From c9fc05a6bfdfd50231d58fe572e524108089c98d Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Sun, 26 Jan 2020 02:34:43 -0700 Subject: * Add support for the OAUTHBEARER authentication method in Gmail. Thanks to Alexander Perlis for suggesting it and explaining how the method works. --- imap/src/c-client/auth_ext.c | 5 +++-- imap/src/c-client/auth_gss.c | 5 +++-- imap/src/c-client/auth_log.c | 5 +++-- imap/src/c-client/auth_md5.c | 6 +++--- imap/src/c-client/auth_ntl.c | 6 +++--- imap/src/c-client/auth_oa2.c | 26 +++++++++++++++++--------- imap/src/c-client/auth_pla.c | 5 +++-- imap/src/c-client/imap4r1.c | 6 +++--- imap/src/c-client/mail.h | 13 +++++++------ imap/src/c-client/nntp.c | 4 ++-- imap/src/c-client/pop3.c | 3 ++- imap/src/c-client/smtp.c | 4 ++-- imap/src/osdep/nt/makefile.nt | 5 +++-- imap/src/osdep/nt/makefile.ntk | 6 +++--- imap/src/osdep/nt/makefile.w2k | 6 +++--- imap/src/osdep/unix/Makefile | 4 ++-- 16 files changed, 62 insertions(+), 47 deletions(-) (limited to 'imap') diff --git a/imap/src/c-client/auth_ext.c b/imap/src/c-client/auth_ext.c index c8c5f4ac..b85f6bbf 100644 --- a/imap/src/c-client/auth_ext.c +++ b/imap/src/c-client/auth_ext.c @@ -1,4 +1,5 @@ /* ======================================================================== + * Copyright 2020 Eduardo Chappa * Copyright 1988-2006 University of Washington * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -27,7 +28,7 @@ */ long auth_external_client (authchallenge_t challenger,authrespond_t responder, - char *service,NETMBX *mb,void *stream, + char *service,NETMBX *mb,void *stream, unsigned long port, unsigned long *trial,char *user); char *auth_external_server (authresponse_t responder,int argc,char *argv[]); @@ -52,7 +53,7 @@ AUTHENTICATOR auth_ext = { /* secure, has full auth, hidden */ */ long auth_external_client (authchallenge_t challenger,authrespond_t responder, - char *service,NETMBX *mb,void *stream, + char *service,NETMBX *mb,void *stream, unsigned long port, unsigned long *trial,char *user) { void *challenge; diff --git a/imap/src/c-client/auth_gss.c b/imap/src/c-client/auth_gss.c index 66be8cce..c6cc9079 100644 --- a/imap/src/c-client/auth_gss.c +++ b/imap/src/c-client/auth_gss.c @@ -1,4 +1,5 @@ /* ======================================================================== + * Copyright 2020 Eduardo Chappa * Copyright 1988-2006 University of Washington * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -29,7 +30,7 @@ long auth_gssapi_valid (void); long auth_gssapi_client (authchallenge_t challenger,authrespond_t responder, - char *service,NETMBX *mb,void *stream, + char *service,NETMBX *mb,void *stream, unsigned long port, unsigned long *trial,char *user); long auth_gssapi_client_work (authchallenge_t challenger,gss_buffer_desc chal, authrespond_t responder,char *service,NETMBX *mb, @@ -89,7 +90,7 @@ long auth_gssapi_valid (void) */ long auth_gssapi_client (authchallenge_t challenger,authrespond_t responder, - char *service,NETMBX *mb,void *stream, + char *service,NETMBX *mb,void *stream,unsigned long port, unsigned long *trial,char *user) { gss_buffer_desc chal; diff --git a/imap/src/c-client/auth_log.c b/imap/src/c-client/auth_log.c index a54d6365..9c8d76ab 100644 --- a/imap/src/c-client/auth_log.c +++ b/imap/src/c-client/auth_log.c @@ -1,4 +1,5 @@ /* ======================================================================== + * Copyright 2020 Eduardo Chappa * Copyright 1988-2006 University of Washington * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -27,7 +28,7 @@ */ long auth_login_client (authchallenge_t challenger,authrespond_t responder, - char *service,NETMBX *mb,void *stream, + char *service,NETMBX *mb,void *stream, unsigned long port, unsigned long *trial,char *user); char *auth_login_server (authresponse_t responder,int argc,char *argv[]); @@ -55,7 +56,7 @@ AUTHENTICATOR auth_log = { */ long auth_login_client (authchallenge_t challenger,authrespond_t responder, - char *service,NETMBX *mb,void *stream, + char *service,NETMBX *mb,void *stream, unsigned long port, unsigned long *trial,char *user) { char *pwd = NIL; diff --git a/imap/src/c-client/auth_md5.c b/imap/src/c-client/auth_md5.c index d12fd299..fea96739 100644 --- a/imap/src/c-client/auth_md5.c +++ b/imap/src/c-client/auth_md5.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 - Eduardo Chappa + * Copyright 2016 - 2010 Eduardo Chappa * Last Modified: August 11, 2016 */ /* ======================================================================== @@ -45,7 +45,7 @@ typedef struct { long auth_md5_valid (void); long auth_md5_client (authchallenge_t challenger,authrespond_t responder, - char *service,NETMBX *mb,void *stream, + char *service,NETMBX *mb,void *stream, unsigned long port, unsigned long *trial,char *user); char *auth_md5_server (authresponse_t responder,int argc,char *argv[]); char *auth_md5_pwd (char *user); @@ -96,7 +96,7 @@ long auth_md5_valid (void) */ long auth_md5_client (authchallenge_t challenger,authrespond_t responder, - char *service,NETMBX *mb,void *stream, + char *service,NETMBX *mb,void *stream, unsigned long port, unsigned long *trial,char *user) { char *pwd = NIL,hshbuf[2*MD5DIGLEN + 1]; diff --git a/imap/src/c-client/auth_ntl.c b/imap/src/c-client/auth_ntl.c index 52ae9048..481ca0f8 100644 --- a/imap/src/c-client/auth_ntl.c +++ b/imap/src/c-client/auth_ntl.c @@ -1,5 +1,5 @@ /* ======================================================================== - * Copyright 2018 Eduardo Chappa + * Copyright 2018-2020 Eduardo Chappa * Copyright 2015 Imagination Technologies * Copyright 1988-2008 University of Washington * @@ -25,7 +25,7 @@ #include long auth_ntlm_client (authchallenge_t challenger,authrespond_t responder, - char *service,NETMBX *mb,void *stream, + char *service,NETMBX *mb,void *stream, unsigned long port, unsigned long *trial,char *user); AUTHENTICATOR auth_ntl = { /* secure, has full auth, hidden */ @@ -49,7 +49,7 @@ AUTHENTICATOR auth_ntl = { /* secure, has full auth, hidden */ */ long auth_ntlm_client (authchallenge_t challenger, authrespond_t responder, - char *service, NETMBX *mb, void *stream, + char *service, NETMBX *mb, void *stream, unsigned long port, unsigned long *trial, char *user) { tSmbNtlmAuthChallenge *challenge; diff --git a/imap/src/c-client/auth_oa2.c b/imap/src/c-client/auth_oa2.c index 7ac1cb23..bda9dd90 100644 --- a/imap/src/c-client/auth_oa2.c +++ b/imap/src/c-client/auth_oa2.c @@ -1,5 +1,5 @@ /* ======================================================================== - * Copyright 2018 Eduardo Chappa + * Copyright 2018 - 2020 Eduardo Chappa * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -12,12 +12,12 @@ */ long auth_oauth2_client (authchallenge_t challenger,authrespond_t responder, - char *service,NETMBX *mb,void *stream, + char *service,NETMBX *mb,void *stream, unsigned long port, unsigned long *trial,char *user); -void mm_login_oauth2_c_client_method (NETMBX *, char *, OAUTH2_S *, unsigned long, int *); - -char *oauth2_generate_state(void); +#ifndef HTTP_OAUTH2_INCLUDED +void mm_login_oauth2_c_client_method (NETMBX *, char *, char *, OAUTH2_S *, unsigned long, int *); +#endif /* HTTP_OAUTH2_INCLUDED */ AUTHENTICATOR auth_oa2 = { AU_HIDE, /* hidden */ @@ -31,6 +31,9 @@ AUTHENTICATOR auth_oa2 = { #define OAUTH2_USER "user=" #define OAUTH2_BEARER "auth=Bearer " +#ifndef OAUTH2_GENERATE_STATE +#define OAUTH2_GENERATE_STATE +char *oauth2_generate_state(void); /* we generate something like a guid, but not care about * anything, but that it is really random. */ @@ -57,6 +60,8 @@ char *oauth2_generate_state(void) rv[36] = '\0'; return cpystr(rv); } +#endif /* OAUTH2_GENERATE_STATE */ + /* Client authenticator @@ -71,7 +76,7 @@ char *oauth2_generate_state(void) */ long auth_oauth2_client (authchallenge_t challenger,authrespond_t responder, - char *service,NETMBX *mb,void *stream, + char *service,NETMBX *mb,void *stream, unsigned long port, unsigned long *trial,char *user) { char *u; @@ -145,7 +150,7 @@ long auth_oauth2_client (authchallenge_t challenger,authrespond_t responder, if(oauth2.param[OA2_RefreshToken].value) RefreshToken = cpystr(oauth2.param[OA2_RefreshToken].value); - mm_login_oauth2_c_client_method (mb, user, &oauth2, *trial, &tryanother); + mm_login_oauth2_c_client_method (mb, user, OA2NAME, &oauth2, *trial, &tryanother); /* * if we got an access token from the c_client_method call, @@ -207,6 +212,8 @@ long auth_oauth2_client (authchallenge_t challenger,authrespond_t responder, return ret; } +#ifndef HTTP_OAUTH2_INCLUDED +#define HTTP_OAUTH2_INCLUDED /* * The code above is enough to implement XOAUTH2, all one needs is the username * and access token and give it to the function above. However, normal users cannot @@ -219,7 +226,7 @@ long auth_oauth2_client (authchallenge_t challenger,authrespond_t responder, #include "json.h" void -mm_login_oauth2_c_client_method (NETMBX *mb, char *user, +mm_login_oauth2_c_client_method (NETMBX *mb, char *user, char *method, OAUTH2_S *oauth2, unsigned long trial, int *tryanother) { int i; @@ -232,7 +239,7 @@ mm_login_oauth2_c_client_method (NETMBX *mb, char *user, oauth2clientinfo_t ogci = (oauth2clientinfo_t) mail_parameters (NIL, GET_OA2CLIENTINFO, NIL); - if(ogci) (*ogci)(oauth2->name, &oauth2->param[OA2_Id].value, + if(ogci) (*ogci)(oauth2->name, method, &oauth2->param[OA2_Id].value, &oauth2->param[OA2_Secret].value); } @@ -359,3 +366,4 @@ mm_login_oauth2_c_client_method (NETMBX *mb, char *user, return; } } +#endif /* HTTP_OAUTH2_INCLUDED */ diff --git a/imap/src/c-client/auth_pla.c b/imap/src/c-client/auth_pla.c index 7888b23e..6b58948a 100644 --- a/imap/src/c-client/auth_pla.c +++ b/imap/src/c-client/auth_pla.c @@ -1,4 +1,5 @@ /* ======================================================================== + * Copyright 2020 Eduardo Chappa * Copyright 1988-2006 University of Washington * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -27,7 +28,7 @@ */ long auth_plain_client (authchallenge_t challenger,authrespond_t responder, - char *service,NETMBX *mb,void *stream, + char *service,NETMBX *mb,void *stream, unsigned long port, unsigned long *trial,char *user); char *auth_plain_server (authresponse_t responder,int argc,char *argv[]); @@ -52,7 +53,7 @@ AUTHENTICATOR auth_pla = { */ long auth_plain_client (authchallenge_t challenger,authrespond_t responder, - char *service,NETMBX *mb,void *stream, + char *service,NETMBX *mb,void *stream, unsigned long port, unsigned long *trial,char *user) { char *u, *pwd = NIL; diff --git a/imap/src/c-client/imap4r1.c b/imap/src/c-client/imap4r1.c index 97a43a86..86354d40 100644 --- a/imap/src/c-client/imap4r1.c +++ b/imap/src/c-client/imap4r1.c @@ -1,7 +1,7 @@ /* - * Copyright 2016-2018 Eduardo Chappa + * Copyright 2016-2020 Eduardo Chappa * - * Last Edited: May 5, 2018 Eduardo Chappa + * Last Edited: Jan 26, 2020 Eduardo Chappa * */ /* ======================================================================== @@ -1180,7 +1180,7 @@ long imap_auth (MAILSTREAM *stream,NETMBX *mb,char *tmp,char *usr) /* hide client authentication responses */ if (!(at->flags & AU_SECURE)) LOCAL->sensitive = T; ok = (*at->client) (imap_challenge,imap_response,"imap",mb,stream, - &trial,usr); + net_port(LOCAL->netstream),&trial,usr); LOCAL->sensitive = NIL; /* unhide */ /* make sure have a response */ if (!(reply = &LOCAL->reply)->tag) diff --git a/imap/src/c-client/mail.h b/imap/src/c-client/mail.h index 7ca9c28d..e6c0f695 100644 --- a/imap/src/c-client/mail.h +++ b/imap/src/c-client/mail.h @@ -1,7 +1,7 @@ /* * Copyright 2016-2020 Eduardo Chappa * - * Last Edited: July 21, 2018 Eduardo Chappa + * Last Edited: January 26, 2020 Eduardo Chappa * */ /* ======================================================================== @@ -1379,7 +1379,7 @@ typedef long (*authrespond_t) (void *stream,char *s,unsigned long size); typedef long (*authcheck_t) (void); typedef long (*authclient_t) (authchallenge_t challenger, authrespond_t responder,char *service,NETMBX *mb, - void *s,unsigned long *trial,char *user); + void *s, unsigned long port, unsigned long *trial,char *user); typedef char *(*authresponse_t) (void *challenge,unsigned long clen, unsigned long *rlen); typedef char *(*authserver_t) (authresponse_t responder,int argc,char *argv[]); @@ -1911,9 +1911,10 @@ int PSOUT (char *s); int PSOUTR (SIZEDTEXT *s); int PFLUSH (void); -/* XOAUTH Client-Side Support */ +/* XOAUTH2 and AUTHBEARER Client-Side Support */ #define OA2NAME "XOAUTH2" +#define BEARERNAME "OAUTHBEARER" #define OAUTH2_MAX_EQUIV (2) #define OAUTH2_TOT_EQUIV (OAUTH2_MAX_EQUIV + 2) @@ -1941,8 +1942,8 @@ typedef struct OA2_serverparam_s { } OAUTH2_SERVER_METHOD_S; typedef struct oauth2_s { - unsigned char *name; /* provider name */ - char *host[OAUTH2_TOT_EQUIV]; /* servers for which this data applies */ + unsigned char *name; /* provider name */ + char *host[OAUTH2_TOT_EQUIV]; /* servers for which this data applies */ OAUTH2_PARAM_S param[OA2_End]; /* parameters name and values for this server */ /* servers, methods and parameters to retrieve access code and tokens */ OAUTH2_SERVER_METHOD_S server_mthd[OA2_GetEnd]; @@ -1950,6 +1951,6 @@ typedef struct oauth2_s { unsigned long expiration; } OAUTH2_S; -typedef char *(*oauth2getaccesscode_t) (char *url, OAUTH2_S *, int *); +typedef char *(*oauth2getaccesscode_t) (char *, char *, OAUTH2_S *, int *); typedef void (*oauth2clientinfo_t)(char *name, char **id, char **secret); diff --git a/imap/src/c-client/nntp.c b/imap/src/c-client/nntp.c index 3fc2fe0d..51d20b7f 100644 --- a/imap/src/c-client/nntp.c +++ b/imap/src/c-client/nntp.c @@ -1,6 +1,6 @@ /* ======================================================================== + * Copyright 2019 - 2020 Eduardo Chappa * Copyright 2008-2011 Mark Crispin - * Copyright 2019 Eduardo Chappa * ======================================================================== */ @@ -2072,7 +2072,7 @@ long nntp_send_auth_work (SENDSTREAM *stream,NETMBX *mb,char *pwd,long flags) /* hide client authentication responses */ if (!(at->flags & AU_SECURE)) stream->sensitive = T; if ((*at->client) (nntp_challenge,nntp_response,"nntp",mb,stream, - &trial,usr)) { + net_port(stream->netstream), &trial,usr)) { if (stream->replycode == NNTPAUTHED) ret = LONGT; /* if main program requested cancellation */ else if (!trial) mm_log ("NNTP Authentication cancelled",ERROR); diff --git a/imap/src/c-client/pop3.c b/imap/src/c-client/pop3.c index 7ca07da8..94df54f6 100644 --- a/imap/src/c-client/pop3.c +++ b/imap/src/c-client/pop3.c @@ -1,4 +1,5 @@ /* ======================================================================== + * Copyright 2020 Eduardo Chappa * Copyright 2008-2011 Mark Crispin * ======================================================================== */ @@ -639,7 +640,7 @@ long pop3_auth (MAILSTREAM *stream,NETMBX *mb,char *pwd,char *usr) /* hide client authentication responses */ if (!(at->flags & AU_SECURE)) LOCAL->sensitive = T; if ((*at->client) (pop3_challenge,pop3_response,"pop",mb,stream, - &trial,usr) && LOCAL->response) { + net_port(LOCAL->netstream),&trial,usr) && LOCAL->response) { if (*LOCAL->response == '+') ret = LONGT; /* if main program requested cancellation */ else if (!trial) mm_log ("POP3 Authentication cancelled",ERROR); diff --git a/imap/src/c-client/smtp.c b/imap/src/c-client/smtp.c index d1c9a7cb..96abd5fa 100644 --- a/imap/src/c-client/smtp.c +++ b/imap/src/c-client/smtp.c @@ -1,5 +1,5 @@ /* ======================================================================== - * Copyright 2015-2018 Eduardo Chappa + * Copyright 2015-2020 Eduardo Chappa * Copyright 2008 Mark Crispin * ======================================================================== */ @@ -316,7 +316,7 @@ long smtp_auth (SENDSTREAM *stream,NETMBX *mb,char *tmp) /* hide client authentication responses */ if (!(at->flags & AU_SECURE)) stream->sensitive = T; if ((*at->client) (smtp_challenge,smtp_response,"smtp",mb,stream, - &trial,usr)) { + net_port(stream->netstream),&trial,usr)) { if (stream->replycode == SMTPAUTHED) { ESMTP.auth = NIL; /* disable authenticators */ ret = LONGT; diff --git a/imap/src/osdep/nt/makefile.nt b/imap/src/osdep/nt/makefile.nt index bf6816c2..83e74826 100644 --- a/imap/src/osdep/nt/makefile.nt +++ b/imap/src/osdep/nt/makefile.nt @@ -29,7 +29,7 @@ EXTRAAUTHENTICATORS = EXTRADRIVERS = EXTRACFLAGS = -AUTHENTICATORS = ext md5 pla oa2 log +AUTHENTICATORS = ext md5 pla bea oa2 log DRIVERS = imap nntp pop3 mbx mtx tenex unix CREATEDRIVER = mbx APPENDDRIVER = unix @@ -93,7 +93,8 @@ smtp.obj: mail.h smtp.h rfc822.h misc.h osdep.h smtp.c os_nt.obj: mail.h osdep.h env_nt.h fs.h ftl.h nl.h tcp.h tcp_nt.h yunchan.h \ os_nt.c fs_nt.c ftl_nt.c nl_nt.c env_nt.c ssl_nt.c ssl_none.c \ ip_nt.c tcp_nt.c yunchan.c pmatch.c write.c \ - mailfile.h auth_md5.c auth_ntl.c auth_pla.c auth_oa2.c auth_log.c + mailfile.h auth_md5.c auth_ntl.c auth_pla.c auth_bea.c auth_oa2.c \ + auth_log.c mbxnt.obj: mail.h misc.h osdep.h mbxnt.c diff --git a/imap/src/osdep/nt/makefile.ntk b/imap/src/osdep/nt/makefile.ntk index db04475a..52b68d9f 100644 --- a/imap/src/osdep/nt/makefile.ntk +++ b/imap/src/osdep/nt/makefile.ntk @@ -28,7 +28,7 @@ EXTRAAUTHENTICATORS = EXTRADRIVERS = EXTRACFLAGS = -AUTHENTICATORS = ext gss md5 pla oa2 log +AUTHENTICATORS = ext gss md5 pla bea oa2 log DRIVERS = imap nntp pop3 mbx mtx tenex unix CREATEDRIVER = mbx APPENDDRIVER = unix @@ -90,8 +90,8 @@ smtp.obj: mail.h smtp.h rfc822.h misc.h osdep.h smtp.c os_ntk.obj: mail.h osdep.h env_nt.h fs.h ftl.h nl.h tcp.h tcp_nt.h yunchan.h \ os_ntk.c fs_nt.c ftl_nt.c nl_nt.c env_nt.c ssl_nt.c ssl_none.c \ ip_nt.c tcp_nt.c yunchan.c pmatch.c write.c \ - mailfile.h auth_gss.c auth_md5.c auth_ntl.c auth_pla.c auth_oa2 auth_log.c \ - kerb_mit.c + mailfile.h auth_gss.c auth_md5.c auth_ntl.c auth_pla.c auth_bea.c \ + auth_oa2 auth_log.c kerb_mit.c mbxnt.obj: mail.h misc.h osdep.h mbxnt.c diff --git a/imap/src/osdep/nt/makefile.w2k b/imap/src/osdep/nt/makefile.w2k index 2a58a29c..9da6b452 100644 --- a/imap/src/osdep/nt/makefile.w2k +++ b/imap/src/osdep/nt/makefile.w2k @@ -28,7 +28,7 @@ IP=6 EXTRAAUTHENTICATORS = EXTRADRIVERS = EXTRACFLAGS = -AUTHENTICATORS = ext gss md5 pla oa2 log +AUTHENTICATORS = ext gss md5 pla bea oa2 log DRIVERS = imap nntp pop3 mbx mtx tenex unix CREATEDRIVER = mbx APPENDDRIVER = unix @@ -90,8 +90,8 @@ smtp.obj: mail.h smtp.h rfc822.h misc.h osdep.h smtp.c os_w2k.obj: mail.h osdep.h env_nt.h fs.h ftl.h nl.h tcp.h tcp_nt.h yunchan.h \ os_w2k.c fs_nt.c ftl_nt.c nl_nt.c env_nt.c ssl_w2k.c ssl_none.c \ ip_nt.c tcp_nt.c yunchan.c pmatch.c write.c \ - mailfile.h auth_gss.c auth_md5.c auth_ntl.c auth_pla.c auth_oa2.c auth_log.c \ - kerb_w2k.c + mailfile.h auth_gss.c auth_md5.c auth_ntl.c auth_pla.c auth_bea.c \ + auth_oa2.c auth_log.c kerb_w2k.c mbxnt.obj: mail.h misc.h osdep.h mbxnt.c diff --git a/imap/src/osdep/unix/Makefile b/imap/src/osdep/unix/Makefile index a30e8d51..ed33db0c 100644 --- a/imap/src/osdep/unix/Makefile +++ b/imap/src/osdep/unix/Makefile @@ -140,7 +140,7 @@ RANLIB=ranlib # Standard distribution build parameters -DEFAULTAUTHENTICATORS=ext md5 pla oa2 log +DEFAULTAUTHENTICATORS=ext md5 pla bea oa2 log # # mh needs to be after any other directory format drivers (such as mx or mix) # since otherwise mh will seize any directory that is under the mh path. @@ -933,7 +933,7 @@ osdep.o:mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \ gr_wait.c gr_wait4.c gr_waitp.c \ kerb_mit.c \ auth_ext.c auth_gss.c auth_log.c auth_md5.c auth_ntl.c \ - auth_oa2.c auth_pla.c \ + auth_bea.c auth_oa2.c auth_pla.c \ pmatch.c scandir.c setpgrp.c strerror.c truncate.c write.c \ memmove.c memmove2.c memset.c \ tz_bsd.c tz_nul.c tz_sv4.c \ -- cgit v1.2.3-70-g09d2