1 files changed, 133 insertions, 0 deletions
diff --git a/imap/src/c-client/auth_pla.c b/imap/src/c-client/auth_pla.c
new file mode 100644
index 00000000..73ca2259
--- /dev/null
+++ b/imap/src/c-client/auth_pla.c
@@ -0,0 +1,133 @@
+/* ========================================================================
+ * Copyright 1988-2006 University of Washington
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * 
+ * ========================================================================
+ */
+
+/*
+ * Program:	Plain authenticator
+ *
+ * Author:	Mark Crispin
+ *		Networks and Distributed Computing
+ *		Computing & Communications
+ *		University of Washington
+ *		Administration Building, AG-44
+ *		Seattle, WA  98195
+ *		Internet: MRC@CAC.Washington.EDU
+ *
+ * Date:	22 September 1998
+ * Last Edited:	30 August 2006
+ */
+
+long auth_plain_client (authchallenge_t challenger,authrespond_t responder,
+			char *service,NETMBX *mb,void *stream,
+			unsigned long *trial,char *user);
+char *auth_plain_server (authresponse_t responder,int argc,char *argv[]);
+
+AUTHENTICATOR auth_pla = {
+  AU_AUTHUSER | AU_HIDE,	/* allow authuser, hidden */
+  "PLAIN",			/* authenticator name */
+  NIL,				/* always valid */
+  auth_plain_client,		/* client method */
+  auth_plain_server,		/* server method */
+  NIL				/* next authenticator */
+};
+
+/* Client authenticator
+ * Accepts: challenger function
+ *	    responder function
+ *	    SASL service name
+ *	    parsed network mailbox structure
+ *	    stream argument for functions
+ *	    pointer to current trial count
+ *	    returned user name
+ * Returns: T if success, NIL otherwise, number of trials incremented if retry
+ */
+
+long auth_plain_client (authchallenge_t challenger,authrespond_t responder,
+			char *service,NETMBX *mb,void *stream,
+			unsigned long *trial,char *user)
+{
+  char *u,pwd[MAILTMPLEN];
+  void *challenge;
+  unsigned long clen;
+  long ret = NIL;
+				/* snarl if not SSL/TLS session */
+  if (!mb->sslflag && !mb->tlsflag)
+    mm_log ("SECURITY PROBLEM: insecure server advertised AUTH=PLAIN",WARN);
+				/* get initial (empty) challenge */
+  if (challenge = (*challenger) (stream,&clen)) {
+    fs_give ((void **) &challenge);
+    if (clen) {			/* abort if challenge non-empty */
+      mm_log ("Server bug: non-empty initial PLAIN challenge",WARN);
+      (*responder) (stream,NIL,0);
+      ret = LONGT;		/* will get a BAD response back */
+    }
+    pwd[0] = NIL;		/* prompt user if empty challenge */
+    mm_login (mb,user,pwd,*trial);
+    if (!pwd[0]) {		/* empty challenge or user requested abort */
+      (*responder) (stream,NIL,0);
+      *trial = 0;		/* cancel subsequent attempts */
+      ret = LONGT;		/* will get a BAD response back */
+    }
+    else {
+      unsigned long rlen = 
+	strlen (mb->authuser) + strlen (user) + strlen (pwd) + 2;
+      char *response = (char *) fs_get (rlen);
+      char *t = response;	/* copy authorization id */
+      if (mb->authuser[0]) for (u = user; *u; *t++ = *u++);
+      *t++ = '\0';		/* delimiting NUL */
+				/* copy authentication id */
+      for (u = mb->authuser[0] ? mb->authuser : user; *u; *t++ = *u++);
+      *t++ = '\0';		/* delimiting NUL */
+				/* copy password */
+      for (u = pwd; *u; *t++ = *u++);
+				/* send credentials */
+      if ((*responder) (stream,response,rlen)) {
+	if (challenge = (*challenger) (stream,&clen))
+	  fs_give ((void **) &challenge);
+	else {
+	  ++*trial;		/* can try again if necessary */
+	  ret = LONGT;		/* check the authentication */
+	}
+      }
+      memset (response,0,rlen);	/* erase credentials */
+      fs_give ((void **) &response);
+    }
+  }
+  memset (pwd,0,MAILTMPLEN);	/* erase password */
+  if (!ret) *trial = 65535;	/* don't retry if bad protocol */
+  return ret;
+}
+
+/* Server authenticator
+ * Accepts: responder function
+ *	    argument count
+ *	    argument vector
+ * Returns: authenticated user name or NIL
+ */
+
+char *auth_plain_server (authresponse_t responder,int argc,char *argv[])
+{
+  char *ret = NIL;
+  char *user,*aid,*pass;
+  unsigned long len;
+				/* get user name */
+  if (aid = (*responder) ("",0,&len)) {
+				/* note: responders null-terminate */
+    if ((((unsigned long) ((user = aid + strlen (aid) + 1) - aid)) < len) &&
+	(((unsigned long) ((pass = user + strlen (user) + 1) - aid)) < len) &&
+	(((unsigned long) ((pass + strlen (pass)) - aid)) == len) &&
+	(*aid ? server_login (aid,pass,user,argc,argv) :
+	 server_login (user,pass,NIL,argc,argv))) ret = myusername ();
+    fs_give ((void **) &aid);
+  }
+  return ret;
+}