static gboolean Request_user_auth(T R, char *token)
{
gboolean r = FALSE;
gchar **array;
array = g_strsplit(token, ":", 2);
if (array[0] && array[1]) {
uint64_t user_id = 0;
const gchar *username, *password;
username = array[0];
password = array[1];
if (auth_validate(NULL, username, password, &user_id) > 0) {
R->user_id = user_id;
r = TRUE;
}
}
g_strfreev(array);
return r;
}
int tims(ClientSession_t *session)
{
/* returns values:
* 0 to quit
* -1 on failure
* 1 on success */
char *arg;
size_t scriptlen = 0;
int ret;
char *script = NULL, *scriptname = NULL;
sort_result_t *sort_result = NULL;
clientbase_t *ci = session->ci;
TRACE(TRACE_DEBUG,"[%p] [%d][%s]", session, session->command_type, commands[session->command_type]);
switch (session->command_type) {
case TIMS_LOUT:
ci_write(ci, "OK \"Bye.\"\r\n");
session->state = QUIT;
return 1;
case TIMS_STLS:
ci_write(ci, "NO\r\n");
return 1;
case TIMS_CAPA:
send_greeting(session);
return 1;
case TIMS_AUTH:
/* We currently only support plain authentication,
* which means that the command we accept will look
* like this: Authenticate "PLAIN" "base64-password"
* */
session->args = g_list_first(session->args);
if (! (session->args && session->args->data))
return 1;
arg = (char *)session->args->data;
if (strcasecmp(arg, "PLAIN") == 0) {
int i = 0;
u64_t useridnr;
if (! g_list_next(session->args))
return tims_error(session, "NO \"Missing argument.\"\r\n");
session->args = g_list_next(session->args);
arg = (char *)session->args->data;
char **tmp64 = NULL;
tmp64 = base64_decodev(arg);
if (tmp64 == NULL)
return tims_error(session, "NO \"SASL decode error.\"\r\n");
for (i = 0; tmp64[i] != NULL; i++)
;
if (i < 3)
tims_error(session, "NO \"Too few encoded SASL arguments.\"\r\n");
/* The protocol specifies that the base64 encoding
* be made up of three parts: proxy, username, password
* Between them are NULLs, which are conveniently encoded
* by the base64 process... */
if (auth_validate(ci, tmp64[1], tmp64[2], &useridnr) == 1) {
ci_authlog_init(ci, THIS_MODULE, tmp64[1], AUTHLOG_ACT);
ci_write(ci, "OK\r\n");
session->state = AUTH;
session->useridnr = useridnr;
session->username = g_strdup(tmp64[1]);
session->password = g_strdup(tmp64[2]);
client_session_set_timeout(session, server_conf->timeout);
} else {
ci_authlog_init(ci, THIS_MODULE, tmp64[1], AUTHLOG_ERR);
g_strfreev(tmp64);
return tims_error(session, "NO \"Username or password incorrect.\"\r\n");
}
g_strfreev(tmp64);
} else
return tims_error(session, "NO \"Authentication scheme not supported.\"\r\n");
return 1;
case TIMS_PUTS:
if (session->state != AUTH) {
ci_write(ci, "NO \"Please authenticate first.\"\r\n");
break;
}
session->args = g_list_first(session->args);
if (! (session->args && session->args->data))
return 1;
scriptname = (char *)session->args->data;
session->args = g_list_next(session->args);
assert(session->args);
script = (char *)session->args->data;
scriptlen = strlen(script);
TRACE(TRACE_INFO, "Client sending script of length [%ld]", scriptlen);
if (scriptlen >= UINT_MAX)
return tims_error(session, "NO \"Invalid script length.\"\r\n");
if (dm_sievescript_quota_check(session->useridnr, scriptlen))
return tims_error(session, "NO \"Script exceeds available space.\"\r\n");
/* Store the script temporarily,
* validate it, then rename it. */
if (dm_sievescript_add(session->useridnr, "@!temp-script!@", script)) {
dm_sievescript_delete(session->useridnr, "@!temp-script!@");
return tims_error(session, "NO \"Error inserting script.\"\r\n");
}
sort_result = sort_validate(session->useridnr, "@!temp-script!@");
if (sort_result == NULL) {
dm_sievescript_delete(session->useridnr, "@!temp-script!@");
return tims_error(session, "NO \"Error inserting script.\"\r\n");
} else if (sort_get_error(sort_result) > 0) {
dm_sievescript_delete(session->useridnr, "@!temp-script!@");
return tims_error(session, "NO \"Script error: %s.\"\r\n", sort_get_errormsg(sort_result));
}
/* According to the draft RFC, a script with the same
* name as an existing script should [atomically] replace it. */
if (dm_sievescript_rename(session->useridnr, "@!temp-script!@", scriptname))
return tims_error(session, "NO \"Error inserting script.\"\r\n");
ci_write(ci, "OK \"Script successfully received.\"\r\n");
break;
case TIMS_SETS:
if (session->state != AUTH) {
ci_write(ci, "NO \"Please authenticate first.\"\r\n");
break;
}
scriptname = NULL;
session->args = g_list_first(session->args);
if ((session->args && session->args->data))
scriptname = (char *)session->args->data;
if (strlen(scriptname)) {
if (! dm_sievescript_activate(session->useridnr, scriptname))
ci_write(ci, "NO \"Error activating script.\"\r\n");
else
ci_write(ci, "OK \"Script activated.\"\r\n");
} else {
ret = dm_sievescript_get(session->useridnr, &scriptname);
if (scriptname == NULL) {
ci_write(ci, "OK \"No scripts are active at this time.\"\r\n");
} else {
if (! dm_sievescript_deactivate(session->useridnr, scriptname))
ci_write(ci, "NO \"Error deactivating script.\"\r\n");
else
ci_write(ci, "OK \"All scripts deactivated.\"\r\n");
g_free(scriptname);
}
}
return 1;
case TIMS_GETS:
if (session->state != AUTH) {
ci_write(ci, "NO \"Please authenticate first.\"\r\n");
break;
}
session->args = g_list_first(session->args);
if (! (session->args && session->args->data))
return 1;
scriptname = (char *)session->args->data;
if (! strlen(scriptname))
return tims_error(session, "NO \"Script name required.\"\r\n");
ret = dm_sievescript_getbyname(session->useridnr, scriptname, &script);
if (script == NULL) {
return tims_error(session, "NO \"Script not found.\"\r\n");
} else if (ret < 0) {
g_free(script);
return tims_error(session, "NO \"Internal error.\"\r\n");
} else {
ci_write(ci, "{%u+}\r\n", (unsigned int)strlen(script));
ci_write(ci, "%s\r\n", script);
ci_write(ci, "OK\r\n");
g_free(script);
}
return 1;
case TIMS_DELS:
if (session->state != AUTH) {
ci_write(ci, "NO \"Please authenticate first.\"\r\n");
break;
}
session->args = g_list_first(session->args);
if (! (session->args && session->args->data))
return 1;
scriptname = (char *)session->args->data;
if (! strlen(scriptname))
return tims_error(session, "NO \"Script name required.\"\r\n");
if (! dm_sievescript_delete(session->useridnr, scriptname))
return tims_error(session, "NO \"Error deleting script.\"\r\n");
else
ci_write(ci, "OK \"Script deleted.\"\r\n", scriptname);
return 1;
case TIMS_SPAC:
if (session->state != AUTH) {
ci_write(ci, "NO \"Please authenticate first.\"\r\n");
break;
}
// Command is in format: HAVESPACE "scriptname" 12345
// TODO: this is a fake
if (dm_sievescript_quota_check(session->useridnr, 12345) == DM_SUCCESS)
ci_write(ci, "OK (QUOTA)\r\n");
else
ci_write(ci, "NO (QUOTA) \"Quota exceeded\"\r\n");
return 1;
case TIMS_LIST:
if (session->state != AUTH) {
ci_write(ci, "NO \"Please authenticate first.\"\r\n");
break;
}
GList *scriptlist = NULL;
if (dm_sievescript_list (session->useridnr, &scriptlist) < 0) {
ci_write(ci, "NO \"Internal error.\"\r\n");
} else {
if (g_list_length(scriptlist) == 0) {
/* The command hasn't failed, but there aren't any scripts */
ci_write(ci, "OK \"No scripts found.\"\r\n");
} else {
scriptlist = g_list_first(scriptlist);
while (scriptlist) {
sievescript_info_t *info = (sievescript_info_t *) scriptlist->data;
ci_write(ci, "\"%s\"%s\r\n", info->name, (info-> active == 1 ? " ACTIVE" : ""));
if (! g_list_next(scriptlist)) break;
scriptlist = g_list_next(scriptlist);
}
ci_write(ci, "OK\r\n");
}
g_list_destroy(scriptlist);
}
return 1;
default:
return tims_error(session, "NO \"What are you trying to say here?\"\r\n");
}
if (sort_result)
sort_free_result(sort_result);
return 1;
}
if (login_disabled && ! session->ci->sock->ssl_state)
return pop3_error(session, "-ERR try STLS\r\n");
if (session->password != NULL) {
g_free(session->password);
session->password = NULL;
}
if (session->password == NULL) {
/* create memspace for password */
session->password = g_new0(char,strlen(value) + 1);
strncpy(session->password, value, strlen(value) + 1);
}
/* check in authorization layer if these credentials are correct */
validate_result = auth_validate(ci, (const char *)session->username, (const char *)session->password, &result);
switch (validate_result) {
case -1:
session->SessionResult = 3;
return -1;
case 0:
ci_authlog_init(ci, THIS_MODULE, (const char *)session->username, AUTHLOG_ERR);
TRACE(TRACE_ERR, "user [%s] coming from [%s] tried to login with wrong password",
session->username, ci->src_ip);
g_free(session->username);
session->username = NULL;
g_free(session->password);
session->password = NULL;
