* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include "cache.h"
+#include "config.h"
#include "credential.h"
#include "exec_cmd.h"
#include "run-command.h"
#include "http.h"
#endif
-#if defined(USE_CURL_FOR_IMAP_SEND) && defined(NO_OPENSSL)
-/* only available option */
+#if defined(USE_CURL_FOR_IMAP_SEND)
+/* Always default to curl if it's available. */
#define USE_CURL_DEFAULT 1
#else
-/* strictly opt in */
+/* We don't have curl, so continue to use the historical implementation */
#define USE_CURL_DEFAULT 0
#endif
SSL_library_init();
SSL_load_error_strings();
- if (use_tls_only)
- meth = TLSv1_method();
- else
- meth = SSLv23_method();
-
+ meth = SSLv23_method();
if (!meth) {
ssl_socket_perror("SSLv23_method");
return -1;
}
ctx = SSL_CTX_new(meth);
+ if (!ctx) {
+ ssl_socket_perror("SSL_CTX_new");
+ return -1;
+ }
+
+ if (use_tls_only)
+ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
if (verify)
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
va_start(va, fmt);
if (blen <= 0 || (unsigned)(ret = vsnprintf(buf, blen, fmt, va)) >= (unsigned)blen)
- die("Fatal: buffer too small. Please report a bug.");
+ die("BUG: buffer too small. Please report a bug.");
va_end(va);
return ret;
}
struct imap *imap = ctx->imap;
char *arg, *p;
- if (*s != '[')
+ if (!s || *s != '[')
return RESP_OK; /* no response code */
s++;
if (!(p = strchr(s, ']'))) {
}
*p++ = 0;
arg = next_arg(&s);
+ if (!arg) {
+ fprintf(stderr, "IMAP error: empty response code\n");
+ return RESP_BAD;
+ }
if (!strcmp("UIDVALIDITY", arg)) {
if (!(arg = next_arg(&s)) || !(ctx->uidvalidity = atoi(arg))) {
fprintf(stderr, "IMAP error: malformed UIDVALIDITY status\n");
{
struct imap *imap = ctx->imap;
struct imap_cmd *cmdp, **pcmdp;
- char *cmd, *arg, *arg1;
+ char *cmd;
+ const char *arg, *arg1;
int n, resp, resp2, tag;
for (;;) {
return RESP_BAD;
arg = next_arg(&cmd);
+ if (!arg) {
+ fprintf(stderr, "IMAP error: empty response\n");
+ return RESP_BAD;
+ }
if (*arg == '*') {
arg = next_arg(&cmd);
if (!arg) {
offsetof(struct imap_cmd, next));
if (cmdp->cb.data) {
n = socket_write(&imap->buf.sock, cmdp->cb.data, cmdp->cb.dlen);
- free(cmdp->cb.data);
- cmdp->cb.data = NULL;
+ FREE_AND_NULL(cmdp->cb.data);
if (n != (int)cmdp->cb.dlen)
return RESP_BAD;
} else if (cmdp->cb.cont) {
if (cmdp->cb.cont || cmdp->cb.data)
imap->literal_pending = 0;
arg = next_arg(&cmd);
+ if (!arg)
+ arg = "";
if (!strcmp("OK", arg))
resp = DRV_OK;
else {
return b < 10 ? '0' + b : 'a' + (b - 10);
}
-#define ENCODED_SIZE(n) (4*((n+2)/3))
+#define ENCODED_SIZE(n) (4 * DIV_ROUND_UP((n), 3))
static char *cram(const char *challenge_64, const char *user, const char *pass)
{
int i, resp_len, encoded_len, decoded_len;
- HMAC_CTX hmac;
unsigned char hash[16];
char hex[33];
char *response, *response_64, *challenge;
(unsigned char *)challenge_64, encoded_len);
if (decoded_len < 0)
die("invalid challenge %s", challenge_64);
- HMAC_Init(&hmac, (unsigned char *)pass, strlen(pass), EVP_md5());
- HMAC_Update(&hmac, (unsigned char *)challenge, decoded_len);
- HMAC_Final(&hmac, hash, NULL);
- HMAC_CTX_cleanup(&hmac);
+ if (!HMAC(EVP_md5(), pass, strlen(pass), (unsigned char *)challenge, decoded_len, hash, NULL))
+ die("HMAC error");
hex[32] = 0;
for (i = 0; i < 16; i++) {
/* response: "<user> <digest in hex>" */
response = xstrfmt("%s %s", user, hex);
- resp_len = strlen(response) + 1;
+ resp_len = strlen(response);
response_64 = xmallocz(ENCODED_SIZE(resp_len));
encoded_len = EVP_EncodeBlock((unsigned char *)response_64,
return 0;
}
+static void server_fill_credential(struct imap_server_conf *srvc, struct credential *cred)
+{
+ if (srvc->user && srvc->pass)
+ return;
+
+ cred->protocol = xstrdup(srvc->use_ssl ? "imaps" : "imap");
+ cred->host = xstrdup(srvc->host);
+
+ cred->username = xstrdup_or_null(srvc->user);
+ cred->password = xstrdup_or_null(srvc->pass);
+
+ credential_fill(cred);
+
+ if (!srvc->user)
+ srvc->user = xstrdup(cred->username);
+ if (!srvc->pass)
+ srvc->pass = xstrdup(cred->password);
+}
+
static struct imap_store *imap_open_store(struct imap_server_conf *srvc, char *folder)
{
struct credential cred = CREDENTIAL_INIT;
int gai;
char portstr[6];
- snprintf(portstr, sizeof(portstr), "%d", srvc->port);
+ xsnprintf(portstr, sizeof(portstr), "%d", srvc->port);
memset(&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_STREAM;
}
#endif
imap_info("Logging in...\n");
- if (!srvc->user || !srvc->pass) {
- cred.protocol = xstrdup(srvc->use_ssl ? "imaps" : "imap");
- cred.host = xstrdup(srvc->host);
-
- if (srvc->user)
- cred.username = xstrdup(srvc->user);
- if (srvc->pass)
- cred.password = xstrdup(srvc->pass);
-
- credential_fill(&cred);
-
- if (!srvc->user)
- srvc->user = xstrdup(cred.username);
- if (!srvc->pass)
- srvc->pass = xstrdup(cred.password);
- }
-
- if (CAP(NOLOGIN)) {
- fprintf(stderr, "Skipping account %s@%s, server forbids LOGIN\n", srvc->user, srvc->host);
- goto bail;
- }
+ server_fill_credential(srvc, &cred);
if (srvc->auth_method) {
struct imap_cmd_cb cb;
goto bail;
}
} else {
+ if (CAP(NOLOGIN)) {
+ fprintf(stderr, "Skipping account %s@%s, server forbids LOGIN\n",
+ srvc->user, srvc->host);
+ goto bail;
+ }
if (!imap->buf.sock.ssl)
imap_warn("*** IMAP Warning *** Password is being "
"sent in the clear\n");
}
#ifdef USE_CURL_FOR_IMAP_SEND
-static CURL *setup_curl(struct imap_server_conf *srvc)
+static CURL *setup_curl(struct imap_server_conf *srvc, struct credential *cred)
{
CURL *curl;
struct strbuf path = STRBUF_INIT;
if (!curl)
die("curl_easy_init failed");
+ server_fill_credential(&server, cred);
curl_easy_setopt(curl, CURLOPT_USERNAME, server.user);
curl_easy_setopt(curl, CURLOPT_PASSWORD, server.pass);
+ strbuf_addstr(&path, server.use_ssl ? "imaps://" : "imap://");
strbuf_addstr(&path, server.host);
if (!path.len || path.buf[path.len - 1] != '/')
strbuf_addch(&path, '/');
if (0 < verbosity || getenv("GIT_CURL_VERBOSE"))
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+ setup_curl_trace(curl);
return curl;
}
struct buffer msgbuf = { STRBUF_INIT, 0 };
CURL *curl;
CURLcode res = CURLE_OK;
+ struct credential cred = CREDENTIAL_INIT;
- curl = setup_curl(server);
+ curl = setup_curl(server, &cred);
curl_easy_setopt(curl, CURLOPT_READDATA, &msgbuf);
fprintf(stderr, "sending %d message%s\n", total, (total != 1) ? "s" : "");
curl_easy_cleanup(curl);
curl_global_cleanup();
- return 0;
+ if (cred.username) {
+ if (res == CURLE_OK)
+ credential_approve(&cred);
+#if LIBCURL_VERSION_NUM >= 0x070d01
+ else if (res == CURLE_LOGIN_DENIED)
+#else
+ else
+#endif
+ credential_reject(&cred);
+ }
+
+ credential_clear(&cred);
+
+ return res != CURLE_OK;
}
#endif
-int main(int argc, char **argv)
+int cmd_main(int argc, const char **argv)
{
struct strbuf all_msgs = STRBUF_INIT;
int total;
int nongit_ok;
- git_extract_argv0_path(argv[0]);
-
- git_setup_gettext();
-
setup_git_directory_gently(&nongit_ok);
git_imap_config();