int mailpop3_auth(mailpop3 * f, const char * auth_type,
const char * server_fqdn,
const char * local_ip_port,
const char * remote_ip_port,
const char * login, const char * auth_name,
const char * password, const char * realm)
{
#ifdef USE_SASL
int r;
char command[POP3_STRING_SIZE];
sasl_callback_t sasl_callback[5];
const char * sasl_out;
unsigned sasl_out_len;
const char * mechusing;
sasl_secret_t * secret;
int res;
size_t len;
char * encoded;
unsigned int encoded_len;
unsigned int max_encoded;
sasl_callback[0].id = SASL_CB_GETREALM;
sasl_callback[0].proc = sasl_getrealm;
sasl_callback[0].context = f;
sasl_callback[1].id = SASL_CB_USER;
sasl_callback[1].proc = sasl_getsimple;
sasl_callback[1].context = f;
sasl_callback[2].id = SASL_CB_AUTHNAME;
sasl_callback[2].proc = sasl_getsimple;
sasl_callback[2].context = f;
sasl_callback[3].id = SASL_CB_PASS;
sasl_callback[3].proc = sasl_getsecret;
sasl_callback[3].context = f;
sasl_callback[4].id = SASL_CB_LIST_END;
sasl_callback[4].proc = NULL;
sasl_callback[4].context = NULL;
len = strlen(password);
secret = malloc(sizeof(* secret) + len);
if (secret == NULL) {
res = MAILPOP3_ERROR_MEMORY;
goto err;
}
secret->len = len;
memcpy(secret->data, password, len + 1);
f->pop3_sasl.sasl_server_fqdn = server_fqdn;
f->pop3_sasl.sasl_login = login;
f->pop3_sasl.sasl_auth_name = auth_name;
f->pop3_sasl.sasl_password = password;
f->pop3_sasl.sasl_realm = realm;
f->pop3_sasl.sasl_secret = secret;
/* init SASL */
if (f->pop3_sasl.sasl_conn != NULL) {
sasl_dispose((sasl_conn_t **) &f->pop3_sasl.sasl_conn);
f->pop3_sasl.sasl_conn = NULL;
}
else {
mailsasl_ref();
}
r = sasl_client_new("pop", server_fqdn,
local_ip_port, remote_ip_port, sasl_callback, 0,
(sasl_conn_t **) &f->pop3_sasl.sasl_conn);
if (r != SASL_OK) {
res = MAILPOP3_ERROR_BAD_USER;
goto free_secret;
}
r = sasl_client_start(f->pop3_sasl.sasl_conn,
auth_type, NULL, &sasl_out, &sasl_out_len, &mechusing);
if ((r != SASL_CONTINUE) && (r != SASL_OK)) {
res = MAILPOP3_ERROR_BAD_USER;
goto free_sasl_conn;
}
snprintf(command, POP3_STRING_SIZE, "AUTH %s\r\n", auth_type);
r = send_command(f, command);
if (r == -1) {
res = MAILPOP3_ERROR_STREAM;
goto free_sasl_conn;
}
while (1) {
char * response;
response = read_line(f);
r = parse_auth(f, response);
switch (r) {
case RESPONSE_OK:
f->pop3_state = POP3_STATE_TRANSACTION;
res = MAILPOP3_NO_ERROR;
goto free_sasl_conn;
case RESPONSE_ERR:
res = MAILPOP3_ERROR_BAD_USER;
goto free_sasl_conn;
case RESPONSE_AUTH_CONT:
{
size_t response_len;
char * decoded;
unsigned int decoded_len;
unsigned int max_decoded;
int got_response;
got_response = 1;
if (* f->pop3_response == '\0')
got_response = 0;
if (got_response) {
char * p;
p = strchr(f->pop3_response, '\r');
if (p != NULL) {
* p = '\0';
}
p = strchr(f->pop3_response, '\n');
if (p != NULL) {
* p = '\0';
}
response_len = strlen(f->pop3_response);
max_decoded = response_len * 3 / 4;
decoded = malloc(max_decoded + 1);
if (decoded == NULL) {
res = MAILPOP3_ERROR_MEMORY;
goto free_sasl_conn;
}
r = sasl_decode64(f->pop3_response, response_len,
decoded, max_decoded + 1, &decoded_len);
if (r != SASL_OK) {
free(decoded);
res = MAILPOP3_ERROR_MEMORY;
goto free_sasl_conn;
}
r = sasl_client_step(f->pop3_sasl.sasl_conn,
decoded, decoded_len, NULL, &sasl_out, &sasl_out_len);
free(decoded);
if ((r != SASL_CONTINUE) && (r != SASL_OK)) {
res = MAILPOP3_ERROR_BAD_USER;
goto free_sasl_conn;
}
}
max_encoded = ((sasl_out_len + 2) / 3) * 4;
encoded = malloc(max_encoded + 1);
if (encoded == NULL) {
res = MAILPOP3_ERROR_MEMORY;
goto free_sasl_conn;
}
r = sasl_encode64(sasl_out, sasl_out_len,
encoded, max_encoded + 1, &encoded_len);
if (r != SASL_OK) {
free(encoded);
res = MAILPOP3_ERROR_MEMORY;
goto free_sasl_conn;
}
snprintf(command, POP3_STRING_SIZE, "%s\r\n", encoded);
r = send_command(f, command);
free(encoded);
if (r == -1) {
res = MAILPOP3_ERROR_STREAM;
goto free_sasl_conn;
}
}
break;
}
}
f->pop3_state = POP3_STATE_TRANSACTION;
res = MAILPOP3_NO_ERROR;
free_sasl_conn:
sasl_dispose((sasl_conn_t **) &f->pop3_sasl.sasl_conn);
f->pop3_sasl.sasl_conn = NULL;
mailsasl_unref();
free_secret:
free(f->pop3_sasl.sasl_secret);
f->pop3_sasl.sasl_secret = NULL;
err:
return res;
#else
return MAILPOP3_ERROR_BAD_USER;
#endif
}
int mailesmtp_auth_sasl(mailsmtp * session, const char * auth_type,
const char * server_fqdn,
const char * local_ip_port,
const char * remote_ip_port,
const char * login, const char * auth_name,
const char * password, const char * realm)
{
#ifdef USE_SASL
int r;
char command[SMTP_STRING_SIZE];
sasl_callback_t sasl_callback[5];
const char * sasl_out;
unsigned sasl_out_len;
const char * mechusing;
sasl_secret_t * secret;
int res;
size_t len;
char * encoded;
unsigned int encoded_len;
unsigned int max_encoded;
sasl_callback[0].id = SASL_CB_GETREALM;
sasl_callback[0].proc = (int (*)(void)) sasl_getrealm;
sasl_callback[0].context = session;
sasl_callback[1].id = SASL_CB_USER;
sasl_callback[1].proc = (int (*)(void)) sasl_getsimple;
sasl_callback[1].context = session;
sasl_callback[2].id = SASL_CB_AUTHNAME;
sasl_callback[2].proc = (int (*)(void)) sasl_getsimple;
sasl_callback[2].context = session;
sasl_callback[3].id = SASL_CB_PASS;
sasl_callback[3].proc = (int (*)(void)) sasl_getsecret;
sasl_callback[3].context = session;
sasl_callback[4].id = SASL_CB_LIST_END;
sasl_callback[4].proc = NULL;
sasl_callback[4].context = NULL;
len = strlen(password);
secret = malloc(sizeof(* secret) + len);
if (secret == NULL) {
res = MAILSMTP_ERROR_MEMORY;
goto err;
}
secret->len = len;
memcpy(secret->data, password, len + 1);
session->smtp_sasl.sasl_server_fqdn = server_fqdn;
session->smtp_sasl.sasl_login = login;
session->smtp_sasl.sasl_auth_name = auth_name;
session->smtp_sasl.sasl_password = password;
session->smtp_sasl.sasl_realm = realm;
session->smtp_sasl.sasl_secret = secret;
/* init SASL */
if (session->smtp_sasl.sasl_conn != NULL) {
sasl_dispose((sasl_conn_t **) &session->smtp_sasl.sasl_conn);
session->smtp_sasl.sasl_conn = NULL;
}
else {
mailsasl_ref();
}
r = sasl_client_new("smtp", server_fqdn,
local_ip_port, remote_ip_port, sasl_callback, 0,
(sasl_conn_t **) &session->smtp_sasl.sasl_conn);
if (r != SASL_OK) {
res = MAILSMTP_ERROR_AUTH_LOGIN;
goto free_secret;
}
r = sasl_client_start(session->smtp_sasl.sasl_conn,
auth_type, NULL, &sasl_out, &sasl_out_len, &mechusing);
if ((r != SASL_CONTINUE) && (r != SASL_OK)) {
res = MAILSMTP_ERROR_AUTH_LOGIN;
goto free_sasl_conn;
}
if (sasl_out_len != 0) {
max_encoded = ((sasl_out_len + 2) / 3) * 4;
encoded = malloc(max_encoded + 1);
if (encoded == NULL) {
res = MAILSMTP_ERROR_MEMORY;
goto free_sasl_conn;
}
r = sasl_encode64(sasl_out, sasl_out_len,
encoded, max_encoded + 1, &encoded_len);
if (r != SASL_OK) {
free(encoded);
res = MAILSMTP_ERROR_MEMORY;
goto free_sasl_conn;
}
snprintf(command, SMTP_STRING_SIZE, "AUTH %s %s\r\n", auth_type, encoded);
free(encoded);
}
else {
snprintf(command, SMTP_STRING_SIZE, "AUTH %s\r\n", auth_type);
}
r = send_command_private(session, command, 0);
if (r == -1) {
res = MAILSMTP_ERROR_STREAM;
goto free_sasl_conn;
}
while (1) {
r = read_response(session);
switch (r) {
case 220:
case 235:
res = MAILSMTP_NO_ERROR;
goto free_sasl_conn;
case 535:
res = MAILSMTP_ERROR_AUTH_LOGIN;
goto free_sasl_conn;
case 553:
case 554:
res = MAILSMTP_ERROR_AUTH_AUTHENTICATION_FAILED;
goto free_sasl_conn;
case 334:
{
size_t response_len;
char * decoded;
unsigned int decoded_len;
unsigned int max_decoded;
char * p;
p = strchr(session->response, '\r');
if (p != NULL) {
* p = '\0';
}
p = strchr(session->response, '\n');
if (p != NULL) {
* p = '\0';
}
response_len = strlen(session->response);
max_decoded = response_len * 3 / 4;
decoded = malloc(max_decoded + 1);
if (decoded == NULL) {
res = MAILSMTP_ERROR_MEMORY;
goto free_sasl_conn;
}
r = sasl_decode64(session->response, response_len,
decoded, max_decoded + 1, &decoded_len);
if (r != SASL_OK) {
free(decoded);
res = MAILSMTP_ERROR_MEMORY;
goto free_sasl_conn;
}
r = sasl_client_step(session->smtp_sasl.sasl_conn,
decoded, decoded_len, NULL, &sasl_out, &sasl_out_len);
free(decoded);
if ((r != SASL_CONTINUE) && (r != SASL_OK)) {
res = MAILSMTP_ERROR_AUTH_LOGIN;
goto free_sasl_conn;
}
max_encoded = ((sasl_out_len + 2) / 3) * 4;
encoded = malloc(max_encoded + 1);
if (encoded == NULL) {
res = MAILSMTP_ERROR_MEMORY;
goto free_sasl_conn;
}
r = sasl_encode64(sasl_out, sasl_out_len,
encoded, max_encoded + 1, &encoded_len);
if (r != SASL_OK) {
free(encoded);
res = MAILSMTP_ERROR_MEMORY;
goto free_sasl_conn;
}
snprintf(command, SMTP_STRING_SIZE, "%s\r\n", encoded);
r = send_command(session, command);
free(encoded);
if (r == -1) {
res = MAILSMTP_ERROR_STREAM;
goto free_sasl_conn;
}
}
break;
default:
res = auth_map_errors(r);
goto free_sasl_conn;
}
}
res = MAILSMTP_NO_ERROR;
free_sasl_conn:
sasl_dispose((sasl_conn_t **) &session->smtp_sasl.sasl_conn);
session->smtp_sasl.sasl_conn = NULL;
mailsasl_unref();
free_secret:
free(session->smtp_sasl.sasl_secret);
session->smtp_sasl.sasl_secret = NULL;
err:
return res;
#else
return MAILSMTP_ERROR_NOT_IMPLEMENTED;
#endif
}