summaryrefslogtreecommitdiffstats
path: root/src/pop3-login
diff options
context:
space:
mode:
Diffstat (limited to 'src/pop3-login')
-rw-r--r--src/pop3-login/Makefile.am34
-rw-r--r--src/pop3-login/Makefile.in830
-rw-r--r--src/pop3-login/client-authenticate.c247
-rw-r--r--src/pop3-login/client-authenticate.h15
-rw-r--r--src/pop3-login/client.c395
-rw-r--r--src/pop3-login/client.h40
-rw-r--r--src/pop3-login/pop3-login-settings.c75
-rw-r--r--src/pop3-login/pop3-login-settings.h6
-rw-r--r--src/pop3-login/pop3-proxy.c320
-rw-r--r--src/pop3-login/pop3-proxy.h12
10 files changed, 1974 insertions, 0 deletions
diff --git a/src/pop3-login/Makefile.am b/src/pop3-login/Makefile.am
new file mode 100644
index 0000000..0cba57c
--- /dev/null
+++ b/src/pop3-login/Makefile.am
@@ -0,0 +1,34 @@
+pkglibexecdir = $(libexecdir)/dovecot
+
+pkglibexec_PROGRAMS = pop3-login
+
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/lib \
+ -I$(top_srcdir)/src/lib-settings \
+ -I$(top_srcdir)/src/lib-auth \
+ -I$(top_srcdir)/src/lib-sasl \
+ -I$(top_srcdir)/src/lib-master \
+ -I$(top_srcdir)/src/login-common \
+ $(BINARY_CFLAGS)
+
+pop3_login_LDADD = \
+ $(LIBDOVECOT_LOGIN) \
+ $(LIBDOVECOT) \
+ $(SSL_LIBS) \
+ $(BINARY_LDFLAGS)
+
+pop3_login_DEPENDENCIES = \
+ $(LIBDOVECOT_LOGIN) \
+ $(LIBDOVECOT_DEPS)
+
+pop3_login_SOURCES = \
+ client.c \
+ client-authenticate.c \
+ pop3-login-settings.c \
+ pop3-proxy.c
+
+noinst_HEADERS = \
+ client.h \
+ client-authenticate.h \
+ pop3-login-settings.h \
+ pop3-proxy.h
diff --git a/src/pop3-login/Makefile.in b/src/pop3-login/Makefile.in
new file mode 100644
index 0000000..8ecc998
--- /dev/null
+++ b/src/pop3-login/Makefile.in
@@ -0,0 +1,830 @@
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+pkglibexec_PROGRAMS = pop3-login$(EXEEXT)
+subdir = src/pop3-login
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/ac_checktype2.m4 \
+ $(top_srcdir)/m4/ac_typeof.m4 $(top_srcdir)/m4/arc4random.m4 \
+ $(top_srcdir)/m4/blockdev.m4 $(top_srcdir)/m4/c99_vsnprintf.m4 \
+ $(top_srcdir)/m4/clock_gettime.m4 $(top_srcdir)/m4/crypt.m4 \
+ $(top_srcdir)/m4/crypt_xpg6.m4 $(top_srcdir)/m4/dbqlk.m4 \
+ $(top_srcdir)/m4/dirent_dtype.m4 $(top_srcdir)/m4/dovecot.m4 \
+ $(top_srcdir)/m4/fd_passing.m4 $(top_srcdir)/m4/fdatasync.m4 \
+ $(top_srcdir)/m4/flexible_array_member.m4 \
+ $(top_srcdir)/m4/glibc.m4 $(top_srcdir)/m4/gmtime_max.m4 \
+ $(top_srcdir)/m4/gmtime_tm_gmtoff.m4 \
+ $(top_srcdir)/m4/ioloop.m4 $(top_srcdir)/m4/iovec.m4 \
+ $(top_srcdir)/m4/ipv6.m4 $(top_srcdir)/m4/libcap.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/libwrap.m4 \
+ $(top_srcdir)/m4/linux_mremap.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/mmap_write.m4 \
+ $(top_srcdir)/m4/mntctl.m4 $(top_srcdir)/m4/modules.m4 \
+ $(top_srcdir)/m4/notify.m4 $(top_srcdir)/m4/nsl.m4 \
+ $(top_srcdir)/m4/off_t_max.m4 $(top_srcdir)/m4/pkg.m4 \
+ $(top_srcdir)/m4/pr_set_dumpable.m4 \
+ $(top_srcdir)/m4/q_quotactl.m4 $(top_srcdir)/m4/quota.m4 \
+ $(top_srcdir)/m4/random.m4 $(top_srcdir)/m4/rlimit.m4 \
+ $(top_srcdir)/m4/sendfile.m4 $(top_srcdir)/m4/size_t_signed.m4 \
+ $(top_srcdir)/m4/sockpeercred.m4 $(top_srcdir)/m4/sql.m4 \
+ $(top_srcdir)/m4/ssl.m4 $(top_srcdir)/m4/st_tim.m4 \
+ $(top_srcdir)/m4/static_array.m4 $(top_srcdir)/m4/test_with.m4 \
+ $(top_srcdir)/m4/time_t.m4 $(top_srcdir)/m4/typeof.m4 \
+ $(top_srcdir)/m4/typeof_dev_t.m4 \
+ $(top_srcdir)/m4/uoff_t_max.m4 $(top_srcdir)/m4/vararg.m4 \
+ $(top_srcdir)/m4/want_apparmor.m4 \
+ $(top_srcdir)/m4/want_bsdauth.m4 \
+ $(top_srcdir)/m4/want_bzlib.m4 \
+ $(top_srcdir)/m4/want_cassandra.m4 \
+ $(top_srcdir)/m4/want_cdb.m4 \
+ $(top_srcdir)/m4/want_checkpassword.m4 \
+ $(top_srcdir)/m4/want_clucene.m4 $(top_srcdir)/m4/want_db.m4 \
+ $(top_srcdir)/m4/want_gssapi.m4 $(top_srcdir)/m4/want_icu.m4 \
+ $(top_srcdir)/m4/want_ldap.m4 $(top_srcdir)/m4/want_lua.m4 \
+ $(top_srcdir)/m4/want_lz4.m4 $(top_srcdir)/m4/want_lzma.m4 \
+ $(top_srcdir)/m4/want_mysql.m4 $(top_srcdir)/m4/want_pam.m4 \
+ $(top_srcdir)/m4/want_passwd.m4 $(top_srcdir)/m4/want_pgsql.m4 \
+ $(top_srcdir)/m4/want_prefetch.m4 \
+ $(top_srcdir)/m4/want_shadow.m4 \
+ $(top_srcdir)/m4/want_sodium.m4 $(top_srcdir)/m4/want_solr.m4 \
+ $(top_srcdir)/m4/want_sqlite.m4 \
+ $(top_srcdir)/m4/want_stemmer.m4 \
+ $(top_srcdir)/m4/want_systemd.m4 \
+ $(top_srcdir)/m4/want_textcat.m4 \
+ $(top_srcdir)/m4/want_unwind.m4 $(top_srcdir)/m4/want_zlib.m4 \
+ $(top_srcdir)/m4/want_zstd.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(noinst_HEADERS) \
+ $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(pkglibexecdir)"
+PROGRAMS = $(pkglibexec_PROGRAMS)
+am_pop3_login_OBJECTS = client.$(OBJEXT) client-authenticate.$(OBJEXT) \
+ pop3-login-settings.$(OBJEXT) pop3-proxy.$(OBJEXT)
+pop3_login_OBJECTS = $(am_pop3_login_OBJECTS)
+am__DEPENDENCIES_1 =
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/client-authenticate.Po \
+ ./$(DEPDIR)/client.Po ./$(DEPDIR)/pop3-login-settings.Po \
+ ./$(DEPDIR)/pop3-proxy.Po
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(pop3_login_SOURCES)
+DIST_SOURCES = $(pop3_login_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+HEADERS = $(noinst_HEADERS)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+pkglibexecdir = $(libexecdir)/dovecot
+ACLOCAL = @ACLOCAL@
+ACLOCAL_AMFLAGS = @ACLOCAL_AMFLAGS@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+APPARMOR_LIBS = @APPARMOR_LIBS@
+AR = @AR@
+AUTH_CFLAGS = @AUTH_CFLAGS@
+AUTH_LIBS = @AUTH_LIBS@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BINARY_CFLAGS = @BINARY_CFLAGS@
+BINARY_LDFLAGS = @BINARY_LDFLAGS@
+BISON = @BISON@
+CASSANDRA_CFLAGS = @CASSANDRA_CFLAGS@
+CASSANDRA_LIBS = @CASSANDRA_LIBS@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CDB_LIBS = @CDB_LIBS@
+CFLAGS = @CFLAGS@
+CLUCENE_CFLAGS = @CLUCENE_CFLAGS@
+CLUCENE_LIBS = @CLUCENE_LIBS@
+COMPRESS_LIBS = @COMPRESS_LIBS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DICT_LIBS = @DICT_LIBS@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FLEX = @FLEX@
+FUZZER_CPPFLAGS = @FUZZER_CPPFLAGS@
+FUZZER_LDFLAGS = @FUZZER_LDFLAGS@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+KRB5CONFIG = @KRB5CONFIG@
+KRB5_CFLAGS = @KRB5_CFLAGS@
+KRB5_LIBS = @KRB5_LIBS@
+LD = @LD@
+LDAP_LIBS = @LDAP_LIBS@
+LDFLAGS = @LDFLAGS@
+LD_NO_WHOLE_ARCHIVE = @LD_NO_WHOLE_ARCHIVE@
+LD_WHOLE_ARCHIVE = @LD_WHOLE_ARCHIVE@
+LIBCAP = @LIBCAP@
+LIBDOVECOT = @LIBDOVECOT@
+LIBDOVECOT_COMPRESS = @LIBDOVECOT_COMPRESS@
+LIBDOVECOT_DEPS = @LIBDOVECOT_DEPS@
+LIBDOVECOT_DSYNC = @LIBDOVECOT_DSYNC@
+LIBDOVECOT_LA_LIBS = @LIBDOVECOT_LA_LIBS@
+LIBDOVECOT_LDA = @LIBDOVECOT_LDA@
+LIBDOVECOT_LDAP = @LIBDOVECOT_LDAP@
+LIBDOVECOT_LIBFTS = @LIBDOVECOT_LIBFTS@
+LIBDOVECOT_LIBFTS_DEPS = @LIBDOVECOT_LIBFTS_DEPS@
+LIBDOVECOT_LOGIN = @LIBDOVECOT_LOGIN@
+LIBDOVECOT_LUA = @LIBDOVECOT_LUA@
+LIBDOVECOT_LUA_DEPS = @LIBDOVECOT_LUA_DEPS@
+LIBDOVECOT_SQL = @LIBDOVECOT_SQL@
+LIBDOVECOT_STORAGE = @LIBDOVECOT_STORAGE@
+LIBDOVECOT_STORAGE_DEPS = @LIBDOVECOT_STORAGE_DEPS@
+LIBEXTTEXTCAT_CFLAGS = @LIBEXTTEXTCAT_CFLAGS@
+LIBEXTTEXTCAT_LIBS = @LIBEXTTEXTCAT_LIBS@
+LIBICONV = @LIBICONV@
+LIBICU_CFLAGS = @LIBICU_CFLAGS@
+LIBICU_LIBS = @LIBICU_LIBS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBSODIUM_CFLAGS = @LIBSODIUM_CFLAGS@
+LIBSODIUM_LIBS = @LIBSODIUM_LIBS@
+LIBTIRPC_CFLAGS = @LIBTIRPC_CFLAGS@
+LIBTIRPC_LIBS = @LIBTIRPC_LIBS@
+LIBTOOL = @LIBTOOL@
+LIBUNWIND_CFLAGS = @LIBUNWIND_CFLAGS@
+LIBUNWIND_LIBS = @LIBUNWIND_LIBS@
+LIBWRAP_LIBS = @LIBWRAP_LIBS@
+LINKED_STORAGE_LDADD = @LINKED_STORAGE_LDADD@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+LUA_CFLAGS = @LUA_CFLAGS@
+LUA_LIBS = @LUA_LIBS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MODULE_LIBS = @MODULE_LIBS@
+MODULE_SUFFIX = @MODULE_SUFFIX@
+MYSQL_CFLAGS = @MYSQL_CFLAGS@
+MYSQL_CONFIG = @MYSQL_CONFIG@
+MYSQL_LIBS = @MYSQL_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NOPLUGIN_LDFLAGS = @NOPLUGIN_LDFLAGS@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PANDOC = @PANDOC@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PGSQL_CFLAGS = @PGSQL_CFLAGS@
+PGSQL_LIBS = @PGSQL_LIBS@
+PG_CONFIG = @PG_CONFIG@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+QUOTA_LIBS = @QUOTA_LIBS@
+RANLIB = @RANLIB@
+RELRO_LDFLAGS = @RELRO_LDFLAGS@
+RPCGEN = @RPCGEN@
+RUN_TEST = @RUN_TEST@
+SED = @SED@
+SETTING_FILES = @SETTING_FILES@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SQLITE_CFLAGS = @SQLITE_CFLAGS@
+SQLITE_LIBS = @SQLITE_LIBS@
+SQL_CFLAGS = @SQL_CFLAGS@
+SQL_LIBS = @SQL_LIBS@
+SSL_CFLAGS = @SSL_CFLAGS@
+SSL_LIBS = @SSL_LIBS@
+STRIP = @STRIP@
+SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@
+SYSTEMD_LIBS = @SYSTEMD_LIBS@
+VALGRIND = @VALGRIND@
+VERSION = @VERSION@
+ZSTD_CFLAGS = @ZSTD_CFLAGS@
+ZSTD_LIBS = @ZSTD_LIBS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dict_drivers = @dict_drivers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+moduledir = @moduledir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+rundir = @rundir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sql_drivers = @sql_drivers@
+srcdir = @srcdir@
+ssldir = @ssldir@
+statedir = @statedir@
+sysconfdir = @sysconfdir@
+systemdservicetype = @systemdservicetype@
+systemdsystemunitdir = @systemdsystemunitdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/lib \
+ -I$(top_srcdir)/src/lib-settings \
+ -I$(top_srcdir)/src/lib-auth \
+ -I$(top_srcdir)/src/lib-sasl \
+ -I$(top_srcdir)/src/lib-master \
+ -I$(top_srcdir)/src/login-common \
+ $(BINARY_CFLAGS)
+
+pop3_login_LDADD = \
+ $(LIBDOVECOT_LOGIN) \
+ $(LIBDOVECOT) \
+ $(SSL_LIBS) \
+ $(BINARY_LDFLAGS)
+
+pop3_login_DEPENDENCIES = \
+ $(LIBDOVECOT_LOGIN) \
+ $(LIBDOVECOT_DEPS)
+
+pop3_login_SOURCES = \
+ client.c \
+ client-authenticate.c \
+ pop3-login-settings.c \
+ pop3-proxy.c
+
+noinst_HEADERS = \
+ client.h \
+ client-authenticate.h \
+ pop3-login-settings.h \
+ pop3-proxy.h
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/pop3-login/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign src/pop3-login/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-pkglibexecPROGRAMS: $(pkglibexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ @list='$(pkglibexec_PROGRAMS)'; test -n "$(pkglibexecdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(pkglibexecdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(pkglibexecdir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p \
+ || test -f $$p1 \
+ ; then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' \
+ -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(pkglibexecdir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(pkglibexecdir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-pkglibexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(pkglibexec_PROGRAMS)'; test -n "$(pkglibexecdir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' \
+ `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(pkglibexecdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(pkglibexecdir)" && rm -f $$files
+
+clean-pkglibexecPROGRAMS:
+ @list='$(pkglibexec_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+
+pop3-login$(EXEEXT): $(pop3_login_OBJECTS) $(pop3_login_DEPENDENCIES) $(EXTRA_pop3_login_DEPENDENCIES)
+ @rm -f pop3-login$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(pop3_login_OBJECTS) $(pop3_login_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client-authenticate.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pop3-login-settings.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pop3-proxy.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS) $(HEADERS)
+installdirs:
+ for dir in "$(DESTDIR)$(pkglibexecdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-pkglibexecPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -f ./$(DEPDIR)/client-authenticate.Po
+ -rm -f ./$(DEPDIR)/client.Po
+ -rm -f ./$(DEPDIR)/pop3-login-settings.Po
+ -rm -f ./$(DEPDIR)/pop3-proxy.Po
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-pkglibexecPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f ./$(DEPDIR)/client-authenticate.Po
+ -rm -f ./$(DEPDIR)/client.Po
+ -rm -f ./$(DEPDIR)/pop3-login-settings.Po
+ -rm -f ./$(DEPDIR)/pop3-proxy.Po
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pkglibexecPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
+ clean-generic clean-libtool clean-pkglibexecPROGRAMS \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-pkglibexecPROGRAMS install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am uninstall-pkglibexecPROGRAMS
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/pop3-login/client-authenticate.c b/src/pop3-login/client-authenticate.c
new file mode 100644
index 0000000..e215833
--- /dev/null
+++ b/src/pop3-login/client-authenticate.c
@@ -0,0 +1,247 @@
+/* Copyright (c) 2002-2018 Dovecot authors, see the included COPYING file */
+
+#include "login-common.h"
+#include "base64.h"
+#include "buffer.h"
+#include "hex-binary.h"
+#include "ioloop.h"
+#include "istream.h"
+#include "ostream.h"
+#include "safe-memset.h"
+#include "str.h"
+#include "str-sanitize.h"
+#include "auth-client.h"
+#include "../pop3/pop3-capability.h"
+#include "client.h"
+#include "client-authenticate.h"
+#include "pop3-proxy.h"
+
+
+static const char *capability_string = POP3_CAPABILITY_REPLY;
+
+bool cmd_capa(struct pop3_client *client, const char *args ATTR_UNUSED)
+{
+ const struct auth_mech_desc *mech;
+ unsigned int i, count;
+ string_t *str;
+
+ str = t_str_new(128);
+ str_append(str, "+OK\r\n");
+ str_append(str, capability_string);
+
+ if (client_is_tls_enabled(&client->common) && !client->common.tls)
+ str_append(str, "STLS\r\n");
+ if (!client->common.set->disable_plaintext_auth ||
+ client->common.secured)
+ str_append(str, "USER\r\n");
+
+ str_append(str, "SASL");
+ mech = sasl_server_get_advertised_mechs(&client->common, &count);
+ for (i = 0; i < count; i++) {
+ str_append_c(str, ' ');
+ str_append(str, mech[i].name);
+ }
+ str_append(str, "\r\n.\r\n");
+
+ client_send_raw(&client->common, str_c(str));
+ return TRUE;
+}
+
+void pop3_client_auth_result(struct client *client,
+ enum client_auth_result result,
+ const struct client_auth_reply *reply ATTR_UNUSED,
+ const char *text)
+{
+ switch (result) {
+ case CLIENT_AUTH_RESULT_SUCCESS:
+ /* nothing to be done for POP3 */
+ break;
+ case CLIENT_AUTH_RESULT_TEMPFAIL:
+ client_send_reply(client, POP3_CMD_REPLY_TEMPFAIL, text);
+ break;
+ case CLIENT_AUTH_RESULT_AUTHFAILED:
+ case CLIENT_AUTH_RESULT_AUTHFAILED_REASON:
+ case CLIENT_AUTH_RESULT_AUTHZFAILED:
+ case CLIENT_AUTH_RESULT_PASS_EXPIRED:
+ case CLIENT_AUTH_RESULT_SSL_REQUIRED:
+ case CLIENT_AUTH_RESULT_LOGIN_DISABLED:
+ case CLIENT_AUTH_RESULT_MECH_INVALID:
+ case CLIENT_AUTH_RESULT_MECH_SSL_REQUIRED:
+ case CLIENT_AUTH_RESULT_INVALID_BASE64:
+ client_send_reply(client, POP3_CMD_REPLY_AUTH_ERROR, text);
+ break;
+ default:
+ client_send_reply(client, POP3_CMD_REPLY_ERROR, text);
+ break;
+ }
+}
+
+int cmd_auth(struct pop3_client *pop3_client)
+{
+ /* NOTE: This command's input is handled specially because the
+ SASL-IR can be large. */
+ struct client *client = &pop3_client->common;
+ const unsigned char *data;
+ size_t i, size;
+ int ret;
+
+ /* <auth mechanism name> [<initial SASL response>] */
+ if (!pop3_client->auth_mech_name_parsed) {
+ data = i_stream_get_data(client->input, &size);
+ for (i = 0; i < size; i++) {
+ if (data[i] == ' ' ||
+ data[i] == '\r' || data[i] == '\n')
+ break;
+ }
+ if (i == size)
+ return 0;
+ if (i == 0) {
+ /* Old-style SASL discovery, used by MS Outlook */
+ unsigned int i, count;
+ const struct auth_mech_desc *mech;
+
+ client_send_raw(client, "+OK\r\n");
+ mech = sasl_server_get_advertised_mechs(client, &count);
+ for (i = 0; i < count; i++) {
+ client_send_raw(client, mech[i].name);
+ client_send_raw(client, "\r\n");
+ }
+ client_send_raw(client, ".\r\n");
+ (void)i_stream_read_next_line(client->input);
+ return 1;
+ }
+ i_free(client->auth_mech_name);
+ client->auth_mech_name = i_strndup(data, i);
+ pop3_client->auth_mech_name_parsed = TRUE;
+ if (data[i] == ' ')
+ i++;
+ i_stream_skip(client->input, i);
+ }
+
+ /* get SASL-IR, if any */
+ if ((ret = client_auth_read_line(client)) <= 0)
+ return ret;
+
+ const char *ir = NULL;
+ if (client->auth_response->used > 0)
+ ir = t_strdup(str_c(client->auth_response));
+
+ pop3_client->auth_mech_name_parsed = FALSE;
+ /* The whole AUTH line command is parsed now. The rest of the SASL
+ protocol exchange happens in login-common code. We can free the
+ current command here already, because no pop3-login code is called
+ until the authentication is finished. Also, there's currently no
+ single location that is called in pop3-login code after the
+ authentication is finished. For example it could be an auth failure
+ or it could be a successful authentication with a proxying
+ failure. */
+ i_free(pop3_client->current_cmd);
+ return client_auth_begin(client, t_strdup(client->auth_mech_name), ir);
+}
+
+bool cmd_user(struct pop3_client *pop3_client, const char *args)
+{
+ if (!client_check_plaintext_auth(&pop3_client->common, FALSE)) {
+ if (pop3_client->common.virtual_user == NULL)
+ pop3_client->common.virtual_user = i_strdup(args);
+ return TRUE;
+ }
+
+ i_free(pop3_client->last_user);
+ pop3_client->last_user = i_strdup(args);
+
+ client_send_raw(&pop3_client->common, "+OK\r\n");
+ return TRUE;
+}
+
+bool cmd_pass(struct pop3_client *pop3_client, const char *args)
+{
+ struct client *client = &pop3_client->common;
+ string_t *plain_login, *base64;
+
+ if (pop3_client->last_user == NULL) {
+ /* client may ignore the USER reply and only display the error
+ message from PASS */
+ if (!client_check_plaintext_auth(client, TRUE))
+ return TRUE;
+
+ client_send_reply(client, POP3_CMD_REPLY_ERROR,
+ "No username given.");
+ return TRUE;
+ }
+
+ /* authorization ID \0 authentication ID \0 pass */
+ plain_login = t_str_new(128);
+ str_append_c(plain_login, '\0');
+ str_append(plain_login, pop3_client->last_user);
+ str_append_c(plain_login, '\0');
+ str_append(plain_login, args);
+
+ i_free_and_null(pop3_client->last_user);
+
+ base64 = t_buffer_create(MAX_BASE64_ENCODED_SIZE(plain_login->used));
+ base64_encode(plain_login->data, plain_login->used, base64);
+
+ (void)client_auth_begin(client, "PLAIN", str_c(base64));
+ return TRUE;
+}
+
+bool cmd_apop(struct pop3_client *pop3_client, const char *args)
+{
+ struct client *client = &pop3_client->common;
+ buffer_t *apop_data, *base64;
+ const char *p;
+ unsigned int server_pid, connect_uid;
+
+ if (pop3_client->apop_challenge == NULL) {
+ if (client->set->auth_verbose)
+ e_info(client->event, "APOP failed: APOP not enabled");
+ client_send_reply(client, POP3_CMD_REPLY_ERROR,
+ "APOP not enabled.");
+ return TRUE;
+ }
+
+ /* <username> <md5 sum in hex> */
+ p = strchr(args, ' ');
+ if (p == NULL || strlen(p+1) != 32) {
+ if (client->set->auth_verbose)
+ e_info(client->event, "APOP failed: Invalid parameters");
+ client_send_reply(client, POP3_CMD_REPLY_ERROR,
+ "Invalid parameters.");
+ return TRUE;
+ }
+
+ /* APOP challenge \0 username \0 APOP response */
+ apop_data = t_buffer_create(128);
+ buffer_append(apop_data, pop3_client->apop_challenge,
+ strlen(pop3_client->apop_challenge)+1);
+ buffer_append(apop_data, args, (size_t)(p-args));
+ buffer_append_c(apop_data, '\0');
+
+ if (hex_to_binary(p+1, apop_data) < 0) {
+ if (client->set->auth_verbose) {
+ e_info(client->event, "APOP failed: "
+ "Invalid characters in MD5 response");
+ }
+ client_send_reply(client, POP3_CMD_REPLY_ERROR,
+ "Invalid characters in MD5 response.");
+ return TRUE;
+ }
+
+ base64 = t_buffer_create(MAX_BASE64_ENCODED_SIZE(apop_data->used));
+ base64_encode(apop_data->data, apop_data->used, base64);
+
+ auth_client_get_connect_id(auth_client, &server_pid, &connect_uid);
+ if (pop3_client->apop_server_pid != server_pid ||
+ pop3_client->apop_connect_uid != connect_uid) {
+ /* we reconnected to auth server and can't authenticate
+ with APOP in this session anymore. disconnecting the user
+ is probably the best solution now. */
+ client_destroy(client,
+ "Reconnected to auth server, can't do APOP");
+ return TRUE;
+ }
+
+ (void)client_auth_begin_private(client, "APOP", str_c(base64));
+ return TRUE;
+}
diff --git a/src/pop3-login/client-authenticate.h b/src/pop3-login/client-authenticate.h
new file mode 100644
index 0000000..f9b6fa6
--- /dev/null
+++ b/src/pop3-login/client-authenticate.h
@@ -0,0 +1,15 @@
+#ifndef CLIENT_AUTHENTICATE_H
+#define CLIENT_AUTHENTICATE_H
+
+void pop3_client_auth_result(struct client *client,
+ enum client_auth_result result,
+ const struct client_auth_reply *reply,
+ const char *text);
+
+bool cmd_capa(struct pop3_client *client, const char *args);
+bool cmd_user(struct pop3_client *client, const char *args);
+bool cmd_pass(struct pop3_client *client, const char *args);
+int cmd_auth(struct pop3_client *client);
+bool cmd_apop(struct pop3_client *client, const char *args);
+
+#endif
diff --git a/src/pop3-login/client.c b/src/pop3-login/client.c
new file mode 100644
index 0000000..d57d284
--- /dev/null
+++ b/src/pop3-login/client.c
@@ -0,0 +1,395 @@
+/* Copyright (c) 2002-2018 Dovecot authors, see the included COPYING file */
+
+#include "login-common.h"
+#include "base64.h"
+#include "buffer.h"
+#include "ioloop.h"
+#include "istream.h"
+#include "ostream.h"
+#include "randgen.h"
+#include "hostpid.h"
+#include "safe-memset.h"
+#include "str.h"
+#include "strescape.h"
+#include "master-service.h"
+#include "client.h"
+#include "client-authenticate.h"
+#include "auth-client.h"
+#include "pop3-proxy.h"
+#include "pop3-login-settings.h"
+
+#include <ctype.h>
+
+/* Disconnect client when it sends too many bad commands */
+#define CLIENT_MAX_BAD_COMMANDS 3
+#define CLIENT_MAX_CMD_LEN 8
+
+static bool cmd_stls(struct pop3_client *client)
+{
+ client_cmd_starttls(&client->common);
+ return TRUE;
+}
+
+static bool cmd_quit(struct pop3_client *client)
+{
+ client_send_reply(&client->common, POP3_CMD_REPLY_OK, "Logging out");
+ client_destroy(&client->common, CLIENT_UNAUTHENTICATED_LOGOUT_MSG);
+ return TRUE;
+}
+
+static bool cmd_xclient(struct pop3_client *client, const char *args)
+{
+ const char *const *tmp;
+ in_port_t remote_port;
+ bool args_ok = TRUE;
+
+ if (!client->common.trusted) {
+ client_send_reply(&client->common, POP3_CMD_REPLY_OK,
+ "You are not from trusted IP - ignoring");
+ return TRUE;
+ }
+ for (tmp = t_strsplit(args, " "); *tmp != NULL; tmp++) {
+ if (strncasecmp(*tmp, "ADDR=", 5) == 0) {
+ if (net_addr2ip(*tmp + 5, &client->common.ip) < 0)
+ args_ok = FALSE;
+ } else if (strncasecmp(*tmp, "PORT=", 5) == 0) {
+ if (net_str2port(*tmp + 5, &remote_port) < 0)
+ args_ok = FALSE;
+ else
+ client->common.remote_port = remote_port;
+ } else if (strncasecmp(*tmp, "SESSION=", 8) == 0) {
+ const char *value = *tmp + 8;
+
+ if (strlen(value) <= LOGIN_MAX_SESSION_ID_LEN) {
+ client->common.session_id =
+ p_strdup(client->common.pool, value);
+ }
+ } else if (strncasecmp(*tmp, "TTL=", 4) == 0) {
+ if (str_to_uint(*tmp + 4, &client->common.proxy_ttl) < 0)
+ args_ok = FALSE;
+ } else if (strncasecmp(*tmp, "FORWARD=", 8) == 0) {
+ size_t value_len = strlen((*tmp)+8);
+ client->common.forward_fields =
+ str_new(client->common.preproxy_pool,
+ MAX_BASE64_DECODED_SIZE(value_len));
+ if (base64_decode((*tmp)+8, value_len, NULL,
+ client->common.forward_fields) < 0)
+ args_ok = FALSE;
+ }
+ }
+ if (!args_ok) {
+ client_send_reply(&client->common, POP3_CMD_REPLY_ERROR,
+ "Invalid parameters");
+ return TRUE;
+ }
+
+ /* args ok, set them and reset the state */
+ client_send_reply(&client->common, POP3_CMD_REPLY_OK, "Updated");
+ return TRUE;
+}
+
+static bool client_command_execute(struct pop3_client *client, const char *cmd,
+ const char *args)
+{
+ if (strcmp(cmd, "CAPA") == 0)
+ return cmd_capa(client, args);
+ if (strcmp(cmd, "USER") == 0)
+ return cmd_user(client, args);
+ if (strcmp(cmd, "PASS") == 0)
+ return cmd_pass(client, args);
+ if (strcmp(cmd, "APOP") == 0)
+ return cmd_apop(client, args);
+ if (strcmp(cmd, "STLS") == 0)
+ return cmd_stls(client);
+ if (strcmp(cmd, "QUIT") == 0)
+ return cmd_quit(client);
+ if (strcmp(cmd, "XCLIENT") == 0)
+ return cmd_xclient(client, args);
+ if (strcmp(cmd, "XOIP") == 0) {
+ /* Compatibility with Zimbra's patched nginx */
+ return cmd_xclient(client, t_strconcat("ADDR=", args, NULL));
+ }
+
+ client_send_reply(&client->common, POP3_CMD_REPLY_ERROR,
+ "Unknown command.");
+ return FALSE;
+}
+
+static void pop3_client_input(struct client *client)
+{
+ i_assert(!client->authenticating);
+
+ if (!client_read(client))
+ return;
+
+ client_ref(client);
+
+ o_stream_cork(client->output);
+ /* if a command starts an authentication, stop processing further
+ commands until the authentication is finished. */
+ while (!client->output->closed && !client->authenticating &&
+ auth_client_is_connected(auth_client)) {
+ if (!client->v.input_next_cmd(client))
+ break;
+ }
+
+ if (auth_client != NULL && !auth_client_is_connected(auth_client))
+ client->input_blocked = TRUE;
+
+ o_stream_uncork(client->output);
+ client_unref(&client);
+}
+
+static bool client_read_cmd_name(struct client *client, const char **cmd_r)
+{
+ const unsigned char *data;
+ size_t size, i;
+ string_t *cmd = t_str_new(CLIENT_MAX_CMD_LEN);
+ if (i_stream_read_more(client->input, &data, &size) <= 0)
+ return FALSE;
+ for(i = 0; i < size; i++) {
+ if (data[i] == '\r') continue;
+ if (data[i] == ' ' ||
+ data[i] == '\n' ||
+ data[i] == '\0' ||
+ i >= CLIENT_MAX_CMD_LEN) {
+ *cmd_r = str_c(cmd);
+ /* only skip ws */
+ i_stream_skip(client->input, i + (data[i] == ' ' ? 1 : 0));
+ return TRUE;
+ }
+ str_append_c(cmd, i_toupper(data[i]));
+ }
+ return FALSE;
+}
+
+static bool pop3_client_input_next_cmd(struct client *client)
+{
+ struct pop3_client *pop3_client = (struct pop3_client *)client;
+ const char *cmd, *args;
+
+ if (pop3_client->current_cmd == NULL) {
+ if (!client_read_cmd_name(client, &cmd))
+ return FALSE;
+ pop3_client->current_cmd = i_strdup(cmd);
+ }
+
+ if (strcmp(pop3_client->current_cmd, "AUTH") == 0) {
+ if (cmd_auth(pop3_client) <= 0) {
+ /* Need more input / destroyed. We also get here when
+ SASL authentication is actually started. */
+ return FALSE;
+ }
+ /* AUTH command finished already (SASL probe or ERR reply) */
+ i_free(pop3_client->current_cmd);
+ return TRUE;
+ }
+
+ if ((args = i_stream_next_line(client->input)) == NULL)
+ return FALSE;
+
+ if (client_command_execute(pop3_client, pop3_client->current_cmd, args))
+ client->bad_counter = 0;
+ else if (++client->bad_counter >= CLIENT_MAX_BAD_COMMANDS) {
+ client_send_reply(client, POP3_CMD_REPLY_ERROR,
+ "Too many invalid bad commands.");
+ client_destroy(client,
+ "Disconnected: Too many bad commands");
+ return FALSE;
+ }
+ i_free(pop3_client->current_cmd);
+ return TRUE;
+}
+
+static struct client *pop3_client_alloc(pool_t pool)
+{
+ struct pop3_client *pop3_client;
+
+ pop3_client = p_new(pool, struct pop3_client, 1);
+ return &pop3_client->common;
+}
+
+static void pop3_client_create(struct client *client ATTR_UNUSED,
+ void **other_sets ATTR_UNUSED)
+{
+}
+
+static void pop3_client_destroy(struct client *client)
+{
+ struct pop3_client *pop3_client = (struct pop3_client *)client;
+
+ i_free_and_null(pop3_client->current_cmd);
+ i_free_and_null(pop3_client->last_user);
+ i_free_and_null(pop3_client->apop_challenge);
+}
+
+static char *get_apop_challenge(struct pop3_client *client)
+{
+ unsigned char buffer[16];
+ unsigned char buffer_base64[MAX_BASE64_ENCODED_SIZE(sizeof(buffer)) + 1];
+ buffer_t buf;
+
+ if (sasl_server_find_available_mech(&client->common, "APOP") == NULL) {
+ /* disabled, no need to present the challenge */
+ return NULL;
+ }
+
+ auth_client_get_connect_id(auth_client, &client->apop_server_pid,
+ &client->apop_connect_uid);
+
+ random_fill(buffer, sizeof(buffer));
+ buffer_create_from_data(&buf, buffer_base64, sizeof(buffer_base64));
+ base64_encode(buffer, sizeof(buffer), &buf);
+ buffer_append_c(&buf, '\0');
+
+ return i_strdup_printf("<%x.%x.%lx.%s@%s>",
+ client->apop_server_pid,
+ client->apop_connect_uid,
+ (unsigned long)ioloop_time,
+ (const char *)buf.data, my_hostname);
+}
+
+static void pop3_client_notify_auth_ready(struct client *client)
+{
+ struct pop3_client *pop3_client = (struct pop3_client *)client;
+ string_t *str;
+
+ client->io = io_add_istream(client->input, client_input, client);
+
+ str = t_str_new(128);
+ if (client->trusted) {
+ /* Dovecot extension to avoid extra roundtrip for CAPA */
+ str_append(str, "[XCLIENT] ");
+ }
+ str_append(str, client->set->login_greeting);
+
+ pop3_client->apop_challenge = get_apop_challenge(pop3_client);
+ if (pop3_client->apop_challenge != NULL)
+ str_printfa(str, " %s", pop3_client->apop_challenge);
+ client_send_reply(client, POP3_CMD_REPLY_OK, str_c(str));
+
+ client->banner_sent = TRUE;
+}
+
+static void
+pop3_client_notify_starttls(struct client *client,
+ bool success, const char *text)
+{
+ if (success)
+ client_send_reply(client, POP3_CMD_REPLY_OK, text);
+ else
+ client_send_reply(client, POP3_CMD_REPLY_ERROR, text);
+}
+
+static void pop3_client_starttls(struct client *client ATTR_UNUSED)
+{
+}
+
+void client_send_reply(struct client *client, enum pop3_cmd_reply reply,
+ const char *text)
+{
+ const char *prefix = "-ERR";
+
+ switch (reply) {
+ case POP3_CMD_REPLY_OK:
+ prefix = "+OK";
+ break;
+ case POP3_CMD_REPLY_TEMPFAIL:
+ prefix = "-ERR [SYS/TEMP]";
+ break;
+ case POP3_CMD_REPLY_AUTH_ERROR:
+ if (text[0] == '[')
+ prefix = "-ERR";
+ else
+ prefix = "-ERR [AUTH]";
+ break;
+ case POP3_CMD_REPLY_ERROR:
+ break;
+ }
+
+ T_BEGIN {
+ string_t *line = t_str_new(256);
+
+ str_append(line, prefix);
+ str_append_c(line, ' ');
+ str_append(line, text);
+ str_append(line, "\r\n");
+
+ client_send_raw_data(client, str_data(line), str_len(line));
+ } T_END;
+}
+
+static void
+pop3_client_notify_disconnect(struct client *client,
+ enum client_disconnect_reason reason,
+ const char *text)
+{
+ if (reason == CLIENT_DISCONNECT_INTERNAL_ERROR)
+ client_send_reply(client, POP3_CMD_REPLY_TEMPFAIL, text);
+ else
+ client_send_reply(client, POP3_CMD_REPLY_ERROR, text);
+}
+
+static void pop3_login_die(void)
+{
+ /* do nothing. pop3 connections typically die pretty quick anyway. */
+}
+
+static void pop3_login_preinit(void)
+{
+ login_set_roots = pop3_login_setting_roots;
+}
+
+static void pop3_login_init(void)
+{
+ /* override the default login_die() */
+ master_service_set_die_callback(master_service, pop3_login_die);
+}
+
+static void pop3_login_deinit(void)
+{
+ clients_destroy_all();
+}
+
+static struct client_vfuncs pop3_client_vfuncs = {
+ .alloc = pop3_client_alloc,
+ .create = pop3_client_create,
+ .destroy = pop3_client_destroy,
+ .notify_auth_ready = pop3_client_notify_auth_ready,
+ .notify_disconnect = pop3_client_notify_disconnect,
+ .notify_starttls = pop3_client_notify_starttls,
+ .starttls = pop3_client_starttls,
+ .input = pop3_client_input,
+ .auth_result = pop3_client_auth_result,
+ .proxy_reset = pop3_proxy_reset,
+ .proxy_parse_line = pop3_proxy_parse_line,
+ .proxy_failed = pop3_proxy_failed,
+ .proxy_get_state = pop3_proxy_get_state,
+ .send_raw_data = client_common_send_raw_data,
+ .input_next_cmd = pop3_client_input_next_cmd,
+ .free = client_common_default_free,
+};
+
+static struct login_binary pop3_login_binary = {
+ .protocol = "pop3",
+ .process_name = "pop3-login",
+ .default_port = 110,
+ .default_ssl_port = 995,
+
+ .event_category = {
+ .name = "pop3",
+ },
+
+ .client_vfuncs = &pop3_client_vfuncs,
+ .preinit = pop3_login_preinit,
+ .init = pop3_login_init,
+ .deinit = pop3_login_deinit,
+
+ .sasl_support_final_reply = FALSE,
+ .anonymous_login_acceptable = TRUE,
+};
+
+int main(int argc, char *argv[])
+{
+ return login_binary_run(&pop3_login_binary, argc, argv);
+}
diff --git a/src/pop3-login/client.h b/src/pop3-login/client.h
new file mode 100644
index 0000000..3823685
--- /dev/null
+++ b/src/pop3-login/client.h
@@ -0,0 +1,40 @@
+#ifndef CLIENT_H
+#define CLIENT_H
+
+#include "net.h"
+#include "client-common.h"
+#include "auth-client.h"
+
+enum pop3_proxy_state {
+ POP3_PROXY_BANNER = 0,
+ POP3_PROXY_STARTTLS,
+ POP3_PROXY_XCLIENT,
+ POP3_PROXY_LOGIN1,
+ POP3_PROXY_LOGIN2,
+
+ POP3_PROXY_STATE_COUNT
+};
+
+struct pop3_client {
+ struct client common;
+
+ char *current_cmd;
+ char *last_user;
+ char *apop_challenge;
+ unsigned int apop_server_pid, apop_connect_uid;
+ enum pop3_proxy_state proxy_state;
+ bool proxy_xclient;
+ bool auth_mech_name_parsed;
+};
+
+enum pop3_cmd_reply {
+ POP3_CMD_REPLY_OK,
+ POP3_CMD_REPLY_ERROR,
+ POP3_CMD_REPLY_AUTH_ERROR,
+ POP3_CMD_REPLY_TEMPFAIL
+};
+
+void client_send_reply(struct client *client, enum pop3_cmd_reply reply,
+ const char *text);
+
+#endif
diff --git a/src/pop3-login/pop3-login-settings.c b/src/pop3-login/pop3-login-settings.c
new file mode 100644
index 0000000..747e51e
--- /dev/null
+++ b/src/pop3-login/pop3-login-settings.c
@@ -0,0 +1,75 @@
+/* Copyright (c) 2005-2018 Dovecot authors, see the included COPYING file */
+
+#include "lib.h"
+#include "buffer.h"
+#include "settings-parser.h"
+#include "service-settings.h"
+#include "login-settings.h"
+#include "pop3-login-settings.h"
+
+#include <stddef.h>
+
+/* <settings checks> */
+static struct inet_listener_settings pop3_login_inet_listeners_array[] = {
+ { .name = "pop3", .address = "", .port = 110 },
+ { .name = "pop3s", .address = "", .port = 995, .ssl = TRUE }
+};
+static struct inet_listener_settings *pop3_login_inet_listeners[] = {
+ &pop3_login_inet_listeners_array[0],
+ &pop3_login_inet_listeners_array[1]
+};
+static buffer_t pop3_login_inet_listeners_buf = {
+ { { pop3_login_inet_listeners, sizeof(pop3_login_inet_listeners) } }
+};
+
+/* </settings checks> */
+struct service_settings pop3_login_service_settings = {
+ .name = "pop3-login",
+ .protocol = "pop3",
+ .type = "login",
+ .executable = "pop3-login",
+ .user = "$default_login_user",
+ .group = "",
+ .privileged_group = "",
+ .extra_groups = "",
+ .chroot = "login",
+
+ .drop_priv_before_exec = FALSE,
+
+ .process_min_avail = 0,
+ .process_limit = 0,
+ .client_limit = 0,
+ .service_count = 1,
+ .idle_kill = 0,
+ .vsz_limit = UOFF_T_MAX,
+
+ .unix_listeners = ARRAY_INIT,
+ .fifo_listeners = ARRAY_INIT,
+ .inet_listeners = { { &pop3_login_inet_listeners_buf,
+ sizeof(pop3_login_inet_listeners[0]) } }
+};
+
+static const struct setting_define pop3_login_setting_defines[] = {
+ SETTING_DEFINE_LIST_END
+};
+
+static const struct setting_parser_info *pop3_login_setting_dependencies[] = {
+ &login_setting_parser_info,
+ NULL
+};
+
+const struct setting_parser_info pop3_login_setting_parser_info = {
+ .module_name = "pop3-login",
+ .defines = pop3_login_setting_defines,
+
+ .type_offset = SIZE_MAX,
+ .parent_offset = SIZE_MAX,
+
+ .dependencies = pop3_login_setting_dependencies
+};
+
+const struct setting_parser_info *pop3_login_setting_roots[] = {
+ &login_setting_parser_info,
+ &pop3_login_setting_parser_info,
+ NULL
+};
diff --git a/src/pop3-login/pop3-login-settings.h b/src/pop3-login/pop3-login-settings.h
new file mode 100644
index 0000000..1c497eb
--- /dev/null
+++ b/src/pop3-login/pop3-login-settings.h
@@ -0,0 +1,6 @@
+#ifndef POP3_LOGIN_SETTINGS_H
+#define POP3_LOGIN_SETTINGS_H
+
+extern const struct setting_parser_info *pop3_login_setting_roots[];
+
+#endif
diff --git a/src/pop3-login/pop3-proxy.c b/src/pop3-login/pop3-proxy.c
new file mode 100644
index 0000000..04ee265
--- /dev/null
+++ b/src/pop3-login/pop3-proxy.c
@@ -0,0 +1,320 @@
+/* Copyright (c) 2004-2018 Dovecot authors, see the included COPYING file */
+
+#include "login-common.h"
+#include "ioloop.h"
+#include "istream.h"
+#include "ostream.h"
+#include "base64.h"
+#include "safe-memset.h"
+#include "str.h"
+#include "str-sanitize.h"
+#include "strescape.h"
+#include "dsasl-client.h"
+#include "client.h"
+#include "pop3-proxy.h"
+
+static const char *pop3_proxy_state_names[POP3_PROXY_STATE_COUNT] = {
+ "banner", "starttls", "xclient", "login1", "login2"
+};
+
+static int proxy_send_login(struct pop3_client *client, struct ostream *output)
+{
+ struct dsasl_client_settings sasl_set;
+ const unsigned char *sasl_output;
+ size_t len;
+ const char *mech_name, *error;
+ string_t *str = t_str_new(128);
+
+ i_assert(client->common.proxy_ttl > 1);
+ if (client->proxy_xclient &&
+ !client->common.proxy_not_trusted) {
+ string_t *fwd = t_str_new(128);
+ for(const char *const *ptr = client->common.auth_passdb_args;*ptr != NULL; ptr++) {
+ if (strncasecmp(*ptr, "forward_", 8) == 0) {
+ if (str_len(fwd) > 0)
+ str_append_c(fwd, '\t');
+ str_append_tabescaped(fwd, (*ptr)+8);
+ }
+ }
+
+ str_printfa(str, "XCLIENT ADDR=%s PORT=%u SESSION=%s TTL=%u",
+ net_ip2addr(&client->common.ip),
+ client->common.remote_port,
+ client_get_session_id(&client->common),
+ client->common.proxy_ttl - 1);
+ if (str_len(fwd) > 0) {
+ str_append(str, " FORWARD=");
+ base64_encode(str_data(fwd), str_len(fwd), str);
+ }
+ str_append(str, "\r\n");
+ /* remote supports XCLIENT, send it */
+ o_stream_nsend(output, str_data(str), str_len(str));
+ client->proxy_state = POP3_PROXY_XCLIENT;
+ } else {
+ client->proxy_state = POP3_PROXY_LOGIN1;
+ }
+
+ str_truncate(str, 0);
+
+ if (client->common.proxy_mech == NULL) {
+ /* send USER command */
+ str_append(str, "USER ");
+ str_append(str, client->common.proxy_user);
+ str_append(str, "\r\n");
+ o_stream_nsend(output, str_data(str), str_len(str));
+ return 0;
+ }
+
+ i_assert(client->common.proxy_sasl_client == NULL);
+ i_zero(&sasl_set);
+ sasl_set.authid = client->common.proxy_master_user != NULL ?
+ client->common.proxy_master_user : client->common.proxy_user;
+ sasl_set.authzid = client->common.proxy_user;
+ sasl_set.password = client->common.proxy_password;
+ client->common.proxy_sasl_client =
+ dsasl_client_new(client->common.proxy_mech, &sasl_set);
+ mech_name = dsasl_client_mech_get_name(client->common.proxy_mech);
+
+ str_printfa(str, "AUTH %s ", mech_name);
+ if (dsasl_client_output(client->common.proxy_sasl_client,
+ &sasl_output, &len, &error) < 0) {
+ const char *reason = t_strdup_printf(
+ "SASL mechanism %s init failed: %s",
+ mech_name, error);
+ login_proxy_failed(client->common.login_proxy,
+ login_proxy_get_event(client->common.login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_INTERNAL, reason);
+ return -1;
+ }
+ if (len == 0)
+ str_append_c(str, '=');
+ else
+ base64_encode(sasl_output, len, str);
+ str_append(str, "\r\n");
+ o_stream_nsend(output, str_data(str), str_len(str));
+
+ if (client->proxy_state != POP3_PROXY_XCLIENT)
+ client->proxy_state = POP3_PROXY_LOGIN2;
+ return 0;
+}
+
+static int
+pop3_proxy_continue_sasl_auth(struct client *client, struct ostream *output,
+ const char *line)
+{
+ string_t *str;
+ const unsigned char *data;
+ size_t data_len;
+ const char *error;
+ int ret;
+
+ str = t_str_new(128);
+ if (base64_decode(line, strlen(line), NULL, str) < 0) {
+ const char *reason = t_strdup_printf(
+ "Invalid base64 data in AUTH response");
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
+ return -1;
+ }
+ ret = dsasl_client_input(client->proxy_sasl_client,
+ str_data(str), str_len(str), &error);
+ if (ret == 0) {
+ ret = dsasl_client_output(client->proxy_sasl_client,
+ &data, &data_len, &error);
+ }
+ if (ret < 0) {
+ const char *reason = t_strdup_printf(
+ "Invalid authentication data: %s", error);
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
+ return -1;
+ }
+ i_assert(ret == 0);
+
+ str_truncate(str, 0);
+ base64_encode(data, data_len, str);
+ str_append(str, "\r\n");
+
+ o_stream_nsend(output, str_data(str), str_len(str));
+ return 0;
+}
+
+int pop3_proxy_parse_line(struct client *client, const char *line)
+{
+ struct pop3_client *pop3_client = (struct pop3_client *)client;
+ struct ostream *output;
+ enum login_proxy_ssl_flags ssl_flags;
+
+ i_assert(!client->destroyed);
+
+ output = login_proxy_get_ostream(client->login_proxy);
+ switch (pop3_client->proxy_state) {
+ case POP3_PROXY_BANNER:
+ /* this is a banner */
+ if (!str_begins(line, "+OK")) {
+ const char *reason = t_strdup_printf(
+ "Invalid banner: %s", str_sanitize(line, 160));
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason);
+ return -1;
+ }
+ pop3_client->proxy_xclient =
+ str_begins(line+3, " [XCLIENT]");
+
+ ssl_flags = login_proxy_get_ssl_flags(client->login_proxy);
+ if ((ssl_flags & PROXY_SSL_FLAG_STARTTLS) == 0) {
+ if (proxy_send_login(pop3_client, output) < 0)
+ return -1;
+ } else {
+ o_stream_nsend_str(output, "STLS\r\n");
+ pop3_client->proxy_state = POP3_PROXY_STARTTLS;
+ }
+ return 0;
+ case POP3_PROXY_STARTTLS:
+ if (!str_begins(line, "+OK")) {
+ const char *reason = t_strdup_printf(
+ "STLS failed: %s", str_sanitize(line, 160));
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_REMOTE, reason);
+ return -1;
+ }
+ if (login_proxy_starttls(client->login_proxy) < 0)
+ return -1;
+ /* i/ostreams changed. */
+ output = login_proxy_get_ostream(client->login_proxy);
+ if (proxy_send_login(pop3_client, output) < 0)
+ return -1;
+ return 1;
+ case POP3_PROXY_XCLIENT:
+ if (!str_begins(line, "+OK")) {
+ const char *reason = t_strdup_printf(
+ "XCLIENT failed: %s", str_sanitize(line, 160));
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ LOGIN_PROXY_FAILURE_TYPE_REMOTE, reason);
+ return -1;
+ }
+ pop3_client->proxy_state = client->proxy_sasl_client == NULL ?
+ POP3_PROXY_LOGIN1 : POP3_PROXY_LOGIN2;
+ return 0;
+ case POP3_PROXY_LOGIN1:
+ i_assert(client->proxy_sasl_client == NULL);
+ if (!str_begins(line, "+OK"))
+ break;
+
+ /* USER successful, send PASS */
+ o_stream_nsend_str(output, t_strdup_printf(
+ "PASS %s\r\n", client->proxy_password));
+ pop3_client->proxy_state = POP3_PROXY_LOGIN2;
+ return 0;
+ case POP3_PROXY_LOGIN2:
+ if (str_begins(line, "+ ") &&
+ client->proxy_sasl_client != NULL) {
+ /* continue SASL authentication */
+ if (pop3_proxy_continue_sasl_auth(client, output,
+ line+2) < 0)
+ return -1;
+ return 0;
+ }
+ if (!str_begins(line, "+OK"))
+ break;
+
+ /* Login successful. Send this line to client. */
+ line = t_strconcat(line, "\r\n", NULL);
+ o_stream_nsend_str(client->output, line);
+
+ client_proxy_finish_destroy_client(client);
+ return 1;
+ case POP3_PROXY_STATE_COUNT:
+ i_unreached();
+ }
+
+ /* Login failed. Pass through the error message to client.
+
+ If the backend server isn't Dovecot, the error message may
+ be different from Dovecot's "user doesn't exist" error. This
+ would allow an attacker to find out what users exist in the
+ system.
+
+ The optimal way to handle this would be to replace the
+ backend's "password failed" error message with Dovecot's
+ AUTH_FAILED_MSG, but this would require a new setting and
+ the sysadmin to actually bother setting it properly.
+
+ So for now we'll just forward the error message. This
+ shouldn't be a real problem since of course everyone will
+ be using only Dovecot as their backend :) */
+ enum login_proxy_failure_type failure_type =
+ LOGIN_PROXY_FAILURE_TYPE_AUTH;
+ if (!str_begins(line, "-ERR ")) {
+ client_send_reply(client, POP3_CMD_REPLY_ERROR,
+ AUTH_FAILED_MSG);
+ } else if (str_begins(line, "-ERR [SYS/TEMP]")) {
+ /* delay sending the reply until we know if we reconnect */
+ failure_type = LOGIN_PROXY_FAILURE_TYPE_AUTH_TEMPFAIL;
+ line += 5;
+ } else {
+ client_send_raw(client, t_strconcat(line, "\r\n", NULL));
+ line += 5;
+ }
+
+ login_proxy_failed(client->login_proxy,
+ login_proxy_get_event(client->login_proxy),
+ failure_type, line);
+ return -1;
+}
+
+void pop3_proxy_reset(struct client *client)
+{
+ struct pop3_client *pop3_client = (struct pop3_client *)client;
+
+ pop3_client->proxy_state = POP3_PROXY_BANNER;
+}
+
+static void
+pop3_proxy_send_failure_reply(struct client *client,
+ enum login_proxy_failure_type type,
+ const char *reason)
+{
+ switch (type) {
+ case LOGIN_PROXY_FAILURE_TYPE_CONNECT:
+ case LOGIN_PROXY_FAILURE_TYPE_INTERNAL:
+ case LOGIN_PROXY_FAILURE_TYPE_REMOTE:
+ case LOGIN_PROXY_FAILURE_TYPE_PROTOCOL:
+ client_send_reply(client, POP3_CMD_REPLY_TEMPFAIL,
+ LOGIN_PROXY_FAILURE_MSG);
+ break;
+ case LOGIN_PROXY_FAILURE_TYPE_INTERNAL_CONFIG:
+ case LOGIN_PROXY_FAILURE_TYPE_REMOTE_CONFIG:
+ client_send_reply(client, POP3_CMD_REPLY_ERROR,
+ LOGIN_PROXY_FAILURE_MSG);
+ break;
+ case LOGIN_PROXY_FAILURE_TYPE_AUTH_TEMPFAIL:
+ /* [SYS/TEMP] prefix is already in the reason string */
+ client_send_reply(client, POP3_CMD_REPLY_ERROR, reason);
+ break;
+ case LOGIN_PROXY_FAILURE_TYPE_AUTH:
+ /* reply was already sent */
+ break;
+ }
+}
+
+void pop3_proxy_failed(struct client *client,
+ enum login_proxy_failure_type type,
+ const char *reason, bool reconnecting)
+{
+ if (!reconnecting)
+ pop3_proxy_send_failure_reply(client, type, reason);
+ client_common_proxy_failed(client, type, reason, reconnecting);
+}
+
+const char *pop3_proxy_get_state(struct client *client)
+{
+ struct pop3_client *pop3_client = (struct pop3_client *)client;
+
+ return pop3_proxy_state_names[pop3_client->proxy_state];
+}
diff --git a/src/pop3-login/pop3-proxy.h b/src/pop3-login/pop3-proxy.h
new file mode 100644
index 0000000..9e23475
--- /dev/null
+++ b/src/pop3-login/pop3-proxy.h
@@ -0,0 +1,12 @@
+#ifndef POP3_PROXY_H
+#define POP3_PROXY_H
+
+void pop3_proxy_reset(struct client *client);
+int pop3_proxy_parse_line(struct client *client, const char *line);
+
+void pop3_proxy_failed(struct client *client,
+ enum login_proxy_failure_type type,
+ const char *reason, bool reconnecting);
+const char *pop3_proxy_get_state(struct client *client);
+
+#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-25 09:31:37 +0000