48#include <gssapi/gssapi.h>
49#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
51#include <gssapi/gssapi.h>
52#include <gssapi/gssapi_generic.h>
55#define GSS_AUTH_P_NONE 1
56#define GSS_AUTH_P_INTEGRITY 2
57#define GSS_AUTH_P_PRIVACY 4
66 OM_uint32 maj_stat, min_stat;
67 OM_uint32 msg_ctx = 0;
68 gss_buffer_desc status_string;
69 char buf_maj[512] = { 0 };
70 char buf_min[512] = { 0 };
74 maj_stat = gss_display_status(&min_stat, err_maj, GSS_C_GSS_CODE,
75 GSS_C_NO_OID, &msg_ctx, &status_string);
76 if (GSS_ERROR(maj_stat))
78 size_t status_len = status_string.length;
79 if (status_len >=
sizeof(buf_maj))
80 status_len =
sizeof(buf_maj) - 1;
81 strncpy(buf_maj, (
char *) status_string.value, status_len);
82 buf_maj[status_len] =
'\0';
83 gss_release_buffer(&min_stat, &status_string);
85 maj_stat = gss_display_status(&min_stat, err_min, GSS_C_MECH_CODE,
86 GSS_C_NULL_OID, &msg_ctx, &status_string);
87 if (!GSS_ERROR(maj_stat))
89 status_len = status_string.length;
90 if (status_len >=
sizeof(buf_min))
91 status_len =
sizeof(buf_min) - 1;
92 strncpy(buf_min, (
char *) status_string.value, status_len);
93 buf_min[status_len] =
'\0';
94 gss_release_buffer(&min_stat, &status_string);
96 }
while (!GSS_ERROR(maj_stat) && (msg_ctx != 0));
106 gss_buffer_desc request_buf, send_token;
107 gss_buffer_t sec_token;
108 gss_name_t target_name;
109 gss_ctx_id_t context;
111 char server_conf_flags;
114 OM_uint32 maj_stat, min_stat;
115 unsigned long buf_size;
129 request_buf.value = buf1->
data;
130 request_buf.length =
buf_len(buf1);
133 maj_stat = gss_import_name(&min_stat, &request_buf, gss_nt_service_name, &target_name);
134 if (maj_stat != GSS_S_COMPLETE)
140 else if (c_debug_level >= 2)
142 gss_display_name(&min_stat, target_name, &request_buf, &mech_name);
144 gss_release_buffer(&min_stat, &request_buf);
147 sec_token = GSS_C_NO_BUFFER;
148 context = GSS_C_NO_CONTEXT;
151 maj_stat = gss_init_sec_context(&min_stat, GSS_C_NO_CREDENTIAL, &context, target_name,
152 GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
153 0, GSS_C_NO_CHANNEL_BINDINGS, sec_token, NULL,
154 &send_token, (
unsigned int *) &cflags, NULL);
155 if ((maj_stat != GSS_S_COMPLETE) && (maj_stat != GSS_S_CONTINUE_NEEDED))
159 gss_release_name(&min_stat, &target_name);
180 gss_release_name(&min_stat, &target_name);
187 gss_release_buffer(&min_stat, &send_token);
191 while (maj_stat == GSS_S_CONTINUE_NEEDED)
202 gss_release_name(&min_stat, &target_name);
209 gss_release_name(&min_stat, &target_name);
212 request_buf.value = buf2->
data;
213 request_buf.length =
buf_len(buf2);
214 sec_token = &request_buf;
217 maj_stat = gss_init_sec_context(&min_stat, GSS_C_NO_CREDENTIAL, &context, target_name,
218 GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
219 0, GSS_C_NO_CHANNEL_BINDINGS, sec_token, NULL,
220 &send_token, (
unsigned int *) &cflags, NULL);
221 if ((maj_stat != GSS_S_COMPLETE) && (maj_stat != GSS_S_CONTINUE_NEEDED))
225 gss_release_name(&min_stat, &target_name);
230 gss_release_buffer(&min_stat, &send_token);
235 gss_release_name(&min_stat, &target_name);
253 request_buf.value = buf2->
data;
254 request_buf.length =
buf_len(buf2);
256 maj_stat = gss_unwrap(&min_stat, context, &request_buf, &send_token, &cflags, &quality);
257 if (maj_stat != GSS_S_COMPLETE)
261 gss_release_buffer(&min_stat, &send_token);
267 server_conf_flags = ((
char *) send_token.value)[0];
271 gss_release_buffer(&min_stat, &send_token);
276 ((
char *) send_token.value)[0] =
'\0';
277 buf_size = ntohl(*((
long *) send_token.value));
278 gss_release_buffer(&min_stat, &send_token);
286 buf_size = htonl(buf_size);
292 request_buf.value = buf1->
data;
293 request_buf.length =
buf_len(buf1);
294 maj_stat = gss_wrap(&min_stat, context, 0, GSS_C_QOP_DEFAULT, &request_buf,
295 &cflags, &send_token);
296 if (maj_stat != GSS_S_COMPLETE)
321 maj_stat = gss_delete_sec_context(&min_stat, &context, &send_token);
322 if (maj_stat != GSS_S_COMPLETE)
329 gss_release_buffer(&min_stat, &send_token);
348 mutt_error(
_(
"%s authentication failed"),
"GSSAPI");
IMAP authenticator multiplexor.
ImapAuthRes
Results of IMAP Authentication.
@ IMAP_AUTH_FAILURE
Authentication failed.
@ IMAP_AUTH_SUCCESS
Authentication successful.
@ IMAP_AUTH_UNAVAIL
Authentication method not permitted.
static void print_gss_error(OM_uint32 err_maj, OM_uint32 err_min)
Print detailed error message to the debug log.
#define GSS_AUTH_P_PRIVACY
#define GSS_AUTH_P_INTEGRITY
size_t mutt_b64_buffer_encode(struct Buffer *buf, const char *in, size_t len)
Convert raw bytes to null-terminated base64 string.
int mutt_b64_buffer_decode(struct Buffer *buf, const char *in)
Convert null-terminated base64 string to raw bytes.
int buf_printf(struct Buffer *buf, const char *fmt,...)
Format a string overwriting a Buffer.
size_t buf_addstr_n(struct Buffer *buf, const char *s, size_t len)
Add a string to a Buffer, expanding it if necessary.
size_t buf_len(const struct Buffer *buf)
Calculate the length of a Buffer.
void buf_reset(struct Buffer *buf)
Reset an existing Buffer.
size_t buf_addch(struct Buffer *buf, char c)
Add a single character to a Buffer.
size_t buf_addstr(struct Buffer *buf, const char *s)
Add a string to a Buffer.
static const char * buf_string(const struct Buffer *buf)
Convert a buffer to a const char * "string".
short cs_subset_number(const struct ConfigSubset *sub, const char *name)
Get a number config item by name.
Convenience wrapper for the config headers.
int mutt_account_getuser(struct ConnAccount *cac)
Retrieve username into ConnAccount, if necessary.
Convenience wrapper for the core headers.
enum ImapAuthRes imap_auth_gss(struct ImapAccountData *adata, const char *method)
GSS Authentication support - Implements ImapAuth::authenticate() -.
#define mutt_message(...)
#define mutt_debug(LEVEL,...)
int imap_cmd_start(struct ImapAccountData *adata, const char *cmdstr)
Given an IMAP command, send it to the server.
int imap_cmd_step(struct ImapAccountData *adata)
Reads server responses from an IMAP command.
bool imap_code(const char *s)
Was the command successful.
#define IMAP_RES_RESPOND
+
#define IMAP_CAP_AUTH_GSSAPI
RFC1731: GSSAPI authentication.
#define IMAP_RES_CONTINUE
* ...
@ LL_DEBUG2
Log at debug level 2.
@ LL_DEBUG1
Log at debug level 1.
Convenience wrapper for the library headers.
struct Buffer * buf_pool_get(void)
Get a Buffer from the pool.
void buf_pool_release(struct Buffer **ptr)
Return a Buffer to the pool.
Pop-specific Account data.
#define mutt_socket_send(conn, buf)
String manipulation buffer.
char * data
Pointer to data.
char host[128]
Server to login to.
struct ConnAccount account
Account details: username, password, etc.
IMAP-specific Account data -.
ImapCapFlags capabilities
Capability flags.
struct Connection * conn
Connection to IMAP server.
Container for Accounts, Notifications.
struct ConfigSubset * sub
Inherited config items.