diff options
| -rw-r--r-- | Makefile.am | 5 | ||||
| -rw-r--r-- | fetchmail.h | 9 | ||||
| -rw-r--r-- | imap.c | 50 | ||||
| -rw-r--r-- | ntlmsubr.c | 74 | ||||
| -rw-r--r-- | pop3.c | 53 | ||||
| -rw-r--r-- | rfc822.c | 2 | ||||
| -rw-r--r-- | sink.c | 2 | ||||
| -rw-r--r-- | smbutil.c | 32 | ||||
| -rw-r--r-- | socket.c | 10 | ||||
| -rw-r--r-- | ucs/norm_charmap.c | 1 | ||||
| -rw-r--r-- | ucs/norm_charmap.h | 7 |
11 files changed, 123 insertions, 122 deletions
diff --git a/Makefile.am b/Makefile.am index 211da3ae..973bf400 100644 --- a/Makefile.am +++ b/Makefile.am @@ -39,7 +39,7 @@ libfm_a_SOURCES= xmalloc.c base64.c rfc822.c report.c rfc2047e.c \ libesmtp/gethostbyname.h libesmtp/gethostbyname.c \ smbtypes.h fm_getaddrinfo.c tls.c rfc822valid.c \ xmalloc.h sdump.h sdump.c x509_name_match.c \ - fm_strl.h + fm_strl.h ntlmsubr.c libfm_a_LIBADD= $(EXTRAOBJ) libfm_a_DEPENDENCIES= $(EXTRAOBJ) LDADD = libfm.a @LIBINTL@ $(LIBOBJS) @@ -71,7 +71,8 @@ fetchmail_SOURCES= fetchmail.h getopt.h \ opie.c interface.c netrc.c \ unmime.c conf.c checkalias.c \ lock.h lock.c \ - rcfile_l.l rcfile_y.y ucs/norm_charmap.c + rcfile_l.l rcfile_y.y \ + ucs/norm_charmap.c ucs/norm_charmap.h if POP2_ENABLE fetchmail_SOURCES += pop2.c endif diff --git a/fetchmail.h b/fetchmail.h index 4ad810a2..f6c6a4ec 100644 --- a/fetchmail.h +++ b/fetchmail.h @@ -476,8 +476,8 @@ extern char *sdps_envto; extern const char *iana_charset; /* IANA assigned charset name */ -/* from ucs/norm_charmap.c */ -const char *norm_charmap(const char *name); +/* from/for ucs/norm_charmap.c */ +#include "ucs/norm_charmap.h" /* prototypes for globally callable functions */ @@ -767,6 +767,11 @@ int rfc822_valid_msgid(const unsigned char *); /* prototype from x509_name_match.c */ int name_match(const char *p1, const char *p2); +/* prototype from ntlmsubr.c */ +#ifdef NTLM_ENABLE +int ntlm_helper(int sock, struct query *ctl, const char *protocol); +#endif + /* macro to determine if we want to spam progress to stdout */ #define want_progress() \ ((outlevel >= O_VERBOSE || (outlevel > O_SILENT && run.showdots)) \ @@ -290,57 +290,13 @@ static int imap_ok(int sock, char *argbuf) static int do_imap_ntlm(int sock, struct query *ctl) { - tSmbNtlmAuthRequest request; - tSmbNtlmAuthChallenge challenge; - tSmbNtlmAuthResponse response; - - char msgbuf[2048]; - int result,len; + int result; gen_send(sock, "AUTHENTICATE NTLM"); - if ((result = gen_recv(sock, msgbuf, sizeof msgbuf))) - return result; - - if (msgbuf[0] != '+') - return PS_AUTHFAIL; - - buildSmbNtlmAuthRequest(&request,ctl->remotename,NULL); - - if (outlevel >= O_DEBUG) - dumpSmbNtlmAuthRequest(stdout, &request); - - memset(msgbuf,0,sizeof msgbuf); - to64frombits (msgbuf, &request, SmbLength(&request)); - - if (outlevel >= O_MONITOR) - report(stdout, "IMAP> %s\n", msgbuf); - - strcat(msgbuf,"\r\n"); - SockWrite (sock, msgbuf, strlen (msgbuf)); - - if ((gen_recv(sock, msgbuf, sizeof msgbuf))) + if ((result = ntlm_helper(sock, ctl, "IMAP"))) return result; - - len = from64tobits (&challenge, msgbuf, sizeof(challenge)); - - if (outlevel >= O_DEBUG) - dumpSmbNtlmAuthChallenge(stdout, &challenge); - - buildSmbNtlmAuthResponse(&challenge, &response,ctl->remotename,ctl->password); - - if (outlevel >= O_DEBUG) - dumpSmbNtlmAuthResponse(stdout, &response); - - memset(msgbuf,0,sizeof msgbuf); - to64frombits (msgbuf, &response, SmbLength(&response)); - - if (outlevel >= O_MONITOR) - report(stdout, "IMAP> %s\n", msgbuf); - - strcat(msgbuf,"\r\n"); - SockWrite (sock, msgbuf, strlen (msgbuf)); - + result = imap_ok (sock, NULL); if (result == PS_SUCCESS) return PS_SUCCESS; diff --git a/ntlmsubr.c b/ntlmsubr.c new file mode 100644 index 00000000..ab685ff0 --- /dev/null +++ b/ntlmsubr.c @@ -0,0 +1,74 @@ +#include "config.h" + +#ifdef NTLM_ENABLE +#include "fetchmail.h" +#include "ntlm.h" +#include "socket.h" + +#include <string.h> + +int ntlm_helper(int sock, struct query *ctl, const char *proto) +{ +/* + * NTLM support by Grant Edwards. + * + * Handle MS-Exchange NTLM authentication method. This is the same + * as the NTLM auth used by Samba for SMB related services. We just + * encode the packets in base64 instead of sending them out via a + * network interface. + * + * Much source (ntlm.h, smb*.c smb*.h) was borrowed from Samba. + */ + tSmbNtlmAuthRequest request; + tSmbNtlmAuthChallenge challenge; + tSmbNtlmAuthResponse response; + + char msgbuf[2048]; + int result; + + if ((result = gen_recv(sock, msgbuf, sizeof msgbuf))) + return result; + + if (0 != strcmp(msgbuf, "+ ")) + return PS_AUTHFAIL; + + buildSmbNtlmAuthRequest(&request,ctl->remotename,NULL); + + if (outlevel >= O_DEBUG) + dumpSmbNtlmAuthRequest(stdout, &request); + + memset(msgbuf,0,sizeof msgbuf); + to64frombits (msgbuf, &request, SmbLength(&request)); + + if (outlevel >= O_MONITOR) + report(stdout, "%s> %s\n", proto, msgbuf); + + strcat(msgbuf,"\r\n"); + SockWrite (sock, msgbuf, strlen (msgbuf)); + + if ((gen_recv(sock, msgbuf, sizeof msgbuf))) + return result; + + (void)from64tobits (&challenge, msgbuf, sizeof(challenge)); + + if (outlevel >= O_DEBUG) + dumpSmbNtlmAuthChallenge(stdout, &challenge); + + buildSmbNtlmAuthResponse(&challenge, &response,ctl->remotename,ctl->password); + + if (outlevel >= O_DEBUG) + dumpSmbNtlmAuthResponse(stdout, &response); + + memset(msgbuf,0,sizeof msgbuf); + to64frombits (msgbuf, &response, SmbLength(&response)); + + if (outlevel >= O_MONITOR) + report(stdout, "%s> %s\n", proto, msgbuf); + + strcat(msgbuf,"\r\n"); + SockWrite (sock, msgbuf, strlen (msgbuf)); + + return PS_SUCCESS; +} + +#endif /* NTLM_ENABLE */ @@ -82,60 +82,17 @@ char *sdps_envto; static int do_pop3_ntlm(int sock, struct query *ctl, int msn_instead /** if true, send AUTH MSN, else send AUTH NTLM */) { - tSmbNtlmAuthRequest request; - tSmbNtlmAuthChallenge challenge; - tSmbNtlmAuthResponse response; + char msgbuf[POPBUFSIZE+1]; + int result; - char msgbuf[2048]; - int result,len; - gen_send(sock, msn_instead ? "AUTH MSN" : "AUTH NTLM"); - if ((result = gen_recv(sock, msgbuf, sizeof msgbuf))) + if ((result = ntlm_helper(sock, ctl, "POP3"))) return result; - - if (msgbuf[0] != '+') - return PS_AUTHFAIL; - - buildSmbNtlmAuthRequest(&request,ctl->remotename,NULL); - - if (outlevel >= O_DEBUG) - dumpSmbNtlmAuthRequest(stdout, &request); - - memset(msgbuf,0,sizeof msgbuf); - to64frombits (msgbuf, &request, SmbLength(&request)); - - if (outlevel >= O_MONITOR) - report(stdout, "POP3> %s\n", msgbuf); - - strcat(msgbuf,"\r\n"); - SockWrite (sock, msgbuf, strlen (msgbuf)); - - if ((gen_recv(sock, msgbuf, sizeof msgbuf))) - return result; - - len = from64tobits (&challenge, msgbuf, sizeof(msgbuf)); - - if (outlevel >= O_DEBUG) - dumpSmbNtlmAuthChallenge(stdout, &challenge); - - buildSmbNtlmAuthResponse(&challenge, &response,ctl->remotename,ctl->password); - - if (outlevel >= O_DEBUG) - dumpSmbNtlmAuthResponse(stdout, &response); - - memset(msgbuf,0,sizeof msgbuf); - to64frombits (msgbuf, &response, SmbLength(&response)); - - if (outlevel >= O_MONITOR) - report(stdout, "POP3> %s\n", msgbuf); - - strcat(msgbuf,"\r\n"); - SockWrite (sock, msgbuf, strlen (msgbuf)); - + if ((result = gen_recv (sock, msgbuf, sizeof msgbuf))) return result; - + if (strstr (msgbuf, "OK")) return PS_SUCCESS; else @@ -439,6 +439,8 @@ int main(int argc, char *argv[]) break; } + longbuf[0] = '\0'; + while (fgets(buf, sizeof(buf)-1, stdin)) { if (buf[0] == ' ' || buf[0] == '\t') @@ -1399,8 +1399,6 @@ int close_sink(struct query *ctl, struct msgblk *msg, flag forward) e = errno; sinkfp = (FILE *)NULL; } - else - rc = e = 0; deal_with_sigchld(); /* Restore SIGCHLD handling to reap zombies */ @@ -44,23 +44,23 @@ else \ #define AddString(ptr, header, string) \ { \ -char *p = string; \ -int len = 0; \ -if (p) len = strlen(p); \ -AddBytes(ptr, header, ((unsigned char*)p), len); \ +char *p_ = string; \ +int len_ = 0; \ +if (p_) len_ = strlen(p_); \ +AddBytes(ptr, header, ((unsigned char*)p_), len_); \ } #define AddUnicodeString(ptr, header, string) \ { \ -char *p = string; \ -unsigned char *b = NULL; \ -int len = 0; \ -if (p) \ +char *p_ = string; \ +unsigned char *b_ = NULL; \ +int len_ = 0; \ +if (p_) \ { \ - len = strlen(p); \ - b = strToUnicode(p); \ + len_ = strlen(p_); \ + b_ = strToUnicode(p_); \ } \ -AddBytes(ptr, header, b, len*2); \ +AddBytes(ptr, header, b_, len_*2); \ } @@ -148,17 +148,17 @@ void dumpSmbNtlmAuthRequest(FILE *fp, tSmbNtlmAuthRequest *request) { fprintf(fp,"NTLM Request:\n"); fprintf(fp," Ident = %s\n",request->ident); - fprintf(fp," mType = %d\n",IVAL(&request->msgType,0)); + fprintf(fp," mType = %ld\n",(long int)IVAL(&request->msgType,0)); fprintf(fp," Flags = %08x\n",IVAL(&request->flags,0)); - fprintf(fp," User = %s\n",GetString(request,user)); - fprintf(fp," Domain = %s\n",GetString(request,domain)); + fprintf(fp," User = %s\n",(char *)GetString(request,user)); + fprintf(fp," Domain = %s\n",(char *)GetString(request,domain)); } void dumpSmbNtlmAuthChallenge(FILE *fp, tSmbNtlmAuthChallenge *challenge) { fprintf(fp,"NTLM Challenge:\n"); fprintf(fp," Ident = %s\n",challenge->ident); - fprintf(fp," mType = %d\n",IVAL(&challenge->msgType,0)); + fprintf(fp," mType = %ld\n",(long int)IVAL(&challenge->msgType,0)); fprintf(fp," Domain = %s\n",GetUnicodeString(challenge,uDomain)); fprintf(fp," Flags = %08x\n",IVAL(&challenge->flags,0)); fprintf(fp," Challenge = "); dumpRaw(fp, challenge->challengeData,8); @@ -168,7 +168,7 @@ void dumpSmbNtlmAuthResponse(FILE *fp, tSmbNtlmAuthResponse *response) { fprintf(fp,"NTLM Response:\n"); fprintf(fp," Ident = %s\n",response->ident); - fprintf(fp," mType = %d\n",IVAL(&response->msgType,0)); + fprintf(fp," mType = %ld\n",(long int)IVAL(&response->msgType,0)); fprintf(fp," LmResp = "); DumpBuffer(fp,response,lmResponse); fprintf(fp," NTResp = "); DumpBuffer(fp,response,ntResponse); fprintf(fp," Domain = %s\n",GetUnicodeString(response,uDomain)); @@ -687,20 +687,20 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict ) for (j = 0, r = sk_GENERAL_NAME_num(gens); j < r; ++j) { const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, j); if (gn->type == GEN_DNS) { - char *p1 = (char *)gn->d.ia5->data; - char *p2 = _ssl_server_cname; + char *pp1 = (char *)gn->d.ia5->data; + char *pp2 = _ssl_server_cname; if (outlevel >= O_VERBOSE) { - report(stdout, GT_("Subject Alternative Name: %s\n"), (tt = sdump(p1, (size_t)gn->d.ia5->length))); + report(stdout, GT_("Subject Alternative Name: %s\n"), (tt = sdump(pp1, (size_t)gn->d.ia5->length))); xfree(tt); } /* Name contains embedded NUL characters, so we complain. This * is likely a certificate spoofing attack. */ - if ((size_t)gn->d.ia5->length != strlen(p1)) { + if ((size_t)gn->d.ia5->length != strlen(pp1)) { report(stderr, GT_("Bad certificate: Subject Alternative Name contains NUL, aborting!\n")); sk_GENERAL_NAME_free(gens); return 0; } - if (name_match(p1, p2)) { + if (name_match(pp1, pp2)) { matched = 1; } } diff --git a/ucs/norm_charmap.c b/ucs/norm_charmap.c index e2a9aaf9..dedad326 100644 --- a/ucs/norm_charmap.c +++ b/ucs/norm_charmap.c @@ -25,6 +25,7 @@ */ #include "config.h" /* import AC_C_CONST effects */ +#include "norm_charmap.h" #include <string.h> diff --git a/ucs/norm_charmap.h b/ucs/norm_charmap.h new file mode 100644 index 00000000..a051231d --- /dev/null +++ b/ucs/norm_charmap.h @@ -0,0 +1,7 @@ +#ifndef _NORM_CHARMAP_H_ +#define _NORM_CHARMAP_H_ + +/* norm_charmap.c */ +const char *norm_charmap(const char *name); + +#endif |