NeoMutt  2024-11-14-34-g5aaf0d
Teaching an old dog new tricks
DOXYGEN
Loading...
Searching...
No Matches
sasl.h File Reference

SASL authentication support. More...

#include <sasl/sasl.h>
#include <stdbool.h>
+ Include dependency graph for sasl.h:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

bool sasl_auth_validator (const char *authenticator)
 Validate an auth method against Cyrus SASL methods.
 
int mutt_sasl_client_new (struct Connection *conn, sasl_conn_t **saslconn)
 Wrapper for sasl_client_new()
 
void mutt_sasl_cleanup (void)
 Invoke when processing is complete.
 
int mutt_sasl_interact (sasl_interact_t *interaction)
 Perform an SASL interaction with the user.
 
void mutt_sasl_setup_conn (struct Connection *conn, sasl_conn_t *saslconn)
 Set up an SASL connection.
 
int mutt_sasl_start (void)
 Initialise SASL library.
 

Detailed Description

SASL authentication support.

Authors
  • Richard Russon

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

Definition in file sasl.h.

Function Documentation

◆ sasl_auth_validator()

bool sasl_auth_validator ( const char *  authenticator)

Validate an auth method against Cyrus SASL methods.

Parameters
authenticatorName of the authenticator to validate
Return values
trueArgument matches an accepted auth method

Definition at line 136 of file sasl.c.

137{
138 for (size_t i = 0; i < mutt_array_size(SaslAuthenticators); i++)
139 {
140 const char *auth = SaslAuthenticators[i];
141 if (mutt_istr_equal(auth, authenticator))
142 return true;
143 }
144
145 return false;
146}
#define mutt_array_size(x)
Definition: memory.h:38
bool mutt_istr_equal(const char *a, const char *b)
Compare two strings, ignoring case.
Definition: string.c:672
static const char *const SaslAuthenticators[]
Authentication methods supported by Cyrus SASL.
Definition: sasl.c:106
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mutt_sasl_client_new()

int mutt_sasl_client_new ( struct Connection conn,
sasl_conn_t **  saslconn 
)

Wrapper for sasl_client_new()

Parameters
[in]connConnection to a server
[out]saslconnSASL connection
Return values
0Success
-1Error

which also sets various security properties. If this turns out to be fine for POP too we can probably stop exporting mutt_sasl_get_callbacks().

Definition at line 606 of file sasl.c.

607{
608 if (mutt_sasl_start() != SASL_OK)
609 return -1;
610
611 if (!conn->account.service)
612 {
613 mutt_error(_("Unknown SASL profile"));
614 return -1;
615 }
616
617 socklen_t size;
618
619 struct sockaddr_storage local = { 0 };
620 char iplocalport[IP_PORT_BUFLEN] = { 0 };
621 char *plp = NULL;
622 size = sizeof(local);
623 if (getsockname(conn->fd, (struct sockaddr *) &local, &size) == 0)
624 {
625 if (iptostring((struct sockaddr *) &local, size, iplocalport, IP_PORT_BUFLEN) == SASL_OK)
626 plp = iplocalport;
627 else
628 mutt_debug(LL_DEBUG2, "SASL failed to parse local IP address\n");
629 }
630 else
631 {
632 mutt_debug(LL_DEBUG2, "SASL failed to get local IP address\n");
633 }
634
635 struct sockaddr_storage remote = { 0 };
636 char ipremoteport[IP_PORT_BUFLEN] = { 0 };
637 char *prp = NULL;
638 size = sizeof(remote);
639 if (getpeername(conn->fd, (struct sockaddr *) &remote, &size) == 0)
640 {
641 if (iptostring((struct sockaddr *) &remote, size, ipremoteport, IP_PORT_BUFLEN) == SASL_OK)
642 prp = ipremoteport;
643 else
644 mutt_debug(LL_DEBUG2, "SASL failed to parse remote IP address\n");
645 }
646 else
647 {
648 mutt_debug(LL_DEBUG2, "SASL failed to get remote IP address\n");
649 }
650
651 mutt_debug(LL_DEBUG2, "SASL local ip: %s, remote ip:%s\n", NONULL(plp), NONULL(prp));
652
653 int rc = sasl_client_new(conn->account.service, conn->account.host, plp, prp,
654 mutt_sasl_get_callbacks(&conn->account), 0, saslconn);
655 if (rc != SASL_OK)
656 {
657 mutt_error(_("Error allocating SASL connection"));
658 return -1;
659 }
660
661 /* Work around a casting bug in the SASL krb4 module */
662 sasl_security_properties_t secprops = { 0 };
663 secprops.max_ssf = 0x7fff;
664 secprops.maxbufsize = MUTT_SASL_MAXBUF;
665 if (sasl_setprop(*saslconn, SASL_SEC_PROPS, &secprops) != SASL_OK)
666 {
667 mutt_error(_("Error setting SASL security properties"));
668 sasl_dispose(saslconn);
669 return -1;
670 }
671
672 if (conn->ssf != 0)
673 {
674 /* I'm not sure this actually has an effect, at least with SASLv2 */
675 mutt_debug(LL_DEBUG2, "External SSF: %d\n", conn->ssf);
676 if (sasl_setprop(*saslconn, SASL_SSF_EXTERNAL, &conn->ssf) != SASL_OK)
677 {
678 mutt_error(_("Error setting SASL external security strength"));
679 sasl_dispose(saslconn);
680 return -1;
681 }
682 }
683 if (conn->account.user[0])
684 {
685 mutt_debug(LL_DEBUG2, "External authentication name: %s\n", conn->account.user);
686 if (sasl_setprop(*saslconn, SASL_AUTH_EXTERNAL, conn->account.user) != SASL_OK)
687 {
688 mutt_error(_("Error setting SASL external user name"));
689 sasl_dispose(saslconn);
690 return -1;
691 }
692 }
693
694 return 0;
695}
#define mutt_error(...)
Definition: logging2.h:92
#define mutt_debug(LEVEL,...)
Definition: logging2.h:89
@ LL_DEBUG2
Log at debug level 2.
Definition: logging2.h:44
#define _(a)
Definition: message.h:28
#define MUTT_SASL_MAXBUF
Definition: sasl.c:118
#define IP_PORT_BUFLEN
Definition: sasl.c:123
int mutt_sasl_start(void)
Initialise SASL library.
Definition: sasl.c:277
static sasl_callback_t * mutt_sasl_get_callbacks(struct ConnAccount *cac)
Get the SASL callback functions.
Definition: sasl.c:389
static int iptostring(const struct sockaddr *addr, socklen_t addrlen, char *out, unsigned int outlen)
Convert IP Address to string.
Definition: sasl.c:207
#define NONULL(x)
Definition: string2.h:37
char user[128]
Username.
Definition: connaccount.h:56
const char * service
Name of the service, e.g. "imap".
Definition: connaccount.h:61
char host[128]
Server to login to.
Definition: connaccount.h:54
unsigned int ssf
Security strength factor, in bits (see notes)
Definition: connection.h:50
struct ConnAccount account
Account details: username, password, etc.
Definition: connection.h:49
int fd
Socket file descriptor.
Definition: connection.h:53
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mutt_sasl_cleanup()

void mutt_sasl_cleanup ( void  )

Invoke when processing is complete.

This is a cleanup function, used to free all memory used by the library. Invoke when processing is complete.

Definition at line 786 of file sasl.c.

787{
788 /* As we never use the server-side, the silently ignore the return value */
789 sasl_client_done();
790}
+ Here is the caller graph for this function:

◆ mutt_sasl_interact()

int mutt_sasl_interact ( sasl_interact_t *  interaction)

Perform an SASL interaction with the user.

Parameters
interactionDetails of interaction
Return values
numSASL error code: SASL_OK or SASL_FAIL

An example interaction might be asking the user for a password.

Definition at line 704 of file sasl.c.

705{
706 int rc = SASL_OK;
707 char prompt[128] = { 0 };
708 struct Buffer *resp = buf_pool_get();
709
710 while (interaction->id != SASL_CB_LIST_END)
711 {
712 mutt_debug(LL_DEBUG2, "filling in SASL interaction %ld\n", interaction->id);
713
714 snprintf(prompt, sizeof(prompt), "%s: ", interaction->prompt);
715 buf_reset(resp);
716
717 if (OptNoCurses ||
718 (mw_get_field(prompt, resp, MUTT_COMP_NO_FLAGS, HC_OTHER, NULL, NULL) != 0))
719 {
720 rc = SASL_FAIL;
721 break;
722 }
723
724 interaction->len = buf_len(resp) + 1;
725 interaction->result = buf_strdup(resp);
726 interaction++;
727 }
728
729 buf_pool_release(&resp);
730 return rc;
731}
size_t buf_len(const struct Buffer *buf)
Calculate the length of a Buffer.
Definition: buffer.c:491
void buf_reset(struct Buffer *buf)
Reset an existing Buffer.
Definition: buffer.c:76
char * buf_strdup(const struct Buffer *buf)
Copy a Buffer's string.
Definition: buffer.c:571
bool OptNoCurses
(pseudo) when sending in batch mode
Definition: globals.c:69
int mw_get_field(const char *prompt, struct Buffer *buf, CompletionFlags complete, enum HistoryClass hclass, const struct CompleteOps *comp_api, void *cdata)
Ask the user for a string -.
Definition: window.c:274
@ HC_OTHER
Miscellaneous strings.
Definition: lib.h:59
#define MUTT_COMP_NO_FLAGS
No flags are set.
Definition: mutt.h:56
struct Buffer * buf_pool_get(void)
Get a Buffer from the pool.
Definition: pool.c:81
void buf_pool_release(struct Buffer **ptr)
Return a Buffer to the pool.
Definition: pool.c:94
String manipulation buffer.
Definition: buffer.h:36
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mutt_sasl_setup_conn()

void mutt_sasl_setup_conn ( struct Connection conn,
sasl_conn_t *  saslconn 
)

Set up an SASL connection.

Parameters
connConnection to a server
saslconnSASL connection

Replace connection methods, sockdata with SASL wrappers, for protection layers. Also get ssf, as a fastpath for the read/write methods.

Definition at line 741 of file sasl.c.

742{
743 struct SaslSockData *sasldata = MUTT_MEM_MALLOC(1, struct SaslSockData);
744 /* work around sasl_getprop aliasing issues */
745 const void *tmp = NULL;
746
747 sasldata->saslconn = saslconn;
748 /* get ssf so we know whether we have to (en|de)code read/write */
749 sasl_getprop(saslconn, SASL_SSF, &tmp);
750 sasldata->ssf = tmp;
751 mutt_debug(LL_DEBUG3, "SASL protection strength: %u\n", *sasldata->ssf);
752 /* Add SASL SSF to transport SSF */
753 conn->ssf += *sasldata->ssf;
754 sasl_getprop(saslconn, SASL_MAXOUTBUF, &tmp);
755 sasldata->pbufsize = tmp;
756 mutt_debug(LL_DEBUG3, "SASL protection buffer size: %u\n", *sasldata->pbufsize);
757
758 /* clear input buffer */
759 sasldata->buf = NULL;
760 sasldata->bpos = 0;
761 sasldata->blen = 0;
762
763 /* preserve old functions */
764 sasldata->sockdata = conn->sockdata;
765 sasldata->open = conn->open;
766 sasldata->read = conn->read;
767 sasldata->write = conn->write;
768 sasldata->poll = conn->poll;
769 sasldata->close = conn->close;
770
771 /* and set up new functions */
772 conn->sockdata = sasldata;
778}
static int mutt_sasl_conn_close(struct Connection *conn)
Close SASL connection - Implements Connection::close() -.
Definition: sasl.c:443
int(* close)(struct Connection *conn)
Close a socket Connection - Implements Connection::close() -.
Definition: sasl.c:100
int(* open)(struct Connection *conn)
Open a socket Connection - Implements Connection::open() -.
Definition: sasl.c:80
static int mutt_sasl_conn_open(struct Connection *conn)
Empty wrapper for underlying open function - Implements Connection::open() -.
Definition: sasl.c:427
int(* poll)(struct Connection *conn, time_t wait_secs)
Check if any data is waiting on a socket - Implements Connection::poll() -.
Definition: sasl.c:95
static int mutt_sasl_conn_poll(struct Connection *conn, time_t wait_secs)
Check if any data is waiting on a socket - Implements Connection::poll() -.
Definition: sasl.c:584
static int mutt_sasl_conn_read(struct Connection *conn, char *buf, size_t count)
Read data from an SASL connection - Implements Connection::read() -.
Definition: sasl.c:468
int(* read)(struct Connection *conn, char *buf, size_t count)
Read from a socket Connection - Implements Connection::read() -.
Definition: sasl.c:85
static int mutt_sasl_conn_write(struct Connection *conn, const char *buf, size_t count)
Write to an SASL connection - Implements Connection::write() -.
Definition: sasl.c:534
int(* write)(struct Connection *conn, const char *buf, size_t count)
Write to a socket Connection - Implements Connection::write() -.
Definition: sasl.c:90
@ LL_DEBUG3
Log at debug level 3.
Definition: logging2.h:45
#define MUTT_MEM_MALLOC(n, type)
Definition: memory.h:41
void * sockdata
Backend-specific socket data.
Definition: connection.h:55
int(* poll)(struct Connection *conn, time_t wait_secs)
Definition: connection.h:105
int(* write)(struct Connection *conn, const char *buf, size_t count)
Definition: connection.h:92
int(* close)(struct Connection *conn)
Definition: connection.h:116
int(* open)(struct Connection *conn)
Definition: connection.h:66
int(* read)(struct Connection *conn, char *buf, size_t count)
Definition: connection.h:79
SASL authentication API -.
Definition: sasl.c:65
void * sockdata
Underlying socket data.
Definition: sasl.c:75
unsigned int blen
Size of the read buffer.
Definition: sasl.c:72
unsigned int bpos
Current read position.
Definition: sasl.c:73
const sasl_ssf_t * ssf
Definition: sasl.c:67
const unsigned int * pbufsize
Definition: sasl.c:68
const char * buf
Buffer for data read from the connection.
Definition: sasl.c:71
sasl_conn_t * saslconn
Definition: sasl.c:66
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mutt_sasl_start()

int mutt_sasl_start ( void  )

Initialise SASL library.

Return values
numSASL error code, e.g. SASL_OK

Call before doing an SASL exchange (initialises library if necessary).

Definition at line 277 of file sasl.c.

278{
279 static bool sasl_init = false;
280
281 static sasl_callback_t callbacks[2];
282 int rc;
283
284 if (sasl_init)
285 return SASL_OK;
286
287 /* set up default logging callback */
288 callbacks[0].id = SASL_CB_LOG;
289 callbacks[0].proc = (int (*)(void))(intptr_t) mutt_sasl_cb_log;
290 callbacks[0].context = NULL;
291
292 callbacks[1].id = SASL_CB_LIST_END;
293 callbacks[1].proc = NULL;
294 callbacks[1].context = NULL;
295
296 rc = sasl_client_init(callbacks);
297
298 if (rc != SASL_OK)
299 {
300 mutt_debug(LL_DEBUG1, "libsasl initialisation failed\n");
301 return SASL_FAIL;
302 }
303
304 sasl_init = true;
305
306 return SASL_OK;
307}
@ LL_DEBUG1
Log at debug level 1.
Definition: logging2.h:43
static int mutt_sasl_cb_log(void *context, int priority, const char *message)
Callback to log SASL messages.
Definition: sasl.c:240
+ Here is the call graph for this function:
+ Here is the caller graph for this function: