diff options
Diffstat (limited to 'camel/providers/imap/camel-imap-auth.c')
| -rw-r--r-- | camel/providers/imap/camel-imap-auth.c | 211 |
1 files changed, 0 insertions, 211 deletions
diff --git a/camel/providers/imap/camel-imap-auth.c b/camel/providers/imap/camel-imap-auth.c deleted file mode 100644 index 42abd1fa55..0000000000 --- a/camel/providers/imap/camel-imap-auth.c +++ /dev/null @@ -1,211 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* camel-imap-auth.c: IMAP AUTHENTICATE implementations */ - -/* - * Authors: Dan Winship <danw@helixcode.com> - * - * Copyright 2000 Helix Code, Inc. (www.helixcode.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -#include <config.h> - -#include <sys/types.h> -#include <netinet/in.h> - -#include <string.h> - -#ifdef HAVE_KRB4 -#include <krb.h> -/* MIT krb4 des.h #defines _. Sigh. We don't need it. */ -#undef _ -#endif - -#include "camel-exception.h" -#include "camel-mime-utils.h" - -#include "camel-imap-auth.h" -#include "camel-imap-command.h" -#include "camel-imap-utils.h" - -#include "camel-imap-private.h" - -#ifdef HAVE_KRB4 - -static char * -base64_encode_simple (const char *data, int len) -{ - unsigned char *out; - int state = 0, outlen; - unsigned int save = 0; - - out = g_malloc (len * 4 / 3 + 5); - outlen = base64_encode_close ((unsigned char *)data, len, FALSE, - out, &state, &save); - out[outlen] = '\0'; - return (char *)out; -} - -static int -base64_decode_simple (char *data, int len) -{ - int state = 0; - unsigned int save = 0; - - return base64_decode_step ((unsigned char *)data, len, - (unsigned char *)data, &state, &save); -} - -#define IMAP_KERBEROS_V4_PROTECTION_NONE 1 -#define IMAP_KERBEROS_V4_PROTECTION_INTEGRITY 2 -#define IMAP_KERBEROS_V4_PROTECTION_PRIVACY 4 - -gboolean -imap_try_kerberos_v4_auth (CamelImapStore *store, CamelException *ex) -{ - CamelImapResponse *response; - char *resp, *data; - int status, len; - char *inst, *realm, *buf, *username; - guint32 nonce_n, nonce_h, plus1; - struct hostent *h; - KTEXT_ST authenticator; - CREDENTIALS credentials; - des_cblock session; - des_key_schedule schedule; - - CAMEL_IMAP_STORE_LOCK(store, command_lock); - - /* The kickoff. */ - response = camel_imap_command (store, NULL, ex, - "AUTHENTICATE KERBEROS_V4"); - if (!response) - goto fail; - resp = camel_imap_response_extract_continuation (response, ex); - if (!resp) - goto fail; - - data = imap_next_word (resp); - - /* First server response is a base64-encoded 32-bit random number - * ("nonce") in network byte order. - */ - if (strlen (data) != 8 || base64_decode_simple (data, 8) != 4) { - g_free (resp); - goto break_and_lose; - } - memcpy (&nonce_n, data, 4); - g_free (resp); - nonce_h = ntohl (nonce_n); - - /* Our response is an authenticator including that number. */ - h = camel_service_gethost (CAMEL_SERVICE (store), ex); - if (!h) - goto break_and_lose; - inst = g_strndup (h->h_name, strcspn (h->h_name, ".")); - g_strdown (inst); - realm = g_strdup (krb_realmofhost (h->h_name)); - status = krb_mk_req (&authenticator, "imap", inst, realm, nonce_h); - if (status == KSUCCESS) { - status = krb_get_cred ("imap", inst, realm, &credentials); - memcpy (session, credentials.session, sizeof (session)); - memset (&credentials, 0, sizeof (credentials)); - } - g_free (inst); - g_free (realm); - - if (status != KSUCCESS) { - camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE, - _("Could not get Kerberos ticket:\n%s"), - krb_err_txt[status]); - goto break_and_lose; - } - des_key_sched (&session, schedule); - - buf = base64_encode_simple (authenticator.dat, authenticator.length); - response = camel_imap_command_continuation (store, ex, buf); - g_free (buf); - if (!response) - goto lose; - resp = camel_imap_response_extract_continuation (response, ex); - if (!resp) - goto lose; - data = imap_next_word (resp); - - len = strlen (data); - base64_decode_simple (data, strlen (data)); - - /* This one is encrypted. */ - des_ecb_encrypt ((des_cblock *)data, (des_cblock *)data, schedule, 0); - - /* Check that the returned value is the original nonce plus one. */ - memcpy (&plus1, data, 4); - if (ntohl (plus1) != nonce_h + 1) { - g_free (resp); - goto lose; - } - - /* "the fifth octet contain[s] a bit-mask specifying the - * protection mechanisms supported by the server" - */ - if (!(data[4] & IMAP_KERBEROS_V4_PROTECTION_NONE)) { - g_warning ("Server does not support `no protection' :-("); - g_free (resp); - goto break_and_lose; - } - g_free (resp); - - username = CAMEL_SERVICE (store)->url->user; - len = strlen (username) + 9; - len += 8 - len % 8; - data = g_malloc0 (len); - memcpy (data, &nonce_n, 4); - data[4] = IMAP_KERBEROS_V4_PROTECTION_NONE; - data[5] = data[6] = data[7] = 0; - strcpy (data + 8, username); - - des_pcbc_encrypt ((des_cblock *)data, (des_cblock *)data, len, - schedule, &session, 1); - memset (&session, 0, sizeof (session)); - buf = base64_encode_simple (data, len); - g_free (data); - - response = camel_imap_command_continuation (store, ex, buf); - if (!response) - goto lose; - camel_imap_response_free (response); - CAMEL_IMAP_STORE_UNLOCK(store, command_lock); - return TRUE; - - break_and_lose: - /* Get the server out of "waiting for continuation data" mode. */ - response = camel_imap_command_continuation (store, NULL, "*"); - if (response) - camel_imap_response_free (response); - - lose: - memset (&session, 0, sizeof (session)); - - if (!camel_exception_is_set (ex)) { - camel_exception_set (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE, - _("Bad authentication response from server.")); - } -fail: - CAMEL_IMAP_STORE_UNLOCK(store, command_lock); - return FALSE; -} -#endif /* HAVE_KRB4 */ |