//
// log in to IMAP4 server, select mailbox, no SSL at the moment
//
static char*
imap4login(Imap *imap)
{
char *s;
UserPasswd *up;
imap->tag = 0;
s = imap4resp(imap);
if(!isokay(s))
return "error in initial IMAP handshake";
if(imap->user != nil)
up = auth_getuserpasswd(auth_getkey, "proto=pass service=imap server=%q user=%q", imap->host, imap->user);
else
up = auth_getuserpasswd(auth_getkey, "proto=pass service=imap server=%q", imap->host);
if(up == nil)
return "cannot find IMAP password";
imap->tag = 1;
imap4cmd(imap, "LOGIN %Z %Z", up->user, up->passwd);
free(up);
if(!isokay(s = imap4resp(imap)))
return s;
imap4cmd(imap, "SELECT %Z", imap->mbox);
if(!isokay(s = imap4resp(imap)))
return s;
return nil;
}
static char *
doauth(char *methods)
{
char *buf, *err;
UserPasswd *p;
int n;
DS ds;
dial_string_parse(ddomain, &ds);
if(user != nil)
p = auth_getuserpasswd(nil,
"proto=pass service=smtp server=%q user=%q", ds.host, user);
else
p = auth_getuserpasswd(nil,
"proto=pass service=smtp server=%q", ds.host);
if (p == nil)
return Giveup;
err = Retry;
if (strstr(methods, "LOGIN")){
dBprint("AUTH LOGIN\r\n");
if (getreply() != 3)
goto out;
dBprint("%.*[\r\n", strlen(p->user), p->user);
if (getreply() != 3)
goto out;
dBprint("%.*[\r\n", strlen(p->passwd), p->passwd);
if (getreply() != 2)
goto out;
err = nil;
}
else
if (strstr(methods, "PLAIN")){
n = strlen(p->user) + strlen(p->passwd) + 2;
buf = malloc(n+1);
if (buf == nil) {
free(buf);
goto out; /* Out of memory */
}
snprint(buf, n, "%c%s%c%s", 0, p->user, 0, p->passwd);
dBprint("AUTH PLAIN %.*[\r\n", n, buf);
memset(buf, 0, n);
free(buf);
if (getreply() != 2)
goto out;
err = nil;
} else
err = "No supported AUTH method";
out:
memset(p->user, 0, strlen(p->user));
memset(p->passwd, 0, strlen(p->passwd));
free(p);
return err;
}
static int
authpasswordfn(Conn *c)
{
Msg *m;
UserPasswd *up;
up = auth_getuserpasswd(c->interactive ? auth_getkey : nil, "proto=pass service=ssh server=%q user=%q", c->host, c->user);
if(up == nil){
debug(DBG_AUTH, "getuserpasswd returned nothing (interactive=%d)\n", c->interactive);
return -1;
}
debug(DBG_AUTH, "try using password from factotum\n");
m = allocmsg(c, SSH_CMSG_AUTH_PASSWORD, 4+strlen(up->passwd));
putstring(m, up->passwd);
sendmsg(m);
m = recvmsg(c, -1);
switch(m->type){
default:
badmsg(m, 0);
case SSH_SMSG_SUCCESS:
free(m);
return 0;
case SSH_SMSG_FAILURE:
free(m);
return -1;
}
}
static Auth *
auth_plain(char *windom, char *keyp, uchar *chal, int len)
{
UserPasswd *up;
static Auth *ap;
USED(chal, len);
up = auth_getuserpasswd(auth_getkey, "windom=%s proto=pass service=cifs %s",
windom, keyp);
if(! up)
sysfatal("cannot get key - %r");
ap = emalloc9p(sizeof(Auth));
memset(ap, 0, sizeof(ap));
ap->user = estrdup9p(up->user);
ap->windom = estrdup9p(windom);
ap->resp[0] = estrdup9p(up->passwd);
ap->len[0] = strlen(up->passwd);
memset(up->passwd, 0, strlen(up->passwd));
free(up);
return ap;
}
void
initauth()
{
UserPasswd *up;
up = auth_getuserpasswd(auth_getkey, "proto=pass service=http server=%q realm=%q", TWITTER_SERVER, TWITTER_REALM);
if(up == nil)
sysfatal("auth_getuserpasswd: %r");
}
void
wwwauthenticate(HttpState *hs, char *line)
{
char cred[64], *user, *pass, *realm, *s, *spec, *name;
Fmt fmt;
UserPasswd *up;
spec = nil;
up = nil;
cred[0] = 0;
hs->autherror[0] = 0;
if(cistrncmp(line, "basic ", 6) != 0){
werrstr("unknown auth: %s", line);
goto error;
}
line += 6;
if(cistrncmp(line, "realm=", 6) != 0){
werrstr("missing realm: %s", line);
goto error;
}
line += 6;
user = hs->c->url->user;
pass = hs->c->url->passwd;
if(user==nil || pass==nil){
realm = unquote(line, &line);
fmtstrinit(&fmt);
name = servername(hs->netaddr);
fmtprint(&fmt, "proto=pass service=http server=%q realm=%q", name, realm);
free(name);
if(hs->c->url->user)
fmtprint(&fmt, " user=%q", hs->c->url->user);
spec = fmtstrflush(&fmt);
if(spec == nil)
goto error;
if((up = auth_getuserpasswd(nil, "%s", spec)) == nil)
goto error;
user = up->user;
pass = up->passwd;
}
if((s = smprint("%s:%s", user, pass)) == nil)
goto error;
free(up);
enc64(cred, sizeof(cred), (uint8_t*)s, strlen(s));
memset(s, 0, strlen(s));
free(s);
hs->credentials = smprint("Basic %s", cred);
if(hs->credentials == nil)
goto error;
return;
error:
free(up);
free(spec);
snprint(hs->autherror, sizeof hs->autherror, "%r");
fprint(2, "%s: Authentication failed: %r\n", argv0);
}
/*
* login to remote system
*/
void
rlogin(char *rsys, char *keyspec)
{
char *line;
char pass[128];
UserPasswd *up;
up = nil;
for(;;){
if(up == nil && os != Plan9)
up = auth_getuserpasswd(auth_getkey, "proto=pass server=%s service=ftp %s", rsys, keyspec);
if(up != nil){
sendrequest("USER", up->user);
} else {
print("User[default = %s]: ", user);
line = Brdline(&stdin, '\n');
if(line == 0)
exits(0);
line[Blinelen(&stdin)-1] = 0;
if(*line){
free(user);
user = strdup(line);
}
sendrequest("USER", user);
}
switch(getreply(&ctlin, msg, sizeof(msg), 1)){
case Success:
goto out;
case Incomplete:
break;
case TempFail:
case PermFail:
continue;
}
if(up != nil){
sendrequest("PASS", up->passwd);
} else {
if(getpassword(pass, pass+sizeof(pass)) < 0)
exits(0);
sendrequest("PASS", pass);
}
if(getreply(&ctlin, msg, sizeof(msg), 1) == Success){
if(strstr(msg, "Sess#"))
defos = MVS;
break;
}
}
out:
if(up != nil){
memset(up, 0, sizeof(*up));
free(up);
}
}
void
main(int argc, char **argv)
{
int auth, x;
char *mtpt, *service, *where, *user;
Netbuf n;
UserPasswd *up;
mtpt = "/mnt/news";
service = nil;
memset(&n, 0, sizeof n);
user = nil;
auth = 0;
ARGBEGIN{
case 'D':
chatty9p++;
break;
case 'N':
netdebug = 1;
break;
case 'a':
auth = 1;
break;
case 'u':
user = EARGF(usage());
break;
case 's':
service = EARGF(usage());
break;
case 'm':
mtpt = EARGF(usage());
break;
default:
usage();
}ARGEND
if(argc > 1)
usage();
if(argc==0)
where = "$nntp";
else
where = argv[0];
now = time(0);
net = &n;
if(auth) {
n.auth = 1;
if(user)
up = auth_getuserpasswd(auth_getkey, "proto=pass service=nntp server=%q user=%q", where, user);
else
up = auth_getuserpasswd(auth_getkey, "proto=pass service=nntp server=%q", where);
if(up == nil)
sysfatal("no password: %r");
n.user = up->user;
n.pass = up->passwd;
}
n.addr = netmkaddr(where, "tcp", "nntp");
root = emalloc(sizeof *root);
root->name = estrdup("");
root->parent = root;
n.fd = -1;
if(nntpconnect(&n) < 0)
sysfatal("nntpconnect: %s", n.response);
x=netdebug;
netdebug=0;
nntprefreshall(&n);
netdebug=x;
// dumpgroups(root, 0);
postmountsrv(&nntpsrv, service, mtpt, MREPL);
exits(nil);
}
//
// log in using APOP if possible, password if allowed by user
//
static char*
pop3login(Pop *pop)
{
int n;
char *s, *p, *q;
char ubuf[128], user[128];
char buf[500];
UserPasswd *up;
s = pop3resp(pop);
if(!isokay(s))
return "error in initial handshake";
if(pop->user)
snprint(ubuf, sizeof ubuf, " user=%q", pop->user);
else
ubuf[0] = '\0';
// look for apop banner
if(pop->ppop==0 && (p = strchr(s, '<')) && (q = strchr(p+1, '>'))) {
*++q = '\0';
if((n=auth_respond(p, q-p, user, sizeof user, buf, sizeof buf, auth_getkey, "proto=apop role=client server=%q%s",
pop->host, ubuf)) < 0)
return "factotum failed";
if(user[0]=='\0')
return "factotum did not return a user name";
if(s = pop3capa(pop))
return s;
pop3cmd(pop, "APOP %s %.*s", user, n, buf);
if(!isokay(s = pop3resp(pop)))
return s;
return nil;
} else {
if(pop->ppop == 0)
return "no APOP hdr from server";
if(s = pop3capa(pop))
return s;
if(pop->needtls && !pop->encrypted)
return "could not negotiate TLS";
up = auth_getuserpasswd(auth_getkey, "proto=pass service=pop dom=%q%s",
pop->host, ubuf);
if(up == nil)
return "no usable keys found";
pop3cmd(pop, "USER %s", up->user);
if(!isokay(s = pop3resp(pop))){
free(up);
return s;
}
pop3cmd(pop, "PASS %s", up->passwd);
free(up);
if(!isokay(s = pop3resp(pop)))
return s;
return nil;
}
}
static Auth *
auth_ntlmv2(char *windom, char *keyp, uchar *chal, int len)
{
int i, n;
Rune r;
char *p, *u;
uchar v1hash[MD5dlen], blip[Bliplen], blob[1024], v2hash[MD5dlen];
uchar c, lm_hmac[MD5dlen], nt_hmac[MD5dlen], nt_sesskey[MD5dlen],
lm_sesskey[MD5dlen];
DigestState *ds;
UserPasswd *up;
static Auth *ap;
up = auth_getuserpasswd(auth_getkey, "windom=%s proto=pass service=cifs-ntlmv2 %s",
windom, keyp);
if(!up)
sysfatal("cannot get key - %r");
ap = emalloc9p(sizeof(Auth));
memset(ap, 0, sizeof(ap));
/* Standard says unlimited length, experience says 128 max */
if((n = strlen(up->passwd)) > 128)
n = 128;
ds = md4(nil, 0, nil, nil);
for(i=0, p=up->passwd; i < n; i++) {
p += chartorune(&r, p);
c = r;
md4(&c, 1, nil, ds);
c = r >> 8;
md4(&c, 1, nil, ds);
}
md4(nil, 0, v1hash, ds);
/*
* Some documentation insists that the username must be forced to
* uppercase, but the domain name should not be. Other shows both
* being forced to uppercase. I am pretty sure this is irrevevant as the
* domain name passed from the remote server always seems to be in
* uppercase already.
*/
ds = hmac_t64(nil, 0, v1hash, MD5dlen, nil, nil);
u = up->user;
while(*u){
u += chartorune(&r, u);
r = toupperrune(r);
c = r;
hmac_t64(&c, 1, v1hash, MD5dlen, nil, ds);
c = r >> 8;
hmac_t64(&c, 1, v1hash, MD5dlen, nil, ds);
}
u = windom;
while(*u){
u += chartorune(&r, u);
c = r;
hmac_t64(&c, 1, v1hash, MD5dlen, nil, ds);
c = r >> 8;
hmac_t64(&c, 1, v1hash, MD5dlen, nil, ds);
}
hmac_t64(nil, 0, v1hash, MD5dlen, v2hash, ds);
ap->user = estrdup9p(up->user);
ap->windom = estrdup9p(windom);
/* LM v2 */
genrandom(blip, Bliplen);
ds = hmac_t64(chal, len, v2hash, MD5dlen, nil, nil);
hmac_t64(blip, Bliplen, v2hash, MD5dlen, lm_hmac, ds);
ap->len[0] = MD5dlen+Bliplen;
ap->resp[0] = emalloc9p(ap->len[0]);
memcpy(ap->resp[0], lm_hmac, MD5dlen);
memcpy(ap->resp[0]+MD5dlen, blip, Bliplen);
/* LM v2 session key */
hmac_t64(lm_hmac, MD5dlen, v2hash, MD5dlen, lm_sesskey, nil);
/* LM v2 MAC key */
ap->mackey[0] = emalloc9p(MACkeylen);
memcpy(ap->mackey[0], lm_sesskey, MD5dlen);
memcpy(ap->mackey[0]+MD5dlen, ap->resp[0], MACkeylen-MD5dlen);
/* NTLM v2 */
n = ntv2_blob(blob, sizeof(blob), windom);
ds = hmac_t64(chal, len, v2hash, MD5dlen, nil, nil);
hmac_t64(blob, n, v2hash, MD5dlen, nt_hmac, ds);
ap->len[1] = MD5dlen+n;
ap->resp[1] = emalloc9p(ap->len[1]);
memcpy(ap->resp[1], nt_hmac, MD5dlen);
memcpy(ap->resp[1]+MD5dlen, blob, n);
/*
* v2hash definitely OK by
* the time we get here.
*/
/* NTLM v2 session key */
hmac_t64(nt_hmac, MD5dlen, v2hash, MD5dlen, nt_sesskey, nil);
/* NTLM v2 MAC key */
ap->mackey[1] = emalloc9p(MACkeylen);
memcpy(ap->mackey[1], nt_sesskey, MD5dlen);
memcpy(ap->mackey[1]+MD5dlen, ap->resp[1], MACkeylen-MD5dlen);
free(up);
return ap;
}
static char *
doauth(char *methods)
{
char *buf, *base64;
int n;
DS ds;
UserPasswd *p;
dial_string_parse(ddomain, &ds);
if(user != nil)
p = auth_getuserpasswd(nil,
"proto=pass service=smtp server=%q user=%q", ds.host, user);
else
p = auth_getuserpasswd(nil,
"proto=pass service=smtp server=%q", ds.host);
if (p == nil)
return Giveup;
if (strstr(methods, "LOGIN")){
dBprint("AUTH LOGIN\r\n");
if (getreply() != 3)
return Retry;
n = strlen(p->user);
base64 = malloc(2*n);
if (base64 == nil)
return Retry; /* Out of memory */
enc64(base64, 2*n, (uchar *)p->user, n);
dBprint("%s\r\n", base64);
if (getreply() != 3)
return Retry;
n = strlen(p->passwd);
base64 = malloc(2*n);
if (base64 == nil)
return Retry; /* Out of memory */
enc64(base64, 2*n, (uchar *)p->passwd, n);
dBprint("%s\r\n", base64);
if (getreply() != 2)
return Retry;
free(base64);
}
else
if (strstr(methods, "PLAIN")){
n = strlen(p->user) + strlen(p->passwd) + 3;
buf = malloc(n);
base64 = malloc(2 * n);
if (buf == nil || base64 == nil) {
free(buf);
return Retry; /* Out of memory */
}
snprint(buf, n, "%c%s%c%s", 0, p->user, 0, p->passwd);
enc64(base64, 2 * n, (uchar *)buf, n - 1);
free(buf);
dBprint("AUTH PLAIN %s\r\n", base64);
free(base64);
if (getreply() != 2)
return Retry;
}
else
return "No supported AUTH method";
return(0);
}
