/*
* Heirloom mailx - a mail user agent derived from Berkeley Mail.
*
* Copyright (c) 2000-2004 Gunnar Ritter, Freiburg i. Br., Germany.
*/
/*
* Copyright (c) 2004
* Gunnar Ritter. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Gunnar Ritter
* and his contributors.
* 4. Neither the name of Gunnar Ritter nor the names of his contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY GUNNAR RITTER AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL GUNNAR RITTER OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* Partially derived from sample code in:
*
* GSS-API Programming Guide
* Part No: 816-1331-11
* Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A.
*
* (c) 2002 Sun Microsystems
*/
/*
* Copyright 1994 by OpenVision Technologies, Inc.
*
* Permission to use, copy, modify, distribute, and sell this software
* and its documentation for any purpose is hereby granted without fee,
* provided that the above copyright notice appears in all copies and
* that both that copyright notice and this permission notice appear in
* supporting documentation, and that the name of OpenVision not be used
* in advertising or publicity pertaining to distribution of the software
* without specific, written prior permission. OpenVision makes no
* representations about the suitability of this software for any
* purpose. It is provided "as is" without express or implied warranty.
*
* OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
* EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
* CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
* USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
* OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef lint
#ifdef DOSCCS
static char sccsid[] = "@(#)imap_gssapi.c 1.10 (gritter) 3/4/06";
#endif
#endif /* not lint */
/*
* Implementation of IMAP GSSAPI authentication according to RFC 1731.
*/
#ifdef USE_GSSAPI
#ifndef GSSAPI_REG_INCLUDE
#include <gssapi/gssapi.h>
#ifdef GSSAPI_OLD_STYLE
#include <gssapi/gssapi_generic.h>
#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
#endif /* GSSAPI_OLD_STYLE */
#else /* GSSAPI_REG_INCLUDE */
#include <gssapi.h>
#endif /* GSSAPI_REG_INCLUDE */
static void imap_gss_error1(const char *s, OM_uint32 code, int type);
static void imap_gss_error(const char *s, OM_uint32 maj_stat,
OM_uint32 min_stat);
static void
imap_gss_error1(const char *s, OM_uint32 code, int type)
{
OM_uint32 maj_stat, min_stat;
gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
OM_uint32 msg_ctx = 0;
do {
maj_stat = gss_display_status(&min_stat, code, type,
GSS_C_NO_OID, &msg_ctx, &msg);
if (maj_stat == GSS_S_COMPLETE) {
fprintf(stderr, "GSS error: %s / %s\n",
s,
(char *)msg.value);
if (msg.length != 0)
gss_release_buffer(&min_stat, &msg);
} else {
fprintf(stderr, "GSS error: %s / unknown\n", s);
break;
}
} while (msg_ctx);
}
static void
imap_gss_error(const char *s, OM_uint32 maj_stat, OM_uint32 min_stat)
{
imap_gss_error1(s, maj_stat, GSS_C_GSS_CODE);
imap_gss_error1(s, min_stat, GSS_C_MECH_CODE);
}
static enum okay
imap_gss(struct mailbox *mp, char *user)
{
gss_buffer_desc send_tok, recv_tok, *token_ptr;
gss_name_t target_name;
gss_ctx_id_t gss_context;
OM_uint32 maj_stat, min_stat, ret_flags;
int conf_state;
struct str in, out;
FILE *queuefp = NULL;
char *server, *cp;
char o[LINESIZE];
enum okay ok = STOP;
if (user == NULL && (user = getuser()) == NULL)
return STOP;
server = salloc(strlen(mp->mb_imap_account));
strcpy(server, mp->mb_imap_account);
if (strncmp(server, "imap://", 7) == 0)
server += 7;
else if (strncmp(server, "imaps://", 8) == 0)
server += 8;
if ((cp = last_at_before_slash(server)) != NULL)
server = &cp[1];
for (cp = server; *cp; cp++)
*cp = lowerconv(*cp&0377);
send_tok.value = salloc(send_tok.length = strlen(server) + 6);
snprintf(send_tok.value, send_tok.length, "imap@%s", server);
maj_stat = gss_import_name(&min_stat, &send_tok,
GSS_C_NT_HOSTBASED_SERVICE, &target_name);
if (maj_stat != GSS_S_COMPLETE) {
imap_gss_error(send_tok.value, maj_stat, min_stat);
return STOP;
}
token_ptr = GSS_C_NO_BUFFER;
gss_context = GSS_C_NO_CONTEXT;
maj_stat = gss_init_sec_context(&min_stat,
GSS_C_NO_CREDENTIAL,
&gss_context,
target_name,
GSS_C_NO_OID,
GSS_C_MUTUAL_FLAG|GSS_C_SEQUENCE_FLAG,
0,
GSS_C_NO_CHANNEL_BINDINGS,
token_ptr,
NULL,
&send_tok,
&ret_flags,
NULL);
if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) {
imap_gss_error("initializing GSS context", maj_stat, min_stat);
gss_release_name(&min_stat, &target_name);
return STOP;
}
snprintf(o, sizeof o, "%s AUTHENTICATE GSSAPI\r\n", tag(1));
IMAP_OUT(o, 0, return STOP);
/*
* No response data expected.
*/
imap_answer(mp, 1);
if (response_type != RESPONSE_CONT)
return STOP;
while (maj_stat == GSS_S_CONTINUE_NEEDED) {
/*
* Pass token obtained from first gss_init_sec_context() call.
*/
cp = memtob64(send_tok.value, send_tok.length);
gss_release_buffer(&min_stat, &send_tok);
snprintf(o, sizeof o, "%s\r\n", cp);
free(cp);
IMAP_OUT(o, 0, return STOP);
imap_answer(mp, 1);
if (response_type != RESPONSE_CONT)
return STOP;
in.s = responded_text;
in.l = strlen(responded_text);
mime_fromb64(&in, &out, 0);
recv_tok.value = out.s;
recv_tok.length = out.l;
token_ptr = &recv_tok;
maj_stat = gss_init_sec_context(&min_stat,
GSS_C_NO_CREDENTIAL,
&gss_context,
target_name,
GSS_C_NO_OID,
GSS_C_MUTUAL_FLAG|GSS_C_SEQUENCE_FLAG,
0,
GSS_C_NO_CHANNEL_BINDINGS,
token_ptr,
NULL,
&send_tok,
&ret_flags,
NULL);
if (maj_stat != GSS_S_COMPLETE &&
maj_stat != GSS_S_CONTINUE_NEEDED) {
imap_gss_error("initializing context",
maj_stat, min_stat);
gss_release_name(&min_stat, &target_name);
return STOP;
}
free(out.s);
}
/*
* Pass token obtained from second gss_init_sec_context() call.
*/
gss_release_name(&min_stat, &target_name);
cp = memtob64(send_tok.value, send_tok.length);
gss_release_buffer(&min_stat, &send_tok);
snprintf(o, sizeof o, "%s\r\n", cp);
free(cp);
IMAP_OUT(o, 0, return STOP);
/*
* First octet: bit-mask with protection mechanisms.
* Second to fourth octet: maximum message size in network byte order.
*
* This code currently does not care about the values.
*/
imap_answer(mp, 1);
if (response_type != RESPONSE_CONT)
return STOP;
in.s = responded_text;
in.l = strlen(responded_text);
mime_fromb64(&in, &out, 0);
recv_tok.value = out.s;
recv_tok.length = out.l;
maj_stat = gss_unwrap(&min_stat, gss_context, &recv_tok,
&send_tok, &conf_state, NULL);
if (maj_stat != GSS_S_COMPLETE) {
imap_gss_error("unwrapping data", maj_stat, min_stat);
return STOP;
}
free(out.s);
/*
* First octet: bit-mask with protection mechanisms (1 = no protection
* mechanism).
* Second to fourth octet: maximum message size in network byte order.
* Fifth and following octets: user name string.
*/
o[0] = 1;
o[1] = 0;
o[2] = o[3] = 0377;
snprintf(&o[4], sizeof o - 4, "%s", user);
send_tok.value = o;
send_tok.length = strlen(&o[4]) + 5;
maj_stat = gss_wrap(&min_stat, gss_context, 0, GSS_C_QOP_DEFAULT,
&send_tok, &conf_state, &recv_tok);
if (maj_stat != GSS_S_COMPLETE) {
imap_gss_error("wrapping data", maj_stat, min_stat);
return STOP;
}
cp = memtob64(recv_tok.value, recv_tok.length);
snprintf(o, sizeof o, "%s\r\n", cp);
free(cp);
IMAP_OUT(o, MB_COMD, return STOP);
while (mp->mb_active & MB_COMD)
ok = imap_answer(mp, 1);
gss_delete_sec_context(&min_stat, &gss_context, &recv_tok);
gss_release_buffer(&min_stat, &recv_tok);
return ok;
}
#endif /* USE_GSSAPI */