POP Authentication API

Authenticate a POP connection. More...

Functions
static enum PopAuthRes	pop_auth_apop (struct PopAccountData *adata, const char *method)
	APOP authenticator - Implements PopAuth::authenticate() -.
static enum PopAuthRes	pop_auth_user (struct PopAccountData *adata, const char *method)
	USER authenticator - Implements PopAuth::authenticate() -.
static enum PopAuthRes	pop_auth_oauth (struct PopAccountData *adata, const char *method)
	Authenticate a POP connection using OAUTHBEARER - Implements PopAuth::authenticate() -.

Detailed Description

Authenticate a POP connection.

Parameters

adata	POP Account data
method	Name of this authentication method (UNUSED)

Return values

enum	PopAuthRes, e.g. POP_A_SUCCESS

Function Documentation

pop_auth_apop()

static enum PopAuthRes pop_auth_apop ( struct PopAccountData *  adata, const char *  method  )

static

APOP authenticator - Implements PopAuth::authenticate() -.

Definition at line 317 of file auth.c.

{
  struct Md5Ctx md5ctx = { 0 };
  unsigned char digest[16];
  char hash[33] = { 0 };
  char buf[1024] = { 0 };
 
  if (mutt_account_getpass(&adata->conn->account) || !adata->conn->account.pass[0])
    return POP_A_FAILURE;
 
  if (!adata->timestamp)
    return POP_A_UNAVAIL;
 
  if (!mutt_addr_valid_msgid(adata->timestamp))
  {
    mutt_error(_("POP timestamp is invalid"));
    return POP_A_UNAVAIL;
  }
 
  // L10N: (%s) is the method name, e.g. Anonymous, CRAM-MD5, GSSAPI, SASL
  mutt_message(_("Authenticating (%s)..."), "APOP");
 
  /* Compute the authentication hash to send to the server */
  mutt_md5_init_ctx(&md5ctx);
  mutt_md5_process(adata->timestamp, &md5ctx);
  mutt_md5_process(adata->conn->account.pass, &md5ctx);
  mutt_md5_finish_ctx(&md5ctx, digest);
  mutt_md5_toascii(digest, hash);
 
  /* Send APOP command to server */
  snprintf(buf, sizeof(buf), "APOP %s %s\r\n", adata->conn->account.user, hash);
 
  switch (pop_query(adata, buf, sizeof(buf)))
  {
    case 0:
      return POP_A_SUCCESS;
    case -1:
      return POP_A_SOCKET;
  }
 
  // L10N: %s is the method name, e.g. Anonymous, CRAM-MD5, GSSAPI, SASL
  mutt_error(_("%s authentication failed"), "APOP");
 
  return POP_A_FAILURE;
}

Here is the call graph for this function:

pop_auth_user()

static enum PopAuthRes pop_auth_user ( struct PopAccountData *  adata, const char *  method  )

static

USER authenticator - Implements PopAuth::authenticate() -.

Definition at line 366 of file auth.c.

{
  if (!adata->cmd_user)
    return POP_A_UNAVAIL;
 
  if (mutt_account_getpass(&adata->conn->account) || !adata->conn->account.pass[0])
    return POP_A_FAILURE;
 
  mutt_message(_("Logging in..."));
 
  char buf[1024] = { 0 };
  snprintf(buf, sizeof(buf), "USER %s\r\n", adata->conn->account.user);
  int rc = pop_query(adata, buf, sizeof(buf));
 
  if (adata->cmd_user == 2)
  {
    if (rc == 0)
    {
      adata->cmd_user = 1;
 
      mutt_debug(LL_DEBUG1, "set USER capability\n");
    }
 
    if (rc == -2)
    {
      adata->cmd_user = 0;
 
      mutt_debug(LL_DEBUG1, "unset USER capability\n");
      snprintf(adata->err_msg, sizeof(adata->err_msg), "%s",
               _("Command USER is not supported by server"));
    }
  }
 
  if (rc == 0)
  {
    snprintf(buf, sizeof(buf), "PASS %s\r\n", adata->conn->account.pass);
    const short c_debug_level = cs_subset_number(NeoMutt->sub, "debug_level");
    rc = pop_query_d(adata, buf, sizeof(buf),
                     /* don't print the password unless we're at the ungodly debugging level */
                     (c_debug_level < MUTT_SOCK_LOG_FULL) ? "PASS *\r\n" : NULL);
  }
 
  switch (rc)
  {
    case 0:
      return POP_A_SUCCESS;
    case -1:
      return POP_A_SOCKET;
  }
 
  mutt_error("%s %s", _("Login failed"), adata->err_msg);
 
  return POP_A_FAILURE;
}

Here is the call graph for this function:

pop_auth_oauth()

static enum PopAuthRes pop_auth_oauth ( struct PopAccountData *  adata, const char *  method  )

static

Authenticate a POP connection using OAUTHBEARER - Implements PopAuth::authenticate() -.

Definition at line 424 of file auth.c.

{
  /* If they did not explicitly request or configure oauth then fail quietly */
  const char *const c_pop_oauth_refresh_command = cs_subset_string(NeoMutt->sub, "pop_oauth_refresh_command");
  if (!method && !c_pop_oauth_refresh_command)
    return POP_A_UNAVAIL;
 
  // L10N: (%s) is the method name, e.g. Anonymous, CRAM-MD5, GSSAPI, SASL
  mutt_message(_("Authenticating (%s)..."), "OAUTHBEARER");
 
  char *oauthbearer = mutt_account_getoauthbearer(&adata->conn->account, false);
  if (!oauthbearer)
    return POP_A_FAILURE;
 
  char *auth_cmd = NULL;
  mutt_str_asprintf(&auth_cmd, "AUTH OAUTHBEARER %s\r\n", oauthbearer);
  FREE(&oauthbearer);
 
  int rc = pop_query_d(adata, auth_cmd, strlen(auth_cmd),
#ifdef DEBUG
                       /* don't print the bearer token unless we're at the ungodly debugging level */
                       (cs_subset_number(NeoMutt->sub, "debug_level") < MUTT_SOCK_LOG_FULL) ?
                           "AUTH OAUTHBEARER *\r\n" :
#endif
                           NULL);
  FREE(&auth_cmd);
 
  switch (rc)
  {
    case 0:
      return POP_A_SUCCESS;
    case -1:
      return POP_A_SOCKET;
  }
 
  /* The error response was a SASL continuation, so "continue" it.
   * See RFC7628 3.2.3 */
  mutt_socket_send(adata->conn, "\001");
 
  char *err = adata->err_msg;
  char decoded_err[1024] = { 0 };
  int len = mutt_b64_decode(adata->err_msg, decoded_err, sizeof(decoded_err) - 1);
  if (len >= 0)
  {
    decoded_err[len] = '\0';
    err = decoded_err;
  }
  mutt_error("%s %s", _("Authentication failed"), err);
 
  return POP_A_FAILURE;
}

Here is the call graph for this function: