2 * popsbr.c -- POP client subroutines
9 extern int client(char *args, char *protocol, char *service, int rproto,
10 char *response, int len_response);
12 #if defined(NNTP) && !defined(PSHSBR)
16 #ifdef NNTP /* building pshsbr.o from popsbr.c */
20 #if !defined(NNTP) && defined(APOP)
26 #endif /* CYRUS_SASL */
29 #include <h/signals.h>
34 #define TRMLEN (sizeof TRM - 1)
36 static int poprint = 0;
37 static int pophack = 0;
39 char response[BUFSIZ];
46 #if !defined(NNTP) && defined(MPOP)
47 # define command pop_command
48 # define multiline pop_multiline
52 # ifdef BPOP /* stupid */
53 static int xtnd_last = -1;
54 static int xtnd_first = 0;
55 static char xtnd_name[512]; /* INCREDIBLE HACK!! */
60 static sasl_conn_t *conn; /* SASL connection state */
61 static int sasl_complete = 0; /* Has sasl authentication succeeded? */
62 static int maxoutbuf; /* Maximum output buffer size */
63 static sasl_ssf_t sasl_ssf = 0; /* Security strength factor */
64 static int sasl_get_user(void *, int, const char **, unsigned *);
65 static int sasl_get_pass(sasl_conn_t *, void *, int, sasl_secret_t **);
71 static sasl_callback_t callbacks[] = {
72 { SASL_CB_USER, sasl_get_user, NULL },
73 #define POP_SASL_CB_N_USER 0
74 { SASL_CB_PASS, sasl_get_pass, NULL },
75 #define POP_SASL_CB_N_PASS 1
76 { SASL_CB_LIST_END, NULL, NULL },
78 #else /* CYRUS_SASL */
79 # define sasl_fgetc fgetc
80 #endif /* CYRUS_SASL */
85 #if !defined(NNTP) && defined(APOP)
86 static char *pop_auth (char *, char *);
89 #if defined(NNTP) || !defined(MPOP)
90 /* otherwise they are not static functions */
91 static int command(const char *, ...);
92 static int multiline(void);
96 static int pop_auth_sasl(char *, char *, char *);
97 static int sasl_fgetc(FILE *);
98 #endif /* CYRUS_SASL */
100 static int traverse (int (*)(), const char *, ...);
101 static int vcommand(const char *, va_list);
102 static int getline (char *, int, FILE *);
103 static int putline (char *, FILE *);
106 #if !defined(NNTP) && defined(APOP)
108 pop_auth (char *user, char *pass)
112 unsigned char *dp, *ep, digest[16];
114 static char buffer[BUFSIZ];
116 if ((cp = strchr (response, '<')) == NULL
117 || (lp = strchr (cp, '>')) == NULL) {
118 snprintf (buffer, sizeof(buffer), "APOP not available: %s", response);
119 strncpy (response, buffer, sizeof(response));
124 snprintf (buffer, sizeof(buffer), "%s%s", cp, pass);
126 MD5Init (&mdContext);
127 MD5Update (&mdContext, (unsigned char *) buffer,
128 (unsigned int) strlen (buffer));
129 MD5Final (digest, &mdContext);
132 buflen = sizeof(buffer);
134 snprintf (cp, buflen, "%s ", user);
139 for (ep = (dp = digest) + sizeof(digest) / sizeof(digest[0]); dp < ep; ) {
140 snprintf (cp, buflen, "%02x", *dp++ & 0xff);
148 #endif /* !NNTP && APOP */
152 * This function implements the AUTH command for various SASL mechanisms
154 * We do the whole SASL dialog here. If this completes, then we've
155 * authenticated successfully and have (possibly) negotiated a security
160 pop_auth_sasl(char *user, char *host, char *mech)
162 int result, status, sasl_capability = 0, outlen;
164 char server_mechs[256], *buf, outbuf[BUFSIZ];
165 const char *chosen_mech;
166 sasl_security_properties_t secprops;
167 sasl_external_properties_t extprops;
168 struct pass_context p_context;
173 * First off, we're going to send the CAPA command to see if we can
174 * even support the AUTH command, and if we do, then we'll get a
175 * list of mechanisms the server supports. If we don't support
176 * the CAPA command, then it's unlikely that we will support
180 if (command("CAPA") == NOTOK) {
181 snprintf(response, sizeof(response),
182 "The POP CAPA command failed; POP server does not "
187 while ((status = multiline()) != DONE)
192 case DONE: /* Shouldn't be possible, but just in case */
195 if (strncasecmp(response, "SASL ", 5) == 0) {
197 * We've seen the SASL capability. Grab the mech list
200 strncpy(server_mechs, response + 5, sizeof(server_mechs));
205 if (!sasl_capability) {
206 snprintf(response, sizeof(response), "POP server does not support "
212 * If we received a preferred mechanism, see if the server supports it.
215 if (mech && stringdex(mech, server_mechs) == -1) {
216 snprintf(response, sizeof(response), "Requested SASL mech \"%s\" is "
217 "not in list of supported mechanisms:\n%s",
223 * Start the SASL process. First off, initialize the SASL library.
226 callbacks[POP_SASL_CB_N_USER].context = user;
227 p_context.user = user;
228 p_context.host = host;
229 callbacks[POP_SASL_CB_N_PASS].context = &p_context;
231 result = sasl_client_init(callbacks);
233 if (result != SASL_OK) {
234 snprintf(response, sizeof(response), "SASL library initialization "
235 "failed: %s", sasl_errstring(result, NULL, NULL));
239 result = sasl_client_new("pop", host, NULL, SASL_SECURITY_LAYER, &conn);
241 if (result != SASL_OK) {
242 snprintf(response, sizeof(response), "SASL client initialization "
243 "failed: %s", sasl_errstring(result, NULL, NULL));
248 * Initialize the security properties
251 memset(&secprops, 0, sizeof(secprops));
252 secprops.maxbufsize = BUFSIZ;
253 secprops.max_ssf = UINT_MAX;
254 memset(&extprops, 0, sizeof(extprops));
256 result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops);
258 if (result != SASL_OK) {
259 snprintf(response, sizeof(response), "SASL security property "
260 "initialization failed: %s",
261 sasl_errstring(result, NULL, NULL));
265 result = sasl_setprop(conn, SASL_SSF_EXTERNAL, &extprops);
267 if (result != SASL_OK) {
268 snprintf(response, sizeof(response), "SASL external property "
269 "initialization failed: %s",
270 sasl_errstring(result, NULL, NULL));
275 * Start the actual protocol. Feed the mech list into the library
276 * and get out a possible initial challenge
279 result = sasl_client_start(conn, mech ? mech : server_mechs,
280 NULL, NULL, &buf, &buflen, &chosen_mech);
282 if (result != SASL_OK && result != SASL_CONTINUE) {
283 snprintf(response, sizeof(response), "SASL client start failed: %s",
284 sasl_errstring(result, NULL, NULL));
289 status = sasl_encode64(buf, buflen, outbuf, sizeof(outbuf), NULL);
291 if (status != SASL_OK) {
292 snprintf(response, sizeof(response), "SASL base64 encode "
293 "failed: %s", sasl_errstring(status, NULL, NULL));
297 status = command("AUTH %s %s", chosen_mech, outbuf);
299 status = command("AUTH %s", chosen_mech);
301 while (result == SASL_CONTINUE) {
306 * If we get a "+OK" prefix to our response, then we should
307 * exit out of this exchange now (because authenticated should
311 if (strncmp(response, "+OK", 3) == 0)
315 * Otherwise, make sure the server challenge is correctly formatted
318 if (strncmp(response, "+ ", 2) != 0) {
320 snprintf(response, sizeof(response),
321 "Malformed authentication message from server");
325 result = sasl_decode64(response + 2, strlen(response + 2),
328 if (result != SASL_OK) {
330 snprintf(response, sizeof(response), "SASL base64 decode "
331 "failed: %s", sasl_errstring(result, NULL, NULL));
335 result = sasl_client_step(conn, outbuf, outlen, NULL, &buf, &buflen);
337 if (result != SASL_OK && result != SASL_CONTINUE) {
339 snprintf(response, sizeof(response), "SASL client negotiaton "
340 "failed: %s", sasl_errstring(result, NULL, NULL));
344 status = sasl_encode64(buf, buflen, outbuf, sizeof(outbuf), NULL);
347 if (status != SASL_OK) {
349 snprintf(response, sizeof(response), "SASL base64 encode "
350 "failed: %s", sasl_errstring(status, NULL, NULL));
354 status = command(outbuf);
358 * If we didn't get a positive final response, then error out
359 * (that probably means we failed an authorization check).
366 * Depending on the mechanism, we might need to call sasl_client_step()
367 * one more time. Do that now.
370 result = sasl_client_step(conn, NULL, 0, NULL, &buf, &buflen);
372 if (result != SASL_OK) {
373 snprintf(response, sizeof(response), "SASL final client negotiaton "
374 "failed: %s", sasl_errstring(result, NULL, NULL));
379 * We _should_ be okay now. Get a few properties now that negotiation
383 result = sasl_getprop(conn, SASL_MAXOUTBUF, (void **) &moutbuf);
385 if (result != SASL_OK) {
386 snprintf(response, sizeof(response), "Cannot retrieve SASL negotiated "
387 "output buffer size: %s", sasl_errstring(result, NULL, NULL));
391 maxoutbuf = *moutbuf;
393 result = sasl_getprop(conn, SASL_SSF, (void **) &ssf);
397 if (result != SASL_OK) {
398 snprintf(response, sizeof(response), "Cannot retrieve SASL negotiated "
399 "security strength factor: %s",
400 sasl_errstring(result, NULL, NULL));
405 * Limit this to what we can deal with.
408 if (maxoutbuf == 0 || maxoutbuf > BUFSIZ)
417 * Callback to return the userid sent down via the user parameter
421 sasl_get_user(void *context, int id, const char **result, unsigned *len)
423 char *user = (char *) context;
425 if (! result || id != SASL_CB_USER)
426 return SASL_BADPARAM;
436 * Callback to return the password (we call ruserpass, which can get it
441 sasl_get_pass(sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret)
443 struct pass_context *p_context = (struct pass_context *) context;
447 if (! psecret || id != SASL_CB_PASS)
448 return SASL_BADPARAM;
450 ruserpass(p_context->user, &(p_context->host), &pass);
454 *psecret = (sasl_secret_t *) malloc(sizeof(sasl_secret_t) + len);
459 (*psecret)->len = len;
460 strcpy((*psecret)->data, pass);
464 #endif /* CYRUS_SASL */
467 pop_init (char *host, char *user, char *pass, int snoop, int rpop, int kpop,
468 int sasl, char *mech)
476 if ((apop = rpop) < 0)
483 snprintf (buffer, sizeof(buffer), "%s/%s", KPOP_PRINCIPAL, "kpop");
484 if ((fd1 = client (host, "tcp", buffer, 0, response, sizeof(response))) == NOTOK) {
489 if ((fd1 = client (host, "tcp", POPSERVICE, rpop, response, sizeof(response))) == NOTOK) {
496 if ((fd1 = client (host, "tcp", "nntp", rpop, response, sizeof(response))) == NOTOK)
500 if ((fd2 = dup (fd1)) == NOTOK) {
503 if ((s = strerror(errno)))
504 snprintf (response, sizeof(response),
505 "unable to dup connection descriptor: %s", s);
507 snprintf (response, sizeof(response),
508 "unable to dup connection descriptor: unknown error");
513 if (pop_set (fd1, fd2, snoop) == NOTOK)
515 if (pop_set (fd1, fd2, snoop, (char *)0) == NOTOK)
519 SIGNAL (SIGPIPE, SIG_IGN);
521 switch (getline (response, sizeof response, input)) {
524 fprintf (stderr, "<--- %s\n", response);
526 if (*response == '+') {
530 char *cp = pop_auth (user, pass);
532 if (cp && command ("APOP %s", cp) != NOTOK)
539 if (pop_auth_sasl(user, host, mech) != NOTOK)
542 # endif /* CYRUS_SASL */
543 if (command ("USER %s", user) != NOTOK
544 && command ("%s %s", rpop ? "RPOP" : (pophack++, "PASS"),
548 if (command ("USER %s", user) != NOTOK
549 && command ("PASS %s", pass) != NOTOK)
554 if (*response < CHAR_ERR) {
555 command ("MODE READER");
559 strncpy (buffer, response, sizeof(buffer));
561 strncpy (response, buffer, sizeof(response));
567 fprintf (stderr, "%s\n", response);
573 return NOTOK; /* NOTREACHED */
578 pop_set (int in, int out, int snoop, char *myname)
581 pop_set (int in, int out, int snoop)
586 if (myname && *myname) {
587 /* interface from bbc to msh */
588 strncpy (xtnd_name, myname, sizeof(xtnd_name));
592 if ((input = fdopen (in, "r")) == NULL
593 || (output = fdopen (out, "w")) == NULL) {
594 strncpy (response, "fdopen failed on connection descriptor", sizeof(response));
610 pop_fd (char *in, int inlen, char *out, int outlen)
612 snprintf (in, inlen, "%d", fileno (input));
613 snprintf (out, outlen, "%d", fileno (output));
619 * Find out number of messages available
620 * and their total size.
624 pop_stat (int *nmsgs, int *nbytes)
631 if (command ("STAT") == NOTOK)
634 *nmsgs = *nbytes = 0;
635 sscanf (response, "+OK %d %d", nmsgs, nbytes);
638 if (xtnd_last < 0) { /* in msh, xtnd_name is set from myname */
639 if (command("GROUP %s", xtnd_name) == NOTOK)
642 ap = brkstring (response, " ", "\n"); /* "211 nart first last ggg" */
643 xtnd_first = atoi (ap[2]);
644 xtnd_last = atoi (ap[3]);
647 /* nmsgs is not the real nart, but an incredible simuation */
649 *nmsgs = xtnd_last - xtnd_first + 1; /* because of holes... */
652 *nbytes = xtnd_first; /* for subtracting offset in msh() */
660 pop_exists (int (*action)())
662 #ifdef XMSGS /* hacked into NNTP 1.5 */
663 if (traverse (action, "XMSGS %d-%d", (targ_t) xtnd_first, (targ_t) xtnd_last) == OK)
666 /* provided by INN 1.4 */
667 if (traverse (action, "LISTGROUP") == OK)
669 return traverse (action, "XHDR NONAME %d-%d", (targ_t) xtnd_first, (targ_t) xtnd_last);
676 pop_list (int msgno, int *nmsgs, int *msgs, int *bytes, int *ids)
679 pop_list (int msgno, int *nmsgs, int *msgs, int *bytes)
689 if (command ("LIST %d", msgno) == NOTOK)
694 sscanf (response, "+OK %d %d %d", msgs, bytes, ids);
697 sscanf (response, "+OK %d %d", msgs, bytes);
700 if (command ("STAT %d", msgno) == NOTOK)
710 if (command ("LIST") == NOTOK)
713 for (i = 0; i < *nmsgs; i++)
714 switch (multiline ()) {
724 sscanf (response, "%d %d %d",
725 msgs++, bytes++, ids++);
728 sscanf (response, "%d %d", msgs++, bytes++);
732 switch (multiline ()) {
747 pop_retr (int msgno, int (*action)())
750 return traverse (action, "RETR %d", (targ_t) msgno);
752 return traverse (action, "ARTICLE %d", (targ_t) msgno);
758 traverse (int (*action)(), const char *fmt, ...)
762 char buffer[sizeof(response)];
765 result = vcommand (fmt, ap);
770 strncpy (buffer, response, sizeof(buffer));
773 switch (multiline ()) {
778 strncpy (response, buffer, sizeof(response));
782 (*action) (response);
791 return command ("DELE %d", msgno);
798 return command ("NOOP");
802 #if defined(MPOP) && !defined(NNTP)
806 return command ("LAST");
814 return command ("RSET");
819 pop_top (int msgno, int lines, int (*action)())
822 return traverse (action, "TOP %d %d", (targ_t) msgno, (targ_t) lines);
824 return traverse (action, "HEAD %d", (targ_t) msgno);
831 pop_xtnd (int (*action)(), char *fmt, ...)
843 /* needs to be fixed... va_end needs to be added */
844 snprintf (buffer, sizeof(buffer), "XTND %s", fmt);
845 result = traverse (action, buffer, a, b, c, d);
849 snprintf (buffer, sizeof(buffer), fmt, a, b, c, d);
850 ap = brkstring (buffer, " ", "\n"); /* a hack, i know... */
852 if (!strcasecmp(ap[0], "x-bboards")) { /* XTND "X-BBOARDS group */
853 /* most of these parameters are meaningless under NNTP.
854 * bbc.c was modified to set AKA and LEADERS as appropriate,
855 * the rest are left blank.
859 if (!strcasecmp (ap[0], "archive") && ap[1]) {
860 snprintf (xtnd_name, sizeof(xtnd_name), "%s", ap[1]); /* save the name */
862 xtnd_first = 1; /* setup to fail in pop_stat */
865 if (!strcasecmp (ap[0], "bboards")) {
867 if (ap[1]) { /* XTND "BBOARDS group" */
868 snprintf (xtnd_name, sizeof(xtnd_name), "%s", ap[1]); /* save the name */
869 if (command("GROUP %s", xtnd_name) == NOTOK)
872 /* action must ignore extra args */
873 strncpy (buffer, response, sizeof(buffer));
874 ap = brkstring (response, " ", "\n");/* "211 nart first last g" */
875 xtnd_first = atoi (ap[2]);
876 xtnd_last = atoi (ap[3]);
881 } else { /* XTND "BBOARDS" */
882 return traverse (action, "LIST", a, b, c, d);
885 return NOTOK; /* unknown XTND command */
896 i = command ("QUIT");
909 #endif /* CYRUS_SASL */
917 #if !defined(MPOP) || defined(NNTP)
921 command(const char *fmt, ...)
927 result = vcommand(fmt, ap);
935 vcommand (const char *fmt, va_list ap)
937 char *cp, buffer[BUFSIZ];
939 vsnprintf (buffer, sizeof(buffer), fmt, ap);
943 fprintf(stderr, "(encrypted) ");
944 #endif /* CYRUS_SASL */
946 if ((cp = strchr (buffer, ' ')))
948 fprintf (stderr, "---> %s ********\n", buffer);
954 fprintf (stderr, "---> %s\n", buffer);
957 if (putline (buffer, output) == NOTOK)
961 if (poprint && sasl_ssf)
962 fprintf(stderr, "(decrypted) ");
963 #endif /* CYRUS_SASL */
965 switch (getline (response, sizeof response, input)) {
968 fprintf (stderr, "<--- %s\n", response);
970 return (*response == '+' ? OK : NOTOK);
972 return (*response < CHAR_ERR ? OK : NOTOK);
978 fprintf (stderr, "%s\n", response);
982 return NOTOK; /* NOTREACHED */
986 #if defined(MPOP) && !defined(NNTP)
994 char buffer[BUFSIZ + TRMLEN];
996 if (getline (buffer, sizeof buffer, input) != OK)
1002 fprintf(stderr, "(decrypted) ");
1003 #endif /* CYRUS_SASL */
1004 fprintf (stderr, "<--- %s\n", response);
1007 if (strncmp (buffer, TRM, TRMLEN) == 0) {
1008 if (buffer[TRMLEN] == 0)
1011 strncpy (response, buffer + TRMLEN, sizeof(response));
1014 strncpy (response, buffer, sizeof(response));
1020 * Note that these functions have been modified to deal with layer encryption
1025 getline (char *s, int n, FILE *iop)
1031 while (--n > 0 && (c = sasl_fgetc (iop)) != EOF && c != -2)
1032 if ((*p++ = c) == '\n')
1036 if (ferror (iop) && c != EOF) {
1037 strncpy (response, "error on connection", sizeof(response));
1040 if (c == EOF && p == s) {
1041 strncpy (response, "connection closed by foreign host", sizeof(response));
1055 putline (char *s, FILE *iop)
1058 char outbuf[BUFSIZ], *buf;
1060 unsigned int buflen;
1062 if (!sasl_complete) {
1063 #endif /* CYRUS_SASL */
1064 fprintf (iop, "%s\r\n", s);
1068 * Build an output buffer, encrypt it using sasl_encode, and
1069 * squirt out the results.
1071 strncpy(outbuf, s, sizeof(outbuf) - 3);
1072 outbuf[sizeof(outbuf) - 3] = '\0'; /* Just in case */
1073 strcat(outbuf, "\r\n");
1075 result = sasl_encode(conn, outbuf, strlen(outbuf), &buf, &buflen);
1077 if (result != SASL_OK) {
1078 snprintf(response, sizeof(response), "SASL encoding error: %s",
1079 sasl_errstring(result, NULL, NULL));
1083 fwrite(buf, buflen, 1, iop);
1086 #endif /* CYRUS_SASL */
1090 strncpy (response, "lost connection", sizeof(response));
1099 * Okay, our little fgetc replacement. Hopefully this is a little more
1100 * efficient than the last one.
1105 static unsigned char *buffer = NULL, *ptr;
1106 static int size = 0;
1108 unsigned int retbufsize = 0;
1110 char *retbuf, tmpbuf[BUFSIZ];
1113 * If we have some leftover data, return that
1118 return (int) *ptr++;
1122 * Otherwise, fill our buffer until we have some data to return.
1125 while (retbufsize == 0) {
1127 cc = read(fileno(f), tmpbuf, sizeof(tmpbuf));
1133 snprintf(response, sizeof(response), "Error during read from "
1134 "network: %s", strerror(errno));
1139 * We're not allowed to call sasl_decode until sasl_complete is
1140 * true, so we do these gyrations ...
1143 if (!sasl_complete) {
1150 result = sasl_decode(conn, tmpbuf, cc, &retbuf, &retbufsize);
1152 if (result != SASL_OK) {
1153 snprintf(response, sizeof(response), "Error during SASL "
1154 "decoding: %s", sasl_errstring(result, NULL, NULL));
1160 if (retbufsize > size) {
1161 buffer = realloc(buffer, retbufsize);
1163 snprintf(response, sizeof(response), "Error during realloc in "
1164 "read routine: %s", strerror(errno));
1170 memcpy(buffer, retbuf, retbufsize);
1172 cnt = retbufsize - 1;
1176 return (int) buffer[0];
1178 #endif /* CYRUS_SASL */