Logo Search packages:      
Sourcecode: heirloom-mailx version File versions  Download package

imap_gssapi.c

/*
 * Heirloom mailx - a mail user agent derived from Berkeley Mail.
 *
 * Copyright (c) 2000-2004 Gunnar Ritter, Freiburg i. Br., Germany.
 */
/*
 * Copyright (c) 2004
 *    Gunnar Ritter.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    This product includes software developed by Gunnar Ritter
 *    and his contributors.
 * 4. Neither the name of Gunnar Ritter nor the names of his contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY GUNNAR RITTER AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL GUNNAR RITTER OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

/*
 * Partially derived from sample code in:
 *
 * GSS-API Programming Guide
 * Part No: 816-1331-11
 * Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A.
 *
 * (c) 2002 Sun Microsystems
 */
/*
 * Copyright 1994 by OpenVision Technologies, Inc.
 * 
 * Permission to use, copy, modify, distribute, and sell this software
 * and its documentation for any purpose is hereby granted without fee,
 * provided that the above copyright notice appears in all copies and
 * that both that copyright notice and this permission notice appear in
 * supporting documentation, and that the name of OpenVision not be used
 * in advertising or publicity pertaining to distribution of the software
 * without specific, written prior permission. OpenVision makes no
 * representations about the suitability of this software for any
 * purpose.  It is provided "as is" without express or implied warranty.
 * 
 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 * PERFORMANCE OF THIS SOFTWARE.
 */

#ifndef lint
#ifdef      DOSCCS
static char sccsid[] = "@(#)imap_gssapi.c 1.10 (gritter) 3/4/06";
#endif
#endif /* not lint */

/*
 * Implementation of IMAP GSSAPI authentication according to RFC 1731.
 */

#ifdef      USE_GSSAPI

#ifndef     GSSAPI_REG_INCLUDE
#include <gssapi/gssapi.h>
#ifdef      GSSAPI_OLD_STYLE
#include <gssapi/gssapi_generic.h>
#define     GSS_C_NT_HOSTBASED_SERVICE    gss_nt_service_name
#endif      /* GSSAPI_OLD_STYLE */
#else /* GSSAPI_REG_INCLUDE */
#include <gssapi.h>
#endif      /* GSSAPI_REG_INCLUDE */

static void imap_gss_error1(const char *s, OM_uint32 code, int type);
static void imap_gss_error(const char *s, OM_uint32 maj_stat,
            OM_uint32 min_stat);
static void
imap_gss_error1(const char *s, OM_uint32 code, int type)
{
      OM_uint32   maj_stat, min_stat;
      gss_buffer_desc   msg = GSS_C_EMPTY_BUFFER;
      OM_uint32   msg_ctx = 0;

      do {
            maj_stat = gss_display_status(&min_stat, code, type,
                        GSS_C_NO_OID, &msg_ctx, &msg);
            if (maj_stat == GSS_S_COMPLETE) {
                  fprintf(stderr, "GSS error: %s / %s\n",
                              s,
                              (char *)msg.value);
                  if (msg.length != 0)
                        gss_release_buffer(&min_stat, &msg);
            } else {
                  fprintf(stderr, "GSS error: %s / unknown\n", s);
                  break;
            }
      } while (msg_ctx);
}

static void
imap_gss_error(const char *s, OM_uint32 maj_stat, OM_uint32 min_stat)
{
      imap_gss_error1(s, maj_stat, GSS_C_GSS_CODE);
      imap_gss_error1(s, min_stat, GSS_C_MECH_CODE);
}

static enum okay 
imap_gss(struct mailbox *mp, char *user)
{
      gss_buffer_desc   send_tok, recv_tok, *token_ptr;
      gss_name_t  target_name;
      gss_ctx_id_t      gss_context;
      OM_uint32   maj_stat, min_stat, ret_flags;
      int   conf_state;
      struct str  in, out;
      FILE  *queuefp = NULL;
      char  *server, *cp;
      char  o[LINESIZE];
      enum okay   ok = STOP;

      if (user == NULL && (user = getuser()) == NULL)
            return STOP;
      server = salloc(strlen(mp->mb_imap_account));
      strcpy(server, mp->mb_imap_account);
      if (strncmp(server, "imap://", 7) == 0)
            server += 7;
      else if (strncmp(server, "imaps://", 8) == 0)
            server += 8;
      if ((cp = last_at_before_slash(server)) != NULL)
            server = &cp[1];
      for (cp = server; *cp; cp++)
            *cp = lowerconv(*cp&0377);
      send_tok.value = salloc(send_tok.length = strlen(server) + 6);
      snprintf(send_tok.value, send_tok.length, "imap@%s", server);
      maj_stat = gss_import_name(&min_stat, &send_tok,
                  GSS_C_NT_HOSTBASED_SERVICE, &target_name);
      if (maj_stat != GSS_S_COMPLETE) {
            imap_gss_error(send_tok.value, maj_stat, min_stat);
            return STOP;
      }
      token_ptr = GSS_C_NO_BUFFER;
      gss_context = GSS_C_NO_CONTEXT;
      maj_stat = gss_init_sec_context(&min_stat,
                  GSS_C_NO_CREDENTIAL,
                  &gss_context,
                  target_name,
                  GSS_C_NO_OID,
                  GSS_C_MUTUAL_FLAG|GSS_C_SEQUENCE_FLAG,
                  0,
                  GSS_C_NO_CHANNEL_BINDINGS,
                  token_ptr,
                  NULL,
                  &send_tok,
                  &ret_flags,
                  NULL);
      if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) {
            imap_gss_error("initializing GSS context", maj_stat, min_stat);
            gss_release_name(&min_stat, &target_name);
            return STOP;
      }
      snprintf(o, sizeof o, "%s AUTHENTICATE GSSAPI\r\n", tag(1));
      IMAP_OUT(o, 0, return STOP);
      /*
       * No response data expected.
       */
      imap_answer(mp, 1);
      if (response_type != RESPONSE_CONT)
            return STOP;
      while (maj_stat == GSS_S_CONTINUE_NEEDED) {
            /*
             * Pass token obtained from first gss_init_sec_context() call.
             */
            cp = memtob64(send_tok.value, send_tok.length);
            gss_release_buffer(&min_stat, &send_tok);
            snprintf(o, sizeof o, "%s\r\n", cp);
            free(cp);
            IMAP_OUT(o, 0, return STOP);
            imap_answer(mp, 1);
            if (response_type != RESPONSE_CONT)
                  return STOP;
            in.s = responded_text;
            in.l = strlen(responded_text);
            mime_fromb64(&in, &out, 0);
            recv_tok.value = out.s;
            recv_tok.length = out.l;
            token_ptr = &recv_tok;
            maj_stat = gss_init_sec_context(&min_stat,
                        GSS_C_NO_CREDENTIAL,
                        &gss_context,
                        target_name,
                        GSS_C_NO_OID,
                        GSS_C_MUTUAL_FLAG|GSS_C_SEQUENCE_FLAG,
                        0,
                        GSS_C_NO_CHANNEL_BINDINGS,
                        token_ptr,
                        NULL,
                        &send_tok,
                        &ret_flags,
                        NULL);
            if (maj_stat != GSS_S_COMPLETE &&
                        maj_stat != GSS_S_CONTINUE_NEEDED) {
                  imap_gss_error("initializing context",
                              maj_stat, min_stat);
                  gss_release_name(&min_stat, &target_name);
                  return STOP;
            }
            free(out.s);
      }
      /*
       * Pass token obtained from second gss_init_sec_context() call.
       */
      gss_release_name(&min_stat, &target_name);
      cp = memtob64(send_tok.value, send_tok.length);
      gss_release_buffer(&min_stat, &send_tok);
      snprintf(o, sizeof o, "%s\r\n", cp);
      free(cp);
      IMAP_OUT(o, 0, return STOP);
      /*
       * First octet: bit-mask with protection mechanisms.
       * Second to fourth octet: maximum message size in network byte order.
       *
       * This code currently does not care about the values.
       */
      imap_answer(mp, 1);
      if (response_type != RESPONSE_CONT)
            return STOP;
      in.s = responded_text;
      in.l = strlen(responded_text);
      mime_fromb64(&in, &out, 0);
      recv_tok.value = out.s;
      recv_tok.length = out.l;
      maj_stat = gss_unwrap(&min_stat, gss_context, &recv_tok,
                  &send_tok, &conf_state, NULL);
      if (maj_stat != GSS_S_COMPLETE) {
            imap_gss_error("unwrapping data", maj_stat, min_stat);
            return STOP;
      }
      free(out.s);
      /*
       * First octet: bit-mask with protection mechanisms (1 = no protection
       *    mechanism).
       * Second to fourth octet: maximum message size in network byte order.
       * Fifth and following octets: user name string.
       */
      o[0] = 1;
      o[1] = 0;
      o[2] = o[3] = 0377;
      snprintf(&o[4], sizeof o - 4, "%s", user);
      send_tok.value = o;
      send_tok.length = strlen(&o[4]) + 5;
      maj_stat = gss_wrap(&min_stat, gss_context, 0, GSS_C_QOP_DEFAULT,
                  &send_tok, &conf_state, &recv_tok);
      if (maj_stat != GSS_S_COMPLETE) {
            imap_gss_error("wrapping data", maj_stat, min_stat);
            return STOP;
      }
      cp = memtob64(recv_tok.value, recv_tok.length);
      snprintf(o, sizeof o, "%s\r\n", cp);
      free(cp);
      IMAP_OUT(o, MB_COMD, return STOP);
      while (mp->mb_active & MB_COMD)
            ok = imap_answer(mp, 1);
      gss_delete_sec_context(&min_stat, &gss_context, &recv_tok);
      gss_release_buffer(&min_stat, &recv_tok);
      return ok;
}

#endif      /* USE_GSSAPI */

Generated by  Doxygen 1.6.0   Back to index