auth_oauth.c

Go to the documentation of this file.

 
#include "config.h"
#include <stdbool.h>
#include <stdio.h>
#include "private.h"
#include "mutt/lib.h"
#include "config/lib.h"
#include "core/lib.h"
#include "conn/lib.h"
#include "auth.h"
#include "adata.h"
#include "mutt_logging.h"
 
static enum ImapAuthRes imap_auth_oauth_xoauth2(struct ImapAccountData *adata,
                                                const char *method, bool xoauth2)
{
  char *ibuf = NULL;
  char *oauthbearer = NULL;
  const char *authtype = xoauth2 ? "XOAUTH2" : "OAUTHBEARER";
  int ilen;
  int rc;
 
  /* For now, we only support SASL_IR also and over TLS */
  if ((xoauth2 && !(adata->capabilities & IMAP_CAP_AUTH_XOAUTH2)) ||
      (!xoauth2 && !(adata->capabilities & IMAP_CAP_AUTH_OAUTHBEARER)) ||
      !(adata->capabilities & IMAP_CAP_SASL_IR) || (adata->conn->ssf == 0))
  {
    return IMAP_AUTH_UNAVAIL;
  }
 
  /* If they did not explicitly request or configure oauth then fail quietly */
  const char *const c_imap_oauth_refresh_command = cs_subset_string(NeoMutt->sub, "imap_oauth_refresh_command");
  if (!method && !c_imap_oauth_refresh_command)
    return IMAP_AUTH_UNAVAIL;
 
  // L10N: (%s) is the method name, e.g. Anonymous, CRAM-MD5, GSSAPI, SASL
  mutt_message(_("Authenticating (%s)..."), authtype);
 
  /* We get the access token from the imap_oauth_refresh_command */
  oauthbearer = mutt_account_getoauthbearer(&adata->conn->account, xoauth2);
  if (!oauthbearer)
    return IMAP_AUTH_FAILURE;
 
  ilen = mutt_str_len(oauthbearer) + 30;
  ibuf = mutt_mem_malloc(ilen);
  snprintf(ibuf, ilen, "AUTHENTICATE %s %s", authtype, oauthbearer);
 
  /* This doesn't really contain a password, but the token is good for
   * an hour, so suppress it anyways.  */
  rc = imap_exec(adata, ibuf, IMAP_CMD_PASS);
 
  FREE(&oauthbearer);
  FREE(&ibuf);
 
  if (rc != IMAP_EXEC_SUCCESS)
  {
    /* The error response was in SASL continuation, so continue the SASL
     * to cause a failure and exit SASL input.  See RFC7628 3.2.3 */
    mutt_socket_send(adata->conn, "\001");
    rc = imap_exec(adata, ibuf, IMAP_CMD_NO_FLAGS);
  }
 
  if (rc == IMAP_EXEC_SUCCESS)
  {
    mutt_clear_error();
    return IMAP_AUTH_SUCCESS;
  }
 
  // L10N: %s is the method name, e.g. Anonymous, CRAM-MD5, GSSAPI, SASL
  mutt_error(_("%s authentication failed"), authtype);
  return IMAP_AUTH_FAILURE;
}
 
enum ImapAuthRes imap_auth_oauth(struct ImapAccountData *adata, const char *method)
{
  return imap_auth_oauth_xoauth2(adata, method, false);
}
 
enum ImapAuthRes imap_auth_xoauth2(struct ImapAccountData *adata, const char *method)
{
  return imap_auth_oauth_xoauth2(adata, method, true);
}