|
|
|
@ -27,6 +27,9 @@
@@ -27,6 +27,9 @@
|
|
|
|
|
#include "run-command.h" |
|
|
|
|
#ifdef NO_OPENSSL |
|
|
|
|
typedef void *SSL; |
|
|
|
|
#else |
|
|
|
|
#include <openssl/evp.h> |
|
|
|
|
#include <openssl/hmac.h> |
|
|
|
|
#endif |
|
|
|
|
|
|
|
|
|
struct store_conf { |
|
|
|
@ -139,6 +142,20 @@ struct imap_server_conf {
@@ -139,6 +142,20 @@ struct imap_server_conf {
|
|
|
|
|
int use_ssl; |
|
|
|
|
int ssl_verify; |
|
|
|
|
int use_html; |
|
|
|
|
char *auth_method; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
static struct imap_server_conf server = { |
|
|
|
|
NULL, /* name */ |
|
|
|
|
NULL, /* tunnel */ |
|
|
|
|
NULL, /* host */ |
|
|
|
|
0, /* port */ |
|
|
|
|
NULL, /* user */ |
|
|
|
|
NULL, /* pass */ |
|
|
|
|
0, /* use_ssl */ |
|
|
|
|
1, /* ssl_verify */ |
|
|
|
|
0, /* use_html */ |
|
|
|
|
NULL, /* auth_method */ |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
struct imap_store_conf { |
|
|
|
@ -213,6 +230,7 @@ enum CAPABILITY {
@@ -213,6 +230,7 @@ enum CAPABILITY {
|
|
|
|
|
LITERALPLUS, |
|
|
|
|
NAMESPACE, |
|
|
|
|
STARTTLS, |
|
|
|
|
AUTH_CRAM_MD5, |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
static const char *cap_list[] = { |
|
|
|
@ -221,6 +239,7 @@ static const char *cap_list[] = {
@@ -221,6 +239,7 @@ static const char *cap_list[] = {
|
|
|
|
|
"LITERAL+", |
|
|
|
|
"NAMESPACE", |
|
|
|
|
"STARTTLS", |
|
|
|
|
"AUTH=CRAM-MD5", |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
#define RESP_OK 0 |
|
|
|
@ -948,6 +967,87 @@ static void imap_close_store(struct store *ctx)
@@ -948,6 +967,87 @@ static void imap_close_store(struct store *ctx)
|
|
|
|
|
free(ctx); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
#ifndef NO_OPENSSL |
|
|
|
|
|
|
|
|
|
/* |
|
|
|
|
* hexchar() and cram() functions are based on the code from the isync |
|
|
|
|
* project (http://isync.sf.net/). |
|
|
|
|
*/ |
|
|
|
|
static char hexchar(unsigned int b) |
|
|
|
|
{ |
|
|
|
|
return b < 10 ? '0' + b : 'a' + (b - 10); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
#define ENCODED_SIZE(n) (4*((n+2)/3)) |
|
|
|
|
static char *cram(const char *challenge_64, const char *user, const char *pass) |
|
|
|
|
{ |
|
|
|
|
int i, resp_len, encoded_len, decoded_len; |
|
|
|
|
HMAC_CTX hmac; |
|
|
|
|
unsigned char hash[16]; |
|
|
|
|
char hex[33]; |
|
|
|
|
char *response, *response_64, *challenge; |
|
|
|
|
|
|
|
|
|
/* |
|
|
|
|
* length of challenge_64 (i.e. base-64 encoded string) is a good |
|
|
|
|
* enough upper bound for challenge (decoded result). |
|
|
|
|
*/ |
|
|
|
|
encoded_len = strlen(challenge_64); |
|
|
|
|
challenge = xmalloc(encoded_len); |
|
|
|
|
decoded_len = EVP_DecodeBlock((unsigned char *)challenge, |
|
|
|
|
(unsigned char *)challenge_64, encoded_len); |
|
|
|
|
if (decoded_len < 0) |
|
|
|
|
die("invalid challenge %s", challenge_64); |
|
|
|
|
HMAC_Init(&hmac, (unsigned char *)pass, strlen(pass), EVP_md5()); |
|
|
|
|
HMAC_Update(&hmac, (unsigned char *)challenge, decoded_len); |
|
|
|
|
HMAC_Final(&hmac, hash, NULL); |
|
|
|
|
HMAC_CTX_cleanup(&hmac); |
|
|
|
|
|
|
|
|
|
hex[32] = 0; |
|
|
|
|
for (i = 0; i < 16; i++) { |
|
|
|
|
hex[2 * i] = hexchar((hash[i] >> 4) & 0xf); |
|
|
|
|
hex[2 * i + 1] = hexchar(hash[i] & 0xf); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/* response: "<user> <digest in hex>" */ |
|
|
|
|
resp_len = strlen(user) + 1 + strlen(hex) + 1; |
|
|
|
|
response = xmalloc(resp_len); |
|
|
|
|
sprintf(response, "%s %s", user, hex); |
|
|
|
|
|
|
|
|
|
response_64 = xmalloc(ENCODED_SIZE(resp_len) + 1); |
|
|
|
|
encoded_len = EVP_EncodeBlock((unsigned char *)response_64, |
|
|
|
|
(unsigned char *)response, resp_len); |
|
|
|
|
if (encoded_len < 0) |
|
|
|
|
die("EVP_EncodeBlock error"); |
|
|
|
|
response_64[encoded_len] = '\0'; |
|
|
|
|
return (char *)response_64; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
#else |
|
|
|
|
|
|
|
|
|
static char *cram(const char *challenge_64, const char *user, const char *pass) |
|
|
|
|
{ |
|
|
|
|
die("If you want to use CRAM-MD5 authenticate method, " |
|
|
|
|
"you have to build git-imap-send with OpenSSL library."); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
#endif |
|
|
|
|
|
|
|
|
|
static int auth_cram_md5(struct imap_store *ctx, struct imap_cmd *cmd, const char *prompt) |
|
|
|
|
{ |
|
|
|
|
int ret; |
|
|
|
|
char *response; |
|
|
|
|
|
|
|
|
|
response = cram(prompt, server.user, server.pass); |
|
|
|
|
|
|
|
|
|
ret = socket_write(&ctx->imap->buf.sock, response, strlen(response)); |
|
|
|
|
if (ret != strlen(response)) |
|
|
|
|
return error("IMAP error: sending response failed\n"); |
|
|
|
|
|
|
|
|
|
free(response); |
|
|
|
|
|
|
|
|
|
return 0; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
static struct store *imap_open_store(struct imap_server_conf *srvc) |
|
|
|
|
{ |
|
|
|
|
struct imap_store *ctx; |
|
|
|
@ -1129,9 +1229,34 @@ static struct store *imap_open_store(struct imap_server_conf *srvc)
@@ -1129,9 +1229,34 @@ static struct store *imap_open_store(struct imap_server_conf *srvc)
|
|
|
|
|
if (!imap->buf.sock.ssl) |
|
|
|
|
imap_warn("*** IMAP Warning *** Password is being " |
|
|
|
|
"sent in the clear\n"); |
|
|
|
|
if (imap_exec(ctx, NULL, "LOGIN \"%s\" \"%s\"", srvc->user, srvc->pass) != RESP_OK) { |
|
|
|
|
fprintf(stderr, "IMAP error: LOGIN failed\n"); |
|
|
|
|
goto bail; |
|
|
|
|
|
|
|
|
|
if (srvc->auth_method) { |
|
|
|
|
struct imap_cmd_cb cb; |
|
|
|
|
|
|
|
|
|
if (!strcmp(srvc->auth_method, "CRAM-MD5")) { |
|
|
|
|
if (!CAP(AUTH_CRAM_MD5)) { |
|
|
|
|
fprintf(stderr, "You specified" |
|
|
|
|
"CRAM-MD5 as authentication method, " |
|
|
|
|
"but %s doesn't support it.\n", srvc->host); |
|
|
|
|
goto bail; |
|
|
|
|
} |
|
|
|
|
/* CRAM-MD5 */ |
|
|
|
|
|
|
|
|
|
memset(&cb, 0, sizeof(cb)); |
|
|
|
|
cb.cont = auth_cram_md5; |
|
|
|
|
if (imap_exec(ctx, &cb, "AUTHENTICATE CRAM-MD5") != RESP_OK) { |
|
|
|
|
fprintf(stderr, "IMAP error: AUTHENTICATE CRAM-MD5 failed\n"); |
|
|
|
|
goto bail; |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
fprintf(stderr, "Unknown authentication method:%s\n", srvc->host); |
|
|
|
|
goto bail; |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
if (imap_exec(ctx, NULL, "LOGIN \"%s\" \"%s\"", srvc->user, srvc->pass) != RESP_OK) { |
|
|
|
|
fprintf(stderr, "IMAP error: LOGIN failed\n"); |
|
|
|
|
goto bail; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} /* !preauth */ |
|
|
|
|
|
|
|
|
@ -1348,18 +1473,6 @@ static int split_msg(struct msg_data *all_msgs, struct msg_data *msg, int *ofs)
@@ -1348,18 +1473,6 @@ static int split_msg(struct msg_data *all_msgs, struct msg_data *msg, int *ofs)
|
|
|
|
|
return 1; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
static struct imap_server_conf server = { |
|
|
|
|
NULL, /* name */ |
|
|
|
|
NULL, /* tunnel */ |
|
|
|
|
NULL, /* host */ |
|
|
|
|
0, /* port */ |
|
|
|
|
NULL, /* user */ |
|
|
|
|
NULL, /* pass */ |
|
|
|
|
0, /* use_ssl */ |
|
|
|
|
1, /* ssl_verify */ |
|
|
|
|
0, /* use_html */ |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
static char *imap_folder; |
|
|
|
|
|
|
|
|
|
static int git_imap_config(const char *key, const char *val, void *cb) |
|
|
|
@ -1399,6 +1512,9 @@ static int git_imap_config(const char *key, const char *val, void *cb)
@@ -1399,6 +1512,9 @@ static int git_imap_config(const char *key, const char *val, void *cb)
|
|
|
|
|
server.port = git_config_int(key, val); |
|
|
|
|
else if (!strcmp("tunnel", key)) |
|
|
|
|
server.tunnel = xstrdup(val); |
|
|
|
|
else if (!strcmp("authmethod", key)) |
|
|
|
|
server.auth_method = xstrdup(val); |
|
|
|
|
|
|
|
|
|
return 0; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|