search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bump S-nail v14.9.0-pre2, 2016-10-31
[s-mailx.git] / urlcrecry.c
blob4bee8b4de75629b01ba7cc981a8765e78098f7ae
1 /*@ S-nail - a mail user agent derived from Berkeley Mail.
2 *@ URL parsing, credential handling and crypto hooks.
3 *@ .netrc parser quite loosely based upon NetBSD usr.bin/ftp/
4 *@ $NetBSD: ruserpass.c,v 1.33 2007/04/17 05:52:04 lukem Exp $
5 *
6 * Copyright (c) 2014 - 2016 Steffen (Daode) Nurpmeso <steffen@sdaoden.eu>.
7 *
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20 #undef n_FILE
21 #define n_FILE urlcrecry
22
23 #ifndef HAVE_AMALGAMATION
24 # include "nail.h"
25 #endif
26
27 #ifdef HAVE_NETRC
28 /* NetBSD usr.bin/ftp/ruserpass.c uses 100 bytes for that, we need four
29 * concurrently (dummy, host, user, pass), so make it a KB */
30 # define NRC_TOKEN_MAXLEN (1024 / 4)
31
32 enum nrc_token {
33 NRC_ERROR = -1,
34 NRC_NONE = 0,
35 NRC_DEFAULT,
36 NRC_LOGIN,
37 NRC_PASSWORD,
38 NRC_ACCOUNT,
39 NRC_MACDEF,
40 NRC_MACHINE,
41 NRC_INPUT
42 };
43
44 struct nrc_node {
45 struct nrc_node *nrc_next;
46 struct nrc_node *nrc_result; /* In match phase, former possible one */
47 ui32_t nrc_mlen; /* Length of machine name */
48 ui32_t nrc_ulen; /* Length of user name */
49 ui32_t nrc_plen; /* Length of password */
50 char nrc_dat[VFIELD_SIZE(sizeof(ui32_t))];
51 };
52 # define NRC_NODE_ERR ((struct nrc_node*)-1)
53
54 static struct nrc_node *_nrc_list;
55 #endif /* HAVE_NETRC */
56
57 /* Find the last @ before a slash
58 * TODO Casts off the const but this is ok here; obsolete function! */
59 #ifdef HAVE_SOCKETS /* temporary (we'll have file://..) */
60 static char * _url_last_at_before_slash(char const *sp);
61 #endif
62
63 #ifdef HAVE_NETRC
64 /* Initialize .netrc cache */
65 static void _nrc_init(void);
66 static enum nrc_token __nrc_token(FILE *fi, char buffer[NRC_TOKEN_MAXLEN],
67 bool_t *nl_last);
68
69 /* We shall lookup a machine in .netrc says ok_blook(netrc_lookup).
70 * only_pass is true then the lookup is for the password only, otherwise we
71 * look for a user (and add password only if we have an exact machine match) */
72 static bool_t _nrc_lookup(struct url *urlp, bool_t only_pass);
73
74 /* 0=no match; 1=exact match; -1=wildcard match */
75 static int __nrc_host_match(struct nrc_node const *nrc,
76 struct url const *urlp);
77 static bool_t __nrc_find_user(struct url *urlp,
78 struct nrc_node const *nrc);
79 static bool_t __nrc_find_pass(struct url *urlp, bool_t user_match,
80 struct nrc_node const *nrc);
81 #endif /* HAVE_NETRC */
82
83 /* The password can also be gained through external agents TODO v15-compat */
84 #ifdef HAVE_AGENT
85 static bool_t _agent_shell_lookup(struct url *urlp, char const *comm);
86 #endif
87
88 #ifdef HAVE_SOCKETS
89 static char *
90 _url_last_at_before_slash(char const *sp)
91 {
92 char const *cp;
93 char c;
94 NYD2_ENTER;
95
96 for (cp = sp; (c = *cp) != '\0'; ++cp)
97 if (c == '/')
98 break;
99 while (cp > sp && *--cp != '@')
100 ;
101 if (*cp != '@')
102 cp = NULL;
103 NYD2_LEAVE;
104 return UNCONST(cp);
105 }
106 #endif
107
108 #ifdef HAVE_NETRC
109 static void
110 _nrc_init(void)
111 {
112 struct n_sigman sm;
113 char buffer[NRC_TOKEN_MAXLEN], host[NRC_TOKEN_MAXLEN],
114 user[NRC_TOKEN_MAXLEN], pass[NRC_TOKEN_MAXLEN], *netrc_load;
115 struct stat sb;
116 FILE * fi;
117 enum nrc_token t;
118 bool_t ispipe, seen_default, nl_last;
119 struct nrc_node *ntail, *nhead, *nrc;
120 NYD_ENTER;
121
122 UNINIT(ntail, NULL);
123 nhead = NULL;
124 nrc = NRC_NODE_ERR;
125 ispipe = FAL0;
126 fi = NULL;
127
128 n_SIGMAN_ENTER_SWITCH(&sm, n_SIGMAN_ALL) {
129 case 0:
130 break;
131 default:
132 goto jleave;
133 }
134
135 if ((netrc_load = ok_vlook(netrc_pipe)) != NULL) {
136 ispipe = TRU1;
137 if ((fi = Popen(netrc_load, "r", ok_vlook(SHELL), NULL, COMMAND_FD_NULL)
138 ) == NULL) {
139 n_perr(netrc_load, 0);
140 goto j_leave;
141 }
142 } else {
143 if ((netrc_load = file_expand(ok_vlook(NETRC))) == NULL)
144 goto j_leave;
145
146 if ((fi = Fopen(netrc_load, "r")) == NULL) {
147 n_err(_("Cannot open %s\n"), n_shexp_quote_cp(netrc_load, FAL0));
148 goto j_leave;
149 }
150
151 /* Be simple and apply rigid (permission) check(s) */
152 if (fstat(fileno(fi), &sb) == -1 || !S_ISREG(sb.st_mode) ||
153 (sb.st_mode & (S_IRWXG | S_IRWXO))) {
154 n_err(_("Not a regular file, or accessible by non-user: %s\n"),
155 n_shexp_quote_cp(netrc_load, FAL0));
156 goto jleave;
157 }
158 }
159
160 seen_default = FAL0;
161 nl_last = TRU1;
162 jnext:
163 switch((t = __nrc_token(fi, buffer, &nl_last))) {
164 case NRC_NONE:
165 break;
166 default: /* Doesn't happen (but on error?), keep CC happy */
167 case NRC_DEFAULT:
168 jdef:
169 /* We ignore the default entry (require an exact host match), and we also
170 * ignore anything after such an entry (faulty syntax) */
171 seen_default = TRU1;
172 /* FALLTHRU */
173 case NRC_MACHINE:
174 jm_h:
175 /* Normalize HOST to lowercase */
176 *host = '\0';
177 if (!seen_default && (t = __nrc_token(fi, host, &nl_last)) != NRC_INPUT)
178 goto jerr;
179 else {
180 char *cp;
181 for (cp = host; *cp != '\0'; ++cp)
182 *cp = lowerconv(*cp);
183 }
184
185 *user = *pass = '\0';
186 while ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_NONE &&
187 t != NRC_MACHINE && t != NRC_DEFAULT) {
188 switch(t) {
189 case NRC_LOGIN:
190 if ((t = __nrc_token(fi, user, &nl_last)) != NRC_INPUT)
191 goto jerr;
192 break;
193 case NRC_PASSWORD:
194 if ((t = __nrc_token(fi, pass, &nl_last)) != NRC_INPUT)
195 goto jerr;
196 break;
197 case NRC_ACCOUNT:
198 if ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_INPUT)
199 goto jerr;
200 break;
201 case NRC_MACDEF:
202 if ((t = __nrc_token(fi, buffer, &nl_last)) != NRC_INPUT)
203 goto jerr;
204 else {
205 int i = 0, c;
206 while ((c = getc(fi)) != EOF)
207 if (c == '\n') { /* xxx */
208 /* Don't care about comments here, since we parse until
209 * we've seen two successive newline characters */
210 if (i)
211 break;
212 i = 1;
213 } else
214 i = 0;
215 }
216 break;
217 default:
218 case NRC_ERROR:
219 goto jerr;
220 }
221 }
222
223 if (!seen_default && (*user != '\0' || *pass != '\0')) {
224 size_t hl = strlen(host), ul = strlen(user), pl = strlen(pass);
225 struct nrc_node *nx = smalloc(sizeof(*nx) -
226 VFIELD_SIZEOF(struct nrc_node, nrc_dat) + hl +1 + ul +1 + pl +1);
227
228 if (nhead != NULL)
229 ntail->nrc_next = nx;
230 else
231 nhead = nx;
232 ntail = nx;
233 nx->nrc_next = NULL;
234 nx->nrc_mlen = hl;
235 nx->nrc_ulen = ul;
236 nx->nrc_plen = pl;
237 memcpy(nx->nrc_dat, host, ++hl);
238 memcpy(nx->nrc_dat + hl, user, ++ul);
239 memcpy(nx->nrc_dat + hl + ul, pass, ++pl);
240 }
241 if (t == NRC_MACHINE)
242 goto jm_h;
243 if (t == NRC_DEFAULT)
244 goto jdef;
245 if (t != NRC_NONE)
246 goto jnext;
247 break;
248 case NRC_ERROR:
249 jerr:
250 if (options & OPT_D_V)
251 n_err(_("Errors occurred while parsing %s\n"),
252 n_shexp_quote_cp(netrc_load, FAL0));
253 assert(nrc == NRC_NODE_ERR);
254 goto jleave;
255 }
256
257 if (nhead != NULL)
258 nrc = nhead;
259 n_sigman_cleanup_ping(&sm);
260 jleave:
261 if (fi != NULL) {
262 if (ispipe)
263 Pclose(fi, TRU1);
264 else
265 Fclose(fi);
266 }
267 if (nrc == NRC_NODE_ERR)
268 while (nhead != NULL) {
269 ntail = nhead;
270 nhead = nhead->nrc_next;
271 free(ntail);
272 }
273 j_leave:
274 _nrc_list = nrc;
275 NYD_LEAVE;
276 n_sigman_leave(&sm, n_SIGMAN_VIPSIGS_NTTYOUT);
277 }
278
279 static enum nrc_token
280 __nrc_token(FILE *fi, char buffer[NRC_TOKEN_MAXLEN], bool_t *nl_last)
281 {
282 int c;
283 char *cp;
284 enum nrc_token rv;
285 NYD2_ENTER;
286
287 rv = NRC_NONE;
288 for (;;) {
289 bool_t seen_nl;
290
291 c = EOF;
292 if (feof(fi) || ferror(fi))
293 goto jleave;
294
295 for (seen_nl = *nl_last; (c = getc(fi)) != EOF && whitechar(c);)
296 seen_nl |= (c == '\n');
297
298 if (c == EOF)
299 goto jleave;
300 /* fetchmail and derived parsers support comments */
301 if ((*nl_last = seen_nl) && c == '#') {
302 while ((c = getc(fi)) != EOF && c != '\n')
303 ;
304 continue;
305 }
306 break;
307 }
308
309 cp = buffer;
310 /* Is it a quoted token? At least IBM syntax also supports ' quotes */
311 if (c == '"' || c == '\'') {
312 int quotec = c;
313
314 /* Not requiring the closing QM is (Net)BSD syntax */
315 while ((c = getc(fi)) != EOF && c != quotec) {
316 /* Backslash escaping the next character is (Net)BSD syntax */
317 if (c == '\\')
318 if ((c = getc(fi)) == EOF)
319 break;
320 *cp++ = c;
321 if (PTRCMP(cp, ==, buffer + NRC_TOKEN_MAXLEN)) {
322 rv = NRC_ERROR;
323 goto jleave;
324 }
325 }
326 } else {
327 *cp++ = c;
328 while ((c = getc(fi)) != EOF && !whitechar(c)) {
329 /* Backslash escaping the next character is (Net)BSD syntax */
330 if (c == '\\' && (c = getc(fi)) == EOF)
331 break;
332 *cp++ = c;
333 if (PTRCMP(cp, ==, buffer + NRC_TOKEN_MAXLEN)) {
334 rv = NRC_ERROR;
335 goto jleave;
336 }
337 }
338 *nl_last = (c == '\n');
339 }
340 *cp = '\0';
341
342 if (*buffer == '\0')
343 do {/*rv = NRC_NONE*/} while (0);
344 else if (!strcmp(buffer, "default"))
345 rv = NRC_DEFAULT;
346 else if (!strcmp(buffer, "login"))
347 rv = NRC_LOGIN;
348 else if (!strcmp(buffer, "password") || !strcmp(buffer, "passwd"))
349 rv = NRC_PASSWORD;
350 else if (!strcmp(buffer, "account"))
351 rv = NRC_ACCOUNT;
352 else if (!strcmp(buffer, "macdef"))
353 rv = NRC_MACDEF;
354 else if (!strcmp(buffer, "machine"))
355 rv = NRC_MACHINE;
356 else
357 rv = NRC_INPUT;
358 jleave:
359 if (c == EOF && !feof(fi))
360 rv = NRC_ERROR;
361 NYD2_LEAVE;
362 return rv;
363 }
364
365 static bool_t
366 _nrc_lookup(struct url *urlp, bool_t only_pass)
367 {
368 struct nrc_node *nrc, *nrc_wild, *nrc_exact;
369 bool_t rv = FAL0;
370 NYD_ENTER;
371
372 assert(!only_pass || urlp->url_user.s != NULL);
373 assert(only_pass || urlp->url_user.s == NULL);
374
375 if (_nrc_list == NULL)
376 _nrc_init();
377 if (_nrc_list == NRC_NODE_ERR)
378 goto jleave;
379
380 nrc_wild = nrc_exact = NULL;
381 for (nrc = _nrc_list; nrc != NULL; nrc = nrc->nrc_next)
382 switch (__nrc_host_match(nrc, urlp)) {
383 case 1:
384 nrc->nrc_result = nrc_exact;
385 nrc_exact = nrc;
386 continue;
387 case -1:
388 nrc->nrc_result = nrc_wild;
389 nrc_wild = nrc;
390 /* FALLTHRU */
391 case 0:
392 continue;
393 }
394
395 if (!only_pass && urlp->url_user.s == NULL) {
396 /* Must be an unambiguous entry of its kind */
397 if (nrc_exact != NULL && nrc_exact->nrc_result != NULL)
398 goto jleave;
399 if (__nrc_find_user(urlp, nrc_exact))
400 goto j_user;
401
402 if (nrc_wild != NULL && nrc_wild->nrc_result != NULL)
403 goto jleave;
404 if (!__nrc_find_user(urlp, nrc_wild))
405 goto jleave;
406 j_user:
407 ;
408 }
409
410 if (__nrc_find_pass(urlp, TRU1, nrc_exact) ||
411 __nrc_find_pass(urlp, TRU1, nrc_wild) ||
412 /* Do not try to find a password without exact user match unless we've
413 * been called during credential lookup, a.k.a. the second time */
414 !only_pass ||
415 __nrc_find_pass(urlp, FAL0, nrc_exact) ||
416 __nrc_find_pass(urlp, FAL0, nrc_wild))
417 rv = TRU1;
418 jleave:
419 NYD_LEAVE;
420 return rv;
421 }
422
423 static int
424 __nrc_host_match(struct nrc_node const *nrc, struct url const *urlp)
425 {
426 char const *d2, *d1;
427 size_t l2, l1;
428 int rv = 0;
429 NYD2_ENTER;
430
431 /* Find a matching machine -- entries are all lowercase normalized */
432 if (nrc->nrc_mlen == urlp->url_host.l) {
433 if (LIKELY(!memcmp(nrc->nrc_dat, urlp->url_host.s, urlp->url_host.l)))
434 rv = 1;
435 goto jleave;
436 }
437
438 /* Cannot be an exact match, but maybe the .netrc machine starts with
439 * a "*." glob, which we recognize as an extension, meaning "skip
440 * a single subdomain, then match the rest" */
441 d1 = nrc->nrc_dat + 2;
442 l1 = nrc->nrc_mlen;
443 if (l1 <= 2 || d1[-1] != '.' || d1[-2] != '*')
444 goto jleave;
445 l1 -= 2;
446
447 /* Brute skipping over one subdomain, no RFC 1035 or RFC 1122 checks;
448 * in fact this even succeeds for ".host.com", but - why care, here? */
449 d2 = urlp->url_host.s;
450 l2 = urlp->url_host.l;
451 while (l2 > 0) {
452 --l2;
453 if (*d2++ == '.')
454 break;
455 }
456
457 if (l2 == l1 && !memcmp(d1, d2, l1))
458 /* This matches, but we won't use it directly but watch out for an
459 * exact match first! */
460 rv = -1;
461 jleave:
462 NYD2_LEAVE;
463 return rv;
464 }
465
466 static bool_t
467 __nrc_find_user(struct url *urlp, struct nrc_node const *nrc)
468 {
469 NYD2_ENTER;
470
471 for (; nrc != NULL; nrc = nrc->nrc_result)
472 if (nrc->nrc_ulen > 0) {
473 /* Fake it was part of URL otherwise XXX */
474 urlp->url_had_user = TRU1;
475 /* That buffer will be duplicated by url_parse() in this case! */
476 urlp->url_user.s = UNCONST(nrc->nrc_dat + nrc->nrc_mlen +1);
477 urlp->url_user.l = nrc->nrc_ulen;
478 break;
479 }
480
481 NYD2_LEAVE;
482 return (nrc != NULL);
483 }
484
485 static bool_t
486 __nrc_find_pass(struct url *urlp, bool_t user_match, struct nrc_node const *nrc)
487 {
488 NYD2_ENTER;
489
490 for (; nrc != NULL; nrc = nrc->nrc_result) {
491 bool_t um = (nrc->nrc_ulen == urlp->url_user.l &&
492 !memcmp(nrc->nrc_dat + nrc->nrc_mlen +1, urlp->url_user.s,
493 urlp->url_user.l));
494
495 if (user_match) {
496 if (!um)
497 continue;
498 } else if (!um && nrc->nrc_ulen > 0)
499 continue;
500 if (nrc->nrc_plen == 0)
501 continue;
502
503 /* We are responsible for duplicating this buffer! */
504 urlp->url_pass.s = savestrbuf(nrc->nrc_dat + nrc->nrc_mlen +1 +
505 nrc->nrc_ulen + 1, (urlp->url_pass.l = nrc->nrc_plen));
506 break;
507 }
508
509 NYD2_LEAVE;
510 return (nrc != NULL);
511 }
512 #endif /* HAVE_NETRC */
513
514 #ifdef HAVE_AGENT
515 static bool_t
516 _agent_shell_lookup(struct url *urlp, char const *comm) /* TODO v15-compat */
517 {
518 char buf[128];
519 char const *env_addon[8];
520 struct str s;
521 FILE *pbuf;
522 union {char const *cp; int c; sighandler_type sht;} u;
523 size_t cl, l;
524 bool_t rv = FAL0;
525 NYD2_ENTER;
526
527 env_addon[0] = str_concat_csvl(&s, AGENT_USER, "=", urlp->url_user.s,
528 NULL)->s;
529 env_addon[1] = str_concat_csvl(&s, AGENT_USER_ENC, "=", urlp->url_user_enc.s,
530 NULL)->s;
531 env_addon[2] = str_concat_csvl(&s, AGENT_HOST, "=", urlp->url_host.s,
532 NULL)->s;
533 env_addon[3] = str_concat_csvl(&s, AGENT_HOST_PORT, "=", urlp->url_h_p.s,
534 NULL)->s;
535 u.cp = ok_vlook(TMPDIR);
536 env_addon[4] = str_concat_csvl(&s, NAILENV_TMPDIR, "=", u.cp, NULL)->s;
537 env_addon[5] = str_concat_csvl(&s, "TMPDIR", "=", u.cp, NULL)->s;
538
539 env_addon[6] = NULL;
540
541 if ((pbuf = Popen(comm, "r", ok_vlook(SHELL), env_addon, -1)) == NULL) {
542 n_err(_("*agent-shell-lookup* startup failed (%s)\n"), comm);
543 goto jleave;
544 }
545
546 for (s.s = NULL, s.l = cl = l = 0; (u.c = getc(pbuf)) != EOF; ++cl) {
547 if (u.c == '\n') /* xxx */
548 continue;
549 buf[l++] = u.c;
550 if (l == sizeof(buf) - 1) {
551 n_str_add_buf(&s, buf, l);
552 l = 0;
553 }
554 }
555 if (l > 0)
556 n_str_add_buf(&s, buf, l);
557
558 if (!Pclose(pbuf, TRU1)) {
559 n_err(_("*agent-shell-lookup* execution failure (%s)\n"), comm);
560 goto jleave;
561 }
562
563 /* We are responsible for duplicating this buffer! */
564 if (s.s != NULL)
565 urlp->url_pass.s = savestrbuf(s.s, urlp->url_pass.l = s.l);
566 else if (cl > 0)
567 urlp->url_pass.s = UNCONST(""), urlp->url_pass.l = 0;
568 rv = TRU1;
569 jleave:
570 if (s.s != NULL)
571 free(s.s);
572 NYD2_LEAVE;
573 return rv;
574 }
575 #endif /* HAVE_AGENT */
576
577 FL char *
578 (urlxenc)(char const *cp, bool_t ispath SALLOC_DEBUG_ARGS)
579 {
580 char *n, *np, c1;
581 NYD2_ENTER;
582
583 np = n = (salloc)(strlen(cp) * 3 +1 SALLOC_DEBUG_ARGSCALL);
584
585 for (; (c1 = *cp) != '\0'; ++cp) {
586 /* (RFC 1738) RFC 3986, 2.3 Unreserved Characters:
587 * ALPHA / DIGIT / "-" / "." / "_" / "~"
588 * However add a special is[file]path mode for file-system friendliness */
589 if (alnumchar(c1) || c1 == '_')
590 *np++ = c1;
591 else if (!ispath) {
592 if (c1 != '-' && c1 != '.' && c1 != '~')
593 goto jesc;
594 *np++ = c1;
595 } else if (PTRCMP(np, >, n) && (*cp == '-' || *cp == '.')) /* XXX imap */
596 *np++ = c1;
597 else {
598 jesc:
599 np[0] = '%';
600 n_c_to_hex_base16(np + 1, c1);
601 np += 3;
602 }
603 }
604 *np = '\0';
605 NYD2_LEAVE;
606 return n;
607 }
608
609 FL char *
610 (urlxdec)(char const *cp SALLOC_DEBUG_ARGS)
611 {
612 char *n, *np;
613 si32_t c;
614 NYD2_ENTER;
615
616 np = n = (salloc)(strlen(cp) +1 SALLOC_DEBUG_ARGSCALL);
617
618 while ((c = (uc_i)*cp++) != '\0') {
619 if (c == '%' && cp[0] != '\0' && cp[1] != '\0') {
620 si32_t o = c;
621 if (LIKELY((c = n_c_from_hex_base16(cp)) >= '\0'))
622 cp += 2;
623 else
624 c = o;
625 }
626 *np++ = (char)c;
627 }
628 *np = '\0';
629 NYD2_LEAVE;
630 return n;
631 }
632
633 FL int
634 c_urlcodec(void *v){
635 bool_t ispath;
636 char const **argv, *cp, *res;
637 NYD_ENTER;
638
639 if(*(cp = *(argv = v)) == 'p'){
640 if(!ascncasecmp(++cp, "ath", 3))
641 cp += 3;
642 ispath = TRU1;
643 }
644
645 if(is_prefix(cp, "encode")){
646 while((cp = *++argv) != NULL){
647 res = urlxenc(cp, ispath);
648 printf(" in: %s (%" PRIuZ " bytes)\nout: %s (%" PRIuZ " bytes)\n",
649 cp, strlen(cp), res, strlen(res));
650 }
651 }else if(is_prefix(cp, "decode")){
652 struct str in, out;
653
654 while((cp = *++argv) != NULL){
655 res = urlxdec(cp);
656 in.l = strlen(in.s = UNCONST(res)); /* logical */
657 makeprint(&in, &out);
658 printf(" in: %s (%" PRIuZ " bytes)\nout: %s (%" PRIuZ " bytes)\n",
659 cp, strlen(cp), out.s, in.l);
660 free(out.s);
661 }
662 }else{
663 n_err(_("`urlcodec': invalid subcommand: %s\n"), *argv);
664 cp = NULL;
665 }
666 NYD_LEAVE;
667 return (cp != NULL ? OKAY : STOP);
668 }
669
670 FL char *
671 url_mailto_to_address(char const *mailtop){ /* TODO hack! RFC 6068; factory? */
672 size_t i;
673 char *rv;
674 char const *mailtop_orig;
675 NYD_ENTER;
676
677 if(!is_prefix("mailto:", mailtop_orig = mailtop)){
678 rv = NULL;
679 goto jleave;
680 }
681 mailtop += sizeof("mailto:") -1;
682
683 /* TODO This is all intermediate, and for now just enough to understand
684 * TODO a little bit of a little more advanced List-Post: headers. */
685 /* Strip any hfield additions, keep only to addr-spec's */
686 if((rv = strchr(mailtop, '?')) != NULL)
687 rv = savestrbuf(mailtop, i = PTR2SIZE(rv - mailtop));
688 else
689 rv = savestrbuf(mailtop, i = strlen(mailtop));
690
691 i = strlen(rv);
692
693 /* Simply perform percent-decoding if there is a percent % */
694 if(memchr(rv, '%', i) != NULL){
695 char *rv_base;
696 bool_t err;
697
698 for(err = FAL0, mailtop = rv_base = rv; i > 0;){
699 char c;
700
701 if((c = *mailtop++) == '%'){
702 si32_t cc;
703
704 if(i < 3 || (cc = n_c_from_hex_base16(mailtop)) < 0){
705 if(!err && (err = TRU1, options & OPT_D_V))
706 n_err(_("Invalid RFC 6068 'mailto' URL: %s\n"),
707 n_shexp_quote_cp(mailtop_orig, FAL0));
708 goto jhex_putc;
709 }
710 *rv++ = (char)cc;
711 mailtop += 2;
712 i -= 3;
713 }else{
714 jhex_putc:
715 *rv++ = c;
716 --i;
717 }
718 }
719 *rv = '\0';
720 rv = rv_base;
721 }
722 jleave:
723 NYD_LEAVE;
724 return rv;
725 }
726
727 FL char const *
728 n_servbyname(char const *proto, ui16_t *irv_or_null){
729 static struct{
730 char const name[14];
731 char const port[8];
732 ui16_t portno;
733 } const tbl[] = {
734 { "smtp", "25", 25},
735 { "submission", "587", 587},
736 { "smtps", "465", 465},
737 { "pop3", "110", 110},
738 { "pop3s", "995", 995},
739 { "imap", "143", 143},
740 { "imaps", "993", 993},
741 { "file", "", 0}
742 };
743 char const *rv;
744 size_t l, i;
745 NYD2_ENTER;
746
747 for(rv = proto; *rv != '\0'; ++rv)
748 if(*rv == ':')
749 break;
750 l = PTR2SIZE(rv - proto);
751
752 for(rv = NULL, i = 0; i < NELEM(tbl); ++i)
753 if(!ascncasecmp(tbl[i].name, proto, l)){
754 rv = tbl[i].port;
755 if(irv_or_null != NULL)
756 *irv_or_null = tbl[i].portno;
757 break;
758 }
759 NYD2_LEAVE;
760 return rv;
761 }
762
763 #ifdef HAVE_SOCKETS /* Note: not indented for that -- later: file:// etc.! */
764 FL bool_t
765 url_parse(struct url *urlp, enum cproto cproto, char const *data)
766 {
767 #if defined HAVE_SMTP && defined HAVE_POP3
768 # define __ALLPROTO
769 #endif
770 #if defined HAVE_SMTP || defined HAVE_POP3
771 # define __ANYPROTO
772 char *cp, *x;
773 #endif
774 bool_t rv = FAL0;
775 NYD_ENTER;
776 UNUSED(data);
777
778 memset(urlp, 0, sizeof *urlp);
779 urlp->url_input = data;
780 urlp->url_cproto = cproto;
781
782 /* Network protocol */
783 #define _protox(X,Y) \
784 urlp->url_portno = Y;\
785 memcpy(urlp->url_proto, X "://", sizeof(X "://"));\
786 urlp->url_proto[sizeof(X) -1] = '\0';\
787 urlp->url_proto_len = sizeof(X) -1;\
788 urlp->url_proto_xlen = sizeof(X "://") -1
789 #define __if(X,Y,Z) \
790 if (!ascncasecmp(data, X "://", sizeof(X "://") -1)) {\
791 _protox(X, Y);\
792 data += sizeof(X "://") -1;\
793 do { Z; } while (0);\
794 goto juser;\
795 }
796 #define _if(X,Y) __if(X, Y, (void)0)
797 #ifdef HAVE_SSL
798 # define _ifs(X,Y) __if(X, Y, urlp->url_needs_tls = TRU1)
799 #else
800 # define _ifs(X,Y) goto jeproto;
801 #endif
802
803 switch (cproto) {
804 case CPROTO_SMTP:
805 #ifdef HAVE_SMTP
806 _if ("smtp", 25)
807 _if ("submission", 587)
808 _ifs ("smtps", 465)
809 _protox("smtp", 25);
810 break;
811 #else
812 goto jeproto;
813 #endif
814 case CPROTO_POP3:
815 #ifdef HAVE_POP3
816 _if ("pop3", 110)
817 _ifs ("pop3s", 995)
818 _protox("pop3", 110);
819 break;
820 #else
821 goto jeproto;
822 #endif
823 #if 0
824 case CPROTO_IMAP:
825 _if ("imap", 143)
826 _ifs ("imaps", 993)
827 _protox("imap", 143);
828 break;
829 goto jeproto;
830 #endif
831 }
832
833 #undef _ifs
834 #undef _if
835 #undef __if
836 #undef _protox
837
838 if (strstr(data, "://") != NULL) {
839 #if !defined __ALLPROTO || !defined HAVE_SSL
840 jeproto:
841 #endif
842 n_err(_("URL proto:// prefix invalid: %s\n"), urlp->url_input);
843 goto jleave;
844 }
845 #ifdef __ANYPROTO
846
847 /* User and password, I */
848 juser:
849 if ((cp = _url_last_at_before_slash(data)) != NULL) {
850 size_t l = PTR2SIZE(cp - data);
851 char const *d = data;
852 char *ub = ac_alloc(l +1);
853
854 urlp->url_had_user = TRU1;
855 data = cp + 1;
856
857 /* And also have a password? */
858 if ((cp = memchr(d, ':', l)) != NULL) {
859 size_t i = PTR2SIZE(cp - d);
860
861 l -= i + 1;
862 memcpy(ub, cp + 1, l);
863 ub[l] = '\0';
864 urlp->url_pass.l = strlen(urlp->url_pass.s = urlxdec(ub));
865
866 if (strcmp(ub, urlxenc(urlp->url_pass.s, FAL0))) {
867 n_err(_("String is not properly URL percent encoded: %s\n"),
868 ub);
869 goto jleave;
870 }
871 l = i;
872 }
873
874 memcpy(ub, d, l);
875 ub[l] = '\0';
876 urlp->url_user.l = strlen(urlp->url_user.s = urlxdec(ub));
877 urlp->url_user_enc.l = strlen(
878 urlp->url_user_enc.s = urlxenc(urlp->url_user.s, FAL0));
879
880 if (urlp->url_user_enc.l != l || memcmp(urlp->url_user_enc.s, ub, l)) {
881 n_err(_("String is not properly URL percent encoded: %s\n"), ub);
882 goto jleave;
883 }
884
885 ac_free(ub);
886 }
887
888 /* Servername and port -- and possible path suffix */
889 if ((cp = strchr(data, ':')) != NULL) { /* TODO URL parse, IPv6 support */
890 char *eptr;
891 long l;
892
893 urlp->url_port = x = savestr(x = &cp[1]);
894 if ((x = strchr(x, '/')) != NULL) {
895 *x = '\0';
896 while(*++x == '/')
897 ;
898 }
899 l = strtol(urlp->url_port, &eptr, 10);
900 if (*eptr != '\0' || l <= 0 || UICMP(32, l, >=, 0xFFFFu)) {
901 n_err(_("URL with invalid port number: %s\n"), urlp->url_input);
902 goto jleave;
903 }
904 urlp->url_portno = (ui16_t)l;
905 } else {
906 if ((x = strchr(data, '/')) != NULL) {
907 data = savestrbuf(data, PTR2SIZE(x - data));
908 while(*++x == '/')
909 ;
910 }
911 cp = UNCONST(data + strlen(data));
912 }
913
914 /* A (non-empty) path may only occur with IMAP */
915 if (x != NULL && *x != '\0') {
916 /* Take care not to count adjacent slashes for real, on either end */
917 char *x2;
918 size_t i;
919
920 for(x2 = savestrbuf(x, i = strlen(x)); i > 0; --i)
921 if(x2[i - 1] != '/')
922 break;
923 x2[i] = '\0';
924
925 if (i > 0) {
926 #if 0
927 if (cproto != CPROTO_IMAP) {
928 #endif
929 n_err(_("URL protocol doesn't support paths: \"%s\"\n"),
930 urlp->url_input);
931 goto jleave;
932 #if 0
933 }
934 urlp->url_path.l = i;
935 urlp->url_path.s = x2;
936 #endif
937 }
938 }
939
940 urlp->url_host.s = savestrbuf(data, urlp->url_host.l = PTR2SIZE(cp - data));
941 { size_t i;
942 for (cp = urlp->url_host.s, i = urlp->url_host.l; i != 0; ++cp, --i)
943 *cp = lowerconv(*cp);
944 }
945
946 /* .url_h_p: HOST:PORT */
947 { size_t i;
948 struct str *s = &urlp->url_h_p;
949
950 s->s = salloc(urlp->url_host.l + 1 + sizeof("65536")-1 +1);
951 memcpy(s->s, urlp->url_host.s, i = urlp->url_host.l);
952 if (urlp->url_port != NULL) {
953 size_t j = strlen(urlp->url_port);
954 s->s[i++] = ':';
955 memcpy(s->s + i, urlp->url_port, j);
956 i += j;
957 }
958 s->s[i] = '\0';
959 s->l = i;
960 }
961
962 /* User, II
963 * If there was no user in the URL, do we have *user-HOST* or *user*? */
964 if (!urlp->url_had_user) {
965 if ((urlp->url_user.s = xok_vlook(user, urlp, OXM_PLAIN | OXM_H_P))
966 == NULL) {
967 /* No, check whether .netrc lookup is desired */
968 # ifdef HAVE_NETRC
969 if (!ok_blook(v15_compat) ||
970 !xok_blook(netrc_lookup, urlp, OXM_PLAIN | OXM_H_P) ||
971 !_nrc_lookup(urlp, FAL0))
972 # endif
973 urlp->url_user.s = UNCONST(myname);
974 }
975
976 urlp->url_user.l = strlen(urlp->url_user.s);
977 urlp->url_user.s = savestrbuf(urlp->url_user.s, urlp->url_user.l);
978 urlp->url_user_enc.l = strlen(
979 urlp->url_user_enc.s = urlxenc(urlp->url_user.s, FAL0));
980 }
981
982 /* And then there are a lot of prebuild string combinations TODO do lazy */
983
984 /* .url_u_h: .url_user@.url_host
985 * For SMTP we apply ridiculously complicated *v15-compat* plus
986 * *smtp-hostname* / *hostname* dependent rules */
987 { struct str h, *s;
988 size_t i;
989
990 if (cproto == CPROTO_SMTP && ok_blook(v15_compat) &&
991 (cp = ok_vlook(smtp_hostname)) != NULL) {
992 if (*cp == '\0')
993 cp = nodename(1);
994 h.s = savestrbuf(cp, h.l = strlen(cp));
995 } else
996 h = urlp->url_host;
997
998 s = &urlp->url_u_h;
999 i = urlp->url_user.l;
1000
1001 s->s = salloc(i + 1 + h.l +1);
1002 if (i > 0) {
1003 memcpy(s->s, urlp->url_user.s, i);
1004 s->s[i++] = '@';
1005 }
1006 memcpy(s->s + i, h.s, h.l +1);
1007 i += h.l;
1008 s->l = i;
1009 }
1010
1011 /* .url_u_h_p: .url_user@.url_host[:.url_port] */
1012 { struct str *s = &urlp->url_u_h_p;
1013 size_t i = urlp->url_user.l;
1014
1015 s->s = salloc(i + 1 + urlp->url_h_p.l +1);
1016 if (i > 0) {
1017 memcpy(s->s, urlp->url_user.s, i);
1018 s->s[i++] = '@';
1019 }
1020 memcpy(s->s + i, urlp->url_h_p.s, urlp->url_h_p.l +1);
1021 i += urlp->url_h_p.l;
1022 s->l = i;
1023 }
1024
1025 /* .url_eu_h_p: .url_user_enc@.url_host[:.url_port] */
1026 { struct str *s = &urlp->url_eu_h_p;
1027 size_t i = urlp->url_user_enc.l;
1028
1029 s->s = salloc(i + 1 + urlp->url_h_p.l +1);
1030 if (i > 0) {
1031 memcpy(s->s, urlp->url_user_enc.s, i);
1032 s->s[i++] = '@';
1033 }
1034 memcpy(s->s + i, urlp->url_h_p.s, urlp->url_h_p.l +1);
1035 i += urlp->url_h_p.l;
1036 s->l = i;
1037 }
1038
1039 /* .url_p_u_h_p: .url_proto://.url_u_h_p */
1040 { size_t i;
1041 char *ud = salloc((i = urlp->url_proto_xlen + urlp->url_u_h_p.l) +1);
1042
1043 urlp->url_proto[urlp->url_proto_len] = ':';
1044 memcpy(sstpcpy(ud, urlp->url_proto), urlp->url_u_h_p.s,
1045 urlp->url_u_h_p.l +1);
1046 urlp->url_proto[urlp->url_proto_len] = '\0';
1047
1048 urlp->url_p_u_h_p = ud;
1049 }
1050
1051 /* .url_p_eu_h_p, .url_p_eu_h_p_p: .url_proto://.url_eu_h_p[/.url_path] */
1052 { size_t i;
1053 char *ud = salloc((i = urlp->url_proto_xlen + urlp->url_eu_h_p.l) +
1054 1 + urlp->url_path.l +1);
1055
1056 urlp->url_proto[urlp->url_proto_len] = ':';
1057 memcpy(sstpcpy(ud, urlp->url_proto), urlp->url_eu_h_p.s,
1058 urlp->url_eu_h_p.l +1);
1059 urlp->url_proto[urlp->url_proto_len] = '\0';
1060
1061 if (urlp->url_path.l == 0)
1062 urlp->url_p_eu_h_p = urlp->url_p_eu_h_p_p = ud;
1063 else {
1064 urlp->url_p_eu_h_p = savestrbuf(ud, i);
1065 urlp->url_p_eu_h_p_p = ud;
1066 ud += i;
1067 *ud++ = '/';
1068 memcpy(ud, urlp->url_path.s, urlp->url_path.l +1);
1069 }
1070 }
1071
1072 rv = TRU1;
1073 #endif /* __ANYPROTO */
1074 jleave:
1075 NYD_LEAVE;
1076 return rv;
1077 #undef __ANYPROTO
1078 #undef __ALLPROTO
1079 }
1080
1081 FL bool_t
1082 ccred_lookup_old(struct ccred *ccp, enum cproto cproto, char const *addr)
1083 {
1084 char const *pname, *pxstr, *authdef;
1085 size_t pxlen, addrlen, i;
1086 char *vbuf, *s;
1087 ui8_t authmask;
1088 enum {NONE=0, WANT_PASS=1<<0, REQ_PASS=1<<1, WANT_USER=1<<2, REQ_USER=1<<3}
1089 ware = NONE;
1090 bool_t addr_is_nuser = FAL0; /* XXX v15.0 legacy! v15_compat */
1091 NYD_ENTER;
1092
1093 memset(ccp, 0, sizeof *ccp);
1094
1095 switch (cproto) {
1096 default:
1097 case CPROTO_SMTP:
1098 pname = "SMTP";
1099 pxstr = "smtp-auth";
1100 pxlen = sizeof("smtp-auth") -1;
1101 authmask = AUTHTYPE_NONE | AUTHTYPE_PLAIN | AUTHTYPE_LOGIN |
1102 AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
1103 authdef = "none";
1104 addr_is_nuser = TRU1;
1105 break;
1106 case CPROTO_POP3:
1107 pname = "POP3";
1108 pxstr = "pop3-auth";
1109 pxlen = sizeof("pop3-auth") -1;
1110 authmask = AUTHTYPE_PLAIN;
1111 authdef = "plain";
1112 break;
1113 }
1114
1115 ccp->cc_cproto = cproto;
1116 addrlen = strlen(addr);
1117 vbuf = ac_alloc(pxlen + addrlen + sizeof("-password-")-1 +1);
1118 memcpy(vbuf, pxstr, pxlen);
1119
1120 /* Authentication type */
1121 vbuf[pxlen] = '-';
1122 memcpy(vbuf + pxlen + 1, addr, addrlen +1);
1123 if ((s = vok_vlook(vbuf)) == NULL) {
1124 vbuf[pxlen] = '\0';
1125 if ((s = vok_vlook(vbuf)) == NULL)
1126 s = UNCONST(authdef);
1127 }
1128
1129 if (!asccasecmp(s, "none")) {
1130 ccp->cc_auth = "NONE";
1131 ccp->cc_authtype = AUTHTYPE_NONE;
1132 /*ware = NONE;*/
1133 } else if (!asccasecmp(s, "plain")) {
1134 ccp->cc_auth = "PLAIN";
1135 ccp->cc_authtype = AUTHTYPE_PLAIN;
1136 ware = REQ_PASS | REQ_USER;
1137 } else if (!asccasecmp(s, "login")) {
1138 ccp->cc_auth = "LOGIN";
1139 ccp->cc_authtype = AUTHTYPE_LOGIN;
1140 ware = REQ_PASS | REQ_USER;
1141 } else if (!asccasecmp(s, "cram-md5")) {
1142 ccp->cc_auth = "CRAM-MD5";
1143 ccp->cc_authtype = AUTHTYPE_CRAM_MD5;
1144 ware = REQ_PASS | REQ_USER;
1145 } else if (!asccasecmp(s, "gssapi")) {
1146 ccp->cc_auth = "GSS-API";
1147 ccp->cc_authtype = AUTHTYPE_GSSAPI;
1148 ware = REQ_USER;
1149 } /* no else */
1150
1151 /* Verify method */
1152 if (!(ccp->cc_authtype & authmask)) {
1153 n_err(_("Unsupported %s authentication method: %s\n"), pname, s);
1154 ccp = NULL;
1155 goto jleave;
1156 }
1157 # ifndef HAVE_MD5
1158 if (ccp->cc_authtype == AUTHTYPE_CRAM_MD5) {
1159 n_err(_("No CRAM-MD5 support compiled in\n"));
1160 ccp = NULL;
1161 goto jleave;
1162 }
1163 # endif
1164 # ifndef HAVE_GSSAPI
1165 if (ccp->cc_authtype == AUTHTYPE_GSSAPI) {
1166 n_err(_("No GSS-API support compiled in\n"));
1167 ccp = NULL;
1168 goto jleave;
1169 }
1170 # endif
1171
1172 /* User name */
1173 if (!(ware & (WANT_USER | REQ_USER)))
1174 goto jpass;
1175
1176 if (!addr_is_nuser) {
1177 if ((s = _url_last_at_before_slash(addr)) != NULL) {
1178 ccp->cc_user.s = urlxdec(savestrbuf(addr, PTR2SIZE(s - addr)));
1179 ccp->cc_user.l = strlen(ccp->cc_user.s);
1180 } else if (ware & REQ_USER)
1181 goto jgetuser;
1182 goto jpass;
1183 }
1184
1185 memcpy(vbuf + pxlen, "-user-", i = sizeof("-user-") -1);
1186 i += pxlen;
1187 memcpy(vbuf + i, addr, addrlen +1);
1188 if ((s = vok_vlook(vbuf)) == NULL) {
1189 vbuf[--i] = '\0';
1190 if ((s = vok_vlook(vbuf)) == NULL && (ware & REQ_USER)) {
1191 if ((s = getuser(NULL)) == NULL) {
1192 jgetuser: /* TODO v15.0: today we simply bail, but we should call getuser().
1193 * TODO even better: introduce "PROTO-user" and "PROTO-pass" and
1194 * TODO check that first, then! change control flow, grow vbuf */
1195 n_err(_("A user is necessary for %s authentication\n"), pname);
1196 ccp = NULL;
1197 goto jleave;
1198 }
1199 }
1200 }
1201 ccp->cc_user.l = strlen(ccp->cc_user.s = savestr(s));
1202
1203 /* Password */
1204 jpass:
1205 if (!(ware & (WANT_PASS | REQ_PASS)))
1206 goto jleave;
1207
1208 if (!addr_is_nuser) {
1209 memcpy(vbuf, "password-", i = sizeof("password-") -1);
1210 } else {
1211 memcpy(vbuf + pxlen, "-password-", i = sizeof("-password-") -1);
1212 i += pxlen;
1213 }
1214 memcpy(vbuf + i, addr, addrlen +1);
1215 if ((s = vok_vlook(vbuf)) == NULL) {
1216 vbuf[--i] = '\0';
1217 if ((!addr_is_nuser || (s = vok_vlook(vbuf)) == NULL) &&
1218 (ware & REQ_PASS)) {
1219 if ((s = getpassword(NULL)) == NULL) {
1220 n_err(_("A password is necessary for %s authentication\n"),
1221 pname);
1222 ccp = NULL;
1223 goto jleave;
1224 }
1225 }
1226 }
1227 if (s != NULL)
1228 ccp->cc_pass.l = strlen(ccp->cc_pass.s = savestr(s));
1229
1230 jleave:
1231 ac_free(vbuf);
1232 if (ccp != NULL && (options & OPT_D_VV))
1233 n_err(_("Credentials: host %s, user %s, pass %s\n"),
1234 addr, (ccp->cc_user.s != NULL ? ccp->cc_user.s : ""),
1235 (ccp->cc_pass.s != NULL ? ccp->cc_pass.s : ""));
1236 NYD_LEAVE;
1237 return (ccp != NULL);
1238 }
1239
1240 FL bool_t
1241 ccred_lookup(struct ccred *ccp, struct url *urlp)
1242 {
1243 char const *pstr, *authdef;
1244 char *s;
1245 enum okeys authokey;
1246 ui8_t authmask;
1247 enum {NONE=0, WANT_PASS=1<<0, REQ_PASS=1<<1, WANT_USER=1<<2, REQ_USER=1<<3}
1248 ware = NONE;
1249 NYD_ENTER;
1250
1251 memset(ccp, 0, sizeof *ccp);
1252 ccp->cc_user = urlp->url_user;
1253
1254 switch ((ccp->cc_cproto = urlp->url_cproto)) {
1255 default:
1256 case CPROTO_SMTP:
1257 pstr = "smtp";
1258 authokey = ok_v_smtp_auth;
1259 authmask = AUTHTYPE_NONE | AUTHTYPE_PLAIN | AUTHTYPE_LOGIN |
1260 AUTHTYPE_CRAM_MD5 | AUTHTYPE_GSSAPI;
1261 authdef = "plain";
1262 break;
1263 case CPROTO_POP3:
1264 pstr = "pop3";
1265 authokey = ok_v_pop3_auth;
1266 authmask = AUTHTYPE_PLAIN;
1267 authdef = "plain";
1268 break;
1269 }
1270
1271 /* Authentication type */
1272 if ((s = xok_VLOOK(authokey, urlp, OXM_ALL)) == NULL)
1273 s = UNCONST(authdef);
1274
1275 if (!asccasecmp(s, "none")) {
1276 ccp->cc_auth = "NONE";
1277 ccp->cc_authtype = AUTHTYPE_NONE;
1278 /*ware = NONE;*/
1279 } else if (!asccasecmp(s, "plain")) {
1280 ccp->cc_auth = "PLAIN";
1281 ccp->cc_authtype = AUTHTYPE_PLAIN;
1282 ware = REQ_PASS | REQ_USER;
1283 } else if (!asccasecmp(s, "login")) {
1284 ccp->cc_auth = "LOGIN";
1285 ccp->cc_authtype = AUTHTYPE_LOGIN;
1286 ware = REQ_PASS | REQ_USER;
1287 } else if (!asccasecmp(s, "cram-md5")) {
1288 ccp->cc_auth = "CRAM-MD5";
1289 ccp->cc_authtype = AUTHTYPE_CRAM_MD5;
1290 ware = REQ_PASS | REQ_USER;
1291 } else if (!asccasecmp(s, "gssapi")) {
1292 ccp->cc_auth = "GSS-API";
1293 ccp->cc_authtype = AUTHTYPE_GSSAPI;
1294 ware = REQ_USER;
1295 } /* no else */
1296
1297 /* Verify method */
1298 if (!(ccp->cc_authtype & authmask)) {
1299 n_err(_("Unsupported %s authentication method: %s\n"), pstr, s);
1300 ccp = NULL;
1301 goto jleave;
1302 }
1303 # ifndef HAVE_MD5
1304 if (ccp->cc_authtype == AUTHTYPE_CRAM_MD5) {
1305 n_err(_("No CRAM-MD5 support compiled in\n"));
1306 ccp = NULL;
1307 goto jleave;
1308 }
1309 # endif
1310 # ifndef HAVE_GSSAPI
1311 if (ccp->cc_authtype == AUTHTYPE_GSSAPI) {
1312 n_err(_("No GSS-API support compiled in\n"));
1313 ccp = NULL;
1314 goto jleave;
1315 }
1316 # endif
1317
1318 /* Password */
1319 ccp->cc_pass = urlp->url_pass;
1320 if (ccp->cc_pass.s != NULL)
1321 goto jleave;
1322
1323 if ((s = xok_vlook(password, urlp, OXM_ALL)) != NULL)
1324 goto js2pass;
1325 # ifdef HAVE_AGENT /* TODO v15-compat obsolete */
1326 if ((s = xok_vlook(agent_shell_lookup, urlp, OXM_ALL)) != NULL) {
1327 OBSOLETE(_("*agent-shell-lookup* will vanish. Please use encrypted "
1328 "~/.netrc (via *netrc-pipe*), or simply `source' an encrypted file"));
1329 if (!_agent_shell_lookup(urlp, s)) {
1330 ccp = NULL;
1331 goto jleave;
1332 } else if (urlp->url_pass.s != NULL) {
1333 ccp->cc_pass = urlp->url_pass;
1334 goto jleave;
1335 }
1336 }
1337 # endif
1338 # ifdef HAVE_NETRC
1339 if (xok_blook(netrc_lookup, urlp, OXM_ALL) && _nrc_lookup(urlp, TRU1)) {
1340 ccp->cc_pass = urlp->url_pass;
1341 goto jleave;
1342 }
1343 # endif
1344 if (ware & REQ_PASS) {
1345 if ((s = getpassword(NULL)) != NULL)
1346 js2pass:
1347 ccp->cc_pass.l = strlen(ccp->cc_pass.s = savestr(s));
1348 else {
1349 n_err(_("A password is necessary for %s authentication\n"), pstr);
1350 ccp = NULL;
1351 }
1352 }
1353
1354 jleave:
1355 if (ccp != NULL && (options & OPT_D_VV))
1356 n_err(_("Credentials: host %s, user %s, pass %s\n"),
1357 urlp->url_h_p.s, (ccp->cc_user.s != NULL ? ccp->cc_user.s : ""),
1358 (ccp->cc_pass.s != NULL ? ccp->cc_pass.s : ""));
1359 NYD_LEAVE;
1360 return (ccp != NULL);
1361 }
1362 #endif /* HAVE_SOCKETS */
1363
1364 #ifdef HAVE_NETRC
1365 FL int
1366 c_netrc(void *v)
1367 {
1368 char **argv = v;
1369 struct nrc_node *nrc;
1370 bool_t load_only;
1371 NYD_ENTER;
1372
1373 load_only = FAL0;
1374 if (*argv == NULL)
1375 goto jlist;
1376 if (argv[1] != NULL)
1377 goto jerr;
1378 if (!asccasecmp(*argv, "show"))
1379 goto jlist;
1380 load_only = TRU1;
1381 if (!asccasecmp(*argv, "load"))
1382 goto jlist;
1383 if (!asccasecmp(*argv, "clear"))
1384 goto jclear;
1385 jerr:
1386 n_err(_("Synopsis: netrc: (<show> or) <clear> the .netrc cache\n"));
1387 v = NULL;
1388 jleave:
1389 NYD_LEAVE;
1390 return (v == NULL ? !STOP : !OKAY); /* xxx 1:bad 0:good -- do some */
1391
1392 jlist: {
1393 FILE *fp;
1394 size_t l;
1395
1396 if (_nrc_list == NULL)
1397 _nrc_init();
1398 if (_nrc_list == NRC_NODE_ERR) {
1399 n_err(_("Interpolate what file?\n"));
1400 v = NULL;
1401 goto jleave;
1402 }
1403 if (load_only)
1404 goto jleave;
1405
1406 if ((fp = Ftmp(NULL, "netrc", OF_RDWR | OF_UNLINK | OF_REGISTER)) == NULL) {
1407 n_perr(_("tmpfile"), 0);
1408 v = NULL;
1409 goto jleave;
1410 }
1411
1412 for (l = 0, nrc = _nrc_list; nrc != NULL; ++l, nrc = nrc->nrc_next) {
1413 fprintf(fp, _("machine %s "), nrc->nrc_dat); /* XXX quote? */
1414 if (nrc->nrc_ulen > 0)
1415 fprintf(fp, _("login \"%s\" "),
1416 string_quote(nrc->nrc_dat + nrc->nrc_mlen +1));
1417 if (nrc->nrc_plen > 0)
1418 fprintf(fp, _("password \"%s\"\n"),
1419 string_quote(nrc->nrc_dat + nrc->nrc_mlen +1 + nrc->nrc_ulen +1));
1420 else
1421 putc('\n', fp);
1422 }
1423
1424 page_or_print(fp, l);
1425 Fclose(fp);
1426 }
1427 goto jleave;
1428
1429 jclear:
1430 if (_nrc_list == NRC_NODE_ERR)
1431 _nrc_list = NULL;
1432 while ((nrc = _nrc_list) != NULL) {
1433 _nrc_list = nrc->nrc_next;
1434 free(nrc);
1435 }
1436 goto jleave;
1437 }
1438 #endif /* HAVE_NETRC */
1439
1440 #ifdef HAVE_MD5
1441 FL char *
1442 md5tohex(char hex[MD5TOHEX_SIZE], void const *vp)
1443 {
1444 char const *cp = vp;
1445 size_t i, j;
1446 NYD_ENTER;
1447
1448 for (i = 0; i < MD5TOHEX_SIZE / 2; ++i) {
1449 j = i << 1;
1450 # define __hex(n) ((n) > 9 ? (n) - 10 + 'a' : (n) + '0')
1451 hex[j] = __hex((cp[i] & 0xF0) >> 4);
1452 hex[++j] = __hex(cp[i] & 0x0F);
1453 # undef __hex
1454 }
1455 NYD_LEAVE;
1456 return hex;
1457 }
1458
1459 FL char *
1460 cram_md5_string(struct str const *user, struct str const *pass,
1461 char const *b64)
1462 {
1463 struct str in, out;
1464 char digest[16], *cp;
1465 NYD_ENTER;
1466
1467 out.s = NULL;
1468 in.s = UNCONST(b64);
1469 in.l = strlen(in.s);
1470 b64_decode(&out, &in, NULL);
1471 assert(out.s != NULL);
1472
1473 hmac_md5((uc_i*)out.s, out.l, (uc_i*)pass->s, pass->l, digest);
1474 free(out.s);
1475 cp = md5tohex(salloc(MD5TOHEX_SIZE +1), digest);
1476
1477 in.l = user->l + MD5TOHEX_SIZE +1;
1478 in.s = ac_alloc(user->l + 1 + MD5TOHEX_SIZE +1);
1479 memcpy(in.s, user->s, user->l);
1480 in.s[user->l] = ' ';
1481 memcpy(in.s + user->l + 1, cp, MD5TOHEX_SIZE);
1482 b64_encode(&out, &in, B64_SALLOC | B64_CRLF);
1483 ac_free(in.s);
1484 NYD_LEAVE;
1485 return out.s;
1486 }
1487
1488 FL void
1489 hmac_md5(unsigned char *text, int text_len, unsigned char *key, int key_len,
1490 void *digest)
1491 {
1492 /*
1493 * This code is taken from
1494 *
1495 * Network Working Group H. Krawczyk
1496 * Request for Comments: 2104 IBM
1497 * Category: Informational M. Bellare
1498 * UCSD
1499 * R. Canetti
1500 * IBM
1501 * February 1997
1502 *
1503 *
1504 * HMAC: Keyed-Hashing for Message Authentication
1505 */
1506 md5_ctx context;
1507 unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */
1508 unsigned char k_opad[65]; /* outer padding - key XORd with opad */
1509 unsigned char tk[16];
1510 int i;
1511 NYD_ENTER;
1512
1513 /* if key is longer than 64 bytes reset it to key=MD5(key) */
1514 if (key_len > 64) {
1515 md5_ctx tctx;
1516
1517 md5_init(&tctx);
1518 md5_update(&tctx, key, key_len);
1519 md5_final(tk, &tctx);
1520
1521 key = tk;
1522 key_len = 16;
1523 }
1524
1525 /* the HMAC_MD5 transform looks like:
1526 *
1527 * MD5(K XOR opad, MD5(K XOR ipad, text))
1528 *
1529 * where K is an n byte key
1530 * ipad is the byte 0x36 repeated 64 times
1531 * opad is the byte 0x5c repeated 64 times
1532 * and text is the data being protected */
1533
1534 /* start out by storing key in pads */
1535 memset(k_ipad, 0, sizeof k_ipad);
1536 memset(k_opad, 0, sizeof k_opad);
1537 memcpy(k_ipad, key, key_len);
1538 memcpy(k_opad, key, key_len);
1539
1540 /* XOR key with ipad and opad values */
1541 for (i=0; i<64; i++) {
1542 k_ipad[i] ^= 0x36;
1543 k_opad[i] ^= 0x5c;
1544 }
1545
1546 /* perform inner MD5 */
1547 md5_init(&context); /* init context for 1st pass */
1548 md5_update(&context, k_ipad, 64); /* start with inner pad */
1549 md5_update(&context, text, text_len); /* then text of datagram */
1550 md5_final(digest, &context); /* finish up 1st pass */
1551
1552 /* perform outer MD5 */
1553 md5_init(&context); /* init context for 2nd pass */
1554 md5_update(&context, k_opad, 64); /* start with outer pad */
1555 md5_update(&context, digest, 16); /* then results of 1st hash */
1556 md5_final(digest, &context); /* finish up 2nd pass */
1557 NYD_LEAVE;
1558 }
1559 #endif /* HAVE_MD5 */
1560
1561 /* s-it-mode */
A mail processing system intended to provide the functionality of the POSIX mailx(1) command