CERTINFO
:
886 /* The special `tls' certificate info protocol
887 * We do allow all protos here, for later getaddrinfo() usage! */
889 if((cp
= strstr(data
, "://")) == NULL
)
890 a_PRIVPROTOX("https", 443, urlp
->url_flags
|= n_URL_TLS_REQUIRED
);
894 if((i
= PTR2SIZE(&cp
[sizeof("://") -1] - data
)) + 2 >=
895 sizeof(urlp
->url_proto
))
897 memcpy(urlp
->url_proto
, data
, i
);
899 i
-= sizeof("://") -1;
900 urlp
->url_proto
[i
] = '\0';\
901 urlp
->url_proto_len
= i
;
902 urlp
->url_flags
|= n_URL_TLS_REQUIRED
;
909 /* The special S/MIME etc. credential lookup TODO TLS client cert! */
911 a_PRIVPROTOX("ccred", 0, (void)0);
917 a_IF("socks5", 1080);
919 a_PROTOX("socks", 1080, (void)0);
925 a_IFs("submission", 587)
926 a_IFS("submissions", 465)
927 a_PROTOX("smtp", 25, urlp
->url_flags
|= n_URL_TLS_OPTIONAL
);
936 a_PROTOX("pop3", 110, urlp
->url_flags
|= n_URL_TLS_OPTIONAL
);
945 a_PROTOX("imap", 143, urlp
->url_flags
|= n_URL_TLS_OPTIONAL
);
959 if (strstr(data
, "://") != NULL
) {
960 #if !defined a_ALLPROTO || !defined HAVE_TLS
963 n_err(_("URL proto:// prefix invalid: %s\n"), urlp
->url_input
);
968 /* User and password, I */
970 if ((cp
= _url_last_at_before_slash(data
)) != NULL
) {
972 char const *urlpe
, *d
;
975 l
= PTR2SIZE(cp
- data
);
976 ub
= n_lofi_alloc(l
+1);
978 urlp
->url_flags
|= n_URL_HAD_USER
;
981 /* And also have a password? */
982 if((cp
= memchr(d
, ':', l
)) != NULL
){
983 size_t i
= PTR2SIZE(cp
- d
);
986 memcpy(ub
, cp
+ 1, l
);
989 if((urlp
->url_pass
.s
= urlxdec(ub
)) == NULL
)
991 urlp
->url_pass
.l
= strlen(urlp
->url_pass
.s
);
992 if((urlpe
= urlxenc(urlp
->url_pass
.s
, FAL0
)) == NULL
)
994 if(strcmp(ub
, urlpe
))
1001 if((urlp
->url_user
.s
= urlxdec(ub
)) == NULL
)
1003 urlp
->url_user
.l
= strlen(urlp
->url_user
.s
);
1004 if((urlp
->url_user_enc
.s
= urlxenc(urlp
->url_user
.s
, FAL0
)) == NULL
)
1006 urlp
->url_user_enc
.l
= strlen(urlp
->url_user_enc
.s
);
1008 if(urlp
->url_user_enc
.l
!= l
|| memcmp(urlp
->url_user_enc
.s
, ub
, l
)){
1010 n_err(_("String is not properly URL percent encoded: %s\n"), ub
);
1019 /* Servername and port -- and possible path suffix */
1020 if ((cp
= strchr(data
, ':')) != NULL
) { /* TODO URL parse, use IPAddress! */
1021 urlp
->url_port
= x
= savestr(x
= &cp
[1]);
1022 if ((x
= strchr(x
, '/')) != NULL
) {
1028 if((n_idec_ui16_cp(&urlp
->url_portno
, urlp
->url_port
, 10, NULL
1029 ) & (n_IDEC_STATE_EMASK
| n_IDEC_STATE_CONSUMED
)
1030 ) != n_IDEC_STATE_CONSUMED
|| urlp
->url_portno
== 0){
1031 n_err(_("URL with invalid port number: %s\n"), urlp
->url_input
);
1035 if ((x
= strchr(data
, '/')) != NULL
) {
1036 data
= savestrbuf(data
, PTR2SIZE(x
- data
));
1040 cp
= n_UNCONST(data
+ strlen(data
));
1043 /* A (non-empty) path may only occur with IMAP */
1044 if (x
!= NULL
&& *x
!= '\0') {
1045 /* Take care not to count adjacent solidus for real, on either end */
1050 for(trailsol
= FAL0
, x2
= savestrbuf(x
, i
= strlen(x
)); i
> 0;
1051 trailsol
= TRU1
, --i
)
1052 if(x2
[i
- 1] != '/')
1057 if (cproto
!= CPROTO_IMAP
) {
1058 n_err(_("URL protocol doesn't support paths: \"%s\"\n"),
1064 urlp
->url_path
.s
= n_autorec_alloc(i
+ sizeof("/INBOX"));
1065 memcpy(urlp
->url_path
.s
, x
, i
);
1066 memcpy(&urlp
->url_path
.s
[i
], "/INBOX", sizeof("/INBOX"));
1067 urlp
->url_path
.l
= (i
+= sizeof("/INBOX") -1);
1070 urlp
->url_path
.l
= i
, urlp
->url_path
.s
= x2
;
1074 if(cproto
== CPROTO_IMAP
&& urlp
->url_path
.s
== NULL
)
1075 urlp
->url_path
.s
= savestrbuf("INBOX",
1076 urlp
->url_path
.l
= sizeof("INBOX") -1);
1079 urlp
->url_host
.s
= savestrbuf(data
, urlp
->url_host
.l
= PTR2SIZE(cp
- data
));
1081 for (cp
= urlp
->url_host
.s
, i
= urlp
->url_host
.l
; i
!= 0; ++cp
, --i
)
1082 *cp
= lowerconv(*cp
);
1085 if(!ok_blook(idna_disable
)){
1086 struct n_string idna
;
1088 if(!n_idna_to_ascii(n_string_creat_auto(&idna
), urlp
->url_host
.s
,
1090 n_err(_("URL host fails IDNA conversion: %s\n"), urlp
->url_input
);
1093 urlp
->url_host
.s
= n_string_cp(&idna
);
1094 urlp
->url_host
.l
= idna
.s_len
;
1096 # endif /* HAVE_IDNA */
1098 /* .url_h_p: HOST:PORT */
1100 struct str
*s
= &urlp
->url_h_p
;
1102 upl
= (urlp
->url_port
== NULL
) ? 0 : 1u + strlen(urlp
->url_port
);
1103 s
->s
= n_autorec_alloc(urlp
->url_host
.l
+ upl
+1);
1104 memcpy(s
->s
, urlp
->url_host
.s
, i
= urlp
->url_host
.l
);
1107 memcpy(&s
->s
[i
], urlp
->url_port
, --upl
);
1110 s
->s
[s
->l
= i
] = '\0';
1114 * If there was no user in the URL, do we have *user-HOST* or *user*? */
1115 if (!(urlp
->url_flags
& n_URL_HAD_USER
)) {
1116 if ((urlp
->url_user
.s
= xok_vlook(user
, urlp
, OXM_PLAIN
| OXM_H_P
))
1118 /* No, check whether .netrc lookup is desired */
1120 if (!ok_blook(v15_compat
) ||
1121 !xok_blook(netrc_lookup
, urlp
, OXM_PLAIN
| OXM_H_P
) ||
1122 !_nrc_lookup(urlp
, FAL0
))
1124 urlp
->url_user
.s
= n_UNCONST(ok_vlook(LOGNAME
));
1127 urlp
->url_user
.l
= strlen(urlp
->url_user
.s
);
1128 urlp
->url_user
.s
= savestrbuf(urlp
->url_user
.s
, urlp
->url_user
.l
);
1129 if((urlp
->url_user_enc
.s
= urlxenc(urlp
->url_user
.s
, FAL0
)) == NULL
){
1130 n_err(_("Cannot URL encode %s\n"), urlp
->url_user
.s
);
1133 urlp
->url_user_enc
.l
= strlen(urlp
->url_user_enc
.s
);
1136 /* And then there are a lot of prebuild string combinations TODO do lazy */
1138 /* .url_u_h: .url_user@.url_host
1139 * For SMTP we apply ridiculously complicated *v15-compat* plus
1140 * *smtp-hostname* / *hostname* dependent rules */
1144 if (cproto
== CPROTO_SMTP
&& ok_blook(v15_compat
) &&
1145 (cp
= ok_vlook(smtp_hostname
)) != NULL
) {
1147 cp
= n_nodename(TRU1
);
1148 h
.s
= savestrbuf(cp
, h
.l
= strlen(cp
));
1153 i
= urlp
->url_user
.l
;
1155 s
->s
= n_autorec_alloc(i
+ 1 + h
.l
+1);
1157 memcpy(s
->s
, urlp
->url_user
.s
, i
);
1160 memcpy(s
->s
+ i
, h
.s
, h
.l
+1);
1165 /* .url_u_h_p: .url_user@.url_host[:.url_port] */
1166 { struct str
*s
= &urlp
->url_u_h_p
;
1167 size_t i
= urlp
->url_user
.l
;
1169 s
->s
= n_autorec_alloc(i
+ 1 + urlp
->url_h_p
.l
+1);
1171 memcpy(s
->s
, urlp
->url_user
.s
, i
);
1174 memcpy(s
->s
+ i
, urlp
->url_h_p
.s
, urlp
->url_h_p
.l
+1);
1175 i
+= urlp
->url_h_p
.l
;
1179 /* .url_eu_h_p: .url_user_enc@.url_host[:.url_port] */
1180 { struct str
*s
= &urlp
->url_eu_h_p
;
1181 size_t i
= urlp
->url_user_enc
.l
;
1183 s
->s
= n_autorec_alloc(i
+ 1 + urlp
->url_h_p
.l
+1);
1185 memcpy(s
->s
, urlp
->url_user_enc
.s
, i
);
1188 memcpy(s
->s
+ i
, urlp
->url_h_p
.s
, urlp
->url_h_p
.l
+1);
1189 i
+= urlp
->url_h_p
.l
;
1193 /* .url_p_u_h_p: .url_proto://.url_u_h_p */
1197 ud
= n_autorec_alloc((i
= urlp
->url_proto_len
+ sizeof("://") -1 +
1198 urlp
->url_u_h_p
.l
) +1);
1199 urlp
->url_proto
[urlp
->url_proto_len
] = ':';
1200 memcpy(sstpcpy(ud
, urlp
->url_proto
), urlp
->url_u_h_p
.s
,
1201 urlp
->url_u_h_p
.l
+1);
1202 urlp
->url_proto
[urlp
->url_proto_len
] = '\0';
1204 urlp
->url_p_u_h_p
= ud
;
1207 /* .url_p_eu_h_p, .url_p_eu_h_p_p: .url_proto://.url_eu_h_p[/.url_path] */
1211 ud
= n_autorec_alloc((i
= urlp
->url_proto_len
+ sizeof("://") -1 +
1212 urlp
->url_eu_h_p
.l
) + 1 + urlp
->url_path
.l
+1);
1213 urlp
->url_proto
[urlp
->url_proto_len
] = ':';
1214 memcpy(sstpcpy(ud
, urlp
->url_proto
), urlp
->url_eu_h_p
.s
,
1215 urlp
->url_eu_h_p
.l
+1);
1216 urlp
->url_proto
[urlp
->url_proto_len
] = '\0';
1218 if (urlp
->url_path
.l
== 0)
1219 urlp
->url_p_eu_h_p
= urlp
->url_p_eu_h_p_p
= ud
;
1221 urlp
->url_p_eu_h_p
= savestrbuf(ud
, i
);
1222 urlp
->url_p_eu_h_p_p
= ud
;
1225 memcpy(ud
, urlp
->url_path
.s
, urlp
->url_path
.l
+1);
1230 #endif /* a_ANYPROTO */
1239 ccred_lookup_old(struct ccred
*ccp
, enum cproto cproto
, char const *addr
)
1241 char const *pname
, *pxstr
, *authdef
, *s
;
1242 size_t pxlen
, addrlen
, i
;
1245 enum {NONE
=0, WANT_PASS
=1<<0, REQ_PASS
=1<<1, WANT_USER
=1<<2, REQ_USER
=1<<3}
1247 bool_t addr_is_nuser
= FAL0
; /* XXX v15.0 legacy! v15_compat */
1250 n_OBSOLETE(_("Use of old-style credentials, which will vanish in v15!\n"
1251 " Please read the manual section "
1252 "\"On URL syntax and credential lookup\""));
1254 memset(ccp
, 0, sizeof *ccp
);
1260 pxstr
= "smtp-auth";
1261 pxlen
= sizeof("smtp-auth") -1;
1262 authmask
= AUTHTYPE_NONE
| AUTHTYPE_PLAIN
| AUTHTYPE_LOGIN
|
1263 AUTHTYPE_CRAM_MD5
| AUTHTYPE_GSSAPI
;
1265 addr_is_nuser
= TRU1
;
1269 pxstr
= "pop3-auth";
1270 pxlen
= sizeof("pop3-auth") -1;
1271 authmask
= AUTHTYPE_PLAIN
;
1277 pxstr
= "imap-auth";
1278 pxlen
= sizeof("imap-auth") -1;
1279 authmask
= AUTHTYPE_LOGIN
| AUTHTYPE_CRAM_MD5
| AUTHTYPE_GSSAPI
;
1285 ccp
->cc_cproto
= cproto
;
1286 addrlen
= strlen(addr
);
1287 vbuf
= n_lofi_alloc(pxlen
+ addrlen
+ sizeof("-password-")-1 +1);
1288 memcpy(vbuf
, pxstr
, pxlen
);
1290 /* Authentication type */
1292 memcpy(vbuf
+ pxlen
+ 1, addr
, addrlen
+1);
1293 if ((s
= n_var_vlook(vbuf
, FAL0
)) == NULL
) {
1295 if ((s
= n_var_vlook(vbuf
, FAL0
)) == NULL
)
1296 s
= n_UNCONST(authdef
);
1299 if (!asccasecmp(s
, "none")) {
1300 ccp
->cc_auth
= "NONE";
1301 ccp
->cc_authtype
= AUTHTYPE_NONE
;
1303 } else if (!asccasecmp(s
, "plain")) {
1304 ccp
->cc_auth
= "PLAIN";
1305 ccp
->cc_authtype
= AUTHTYPE_PLAIN
;
1306 ware
= REQ_PASS
| REQ_USER
;
1307 } else if (!asccasecmp(s
, "login")) {
1308 ccp
->cc_auth
= "LOGIN";
1309 ccp
->cc_authtype
= AUTHTYPE_LOGIN
;
1310 ware
= REQ_PASS
| REQ_USER
;
1311 } else if (!asccasecmp(s
, "cram-md5")) {
1312 ccp
->cc_auth
= "CRAM-MD5";
1313 ccp
->cc_authtype
= AUTHTYPE_CRAM_MD5
;
1314 ware
= REQ_PASS
| REQ_USER
;
1315 } else if (!asccasecmp(s
, "gssapi")) {
1316 ccp
->cc_auth
= "GSS-API";
1317 ccp
->cc_authtype
= AUTHTYPE_GSSAPI
;
1322 if (!(ccp
->cc_authtype
& authmask
)) {
1323 n_err(_("Unsupported %s authentication method: %s\n"), pname
, s
);
1328 if (ccp
->cc_authtype
== AUTHTYPE_CRAM_MD5
) {
1329 n_err(_("No CRAM-MD5 support compiled in\n"));
1334 # ifndef HAVE_GSSAPI
1335 if (ccp
->cc_authtype
== AUTHTYPE_GSSAPI
) {
1336 n_err(_("No GSS-API support compiled in\n"));
1343 if (!(ware
& (WANT_USER
| REQ_USER
)))
1346 if (!addr_is_nuser
) {
1347 if ((s
= _url_last_at_before_slash(addr
)) != NULL
) {
1350 cp
= savestrbuf(addr
, PTR2SIZE(s
- addr
));
1352 if((ccp
->cc_user
.s
= urlxdec(cp
)) == NULL
){
1353 n_err(_("String is not properly URL percent encoded: %s\n"), cp
);
1357 ccp
->cc_user
.l
= strlen(ccp
->cc_user
.s
);
1358 } else if (ware
& REQ_USER
)
1363 memcpy(vbuf
+ pxlen
, "-user-", i
= sizeof("-user-") -1);
1365 memcpy(vbuf
+ i
, addr
, addrlen
+1);
1366 if ((s
= n_var_vlook(vbuf
, FAL0
)) == NULL
) {
1368 if ((s
= n_var_vlook(vbuf
, FAL0
)) == NULL
&& (ware
& REQ_USER
)) {
1369 if ((s
= getuser(NULL
)) == NULL
) {
1370 jgetuser
: /* TODO v15.0: today we simply bail, but we should call getuser().
1371 * TODO even better: introduce "PROTO-user" and "PROTO-pass" and
1372 * TODO check that first, then! change control flow, grow vbuf */
1373 n_err(_("A user is necessary for %s authentication\n"), pname
);
1379 ccp
->cc_user
.l
= strlen(ccp
->cc_user
.s
= savestr(s
));
1383 if (!(ware
& (WANT_PASS
| REQ_PASS
)))
1386 if (!addr_is_nuser
) {
1387 memcpy(vbuf
, "password-", i
= sizeof("password-") -1);
1389 memcpy(vbuf
+ pxlen
, "-password-", i
= sizeof("-password-") -1);
1392 memcpy(vbuf
+ i
, addr
, addrlen
+1);
1393 if ((s
= n_var_vlook(vbuf
, FAL0
)) == NULL
) {
1395 if ((!addr_is_nuser
|| (s
= n_var_vlook(vbuf
, FAL0
)) == NULL
) &&
1396 (ware
& REQ_PASS
)) {
1397 if ((s
= getpassword(savecat(_("Password for "), pname
))) == NULL
) {
1398 n_err(_("A password is necessary for %s authentication\n"),
1406 ccp
->cc_pass
.l
= strlen(ccp
->cc_pass
.s
= savestr(s
));
1410 if (ccp
!= NULL
&& (n_poption
& n_PO_D_VV
))
1411 n_err(_("Credentials: host %s, user %s, pass %s\n"),
1412 addr
, (ccp
->cc_user
.s
!= NULL
? ccp
->cc_user
.s
: n_empty
),
1413 (ccp
->cc_pass
.s
!= NULL
? ccp
->cc_pass
.s
: n_empty
));
1415 return (ccp
!= NULL
);
1419 ccred_lookup(struct ccred
*ccp
, struct url
*urlp
)
1422 char const *pstr
, *authdef
;
1424 enum okeys authokey
;
1425 enum {NONE
=0, WANT_PASS
=1<<0, REQ_PASS
=1<<1, WANT_USER
=1<<2, REQ_USER
=1<<3}
1429 memset(ccp
, 0, sizeof *ccp
);
1430 ccp
->cc_user
= urlp
->url_user
;
1434 switch ((ccp
->cc_cproto
= urlp
->url_cproto
)) {
1436 authokey
= (enum okeys
)-1;
1437 authmask
= AUTHTYPE_PLAIN
;
1443 authokey
= ok_v_smtp_auth
;
1444 authmask
= AUTHTYPE_NONE
| AUTHTYPE_PLAIN
| AUTHTYPE_LOGIN
|
1445 AUTHTYPE_CRAM_MD5
| AUTHTYPE_GSSAPI
;
1450 authokey
= ok_v_pop3_auth
;
1451 authmask
= AUTHTYPE_PLAIN
;
1458 authokey
= ok_v_imap_auth
;
1459 authmask
= AUTHTYPE_LOGIN
| AUTHTYPE_CRAM_MD5
| AUTHTYPE_GSSAPI
;
1465 /* Authentication type */
1466 if (authokey
== (enum okeys
)-1 ||
1467 (s
= xok_VLOOK(authokey
, urlp
, OXM_ALL
)) == NULL
)
1468 s
= n_UNCONST(authdef
);
1470 if (!asccasecmp(s
, "none")) {
1471 ccp
->cc_auth
= "NONE";
1472 ccp
->cc_authtype
= AUTHTYPE_NONE
;
1474 } else if (!asccasecmp(s
, "plain")) {
1475 ccp
->cc_auth
= "PLAIN";
1476 ccp
->cc_authtype
= AUTHTYPE_PLAIN
;
1477 ware
= REQ_PASS
| REQ_USER
;
1478 } else if (!asccasecmp(s
, "login")) {
1479 ccp
->cc_auth
= "LOGIN";
1480 ccp
->cc_authtype
= AUTHTYPE_LOGIN
;
1481 ware
= REQ_PASS
| REQ_USER
;
1482 } else if (!asccasecmp(s
, "cram-md5")) {
1483 ccp
->cc_auth
= "CRAM-MD5";
1484 ccp
->cc_authtype
= AUTHTYPE_CRAM_MD5
;
1485 ware
= REQ_PASS
| REQ_USER
;
1486 } else if (!asccasecmp(s
, "gssapi")) {
1487 ccp
->cc_auth
= "GSS-API";
1488 ccp
->cc_authtype
= AUTHTYPE_GSSAPI
;
1493 if (!(ccp
->cc_authtype
& authmask
)) {
1494 n_err(_("Unsupported %s authentication method: %s\n"), pstr
, s
);
1499 if (ccp
->cc_authtype
== AUTHTYPE_CRAM_MD5
) {
1500 n_err(_("No CRAM-MD5 support compiled in\n"));
1505 # ifndef HAVE_GSSAPI
1506 if (ccp
->cc_authtype
== AUTHTYPE_GSSAPI
) {
1507 n_err(_("No GSS-API support compiled in\n"));
1514 ccp
->cc_pass
= urlp
->url_pass
;
1515 if (ccp
->cc_pass
.s
!= NULL
)
1518 if ((s
= xok_vlook(password
, urlp
, OXM_ALL
)) != NULL
)
1520 # ifdef HAVE_AGENT /* TODO v15-compat obsolete */
1521 if ((s
= xok_vlook(agent_shell_lookup
, urlp
, OXM_ALL
)) != NULL
) {
1522 n_OBSOLETE(_("*agent-shell-lookup* will vanish. Please use encrypted "
1523 "~/.netrc (via *netrc-pipe*), or simply `source' an encrypted file"));
1524 if (!_agent_shell_lookup(urlp
, s
)) {
1527 } else if (urlp
->url_pass
.s
!= NULL
) {
1528 ccp
->cc_pass
= urlp
->url_pass
;
1534 if (xok_blook(netrc_lookup
, urlp
, OXM_ALL
) && _nrc_lookup(urlp
, TRU1
)) {
1535 ccp
->cc_pass
= urlp
->url_pass
;
1539 if (ware
& REQ_PASS
) {
1540 if((s
= getpassword(savecat(urlp
->url_u_h
.s
, _(" requires a password: ")))
1543 ccp
->cc_pass
.l
= strlen(ccp
->cc_pass
.s
= savestr(s
));
1545 n_err(_("A password is necessary for %s authentication\n"), pstr
);
1551 if(ccp
!= NULL
&& (n_poption
& n_PO_D_VV
))
1552 n_err(_("Credentials: host %s, user %s, pass %s\n"),
1553 urlp
->url_h_p
.s
, (ccp
->cc_user
.s
!= NULL
? ccp
->cc_user
.s
: n_empty
),
1554 (ccp
->cc_pass
.s
!= NULL
? ccp
->cc_pass
.s
: n_empty
));
1556 return (ccp
!= NULL
);
1558 #endif /* HAVE_SOCKETS */
1565 struct nrc_node
*nrc
;
1572 if (argv
[1] != NULL
)
1574 if (!asccasecmp(*argv
, "show"))
1577 if (!asccasecmp(*argv
, "load"))
1579 if (!asccasecmp(*argv
, "clear"))
1582 n_err(_("Synopsis: netrc: (<show> or) <clear> the .netrc cache\n"));
1586 return (v
== NULL
? !STOP
: !OKAY
); /* xxx 1:bad 0:good -- do some */
1592 if (_nrc_list
== NULL
)
1594 if (_nrc_list
== NRC_NODE_ERR
) {
1595 n_err(_("Interpolate what file?\n"));
1602 if ((fp
= Ftmp(NULL
, "netrc", OF_RDWR
| OF_UNLINK
| OF_REGISTER
)) == NULL
) {
1603 n_perr(_("tmpfile"), 0);
1608 for (l
= 0, nrc
= _nrc_list
; nrc
!= NULL
; ++l
, nrc
= nrc
->nrc_next
) {
1609 fprintf(fp
, _("machine %s "), nrc
->nrc_dat
); /* XXX quote? */
1610 if (nrc
->nrc_ulen
> 0)
1611 fprintf(fp
, _("login \"%s\" "),
1612 string_quote(nrc
->nrc_dat
+ nrc
->nrc_mlen
+1));
1613 if (nrc
->nrc_plen
> 0)
1614 fprintf(fp
, _("password \"%s\"\n"),
1615 string_quote(nrc
->nrc_dat
+ nrc
->nrc_mlen
+1 + nrc
->nrc_ulen
+1));
1620 page_or_print(fp
, l
);
1626 if (_nrc_list
== NRC_NODE_ERR
)
1628 while ((nrc
= _nrc_list
) != NULL
) {
1629 _nrc_list
= nrc
->nrc_next
;
1634 #endif /* HAVE_NETRC */
1638 md5tohex(char hex
[MD5TOHEX_SIZE
], void const *vp
)
1640 char const *cp
= vp
;
1644 for (i
= 0; i
< MD5TOHEX_SIZE
/ 2; ++i
) {
1646 # define __hex(n) ((n) > 9 ? (n) - 10 + 'a' : (n) + '0')
1647 hex
[j
] = __hex((cp
[i
] & 0xF0) >> 4);
1648 hex
[++j
] = __hex(cp
[i
] & 0x0F);
1656 cram_md5_string(struct str
const *user
, struct str
const *pass
,
1660 char digest
[16], *cp
;
1664 if(user
->l
>= UIZ_MAX
- 1 - MD5TOHEX_SIZE
- 1)
1666 if(pass
->l
>= INT_MAX
)
1669 in
.s
= n_UNCONST(b64
);
1670 in
.l
= strlen(in
.s
);
1671 if(!b64_decode(&out
, &in
))
1673 if(out
.l
>= INT_MAX
){
1679 hmac_md5((uc_i
*)out
.s
, out
.l
, (uc_i
*)pass
->s
, pass
->l
, digest
);
1681 cp
= md5tohex(n_autorec_alloc(MD5TOHEX_SIZE
+1), digest
);
1683 in
.l
= user
->l
+ MD5TOHEX_SIZE
+1;
1684 in
.s
= n_lofi_alloc(user
->l
+ 1 + MD5TOHEX_SIZE
+1);
1685 memcpy(in
.s
, user
->s
, user
->l
);
1686 in
.s
[user
->l
] = ' ';
1687 memcpy(&in
.s
[user
->l
+ 1], cp
, MD5TOHEX_SIZE
);
1688 if(b64_encode(&out
, &in
, B64_SALLOC
| B64_CRLF
) == NULL
)
1697 hmac_md5(unsigned char *text
, int text_len
, unsigned char *key
, int key_len
,
1701 * This code is taken from
1703 * Network Working Group H. Krawczyk
1704 * Request for Comments: 2104 IBM
1705 * Category: Informational M. Bellare
1712 * HMAC: Keyed-Hashing for Message Authentication
1715 unsigned char k_ipad
[65]; /* inner padding - key XORd with ipad */
1716 unsigned char k_opad
[65]; /* outer padding - key XORd with opad */
1717 unsigned char tk
[16];
1721 /* if key is longer than 64 bytes reset it to key=MD5(key) */
1726 md5_update(&tctx
, key
, key_len
);
1727 md5_final(tk
, &tctx
);
1733 /* the HMAC_MD5 transform looks like:
1735 * MD5(K XOR opad, MD5(K XOR ipad, text))
1737 * where K is an n byte key
1738 * ipad is the byte 0x36 repeated 64 times
1739 * opad is the byte 0x5c repeated 64 times
1740 * and text is the data being protected */
1742 /* start out by storing key in pads */
1743 memset(k_ipad
, 0, sizeof k_ipad
);
1744 memset(k_opad
, 0, sizeof k_opad
);
1745 memcpy(k_ipad
, key
, key_len
);
1746 memcpy(k_opad
, key
, key_len
);
1748 /* XOR key with ipad and opad values */
1749 for (i
=0; i
<64; i
++) {
1754 /* perform inner MD5 */
1755 md5_init(&context
); /* init context for 1st pass */
1756 md5_update(&context
, k_ipad
, 64); /* start with inner pad */
1757 md5_update(&context
, text
, text_len
); /* then text of datagram */
1758 md5_final(digest
, &context
); /* finish up 1st pass */
1760 /* perform outer MD5 */
1761 md5_init(&context
); /* init context for 2nd pass */
1762 md5_update(&context
, k_opad
, 64); /* start with outer pad */
1763 md5_update(&context
, digest
, 16); /* then results of 1st hash */
1764 md5_final(digest
, &context
); /* finish up 2nd pass */
1767 #endif /* HAVE_MD5 */