Merge branch 'jc/maint-add-p-overlapping-hunks' into maint
[gitweb.git] / imap-send.c
index 4ffd583c7e8d057654423cdd3ef24e42d91bfbb1..9adf4b981953080676aa24907fead1038b920e60 100644 (file)
@@ -27,6 +27,9 @@
 #include "run-command.h"
 #ifdef NO_OPENSSL
 typedef void *SSL;
+#else
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
 #endif
 
 struct store_conf {
@@ -139,6 +142,20 @@ struct imap_server_conf {
        int use_ssl;
        int ssl_verify;
        int use_html;
+       char *auth_method;
+};
+
+static struct imap_server_conf server = {
+       NULL,   /* name */
+       NULL,   /* tunnel */
+       NULL,   /* host */
+       0,      /* port */
+       NULL,   /* user */
+       NULL,   /* pass */
+       0,      /* use_ssl */
+       1,      /* ssl_verify */
+       0,      /* use_html */
+       NULL,   /* auth_method */
 };
 
 struct imap_store_conf {
@@ -213,6 +230,7 @@ enum CAPABILITY {
        LITERALPLUS,
        NAMESPACE,
        STARTTLS,
+       AUTH_CRAM_MD5
 };
 
 static const char *cap_list[] = {
@@ -221,6 +239,7 @@ static const char *cap_list[] = {
        "LITERAL+",
        "NAMESPACE",
        "STARTTLS",
+       "AUTH=CRAM-MD5",
 };
 
 #define RESP_OK    0
@@ -524,9 +543,13 @@ static struct imap_cmd *v_issue_imap_cmd(struct imap_store *ctx,
        while (imap->literal_pending)
                get_cmd_result(ctx, NULL);
 
-       bufl = nfsnprintf(buf, sizeof(buf), cmd->cb.data ? CAP(LITERALPLUS) ?
-                          "%d %s{%d+}\r\n" : "%d %s{%d}\r\n" : "%d %s\r\n",
-                          cmd->tag, cmd->cmd, cmd->cb.dlen);
+       if (!cmd->cb.data)
+               bufl = nfsnprintf(buf, sizeof(buf), "%d %s\r\n", cmd->tag, cmd->cmd);
+       else
+               bufl = nfsnprintf(buf, sizeof(buf), "%d %s{%d%s}\r\n",
+                                 cmd->tag, cmd->cmd, cmd->cb.dlen,
+                                 CAP(LITERALPLUS) ? "+" : "");
+
        if (Verbose) {
                if (imap->num_in_progress)
                        printf("(%d in progress) ", imap->num_in_progress);
@@ -948,6 +971,87 @@ static void imap_close_store(struct store *ctx)
        free(ctx);
 }
 
+#ifndef NO_OPENSSL
+
+/*
+ * hexchar() and cram() functions are based on the code from the isync
+ * project (http://isync.sf.net/).
+ */
+static char hexchar(unsigned int b)
+{
+       return b < 10 ? '0' + b : 'a' + (b - 10);
+}
+
+#define ENCODED_SIZE(n) (4*((n+2)/3))
+static char *cram(const char *challenge_64, const char *user, const char *pass)
+{
+       int i, resp_len, encoded_len, decoded_len;
+       HMAC_CTX hmac;
+       unsigned char hash[16];
+       char hex[33];
+       char *response, *response_64, *challenge;
+
+       /*
+        * length of challenge_64 (i.e. base-64 encoded string) is a good
+        * enough upper bound for challenge (decoded result).
+        */
+       encoded_len = strlen(challenge_64);
+       challenge = xmalloc(encoded_len);
+       decoded_len = EVP_DecodeBlock((unsigned char *)challenge,
+                                     (unsigned char *)challenge_64, encoded_len);
+       if (decoded_len < 0)
+               die("invalid challenge %s", challenge_64);
+       HMAC_Init(&hmac, (unsigned char *)pass, strlen(pass), EVP_md5());
+       HMAC_Update(&hmac, (unsigned char *)challenge, decoded_len);
+       HMAC_Final(&hmac, hash, NULL);
+       HMAC_CTX_cleanup(&hmac);
+
+       hex[32] = 0;
+       for (i = 0; i < 16; i++) {
+               hex[2 * i] = hexchar((hash[i] >> 4) & 0xf);
+               hex[2 * i + 1] = hexchar(hash[i] & 0xf);
+       }
+
+       /* response: "<user> <digest in hex>" */
+       resp_len = strlen(user) + 1 + strlen(hex) + 1;
+       response = xmalloc(resp_len);
+       sprintf(response, "%s %s", user, hex);
+
+       response_64 = xmalloc(ENCODED_SIZE(resp_len) + 1);
+       encoded_len = EVP_EncodeBlock((unsigned char *)response_64,
+                                     (unsigned char *)response, resp_len);
+       if (encoded_len < 0)
+               die("EVP_EncodeBlock error");
+       response_64[encoded_len] = '\0';
+       return (char *)response_64;
+}
+
+#else
+
+static char *cram(const char *challenge_64, const char *user, const char *pass)
+{
+       die("If you want to use CRAM-MD5 authenticate method, "
+           "you have to build git-imap-send with OpenSSL library.");
+}
+
+#endif
+
+static int auth_cram_md5(struct imap_store *ctx, struct imap_cmd *cmd, const char *prompt)
+{
+       int ret;
+       char *response;
+
+       response = cram(prompt, server.user, server.pass);
+
+       ret = socket_write(&ctx->imap->buf.sock, response, strlen(response));
+       if (ret != strlen(response))
+               return error("IMAP error: sending response failed\n");
+
+       free(response);
+
+       return 0;
+}
+
 static struct store *imap_open_store(struct imap_server_conf *srvc)
 {
        struct imap_store *ctx;
@@ -964,17 +1068,13 @@ static struct store *imap_open_store(struct imap_server_conf *srvc)
        /* open connection to IMAP server */
 
        if (srvc->tunnel) {
-               const char *argv[4];
-               struct child_process tunnel = {0};
+               const char *argv[] = { srvc->tunnel, NULL };
+               struct child_process tunnel = {NULL};
 
                imap_info("Starting tunnel '%s'... ", srvc->tunnel);
 
-               argv[0] = "sh";
-               argv[1] = "-c";
-               argv[2] = srvc->tunnel;
-               argv[3] = NULL;
-
                tunnel.argv = argv;
+               tunnel.use_shell = 1;
                tunnel.in = -1;
                tunnel.out = -1;
                if (start_command(&tunnel))
@@ -990,7 +1090,7 @@ static struct store *imap_open_store(struct imap_server_conf *srvc)
                int gai;
                char portstr[6];
 
-               snprintf(portstr, sizeof(portstr), "%hu", srvc->port);
+               snprintf(portstr, sizeof(portstr), "%d", srvc->port);
 
                memset(&hints, 0, sizeof(hints));
                hints.ai_socktype = SOCK_STREAM;
@@ -1111,7 +1211,7 @@ static struct store *imap_open_store(struct imap_server_conf *srvc)
                if (!srvc->pass) {
                        char prompt[80];
                        sprintf(prompt, "Password (%s@%s): ", srvc->user, srvc->host);
-                       arg = getpass(prompt);
+                       arg = git_getpass(prompt);
                        if (!arg) {
                                perror("getpass");
                                exit(1);
@@ -1130,12 +1230,37 @@ static struct store *imap_open_store(struct imap_server_conf *srvc)
                        fprintf(stderr, "Skipping account %s@%s, server forbids LOGIN\n", srvc->user, srvc->host);
                        goto bail;
                }
-               if (!imap->buf.sock.ssl)
-                       imap_warn("*** IMAP Warning *** Password is being "
-                                 "sent in the clear\n");
-               if (imap_exec(ctx, NULL, "LOGIN \"%s\" \"%s\"", srvc->user, srvc->pass) != RESP_OK) {
-                       fprintf(stderr, "IMAP error: LOGIN failed\n");
-                       goto bail;
+
+               if (srvc->auth_method) {
+                       struct imap_cmd_cb cb;
+
+                       if (!strcmp(srvc->auth_method, "CRAM-MD5")) {
+                               if (!CAP(AUTH_CRAM_MD5)) {
+                                       fprintf(stderr, "You specified"
+                                               "CRAM-MD5 as authentication method, "
+                                               "but %s doesn't support it.\n", srvc->host);
+                                       goto bail;
+                               }
+                               /* CRAM-MD5 */
+
+                               memset(&cb, 0, sizeof(cb));
+                               cb.cont = auth_cram_md5;
+                               if (imap_exec(ctx, &cb, "AUTHENTICATE CRAM-MD5") != RESP_OK) {
+                                       fprintf(stderr, "IMAP error: AUTHENTICATE CRAM-MD5 failed\n");
+                                       goto bail;
+                               }
+                       } else {
+                               fprintf(stderr, "Unknown authentication method:%s\n", srvc->host);
+                               goto bail;
+                       }
+               } else {
+                       if (!imap->buf.sock.ssl)
+                               imap_warn("*** IMAP Warning *** Password is being "
+                                         "sent in the clear\n");
+                       if (imap_exec(ctx, NULL, "LOGIN \"%s\" \"%s\"", srvc->user, srvc->pass) != RESP_OK) {
+                               fprintf(stderr, "IMAP error: LOGIN failed\n");
+                               goto bail;
+                       }
                }
        } /* !preauth */
 
@@ -1310,8 +1435,14 @@ static int count_messages(struct msg_data *msg)
 
        while (1) {
                if (!prefixcmp(p, "From ")) {
+                       p = strstr(p+5, "\nFrom: ");
+                       if (!p) break;
+                       p = strstr(p+7, "\nDate: ");
+                       if (!p) break;
+                       p = strstr(p+7, "\nSubject: ");
+                       if (!p) break;
+                       p += 10;
                        count++;
-                       p += 5;
                }
                p = strstr(p+5, "\nFrom ");
                if (!p)
@@ -1352,18 +1483,6 @@ static int split_msg(struct msg_data *all_msgs, struct msg_data *msg, int *ofs)
        return 1;
 }
 
-static struct imap_server_conf server = {
-       NULL,   /* name */
-       NULL,   /* tunnel */
-       NULL,   /* host */
-       0,      /* port */
-       NULL,   /* user */
-       NULL,   /* pass */
-       0,      /* use_ssl */
-       1,      /* ssl_verify */
-       0,      /* use_html */
-};
-
 static char *imap_folder;
 
 static int git_imap_config(const char *key, const char *val, void *cb)
@@ -1403,6 +1522,9 @@ static int git_imap_config(const char *key, const char *val, void *cb)
                server.port = git_config_int(key, val);
        else if (!strcmp("tunnel", key))
                server.tunnel = xstrdup(val);
+       else if (!strcmp("authmethod", key))
+               server.auth_method = xstrdup(val);
+
        return 0;
 }