static bool parse_cram_response(struct cram_auth_request *request,
const unsigned char *data, size_t size,
const char **error_r)
{
size_t i, space;
*error_r = NULL;
/* <username> SPACE <response>. Username may contain spaces, so assume
the rightmost space is the response separator. */
for (i = space = 0; i < size; i++) {
if (data[i] == '\0') {
*error_r = "NULs in response";
return FALSE;
}
if (data[i] == ' ')
space = i;
}
if (space == 0) {
*error_r = "missing digest";
return FALSE;
}
request->username = p_strndup(request->pool, data, space);
space++;
request->response =
p_strndup(request->pool, data + space, size - space);
return TRUE;
}
static void managesieve_parser_save_arg(struct managesieve_parser *parser,
const unsigned char *data, size_t size)
{
struct managesieve_arg *arg;
char *str;
arg = managesieve_arg_create(parser);
switch (parser->cur_type) {
case ARG_PARSE_ATOM:
/* simply save the string */
arg->type = MANAGESIEVE_ARG_ATOM;
arg->_data.str = p_strndup(parser->pool, data, size);
arg->str_len = size;
break;
case ARG_PARSE_STRING:
/* data is quoted and may contain escapes. */
if ((parser->flags & MANAGESIEVE_PARSE_FLAG_STRING_STREAM) != 0) {
arg->type = MANAGESIEVE_ARG_STRING_STREAM;
arg->_data.str_stream = parser->str_stream;
} else {
i_assert(size > 0);
arg->type = MANAGESIEVE_ARG_STRING;
str = p_strndup(parser->pool, data+1, size-1);
/* remove the escapes */
if (parser->str_first_escape >= 0 &&
(parser->flags & MANAGESIEVE_PARSE_FLAG_NO_UNESCAPE) == 0) {
/* -1 because we skipped the '"' prefix */
str_unescape(str + parser->str_first_escape-1);
}
arg->_data.str = str;
arg->str_len = strlen(str);
}
break;
case ARG_PARSE_LITERAL_DATA:
if ((parser->flags & MANAGESIEVE_PARSE_FLAG_STRING_STREAM) != 0) {
arg->type = MANAGESIEVE_ARG_STRING_STREAM;
arg->_data.str_stream = parser->str_stream;
} else if ((parser->flags & MANAGESIEVE_PARSE_FLAG_LITERAL_TYPE) != 0) {
arg->type = MANAGESIEVE_ARG_LITERAL;
arg->_data.str = p_strndup(parser->pool, data, size);
arg->str_len = size;
} else {
arg->type = MANAGESIEVE_ARG_STRING;
arg->_data.str = p_strndup(parser->pool, data, size);
arg->str_len = size;
}
break;
default:
i_unreached();
}
parser->cur_type = ARG_PARSE_NONE;
}
static int
master_service_haproxy_parse_ssl_tlv(struct master_service_haproxy_conn *hpconn,
const struct haproxy_pp2_tlv_ssl *ssl_kv,
const char **error_r)
{
hpconn->conn.proxy.ssl = (ssl_kv->client & (PP2_CLIENT_SSL)) != 0;
/* try parse some more */
for(size_t i = 0; i < ssl_kv->len;) {
struct haproxy_pp2_tlv kv;
if (get_tlv(ssl_kv->data + i, ssl_kv->len - i, &kv) < 0) {
*error_r = t_strdup_printf("get_tlv(%"PRIuSIZE_T") failed:"
"Truncated data", i);
return -1;
}
i += SIZEOF_PP2_TLV + kv.len;
switch(kv.type) {
/* we don't care about these */
case PP2_SUBTYPE_SSL_CIPHER:
case PP2_SUBTYPE_SSL_SIG_ALG:
case PP2_SUBTYPE_SSL_KEY_ALG:
break;
case PP2_SUBTYPE_SSL_CN:
hpconn->conn.proxy.cert_common_name =
p_strndup(hpconn->pool, kv.data, kv.len);
break;
}
}
return 0;
}
static void
mech_plain_auth_continue(struct auth_request *request,
const unsigned char *data, size_t data_size)
{
const char *authid, *authenid, *error;
char *pass;
size_t i, len;
int count;
/* authorization ID \0 authentication ID \0 pass. */
authid = (const char *) data;
authenid = NULL; pass = NULL;
count = 0;
for (i = 0; i < data_size; i++) {
if (data[i] == '\0') {
if (++count == 1)
authenid = (const char *) data + i+1;
else {
i++;
len = data_size - i;
pass = p_strndup(unsafe_data_stack_pool,
data+i, len);
break;
}
}
}
if (authenid != NULL && strcmp(authid, authenid) == 0) {
/* the login username isn't different */
authid = "";
}
if (count != 2) {
/* invalid input */
auth_request_log_info(request, AUTH_SUBSYS_MECH, "invalid input");
auth_request_fail(request);
} else if (!auth_request_set_username(request, authenid, &error)) {
/* invalid username */
auth_request_log_info(request, AUTH_SUBSYS_MECH, "%s", error);
auth_request_fail(request);
} else if (*authid != '\0' &&
!auth_request_set_login_username(request, authid, &error)) {
/* invalid login username */
auth_request_log_info(request, AUTH_SUBSYS_MECH,
"login user: %s", error);
auth_request_fail(request);
} else {
auth_request_verify_plain(request, pass,
plain_verify_callback);
}
/* make sure it's cleared */
if (pass != NULL)
safe_memset(pass, 0, strlen(pass));
}
static void
mech_dovecot_token_auth_continue(struct auth_request *request,
const unsigned char *data, size_t data_size)
{
const char *session_id, *username, *pid, *service, *error;
char *auth_token;
size_t i, len;
int count;
/* service \0 pid \0 username \0 session_id \0 auth_token */
service = (const char *) data;
session_id = username = pid = auth_token = NULL;
count = 0;
for (i = 0; i < data_size; i++) {
if (data[i] == '\0') {
count++; i++;
if (count == 1)
pid = (const char *)data + i;
else if (count == 2)
username = (const char *)data + i;
else if (count == 3)
session_id = (const char *)data + i;
else {
len = data_size - i;
auth_token = p_strndup(unsafe_data_stack_pool,
data+i, len);
break;
}
}
}
if (count != 4) {
/* invalid input */
auth_request_log_info(request, AUTH_SUBSYS_MECH, "invalid input");
auth_request_fail(request);
} else if (!auth_request_set_username(request, username, &error)) {
/* invalid username */
auth_request_log_info(request, AUTH_SUBSYS_MECH, "%s", error);
auth_request_fail(request);
} else {
const char *valid_token =
auth_token_get(service, pid, request->user, session_id);
if (auth_token != NULL &&
strcmp(auth_token, valid_token) == 0) {
request->passdb_success = TRUE;
auth_request_success(request, NULL, 0);
} else {
auth_request_fail(request);
}
}
/* make sure it's cleared */
if (auth_token != NULL)
safe_memset(auth_token, 0, strlen(auth_token));
}
char *managesieve_quote(pool_t pool, const unsigned char *value, size_t value_len)
{
string_t *str;
char *ret;
if (value == NULL)
return "\"\"";
T_BEGIN {
str = t_str_new(value_len + MAX_INT_STRLEN + 5);
managesieve_quote_append(str, value, value_len, TRUE);
ret = p_strndup(pool, str_data(str), str_len(str));
} T_END;
return ret;
}
static int mailbox_list_index_parse_header(struct mailbox_list_index *ilist,
struct mail_index_view *view)
{
const void *data, *p;
size_t i, len, size;
uint32_t id, prev_id = 0;
char *name;
mail_index_map_get_header_ext(view, view->map, ilist->ext_id, &data, &size);
if (size == 0)
return 0;
for (i = sizeof(struct mailbox_list_index_header); i < size; ) {
/* get id */
if (i + sizeof(id) > size)
return -1;
memcpy(&id, CONST_PTR_OFFSET(data, i), sizeof(id));
i += sizeof(id);
if (id <= prev_id) {
/* allow extra space in the end as long as last id=0 */
return id == 0 ? 0 : -1;
}
/* get name */
p = memchr(CONST_PTR_OFFSET(data, i), '\0', size-i);
if (p == NULL)
return -1;
len = (const char *)p -
(const char *)(CONST_PTR_OFFSET(data, i));
name = p_strndup(ilist->mailbox_pool,
CONST_PTR_OFFSET(data, i), len);
i += len + 1;
/* add id => name to hash table */
hash_table_insert(ilist->mailbox_names, POINTER_CAST(id), name);
ilist->highest_name_id = id;
}
i_assert(i == size);
return 0;
}
static void
mech_anonymous_auth_continue(struct auth_request *request,
const unsigned char *data, size_t data_size)
{
i_assert(*request->set->anonymous_username != '\0');
if (request->set->verbose) {
/* temporarily set the user to the one that was given,
so that the log message goes right */
request->user =
p_strndup(pool_datastack_create(), data, data_size);
auth_request_log_info(request, AUTH_SUBSYS_MECH, "login");
}
request->user = p_strdup(request->pool,
request->set->anonymous_username);
request->passdb_success = TRUE;
auth_request_success(request, "", 0);
}
static int
master_service_haproxy_parse_tlv(struct master_service_haproxy_conn *hpconn,
const unsigned char *buf, size_t blen,
const char **error_r)
{
for(size_t i = 0; i < blen;) {
struct haproxy_pp2_tlv kv;
struct haproxy_pp2_tlv_ssl ssl_kv;
if (get_tlv(buf + i, blen - i, &kv) < 0) {
*error_r = t_strdup_printf("get_tlv(%"PRIuSIZE_T") failed:"
"Truncated data", i);
return -1;
}
/* skip unsupported values */
switch(kv.type) {
case PP2_TYPE_ALPN:
hpconn->conn.proxy.alpn_size = kv.len;
hpconn->conn.proxy.alpn =
p_memdup(hpconn->pool, kv.data, kv.len);
break;
case PP2_TYPE_AUTHORITY:
/* store hostname somewhere */
hpconn->conn.proxy.hostname =
p_strndup(hpconn->pool, kv.data, kv.len);
break;
case PP2_TYPE_SSL:
if (get_ssl_tlv(kv.data, kv.len, &ssl_kv) < 0) {
*error_r = t_strdup_printf("get_ssl_tlv(%"PRIuSIZE_T") failed:"
"Truncated data", i);
return -1;
}
if (master_service_haproxy_parse_ssl_tlv(hpconn, &ssl_kv, error_r)<0)
return -1;
break;
}
i += SIZEOF_PP2_TLV + kv.len;
}
return 0;
}
const char *managesieve_parser_read_word(struct managesieve_parser *parser)
{
const unsigned char *data;
size_t i, data_size;
data = i_stream_get_data(parser->input, &data_size);
for (i = 0; i < data_size; i++) {
if (data[i] == ' ' || data[i] == '\r' || data[i] == '\n')
break;
}
if (i < data_size) {
data_size = i + (data[i] == ' ' ? 1 : 0);
parser->line_size += data_size;
i_stream_skip(parser->input, data_size);
return p_strndup(parser->pool, data, i);
} else {
return NULL;
}
}
const char *t_strndup(const void *str, size_t max_chars)
{
i_assert(str != NULL);
return p_strndup(unsafe_data_stack_pool, str, max_chars);
}
const char *t_strndup(const void *str, size_t max_chars)
{
return p_strndup(unsafe_data_stack_pool, str, max_chars);
}
static void imap_parser_save_arg(struct imap_parser *parser,
const unsigned char *data, size_t size)
{
struct imap_arg *arg;
char *str;
arg = imap_arg_create(parser);
switch (parser->cur_type) {
case ARG_PARSE_ATOM:
case ARG_PARSE_TEXT:
if (size == 3 && i_memcasecmp(data, "NIL", 3) == 0) {
/* NIL argument. it might be an actual NIL, but if
we're reading astring, it's an atom and we can't
lose its case. */
arg->type = IMAP_ARG_NIL;
} else {
/* simply save the string */
arg->type = IMAP_ARG_ATOM;
}
arg->_data.str = imap_parser_strdup(parser, data, size);
arg->str_len = size;
break;
case ARG_PARSE_STRING:
/* data is quoted and may contain escapes. */
i_assert(size > 0);
arg->type = IMAP_ARG_STRING;
str = p_strndup(parser->pool, data+1, size-1);
/* remove the escapes */
if (parser->str_first_escape >= 0 &&
(parser->flags & IMAP_PARSE_FLAG_NO_UNESCAPE) == 0) {
/* -1 because we skipped the '"' prefix */
(void)str_unescape(str + parser->str_first_escape-1);
}
arg->_data.str = str;
arg->str_len = strlen(str);
break;
case ARG_PARSE_LITERAL_DATA:
if ((parser->flags & IMAP_PARSE_FLAG_LITERAL_SIZE) != 0) {
/* save literal size */
arg->type = parser->literal_nonsync ?
IMAP_ARG_LITERAL_SIZE_NONSYNC :
IMAP_ARG_LITERAL_SIZE;
arg->_data.literal_size = parser->literal_size;
arg->literal8 = parser->literal8;
break;
}
/* fall through */
case ARG_PARSE_LITERAL_DATA_FORCED:
if ((parser->flags & IMAP_PARSE_FLAG_LITERAL_TYPE) != 0)
arg->type = IMAP_ARG_LITERAL;
else
arg->type = IMAP_ARG_STRING;
arg->_data.str = imap_parser_strdup(parser, data, size);
arg->literal8 = parser->literal8;
arg->str_len = size;
break;
default:
i_unreached();
}
parser->cur_type = ARG_PARSE_NONE;
}
char *i_strndup(const void *str, size_t max_chars)
{
return p_strndup(default_pool, str, max_chars);
}
