From 0441d265f2bb9da249c7abf333f0f771fadb4ab5 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 15 Apr 2024 19:36:47 +0200 Subject: Adding upstream version 1:2.3.21+dfsg1. Signed-off-by: Daniel Baumann --- src/pop3-login/Makefile.am | 34 ++ src/pop3-login/Makefile.in | 830 +++++++++++++++++++++++++++++++++++ src/pop3-login/client-authenticate.c | 247 +++++++++++ src/pop3-login/client-authenticate.h | 15 + src/pop3-login/client.c | 395 +++++++++++++++++ src/pop3-login/client.h | 40 ++ src/pop3-login/pop3-login-settings.c | 75 ++++ src/pop3-login/pop3-login-settings.h | 6 + src/pop3-login/pop3-proxy.c | 320 ++++++++++++++ src/pop3-login/pop3-proxy.h | 12 + 10 files changed, 1974 insertions(+) create mode 100644 src/pop3-login/Makefile.am create mode 100644 src/pop3-login/Makefile.in create mode 100644 src/pop3-login/client-authenticate.c create mode 100644 src/pop3-login/client-authenticate.h create mode 100644 src/pop3-login/client.c create mode 100644 src/pop3-login/client.h create mode 100644 src/pop3-login/pop3-login-settings.c create mode 100644 src/pop3-login/pop3-login-settings.h create mode 100644 src/pop3-login/pop3-proxy.c create mode 100644 src/pop3-login/pop3-proxy.h (limited to 'src/pop3-login') diff --git a/src/pop3-login/Makefile.am b/src/pop3-login/Makefile.am new file mode 100644 index 0000000..0cba57c --- /dev/null +++ b/src/pop3-login/Makefile.am @@ -0,0 +1,34 @@ +pkglibexecdir = $(libexecdir)/dovecot + +pkglibexec_PROGRAMS = pop3-login + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/lib \ + -I$(top_srcdir)/src/lib-settings \ + -I$(top_srcdir)/src/lib-auth \ + -I$(top_srcdir)/src/lib-sasl \ + -I$(top_srcdir)/src/lib-master \ + -I$(top_srcdir)/src/login-common \ + $(BINARY_CFLAGS) + +pop3_login_LDADD = \ + $(LIBDOVECOT_LOGIN) \ + $(LIBDOVECOT) \ + $(SSL_LIBS) \ + $(BINARY_LDFLAGS) + +pop3_login_DEPENDENCIES = \ + $(LIBDOVECOT_LOGIN) \ + $(LIBDOVECOT_DEPS) + +pop3_login_SOURCES = \ + client.c \ + client-authenticate.c \ + pop3-login-settings.c \ + pop3-proxy.c + +noinst_HEADERS = \ + client.h \ + client-authenticate.h \ + pop3-login-settings.h \ + pop3-proxy.h diff --git a/src/pop3-login/Makefile.in b/src/pop3-login/Makefile.in new file mode 100644 index 0000000..8ecc998 --- /dev/null +++ b/src/pop3-login/Makefile.in @@ -0,0 +1,830 @@ +# Makefile.in generated by automake 1.16.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2020 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +pkglibexec_PROGRAMS = pop3-login$(EXEEXT) +subdir = src/pop3-login +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/ac_checktype2.m4 \ + $(top_srcdir)/m4/ac_typeof.m4 $(top_srcdir)/m4/arc4random.m4 \ + $(top_srcdir)/m4/blockdev.m4 $(top_srcdir)/m4/c99_vsnprintf.m4 \ + $(top_srcdir)/m4/clock_gettime.m4 $(top_srcdir)/m4/crypt.m4 \ + $(top_srcdir)/m4/crypt_xpg6.m4 $(top_srcdir)/m4/dbqlk.m4 \ + $(top_srcdir)/m4/dirent_dtype.m4 $(top_srcdir)/m4/dovecot.m4 \ + $(top_srcdir)/m4/fd_passing.m4 $(top_srcdir)/m4/fdatasync.m4 \ + $(top_srcdir)/m4/flexible_array_member.m4 \ + $(top_srcdir)/m4/glibc.m4 $(top_srcdir)/m4/gmtime_max.m4 \ + $(top_srcdir)/m4/gmtime_tm_gmtoff.m4 \ + $(top_srcdir)/m4/ioloop.m4 $(top_srcdir)/m4/iovec.m4 \ + $(top_srcdir)/m4/ipv6.m4 $(top_srcdir)/m4/libcap.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/libwrap.m4 \ + $(top_srcdir)/m4/linux_mremap.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/mmap_write.m4 \ + $(top_srcdir)/m4/mntctl.m4 $(top_srcdir)/m4/modules.m4 \ + $(top_srcdir)/m4/notify.m4 $(top_srcdir)/m4/nsl.m4 \ + $(top_srcdir)/m4/off_t_max.m4 $(top_srcdir)/m4/pkg.m4 \ + $(top_srcdir)/m4/pr_set_dumpable.m4 \ + $(top_srcdir)/m4/q_quotactl.m4 $(top_srcdir)/m4/quota.m4 \ + $(top_srcdir)/m4/random.m4 $(top_srcdir)/m4/rlimit.m4 \ + $(top_srcdir)/m4/sendfile.m4 $(top_srcdir)/m4/size_t_signed.m4 \ + $(top_srcdir)/m4/sockpeercred.m4 $(top_srcdir)/m4/sql.m4 \ + $(top_srcdir)/m4/ssl.m4 $(top_srcdir)/m4/st_tim.m4 \ + $(top_srcdir)/m4/static_array.m4 $(top_srcdir)/m4/test_with.m4 \ + $(top_srcdir)/m4/time_t.m4 $(top_srcdir)/m4/typeof.m4 \ + $(top_srcdir)/m4/typeof_dev_t.m4 \ + $(top_srcdir)/m4/uoff_t_max.m4 $(top_srcdir)/m4/vararg.m4 \ + $(top_srcdir)/m4/want_apparmor.m4 \ + $(top_srcdir)/m4/want_bsdauth.m4 \ + $(top_srcdir)/m4/want_bzlib.m4 \ + $(top_srcdir)/m4/want_cassandra.m4 \ + $(top_srcdir)/m4/want_cdb.m4 \ + $(top_srcdir)/m4/want_checkpassword.m4 \ + $(top_srcdir)/m4/want_clucene.m4 $(top_srcdir)/m4/want_db.m4 \ + $(top_srcdir)/m4/want_gssapi.m4 $(top_srcdir)/m4/want_icu.m4 \ + $(top_srcdir)/m4/want_ldap.m4 $(top_srcdir)/m4/want_lua.m4 \ + $(top_srcdir)/m4/want_lz4.m4 $(top_srcdir)/m4/want_lzma.m4 \ + $(top_srcdir)/m4/want_mysql.m4 $(top_srcdir)/m4/want_pam.m4 \ + $(top_srcdir)/m4/want_passwd.m4 $(top_srcdir)/m4/want_pgsql.m4 \ + $(top_srcdir)/m4/want_prefetch.m4 \ + $(top_srcdir)/m4/want_shadow.m4 \ + $(top_srcdir)/m4/want_sodium.m4 $(top_srcdir)/m4/want_solr.m4 \ + $(top_srcdir)/m4/want_sqlite.m4 \ + $(top_srcdir)/m4/want_stemmer.m4 \ + $(top_srcdir)/m4/want_systemd.m4 \ + $(top_srcdir)/m4/want_textcat.m4 \ + $(top_srcdir)/m4/want_unwind.m4 $(top_srcdir)/m4/want_zlib.m4 \ + $(top_srcdir)/m4/want_zstd.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(noinst_HEADERS) \ + $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(pkglibexecdir)" +PROGRAMS = $(pkglibexec_PROGRAMS) +am_pop3_login_OBJECTS = client.$(OBJEXT) client-authenticate.$(OBJEXT) \ + pop3-login-settings.$(OBJEXT) pop3-proxy.$(OBJEXT) +pop3_login_OBJECTS = $(am_pop3_login_OBJECTS) +am__DEPENDENCIES_1 = +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/client-authenticate.Po \ + ./$(DEPDIR)/client.Po ./$(DEPDIR)/pop3-login-settings.Po \ + ./$(DEPDIR)/pop3-proxy.Po +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(pop3_login_SOURCES) +DIST_SOURCES = $(pop3_login_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +HEADERS = $(noinst_HEADERS) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +pkglibexecdir = $(libexecdir)/dovecot +ACLOCAL = @ACLOCAL@ +ACLOCAL_AMFLAGS = @ACLOCAL_AMFLAGS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPARMOR_LIBS = @APPARMOR_LIBS@ +AR = @AR@ +AUTH_CFLAGS = @AUTH_CFLAGS@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BINARY_CFLAGS = @BINARY_CFLAGS@ +BINARY_LDFLAGS = @BINARY_LDFLAGS@ +BISON = @BISON@ +CASSANDRA_CFLAGS = @CASSANDRA_CFLAGS@ +CASSANDRA_LIBS = @CASSANDRA_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CDB_LIBS = @CDB_LIBS@ +CFLAGS = @CFLAGS@ +CLUCENE_CFLAGS = @CLUCENE_CFLAGS@ +CLUCENE_LIBS = @CLUCENE_LIBS@ +COMPRESS_LIBS = @COMPRESS_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPT_LIBS = @CRYPT_LIBS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DICT_LIBS = @DICT_LIBS@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FLEX = @FLEX@ +FUZZER_CPPFLAGS = @FUZZER_CPPFLAGS@ +FUZZER_LDFLAGS = @FUZZER_LDFLAGS@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +KRB5CONFIG = @KRB5CONFIG@ +KRB5_CFLAGS = @KRB5_CFLAGS@ +KRB5_LIBS = @KRB5_LIBS@ +LD = @LD@ +LDAP_LIBS = @LDAP_LIBS@ +LDFLAGS = @LDFLAGS@ +LD_NO_WHOLE_ARCHIVE = @LD_NO_WHOLE_ARCHIVE@ +LD_WHOLE_ARCHIVE = @LD_WHOLE_ARCHIVE@ +LIBCAP = @LIBCAP@ +LIBDOVECOT = @LIBDOVECOT@ +LIBDOVECOT_COMPRESS = @LIBDOVECOT_COMPRESS@ +LIBDOVECOT_DEPS = @LIBDOVECOT_DEPS@ +LIBDOVECOT_DSYNC = @LIBDOVECOT_DSYNC@ +LIBDOVECOT_LA_LIBS = @LIBDOVECOT_LA_LIBS@ +LIBDOVECOT_LDA = @LIBDOVECOT_LDA@ +LIBDOVECOT_LDAP = @LIBDOVECOT_LDAP@ +LIBDOVECOT_LIBFTS = @LIBDOVECOT_LIBFTS@ +LIBDOVECOT_LIBFTS_DEPS = @LIBDOVECOT_LIBFTS_DEPS@ +LIBDOVECOT_LOGIN = @LIBDOVECOT_LOGIN@ +LIBDOVECOT_LUA = @LIBDOVECOT_LUA@ +LIBDOVECOT_LUA_DEPS = @LIBDOVECOT_LUA_DEPS@ +LIBDOVECOT_SQL = @LIBDOVECOT_SQL@ +LIBDOVECOT_STORAGE = @LIBDOVECOT_STORAGE@ +LIBDOVECOT_STORAGE_DEPS = @LIBDOVECOT_STORAGE_DEPS@ +LIBEXTTEXTCAT_CFLAGS = @LIBEXTTEXTCAT_CFLAGS@ +LIBEXTTEXTCAT_LIBS = @LIBEXTTEXTCAT_LIBS@ +LIBICONV = @LIBICONV@ +LIBICU_CFLAGS = @LIBICU_CFLAGS@ +LIBICU_LIBS = @LIBICU_LIBS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBSODIUM_CFLAGS = @LIBSODIUM_CFLAGS@ +LIBSODIUM_LIBS = @LIBSODIUM_LIBS@ +LIBTIRPC_CFLAGS = @LIBTIRPC_CFLAGS@ +LIBTIRPC_LIBS = @LIBTIRPC_LIBS@ +LIBTOOL = @LIBTOOL@ +LIBUNWIND_CFLAGS = @LIBUNWIND_CFLAGS@ +LIBUNWIND_LIBS = @LIBUNWIND_LIBS@ +LIBWRAP_LIBS = @LIBWRAP_LIBS@ +LINKED_STORAGE_LDADD = @LINKED_STORAGE_LDADD@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBICONV = @LTLIBICONV@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBS = @LUA_LIBS@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MODULE_LIBS = @MODULE_LIBS@ +MODULE_SUFFIX = @MODULE_SUFFIX@ +MYSQL_CFLAGS = @MYSQL_CFLAGS@ +MYSQL_CONFIG = @MYSQL_CONFIG@ +MYSQL_LIBS = @MYSQL_LIBS@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NOPLUGIN_LDFLAGS = @NOPLUGIN_LDFLAGS@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PANDOC = @PANDOC@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PGSQL_CFLAGS = @PGSQL_CFLAGS@ +PGSQL_LIBS = @PGSQL_LIBS@ +PG_CONFIG = @PG_CONFIG@ +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +QUOTA_LIBS = @QUOTA_LIBS@ +RANLIB = @RANLIB@ +RELRO_LDFLAGS = @RELRO_LDFLAGS@ +RPCGEN = @RPCGEN@ +RUN_TEST = @RUN_TEST@ +SED = @SED@ +SETTING_FILES = @SETTING_FILES@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SQLITE_CFLAGS = @SQLITE_CFLAGS@ +SQLITE_LIBS = @SQLITE_LIBS@ +SQL_CFLAGS = @SQL_CFLAGS@ +SQL_LIBS = @SQL_LIBS@ +SSL_CFLAGS = @SSL_CFLAGS@ +SSL_LIBS = @SSL_LIBS@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +VALGRIND = @VALGRIND@ +VERSION = @VERSION@ +ZSTD_CFLAGS = @ZSTD_CFLAGS@ +ZSTD_LIBS = @ZSTD_LIBS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dict_drivers = @dict_drivers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +moduledir = @moduledir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +rundir = @rundir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +sql_drivers = @sql_drivers@ +srcdir = @srcdir@ +ssldir = @ssldir@ +statedir = @statedir@ +sysconfdir = @sysconfdir@ +systemdservicetype = @systemdservicetype@ +systemdsystemunitdir = @systemdsystemunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/lib \ + -I$(top_srcdir)/src/lib-settings \ + -I$(top_srcdir)/src/lib-auth \ + -I$(top_srcdir)/src/lib-sasl \ + -I$(top_srcdir)/src/lib-master \ + -I$(top_srcdir)/src/login-common \ + $(BINARY_CFLAGS) + +pop3_login_LDADD = \ + $(LIBDOVECOT_LOGIN) \ + $(LIBDOVECOT) \ + $(SSL_LIBS) \ + $(BINARY_LDFLAGS) + +pop3_login_DEPENDENCIES = \ + $(LIBDOVECOT_LOGIN) \ + $(LIBDOVECOT_DEPS) + +pop3_login_SOURCES = \ + client.c \ + client-authenticate.c \ + pop3-login-settings.c \ + pop3-proxy.c + +noinst_HEADERS = \ + client.h \ + client-authenticate.h \ + pop3-login-settings.h \ + pop3-proxy.h + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/pop3-login/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign src/pop3-login/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-pkglibexecPROGRAMS: $(pkglibexec_PROGRAMS) + @$(NORMAL_INSTALL) + @list='$(pkglibexec_PROGRAMS)'; test -n "$(pkglibexecdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(pkglibexecdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(pkglibexecdir)" || exit 1; \ + fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p \ + || test -f $$p1 \ + ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' \ + -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(pkglibexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(pkglibexecdir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-pkglibexecPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(pkglibexec_PROGRAMS)'; test -n "$(pkglibexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' \ + `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(pkglibexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(pkglibexecdir)" && rm -f $$files + +clean-pkglibexecPROGRAMS: + @list='$(pkglibexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +pop3-login$(EXEEXT): $(pop3_login_OBJECTS) $(pop3_login_DEPENDENCIES) $(EXTRA_pop3_login_DEPENDENCIES) + @rm -f pop3-login$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pop3_login_OBJECTS) $(pop3_login_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client-authenticate.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pop3-login-settings.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pop3-proxy.Po@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) $(HEADERS) +installdirs: + for dir in "$(DESTDIR)$(pkglibexecdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pkglibexecPROGRAMS \ + mostlyclean-am + +distclean: distclean-am + -rm -f ./$(DEPDIR)/client-authenticate.Po + -rm -f ./$(DEPDIR)/client.Po + -rm -f ./$(DEPDIR)/pop3-login-settings.Po + -rm -f ./$(DEPDIR)/pop3-proxy.Po + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-pkglibexecPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f ./$(DEPDIR)/client-authenticate.Po + -rm -f ./$(DEPDIR)/client.Po + -rm -f ./$(DEPDIR)/pop3-login-settings.Po + -rm -f ./$(DEPDIR)/pop3-proxy.Po + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pkglibexecPROGRAMS + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \ + clean-generic clean-libtool clean-pkglibexecPROGRAMS \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pkglibexecPROGRAMS install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-pkglibexecPROGRAMS + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/pop3-login/client-authenticate.c b/src/pop3-login/client-authenticate.c new file mode 100644 index 0000000..e215833 --- /dev/null +++ b/src/pop3-login/client-authenticate.c @@ -0,0 +1,247 @@ +/* Copyright (c) 2002-2018 Dovecot authors, see the included COPYING file */ + +#include "login-common.h" +#include "base64.h" +#include "buffer.h" +#include "hex-binary.h" +#include "ioloop.h" +#include "istream.h" +#include "ostream.h" +#include "safe-memset.h" +#include "str.h" +#include "str-sanitize.h" +#include "auth-client.h" +#include "../pop3/pop3-capability.h" +#include "client.h" +#include "client-authenticate.h" +#include "pop3-proxy.h" + + +static const char *capability_string = POP3_CAPABILITY_REPLY; + +bool cmd_capa(struct pop3_client *client, const char *args ATTR_UNUSED) +{ + const struct auth_mech_desc *mech; + unsigned int i, count; + string_t *str; + + str = t_str_new(128); + str_append(str, "+OK\r\n"); + str_append(str, capability_string); + + if (client_is_tls_enabled(&client->common) && !client->common.tls) + str_append(str, "STLS\r\n"); + if (!client->common.set->disable_plaintext_auth || + client->common.secured) + str_append(str, "USER\r\n"); + + str_append(str, "SASL"); + mech = sasl_server_get_advertised_mechs(&client->common, &count); + for (i = 0; i < count; i++) { + str_append_c(str, ' '); + str_append(str, mech[i].name); + } + str_append(str, "\r\n.\r\n"); + + client_send_raw(&client->common, str_c(str)); + return TRUE; +} + +void pop3_client_auth_result(struct client *client, + enum client_auth_result result, + const struct client_auth_reply *reply ATTR_UNUSED, + const char *text) +{ + switch (result) { + case CLIENT_AUTH_RESULT_SUCCESS: + /* nothing to be done for POP3 */ + break; + case CLIENT_AUTH_RESULT_TEMPFAIL: + client_send_reply(client, POP3_CMD_REPLY_TEMPFAIL, text); + break; + case CLIENT_AUTH_RESULT_AUTHFAILED: + case CLIENT_AUTH_RESULT_AUTHFAILED_REASON: + case CLIENT_AUTH_RESULT_AUTHZFAILED: + case CLIENT_AUTH_RESULT_PASS_EXPIRED: + case CLIENT_AUTH_RESULT_SSL_REQUIRED: + case CLIENT_AUTH_RESULT_LOGIN_DISABLED: + case CLIENT_AUTH_RESULT_MECH_INVALID: + case CLIENT_AUTH_RESULT_MECH_SSL_REQUIRED: + case CLIENT_AUTH_RESULT_INVALID_BASE64: + client_send_reply(client, POP3_CMD_REPLY_AUTH_ERROR, text); + break; + default: + client_send_reply(client, POP3_CMD_REPLY_ERROR, text); + break; + } +} + +int cmd_auth(struct pop3_client *pop3_client) +{ + /* NOTE: This command's input is handled specially because the + SASL-IR can be large. */ + struct client *client = &pop3_client->common; + const unsigned char *data; + size_t i, size; + int ret; + + /* [] */ + if (!pop3_client->auth_mech_name_parsed) { + data = i_stream_get_data(client->input, &size); + for (i = 0; i < size; i++) { + if (data[i] == ' ' || + data[i] == '\r' || data[i] == '\n') + break; + } + if (i == size) + return 0; + if (i == 0) { + /* Old-style SASL discovery, used by MS Outlook */ + unsigned int i, count; + const struct auth_mech_desc *mech; + + client_send_raw(client, "+OK\r\n"); + mech = sasl_server_get_advertised_mechs(client, &count); + for (i = 0; i < count; i++) { + client_send_raw(client, mech[i].name); + client_send_raw(client, "\r\n"); + } + client_send_raw(client, ".\r\n"); + (void)i_stream_read_next_line(client->input); + return 1; + } + i_free(client->auth_mech_name); + client->auth_mech_name = i_strndup(data, i); + pop3_client->auth_mech_name_parsed = TRUE; + if (data[i] == ' ') + i++; + i_stream_skip(client->input, i); + } + + /* get SASL-IR, if any */ + if ((ret = client_auth_read_line(client)) <= 0) + return ret; + + const char *ir = NULL; + if (client->auth_response->used > 0) + ir = t_strdup(str_c(client->auth_response)); + + pop3_client->auth_mech_name_parsed = FALSE; + /* The whole AUTH line command is parsed now. The rest of the SASL + protocol exchange happens in login-common code. We can free the + current command here already, because no pop3-login code is called + until the authentication is finished. Also, there's currently no + single location that is called in pop3-login code after the + authentication is finished. For example it could be an auth failure + or it could be a successful authentication with a proxying + failure. */ + i_free(pop3_client->current_cmd); + return client_auth_begin(client, t_strdup(client->auth_mech_name), ir); +} + +bool cmd_user(struct pop3_client *pop3_client, const char *args) +{ + if (!client_check_plaintext_auth(&pop3_client->common, FALSE)) { + if (pop3_client->common.virtual_user == NULL) + pop3_client->common.virtual_user = i_strdup(args); + return TRUE; + } + + i_free(pop3_client->last_user); + pop3_client->last_user = i_strdup(args); + + client_send_raw(&pop3_client->common, "+OK\r\n"); + return TRUE; +} + +bool cmd_pass(struct pop3_client *pop3_client, const char *args) +{ + struct client *client = &pop3_client->common; + string_t *plain_login, *base64; + + if (pop3_client->last_user == NULL) { + /* client may ignore the USER reply and only display the error + message from PASS */ + if (!client_check_plaintext_auth(client, TRUE)) + return TRUE; + + client_send_reply(client, POP3_CMD_REPLY_ERROR, + "No username given."); + return TRUE; + } + + /* authorization ID \0 authentication ID \0 pass */ + plain_login = t_str_new(128); + str_append_c(plain_login, '\0'); + str_append(plain_login, pop3_client->last_user); + str_append_c(plain_login, '\0'); + str_append(plain_login, args); + + i_free_and_null(pop3_client->last_user); + + base64 = t_buffer_create(MAX_BASE64_ENCODED_SIZE(plain_login->used)); + base64_encode(plain_login->data, plain_login->used, base64); + + (void)client_auth_begin(client, "PLAIN", str_c(base64)); + return TRUE; +} + +bool cmd_apop(struct pop3_client *pop3_client, const char *args) +{ + struct client *client = &pop3_client->common; + buffer_t *apop_data, *base64; + const char *p; + unsigned int server_pid, connect_uid; + + if (pop3_client->apop_challenge == NULL) { + if (client->set->auth_verbose) + e_info(client->event, "APOP failed: APOP not enabled"); + client_send_reply(client, POP3_CMD_REPLY_ERROR, + "APOP not enabled."); + return TRUE; + } + + /* */ + p = strchr(args, ' '); + if (p == NULL || strlen(p+1) != 32) { + if (client->set->auth_verbose) + e_info(client->event, "APOP failed: Invalid parameters"); + client_send_reply(client, POP3_CMD_REPLY_ERROR, + "Invalid parameters."); + return TRUE; + } + + /* APOP challenge \0 username \0 APOP response */ + apop_data = t_buffer_create(128); + buffer_append(apop_data, pop3_client->apop_challenge, + strlen(pop3_client->apop_challenge)+1); + buffer_append(apop_data, args, (size_t)(p-args)); + buffer_append_c(apop_data, '\0'); + + if (hex_to_binary(p+1, apop_data) < 0) { + if (client->set->auth_verbose) { + e_info(client->event, "APOP failed: " + "Invalid characters in MD5 response"); + } + client_send_reply(client, POP3_CMD_REPLY_ERROR, + "Invalid characters in MD5 response."); + return TRUE; + } + + base64 = t_buffer_create(MAX_BASE64_ENCODED_SIZE(apop_data->used)); + base64_encode(apop_data->data, apop_data->used, base64); + + auth_client_get_connect_id(auth_client, &server_pid, &connect_uid); + if (pop3_client->apop_server_pid != server_pid || + pop3_client->apop_connect_uid != connect_uid) { + /* we reconnected to auth server and can't authenticate + with APOP in this session anymore. disconnecting the user + is probably the best solution now. */ + client_destroy(client, + "Reconnected to auth server, can't do APOP"); + return TRUE; + } + + (void)client_auth_begin_private(client, "APOP", str_c(base64)); + return TRUE; +} diff --git a/src/pop3-login/client-authenticate.h b/src/pop3-login/client-authenticate.h new file mode 100644 index 0000000..f9b6fa6 --- /dev/null +++ b/src/pop3-login/client-authenticate.h @@ -0,0 +1,15 @@ +#ifndef CLIENT_AUTHENTICATE_H +#define CLIENT_AUTHENTICATE_H + +void pop3_client_auth_result(struct client *client, + enum client_auth_result result, + const struct client_auth_reply *reply, + const char *text); + +bool cmd_capa(struct pop3_client *client, const char *args); +bool cmd_user(struct pop3_client *client, const char *args); +bool cmd_pass(struct pop3_client *client, const char *args); +int cmd_auth(struct pop3_client *client); +bool cmd_apop(struct pop3_client *client, const char *args); + +#endif diff --git a/src/pop3-login/client.c b/src/pop3-login/client.c new file mode 100644 index 0000000..d57d284 --- /dev/null +++ b/src/pop3-login/client.c @@ -0,0 +1,395 @@ +/* Copyright (c) 2002-2018 Dovecot authors, see the included COPYING file */ + +#include "login-common.h" +#include "base64.h" +#include "buffer.h" +#include "ioloop.h" +#include "istream.h" +#include "ostream.h" +#include "randgen.h" +#include "hostpid.h" +#include "safe-memset.h" +#include "str.h" +#include "strescape.h" +#include "master-service.h" +#include "client.h" +#include "client-authenticate.h" +#include "auth-client.h" +#include "pop3-proxy.h" +#include "pop3-login-settings.h" + +#include + +/* Disconnect client when it sends too many bad commands */ +#define CLIENT_MAX_BAD_COMMANDS 3 +#define CLIENT_MAX_CMD_LEN 8 + +static bool cmd_stls(struct pop3_client *client) +{ + client_cmd_starttls(&client->common); + return TRUE; +} + +static bool cmd_quit(struct pop3_client *client) +{ + client_send_reply(&client->common, POP3_CMD_REPLY_OK, "Logging out"); + client_destroy(&client->common, CLIENT_UNAUTHENTICATED_LOGOUT_MSG); + return TRUE; +} + +static bool cmd_xclient(struct pop3_client *client, const char *args) +{ + const char *const *tmp; + in_port_t remote_port; + bool args_ok = TRUE; + + if (!client->common.trusted) { + client_send_reply(&client->common, POP3_CMD_REPLY_OK, + "You are not from trusted IP - ignoring"); + return TRUE; + } + for (tmp = t_strsplit(args, " "); *tmp != NULL; tmp++) { + if (strncasecmp(*tmp, "ADDR=", 5) == 0) { + if (net_addr2ip(*tmp + 5, &client->common.ip) < 0) + args_ok = FALSE; + } else if (strncasecmp(*tmp, "PORT=", 5) == 0) { + if (net_str2port(*tmp + 5, &remote_port) < 0) + args_ok = FALSE; + else + client->common.remote_port = remote_port; + } else if (strncasecmp(*tmp, "SESSION=", 8) == 0) { + const char *value = *tmp + 8; + + if (strlen(value) <= LOGIN_MAX_SESSION_ID_LEN) { + client->common.session_id = + p_strdup(client->common.pool, value); + } + } else if (strncasecmp(*tmp, "TTL=", 4) == 0) { + if (str_to_uint(*tmp + 4, &client->common.proxy_ttl) < 0) + args_ok = FALSE; + } else if (strncasecmp(*tmp, "FORWARD=", 8) == 0) { + size_t value_len = strlen((*tmp)+8); + client->common.forward_fields = + str_new(client->common.preproxy_pool, + MAX_BASE64_DECODED_SIZE(value_len)); + if (base64_decode((*tmp)+8, value_len, NULL, + client->common.forward_fields) < 0) + args_ok = FALSE; + } + } + if (!args_ok) { + client_send_reply(&client->common, POP3_CMD_REPLY_ERROR, + "Invalid parameters"); + return TRUE; + } + + /* args ok, set them and reset the state */ + client_send_reply(&client->common, POP3_CMD_REPLY_OK, "Updated"); + return TRUE; +} + +static bool client_command_execute(struct pop3_client *client, const char *cmd, + const char *args) +{ + if (strcmp(cmd, "CAPA") == 0) + return cmd_capa(client, args); + if (strcmp(cmd, "USER") == 0) + return cmd_user(client, args); + if (strcmp(cmd, "PASS") == 0) + return cmd_pass(client, args); + if (strcmp(cmd, "APOP") == 0) + return cmd_apop(client, args); + if (strcmp(cmd, "STLS") == 0) + return cmd_stls(client); + if (strcmp(cmd, "QUIT") == 0) + return cmd_quit(client); + if (strcmp(cmd, "XCLIENT") == 0) + return cmd_xclient(client, args); + if (strcmp(cmd, "XOIP") == 0) { + /* Compatibility with Zimbra's patched nginx */ + return cmd_xclient(client, t_strconcat("ADDR=", args, NULL)); + } + + client_send_reply(&client->common, POP3_CMD_REPLY_ERROR, + "Unknown command."); + return FALSE; +} + +static void pop3_client_input(struct client *client) +{ + i_assert(!client->authenticating); + + if (!client_read(client)) + return; + + client_ref(client); + + o_stream_cork(client->output); + /* if a command starts an authentication, stop processing further + commands until the authentication is finished. */ + while (!client->output->closed && !client->authenticating && + auth_client_is_connected(auth_client)) { + if (!client->v.input_next_cmd(client)) + break; + } + + if (auth_client != NULL && !auth_client_is_connected(auth_client)) + client->input_blocked = TRUE; + + o_stream_uncork(client->output); + client_unref(&client); +} + +static bool client_read_cmd_name(struct client *client, const char **cmd_r) +{ + const unsigned char *data; + size_t size, i; + string_t *cmd = t_str_new(CLIENT_MAX_CMD_LEN); + if (i_stream_read_more(client->input, &data, &size) <= 0) + return FALSE; + for(i = 0; i < size; i++) { + if (data[i] == '\r') continue; + if (data[i] == ' ' || + data[i] == '\n' || + data[i] == '\0' || + i >= CLIENT_MAX_CMD_LEN) { + *cmd_r = str_c(cmd); + /* only skip ws */ + i_stream_skip(client->input, i + (data[i] == ' ' ? 1 : 0)); + return TRUE; + } + str_append_c(cmd, i_toupper(data[i])); + } + return FALSE; +} + +static bool pop3_client_input_next_cmd(struct client *client) +{ + struct pop3_client *pop3_client = (struct pop3_client *)client; + const char *cmd, *args; + + if (pop3_client->current_cmd == NULL) { + if (!client_read_cmd_name(client, &cmd)) + return FALSE; + pop3_client->current_cmd = i_strdup(cmd); + } + + if (strcmp(pop3_client->current_cmd, "AUTH") == 0) { + if (cmd_auth(pop3_client) <= 0) { + /* Need more input / destroyed. We also get here when + SASL authentication is actually started. */ + return FALSE; + } + /* AUTH command finished already (SASL probe or ERR reply) */ + i_free(pop3_client->current_cmd); + return TRUE; + } + + if ((args = i_stream_next_line(client->input)) == NULL) + return FALSE; + + if (client_command_execute(pop3_client, pop3_client->current_cmd, args)) + client->bad_counter = 0; + else if (++client->bad_counter >= CLIENT_MAX_BAD_COMMANDS) { + client_send_reply(client, POP3_CMD_REPLY_ERROR, + "Too many invalid bad commands."); + client_destroy(client, + "Disconnected: Too many bad commands"); + return FALSE; + } + i_free(pop3_client->current_cmd); + return TRUE; +} + +static struct client *pop3_client_alloc(pool_t pool) +{ + struct pop3_client *pop3_client; + + pop3_client = p_new(pool, struct pop3_client, 1); + return &pop3_client->common; +} + +static void pop3_client_create(struct client *client ATTR_UNUSED, + void **other_sets ATTR_UNUSED) +{ +} + +static void pop3_client_destroy(struct client *client) +{ + struct pop3_client *pop3_client = (struct pop3_client *)client; + + i_free_and_null(pop3_client->current_cmd); + i_free_and_null(pop3_client->last_user); + i_free_and_null(pop3_client->apop_challenge); +} + +static char *get_apop_challenge(struct pop3_client *client) +{ + unsigned char buffer[16]; + unsigned char buffer_base64[MAX_BASE64_ENCODED_SIZE(sizeof(buffer)) + 1]; + buffer_t buf; + + if (sasl_server_find_available_mech(&client->common, "APOP") == NULL) { + /* disabled, no need to present the challenge */ + return NULL; + } + + auth_client_get_connect_id(auth_client, &client->apop_server_pid, + &client->apop_connect_uid); + + random_fill(buffer, sizeof(buffer)); + buffer_create_from_data(&buf, buffer_base64, sizeof(buffer_base64)); + base64_encode(buffer, sizeof(buffer), &buf); + buffer_append_c(&buf, '\0'); + + return i_strdup_printf("<%x.%x.%lx.%s@%s>", + client->apop_server_pid, + client->apop_connect_uid, + (unsigned long)ioloop_time, + (const char *)buf.data, my_hostname); +} + +static void pop3_client_notify_auth_ready(struct client *client) +{ + struct pop3_client *pop3_client = (struct pop3_client *)client; + string_t *str; + + client->io = io_add_istream(client->input, client_input, client); + + str = t_str_new(128); + if (client->trusted) { + /* Dovecot extension to avoid extra roundtrip for CAPA */ + str_append(str, "[XCLIENT] "); + } + str_append(str, client->set->login_greeting); + + pop3_client->apop_challenge = get_apop_challenge(pop3_client); + if (pop3_client->apop_challenge != NULL) + str_printfa(str, " %s", pop3_client->apop_challenge); + client_send_reply(client, POP3_CMD_REPLY_OK, str_c(str)); + + client->banner_sent = TRUE; +} + +static void +pop3_client_notify_starttls(struct client *client, + bool success, const char *text) +{ + if (success) + client_send_reply(client, POP3_CMD_REPLY_OK, text); + else + client_send_reply(client, POP3_CMD_REPLY_ERROR, text); +} + +static void pop3_client_starttls(struct client *client ATTR_UNUSED) +{ +} + +void client_send_reply(struct client *client, enum pop3_cmd_reply reply, + const char *text) +{ + const char *prefix = "-ERR"; + + switch (reply) { + case POP3_CMD_REPLY_OK: + prefix = "+OK"; + break; + case POP3_CMD_REPLY_TEMPFAIL: + prefix = "-ERR [SYS/TEMP]"; + break; + case POP3_CMD_REPLY_AUTH_ERROR: + if (text[0] == '[') + prefix = "-ERR"; + else + prefix = "-ERR [AUTH]"; + break; + case POP3_CMD_REPLY_ERROR: + break; + } + + T_BEGIN { + string_t *line = t_str_new(256); + + str_append(line, prefix); + str_append_c(line, ' '); + str_append(line, text); + str_append(line, "\r\n"); + + client_send_raw_data(client, str_data(line), str_len(line)); + } T_END; +} + +static void +pop3_client_notify_disconnect(struct client *client, + enum client_disconnect_reason reason, + const char *text) +{ + if (reason == CLIENT_DISCONNECT_INTERNAL_ERROR) + client_send_reply(client, POP3_CMD_REPLY_TEMPFAIL, text); + else + client_send_reply(client, POP3_CMD_REPLY_ERROR, text); +} + +static void pop3_login_die(void) +{ + /* do nothing. pop3 connections typically die pretty quick anyway. */ +} + +static void pop3_login_preinit(void) +{ + login_set_roots = pop3_login_setting_roots; +} + +static void pop3_login_init(void) +{ + /* override the default login_die() */ + master_service_set_die_callback(master_service, pop3_login_die); +} + +static void pop3_login_deinit(void) +{ + clients_destroy_all(); +} + +static struct client_vfuncs pop3_client_vfuncs = { + .alloc = pop3_client_alloc, + .create = pop3_client_create, + .destroy = pop3_client_destroy, + .notify_auth_ready = pop3_client_notify_auth_ready, + .notify_disconnect = pop3_client_notify_disconnect, + .notify_starttls = pop3_client_notify_starttls, + .starttls = pop3_client_starttls, + .input = pop3_client_input, + .auth_result = pop3_client_auth_result, + .proxy_reset = pop3_proxy_reset, + .proxy_parse_line = pop3_proxy_parse_line, + .proxy_failed = pop3_proxy_failed, + .proxy_get_state = pop3_proxy_get_state, + .send_raw_data = client_common_send_raw_data, + .input_next_cmd = pop3_client_input_next_cmd, + .free = client_common_default_free, +}; + +static struct login_binary pop3_login_binary = { + .protocol = "pop3", + .process_name = "pop3-login", + .default_port = 110, + .default_ssl_port = 995, + + .event_category = { + .name = "pop3", + }, + + .client_vfuncs = &pop3_client_vfuncs, + .preinit = pop3_login_preinit, + .init = pop3_login_init, + .deinit = pop3_login_deinit, + + .sasl_support_final_reply = FALSE, + .anonymous_login_acceptable = TRUE, +}; + +int main(int argc, char *argv[]) +{ + return login_binary_run(&pop3_login_binary, argc, argv); +} diff --git a/src/pop3-login/client.h b/src/pop3-login/client.h new file mode 100644 index 0000000..3823685 --- /dev/null +++ b/src/pop3-login/client.h @@ -0,0 +1,40 @@ +#ifndef CLIENT_H +#define CLIENT_H + +#include "net.h" +#include "client-common.h" +#include "auth-client.h" + +enum pop3_proxy_state { + POP3_PROXY_BANNER = 0, + POP3_PROXY_STARTTLS, + POP3_PROXY_XCLIENT, + POP3_PROXY_LOGIN1, + POP3_PROXY_LOGIN2, + + POP3_PROXY_STATE_COUNT +}; + +struct pop3_client { + struct client common; + + char *current_cmd; + char *last_user; + char *apop_challenge; + unsigned int apop_server_pid, apop_connect_uid; + enum pop3_proxy_state proxy_state; + bool proxy_xclient; + bool auth_mech_name_parsed; +}; + +enum pop3_cmd_reply { + POP3_CMD_REPLY_OK, + POP3_CMD_REPLY_ERROR, + POP3_CMD_REPLY_AUTH_ERROR, + POP3_CMD_REPLY_TEMPFAIL +}; + +void client_send_reply(struct client *client, enum pop3_cmd_reply reply, + const char *text); + +#endif diff --git a/src/pop3-login/pop3-login-settings.c b/src/pop3-login/pop3-login-settings.c new file mode 100644 index 0000000..747e51e --- /dev/null +++ b/src/pop3-login/pop3-login-settings.c @@ -0,0 +1,75 @@ +/* Copyright (c) 2005-2018 Dovecot authors, see the included COPYING file */ + +#include "lib.h" +#include "buffer.h" +#include "settings-parser.h" +#include "service-settings.h" +#include "login-settings.h" +#include "pop3-login-settings.h" + +#include + +/* */ +static struct inet_listener_settings pop3_login_inet_listeners_array[] = { + { .name = "pop3", .address = "", .port = 110 }, + { .name = "pop3s", .address = "", .port = 995, .ssl = TRUE } +}; +static struct inet_listener_settings *pop3_login_inet_listeners[] = { + &pop3_login_inet_listeners_array[0], + &pop3_login_inet_listeners_array[1] +}; +static buffer_t pop3_login_inet_listeners_buf = { + { { pop3_login_inet_listeners, sizeof(pop3_login_inet_listeners) } } +}; + +/* */ +struct service_settings pop3_login_service_settings = { + .name = "pop3-login", + .protocol = "pop3", + .type = "login", + .executable = "pop3-login", + .user = "$default_login_user", + .group = "", + .privileged_group = "", + .extra_groups = "", + .chroot = "login", + + .drop_priv_before_exec = FALSE, + + .process_min_avail = 0, + .process_limit = 0, + .client_limit = 0, + .service_count = 1, + .idle_kill = 0, + .vsz_limit = UOFF_T_MAX, + + .unix_listeners = ARRAY_INIT, + .fifo_listeners = ARRAY_INIT, + .inet_listeners = { { &pop3_login_inet_listeners_buf, + sizeof(pop3_login_inet_listeners[0]) } } +}; + +static const struct setting_define pop3_login_setting_defines[] = { + SETTING_DEFINE_LIST_END +}; + +static const struct setting_parser_info *pop3_login_setting_dependencies[] = { + &login_setting_parser_info, + NULL +}; + +const struct setting_parser_info pop3_login_setting_parser_info = { + .module_name = "pop3-login", + .defines = pop3_login_setting_defines, + + .type_offset = SIZE_MAX, + .parent_offset = SIZE_MAX, + + .dependencies = pop3_login_setting_dependencies +}; + +const struct setting_parser_info *pop3_login_setting_roots[] = { + &login_setting_parser_info, + &pop3_login_setting_parser_info, + NULL +}; diff --git a/src/pop3-login/pop3-login-settings.h b/src/pop3-login/pop3-login-settings.h new file mode 100644 index 0000000..1c497eb --- /dev/null +++ b/src/pop3-login/pop3-login-settings.h @@ -0,0 +1,6 @@ +#ifndef POP3_LOGIN_SETTINGS_H +#define POP3_LOGIN_SETTINGS_H + +extern const struct setting_parser_info *pop3_login_setting_roots[]; + +#endif diff --git a/src/pop3-login/pop3-proxy.c b/src/pop3-login/pop3-proxy.c new file mode 100644 index 0000000..04ee265 --- /dev/null +++ b/src/pop3-login/pop3-proxy.c @@ -0,0 +1,320 @@ +/* Copyright (c) 2004-2018 Dovecot authors, see the included COPYING file */ + +#include "login-common.h" +#include "ioloop.h" +#include "istream.h" +#include "ostream.h" +#include "base64.h" +#include "safe-memset.h" +#include "str.h" +#include "str-sanitize.h" +#include "strescape.h" +#include "dsasl-client.h" +#include "client.h" +#include "pop3-proxy.h" + +static const char *pop3_proxy_state_names[POP3_PROXY_STATE_COUNT] = { + "banner", "starttls", "xclient", "login1", "login2" +}; + +static int proxy_send_login(struct pop3_client *client, struct ostream *output) +{ + struct dsasl_client_settings sasl_set; + const unsigned char *sasl_output; + size_t len; + const char *mech_name, *error; + string_t *str = t_str_new(128); + + i_assert(client->common.proxy_ttl > 1); + if (client->proxy_xclient && + !client->common.proxy_not_trusted) { + string_t *fwd = t_str_new(128); + for(const char *const *ptr = client->common.auth_passdb_args;*ptr != NULL; ptr++) { + if (strncasecmp(*ptr, "forward_", 8) == 0) { + if (str_len(fwd) > 0) + str_append_c(fwd, '\t'); + str_append_tabescaped(fwd, (*ptr)+8); + } + } + + str_printfa(str, "XCLIENT ADDR=%s PORT=%u SESSION=%s TTL=%u", + net_ip2addr(&client->common.ip), + client->common.remote_port, + client_get_session_id(&client->common), + client->common.proxy_ttl - 1); + if (str_len(fwd) > 0) { + str_append(str, " FORWARD="); + base64_encode(str_data(fwd), str_len(fwd), str); + } + str_append(str, "\r\n"); + /* remote supports XCLIENT, send it */ + o_stream_nsend(output, str_data(str), str_len(str)); + client->proxy_state = POP3_PROXY_XCLIENT; + } else { + client->proxy_state = POP3_PROXY_LOGIN1; + } + + str_truncate(str, 0); + + if (client->common.proxy_mech == NULL) { + /* send USER command */ + str_append(str, "USER "); + str_append(str, client->common.proxy_user); + str_append(str, "\r\n"); + o_stream_nsend(output, str_data(str), str_len(str)); + return 0; + } + + i_assert(client->common.proxy_sasl_client == NULL); + i_zero(&sasl_set); + sasl_set.authid = client->common.proxy_master_user != NULL ? + client->common.proxy_master_user : client->common.proxy_user; + sasl_set.authzid = client->common.proxy_user; + sasl_set.password = client->common.proxy_password; + client->common.proxy_sasl_client = + dsasl_client_new(client->common.proxy_mech, &sasl_set); + mech_name = dsasl_client_mech_get_name(client->common.proxy_mech); + + str_printfa(str, "AUTH %s ", mech_name); + if (dsasl_client_output(client->common.proxy_sasl_client, + &sasl_output, &len, &error) < 0) { + const char *reason = t_strdup_printf( + "SASL mechanism %s init failed: %s", + mech_name, error); + login_proxy_failed(client->common.login_proxy, + login_proxy_get_event(client->common.login_proxy), + LOGIN_PROXY_FAILURE_TYPE_INTERNAL, reason); + return -1; + } + if (len == 0) + str_append_c(str, '='); + else + base64_encode(sasl_output, len, str); + str_append(str, "\r\n"); + o_stream_nsend(output, str_data(str), str_len(str)); + + if (client->proxy_state != POP3_PROXY_XCLIENT) + client->proxy_state = POP3_PROXY_LOGIN2; + return 0; +} + +static int +pop3_proxy_continue_sasl_auth(struct client *client, struct ostream *output, + const char *line) +{ + string_t *str; + const unsigned char *data; + size_t data_len; + const char *error; + int ret; + + str = t_str_new(128); + if (base64_decode(line, strlen(line), NULL, str) < 0) { + const char *reason = t_strdup_printf( + "Invalid base64 data in AUTH response"); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); + return -1; + } + ret = dsasl_client_input(client->proxy_sasl_client, + str_data(str), str_len(str), &error); + if (ret == 0) { + ret = dsasl_client_output(client->proxy_sasl_client, + &data, &data_len, &error); + } + if (ret < 0) { + const char *reason = t_strdup_printf( + "Invalid authentication data: %s", error); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); + return -1; + } + i_assert(ret == 0); + + str_truncate(str, 0); + base64_encode(data, data_len, str); + str_append(str, "\r\n"); + + o_stream_nsend(output, str_data(str), str_len(str)); + return 0; +} + +int pop3_proxy_parse_line(struct client *client, const char *line) +{ + struct pop3_client *pop3_client = (struct pop3_client *)client; + struct ostream *output; + enum login_proxy_ssl_flags ssl_flags; + + i_assert(!client->destroyed); + + output = login_proxy_get_ostream(client->login_proxy); + switch (pop3_client->proxy_state) { + case POP3_PROXY_BANNER: + /* this is a banner */ + if (!str_begins(line, "+OK")) { + const char *reason = t_strdup_printf( + "Invalid banner: %s", str_sanitize(line, 160)); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_PROTOCOL, reason); + return -1; + } + pop3_client->proxy_xclient = + str_begins(line+3, " [XCLIENT]"); + + ssl_flags = login_proxy_get_ssl_flags(client->login_proxy); + if ((ssl_flags & PROXY_SSL_FLAG_STARTTLS) == 0) { + if (proxy_send_login(pop3_client, output) < 0) + return -1; + } else { + o_stream_nsend_str(output, "STLS\r\n"); + pop3_client->proxy_state = POP3_PROXY_STARTTLS; + } + return 0; + case POP3_PROXY_STARTTLS: + if (!str_begins(line, "+OK")) { + const char *reason = t_strdup_printf( + "STLS failed: %s", str_sanitize(line, 160)); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_REMOTE, reason); + return -1; + } + if (login_proxy_starttls(client->login_proxy) < 0) + return -1; + /* i/ostreams changed. */ + output = login_proxy_get_ostream(client->login_proxy); + if (proxy_send_login(pop3_client, output) < 0) + return -1; + return 1; + case POP3_PROXY_XCLIENT: + if (!str_begins(line, "+OK")) { + const char *reason = t_strdup_printf( + "XCLIENT failed: %s", str_sanitize(line, 160)); + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + LOGIN_PROXY_FAILURE_TYPE_REMOTE, reason); + return -1; + } + pop3_client->proxy_state = client->proxy_sasl_client == NULL ? + POP3_PROXY_LOGIN1 : POP3_PROXY_LOGIN2; + return 0; + case POP3_PROXY_LOGIN1: + i_assert(client->proxy_sasl_client == NULL); + if (!str_begins(line, "+OK")) + break; + + /* USER successful, send PASS */ + o_stream_nsend_str(output, t_strdup_printf( + "PASS %s\r\n", client->proxy_password)); + pop3_client->proxy_state = POP3_PROXY_LOGIN2; + return 0; + case POP3_PROXY_LOGIN2: + if (str_begins(line, "+ ") && + client->proxy_sasl_client != NULL) { + /* continue SASL authentication */ + if (pop3_proxy_continue_sasl_auth(client, output, + line+2) < 0) + return -1; + return 0; + } + if (!str_begins(line, "+OK")) + break; + + /* Login successful. Send this line to client. */ + line = t_strconcat(line, "\r\n", NULL); + o_stream_nsend_str(client->output, line); + + client_proxy_finish_destroy_client(client); + return 1; + case POP3_PROXY_STATE_COUNT: + i_unreached(); + } + + /* Login failed. Pass through the error message to client. + + If the backend server isn't Dovecot, the error message may + be different from Dovecot's "user doesn't exist" error. This + would allow an attacker to find out what users exist in the + system. + + The optimal way to handle this would be to replace the + backend's "password failed" error message with Dovecot's + AUTH_FAILED_MSG, but this would require a new setting and + the sysadmin to actually bother setting it properly. + + So for now we'll just forward the error message. This + shouldn't be a real problem since of course everyone will + be using only Dovecot as their backend :) */ + enum login_proxy_failure_type failure_type = + LOGIN_PROXY_FAILURE_TYPE_AUTH; + if (!str_begins(line, "-ERR ")) { + client_send_reply(client, POP3_CMD_REPLY_ERROR, + AUTH_FAILED_MSG); + } else if (str_begins(line, "-ERR [SYS/TEMP]")) { + /* delay sending the reply until we know if we reconnect */ + failure_type = LOGIN_PROXY_FAILURE_TYPE_AUTH_TEMPFAIL; + line += 5; + } else { + client_send_raw(client, t_strconcat(line, "\r\n", NULL)); + line += 5; + } + + login_proxy_failed(client->login_proxy, + login_proxy_get_event(client->login_proxy), + failure_type, line); + return -1; +} + +void pop3_proxy_reset(struct client *client) +{ + struct pop3_client *pop3_client = (struct pop3_client *)client; + + pop3_client->proxy_state = POP3_PROXY_BANNER; +} + +static void +pop3_proxy_send_failure_reply(struct client *client, + enum login_proxy_failure_type type, + const char *reason) +{ + switch (type) { + case LOGIN_PROXY_FAILURE_TYPE_CONNECT: + case LOGIN_PROXY_FAILURE_TYPE_INTERNAL: + case LOGIN_PROXY_FAILURE_TYPE_REMOTE: + case LOGIN_PROXY_FAILURE_TYPE_PROTOCOL: + client_send_reply(client, POP3_CMD_REPLY_TEMPFAIL, + LOGIN_PROXY_FAILURE_MSG); + break; + case LOGIN_PROXY_FAILURE_TYPE_INTERNAL_CONFIG: + case LOGIN_PROXY_FAILURE_TYPE_REMOTE_CONFIG: + client_send_reply(client, POP3_CMD_REPLY_ERROR, + LOGIN_PROXY_FAILURE_MSG); + break; + case LOGIN_PROXY_FAILURE_TYPE_AUTH_TEMPFAIL: + /* [SYS/TEMP] prefix is already in the reason string */ + client_send_reply(client, POP3_CMD_REPLY_ERROR, reason); + break; + case LOGIN_PROXY_FAILURE_TYPE_AUTH: + /* reply was already sent */ + break; + } +} + +void pop3_proxy_failed(struct client *client, + enum login_proxy_failure_type type, + const char *reason, bool reconnecting) +{ + if (!reconnecting) + pop3_proxy_send_failure_reply(client, type, reason); + client_common_proxy_failed(client, type, reason, reconnecting); +} + +const char *pop3_proxy_get_state(struct client *client) +{ + struct pop3_client *pop3_client = (struct pop3_client *)client; + + return pop3_proxy_state_names[pop3_client->proxy_state]; +} diff --git a/src/pop3-login/pop3-proxy.h b/src/pop3-login/pop3-proxy.h new file mode 100644 index 0000000..9e23475 --- /dev/null +++ b/src/pop3-login/pop3-proxy.h @@ -0,0 +1,12 @@ +#ifndef POP3_PROXY_H +#define POP3_PROXY_H + +void pop3_proxy_reset(struct client *client); +int pop3_proxy_parse_line(struct client *client, const char *line); + +void pop3_proxy_failed(struct client *client, + enum login_proxy_failure_type type, + const char *reason, bool reconnecting); +const char *pop3_proxy_get_state(struct client *client); + +#endif -- cgit v1.2.3