From cfc525a9b85207225cb4071d1d3b01e8d1db2424 Mon Sep 17 00:00:00 2001 From: Kimmo Suominen Date: Fri, 7 Jul 2000 03:48:02 +0000 Subject: [PATCH 1/1] SASL support from Ken Hornstein . --- acconfig.h | 6 + config.h.in | 6 + configure.in | 26 +++ h/popsbr.h | 2 +- man/inc.man | 13 ++ man/msgchk.man | 13 ++ man/post.man | 12 ++ man/send.man | 12 ++ mts/sendmail/sendmail.c | 6 +- mts/smtp/Makefile.in | 3 +- mts/smtp/smtp.c | 309 ++++++++++++++++++++++++++++- mts/smtp/smtp.h | 2 +- uip/inc.c | 24 ++- uip/msgchk.c | 38 +++- uip/popsbr.c | 500 ++++++++++++++++++++++++++++++++++++++++++++++- uip/post.c | 35 +++- uip/send.c | 15 ++ uip/whatnowsbr.c | 15 ++ 18 files changed, 1015 insertions(+), 22 deletions(-) diff --git a/acconfig.h b/acconfig.h index 5fdea1b..29c66c0 100644 --- a/acconfig.h +++ b/acconfig.h @@ -194,6 +194,12 @@ #undef KPOP_PRINCIPAL /* + * Define this to use the Cyrus SASL library for authentication of + * POP and SMTP + */ +#undef CYRUS_SASL + +/* * Define this to compile support for using Hesiod to locate * pop servers into inc and msgchk. Do not change this value * manually. You must run configure with the option diff --git a/config.h.in b/config.h.in index 7b1c3fd..f8d23ba 100644 --- a/config.h.in +++ b/config.h.in @@ -242,6 +242,12 @@ #undef KPOP_PRINCIPAL /* + * Define this to use the Cyrus SASL library for authentication of + * POP and SMTP + */ +#undef CYRUS_SASL + +/* * Define this to compile support for using Hesiod to locate * pop servers into inc and msgchk. Do not change this value * manually. You must run configure with the option diff --git a/configure.in b/configure.in index a3d3386..6d57642 100644 --- a/configure.in +++ b/configure.in @@ -118,6 +118,14 @@ if test -n "$with_editor"; then editorpath="$with_editor" fi +dnl Do you want client-side support for using SASL for authentication? +dnl Note that this code will be enabled for both POP and SMTP +AC_ARG_WITH(cyrus-sasl, +[ --with-cyrus-sasl= Specify location of Cyrus SASL library for auth]) +if test x"$with_cyrus_sasl" != x -a x"$with_cyrus_sasl" != "no"; then + AC_DEFINE(CYRUS_SASL)dnl +fi + dnl What method of posting should post use? undefine([mts])dnl AC_ARG_WITH(mts, @@ -549,6 +557,24 @@ fi AC_SUBST(KRB4_INCLUDES)dnl AC_SUBST(KRB4_LIBS)dnl +dnl -------------------- +dnl CHECK FOR CYRUS SASL +dnl -------------------- +if test x"$with_cyrus_sasl" != x -a x"$with_cyrus_sasl" != "no"; then + if test x"$with_cyrus_sasl" != x"yes"; then + SASL_INCLUDES="-I$with_cyrus_sasl/include" + SASL_LIBS="-L$with_cyrus_sasl/lib" + fi + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $SASL_LIBS" + AC_CHECK_LIB(sasl, sasl_client_new, + [SASL_LIBS="$SASL_LIBS -lsasl"], + [AC_MSG_ERROR(Cyrus SASL library not found)]) + LDFLAGS="$save_LDFLAGS" +fi +AC_SUBST(SASL_INCLUDES)dnl +AC_SUBST(SASL_LIBS)dnl + dnl --------------------- dnl CHECK TERMCAP LIBRARY dnl --------------------- diff --git a/h/popsbr.h b/h/popsbr.h index c53b291..bc33963 100644 --- a/h/popsbr.h +++ b/h/popsbr.h @@ -22,7 +22,7 @@ int pop_set (int, int, int); int pop_exists (int (*)()); #endif -int pop_init (char *, char *, char *, int, int, int); +int pop_init (char *, char *, char *, int, int, int, int, char *); int pop_fd (char *, int, char *, int); int pop_stat (int *, int *); int pop_retr (int, int (*)()); diff --git a/man/inc.man b/man/inc.man index 8c11b2f..fc53359 100644 --- a/man/inc.man +++ b/man/inc.man @@ -33,6 +33,8 @@ inc \%[\-pack\ file] \%[\-nopack] \%[\-kpop] +\%[\-sasl] +\%[\-saslmech\ mechanism] .br %nmhendpop% \%[\-version] @@ -151,6 +153,17 @@ If nmh has been compiled with KPOP #defined, the `\-kpop' switch will allow \fIinc\fR to use Kerberized POP rather than standard POP3 on a given invocation. If POPSERVICE was also #defined to "kpop", \fIinc\fR will be hardwired to always use KPOP. + +If nmh has been compiled with SASL support, the `\-sasl' switch will enable +the use of SASL authentication. Depending on the SASL mechanism used, this +may require an additional password prompt from the user (but the +\*(lq.netrc\*(rq file can be used to store this password). The +`\-saslmech' switch can be used to select a particular SASL mechanism. + +If SASL authentication is successful, \fIinc\fR will attempt to negotiate +a security layer for session encryption. Encrypted traffic is labelled +with `(encrypted)' and `(decrypted)' when viewing the POP transaction +with the `\-snoop' switch. %nmhendpop% .Fi ^$HOME/\&.mh\(ruprofile~^The user profile diff --git a/man/msgchk.man b/man/msgchk.man index 5054c33..2f1fed5 100644 --- a/man/msgchk.man +++ b/man/msgchk.man @@ -21,6 +21,8 @@ msgchk \%[\-host\ hostname] \%[\-user\ username] \%[\-kpop] +\%[\-sasl] +\%[\-saslmech \mechanism] .br %nmhendpop% \%[users\ ...] @@ -81,6 +83,17 @@ If nmh has been compiled with KPOP #defined, the `\-kpop' switch will allow \fImsgchk\fR to use Kerberized POP rather than standard POP3 on a given invocation. If POPSERVICE was also #defined to "kpop", \fImsgchk\fR will be hardwired to always use KPOP. + +If nmh has been compiled with SASL support, the `\-sasl' switch will enable +the use of SASL authentication. Depending on the SASL mechanism used, this +may require an additional password prompt from the user (but the +\*(lq.netrc\*(rq file can be used to store this password). The +`\-saslmech' switch can be used to select a particular SASL mechanism. + +If SASL authentication is successful, \fIinc\fR will attempt to negotiate +a security layer for session encryption. Encrypted traffic is labelled +with `(encrypted)' and `(decrypted)' when viewing the POP transaction +with the `\-snoop' switch. %nmhendpop% .Fi ^$HOME/\&.mh\(ruprofile~^The user profile diff --git a/man/post.man b/man/post.man index 4526177..69374ce 100644 --- a/man/post.man +++ b/man/post.man @@ -24,6 +24,7 @@ post \- deliver a message \%[\-noverbose] \%[\-watch] \%[\-nowatch] \%[\-width\ columns] +\%[\-sasl] \%[\-saslmech\ mechanism] \%[\-user\ username] .br file \%[\-version] @@ -116,6 +117,17 @@ account, or when remote email robots give improper precedence to the envelope "From:". Note that your MTA may still reveal your real identity (e.g. sendmail's "X\-Authentication\-Warning:" header). +If nmh has been compiled with SASL support, the `\-sasl' switch will enable +the use of SASL authentication with the SMTP MTA. Depending on the +SASL mechanism used, this may require an additional password prompt from the +user (but the \*(lq.netrc\*(rq file can be used to store this password). +`\-saslmech' switch can be used to select a particular SASL mechanism, +and the the `\-user' switch can be used to select a authorization userid +to provide to SASL other than the default. + +Currently SASL security layers are not supported for SMTP. The SASL +SMTP code in nmh will always negotiate an unencrypted connection. + .Fi ^%etcdir%/mts.conf~^nmh mts configuration file ^%etcdir%/MailAliases~^global nmh alias file diff --git a/man/send.man b/man/send.man index 43d1ad1..88fd9c3 100644 --- a/man/send.man +++ b/man/send.man @@ -31,6 +31,7 @@ send .br \%[\-verbose] \%[\-noverbose] \%[\-watch] \%[\-nowatch] +\%[\-sasl] \%[\-saslmech\ mechanism] \%[\-user\ username] .br \%[\-width\ columns] \%[file\ ...] @@ -132,6 +133,17 @@ will be removed from all outgoing copies of the message. By using the `\-width\ columns' switch, the user can direct \fIsend\fR as to how long it should make header lines containing addresses. +If nmh has been compiled with SASL support, the `\-sasl' switch will enable +the use of SASL authentication with the SMTP MTA. Depending on the +SASL mechanism used, this may require an additional password prompt from the +user (but the \*(lq.netrc\*(rq file can be used to store this password). +`\-saslmech' switch can be used to select a particular SASL mechanism, +and the the `\-user' switch can be used to select a authorization userid +to provide to SASL other than the default. + +Currently SASL security layers are not supported for SMTP. The SASL +SMTP code in nmh will always negotiate an unencrypted connection. + The files specified by the profile entry \*(lqAliasfile:\*(rq and any additional alias files given by the `\-alias aliasfile' switch will be read (more than one file, each preceded by `\-alias', can be named). diff --git a/mts/sendmail/sendmail.c b/mts/sendmail/sendmail.c index 546097c..8273f14 100644 --- a/mts/sendmail/sendmail.c +++ b/mts/sendmail/sendmail.c @@ -99,7 +99,7 @@ static RETSIGTYPE alrmser (int); int sm_init (char *client, char *server, int watch, int verbose, - int debug, int onex, int queued) + int debug, int onex, int queued, int sasl, char *saslmech, char *user) { int i, result, vecp; int pdi[2], pdo[2]; @@ -120,6 +120,10 @@ sm_init (char *client, char *server, int watch, int verbose, client = LocalName(); /* no clientname -> LocalName */ } + if (sasl) + return sm_ierror("SASL authentication not supported with the " + "Sendmail MTA"); + #ifdef ZMAILER if (client == NULL || *client == '\0') client = "localhost"; diff --git a/mts/smtp/Makefile.in b/mts/smtp/Makefile.in index 9890d1c..4a726b9 100644 --- a/mts/smtp/Makefile.in +++ b/mts/smtp/Makefile.in @@ -19,7 +19,8 @@ etcdir = @sysconfdir@ CC = @CC@ CFLAGS = @CFLAGS@ DEFS = @DEFS@ -INCLUDES = -I../.. -I$(srcdir) -I$(top_srcdir) +SASL_INCLUDES = @SASL_INCLUDES@ +INCLUDES = -I../.. -I$(srcdir) -I$(top_srcdir) $(SASL_INCLUDES) LORDER = @LORDER@ TSORT = @TSORT@ diff --git a/mts/smtp/smtp.c b/mts/smtp/smtp.c index c8fb554..ac6b32e 100644 --- a/mts/smtp/smtp.c +++ b/mts/smtp/smtp.c @@ -1,4 +1,3 @@ - /* * smtp.c -- nmh SMTP interface * @@ -423,6 +422,14 @@ rclient (char *server, char *protocol, char *service) return NOTOK; } +#ifdef CYRUS_SASL +#include +#include +#include +#include +#include +#include +#endif /* CYRUS_SASL */ int sm_winit (int mode, char *from) @@ -1007,6 +1014,306 @@ no_dice: #endif /* MPOP */ +#ifdef CYRUS_SASL +/* + * This function implements SASL authentication for SMTP. If this function + * completes successfully, then authentication is successful and we've + * (optionally) negotiated a security layer. + * + * Right now we don't support session encryption. + */ +static int +sm_auth_sasl(char *user, char *mechlist, char *host) +{ + int result, status, outlen; + unsigned int buflen; + char *buf, outbuf[BUFSIZ]; + const char *chosen_mech; + sasl_security_properties_t secprops; + sasl_external_properties_t extprops; + sasl_ssf_t *ssf; + int *outbufmax; + + /* + * Initialize the callback contexts + */ + + if (user == NULL) + user = getusername(); + + callbacks[SM_SASL_N_CB_USER].context = user; + + /* + * This is a _bit_ of a hack ... but if the hostname wasn't supplied + * to us on the command line, then call getpeername and do a + * reverse-address lookup on the IP address to get the name. + */ + + if (!host) { + struct sockaddr_in sin; + int len = sizeof(sin); + struct hostent *hp; + + if (getpeername(fileno(sm_wfp), (struct sockaddr *) &sin, &len) < 0) { + sm_ierror("getpeername on SMTP socket failed: %s", + strerror(errno)); + return NOTOK; + } + + if ((hp = gethostbyaddr((void *) &sin.sin_addr, sizeof(sin.sin_addr), + sin.sin_family)) == NULL) { + sm_ierror("DNS lookup on IP address %s failed", + inet_ntoa(sin.sin_addr)); + return NOTOK; + } + + host = strdup(hp->h_name); + } + + sasl_pw_context[0] = host; + sasl_pw_context[1] = user; + + callbacks[SM_SASL_N_CB_PASS].context = sasl_pw_context; + + result = sasl_client_init(callbacks); + + if (result != SASL_OK) { + sm_ierror("SASL library initialization failed: %s", + sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + result = sasl_client_new("smtp", host, NULL, SASL_SECURITY_LAYER, &conn); + + if (result != SASL_OK) { + sm_ierror("SASL client initialization failed: %s", + sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + /* + * Initialize the security properties + */ + + memset(&secprops, 0, sizeof(secprops)); + secprops.maxbufsize = BUFSIZ; + secprops.max_ssf = 0; /* XXX change this when we do encryption */ + memset(&extprops, 0, sizeof(extprops)); + + result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops); + + if (result != SASL_OK) { + sm_ierror("SASL security property initialization failed: %s", + sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + result = sasl_setprop(conn, SASL_SSF_EXTERNAL, &extprops); + + if (result != SASL_OK) { + sm_ierror("SASL external property initialization failed: %s", + sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + /* + * Start the actual protocol. Feed the mech list into the library + * and get out a possible initial challenge + */ + + result = sasl_client_start(conn, mechlist, NULL, NULL, &buf, &buflen, + &chosen_mech); + + if (result != SASL_OK && result != SASL_CONTINUE) { + sm_ierror("SASL client start failed: %s", + sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + /* + * If we got an initial challenge, send it as part of the AUTH + * command; otherwise, just send a plain AUTH command. + */ + + if (buflen) { + status = sasl_encode64(buf, buflen, outbuf, sizeof(outbuf), NULL); + free(buf); + if (status != SASL_OK) { + sm_ierror("SASL base64 encode failed: %s", + sasl_errstring(status, NULL, NULL)); + return NOTOK; + } + + status = smtalk(SM_AUTH, "AUTH %s %s", chosen_mech, outbuf); + } else + status = smtalk(SM_AUTH, "AUTH %s", chosen_mech); + + /* + * Now we loop until we either fail, get a SASL_OK, or a 235 + * response code. Receive the challenges and process them until + * we're all done. + */ + + while (result == SASL_CONTINUE) { + + /* + * If we get a 235 response, that means authentication has + * succeeded and we need to break out of the loop (yes, even if + * we still get SASL_CONTINUE from sasl_client_step()). + * + * Otherwise, if we get a message that doesn't seem to be a + * valid response, then abort + */ + + if (status == 235) + break; + else if (status < 300 || status > 399) + return RP_BHST; + + /* + * Special case; a zero-length response from the SMTP server + * is returned as a single =. If we get that, then set buflen + * to be zero. Otherwise, just decode the response. + */ + + if (strcmp("=", sm_reply.text) == 0) { + outlen = 0; + } else { + result = sasl_decode64(sm_reply.text, sm_reply.length, + outbuf, &outlen); + + if (result != SASL_OK) { + smtalk(SM_AUTH, "*"); + sm_ierror("SASL base64 decode failed: %s", + sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + } + + result = sasl_client_step(conn, outbuf, outlen, NULL, &buf, &buflen); + + if (result != SASL_OK && result != SASL_CONTINUE) { + smtalk(SM_AUTH, "*"); + sm_ierror("SASL client negotiation failed: %s", + sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + status = sasl_encode64(buf, buflen, outbuf, sizeof(outbuf), NULL); + free(buf); + + if (status != SASL_OK) { + smtalk(SM_AUTH, "*"); + sm_ierror("SASL base64 encode failed: %s", + sasl_errstring(status, NULL, NULL)); + return NOTOK; + } + + status = smtalk(SM_AUTH, outbuf); + } + + /* + * Make sure that we got the correct response + */ + + if (status < 200 || status > 299) + return RP_BHST; + + /* + * Depending on the mechanism, we need to do a FINAL call to + * sasl_client_step(). Do that now. + */ + + result = sasl_client_step(conn, NULL, 0, NULL, &buf, &buflen); + + if (result != SASL_OK) { + sm_ierror("SASL final client negotiation failed: %s", + sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + /* + * We _should_ have completed the authentication successfully. + * Get a few properties from the authentication exchange. + */ + + result = sasl_getprop(conn, SASL_MAXOUTBUF, (void **) &outbufmax); + + if (result != SASL_OK) { + sm_ierror("Cannot retrieve SASL negotiated output buffer size: %s", + sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + maxoutbuf = *outbufmax; + + result = sasl_getprop(conn, SASL_SSF, (void **) &ssf); + + sasl_ssf = *ssf; + + if (result != SASL_OK) { + sm_ierror("Cannot retrieve SASL negotiated security strength " + "factor: %s", sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + if (maxoutbuf == 0 || maxoutbuf > BUFSIZ) + maxoutbuf = BUFSIZ; + + sasl_complete = 1; + + return RP_OK; +} + +/* + * Our callback functions to feed data to the SASL library + */ + +static int +sm_get_user(void *context, int id, const char **result, unsigned *len) +{ + char *user = (char *) context; + + if (! result || id != SASL_CB_USER) + return SASL_BADPARAM; + + *result = user; + if (len) + *len = strlen(user); + + return SASL_OK; +} + +static int +sm_get_pass(sasl_conn_t *conn, void *context, int id, + sasl_secret_t **psecret) +{ + char **pw_context = (char **) context; + char *pass = NULL; + int len; + + if (! psecret || id != SASL_CB_PASS) + return SASL_BADPARAM; + + ruserpass(pw_context[0], &(pw_context[1]), &pass); + + len = strlen(pass); + + *psecret = (sasl_secret_t *) malloc(sizeof(sasl_secret_t) + len); + + if (! *psecret) { + free(pass); + return SASL_NOMEM; + } + + (*psecret)->len = len; + strcpy((*psecret)->data, pass); +/* free(pass); */ + + return SASL_OK; +} +#endif /* CYRUS_SASL */ + static int sm_ierror (char *fmt, ...) { diff --git a/mts/smtp/smtp.h b/mts/smtp/smtp.h index 772035d..1d7d2c9 100644 --- a/mts/smtp/smtp.h +++ b/mts/smtp/smtp.h @@ -21,7 +21,7 @@ struct smtp { * prototypes */ /* int client (); */ -int sm_init (char *, char *, int, int, int, int, int); +int sm_init (char *, char *, int, int, int, int, int, int, char *, char *); int sm_winit (int, char *); int sm_wadr (char *, char *, char *); int sm_waend (void); diff --git a/uip/inc.c b/uip/inc.c index 3209a97..f076e48 100644 --- a/uip/inc.c +++ b/uip/inc.c @@ -68,6 +68,12 @@ # define KPOPminc(a) 0 #endif +#ifndef CYRUS_SASL +# define SASLminc(a) (a) +#else +# define SASLminc(a) 0 +#endif + static struct swit switches[] = { #define AUDSW 0 { "audit audit-file", 0 }, @@ -117,6 +123,10 @@ static struct swit switches[] = { { "snoop", -5 }, #define KPOPSW 23 { "kpop", KPOPminc (-4) }, +#define SASLSW 24 + { "sasl", SASLminc(-4) }, +#define SASLMECHSW 25 + { "saslmech", SASLminc(-8) }, { NULL, 0 } }; @@ -421,6 +431,15 @@ main (int argc, char **argv) case SNOOPSW: snoop++; continue; + + case SASLSW: + sasl++; + continue; + + case SASLMECHSW: + if (!(saslmech = *argp++) || *saslmech == '-') + adios (NULL, "missing argument to %s", argp[-2]); + continue; } } if (*cp == '+' || *cp == '@') { @@ -469,7 +488,7 @@ main (int argc, char **argv) if ( strcmp( POPSERVICE, "kpop" ) == 0 ) { kpop = 1; } - if (kpop || ( rpop > 0)) + if (kpop || sasl || ( rpop > 0)) pass = getusername (); else ruserpass (host, &user, &pass); @@ -477,7 +496,8 @@ main (int argc, char **argv) /* * initialize POP connection */ - if (pop_init (host, user, pass, snoop, kpop ? 1 : rpop, kpop) == NOTOK) + if (pop_init (host, user, pass, snoop, kpop ? 1 : rpop, kpop, + sasl, saslmech) == NOTOK) adios (NULL, "%s", response); /* Check if there are any messages */ diff --git a/uip/msgchk.c b/uip/msgchk.c index fdf32d6..52aedc8 100644 --- a/uip/msgchk.c +++ b/uip/msgchk.c @@ -42,6 +42,12 @@ # define KPOPminc(a) 0 #endif +#ifndef CYRUS_SASL +# define SASLminc(a) (a) +#else +# define SASLminc(a) 0 +#endif + static struct swit switches[] = { #define DATESW 0 { "date", 0 }, @@ -71,6 +77,10 @@ static struct swit switches[] = { { "snoop", -5 }, #define KPOPSW 13 { "kpop", KPOPminc (-4) }, +#define SASLSW 14 + { "sasl", SASLminc(-4) }, +#define SASLMECHSW 15 + { "saslmech", SASLminc(-5) }, { NULL, 0 } }; @@ -101,7 +111,7 @@ static int donote (char *, int); static int checkmail (char *, char *, int, int, int); #ifdef POP -static int remotemail (char *, char *, int, int, int, int, int); +static int remotemail (char *, char *, int, int, int, int, int, int, char *); #endif @@ -110,10 +120,10 @@ main (int argc, char **argv) { int datesw = 1, notifysw = NT_ALL; int rpop, status = 0; - int kpop = 0; + int kpop = 0, sasl = 0; int snoop = 0, vecp = 0; uid_t uid; - char *cp, *host = NULL, *user, buf[BUFSIZ]; + char *cp, *host = NULL, *user, buf[BUFSIZ], *saslmech = NULL; char **argp, **arguments, *vec[MAXVEC]; struct passwd *pw; @@ -214,6 +224,15 @@ main (int argc, char **argv) case SNOOPSW: snoop++; continue; + + case SASLSW: + sasl++; + continue; + + case SASLMECHSW: + if (!(saslmech = *argp++) || *saslmech == '-') + adios (NULL, "missing argument to %s", argp[-2]); + continue; } } if (vecp >= MAXVEC-1) @@ -263,10 +282,12 @@ main (int argc, char **argv) kpop = 1; } if (vecp == 0) { - status = remotemail (host, user, rpop, kpop, notifysw, 1, snoop); + status = remotemail (host, user, rpop, kpop, notifysw, 1, snoop, + sasl, saslmech); } else { for (vecp = 0; vec[vecp]; vecp++) - status += remotemail (host, vec[vecp], rpop, kpop, notifysw, 0, snoop); + status += remotemail (host, vec[vecp], rpop, kpop, notifysw, 0, + snoop, sasl, saslmech); } } else { #endif /* POP */ @@ -387,20 +408,21 @@ checkmail (char *user, char *home, int datesw, int notifysw, int personal) extern char response[]; static int -remotemail (char *host, char *user, int rpop, int kpop, int notifysw, int personal, int snoop) +remotemail (char *host, char *user, int rpop, int kpop, int notifysw, int personal, int snoop, int sasl, char *saslmech) { int nmsgs, nbytes, status; char *pass = NULL; if (user == NULL) user = getusername (); - if (kpop || (rpop > 0)) + if (kpop || sasl || (rpop > 0)) pass = getusername (); else ruserpass (host, &user, &pass); /* open the POP connection */ - if (pop_init (host, user, pass, snoop, kpop ? 1 : rpop, kpop) == NOTOK + if (pop_init (host, user, pass, snoop, kpop ? 1 : rpop, kpop, + sasl, saslmech) == NOTOK || pop_stat (&nmsgs, &nbytes) == NOTOK /* check for messages */ || pop_quit () == NOTOK) { /* quit POP connection */ advise (NULL, "%s", response); diff --git a/uip/popsbr.c b/uip/popsbr.c index 6f2b35a..3ee198b 100644 --- a/uip/popsbr.c +++ b/uip/popsbr.c @@ -1,4 +1,3 @@ - /* * popsbr.c -- POP client subroutines * @@ -22,6 +21,10 @@ extern int client(char *args, char *protocol, char *service, int rproto, # include #endif +#ifdef CYRUS_SASL +# include +#endif /* CYRUS_SASL */ + #include #include #include @@ -53,6 +56,29 @@ static char xtnd_name[512]; /* INCREDIBLE HACK!! */ # endif #endif /* NNTP */ +#ifdef CYRUS_SASL +static sasl_conn_t *conn; /* SASL connection state */ +static int sasl_complete = 0; /* Has sasl authentication succeeded? */ +static int maxoutbuf; /* Maximum output buffer size */ +static sasl_ssf_t sasl_ssf = 0; /* Security strength factor */ +static int sasl_get_user(void *, int, const char **, unsigned *); +static int sasl_get_pass(sasl_conn_t *, void *, int, sasl_secret_t **); +struct pass_context { + char *user; + char *host; +}; + +static sasl_callback_t callbacks[] = { + { SASL_CB_USER, sasl_get_user, NULL }, +#define POP_SASL_CB_N_USER 0 + { SASL_CB_PASS, sasl_get_pass, NULL }, +#define POP_SASL_CB_N_PASS 1 + { SASL_CB_LIST_END, NULL, NULL }, +}; +#else /* CYRUS_SASL */ +# define sasl_fgetc fgetc +#endif /* CYRUS_SASL */ + /* * static prototypes */ @@ -66,6 +92,11 @@ static int command(const char *, ...); static int multiline(void); #endif +#ifdef CYRUS_SASL +static int pop_auth_sasl(char *, char *, char *); +static int sasl_fgetc(FILE *); +#endif /* CYRUS_SASL */ + static int traverse (int (*)(), const char *, ...); static int vcommand(const char *, va_list); static int getline (char *, int, FILE *); @@ -116,9 +147,325 @@ pop_auth (char *user, char *pass) } #endif /* !NNTP && APOP */ +#ifdef CYRUS_SASL +/* + * This function implements the AUTH command for various SASL mechanisms + * + * We do the whole SASL dialog here. If this completes, then we've + * authenticated successfully and have (possibly) negotiated a security + * layer. + */ + +int +pop_auth_sasl(char *user, char *host, char *mech) +{ + int result, status, sasl_capability = 0, outlen; + unsigned int buflen; + char server_mechs[256], *buf, outbuf[BUFSIZ]; + const char *chosen_mech; + sasl_security_properties_t secprops; + sasl_external_properties_t extprops; + struct pass_context p_context; + sasl_ssf_t *ssf; + int *moutbuf; + + /* + * First off, we're going to send the CAPA command to see if we can + * even support the AUTH command, and if we do, then we'll get a + * list of mechanisms the server supports. If we don't support + * the CAPA command, then it's unlikely that we will support + * SASL + */ + + if (command("CAPA") == NOTOK) { + snprintf(response, sizeof(response), + "The POP CAPA command failed; POP server does not " + "support SASL"); + return NOTOK; + } + + while ((status = multiline()) != DONE) + switch (status) { + case NOTOK: + return NOTOK; + break; + case DONE: /* Shouldn't be possible, but just in case */ + break; + case OK: + if (strncasecmp(response, "SASL ", 5) == 0) { + /* + * We've seen the SASL capability. Grab the mech list + */ + sasl_capability++; + strncpy(server_mechs, response + 5, sizeof(server_mechs)); + } + break; + } + + if (!sasl_capability) { + snprintf(response, sizeof(response), "POP server does not support " + "SASL"); + return NOTOK; + } + + /* + * If we received a preferred mechanism, see if the server supports it. + */ + + if (mech && stringdex(mech, server_mechs) == -1) { + snprintf(response, sizeof(response), "Requested SASL mech \"%s\" is " + "not in list of supported mechanisms:\n%s", + mech, server_mechs); + return NOTOK; + } + + /* + * Start the SASL process. First off, initialize the SASL library. + */ + + callbacks[POP_SASL_CB_N_USER].context = user; + p_context.user = user; + p_context.host = host; + callbacks[POP_SASL_CB_N_PASS].context = &p_context; + + result = sasl_client_init(callbacks); + + if (result != SASL_OK) { + snprintf(response, sizeof(response), "SASL library initialization " + "failed: %s", sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + result = sasl_client_new("pop", host, NULL, SASL_SECURITY_LAYER, &conn); + + if (result != SASL_OK) { + snprintf(response, sizeof(response), "SASL client initialization " + "failed: %s", sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + /* + * Initialize the security properties + */ + + memset(&secprops, 0, sizeof(secprops)); + secprops.maxbufsize = BUFSIZ; + secprops.max_ssf = UINT_MAX; + memset(&extprops, 0, sizeof(extprops)); + + result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops); + + if (result != SASL_OK) { + snprintf(response, sizeof(response), "SASL security property " + "initialization failed: %s", + sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + result = sasl_setprop(conn, SASL_SSF_EXTERNAL, &extprops); + + if (result != SASL_OK) { + snprintf(response, sizeof(response), "SASL external property " + "initialization failed: %s", + sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + /* + * Start the actual protocol. Feed the mech list into the library + * and get out a possible initial challenge + */ + + result = sasl_client_start(conn, mech ? mech : server_mechs, + NULL, NULL, &buf, &buflen, &chosen_mech); + + if (result != SASL_OK && result != SASL_CONTINUE) { + snprintf(response, sizeof(response), "SASL client start failed: %s", + sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + if (buflen) { + status = sasl_encode64(buf, buflen, outbuf, sizeof(outbuf), NULL); + free(buf); + if (status != SASL_OK) { + snprintf(response, sizeof(response), "SASL base64 encode " + "failed: %s", sasl_errstring(status, NULL, NULL)); + return NOTOK; + } + + status = command("AUTH %s %s", chosen_mech, outbuf); + } else + status = command("AUTH %s", chosen_mech); + + while (result == SASL_CONTINUE) { + if (status == NOTOK) + return NOTOK; + + /* + * If we get a "+OK" prefix to our response, then we should + * exit out of this exchange now (because authenticated should + * have succeeded) + */ + + if (strncmp(response, "+OK", 3) == 0) + break; + + /* + * Otherwise, make sure the server challenge is correctly formatted + */ + + if (strncmp(response, "+ ", 2) != 0) { + command("*"); + snprintf(response, sizeof(response), + "Malformed authentication message from server"); + return NOTOK; + } + + result = sasl_decode64(response + 2, strlen(response + 2), + outbuf, &outlen); + + if (result != SASL_OK) { + command("*"); + snprintf(response, sizeof(response), "SASL base64 decode " + "failed: %s", sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + result = sasl_client_step(conn, outbuf, outlen, NULL, &buf, &buflen); + + if (result != SASL_OK && result != SASL_CONTINUE) { + command("*"); + snprintf(response, sizeof(response), "SASL client negotiaton " + "failed: %s", sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + status = sasl_encode64(buf, buflen, outbuf, sizeof(outbuf), NULL); + free(buf); + + if (status != SASL_OK) { + command("*"); + snprintf(response, sizeof(response), "SASL base64 encode " + "failed: %s", sasl_errstring(status, NULL, NULL)); + return NOTOK; + } + + status = command(outbuf); + } + + /* + * If we didn't get a positive final response, then error out + * (that probably means we failed an authorization check). + */ + + if (status != OK) + return NOTOK; + + /* + * Depending on the mechanism, we might need to call sasl_client_step() + * one more time. Do that now. + */ + + result = sasl_client_step(conn, NULL, 0, NULL, &buf, &buflen); + + if (result != SASL_OK) { + snprintf(response, sizeof(response), "SASL final client negotiaton " + "failed: %s", sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + /* + * We _should_ be okay now. Get a few properties now that negotiation + * has completed. + */ + + result = sasl_getprop(conn, SASL_MAXOUTBUF, (void **) &moutbuf); + + if (result != SASL_OK) { + snprintf(response, sizeof(response), "Cannot retrieve SASL negotiated " + "output buffer size: %s", sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + maxoutbuf = *moutbuf; + + result = sasl_getprop(conn, SASL_SSF, (void **) &ssf); + + sasl_ssf = *ssf; + + if (result != SASL_OK) { + snprintf(response, sizeof(response), "Cannot retrieve SASL negotiated " + "security strength factor: %s", + sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + /* + * Limit this to what we can deal with. + */ + + if (maxoutbuf == 0 || maxoutbuf > BUFSIZ) + maxoutbuf = BUFSIZ; + + sasl_complete = 1; + + return status; +} + +/* + * Callback to return the userid sent down via the user parameter + */ + +static int +sasl_get_user(void *context, int id, const char **result, unsigned *len) +{ + char *user = (char *) context; + + if (! result || id != SASL_CB_USER) + return SASL_BADPARAM; + + *result = user; + if (len) + *len = strlen(user); + + return SASL_OK; +} + +/* + * Callback to return the password (we call ruserpass, which can get it + * out of the .netrc + */ + +static int +sasl_get_pass(sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret) +{ + struct pass_context *p_context = (struct pass_context *) context; + char *pass = NULL; + int len; + + if (! psecret || id != SASL_CB_PASS) + return SASL_BADPARAM; + + ruserpass(p_context->user, &(p_context->host), &pass); + + len = strlen(pass); + + *psecret = (sasl_secret_t *) malloc(sizeof(sasl_secret_t) + len); + + if (! *psecret) + return SASL_NOMEM; + + (*psecret)->len = len; + strcpy((*psecret)->data, pass); + + return SASL_OK; +} +#endif /* CYRUS_SASL */ int -pop_init (char *host, char *user, char *pass, int snoop, int rpop, int kpop) +pop_init (char *host, char *user, char *pass, int snoop, int rpop, int kpop, + int sasl, char *mech) { int fd1, fd2; char buffer[BUFSIZ]; @@ -187,6 +534,12 @@ pop_init (char *host, char *user, char *pass, int snoop, int rpop, int kpop) } else # endif /* APOP */ +# ifdef CYRUS_SASL + if (sasl) { + if (pop_auth_sasl(user, host, mech) != NOTOK) + return OK; + } else +# endif /* CYRUS_SASL */ if (command ("USER %s", user) != NOTOK && command ("%s %s", rpop ? "RPOP" : (pophack++, "PASS"), pass) != NOTOK) @@ -550,6 +903,10 @@ pop_quit (void) int pop_done (void) { +#ifdef CYRUS_SASL + if (conn) + sasl_dispose(&conn); +#endif /* CYRUS_SASL */ fclose (input); fclose (output); @@ -581,6 +938,10 @@ vcommand (const char *fmt, va_list ap) vsnprintf (buffer, sizeof(buffer), fmt, ap); if (poprint) { +#ifdef CYRUS_SASL + if (sasl_ssf) + fprintf(stderr, "(encrypted) "); +#endif /* CYRUS_SASL */ if (pophack) { if ((cp = strchr (buffer, ' '))) *cp = 0; @@ -596,6 +957,11 @@ vcommand (const char *fmt, va_list ap) if (putline (buffer, output) == NOTOK) return NOTOK; +#ifdef CYRUS_SASL + if (poprint && sasl_ssf) + fprintf(stderr, "(decrypted) "); +#endif /* CYRUS_SASL */ + switch (getline (response, sizeof response, input)) { case OK: if (poprint) @@ -630,8 +996,13 @@ multiline (void) if (getline (buffer, sizeof buffer, input) != OK) return NOTOK; #ifdef DEBUG - if (poprint) + if (poprint) { +#ifdef CYRUS_SASL + if (sasl_ssf) + fprintf(stderr, "(decrypted) "); +#endif /* CYRUS_SASL */ fprintf (stderr, "<--- %s\n", response); + } #endif DEBUG if (strncmp (buffer, TRM, TRMLEN) == 0) { if (buffer[TRMLEN] == 0) @@ -645,6 +1016,10 @@ multiline (void) return OK; } +/* + * Note that these functions have been modified to deal with layer encryption + * in the SASL case + */ static int getline (char *s, int n, FILE *iop) @@ -653,9 +1028,11 @@ getline (char *s, int n, FILE *iop) char *p; p = s; - while (--n > 0 && (c = fgetc (iop)) != EOF) + while (--n > 0 && (c = sasl_fgetc (iop)) != EOF && c != -2) if ((*p++ = c) == '\n') break; + if (c == -2) + return NOTOK; if (ferror (iop) && c != EOF) { strncpy (response, "error on connection", sizeof(response)); return NOTOK; @@ -677,7 +1054,37 @@ getline (char *s, int n, FILE *iop) static int putline (char *s, FILE *iop) { - fprintf (iop, "%s\r\n", s); +#ifdef CYRUS_SASL + char outbuf[BUFSIZ], *buf; + int result; + unsigned int buflen; + + if (!sasl_complete) { +#endif /* CYRUS_SASL */ + fprintf (iop, "%s\r\n", s); +#ifdef CYRUS_SASL + } else { + /* + * Build an output buffer, encrypt it using sasl_encode, and + * squirt out the results. + */ + strncpy(outbuf, s, sizeof(outbuf) - 3); + outbuf[sizeof(outbuf) - 3] = '\0'; /* Just in case */ + strcat(outbuf, "\r\n"); + + result = sasl_encode(conn, outbuf, strlen(outbuf), &buf, &buflen); + + if (result != SASL_OK) { + snprintf(response, sizeof(response), "SASL encoding error: %s", + sasl_errstring(result, NULL, NULL)); + return NOTOK; + } + + fwrite(buf, buflen, 1, iop); + free(buf); + } +#endif /* CYRUS_SASL */ + fflush (iop); if (ferror (iop)) { strncpy (response, "lost connection", sizeof(response)); @@ -686,3 +1093,86 @@ putline (char *s, FILE *iop) return OK; } + +#ifdef CYRUS_SASL +/* + * Okay, our little fgetc replacement. Hopefully this is a little more + * efficient than the last one. + */ +static int +sasl_fgetc(FILE *f) +{ + static unsigned char *buffer = NULL, *ptr; + static int size = 0; + static int cnt = 0; + unsigned int retbufsize = 0; + int cc, result; + char *retbuf, tmpbuf[BUFSIZ]; + + /* + * If we have some leftover data, return that + */ + + if (cnt) { + cnt--; + return (int) *ptr++; + } + + /* + * Otherwise, fill our buffer until we have some data to return. + */ + + while (retbufsize == 0) { + + cc = read(fileno(f), tmpbuf, sizeof(tmpbuf)); + + if (cc == 0) + return EOF; + + if (cc < 0) { + snprintf(response, sizeof(response), "Error during read from " + "network: %s", strerror(errno)); + return -2; + } + + /* + * We're not allowed to call sasl_decode until sasl_complete is + * true, so we do these gyrations ... + */ + + if (!sasl_complete) { + + retbuf = tmpbuf; + retbufsize = cc; + + } else { + + result = sasl_decode(conn, tmpbuf, cc, &retbuf, &retbufsize); + + if (result != SASL_OK) { + snprintf(response, sizeof(response), "Error during SASL " + "decoding: %s", sasl_errstring(result, NULL, NULL)); + return -2; + } + } + } + + if (retbufsize > size) { + buffer = realloc(buffer, retbufsize); + if (!buffer) { + snprintf(response, sizeof(response), "Error during realloc in " + "read routine: %s", strerror(errno)); + return -2; + } + size = retbufsize; + } + + memcpy(buffer, retbuf, retbufsize); + ptr = buffer + 1; + cnt = retbufsize - 1; + if (sasl_complete) + free(retbuf); + + return (int) buffer[0]; +} +#endif /* CYRUS_SASL */ diff --git a/uip/post.c b/uip/post.c index a866703..ef13279 100644 --- a/uip/post.c +++ b/uip/post.c @@ -44,6 +44,12 @@ # define uptolow(c) ((isalpha(c) && isupper (c)) ? tolower (c) : (c)) #endif +#ifndef CYRUS_SASL +# define SASLminc(a) (a) +#else /* CYRUS_SASL */ +# define SASLminc(a) 0 +#endif /* CYRUS_SASL */ + #define FCCS 10 /* max number of fccs allowed */ /* In the following array of structures, the numeric second field of the @@ -128,6 +134,12 @@ static struct swit switches[] = { { "partno", -6 }, #define QUEUESW 36 { "queued", -6 }, +#define SASLSW 37 + { "sasl", SASLminc(-4) }, +#define SASLMECHSW 38 + { "saslmech", SASLminc(-5) }, +#define USERSW 39 + { "user", SASLminc(-4) }, { NULL, 0 } }; @@ -227,6 +239,9 @@ static int whomsw = 0; /* we are whom not post */ static int checksw = 0; /* whom -check */ static int linepos=0; /* putadr()'s position on the line */ static int nameoutput=0; /* putadr() has output header name */ +static int sasl=0; /* Use SASL auth for SMTP */ +static char *saslmech=NULL; /* Force use of particular SASL mech */ +static char *user=NULL; /* Authenticate as this user */ static unsigned msgflags = 0; /* what we've seen */ @@ -517,6 +532,20 @@ main (int argc, char **argv) case QUEUESW: queued++; continue; + + case SASLSW: + sasl++; + continue; + + case SASLMECHSW: + if (!(saslmech = *argp++) || *saslmech == '-') + adios (NULL, "missing argument to %s", argp[-2]); + continue; + + case USERSW: + if (!(user = *argp++) || *user == '-') + adios (NULL, "missing argument to %s", argp[-2]); + continue; } } if (msg) @@ -1406,7 +1435,8 @@ post (char *file, int bccque, int talk) sigon (); if (rp_isbad (retval = sm_init (clientsw, serversw, watch, verbose, - snoop, onex, queued)) + snoop, onex, queued, sasl, saslmech, + user)) || rp_isbad (retval = sm_winit (smtpmode, from))) die (NULL, "problem initializing server; %s", rp_string (retval)); @@ -1443,7 +1473,8 @@ verify_all_addresses (int talk) sigon (); if (!whomsw || checksw) - if (rp_isbad (retval = sm_init (clientsw, serversw, 0, 0, snoop, 0, 0)) + if (rp_isbad (retval = sm_init (clientsw, serversw, 0, 0, snoop, 0, + 0, 0, 0, 0)) || rp_isbad (retval = sm_winit (smtpmode, from))) die (NULL, "problem initializing server; %s", rp_string (retval)); diff --git a/uip/send.c b/uip/send.c index 3e2dc60..bf689f0 100644 --- a/uip/send.c +++ b/uip/send.c @@ -11,6 +11,12 @@ #include +#ifndef CYRUS_SASL +# define SASLminc(a) (a) +#else /* CYRUS_SASL */ +# define SASLminc(a) 0 +#endif /* CYRUS_SASL */ + static struct swit switches[] = { #define ALIASW 0 { "alias aliasfile", 0 }, @@ -86,6 +92,12 @@ static struct swit switches[] = { { "server host", -6 }, #define SNOOPSW 36 { "snoop", -5 }, +#define SASLSW 37 + { "sasl", SASLminc(-4) }, +#define SASLMECHSW 38 + { "saslmech", SASLminc(-5) }, +#define USERSW 39 + { "user", SASLminc(-4) }, { NULL, 0 } }; @@ -241,6 +253,7 @@ main (int argc, char **argv) case SENDSW: case SOMLSW: case SNOOPSW: + case SASLSW: vec[vecp++] = --cp; continue; @@ -249,6 +262,8 @@ main (int argc, char **argv) case WIDTHSW: case CLIESW: case SERVSW: + case SASLMECHSW: + case USERSW: vec[vecp++] = --cp; if (!(cp = *argp++) || *cp == '-') adios (NULL, "missing argument to %s", argp[-2]); diff --git a/uip/whatnowsbr.c b/uip/whatnowsbr.c index 0e2a998..cf57792 100644 --- a/uip/whatnowsbr.c +++ b/uip/whatnowsbr.c @@ -607,6 +607,12 @@ check_draft (char *msgnam) } +#ifndef CYRUS_SASL +# define SASLminc(a) (a) +#else /* CYRUS_SASL */ +# define SASLminc(a) 0 +#endif /* CYRUS_SASL */ + static struct swit sendswitches[] = { #define ALIASW 0 { "alias aliasfile", 0 }, @@ -680,6 +686,12 @@ static struct swit sendswitches[] = { { "draftmessage msg", -6 }, #define SNDRFSW 35 { "nodraftfolder", -3 }, +#define SASLSW 36 + { "sasl", SASLminc(-4) }, +#define SASLMECHSW 37 + { "saslmech", SASLminc(-5) }, +#define USERSW 38 + { "user", SASLminc(-4) }, { NULL, 0 } }; @@ -830,6 +842,7 @@ sendit (char *sp, char **arg, char *file, int pushed) case SSNDSW: case SOMLSW: case SNOOPSW: + case SASLSW: vec[vecp++] = --cp; continue; @@ -838,6 +851,8 @@ sendit (char *sp, char **arg, char *file, int pushed) case WIDTHSW: case CLIESW: case SERVSW: + case SASLMECHSW: + case USERSW: vec[vecp++] = --cp; if (!(cp = *argp++) || *cp == '-') { advise (NULL, "missing argument to %s", argp[-2]); -- 1.7.10.4