1 /*@ S-nail - a mail user agent derived from Berkeley Mail.
2 *@ URL parsing, credential handling and crypto hooks.
3 *@ .netrc parser quite loosely based upon NetBSD usr.bin/ftp/
4 *@ $NetBSD: ruserpass.c,v 1.33 2007/04/17 05:52:04 lukem Exp $
6 * Copyright (c) 2014 Steffen (Daode) Nurpmeso <sdaoden@users.sf.net>.
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 #ifndef HAVE_AMALGAMATION
26 /* NetBSD usr.bin/ftp/ruserpass.c uses 100 bytes for that, we need four
27 * concurrently (dummy, host, user, pass), so make it a KB */
28 # define NRC_TOKEN_MAXLEN (1024 / 4)
49 struct nrc_node
*nrc_next
;
50 struct nrc_node
*nrc_result
; /* In match phase, former possible one */
51 ui32_t nrc_mlen
; /* Length of machine name */
52 ui32_t nrc_ulen
; /* Length of user name */
53 ui32_t nrc_plen
; /* Length of password */
54 char nrc_dat
[VFIELD_SIZE(4)];
56 # define NRC_NODE_ERR ((struct nrc_node*)-1)
58 static struct nrc_node
*_nrc_list
;
60 /* Initialize .netrc cache */
61 static void _nrc_init(void);
62 static enum nrc_token
__nrc_token(FILE *fi
, char buffer
[NRC_TOKEN_MAXLEN
]);
64 /* We shall lookup a machine in .netrc says ok_blook(netrc_lookup).
65 * only_pass is true then the lookup is for the password only, otherwise we
66 * look for a user (and add password only if we have an exact machine match) */
67 static enum nrc_result
_nrc_lookup(struct url
*urlp
, bool_t only_pass
);
69 /* 0=no match; 1=exact match; -1=wildcard match */
70 static int __nrc_host_match(struct nrc_node
const *nrc
,
71 struct url
const *urlp
);
72 static bool_t
__nrc_find_user(struct url
*urlp
,
73 struct nrc_node
const *nrc
);
74 static bool_t
__nrc_find_pass(struct url
*urlp
, bool_t user_match
,
75 struct nrc_node
const *nrc
);
76 #endif /* HAVE_NETRC */
82 char buffer
[NRC_TOKEN_MAXLEN
], host
[NRC_TOKEN_MAXLEN
],
83 user
[NRC_TOKEN_MAXLEN
], pass
[NRC_TOKEN_MAXLEN
], *netrc_load
;
88 struct nrc_node
*ntail
= NULL
/* CC happy */, *nhead
= NULL
,
92 if ((netrc_load
= getenv("NETRC")/* TODO */) == NULL
)
93 netrc_load
= UNCONST(NETRC
);
94 if ((netrc_load
= file_expand(netrc_load
)) == NULL
)
97 if ((fi
= Fopen(netrc_load
, "r")) == NULL
) {
98 fprintf(stderr
, _("Cannot open `%s'\n"), netrc_load
);
102 /* Be simple and apply rigid (permission) check(s) */
103 if (fstat(fileno(fi
), &sb
) == -1 || !S_ISREG(sb
.st_mode
) ||
104 (sb
.st_mode
& (S_IRWXG
| S_IRWXO
))) {
106 _("Not a regular file, or accessible by non-user: `%s'\n"),
113 switch((t
= __nrc_token(fi
, buffer
))) {
118 default: /* Doesn't happen (but on error?), keep CC happy */
126 if (!seen_default
&& (t
= __nrc_token(fi
, host
)) != NRC_INPUT
)
128 *user
= *pass
= '\0';
129 while ((t
= __nrc_token(fi
, buffer
)) != NRC_NONE
&& t
!= NRC_MACHINE
&&
133 if ((t
= __nrc_token(fi
, user
)) != NRC_INPUT
)
137 if ((t
= __nrc_token(fi
, pass
)) != NRC_INPUT
)
141 if ((t
= __nrc_token(fi
, buffer
)) != NRC_INPUT
)
145 if ((t
= __nrc_token(fi
, buffer
)) != NRC_INPUT
)
149 while ((c
= getc(fi
)) != EOF
)
150 if (c
== '\n') { /* xxx */
164 if (!seen_default
&& (*user
!= '\0' || *pass
!= '\0')) {
165 size_t hl
= strlen(host
), ul
= strlen(user
), pl
= strlen(pass
);
166 struct nrc_node
*nx
= smalloc(sizeof(*nx
) -
167 VFIELD_SIZEOF(struct nrc_node
, nrc_dat
) + hl
+1 + ul
+1 + pl
+1);
170 ntail
->nrc_next
= nx
;
178 memcpy(nx
->nrc_dat
, host
, ++hl
);
179 memcpy(nx
->nrc_dat
+ hl
, user
, ++ul
);
180 memcpy(nx
->nrc_dat
+ hl
+ ul
, pass
, ++pl
);
182 if (t
== NRC_MACHINE
)
184 if (t
== NRC_DEFAULT
)
195 if (options
& OPT_D_V
)
196 fprintf(stderr
, _("Errors occurred while parsing `%s'\n"), netrc_load
);
199 if (nrc
== NRC_NODE_ERR
)
200 while (nhead
!= NULL
) {
202 nhead
= nhead
->nrc_next
;
209 static enum nrc_token
210 __nrc_token(FILE *fi
, char buffer
[NRC_TOKEN_MAXLEN
])
214 enum nrc_token rv
= NRC_NONE
;
218 if (feof(fi
) || ferror(fi
))
221 while ((c
= getc(fi
)) != EOF
&& whitechar(c
))
228 /* Not requiring the closing QM is the portable way */
229 while ((c
= getc(fi
)) != EOF
&& c
!= '"') {
231 if ((c
= getc(fi
)) == EOF
)
234 if (PTRCMP(cp
, ==, buffer
+ NRC_TOKEN_MAXLEN
)) {
241 while ((c
= getc(fi
)) != EOF
&& !whitechar(c
)) {
242 if (c
== '\\' && (c
= getc(fi
)) == EOF
)
245 if (PTRCMP(cp
, ==, buffer
+ NRC_TOKEN_MAXLEN
)) {
254 do {/*rv = NRC_NONE*/} while (0);
255 else if (!strcmp(buffer
, "default"))
257 else if (!strcmp(buffer
, "login"))
259 else if (!strcmp(buffer
, "password") || !strcmp(buffer
, "passwd"))
261 else if (!strcmp(buffer
, "account"))
263 else if (!strcmp(buffer
, "macdef"))
265 else if (!strcmp(buffer
, "machine"))
270 if (c
== EOF
&& !feof(fi
))
276 static enum nrc_result
277 _nrc_lookup(struct url
*urlp
, bool_t only_pass
) /* TODO optimize; too tricky!! */
279 struct nrc_node
*nrc
, *nrc_wild
, *nrc_exact
;
280 enum nrc_result rv
= NRC_RESNONE
;
283 assert(!only_pass
|| urlp
->url_user
.s
!= NULL
);
284 assert(only_pass
|| urlp
->url_user
.s
== NULL
);
286 if (_nrc_list
== NULL
)
288 if (_nrc_list
== NRC_NODE_ERR
)
291 nrc_wild
= nrc_exact
= NULL
;
292 for (nrc
= _nrc_list
; nrc
!= NULL
; nrc
= nrc
->nrc_next
)
293 switch (__nrc_host_match(nrc
, urlp
)) {
295 nrc
->nrc_result
= nrc_exact
;
299 nrc
->nrc_result
= nrc_wild
;
306 /* TODO _nrc_lookup(): PAIN! init: build sorted tree, single walk that!!
307 * TODO then: verify .netrc (unique fallback entries etc.) */
308 if (!only_pass
&& !__nrc_find_user(urlp
, nrc_exact
) &&
309 !__nrc_find_user(urlp
, nrc_wild
))
312 if (__nrc_find_pass(urlp
, TRU1
, nrc_exact
) ||
313 __nrc_find_pass(urlp
, TRU1
, nrc_wild
) ||
314 /* Do not try to find a password without exact user match unless we've
315 * been called during credential lookup, a.k.a. the second time */
317 __nrc_find_pass(urlp
, FAL0
, nrc_exact
) ||
318 __nrc_find_pass(urlp
, FAL0
, nrc_wild
))
326 __nrc_host_match(struct nrc_node
const *nrc
, struct url
const *urlp
)
333 /* Find a matching machine entry -- entries are lowercase normalized */
334 if (nrc
->nrc_mlen
== urlp
->url_host
.l
) {
335 if (LIKELY(!memcmp(nrc
->nrc_dat
, urlp
->url_host
.s
, urlp
->url_host
.l
)))
340 /* Cannot be an exact match, but maybe the .netrc machine starts with
341 * a `*.' glob, which we recognize as an extension, meaning "skip
342 * a single subdomain, then match the rest" */
343 d1
= nrc
->nrc_dat
+ 2;
345 if (l1
<= 2 || d1
[-1] != '.' || d1
[-2] != '*')
349 /* Brute skipping over one subdomain, no RFC 1035 or RFC 1122 checks;
350 * in fact this even succeeds for `.host.com', but - why care, here? */
351 d2
= urlp
->url_host
.s
;
352 l2
= urlp
->url_host
.l
;
359 if (l2
== l1
&& !memcmp(d1
, d2
, l1
))
360 /* This matches, but we won't use it directly but watch out for an
361 * exact match first! */
369 __nrc_find_user(struct url
*urlp
, struct nrc_node
const *nrc
)
373 for (; nrc
!= NULL
; nrc
= nrc
->nrc_result
)
374 if (nrc
->nrc_ulen
> 0 && urlp
->url_user
.s
== NULL
) {
375 /* Fake it was part of URL otherwise XXX */
376 urlp
->url_had_user
= TRU1
;
377 /* That buffer will be duplicated by url_parse() in this case! */
378 urlp
->url_user
.s
= UNCONST(nrc
->nrc_dat
+ nrc
->nrc_mlen
+1);
379 urlp
->url_user
.l
= nrc
->nrc_ulen
;
384 return (nrc
!= NULL
);
388 __nrc_find_pass(struct url
*urlp
, bool_t user_match
, struct nrc_node
const *nrc
)
392 for (; nrc
!= NULL
; nrc
= nrc
->nrc_result
) {
393 if (user_match
&& (nrc
->nrc_ulen
!= urlp
->url_user
.l
||
394 memcmp(nrc
->nrc_dat
+ nrc
->nrc_mlen
+1, urlp
->url_user
.s
,
397 if (nrc
->nrc_plen
== 0)
400 /* We are responsible for duplicating this buffer! */
401 urlp
->url_pass
.s
= savestrbuf(nrc
->nrc_dat
+ nrc
->nrc_mlen
+1 +
402 nrc
->nrc_ulen
+ 1, (urlp
->url_pass
.l
= nrc
->nrc_plen
));
407 return (nrc
!= NULL
);
409 #endif /* HAVE_NETRC */
412 url_parse(struct url
*urlp
, enum cproto cproto
, char const *data
)
414 #if defined HAVE_SMTP && defined HAVE_POP3 && defined HAVE_IMAP
417 #if defined HAVE_SMTP || defined HAVE_POP3 || defined HAVE_IMAP
425 memset(urlp
, 0, sizeof *urlp
);
426 urlp
->url_input
= data
;
427 urlp
->url_cproto
= cproto
;
429 /* Network protocol */
430 #define _protox(X,Y) \
431 urlp->url_portno = Y;\
432 memcpy(urlp->url_proto, X "://", sizeof(X "://"));\
433 urlp->url_proto[sizeof(X) -1] = '\0';\
434 urlp->url_proto_len = sizeof(X) -1;\
435 urlp->url_proto_xlen = sizeof(X "://") -1
436 #define __if(X,Y,Z) \
437 if (!ascncasecmp(data, X "://", sizeof(X "://") -1)) {\
439 data += sizeof(X "://") -1;\
440 do { Z; } while (0);\
443 #define _if(X,Y) __if(X, Y, (void)0)
445 # define _ifs(X,Y) __if(X, Y, urlp->url_needs_tls = TRU1)
447 # define _ifs(X,Y) goto jeproto;
454 _if ("submission", 587)
465 _protox("pop3", 110);
474 _protox("imap", 143);
486 if (strstr(data
, "://") != NULL
) {
487 #if !defined __ALLPROTO || !defined HAVE_SSL
490 fprintf(stderr
, _("URL `proto://' prefix invalid: `%s'\n"),
496 /* User and password, I */
498 if ((cp
= UNCONST(last_at_before_slash(data
))) != NULL
) {
499 size_t l
= PTR2SIZE(cp
- data
);
500 char const *d
= data
;
501 char *ub
= ac_alloc(l
+1);
503 urlp
->url_had_user
= TRU1
;
506 /* And also have a password? */
507 if ((cp
= memchr(d
, ':', l
)) != NULL
) {
508 size_t i
= PTR2SIZE(cp
- d
);
511 memcpy(ub
, cp
+ 1, l
);
513 urlp
->url_pass
.l
= strlen(urlp
->url_pass
.s
= urlxdec(ub
));
515 if (strcmp(ub
, urlxenc(urlp
->url_pass
.s
, FAL0
))) {
517 _("String is not properly URL percent encoded: `%s'\n"), ub
);
525 urlp
->url_user
.l
= strlen(urlp
->url_user
.s
= urlxdec(ub
));
526 urlp
->url_user_enc
.l
= strlen(
527 urlp
->url_user_enc
.s
= urlxenc(urlp
->url_user
.s
, FAL0
));
529 if (urlp
->url_user_enc
.l
!= l
|| memcmp(urlp
->url_user_enc
.s
, ub
, l
)) {
531 _("String is not properly URL percent encoded: `%s'\n"), ub
);
538 /* Servername and port -- and possible path suffix */
539 if ((cp
= strchr(data
, ':')) != NULL
) { /* TODO URL parse, IPv6 support */
543 urlp
->url_port
= x
= savestr(x
= cp
+ 1);
544 if ((x
= strchr(x
, '/')) != NULL
)
546 l
= strtol(urlp
->url_port
, &eptr
, 10);
547 if (*eptr
!= '\0' || l
<= 0 || UICMP(32, l
, >=, 0xFFFFu
)) {
548 fprintf(stderr
, _("URL with invalid port number: `%s'\n"),
552 urlp
->url_portno
= (ui16_t
)l
;
554 if ((x
= strchr(data
, '/')) != NULL
)
555 data
= savestrbuf(data
, PTR2SIZE(x
- data
));
556 cp
= UNCONST(data
+ strlen(data
));
559 /* A (non-empty) path may only occur with IMAP */
560 if (x
!= NULL
&& x
[1] != '\0') {
561 if (cproto
!= CPROTO_IMAP
) {
562 fprintf(stderr
, _("URL protocol doesn't support paths: `%s'\n"),
566 urlp
->url_path
.l
= strlen(++x
);
567 urlp
->url_path
.s
= savestrbuf(x
, urlp
->url_path
.l
);
570 urlp
->url_host
.s
= savestrbuf(data
, urlp
->url_host
.l
= PTR2SIZE(cp
- data
));
572 for (cp
= urlp
->url_host
.s
, i
= urlp
->url_host
.l
; i
!= 0; ++cp
, --i
)
573 *cp
= lowerconv(*cp
);
576 /* .url_h_p: HOST:PORT */
578 struct str
*s
= &urlp
->url_h_p
;
580 s
->s
= salloc(urlp
->url_host
.l
+ 1 + sizeof("65536")-1 +1);
581 memcpy(s
->s
, urlp
->url_host
.s
, i
= urlp
->url_host
.l
);
582 if (urlp
->url_port
!= NULL
) {
583 size_t j
= strlen(urlp
->url_port
);
585 memcpy(s
->s
+ i
, urlp
->url_port
, j
);
593 * If there was no user in the URL, do we have *user-HOST* or *user*? */
594 if (!urlp
->url_had_user
) {
595 if ((urlp
->url_user
.s
= xok_vlook(user
, urlp
, OXM_H_P
)) == NULL
) {
596 /* No *user-HOST*, check wether .netrc lookup is desired */
598 if (!ok_blook(v15_compat
) || !ok_blook(netrc_lookup
) ||
599 _nrc_lookup(urlp
, FAL0
) != NRC_RESOK
)
601 if ((urlp
->url_user
.s
= ok_vlook(user
)) == NULL
)
602 urlp
->url_user
.s
= UNCONST(myname
);
605 urlp
->url_user
.l
= strlen(urlp
->url_user
.s
);
606 urlp
->url_user
.s
= savestrbuf(urlp
->url_user
.s
, urlp
->url_user
.l
);
607 urlp
->url_user_enc
.l
= strlen(
608 urlp
->url_user_enc
.s
= urlxenc(urlp
->url_user
.s
, FAL0
));
611 /* And then there are a lot of prebuild string combinations TODO do lazy */
613 /* .url_u_h: .url_user@.url_host
614 * For SMTP we apply ridiculously complicated *v15-compat* plus
615 * *smtp-hostname* / *hostname* dependent rules */
619 if (cproto
== CPROTO_SMTP
&& ok_blook(v15_compat
) &&
620 (cp
= ok_vlook(smtp_hostname
)) != NULL
) {
623 h
.s
= savestrbuf(cp
, h
.l
= strlen(cp
));
628 i
= urlp
->url_user
.l
;
630 s
->s
= salloc(i
+ 1 + h
.l
+1);
632 memcpy(s
->s
, urlp
->url_user
.s
, i
);
635 memcpy(s
->s
+ i
, h
.s
, h
.l
+1);
640 /* .url_u_h_p: .url_user@.url_host[:.url_port] */
641 { struct str
*s
= &urlp
->url_u_h_p
;
642 size_t i
= urlp
->url_user
.l
;
644 s
->s
= salloc(i
+ 1 + urlp
->url_h_p
.l
+1);
646 memcpy(s
->s
, urlp
->url_user
.s
, i
);
649 memcpy(s
->s
+ i
, urlp
->url_h_p
.s
, urlp
->url_h_p
.l
+1);
650 i
+= urlp
->url_h_p
.l
;
654 /* .url_eu_h_p: .url_user_enc@.url_host[:.url_port] */
655 { struct str
*s
= &urlp
->url_eu_h_p
;
656 size_t i
= urlp
->url_user_enc
.l
;
658 s
->s
= salloc(i
+ 1 + urlp
->url_h_p
.l
+1);
660 memcpy(s
->s
, urlp
->url_user_enc
.s
, i
);
663 memcpy(s
->s
+ i
, urlp
->url_h_p
.s
, urlp
->url_h_p
.l
+1);
664 i
+= urlp
->url_h_p
.l
;
668 /* .url_p_u_h_p: .url_proto://.url_u_h_p */
670 char *ud
= salloc((i
= urlp
->url_proto_xlen
+ urlp
->url_u_h_p
.l
) +1);
672 urlp
->url_proto
[urlp
->url_proto_len
] = ':';
673 memcpy(sstpcpy(ud
, urlp
->url_proto
), urlp
->url_u_h_p
.s
,
674 urlp
->url_u_h_p
.l
+1);
675 urlp
->url_proto
[urlp
->url_proto_len
] = '\0';
677 urlp
->url_p_u_h_p
= ud
;
680 /* .url_p_eu_h_p, .url_p_eu_h_p_p: .url_proto://.url_eu_h_p[/.url_path] */
682 char *ud
= salloc((i
= urlp
->url_proto_xlen
+ urlp
->url_eu_h_p
.l
) +
683 1 + urlp
->url_path
.l
+1);
685 urlp
->url_proto
[urlp
->url_proto_len
] = ':';
686 memcpy(sstpcpy(ud
, urlp
->url_proto
), urlp
->url_eu_h_p
.s
,
687 urlp
->url_eu_h_p
.l
+1);
688 urlp
->url_proto
[urlp
->url_proto_len
] = '\0';
690 if (urlp
->url_path
.l
== 0)
691 urlp
->url_p_eu_h_p
= urlp
->url_p_eu_h_p_p
= ud
;
693 urlp
->url_p_eu_h_p
= savestrbuf(ud
, i
);
694 urlp
->url_p_eu_h_p_p
= ud
;
697 memcpy(ud
, urlp
->url_path
.s
, urlp
->url_path
.l
+1);
702 #endif /* __ANYPROTO */
711 ccred_lookup_old(struct ccred
*ccp
, enum cproto cproto
, char const *addr
)
713 char const *pname
, *pxstr
, *authdef
;
714 size_t pxlen
, addrlen
, i
;
717 enum {NONE
=0, WANT_PASS
=1<<0, REQ_PASS
=1<<1, WANT_USER
=1<<2, REQ_USER
=1<<3}
719 bool_t addr_is_nuser
= FAL0
; /* XXX v15.0 legacy! v15_compat */
722 memset(ccp
, 0, sizeof *ccp
);
729 pxlen
= sizeof("smtp-auth") -1;
730 authmask
= AUTHTYPE_NONE
| AUTHTYPE_PLAIN
| AUTHTYPE_LOGIN
|
731 AUTHTYPE_CRAM_MD5
| AUTHTYPE_GSSAPI
;
733 addr_is_nuser
= TRU1
;
738 pxlen
= sizeof("pop3-auth") -1;
739 authmask
= AUTHTYPE_PLAIN
;
745 pxlen
= sizeof("imap-auth") -1;
746 authmask
= AUTHTYPE_LOGIN
| AUTHTYPE_CRAM_MD5
| AUTHTYPE_GSSAPI
;
751 ccp
->cc_cproto
= cproto
;
752 addrlen
= strlen(addr
);
753 vbuf
= ac_alloc(pxlen
+ addrlen
+ sizeof("-password-")-1 +1);
754 memcpy(vbuf
, pxstr
, pxlen
);
756 /* Authentication type */
758 memcpy(vbuf
+ pxlen
+ 1, addr
, addrlen
+1);
759 if ((s
= vok_vlook(vbuf
)) == NULL
) {
761 if ((s
= vok_vlook(vbuf
)) == NULL
)
762 s
= UNCONST(authdef
);
765 if (!asccasecmp(s
, "none")) {
766 ccp
->cc_auth
= "NONE";
767 ccp
->cc_authtype
= AUTHTYPE_NONE
;
769 } else if (!asccasecmp(s
, "plain")) {
770 ccp
->cc_auth
= "PLAIN";
771 ccp
->cc_authtype
= AUTHTYPE_PLAIN
;
772 ware
= REQ_PASS
| REQ_USER
;
773 } else if (!asccasecmp(s
, "login")) {
774 ccp
->cc_auth
= "LOGIN";
775 ccp
->cc_authtype
= AUTHTYPE_LOGIN
;
776 ware
= REQ_PASS
| REQ_USER
;
777 } else if (!asccasecmp(s
, "cram-md5")) {
778 ccp
->cc_auth
= "CRAM-MD5";
779 ccp
->cc_authtype
= AUTHTYPE_CRAM_MD5
;
780 ware
= REQ_PASS
| REQ_USER
;
781 } else if (!asccasecmp(s
, "gssapi")) {
782 ccp
->cc_auth
= "GSS-API";
783 ccp
->cc_authtype
= AUTHTYPE_GSSAPI
;
788 if (!(ccp
->cc_authtype
& authmask
)) {
789 fprintf(stderr
, _("Unsupported %s authentication method: %s\n"),
795 if (ccp
->cc_authtype
== AUTHTYPE_CRAM_MD5
) {
796 fprintf(stderr
, _("No CRAM-MD5 support compiled in.\n"));
802 if (ccp
->cc_authtype
== AUTHTYPE_GSSAPI
) {
803 fprintf(stderr
, _("No GSS-API support compiled in.\n"));
810 if (!(ware
& (WANT_USER
| REQ_USER
)))
813 if (!addr_is_nuser
) {
814 if ((s
= UNCONST(last_at_before_slash(addr
))) != NULL
) {
815 ccp
->cc_user
.s
= urlxdec(savestrbuf(addr
, PTR2SIZE(s
- addr
)));
816 ccp
->cc_user
.l
= strlen(ccp
->cc_user
.s
);
817 } else if (ware
& REQ_USER
)
822 memcpy(vbuf
+ pxlen
, "-user-", i
= sizeof("-user-") -1);
824 memcpy(vbuf
+ i
, addr
, addrlen
+1);
825 if ((s
= vok_vlook(vbuf
)) == NULL
) {
827 if ((s
= vok_vlook(vbuf
)) == NULL
&& (ware
& REQ_USER
)) {
828 if ((s
= getuser(NULL
)) == NULL
) {
829 jgetuser
: /* TODO v15.0: today we simply bail, but we should call getuser().
830 * TODO even better: introduce `PROTO-user' and `PROTO-pass' and
831 * TODO check that first, then! change control flow, grow `vbuf' */
832 fprintf(stderr
, _("A user is necessary for %s authentication.\n"),
839 ccp
->cc_user
.l
= strlen(ccp
->cc_user
.s
= savestr(s
));
843 if (!(ware
& (WANT_PASS
| REQ_PASS
)))
846 if (!addr_is_nuser
) {
847 memcpy(vbuf
, "password-", i
= sizeof("password-") -1);
849 memcpy(vbuf
+ pxlen
, "-password-", i
= sizeof("-password-") -1);
852 memcpy(vbuf
+ i
, addr
, addrlen
+1);
853 if ((s
= vok_vlook(vbuf
)) == NULL
) {
855 if ((!addr_is_nuser
|| (s
= vok_vlook(vbuf
)) == NULL
) &&
857 if ((s
= getpassword(NULL
)) == NULL
) {
859 _("A password is necessary for %s authentication.\n"), pname
);
866 ccp
->cc_pass
.l
= strlen(ccp
->cc_pass
.s
= savestr(s
));
870 if (ccp
!= NULL
&& (options
& OPT_D_VV
))
871 fprintf(stderr
, _("Credentials: host `%s', user `%s', pass `%s'\n"),
872 addr
, (ccp
->cc_user
.s
!= NULL
? ccp
->cc_user
.s
: ""),
873 (ccp
->cc_pass
.s
!= NULL
? ccp
->cc_pass
.s
: ""));
875 return (ccp
!= NULL
);
879 ccred_lookup(struct ccred
*ccp
, struct url
*urlp
)
881 char const *pstr
, *authdef
;
885 enum {NONE
=0, WANT_PASS
=1<<0, REQ_PASS
=1<<1, WANT_USER
=1<<2, REQ_USER
=1<<3}
889 memset(ccp
, 0, sizeof *ccp
);
890 ccp
->cc_user
= urlp
->url_user
;
892 switch ((ccp
->cc_cproto
= urlp
->url_cproto
)) {
896 plen
= sizeof("smtp") -1;
897 authmask
= AUTHTYPE_NONE
| AUTHTYPE_PLAIN
| AUTHTYPE_LOGIN
|
898 AUTHTYPE_CRAM_MD5
| AUTHTYPE_GSSAPI
;
903 plen
= sizeof("pop3") -1;
904 authmask
= AUTHTYPE_PLAIN
;
909 plen
= sizeof("imap") -1;
910 authmask
= AUTHTYPE_LOGIN
| AUTHTYPE_CRAM_MD5
| AUTHTYPE_GSSAPI
;
915 /* Note: "password-" is longer than "-auth-", .url_u_h_p and .url_h_p */
916 vbuf
= ac_alloc(plen
+ sizeof("password-")-1 + urlp
->url_u_h_p
.l
+1);
917 memcpy(vbuf
, pstr
, plen
);
919 /* Authentication type */
920 memcpy(vbuf
+ plen
, "-auth-", i
= sizeof("-auth-") -1);
922 /* -USER@HOST, -HOST, '' */
923 memcpy(vbuf
+ i
, urlp
->url_u_h_p
.s
, urlp
->url_u_h_p
.l
+1);
924 if ((s
= vok_vlook(vbuf
)) == NULL
) {
925 memcpy(vbuf
+ i
, urlp
->url_h_p
.s
, urlp
->url_h_p
.l
+1);
926 if ((s
= vok_vlook(vbuf
)) == NULL
) {
927 vbuf
[plen
+ sizeof("-auth") -1] = '\0';
928 if ((s
= vok_vlook(vbuf
)) == NULL
)
929 s
= UNCONST(authdef
);
933 if (!asccasecmp(s
, "none")) {
934 ccp
->cc_auth
= "NONE";
935 ccp
->cc_authtype
= AUTHTYPE_NONE
;
937 } else if (!asccasecmp(s
, "plain")) {
938 ccp
->cc_auth
= "PLAIN";
939 ccp
->cc_authtype
= AUTHTYPE_PLAIN
;
940 ware
= REQ_PASS
| REQ_USER
;
941 } else if (!asccasecmp(s
, "login")) {
942 ccp
->cc_auth
= "LOGIN";
943 ccp
->cc_authtype
= AUTHTYPE_LOGIN
;
944 ware
= REQ_PASS
| REQ_USER
;
945 } else if (!asccasecmp(s
, "cram-md5")) {
946 ccp
->cc_auth
= "CRAM-MD5";
947 ccp
->cc_authtype
= AUTHTYPE_CRAM_MD5
;
948 ware
= REQ_PASS
| REQ_USER
;
949 } else if (!asccasecmp(s
, "gssapi")) {
950 ccp
->cc_auth
= "GSS-API";
951 ccp
->cc_authtype
= AUTHTYPE_GSSAPI
;
956 if (!(ccp
->cc_authtype
& authmask
)) {
957 fprintf(stderr
, _("Unsupported %s authentication method: %s\n"), pstr
, s
);
962 if (ccp
->cc_authtype
== AUTHTYPE_CRAM_MD5
) {
963 fprintf(stderr
, _("No CRAM-MD5 support compiled in.\n"));
969 if (ccp
->cc_authtype
== AUTHTYPE_GSSAPI
) {
970 fprintf(stderr
, _("No GSS-API support compiled in.\n"));
977 if ((ccp
->cc_pass
= urlp
->url_pass
).s
!= NULL
)
980 memcpy(vbuf
, "password-", i
= sizeof("password-") -1);
981 /* -USER@HOST, -HOST, '' */
982 memcpy(vbuf
+ i
, urlp
->url_u_h_p
.s
, urlp
->url_u_h_p
.l
+1);
983 if ((s
= vok_vlook(vbuf
)) == NULL
) {
984 memcpy(vbuf
+ i
, urlp
->url_h_p
.s
, urlp
->url_h_p
.l
+1);
985 if ((s
= vok_vlook(vbuf
)) == NULL
) {
986 /* But before we go and deal with the absolute fallbacks, check wether
987 * we may look into .netrc */
989 if (ok_blook(netrc_lookup
))
990 switch (_nrc_lookup(urlp
, TRU1
)) {
994 ccp
->cc_pass
= urlp
->url_pass
;
997 fprintf(stderr
, _(".netrc authentification failed "
998 "(missing password or user mismatch)\n"));
1004 if ((s
= vok_vlook(vbuf
)) == NULL
&& (ware
& REQ_PASS
) &&
1005 (s
= getpassword(NULL
)) == NULL
) {
1007 _("A password is necessary for %s authentication.\n"), pstr
);
1014 ccp
->cc_pass
.l
= strlen(ccp
->cc_pass
.s
= savestr(s
));
1018 if (ccp
!= NULL
&& (options
& OPT_D_VV
))
1019 fprintf(stderr
, _("Credentials: host `%s', user `%s', pass `%s'\n"),
1020 urlp
->url_h_p
.s
, (ccp
->cc_user
.s
!= NULL
? ccp
->cc_user
.s
: ""),
1021 (ccp
->cc_pass
.s
!= NULL
? ccp
->cc_pass
.s
: ""));
1023 return (ccp
!= NULL
);
1031 struct nrc_node
*nrc
;
1036 if (argv
[1] != NULL
)
1038 if (!asccasecmp(*argv
, "show"))
1040 if (!asccasecmp(*argv
, "clear"))
1043 fprintf(stderr
, "Synopsis: netrc: %s\n",
1044 _("Either <show> (default) or <clear> the .netrc cache"));
1048 return (v
== NULL
? !STOP
: !OKAY
); /* xxx 1:bad 0:good -- do some */
1054 if (_nrc_list
== NULL
)
1056 if (_nrc_list
== NRC_NODE_ERR
) {
1057 fprintf(stderr
, _("Interpolate what file?\n"));
1062 if ((fp
= Ftmp(NULL
, "netrc", OF_RDWR
| OF_UNLINK
| OF_REGISTER
, 0600)
1069 for (l
= 0, nrc
= _nrc_list
; nrc
!= NULL
; ++l
, nrc
= nrc
->nrc_next
) {
1070 fprintf(fp
, _("Host %s: "), nrc
->nrc_dat
);
1071 if (nrc
->nrc_ulen
> 0)
1072 fprintf(fp
, _("user %s, "), nrc
->nrc_dat
+ nrc
->nrc_mlen
+1);
1074 fputs(_("no user, "), fp
);
1075 if (nrc
->nrc_plen
> 0)
1076 fprintf(fp
, _("password %s.\n"),
1077 nrc
->nrc_dat
+ nrc
->nrc_mlen
+1 + nrc
->nrc_ulen
+1);
1079 fputs(_("no password.\n"), fp
);
1082 page_or_print(fp
, l
);
1088 if (_nrc_list
== NRC_NODE_ERR
)
1090 while ((nrc
= _nrc_list
) != NULL
) {
1091 _nrc_list
= nrc
->nrc_next
;
1096 #endif /* HAVE_NETRC */
1100 md5tohex(char hex
[MD5TOHEX_SIZE
], void const *vp
)
1102 char const *cp
= vp
;
1106 for (i
= 0; i
< MD5TOHEX_SIZE
/ 2; ++i
) {
1108 # define __hex(n) ((n) > 9 ? (n) - 10 + 'a' : (n) + '0')
1109 hex
[j
] = __hex((cp
[i
] & 0xF0) >> 4);
1110 hex
[++j
] = __hex(cp
[i
] & 0x0F);
1118 cram_md5_string(struct str
const *user
, struct str
const *pass
,
1122 char digest
[16], *cp
;
1126 in
.s
= UNCONST(b64
);
1127 in
.l
= strlen(in
.s
);
1128 b64_decode(&out
, &in
, NULL
);
1129 assert(out
.s
!= NULL
);
1131 hmac_md5((uc_it
*)out
.s
, out
.l
, (uc_it
*)pass
->s
, pass
->l
, digest
);
1133 cp
= md5tohex(salloc(MD5TOHEX_SIZE
+1), digest
);
1135 in
.l
= user
->l
+ MD5TOHEX_SIZE
+1;
1136 in
.s
= ac_alloc(user
->l
+ 1 + MD5TOHEX_SIZE
+1);
1137 memcpy(in
.s
, user
->s
, user
->l
);
1138 in
.s
[user
->l
] = ' ';
1139 memcpy(in
.s
+ user
->l
+ 1, cp
, MD5TOHEX_SIZE
);
1140 b64_encode(&out
, &in
, B64_SALLOC
| B64_CRLF
);
1147 hmac_md5(unsigned char *text
, int text_len
, unsigned char *key
, int key_len
,
1151 * This code is taken from
1153 * Network Working Group H. Krawczyk
1154 * Request for Comments: 2104 IBM
1155 * Category: Informational M. Bellare
1162 * HMAC: Keyed-Hashing for Message Authentication
1165 unsigned char k_ipad
[65]; /* inner padding - key XORd with ipad */
1166 unsigned char k_opad
[65]; /* outer padding - key XORd with opad */
1167 unsigned char tk
[16];
1171 /* if key is longer than 64 bytes reset it to key=MD5(key) */
1176 md5_update(&tctx
, key
, key_len
);
1177 md5_final(tk
, &tctx
);
1183 /* the HMAC_MD5 transform looks like:
1185 * MD5(K XOR opad, MD5(K XOR ipad, text))
1187 * where K is an n byte key
1188 * ipad is the byte 0x36 repeated 64 times
1189 * opad is the byte 0x5c repeated 64 times
1190 * and text is the data being protected */
1192 /* start out by storing key in pads */
1193 memset(k_ipad
, 0, sizeof k_ipad
);
1194 memset(k_opad
, 0, sizeof k_opad
);
1195 memcpy(k_ipad
, key
, key_len
);
1196 memcpy(k_opad
, key
, key_len
);
1198 /* XOR key with ipad and opad values */
1199 for (i
=0; i
<64; i
++) {
1204 /* perform inner MD5 */
1205 md5_init(&context
); /* init context for 1st pass */
1206 md5_update(&context
, k_ipad
, 64); /* start with inner pad */
1207 md5_update(&context
, text
, text_len
); /* then text of datagram */
1208 md5_final(digest
, &context
); /* finish up 1st pass */
1210 /* perform outer MD5 */
1211 md5_init(&context
); /* init context for 2nd pass */
1212 md5_update(&context
, k_opad
, 64); /* start with outer pad */
1213 md5_update(&context
, digest
, 16); /* then results of 1st hash */
1214 md5_final(digest
, &context
); /* finish up 2nd pass */
1217 #endif /* HAVE_MD5 */
1219 /* vim:set fenc=utf-8:s-it-mode */