Commit 61333b00 authored by Thomas Roessler's avatar Thomas Roessler

Brendan Cully's SASL patch. I hope I didn't miss any files.

parent e15e685b
......@@ -63,15 +63,15 @@ non_us_sources = pgp.c pgpinvoke.c pgpkey.c pgplib.c sha1dgst.c \
contrib/pgp2.rc contrib/pgp5.rc contrib/gpg.rc \
imap/imap_ssl.c imap/imap_ssl.h README.SSL
EXTRA_mutt_SOURCES = account.c mutt_socket.c pop.c pgp.c pgpinvoke.c pgpkey.c \
pgplib.c sha1dgst.c gnupgparse.c resize.c dotlock.c remailer.c \
browser.h mbyte.h remailer.h
EXTRA_mutt_SOURCES = account.c mutt_sasl.c mutt_socket.c pop.c pgp.c \
pgpinvoke.c pgpkey.c pgplib.c sha1dgst.c gnupgparse.c resize.c \
dotlock.c remailer.c browser.h mbyte.h remailer.h
EXTRA_DIST = COPYRIGHT GPL OPS OPS.PGP TODO configure acconfig.h account.h \
attach.h buffy.h charset.h copy.h dotlock.h functions.h gen_defs \
globals.h hash.h history.h init.h keymap.h \
mailbox.h mapping.h mime.h mutt.h mutt_curses.h mutt_menu.h \
mutt_regex.h mutt_socket.h mx.h pager.h pgp.h protos.h \
mutt_regex.h mutt_sasl.h mutt_socket.h mx.h pager.h pgp.h protos.h \
reldate.h rfc1524.h rfc2047.h rfc2231.h rfc822.h sha.h sha_locl.h \
sort.h mime.types VERSION prepare _regex.h OPS.MIX \
README.SECURITY remailer.c remailer.h browser.h \
......
......@@ -46,13 +46,17 @@
/* Do you want support for the IMAP protocol? (--enable-imap) */
#undef USE_IMAP
/* Do you want to use the Cyrus SASL library for POP/IMAP authentication?
* (--with-sasl) */
#undef USE_SASL
/* Do you want support for IMAP GSSAPI authentication? (--with-gss) */
#undef USE_GSS
/* Do you have the Heimdal version of Kerberos V? (for gss support) */
#undef HAVE_HEIMDAL
/* Do you want support for SSL? (--enable-ssl) */
/* Do you want support for SSL? (--with-ssl) */
#undef USE_SSL
/* Avoid SSL routines which used patent-encumbered RC5 algorithms */
......
......@@ -52,3 +52,57 @@ int mutt_account_match (const ACCOUNT* a1, const ACCOUNT* a2)
return 1;
}
/* mutt_account_getuser: retrieve username into ACCOUNT, if neccessary */
int mutt_account_getuser (ACCOUNT* account)
{
/* already set */
if (account->flags & M_ACCT_USER)
return 0;
#ifdef USE_IMAP
else if ((account->type == M_ACCT_TYPE_IMAP) && ImapUser)
strfcpy (account->user, ImapUser, sizeof (account->user));
#endif
#ifdef USE_POP
else if ((account->type == M_ACCT_TYPE_POP) && PopUser)
strfcpy (account->user, PopUser, sizeof (account->user));
#endif
/* prompt (defaults to unix username), copy into account->user */
else
{
strfcpy (account->user, NONULL (Username), sizeof (account->user));
if (mutt_get_field (_("Username: "), account->user,
sizeof (account->user), 0))
return -1;
}
account->flags |= M_ACCT_USER;
return 0;
}
/* mutt_account_getpass: fetch password into ACCOUNT, if neccessary */
int mutt_account_getpass (ACCOUNT* account)
{
if (account->flags & M_ACCT_PASS)
return 0;
#ifdef USE_IMAP
else if ((account->type == M_ACCT_TYPE_IMAP) && ImapPass)
strfcpy (account->pass, ImapPass, sizeof (account->pass));
#endif
#ifdef USE_POP
else if ((account->type == M_ACCT_TYPE_POP) && PopPass)
strfcpy (account->pass, PopPass, sizeof (account->pass));
#endif
else
{
account->pass[0] = '\0';
if (mutt_get_field (_("Password: "), account->pass,
sizeof (account->pass), M_PASS))
return -1;
}
account->flags |= M_ACCT_PASS;
return 0;
}
......@@ -32,9 +32,8 @@ enum
/* account flags */
#define M_ACCT_PORT (1<<0)
#define M_ACCT_USER (1<<1)
#define M_ACCT_SSL (1<<2)
#define M_ACCT_CRAM (1<<3)
#define M_ACCT_PASS (1<<4)
#define M_ACCT_PASS (1<<2)
#define M_ACCT_SSL (1<<3)
typedef struct
{
......@@ -46,7 +45,8 @@ typedef struct
unsigned char flags;
} ACCOUNT;
/* imap_account_match: compare account info (host/port/user) */
int mutt_account_match (const ACCOUNT* a1, const ACCOUNT* m2);
int mutt_account_getuser (ACCOUNT* account);
int mutt_account_getpass (ACCOUNT* account);
#endif /* _MUTT_ACCOUNT_H_ */
......@@ -663,6 +663,37 @@ AM_CONDITIONAL(USE_SSL, test x$need_ssl = xyes)
dnl -- end imap dependencies --
AC_ARG_WITH(sasl, [ --with-sasl[=DIR] Use Cyrus SASL library for POP/IMAP authentication],
[
if test "$need_socket" != "yes"
then
AC_MSG_ERROR([SASL support is only useful with POP or IMAP support])
fi
if test "$with_sasl" != "no"
then
if test "$with_sasl" != "yes"
then
CPPFLAGS="$CPPFLAGS -I$with_sasl/include"
LDFLAGS="$LDFLAGS -L$with_sasl/lib"
fi
saved_LIBS="$LIBS"
AC_CHECK_LIB(sasl, sasl_client_init,,
AC_MSG_ERROR([could not find libsasl]),)
MUTT_LIB_OBJECTS="$MUTT_LIB_OBJECTS mutt_sasl.o"
MUTTLIBS="$MUTTLIBS -lsasl"
LIBS="$saved_LIBS"
AC_DEFINE(USE_SASL)
need_sasl=yes
fi
])
AM_CONDITIONAL(USE_SASL, test x$need_sasl = xyes)
dnl -- end socket --
AC_ARG_ENABLE(debug, [ --enable-debug Enable debugging support],
[ if test x$enableval = xyes ; then
AC_DEFINE(DEBUG)
......@@ -717,7 +748,7 @@ AC_ARG_WITH(exec-shell, [ --with-exec-shell=SHELL Specify alternate shell (O
AC_DEFINE_UNQUOTED(EXECSHELL, "$withval")
fi])
AC_ARG_ENABLE(exact-address, [ --enable-exact-address enable regeneration of email addresses],
AC_ARG_ENABLE(exact-address, [ --enable-exact-address Enable regeneration of email addresses],
[if test $enableval = yes; then
AC_DEFINE(EXACT_ADDRESS)
fi])
......
......@@ -50,7 +50,6 @@ WHERE char *Homedir;
WHERE char *Hostname;
#ifdef USE_IMAP
WHERE char *ImapUser INITVAL (NULL);
WHERE char *ImapCRAMKey INITVAL (NULL);
WHERE char *ImapPass INITVAL (NULL);
WHERE short ImapCheckTimeout;
WHERE char *ImapHomeNamespace INITVAL (NULL);
......
......@@ -6,6 +6,12 @@ if USE_GSS
GSSSOURCES = auth_gss.c
endif
if USE_SASL
SASLSOURCES = auth_sasl.c
else
CRAMSOURCES = auth_cram.c
endif
if USE_SSL
SSLSOURCES = imap_ssl.c
SSLHEADERS = imap_ssl.h
......@@ -16,7 +22,8 @@ EXTRA_DIST = BUGS README TODO imap_ssl.c imap_ssl.h auth_gss.c
INCLUDES = -I$(top_srcdir) -I../intl
noinst_LIBRARIES = libimap.a
noinst_HEADERS = imap_private.h md5.h message.h $(SSLHEADERS)
noinst_HEADERS = auth.h imap_private.h md5.h message.h $(SSLHEADERS)
libimap_a_SOURCES = auth.c browse.c command.c imap.c imap.h md5c.c message.c \
utf7.c util.c $(GSSSOURCES) $(SSLSOURCES)
libimap_a_SOURCES = auth.c auth_anon.c auth_login.c c browse.c \
command.c imap.c imap.h md5c.c message.c utf7.c \
util.c $(GSSSOURCES) $(SASLSOURCES) $(CRAMSOURCES) $(SSLSOURCES)
This diff is collapsed.
/*
* Copyright (C) 2000 Brendan Cully <brendan@kublai.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
*/
/* common defs for authenticators. A good place to set up a generic callback
* system */
#ifndef _IMAP_AUTH_H
#define _IMAP_AUTH_H 1
typedef enum
{
IMAP_AUTH_SUCCESS = 0,
IMAP_AUTH_FAILURE,
IMAP_AUTH_UNAVAIL
} imap_auth_res_t;
typedef imap_auth_res_t (*imap_auth_t)(IMAP_DATA* idata);
/* external authenticator prototypes */
imap_auth_res_t imap_auth_anon (IMAP_DATA* idata);
imap_auth_res_t imap_auth_cram_md5 (IMAP_DATA* idata);
imap_auth_res_t imap_auth_login (IMAP_DATA* idata);
#ifdef USE_GSS
imap_auth_res_t imap_auth_gss (IMAP_DATA* idata);
#endif
#ifdef USE_SASL
imap_auth_res_t imap_auth_sasl (IMAP_DATA* idata);
#endif
#endif /* _IMAP_AUTH_H */
/*
* Copyright (C) 1999-2000 Brendan Cully <brendan@kublai.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
*/
/* IMAP login/authentication code */
#include "mutt.h"
#include "imap_private.h"
#include "auth.h"
/* this is basically a stripped-down version of the cram-md5 method. */
imap_auth_res_t imap_auth_anon (IMAP_DATA* idata)
{
char buf[LONG_STRING];
if (!mutt_bit_isset (idata->capabilities, AUTH_ANON))
return IMAP_AUTH_UNAVAIL;
if (mutt_account_getuser (&idata->conn->account))
return IMAP_AUTH_FAILURE;
if (idata->conn->account.user[0] != '\0')
return IMAP_AUTH_UNAVAIL;
mutt_message _("Authenticating (anonymous)...");
imap_cmd_start (idata, "AUTHENTICATE ANONYMOUS");
if (mutt_socket_readln (buf, sizeof (buf), idata->conn) < 0)
{
dprint (1, (debugfile, "Error receiving server response.\n"));
goto bail;
}
if (buf[0] != '+')
{
dprint (1, (debugfile, "Invalid response from server.\n"));
goto bail;
}
strfcpy (buf, "ZHVtbXkK\r\n", sizeof (buf)); /* base64 ("dummy") */
mutt_socket_write (idata->conn, buf);
if (mutt_socket_readln (buf, sizeof (buf), idata->conn) < 0)
{
dprint (1, (debugfile, "Error receiving server response.\n"));
goto bail;
}
if (imap_code (buf))
return IMAP_AUTH_SUCCESS;
bail:
mutt_error _("Anonymous authentication failed.");
sleep (2);
return IMAP_AUTH_FAILURE;
}
/*
* Copyright (C) 1999-2000 Brendan Cully <brendan@kublai.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
*/
/* IMAP login/authentication code */
#include "mutt.h"
#include "imap_private.h"
#include "auth.h"
#include "md5.h"
#define MD5_BLOCK_LEN 64
#define MD5_DIGEST_LEN 16
/* forward declarations */
static void hmac_md5 (const char* password, char* challenge,
unsigned char* response);
/* imap_auth_cram_md5: AUTH=CRAM-MD5 support. */
imap_auth_res_t imap_auth_cram_md5 (IMAP_DATA* idata)
{
char ibuf[LONG_STRING], obuf[LONG_STRING];
unsigned char hmac_response[MD5_DIGEST_LEN];
int len;
if (!mutt_bit_isset (idata->capabilities, ACRAM_MD5))
return IMAP_AUTH_UNAVAIL;
mutt_message _("Authenticating (CRAM-MD5)...");
/* get auth info */
if (mutt_account_getuser (&idata->conn->account))
return IMAP_AUTH_FAILURE;
if (mutt_account_getpass (&idata->conn->account))
return IMAP_AUTH_FAILURE;
imap_cmd_start (idata, "AUTHENTICATE CRAM-MD5");
/* From RFC 2195:
* The data encoded in the first ready response contains a presumptively
* arbitrary string of random digits, a timestamp, and the fully-qualified
* primary host name of the server. The syntax of the unencoded form must
* correspond to that of an RFC 822 'msg-id' [RFC822] as described in [POP3].
*/
if (mutt_socket_readln (ibuf, sizeof (ibuf), idata->conn) < 0)
{
dprint (1, (debugfile, "Error receiving server response.\n"));
goto bail;
}
if (ibuf[0] != '+')
{
dprint (1, (debugfile, "Invalid response from server: %s\n", ibuf));
goto bail;
}
if ((len = mutt_from_base64 (obuf, ibuf + 2)) == -1)
{
dprint (1, (debugfile, "Error decoding base64 response.\n"));
goto bail;
}
obuf[len] = '\0';
dprint (2, (debugfile, "CRAM challenge: %s\n", obuf));
/* The client makes note of the data and then responds with a string
* consisting of the user name, a space, and a 'digest'. The latter is
* computed by applying the keyed MD5 algorithm from [KEYED-MD5] where the
* key is a shared secret and the digested text is the timestamp (including
* angle-brackets).
*
* Note: The user name shouldn't be quoted. Since the digest can't contain
* spaces, there is no ambiguity. Some servers get this wrong, we'll work
* around them when the bug report comes in. Until then, we'll remain
* blissfully RFC-compliant.
*/
hmac_md5 (idata->conn->account.pass, obuf, hmac_response);
/* dubious optimisation I saw elsewhere: make the whole string in one call */
snprintf (obuf, sizeof (obuf),
"%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
idata->conn->account.user,
hmac_response[0], hmac_response[1], hmac_response[2], hmac_response[3],
hmac_response[4], hmac_response[5], hmac_response[6], hmac_response[7],
hmac_response[8], hmac_response[9], hmac_response[10], hmac_response[11],
hmac_response[12], hmac_response[13], hmac_response[14], hmac_response[15]);
dprint(2, (debugfile, "CRAM response: %s\n", obuf));
mutt_to_base64 ((unsigned char*) ibuf, (unsigned char*) obuf, strlen (obuf));
strcpy (ibuf + strlen (ibuf), "\r\n");
mutt_socket_write (idata->conn, ibuf);
if (mutt_socket_readln (ibuf, LONG_STRING, idata->conn) < 0)
{
dprint (1, (debugfile, "Error receiving server response.\n"));
goto bail;
}
if (imap_code (ibuf))
return IMAP_AUTH_SUCCESS;
bail:
mutt_error _("CRAM-MD5 authentication failed.");
sleep (2);
return IMAP_AUTH_FAILURE;
}
/* hmac_md5: produce CRAM-MD5 challenge response. */
static void hmac_md5 (const char* password, char* challenge,
unsigned char* response)
{
MD5_CTX ctx;
unsigned char ipad[MD5_BLOCK_LEN], opad[MD5_BLOCK_LEN];
unsigned char secret[MD5_BLOCK_LEN+1];
unsigned char hash_passwd[MD5_DIGEST_LEN];
unsigned int secret_len, chal_len;
int i;
secret_len = strlen (password);
chal_len = strlen (challenge);
/* passwords longer than MD5_BLOCK_LEN bytes are substituted with their MD5
* digests */
if (secret_len > MD5_BLOCK_LEN)
{
MD5Init (&ctx);
MD5Update (&ctx, (unsigned char*) password, secret_len);
MD5Final (hash_passwd, &ctx);
strfcpy ((char*) secret, (char*) hash_passwd, MD5_DIGEST_LEN);
secret_len = MD5_DIGEST_LEN;
}
else
strfcpy ((char *) secret, password, sizeof (secret));
memset (ipad, 0, sizeof (ipad));
memset (opad, 0, sizeof (opad));
memcpy (ipad, secret, secret_len);
memcpy (opad, secret, secret_len);
for (i = 0; i < MD5_BLOCK_LEN; i++)
{
ipad[i] ^= 0x36;
opad[i] ^= 0x5c;
}
/* inner hash: challenge and ipadded secret */
MD5Init (&ctx);
MD5Update (&ctx, ipad, MD5_BLOCK_LEN);
MD5Update (&ctx, (unsigned char*) challenge, chal_len);
MD5Final (response, &ctx);
/* outer hash: inner hash and opadded secret */
MD5Init (&ctx);
MD5Update (&ctx, opad, MD5_BLOCK_LEN);
MD5Update (&ctx, response, MD5_DIGEST_LEN);
MD5Final (response, &ctx);
}
......@@ -23,6 +23,7 @@
#include "mutt.h"
#include "imap_private.h"
#include "auth.h"
#include <netinet/in.h>
......@@ -39,9 +40,8 @@
#define GSS_AUTH_P_INTEGRITY 2
#define GSS_AUTH_P_PRIVACY 4
/* imap_auth_gss: AUTH=GSSAPI support. Used unconditionally if the server
* supports it */
int imap_auth_gss (IMAP_DATA* idata, const char* user)
/* imap_auth_gss: AUTH=GSSAPI support. */
imap_auth_res_t imap_auth_gss (IMAP_DATA* idata)
{
gss_buffer_desc request_buf, send_token;
gss_buffer_t sec_token;
......@@ -54,7 +54,13 @@ int imap_auth_gss (IMAP_DATA* idata, const char* user)
char buf1[GSS_BUFSIZE], buf2[GSS_BUFSIZE], server_conf_flags;
unsigned long buf_size;
dprint (2, (debugfile, "Attempting GSS login...\n"));
if (!mutt_bit_isset (idata->capabilities, AGSSAPI))
return IMAP_AUTH_UNAVAIL;
mutt_message _("Authenticating (GSS)...");
if (mutt_account_getuser (&idata->conn->account))
return IMAP_AUTH_FAILURE;
/* get an IMAP service ticket for the server */
snprintf (buf1, sizeof (buf1), "imap@%s", idata->conn->account.host);
......@@ -65,7 +71,7 @@ int imap_auth_gss (IMAP_DATA* idata, const char* user)
if (maj_stat != GSS_S_COMPLETE)
{
dprint (2, (debugfile, "Couldn't get service name for [%s]\n", buf1));
return -1;
goto bail;
}
#ifdef DEBUG
else if (debuglevel >= 2)
......@@ -87,16 +93,14 @@ int imap_auth_gss (IMAP_DATA* idata, const char* user)
{
dprint (1, (debugfile, "Error receiving server response.\n"));
gss_release_name (&min_stat, &target_name);
return -1;
goto bail;
}
if (buf1[0] != '+')
{
dprint (2, (debugfile, "Invalid response from server: %s\n", buf1));
gss_release_name (&min_stat, &target_name);
return -1;
goto bail;
}
/* now start the security context initialisation loop... */
......@@ -126,8 +130,7 @@ int imap_auth_gss (IMAP_DATA* idata, const char* user)
/* end authentication attempt */
mutt_socket_write (idata->conn, "*\r\n");
mutt_socket_readln (buf1, sizeof (buf1), idata->conn);
return -1;
goto bail;
}
/* send token */
......@@ -143,8 +146,7 @@ int imap_auth_gss (IMAP_DATA* idata, const char* user)
{
dprint (1, (debugfile, "Error receiving server response.\n"));
gss_release_name (&min_stat, &target_name);
return -1;
goto bail;
}
request_buf.length = mutt_from_base64 (buf2, buf1 + 2);
......@@ -160,8 +162,7 @@ int imap_auth_gss (IMAP_DATA* idata, const char* user)
if (mutt_socket_readln (buf1, sizeof (buf1), idata->conn) < 0)
{
dprint (1, (debugfile, "Error receiving server response.\n"));
return -1;
goto bail;
}
request_buf.length = mutt_from_base64 (buf2, buf1 + 2);
request_buf.value = buf2;
......@@ -172,9 +173,8 @@ int imap_auth_gss (IMAP_DATA* idata, const char* user)
{
dprint (2, (debugfile, "Couldn't unwrap security level data\n"));
gss_release_buffer (&min_stat, &send_token);
mutt_socket_write(idata->conn, "*\r\n");
return -1;
goto bail;
}
dprint (2, (debugfile, "Credential exchange complete\n"));
......@@ -184,9 +184,8 @@ int imap_auth_gss (IMAP_DATA* idata, const char* user)
{
dprint (2, (debugfile, "Server requires integrity or privace\n"));
gss_release_buffer (&min_stat, &send_token);
mutt_socket_write(idata->conn, "*\r\n");
return -1;
goto bail;
}
/* we don't care about buffer size if we don't wrap content. But here it is */
......@@ -204,21 +203,21 @@ int imap_auth_gss (IMAP_DATA* idata, const char* user)
memcpy (buf1, &buf_size, 4);
buf1[0] = GSS_AUTH_P_NONE;
/* server decides if principal can log in as user */
strncpy (buf1 + 4, user, sizeof (buf1) - 4);
strncpy (buf1 + 4, idata->conn->account.user, sizeof (buf1) - 4);
request_buf.value = buf1;
request_buf.length = 4 + strlen (user) + 1;
request_buf.length = 4 + strlen (idata->conn->account.user) + 1;
maj_stat = gss_wrap (&min_stat, context, 0, GSS_C_QOP_DEFAULT, &request_buf,
&cflags, &send_token);
if (maj_stat != GSS_S_COMPLETE)
{
dprint (2, (debugfile, "Error creating login request\n"));
mutt_socket_write(idata->conn, "*\r\n");
return -1;
goto bail;
}
mutt_to_base64 ((unsigned char*) buf1, send_token.value, send_token.length);
dprint (2, (debugfile, "Requesting authorisation as %s\n", user));
dprint (2, (debugfile, "Requesting authorisation as %s\n",
idata->conn->account.user));
strncat (buf1, "\r\n", sizeof (buf1));
mutt_socket_write (idata->conn, buf1);
......@@ -226,9 +225,8 @@ int imap_auth_gss (IMAP_DATA* idata, const char* user)
if (mutt_socket_readln (buf1, GSS_BUFSIZE, idata->conn) < 0)
{
dprint (1, (debugfile, "Error receiving server response.\n"));
mutt_socket_write(idata->conn, "*\r\n");
return -1;
goto bail;
}
if (imap_code (buf1))
{
......@@ -238,8 +236,7 @@ int imap_auth_gss (IMAP_DATA* idata, const char* user)
if (maj_stat != GSS_S_COMPLETE)
{
dprint (1, (debugfile, "Error releasing credentials\n"));
return -1;
goto bail;
}
/* send_token may contain a notification to the server to flush
* credentials. RFC 1731 doesn't specify what to do, and since this
......@@ -247,13 +244,11 @@ int imap_auth_gss (IMAP_DATA* idata, const char* user)
* enough to flush its own credentials */
gss_release_buffer (&min_stat, &send_token);
dprint (2, (debugfile, "GSS login complete\n"));
return 0;
return IMAP_AUTH_SUCCESS;
}
/* logon failed */
dprint (2, (debugfile, "GSS login failed.\n"));
return -1;
bail:
mutt_error _("GSS authentication failed.");
sleep (2);
return IMAP_AUTH_FAILURE;
}
/*
* Copyright (C) 1999-2000 Brendan Cully <brendan@kublai.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
*/
/* plain LOGIN support */
#include "mutt.h"
#include "imap_private.h"
#include "auth.h"
/* imap_auth_login: Plain LOGIN support */
imap_auth_res_t imap_auth_login (IMAP_DATA* idata)
{
char q_user[SHORT_STRING], q_pass[SHORT_STRING];
char buf[LONG_STRING];
int rc;
if (mutt_account_getuser (&idata->conn->account))
return IMAP_AUTH_FAILURE;
if (mutt_account_getpass (&idata->conn->account))
return IMAP_AUTH_FAILURE;
mutt_message _("Logging in...");
imap_quote_string (q_user, sizeof (q_user), idata->conn->account.user);
imap_quote_string (q_pass, sizeof (q_pass), idata->conn->account.pass);
#ifdef DEBUG
/* don't print the password unless we're at the ungodly debugging level
* of 5 or higher */
if (debuglevel < IMAP_LOG_PASS)
dprint (2, (debugfile, "Sending LOGIN command for %s...\n",
idata->conn->account.user));
#endif
snprintf (buf, sizeof (buf), "LOGIN %s %s", q_user, q_pass);
rc = imap_exec (buf, sizeof (buf), idata, buf,
IMAP_CMD_FAIL_OK | IMAP_CMD_PASS);
if (!rc)
return IMAP_AUTH_SUCCESS;
else if (rc == -1)
dprint (1, (debugfile, "imap_auth_login: Error logging in.\n"));
mutt_error _("Login failed.");
sleep (2);
return IMAP_AUTH_FAILURE;
}
/*
* Copyright (C) 2000 Brendan Cully <brendan@kublai.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License