NeoMutt
Teaching an old dog new tricks
DOXYGEN
Loading...
Searching...
No Matches
sasl.h File Reference

SASL authentication support. More...

#include <sasl/sasl.h>
#include <stdbool.h>
+ Include dependency graph for sasl.h:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

bool sasl_auth_validator (const char *authenticator)
 Validate an auth method against Cyrus SASL methods.
 
int mutt_sasl_client_new (struct Connection *conn, sasl_conn_t **saslconn)
 Wrapper for sasl_client_new()
 
void mutt_sasl_cleanup (void)
 Invoke when processing is complete.
 
int mutt_sasl_interact (sasl_interact_t *interaction)
 Perform an SASL interaction with the user.
 
void mutt_sasl_setup_conn (struct Connection *conn, sasl_conn_t *saslconn)
 Set up an SASL connection.
 

Detailed Description

SASL authentication support.

Authors
  • Brendan Cully

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

Definition in file sasl.h.

Function Documentation

◆ sasl_auth_validator()

bool sasl_auth_validator ( const char *  authenticator)

Validate an auth method against Cyrus SASL methods.

Parameters
authenticatorName of the authenticator to validate
Return values
trueArgument matches an accepted auth method

Definition at line 135 of file sasl.c.

136{
137 for (size_t i = 0; i < mutt_array_size(SaslAuthenticators); i++)
138 {
139 const char *auth = SaslAuthenticators[i];
140 if (mutt_istr_equal(auth, authenticator))
141 return true;
142 }
143
144 return false;
145}
#define mutt_array_size(x)
Definition: memory.h:38
bool mutt_istr_equal(const char *a, const char *b)
Compare two strings, ignoring case.
Definition: string.c:810
static const char *const SaslAuthenticators[]
Authenticaion methods supported by Cyrus SASL.
Definition: sasl.c:105
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mutt_sasl_client_new()

int mutt_sasl_client_new ( struct Connection conn,
sasl_conn_t **  saslconn 
)

Wrapper for sasl_client_new()

Parameters
[in]connConnection to a server
[out]saslconnSASL connection
Return values
0Success
-1Error

which also sets various security properties. If this turns out to be fine for POP too we can probably stop exporting mutt_sasl_get_callbacks().

Definition at line 605 of file sasl.c.

606{
607 if (mutt_sasl_start() != SASL_OK)
608 return -1;
609
610 if (!conn->account.service)
611 {
612 mutt_error(_("Unknown SASL profile"));
613 return -1;
614 }
615
616 socklen_t size;
617
618 struct sockaddr_storage local = { 0 };
619 char iplocalport[IP_PORT_BUFLEN] = { 0 };
620 char *plp = NULL;
621 size = sizeof(local);
622 if (getsockname(conn->fd, (struct sockaddr *) &local, &size) == 0)
623 {
624 if (iptostring((struct sockaddr *) &local, size, iplocalport, IP_PORT_BUFLEN) == SASL_OK)
625 plp = iplocalport;
626 else
627 mutt_debug(LL_DEBUG2, "SASL failed to parse local IP address\n");
628 }
629 else
630 {
631 mutt_debug(LL_DEBUG2, "SASL failed to get local IP address\n");
632 }
633
634 struct sockaddr_storage remote = { 0 };
635 char ipremoteport[IP_PORT_BUFLEN] = { 0 };
636 char *prp = NULL;
637 size = sizeof(remote);
638 if (getpeername(conn->fd, (struct sockaddr *) &remote, &size) == 0)
639 {
640 if (iptostring((struct sockaddr *) &remote, size, ipremoteport, IP_PORT_BUFLEN) == SASL_OK)
641 prp = ipremoteport;
642 else
643 mutt_debug(LL_DEBUG2, "SASL failed to parse remote IP address\n");
644 }
645 else
646 {
647 mutt_debug(LL_DEBUG2, "SASL failed to get remote IP address\n");
648 }
649
650 mutt_debug(LL_DEBUG2, "SASL local ip: %s, remote ip:%s\n", NONULL(plp), NONULL(prp));
651
652 int rc = sasl_client_new(conn->account.service, conn->account.host, plp, prp,
653 mutt_sasl_get_callbacks(&conn->account), 0, saslconn);
654 if (rc != SASL_OK)
655 {
656 mutt_error(_("Error allocating SASL connection"));
657 return -1;
658 }
659
660 /* Work around a casting bug in the SASL krb4 module */
661 sasl_security_properties_t secprops = { 0 };
662 secprops.max_ssf = 0x7fff;
663 secprops.maxbufsize = MUTT_SASL_MAXBUF;
664 if (sasl_setprop(*saslconn, SASL_SEC_PROPS, &secprops) != SASL_OK)
665 {
666 mutt_error(_("Error setting SASL security properties"));
667 sasl_dispose(saslconn);
668 return -1;
669 }
670
671 if (conn->ssf != 0)
672 {
673 /* I'm not sure this actually has an effect, at least with SASLv2 */
674 mutt_debug(LL_DEBUG2, "External SSF: %d\n", conn->ssf);
675 if (sasl_setprop(*saslconn, SASL_SSF_EXTERNAL, &conn->ssf) != SASL_OK)
676 {
677 mutt_error(_("Error setting SASL external security strength"));
678 sasl_dispose(saslconn);
679 return -1;
680 }
681 }
682 if (conn->account.user[0])
683 {
684 mutt_debug(LL_DEBUG2, "External authentication name: %s\n", conn->account.user);
685 if (sasl_setprop(*saslconn, SASL_AUTH_EXTERNAL, conn->account.user) != SASL_OK)
686 {
687 mutt_error(_("Error setting SASL external user name"));
688 sasl_dispose(saslconn);
689 return -1;
690 }
691 }
692
693 return 0;
694}
#define mutt_error(...)
Definition: logging2.h:92
#define mutt_debug(LEVEL,...)
Definition: logging2.h:89
@ LL_DEBUG2
Log at debug level 2.
Definition: logging2.h:44
#define _(a)
Definition: message.h:28
#define MUTT_SASL_MAXBUF
Definition: sasl.c:117
#define IP_PORT_BUFLEN
Definition: sasl.c:122
static int mutt_sasl_start(void)
Initialise SASL library.
Definition: sasl.c:276
static sasl_callback_t * mutt_sasl_get_callbacks(struct ConnAccount *cac)
Get the SASL callback functions.
Definition: sasl.c:388
static int iptostring(const struct sockaddr *addr, socklen_t addrlen, char *out, unsigned int outlen)
Convert IP Address to string.
Definition: sasl.c:206
#define NONULL(x)
Definition: string2.h:37
char user[128]
Username.
Definition: connaccount.h:56
const char * service
Name of the service, e.g. "imap".
Definition: connaccount.h:61
char host[128]
Server to login to.
Definition: connaccount.h:54
unsigned int ssf
Security strength factor, in bits (see notes)
Definition: connection.h:51
struct ConnAccount account
Account details: username, password, etc.
Definition: connection.h:50
int fd
Socket file descriptor.
Definition: connection.h:54
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mutt_sasl_cleanup()

void mutt_sasl_cleanup ( void  )

Invoke when processing is complete.

This is a cleanup function, used to free all memory used by the library. Invoke when processing is complete.

Definition at line 785 of file sasl.c.

786{
787 /* As we never use the server-side, the silently ignore the return value */
788 sasl_client_done();
789}
+ Here is the caller graph for this function:

◆ mutt_sasl_interact()

int mutt_sasl_interact ( sasl_interact_t *  interaction)

Perform an SASL interaction with the user.

Parameters
interactionDetails of interaction
Return values
numSASL error code: SASL_OK or SASL_FAIL

An example interaction might be asking the user for a password.

Definition at line 703 of file sasl.c.

704{
705 int rc = SASL_OK;
706 char prompt[128] = { 0 };
707 struct Buffer *resp = buf_pool_get();
708
709 while (interaction->id != SASL_CB_LIST_END)
710 {
711 mutt_debug(LL_DEBUG2, "filling in SASL interaction %ld\n", interaction->id);
712
713 snprintf(prompt, sizeof(prompt), "%s: ", interaction->prompt);
714 buf_reset(resp);
715
716 if (OptNoCurses ||
717 (mw_get_field(prompt, resp, MUTT_COMP_NO_FLAGS, HC_OTHER, NULL, NULL) != 0))
718 {
719 rc = SASL_FAIL;
720 break;
721 }
722
723 interaction->len = buf_len(resp) + 1;
724 interaction->result = buf_strdup(resp);
725 interaction++;
726 }
727
728 buf_pool_release(&resp);
729 return rc;
730}
size_t buf_len(const struct Buffer *buf)
Calculate the length of a Buffer.
Definition: buffer.c:466
void buf_reset(struct Buffer *buf)
Reset an existing Buffer.
Definition: buffer.c:88
char * buf_strdup(const struct Buffer *buf)
Copy a Buffer's string.
Definition: buffer.c:542
bool OptNoCurses
(pseudo) when sending in batch mode
Definition: globals.c:79
int mw_get_field(const char *prompt, struct Buffer *buf, CompletionFlags complete, enum HistoryClass hclass, const struct CompleteOps *comp_api, void *cdata)
Ask the user for a string -.
Definition: window.c:275
@ HC_OTHER
Miscellaneous strings.
Definition: lib.h:54
#define MUTT_COMP_NO_FLAGS
No flags are set.
Definition: mutt.h:55
struct Buffer * buf_pool_get(void)
Get a Buffer from the pool.
Definition: pool.c:81
void buf_pool_release(struct Buffer **ptr)
Return a Buffer to the pool.
Definition: pool.c:94
String manipulation buffer.
Definition: buffer.h:34
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mutt_sasl_setup_conn()

void mutt_sasl_setup_conn ( struct Connection conn,
sasl_conn_t *  saslconn 
)

Set up an SASL connection.

Parameters
connConnection to a server
saslconnSASL connection

Replace connection methods, sockdata with SASL wrappers, for protection layers. Also get ssf, as a fastpath for the read/write methods.

Definition at line 740 of file sasl.c.

741{
742 struct SaslSockData *sasldata = mutt_mem_malloc(sizeof(struct SaslSockData));
743 /* work around sasl_getprop aliasing issues */
744 const void *tmp = NULL;
745
746 sasldata->saslconn = saslconn;
747 /* get ssf so we know whether we have to (en|de)code read/write */
748 sasl_getprop(saslconn, SASL_SSF, &tmp);
749 sasldata->ssf = tmp;
750 mutt_debug(LL_DEBUG3, "SASL protection strength: %u\n", *sasldata->ssf);
751 /* Add SASL SSF to transport SSF */
752 conn->ssf += *sasldata->ssf;
753 sasl_getprop(saslconn, SASL_MAXOUTBUF, &tmp);
754 sasldata->pbufsize = tmp;
755 mutt_debug(LL_DEBUG3, "SASL protection buffer size: %u\n", *sasldata->pbufsize);
756
757 /* clear input buffer */
758 sasldata->buf = NULL;
759 sasldata->bpos = 0;
760 sasldata->blen = 0;
761
762 /* preserve old functions */
763 sasldata->sockdata = conn->sockdata;
764 sasldata->open = conn->open;
765 sasldata->read = conn->read;
766 sasldata->write = conn->write;
767 sasldata->poll = conn->poll;
768 sasldata->close = conn->close;
769
770 /* and set up new functions */
771 conn->sockdata = sasldata;
777}
static int mutt_sasl_conn_close(struct Connection *conn)
Close SASL connection - Implements Connection::close() -.
Definition: sasl.c:442
int(* close)(struct Connection *conn)
Close a socket Connection - Implements Connection::close() -.
Definition: sasl.c:99
int(* open)(struct Connection *conn)
Open a socket Connection - Implements Connection::open() -.
Definition: sasl.c:79
static int mutt_sasl_conn_open(struct Connection *conn)
Empty wrapper for underlying open function - Implements Connection::open() -.
Definition: sasl.c:426
int(* poll)(struct Connection *conn, time_t wait_secs)
Check whether a socket read would block - Implements Connection::poll() -.
Definition: sasl.c:94
static int mutt_sasl_conn_poll(struct Connection *conn, time_t wait_secs)
Check an SASL connection for data - Implements Connection::poll() -.
Definition: sasl.c:583
static int mutt_sasl_conn_read(struct Connection *conn, char *buf, size_t count)
Read data from an SASL connection - Implements Connection::read() -.
Definition: sasl.c:467
int(* read)(struct Connection *conn, char *buf, size_t count)
Read from a socket Connection - Implements Connection::read() -.
Definition: sasl.c:84
static int mutt_sasl_conn_write(struct Connection *conn, const char *buf, size_t count)
Write to an SASL connection - Implements Connection::write() -.
Definition: sasl.c:533
int(* write)(struct Connection *conn, const char *buf, size_t count)
Write to a socket Connection - Implements Connection::write() -.
Definition: sasl.c:89
@ LL_DEBUG3
Log at debug level 3.
Definition: logging2.h:45
void * mutt_mem_malloc(size_t size)
Allocate memory on the heap.
Definition: memory.c:90
void * sockdata
Backend-specific socket data.
Definition: connection.h:56
int(* poll)(struct Connection *conn, time_t wait_secs)
Definition: connection.h:106
int(* write)(struct Connection *conn, const char *buf, size_t count)
Definition: connection.h:93
int(* close)(struct Connection *conn)
Definition: connection.h:117
int(* open)(struct Connection *conn)
Definition: connection.h:67
int(* read)(struct Connection *conn, char *buf, size_t count)
Definition: connection.h:80
SASL authentication API -.
Definition: sasl.c:64
void * sockdata
Underlying socket data.
Definition: sasl.c:74
unsigned int blen
Size of the read buffer.
Definition: sasl.c:71
unsigned int bpos
Current read position.
Definition: sasl.c:72
const sasl_ssf_t * ssf
Definition: sasl.c:66
const unsigned int * pbufsize
Definition: sasl.c:67
const char * buf
Buffer for data read from the connection.
Definition: sasl.c:70
sasl_conn_t * saslconn
Definition: sasl.c:65
+ Here is the call graph for this function:
+ Here is the caller graph for this function: