#include "run-command.h"
#ifdef NO_OPENSSL
typedef void *SSL;
+#else
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
#endif
struct store_conf {
unsigned trash_remote_new:1, trash_only_new:1;
};
-struct string_list {
- struct string_list *next;
- char string[1];
-};
-
-struct channel_conf {
- struct channel_conf *next;
- char *name;
- struct store_conf *master, *slave;
- char *master_name, *slave_name;
- char *sync_state;
- struct string_list *patterns;
- int mops, sops;
- unsigned max_messages; /* for slave only */
-};
-
-struct group_conf {
- struct group_conf *next;
- char *name;
- struct string_list *channels;
-};
-
/* For message->status */
#define M_RECENT (1<<0) /* unsyncable flag; maildir_* depend on this being 1<<0 */
#define M_DEAD (1<<1) /* expunged */
struct message {
struct message *next;
- /* struct string_list *keywords; */
size_t size; /* zero implies "not fetched" */
int uid;
unsigned char flags, status;
int use_ssl;
int ssl_verify;
int use_html;
+ char *auth_method;
+};
+
+static struct imap_server_conf server = {
+ NULL, /* name */
+ NULL, /* tunnel */
+ NULL, /* host */
+ 0, /* port */
+ NULL, /* user */
+ NULL, /* pass */
+ 0, /* use_ssl */
+ 1, /* ssl_verify */
+ 0, /* use_html */
+ NULL, /* auth_method */
};
struct imap_store_conf {
struct store_conf gen;
struct imap_server_conf *server;
- unsigned use_namespace:1;
};
#define NIL (void *)0x1
LITERALPLUS,
NAMESPACE,
STARTTLS,
+ AUTH_CRAM_MD5
};
static const char *cap_list[] = {
"LITERAL+",
"NAMESPACE",
"STARTTLS",
+ "AUTH=CRAM-MD5",
};
#define RESP_OK 0
while (imap->literal_pending)
get_cmd_result(ctx, NULL);
- bufl = nfsnprintf(buf, sizeof(buf), cmd->cb.data ? CAP(LITERALPLUS) ?
- "%d %s{%d+}\r\n" : "%d %s{%d}\r\n" : "%d %s\r\n",
- cmd->tag, cmd->cmd, cmd->cb.dlen);
+ if (!cmd->cb.data)
+ bufl = nfsnprintf(buf, sizeof(buf), "%d %s\r\n", cmd->tag, cmd->cmd);
+ else
+ bufl = nfsnprintf(buf, sizeof(buf), "%d %s{%d%s}\r\n",
+ cmd->tag, cmd->cmd, cmd->cb.dlen,
+ CAP(LITERALPLUS) ? "+" : "");
+
if (Verbose) {
if (imap->num_in_progress)
printf("(%d in progress) ", imap->num_in_progress);
free(ctx);
}
+#ifndef NO_OPENSSL
+
+/*
+ * hexchar() and cram() functions are based on the code from the isync
+ * project (http://isync.sf.net/).
+ */
+static char hexchar(unsigned int b)
+{
+ return b < 10 ? '0' + b : 'a' + (b - 10);
+}
+
+#define ENCODED_SIZE(n) (4*((n+2)/3))
+static char *cram(const char *challenge_64, const char *user, const char *pass)
+{
+ int i, resp_len, encoded_len, decoded_len;
+ HMAC_CTX hmac;
+ unsigned char hash[16];
+ char hex[33];
+ char *response, *response_64, *challenge;
+
+ /*
+ * length of challenge_64 (i.e. base-64 encoded string) is a good
+ * enough upper bound for challenge (decoded result).
+ */
+ encoded_len = strlen(challenge_64);
+ challenge = xmalloc(encoded_len);
+ decoded_len = EVP_DecodeBlock((unsigned char *)challenge,
+ (unsigned char *)challenge_64, encoded_len);
+ if (decoded_len < 0)
+ die("invalid challenge %s", challenge_64);
+ HMAC_Init(&hmac, (unsigned char *)pass, strlen(pass), EVP_md5());
+ HMAC_Update(&hmac, (unsigned char *)challenge, decoded_len);
+ HMAC_Final(&hmac, hash, NULL);
+ HMAC_CTX_cleanup(&hmac);
+
+ hex[32] = 0;
+ for (i = 0; i < 16; i++) {
+ hex[2 * i] = hexchar((hash[i] >> 4) & 0xf);
+ hex[2 * i + 1] = hexchar(hash[i] & 0xf);
+ }
+
+ /* response: "<user> <digest in hex>" */
+ resp_len = strlen(user) + 1 + strlen(hex) + 1;
+ response = xmalloc(resp_len);
+ sprintf(response, "%s %s", user, hex);
+
+ response_64 = xmalloc(ENCODED_SIZE(resp_len) + 1);
+ encoded_len = EVP_EncodeBlock((unsigned char *)response_64,
+ (unsigned char *)response, resp_len);
+ if (encoded_len < 0)
+ die("EVP_EncodeBlock error");
+ response_64[encoded_len] = '\0';
+ return (char *)response_64;
+}
+
+#else
+
+static char *cram(const char *challenge_64, const char *user, const char *pass)
+{
+ die("If you want to use CRAM-MD5 authenticate method, "
+ "you have to build git-imap-send with OpenSSL library.");
+}
+
+#endif
+
+static int auth_cram_md5(struct imap_store *ctx, struct imap_cmd *cmd, const char *prompt)
+{
+ int ret;
+ char *response;
+
+ response = cram(prompt, server.user, server.pass);
+
+ ret = socket_write(&ctx->imap->buf.sock, response, strlen(response));
+ if (ret != strlen(response))
+ return error("IMAP error: sending response failed\n");
+
+ free(response);
+
+ return 0;
+}
+
static struct store *imap_open_store(struct imap_server_conf *srvc)
{
struct imap_store *ctx;
if (srvc->tunnel) {
const char *argv[] = { srvc->tunnel, NULL };
- struct child_process tunnel = {0};
+ struct child_process tunnel = {NULL};
imap_info("Starting tunnel '%s'... ", srvc->tunnel);
int gai;
char portstr[6];
- snprintf(portstr, sizeof(portstr), "%hu", srvc->port);
+ snprintf(portstr, sizeof(portstr), "%d", srvc->port);
memset(&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_STREAM;
if (!preauth) {
#ifndef NO_OPENSSL
if (!srvc->use_ssl && CAP(STARTTLS)) {
- if (imap_exec(ctx, 0, "STARTTLS") != RESP_OK)
+ if (imap_exec(ctx, NULL, "STARTTLS") != RESP_OK)
goto bail;
if (ssl_socket_connect(&imap->buf.sock, 1,
srvc->ssl_verify))
goto bail;
/* capabilities may have changed, so get the new capabilities */
- if (imap_exec(ctx, 0, "CAPABILITY") != RESP_OK)
+ if (imap_exec(ctx, NULL, "CAPABILITY") != RESP_OK)
goto bail;
}
#endif
if (!srvc->pass) {
char prompt[80];
sprintf(prompt, "Password (%s@%s): ", srvc->user, srvc->host);
- arg = getpass(prompt);
+ arg = git_getpass(prompt);
if (!arg) {
perror("getpass");
exit(1);
fprintf(stderr, "Skipping account %s@%s, server forbids LOGIN\n", srvc->user, srvc->host);
goto bail;
}
- if (!imap->buf.sock.ssl)
- imap_warn("*** IMAP Warning *** Password is being "
- "sent in the clear\n");
- if (imap_exec(ctx, NULL, "LOGIN \"%s\" \"%s\"", srvc->user, srvc->pass) != RESP_OK) {
- fprintf(stderr, "IMAP error: LOGIN failed\n");
- goto bail;
+
+ if (srvc->auth_method) {
+ struct imap_cmd_cb cb;
+
+ if (!strcmp(srvc->auth_method, "CRAM-MD5")) {
+ if (!CAP(AUTH_CRAM_MD5)) {
+ fprintf(stderr, "You specified"
+ "CRAM-MD5 as authentication method, "
+ "but %s doesn't support it.\n", srvc->host);
+ goto bail;
+ }
+ /* CRAM-MD5 */
+
+ memset(&cb, 0, sizeof(cb));
+ cb.cont = auth_cram_md5;
+ if (imap_exec(ctx, &cb, "AUTHENTICATE CRAM-MD5") != RESP_OK) {
+ fprintf(stderr, "IMAP error: AUTHENTICATE CRAM-MD5 failed\n");
+ goto bail;
+ }
+ } else {
+ fprintf(stderr, "Unknown authentication method:%s\n", srvc->host);
+ goto bail;
+ }
+ } else {
+ if (!imap->buf.sock.ssl)
+ imap_warn("*** IMAP Warning *** Password is being "
+ "sent in the clear\n");
+ if (imap_exec(ctx, NULL, "LOGIN \"%s\" \"%s\"", srvc->user, srvc->pass) != RESP_OK) {
+ fprintf(stderr, "IMAP error: LOGIN failed\n");
+ goto bail;
+ }
}
} /* !preauth */
while (1) {
if (!prefixcmp(p, "From ")) {
+ p = strstr(p+5, "\nFrom: ");
+ if (!p) break;
+ p = strstr(p+7, "\nDate: ");
+ if (!p) break;
+ p = strstr(p+7, "\nSubject: ");
+ if (!p) break;
+ p += 10;
count++;
- p += 5;
}
p = strstr(p+5, "\nFrom ");
if (!p)
return 1;
}
-static struct imap_server_conf server = {
- NULL, /* name */
- NULL, /* tunnel */
- NULL, /* host */
- 0, /* port */
- NULL, /* user */
- NULL, /* pass */
- 0, /* use_ssl */
- 1, /* ssl_verify */
- 0, /* use_html */
-};
-
static char *imap_folder;
static int git_imap_config(const char *key, const char *val, void *cb)
server.port = git_config_int(key, val);
else if (!strcmp("tunnel", key))
server.tunnel = xstrdup(val);
+ else if (!strcmp("authmethod", key))
+ server.auth_method = xstrdup(val);
+
return 0;
}