diff options
Diffstat (limited to 'imap-send.c')
| -rw-r--r-- | imap-send.c | 143 |
1 files changed, 86 insertions, 57 deletions
diff --git a/imap-send.c b/imap-send.c index 37ac4aa86a..54e6a80fd6 100644 --- a/imap-send.c +++ b/imap-send.c @@ -18,11 +18,11 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * along with this program; if not, see <http://www.gnu.org/licenses/>. */ #include "cache.h" +#include "config.h" #include "credential.h" #include "exec_cmd.h" #include "run-command.h" @@ -34,11 +34,11 @@ typedef void *SSL; #include "http.h" #endif -#if defined(USE_CURL_FOR_IMAP_SEND) && defined(NO_OPENSSL) -/* only available option */ +#if defined(USE_CURL_FOR_IMAP_SEND) +/* Always default to curl if it's available. */ #define USE_CURL_DEFAULT 1 #else -/* strictly opt in */ +/* We don't have curl, so continue to use the historical implementation */ #define USE_CURL_DEFAULT 0 #endif @@ -287,17 +287,20 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve SSL_library_init(); SSL_load_error_strings(); - if (use_tls_only) - meth = TLSv1_method(); - else - meth = SSLv23_method(); - + meth = SSLv23_method(); if (!meth) { ssl_socket_perror("SSLv23_method"); return -1; } ctx = SSL_CTX_new(meth); + if (!ctx) { + ssl_socket_perror("SSL_CTX_new"); + return -1; + } + + if (use_tls_only) + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); if (verify) SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); @@ -508,7 +511,7 @@ static int nfsnprintf(char *buf, int blen, const char *fmt, ...) va_start(va, fmt); if (blen <= 0 || (unsigned)(ret = vsnprintf(buf, blen, fmt, va)) >= (unsigned)blen) - die("Fatal: buffer too small. Please report a bug."); + die("BUG: buffer too small. Please report a bug."); va_end(va); return ret; } @@ -680,7 +683,7 @@ static int parse_response_code(struct imap_store *ctx, struct imap_cmd_cb *cb, struct imap *imap = ctx->imap; char *arg, *p; - if (*s != '[') + if (!s || *s != '[') return RESP_OK; /* no response code */ s++; if (!(p = strchr(s, ']'))) { @@ -689,6 +692,10 @@ static int parse_response_code(struct imap_store *ctx, struct imap_cmd_cb *cb, } *p++ = 0; arg = next_arg(&s); + if (!arg) { + fprintf(stderr, "IMAP error: empty response code\n"); + return RESP_BAD; + } if (!strcmp("UIDVALIDITY", arg)) { if (!(arg = next_arg(&s)) || !(ctx->uidvalidity = atoi(arg))) { fprintf(stderr, "IMAP error: malformed UIDVALIDITY status\n"); @@ -721,7 +728,8 @@ static int get_cmd_result(struct imap_store *ctx, struct imap_cmd *tcmd) { struct imap *imap = ctx->imap; struct imap_cmd *cmdp, **pcmdp; - char *cmd, *arg, *arg1; + char *cmd; + const char *arg, *arg1; int n, resp, resp2, tag; for (;;) { @@ -729,6 +737,10 @@ static int get_cmd_result(struct imap_store *ctx, struct imap_cmd *tcmd) return RESP_BAD; arg = next_arg(&cmd); + if (!arg) { + fprintf(stderr, "IMAP error: empty response\n"); + return RESP_BAD; + } if (*arg == '*') { arg = next_arg(&cmd); if (!arg) { @@ -773,8 +785,7 @@ static int get_cmd_result(struct imap_store *ctx, struct imap_cmd *tcmd) offsetof(struct imap_cmd, next)); if (cmdp->cb.data) { n = socket_write(&imap->buf.sock, cmdp->cb.data, cmdp->cb.dlen); - free(cmdp->cb.data); - cmdp->cb.data = NULL; + FREE_AND_NULL(cmdp->cb.data); if (n != (int)cmdp->cb.dlen) return RESP_BAD; } else if (cmdp->cb.cont) { @@ -804,6 +815,8 @@ static int get_cmd_result(struct imap_store *ctx, struct imap_cmd *tcmd) if (cmdp->cb.cont || cmdp->cb.data) imap->literal_pending = 0; arg = next_arg(&cmd); + if (!arg) + arg = ""; if (!strcmp("OK", arg)) resp = DRV_OK; else { @@ -858,11 +871,10 @@ static char hexchar(unsigned int b) return b < 10 ? '0' + b : 'a' + (b - 10); } -#define ENCODED_SIZE(n) (4*((n+2)/3)) +#define ENCODED_SIZE(n) (4 * DIV_ROUND_UP((n), 3)) static char *cram(const char *challenge_64, const char *user, const char *pass) { int i, resp_len, encoded_len, decoded_len; - HMAC_CTX hmac; unsigned char hash[16]; char hex[33]; char *response, *response_64, *challenge; @@ -877,10 +889,8 @@ static char *cram(const char *challenge_64, const char *user, const char *pass) (unsigned char *)challenge_64, encoded_len); if (decoded_len < 0) die("invalid challenge %s", challenge_64); - HMAC_Init(&hmac, (unsigned char *)pass, strlen(pass), EVP_md5()); - HMAC_Update(&hmac, (unsigned char *)challenge, decoded_len); - HMAC_Final(&hmac, hash, NULL); - HMAC_CTX_cleanup(&hmac); + if (!HMAC(EVP_md5(), pass, strlen(pass), (unsigned char *)challenge, decoded_len, hash, NULL)) + die("HMAC error"); hex[32] = 0; for (i = 0; i < 16; i++) { @@ -889,16 +899,14 @@ static char *cram(const char *challenge_64, const char *user, const char *pass) } /* response: "<user> <digest in hex>" */ - resp_len = strlen(user) + 1 + strlen(hex) + 1; - response = xmalloc(resp_len); - sprintf(response, "%s %s", user, hex); + response = xstrfmt("%s %s", user, hex); + resp_len = strlen(response); - response_64 = xmalloc(ENCODED_SIZE(resp_len) + 1); + response_64 = xmallocz(ENCODED_SIZE(resp_len)); encoded_len = EVP_EncodeBlock((unsigned char *)response_64, (unsigned char *)response, resp_len); if (encoded_len < 0) die("EVP_EncodeBlock error"); - response_64[encoded_len] = '\0'; return (char *)response_64; } @@ -928,6 +936,25 @@ static int auth_cram_md5(struct imap_store *ctx, struct imap_cmd *cmd, const cha return 0; } +static void server_fill_credential(struct imap_server_conf *srvc, struct credential *cred) +{ + if (srvc->user && srvc->pass) + return; + + cred->protocol = xstrdup(srvc->use_ssl ? "imaps" : "imap"); + cred->host = xstrdup(srvc->host); + + cred->username = xstrdup_or_null(srvc->user); + cred->password = xstrdup_or_null(srvc->pass); + + credential_fill(cred); + + if (!srvc->user) + srvc->user = xstrdup(cred->username); + if (!srvc->pass) + srvc->pass = xstrdup(cred->password); +} + static struct imap_store *imap_open_store(struct imap_server_conf *srvc, char *folder) { struct credential cred = CREDENTIAL_INIT; @@ -966,7 +993,7 @@ static struct imap_store *imap_open_store(struct imap_server_conf *srvc, char *f int gai; char portstr[6]; - snprintf(portstr, sizeof(portstr), "%d", srvc->port); + xsnprintf(portstr, sizeof(portstr), "%d", srvc->port); memset(&hints, 0, sizeof(hints)); hints.ai_socktype = SOCK_STREAM; @@ -1080,27 +1107,7 @@ static struct imap_store *imap_open_store(struct imap_server_conf *srvc, char *f } #endif imap_info("Logging in...\n"); - if (!srvc->user || !srvc->pass) { - cred.protocol = xstrdup(srvc->use_ssl ? "imaps" : "imap"); - cred.host = xstrdup(srvc->host); - - if (srvc->user) - cred.username = xstrdup(srvc->user); - if (srvc->pass) - cred.password = xstrdup(srvc->pass); - - credential_fill(&cred); - - if (!srvc->user) - srvc->user = xstrdup(cred.username); - if (!srvc->pass) - srvc->pass = xstrdup(cred.password); - } - - if (CAP(NOLOGIN)) { - fprintf(stderr, "Skipping account %s@%s, server forbids LOGIN\n", srvc->user, srvc->host); - goto bail; - } + server_fill_credential(srvc, &cred); if (srvc->auth_method) { struct imap_cmd_cb cb; @@ -1125,6 +1132,11 @@ static struct imap_store *imap_open_store(struct imap_server_conf *srvc, char *f goto bail; } } else { + if (CAP(NOLOGIN)) { + fprintf(stderr, "Skipping account %s@%s, server forbids LOGIN\n", + srvc->user, srvc->host); + goto bail; + } if (!imap->buf.sock.ssl) imap_warn("*** IMAP Warning *** Password is being " "sent in the clear\n"); @@ -1189,7 +1201,7 @@ static void lf_to_crlf(struct strbuf *msg) j++; } - new = xmalloc(j + 1); + new = xmallocz(j); /* * Second pass: write the new string. Note that this loop is @@ -1396,7 +1408,7 @@ static int append_msgs_to_imap(struct imap_server_conf *server, } #ifdef USE_CURL_FOR_IMAP_SEND -static CURL *setup_curl(struct imap_server_conf *srvc) +static CURL *setup_curl(struct imap_server_conf *srvc, struct credential *cred) { CURL *curl; struct strbuf path = STRBUF_INIT; @@ -1409,9 +1421,11 @@ static CURL *setup_curl(struct imap_server_conf *srvc) if (!curl) die("curl_easy_init failed"); + server_fill_credential(&server, cred); curl_easy_setopt(curl, CURLOPT_USERNAME, server.user); curl_easy_setopt(curl, CURLOPT_PASSWORD, server.pass); + strbuf_addstr(&path, server.use_ssl ? "imaps://" : "imap://"); strbuf_addstr(&path, server.host); if (!path.len || path.buf[path.len - 1] != '/') strbuf_addch(&path, '/'); @@ -1422,11 +1436,15 @@ static CURL *setup_curl(struct imap_server_conf *srvc) curl_easy_setopt(curl, CURLOPT_PORT, server.port); if (server.auth_method) { +#if LIBCURL_VERSION_NUM < 0x072200 + warning("No LOGIN_OPTIONS support in this cURL version"); +#else struct strbuf auth = STRBUF_INIT; strbuf_addstr(&auth, "AUTH="); strbuf_addstr(&auth, server.auth_method); curl_easy_setopt(curl, CURLOPT_LOGIN_OPTIONS, auth.buf); strbuf_release(&auth); +#endif } if (!server.use_ssl) @@ -1441,6 +1459,7 @@ static CURL *setup_curl(struct imap_server_conf *srvc) if (0 < verbosity || getenv("GIT_CURL_VERBOSE")) curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); + setup_curl_trace(curl); return curl; } @@ -1452,8 +1471,9 @@ static int curl_append_msgs_to_imap(struct imap_server_conf *server, struct buffer msgbuf = { STRBUF_INIT, 0 }; CURL *curl; CURLcode res = CURLE_OK; + struct credential cred = CREDENTIAL_INIT; - curl = setup_curl(server); + curl = setup_curl(server, &cred); curl_easy_setopt(curl, CURLOPT_READDATA, &msgbuf); fprintf(stderr, "sending %d message%s\n", total, (total != 1) ? "s" : ""); @@ -1488,20 +1508,29 @@ static int curl_append_msgs_to_imap(struct imap_server_conf *server, curl_easy_cleanup(curl); curl_global_cleanup(); - return 0; + if (cred.username) { + if (res == CURLE_OK) + credential_approve(&cred); +#if LIBCURL_VERSION_NUM >= 0x070d01 + else if (res == CURLE_LOGIN_DENIED) +#else + else +#endif + credential_reject(&cred); + } + + credential_clear(&cred); + + return res != CURLE_OK; } #endif -int main(int argc, char **argv) +int cmd_main(int argc, const char **argv) { struct strbuf all_msgs = STRBUF_INIT; int total; int nongit_ok; - git_extract_argv0_path(argv[0]); - - git_setup_gettext(); - setup_git_directory_gently(&nongit_ok); git_imap_config(); |