1/*
2 * Copyright (c) 2004 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include <popper.h>
35#ifdef SASL
36#include <base64.h>
37#include <pop_auth.h>
38RCSID("$Id$");
39
40/*
41 *  auth: RFC1734
42 */
43
44static char *
45getline(POP *p)
46{
47    char *buf = NULL;
48    size_t size = 1024;
49    buf = malloc(size);
50    if(buf == NULL)
51	return NULL;
52    *buf = '\0';
53    while(fgets(buf + strlen(buf), size - strlen(buf), p->input) != NULL) {
54	char *p;
55	if((p = strchr(buf, '\n')) != NULL) {
56	    while(p > buf && p[-1] == '\r')
57		p--;
58	    *p = '\0';
59	    return buf;
60	}
61	/* just assume we ran out of buffer space, we'll catch eof
62           next round */
63	size += 1024;
64	p = realloc(buf, size);
65	if(p == NULL)
66	    break;
67	buf = p;
68    }
69    free(buf);
70    return NULL;
71}
72
73static char auth_msg[128];
74void
75pop_auth_set_error(const char *message)
76{
77    strlcpy(auth_msg, message, sizeof(auth_msg));
78}
79
80static struct auth_mech *methods[] = {
81#ifdef KRB5
82    &gssapi_mech,
83#endif
84    NULL
85};
86
87static int
88auth_execute(POP *p, struct auth_mech *m, void *state, const char *line)
89{
90    void *input, *output;
91    size_t input_length, output_length;
92    int status;
93
94    if(line == NULL) {
95	input = NULL;
96	input_length = 0;
97    } else {
98	input = strdup(line);
99	if(input == NULL) {
100	    pop_auth_set_error("out of memory");
101	    return POP_AUTH_FAILURE;
102	}
103	input_length = base64_decode(line, input);
104	if(input_length == (size_t)-1) {
105	    pop_auth_set_error("base64 decode error");
106	    return POP_AUTH_FAILURE;
107	}
108    }
109    output = NULL; output_length = 0;
110    status = (*m->loop)(p, state, input, input_length, &output, &output_length);
111    if(output_length > 0) {
112	char *s;
113	base64_encode(output, output_length, &s);
114	fprintf(p->output, "+ %s\r\n", s);
115	fflush(p->output);
116	free(output);
117	free(s);
118    }
119    return status;
120}
121
122static int
123auth_loop(POP *p, struct auth_mech *m)
124{
125    int status;
126    void *state = NULL;
127    char *line;
128
129    status = (*m->init)(p, &state);
130
131    status = auth_execute(p, m, state, p->pop_parm[2]);
132
133    while(status == POP_AUTH_CONTINUE) {
134	line = getline(p);
135	if(line == NULL) {
136	    (*m->cleanup)(p, state);
137	    return pop_msg(p, POP_FAILURE, "error reading data");
138	}
139	if(strcmp(line, "*") == 0) {
140	    (*m->cleanup)(p, state);
141	    return pop_msg(p, POP_FAILURE, "terminated by client");
142	}
143	status = auth_execute(p, m, state, line);
144	free(line);
145    }
146
147
148    (*m->cleanup)(p, state);
149    if(status == POP_AUTH_FAILURE)
150	return pop_msg(p, POP_FAILURE, "%s", auth_msg);
151
152    status = login_user(p);
153    if(status != POP_SUCCESS)
154	return status;
155    return pop_msg(p, POP_SUCCESS, "authentication complete");
156}
157
158int
159pop_auth (POP *p)
160{
161    int i;
162
163    for (i = 0; methods[i] != NULL; ++i)
164	if (strcasecmp(p->pop_parm[1], methods[i]->name) == 0)
165	    return auth_loop(p, methods[i]);
166    return pop_msg(p, POP_FAILURE,
167		   "Authentication method %s unknown", p->pop_parm[1]);
168}
169
170void
171pop_capa_sasl(POP *p)
172{
173    int i;
174
175    if(methods[0] == NULL)
176	return;
177
178    fprintf(p->output, "SASL");
179    for (i = 0; methods[i] != NULL; ++i)
180	fprintf(p->output, " %s", methods[i]->name);
181    fprintf(p->output, "\r\n");
182}
183#endif
184