POP authentication. More...

#include "config.h"
#include <stdbool.h>
#include <stdio.h>
#include <string.h>
#include "private.h"
#include "mutt/lib.h"
#include "address/lib.h"
#include "config/lib.h"
#include "core/lib.h"
#include "conn/lib.h"
#include "adata.h"

Include dependency graph for auth.c:

Go to the source code of this file.

Functions
void	pop_apop_timestamp (struct PopAccountData adata, char buf)
	Get the server timestamp for APOP authentication. More...

static enum PopAuthRes	pop_auth_apop (struct PopAccountData adata, const char method)
	APOP authenticator - Implements PopAuth::authenticate() More...

static enum PopAuthRes	pop_auth_user (struct PopAccountData adata, const char method)
	USER authenticator - Implements PopAuth::authenticate() More...

static enum PopAuthRes	pop_auth_oauth (struct PopAccountData adata, const char method)
	Authenticate a POP connection using OAUTHBEARER - Implements PopAuth::authenticate() More...

bool	pop_auth_is_valid (const char *authenticator)
	Check if string is a valid pop authentication method. More...

int	pop_authenticate (struct PopAccountData *adata)
	Authenticate with a POP server. More...

Variables
static const struct PopAuth	PopAuthenticators []
	Accepted authentication methods. More...

Detailed Description

POP authentication.

Authors

Vsevolod Volkov
Richard Russon

Copyright: This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

Definition in file auth.c.

Function Documentation

◆ pop_apop_timestamp()

void pop_apop_timestamp	(	struct PopAccountData *	adata,
		char *	buf
	)

Get the server timestamp for APOP authentication.

Parameters

adata	POP Account data
buf	Timestamp string

Definition at line 300 of file auth.c.

{
  char *p1 = NULL, *p2 = NULL;
 
  FREE(&adata->timestamp);
 
  if ((p1 = strchr(buf, '<')) && (p2 = strchr(p1, '>')))
  {
    p2[1] = '\0';
    adata->timestamp = mutt_str_dup(p1);
  }
}

Here is the call graph for this function:

Here is the caller graph for this function:

◆ pop_auth_apop()

static enum PopAuthRes pop_auth_apop	(	struct PopAccountData *	adata,
		const char *	method
	)

static

APOP authenticator - Implements PopAuth::authenticate()

Definition at line 316 of file auth.c.

{
  struct Md5Ctx md5ctx;
  unsigned char digest[16];
  char hash[33] = { 0 };
  char buf[1024] = { 0 };
 
  if (mutt_account_getpass(&adata->conn->account) || !adata->conn->account.pass[0])
    return POP_A_FAILURE;
 
  if (!adata->timestamp)
    return POP_A_UNAVAIL;
 
  if (!mutt_addr_valid_msgid(adata->timestamp))
  {
    mutt_error(_("POP timestamp is invalid"));
    return POP_A_UNAVAIL;
  }
 
  // L10N: (%s) is the method name, e.g. Anonymous, CRAM-MD5, GSSAPI, SASL
  mutt_message(_("Authenticating (%s)..."), "APOP");
 
  /* Compute the authentication hash to send to the server */
  mutt_md5_init_ctx(&md5ctx);
  mutt_md5_process(adata->timestamp, &md5ctx);
  mutt_md5_process(adata->conn->account.pass, &md5ctx);
  mutt_md5_finish_ctx(&md5ctx, digest);
  mutt_md5_toascii(digest, hash);
 
  /* Send APOP command to server */
  snprintf(buf, sizeof(buf), "APOP %s %s\r\n", adata->conn->account.user, hash);
 
  switch (pop_query(adata, buf, sizeof(buf)))
  {
    case 0:
      return POP_A_SUCCESS;
    case -1:
      return POP_A_SOCKET;
  }
 
  // L10N: %s is the method name, e.g. Anonymous, CRAM-MD5, GSSAPI, SASL
  mutt_error(_("%s authentication failed"), "APOP");
 
  return POP_A_FAILURE;
}

Here is the call graph for this function:

◆ pop_auth_user()

static enum PopAuthRes pop_auth_user	(	struct PopAccountData *	adata,
		const char *	method
	)

static

USER authenticator - Implements PopAuth::authenticate()

Definition at line 365 of file auth.c.

{
  if (!adata->cmd_user)
    return POP_A_UNAVAIL;
 
  if (mutt_account_getpass(&adata->conn->account) || !adata->conn->account.pass[0])
    return POP_A_FAILURE;
 
  mutt_message(_("Logging in..."));
 
  char buf[1024] = { 0 };
  snprintf(buf, sizeof(buf), "USER %s\r\n", adata->conn->account.user);
  int rc = pop_query(adata, buf, sizeof(buf));
 
  if (adata->cmd_user == 2)
  {
    if (rc == 0)
    {
      adata->cmd_user = 1;
 
      mutt_debug(LL_DEBUG1, "set USER capability\n");
    }
 
    if (rc == -2)
    {
      adata->cmd_user = 0;
 
      mutt_debug(LL_DEBUG1, "unset USER capability\n");
      snprintf(adata->err_msg, sizeof(adata->err_msg), "%s",
               _("Command USER is not supported by server"));
    }
  }
 
  if (rc == 0)
  {
    snprintf(buf, sizeof(buf), "PASS %s\r\n", adata->conn->account.pass);
    const short c_debug_level = cs_subset_number(NeoMutt->sub, "debug_level");
    rc = pop_query_d(adata, buf, sizeof(buf),
                     /* don't print the password unless we're at the ungodly debugging level */
                     (c_debug_level < MUTT_SOCK_LOG_FULL) ? "PASS *\r\n" : NULL);
  }
 
  switch (rc)
  {
    case 0:
      return POP_A_SUCCESS;
    case -1:
      return POP_A_SOCKET;
  }
 
  mutt_error("%s %s", _("Login failed"), adata->err_msg);
 
  return POP_A_FAILURE;
}

Here is the call graph for this function:

◆ pop_auth_oauth()

static enum PopAuthRes pop_auth_oauth	(	struct PopAccountData *	adata,
		const char *	method
	)

static

Authenticate a POP connection using OAUTHBEARER - Implements PopAuth::authenticate()

Definition at line 423 of file auth.c.

{
  /* If they did not explicitly request or configure oauth then fail quietly */
  const char *const c_pop_oauth_refresh_command = cs_subset_string(NeoMutt->sub, "pop_oauth_refresh_command");
  if (!method && !c_pop_oauth_refresh_command)
    return POP_A_UNAVAIL;
 
  // L10N: (%s) is the method name, e.g. Anonymous, CRAM-MD5, GSSAPI, SASL
  mutt_message(_("Authenticating (%s)..."), "OAUTHBEARER");
 
  char *oauthbearer = mutt_account_getoauthbearer(&adata->conn->account, false);
  if (!oauthbearer)
    return POP_A_FAILURE;
 
  size_t auth_cmd_len = strlen(oauthbearer) + 30;
  char *auth_cmd = mutt_mem_malloc(auth_cmd_len);
  snprintf(auth_cmd, auth_cmd_len, "AUTH OAUTHBEARER %s\r\n", oauthbearer);
  FREE(&oauthbearer);
 
  int rc = pop_query_d(adata, auth_cmd, strlen(auth_cmd),
#ifdef DEBUG
                       /* don't print the bearer token unless we're at the ungodly debugging level */
                       (cs_subset_number(NeoMutt->sub, "debug_level") < MUTT_SOCK_LOG_FULL) ?
                           "AUTH OAUTHBEARER *\r\n" :
#endif
                           NULL);
  FREE(&auth_cmd);
 
  switch (rc)
  {
    case 0:
      return POP_A_SUCCESS;
    case -1:
      return POP_A_SOCKET;
  }
 
  /* The error response was a SASL continuation, so "continue" it.
   * See RFC7628 3.2.3 */
  mutt_socket_send(adata->conn, "\001");
 
  char *err = adata->err_msg;
  char decoded_err[1024] = { 0 };
  int len = mutt_b64_decode(adata->err_msg, decoded_err, sizeof(decoded_err) - 1);
  if (len >= 0)
  {
    decoded_err[len] = '\0';
    err = decoded_err;
  }
  mutt_error("%s %s", _("Authentication failed"), err);
 
  return POP_A_FAILURE;
}

Here is the call graph for this function:

◆ pop_auth_is_valid()

bool pop_auth_is_valid ( const char * authenticator )

Check if string is a valid pop authentication method.

Parameters

authenticator Authenticator string to check

Return values

true	Argument is a valid auth method

Validate whether an input string is an accepted pop authentication method as defined by PopAuthenticators.

Definition at line 502 of file auth.c.

{
  for (size_t i = 0; i < mutt_array_size(PopAuthenticators); i++)
  {
    const struct PopAuth *auth = &PopAuthenticators[i];
    if (auth->method && mutt_istr_equal(auth->method, authenticator))
      return true;
  }
 
  return false;
}

Here is the call graph for this function:

Here is the caller graph for this function:

◆ pop_authenticate()

int pop_authenticate ( struct PopAccountData * adata )

Authenticate with a POP server.

Parameters

adata POP Account data

Return values

num	Result, e.g. POP_A_SUCCESS
0	Successful
-1	Connection lost
-2	Login failed
-3	Authentication cancelled

Definition at line 523 of file auth.c.

{
  struct ConnAccount *cac = &adata->conn->account;
  const struct PopAuth *authenticator = NULL;
  int attempts = 0;
  int rc = POP_A_UNAVAIL;
 
  if ((mutt_account_getuser(cac) < 0) || (cac->user[0] == '\0'))
  {
    return -3;
  }
 
  const struct Slist *c_pop_authenticators = cs_subset_slist(NeoMutt->sub, "pop_authenticators");
  const bool c_pop_auth_try_all = cs_subset_bool(NeoMutt->sub, "pop_auth_try_all");
  if (c_pop_authenticators && (c_pop_authenticators->count > 0))
  {
    /* Try user-specified list of authentication methods */
    struct ListNode *np = NULL;
    STAILQ_FOREACH(np, &c_pop_authenticators->head, entries)
    {
      mutt_debug(LL_DEBUG2, "Trying method %s\n", np->data);
      authenticator = PopAuthenticators;
 
      while (authenticator->authenticate)
      {
        if (!authenticator->method || mutt_istr_equal(authenticator->method, np->data))
        {
          rc = authenticator->authenticate(adata, np->data);
          if (rc == POP_A_SOCKET)
          {
            switch (pop_connect(adata))
            {
              case 0:
              {
                rc = authenticator->authenticate(adata, np->data);
                break;
              }
              case -2:
                rc = POP_A_FAILURE;
            }
          }
 
          if (rc != POP_A_UNAVAIL)
            attempts++;
          if ((rc == POP_A_SUCCESS) || (rc == POP_A_SOCKET) ||
              ((rc == POP_A_FAILURE) && !c_pop_auth_try_all))
          {
            break;
          }
        }
        authenticator++;
      }
    }
  }
  else
  {
    /* Fall back to default: any authenticator */
    mutt_debug(LL_DEBUG2, "Using any available method\n");
    authenticator = PopAuthenticators;
 
    while (authenticator->authenticate)
    {
      rc = authenticator->authenticate(adata, NULL);
      if (rc == POP_A_SOCKET)
      {
        switch (pop_connect(adata))
        {
          case 0:
          {
            rc = authenticator->authenticate(adata, NULL);
            break;
          }
          case -2:
            rc = POP_A_FAILURE;
        }
      }
 
      if (rc != POP_A_UNAVAIL)
        attempts++;
      if ((rc == POP_A_SUCCESS) || (rc == POP_A_SOCKET) ||
          ((rc == POP_A_FAILURE) && !c_pop_auth_try_all))
      {
        break;
      }
 
      authenticator++;
    }
  }
 
  switch (rc)
  {
    case POP_A_SUCCESS:
      return 0;
    case POP_A_SOCKET:
      return -1;
    case POP_A_UNAVAIL:
      if (attempts == 0)
        mutt_error(_("No authenticators available"));
  }
 
  return -2;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

◆ PopAuthenticators

const struct PopAuth PopAuthenticators[]

static

Initial value:

= {
  
  { pop_auth_oauth, "oauthbearer" },
 
  { pop_auth_apop, "apop" },
  { pop_auth_user, "user" },
  { NULL, NULL },
  
}

Accepted authentication methods.

Definition at line 479 of file auth.c.

Functions

Variables

Detailed Description

Function Documentation

◆ pop_apop_timestamp()

◆ pop_auth_apop()

◆ pop_auth_user()

◆ pop_auth_oauth()

◆ pop_auth_is_valid()

◆ pop_authenticate()

Variable Documentation

◆ PopAuthenticators