aboutsummaryrefslogtreecommitdiffstats
path: root/camel/providers/imap/camel-imap-auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'camel/providers/imap/camel-imap-auth.c')
-rw-r--r--camel/providers/imap/camel-imap-auth.c195
1 files changed, 0 insertions, 195 deletions
diff --git a/camel/providers/imap/camel-imap-auth.c b/camel/providers/imap/camel-imap-auth.c
deleted file mode 100644
index 3bf1af6535..0000000000
--- a/camel/providers/imap/camel-imap-auth.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
-/* camel-imap-auth.c: IMAP AUTHENTICATE implementations */
-
-/*
- * Authors: Dan Winship <danw@helixcode.com>
- *
- * Copyright 2000 Helix Code, Inc. (www.helixcode.com)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA.
- *
- */
-
-#include <config.h>
-
-#include <string.h>
-
-#ifdef HAVE_KRB4
-#include <krb.h>
-/* MIT krb4 des.h #defines _. Sigh. We don't need it. */
-#undef _
-#endif
-
-#include "camel-exception.h"
-#include "camel-mime-utils.h"
-
-#include "camel-imap-auth.h"
-#include "camel-imap-command.h"
-#include "camel-imap-utils.h"
-
-static char *
-base64_encode_simple (const char *data, int len)
-{
- unsigned char *out;
- int state = 0, outlen;
- unsigned int save = 0;
-
- out = g_malloc (len * 4 / 3 + 5);
- outlen = base64_encode_close ((unsigned char *)data, len, FALSE,
- out, &state, &save);
- out[outlen] = '\0';
- return (char *)out;
-}
-
-static int
-base64_decode_simple (char *data, int len)
-{
- int state = 0;
- unsigned int save = 0;
-
- return base64_decode_step ((unsigned char *)data, len,
- (unsigned char *)data, &state, &save);
-}
-
-#ifdef HAVE_KRB4
-#define IMAP_KERBEROS_V4_PROTECTION_NONE 1
-#define IMAP_KERBEROS_V4_PROTECTION_INTEGRITY 2
-#define IMAP_KERBEROS_V4_PROTECTION_PRIVACY 4
-
-gboolean
-imap_try_kerberos_v4_auth (CamelImapStore *store, CamelException *ex)
-{
- CamelImapResponse *response;
- char *resp, *data;
- int status, len;
- char *inst, *realm, *buf, *username;
- guint32 nonce_n, nonce_h, plus1;
- struct hostent *h;
- KTEXT_ST authenticator;
- CREDENTIALS credentials;
- des_cblock session;
- des_key_schedule schedule;
-
- /* The kickoff. */
- response = camel_imap_command (store, NULL, ex,
- "AUTHENTICATE KERBEROS_V4");
- if (!response)
- return FALSE;
- resp = camel_imap_response_extract_continuation (response, ex);
- if (!resp)
- return FALSE;
- data = imap_next_word (resp);
-
- /* First server response is a base64-encoded 32-bit random number
- * ("nonce") in network byte order.
- */
- if (strlen (data) != 8 || base64_decode_simple (data, 8) != 4) {
- g_free (resp);
- goto lose;
- }
- memcpy (&nonce_n, data, 4);
- g_free (resp);
- nonce_h = ntohl (nonce_n);
-
- /* Our response is an authenticator including that number. */
- h = camel_service_gethost (CAMEL_SERVICE (store), ex);
- if (!h)
- goto lose;
- inst = g_strndup (h->h_name, strcspn (h->h_name, "."));
- g_strdown (inst);
- realm = g_strdup (krb_realmofhost (h->h_name));
- status = krb_mk_req (&authenticator, "imap", inst, realm, nonce_h);
- if (status == KSUCCESS) {
- status = krb_get_cred ("imap", inst, realm, &credentials);
- memcpy (session, credentials.session, sizeof (session));
- memset (&credentials, 0, sizeof (credentials));
- }
- g_free (inst);
- g_free (realm);
-
- if (status != KSUCCESS) {
- camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE,
- _("Could not get Kerberos ticket:\n%s"),
- krb_err_txt[status]);
- goto lose;
- }
- des_key_sched (&session, schedule);
-
- buf = base64_encode_simple (authenticator.dat, authenticator.length);
- response = camel_imap_command_continuation (store, ex, buf);
- g_free (buf);
- if (!response)
- goto lose;
- resp = camel_imap_response_extract_continuation (response, ex);
- if (!resp)
- goto lose;
- data = imap_next_word (resp);
-
- len = strlen (data);
- base64_decode_simple (data, strlen (data));
-
- /* This one is encrypted. */
- des_ecb_encrypt ((des_cblock *)data, (des_cblock *)data, schedule, 0);
-
- /* Check that the returned value is the original nonce plus one. */
- memcpy (&plus1, data, 4);
- if (ntohl (plus1) != nonce_h + 1) {
- g_free (resp);
- goto lose;
- }
-
- /* "the fifth octet contain[s] a bit-mask specifying the
- * protection mechanisms supported by the server"
- */
- if (!(data[4] & IMAP_KERBEROS_V4_PROTECTION_NONE)) {
- g_warning ("Server does not support `no protection' :-(");
- g_free (resp);
- goto lose;
- }
- g_free (resp);
-
- username = CAMEL_SERVICE (store)->url->user;
- len = strlen (username) + 9;
- len += 8 - len % 8;
- data = g_malloc0 (len);
- memcpy (data, &nonce_n, 4);
- data[4] = IMAP_KERBEROS_V4_PROTECTION_NONE;
- data[5] = data[6] = data[7] = 0;
- strcpy (data + 8, username);
-
- des_pcbc_encrypt ((des_cblock *)data, (des_cblock *)data, len,
- schedule, &session, 1);
- memset (&session, 0, sizeof (session));
- buf = base64_encode_simple (data, len);
- g_free (data);
-
- response = camel_imap_command_continuation (store, ex, buf);
- if (!response)
- goto lose;
- camel_imap_response_free (response);
- return TRUE;
-
- lose:
- memset (&session, 0, sizeof (session));
-
- /* Get the server out of "waiting for continuation data" mode.
- */
- response = camel_imap_command_continuation (store, NULL, "*");
- if (response)
- camel_imap_response_free (response);
-
- return FALSE;
-}
-#endif /* HAVE_KRB4 */