NeoMutt  2025-09-05-55-g97fc89
Teaching an old dog new tricks
 		DOXYGEN
Loading...
Searching...
No Matches
Functions
auth_oauth.c File Reference

IMAP OAUTH authentication method. More...

#include "config.h"
#include <stdbool.h>
#include <stdio.h>
#include "private.h"
#include "mutt/lib.h"
#include "config/lib.h"
#include "core/lib.h"
#include "conn/lib.h"
#include "auth.h"
#include "adata.h"
#include "mutt_logging.h"
+ Include dependency graph for auth_oauth.c:

Go to the source code of this file.

Functions

static enum ImapAuthRes imap_auth_oauth_xoauth2 (struct ImapAccountData *adata, const char *method, bool xoauth2)
 Authenticate an IMAP connection using OAUTHBEARER or XOAUTH2.
 
enum ImapAuthRes imap_auth_oauth (struct ImapAccountData *adata, const char *method)
 Authenticate an IMAP connection using OAUTHBEARER - Implements ImapAuth::authenticate() -.
 
enum ImapAuthRes imap_auth_xoauth2 (struct ImapAccountData *adata, const char *method)
 Authenticate an IMAP connection using XOAUTH2 - Implements ImapAuth::authenticate() -.
 

Detailed Description

IMAP OAUTH authentication method.

Authors
  • Brendan Cully
  • Brandon Long
  • Richard Russon
  • Ryan Kavanagh
Copyright
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

Definition in file auth_oauth.c.

Function Documentation

◆ imap_auth_oauth_xoauth2()

static enum ImapAuthRes imap_auth_oauth_xoauth2 ( struct ImapAccountData * adata,
const char * method,
bool xoauth2 )
static

Authenticate an IMAP connection using OAUTHBEARER or XOAUTH2.

Parameters
adataImap Account data
methodUse this named method, or any available method if NULL
xoauth2Use xoauth2 token (if true) or oauthbearer token (if false)
Return values
numImapAuth::ImapAuthRes Result, e.g. IMAP_AUTH_SUCCESS

Definition at line 51 of file auth_oauth.c.

53{
54 char *ibuf = NULL;
55 char *oauthbearer = NULL;
56 const char *authtype = xoauth2 ? "XOAUTH2" : "OAUTHBEARER";
57 int rc;
58
59 /* For now, we only support SASL_IR also and over TLS */
60 if ((xoauth2 && !(adata->capabilities & IMAP_CAP_AUTH_XOAUTH2)) ||
61 (!xoauth2 && !(adata->capabilities & IMAP_CAP_AUTH_OAUTHBEARER)) ||
62 !(adata->capabilities & IMAP_CAP_SASL_IR) || (adata->conn->ssf == 0))
63 {
64 return IMAP_AUTH_UNAVAIL;
65 }
66
67 /* If they did not explicitly request or configure oauth then fail quietly */
68 const char *const c_imap_oauth_refresh_command = cs_subset_string(NeoMutt->sub, "imap_oauth_refresh_command");
69 if (!method && !c_imap_oauth_refresh_command)
70 return IMAP_AUTH_UNAVAIL;
71
72 // L10N: (%s) is the method name, e.g. Anonymous, CRAM-MD5, GSSAPI, SASL
73 mutt_message(_("Authenticating (%s)..."), authtype);
74
75 /* We get the access token from the imap_oauth_refresh_command */
76 oauthbearer = mutt_account_getoauthbearer(&adata->conn->account, xoauth2);
77 if (!oauthbearer)
78 return IMAP_AUTH_FAILURE;
79
80 mutt_str_asprintf(&ibuf, "AUTHENTICATE %s %s", authtype, oauthbearer);
81
82 /* This doesn't really contain a password, but the token is good for
83 * an hour, so suppress it anyways. */
84 rc = imap_exec(adata, ibuf, IMAP_CMD_PASS);
85
86 FREE(&oauthbearer);
87 FREE(&ibuf);
88
89 if (rc != IMAP_EXEC_SUCCESS)
90 {
91 /* The error response was in SASL continuation, so continue the SASL
92 * to cause a failure and exit SASL input. See RFC7628 3.2.3 */
93 mutt_socket_send(adata->conn, "\001");
94 rc = imap_exec(adata, ibuf, IMAP_CMD_NO_FLAGS);
95 }
96
97 if (rc == IMAP_EXEC_SUCCESS)
98 {
99 mutt_clear_error();
100 return IMAP_AUTH_SUCCESS;
101 }
102
103 // L10N: %s is the method name, e.g. Anonymous, CRAM-MD5, GSSAPI, SASL
104 mutt_error(_("%s authentication failed"), authtype);
105 return IMAP_AUTH_FAILURE;
106}
IMAP_AUTH_FAILURE
@ IMAP_AUTH_FAILURE
Authentication failed.
Definition auth.h:41
IMAP_AUTH_SUCCESS
@ IMAP_AUTH_SUCCESS
Authentication successful.
Definition auth.h:40
IMAP_AUTH_UNAVAIL
@ IMAP_AUTH_UNAVAIL
Authentication method not permitted.
Definition auth.h:42
cs_subset_string
const char * cs_subset_string(const struct ConfigSubset *sub, const char *name)
Get a string config item by name.
Definition helpers.c:291
mutt_account_getoauthbearer
char * mutt_account_getoauthbearer(struct ConnAccount *cac, bool xoauth2)
Get an OAUTHBEARER/XOAUTH2 token.
Definition connaccount.c:196
mutt_error
#define mutt_error(...)
Definition logging2.h:93
mutt_message
#define mutt_message(...)
Definition logging2.h:92
imap_exec
int imap_exec(struct ImapAccountData *adata, const char *cmdstr, ImapCmdFlags flags)
Execute a command and wait for the response from the server.
Definition command.c:1302
IMAP_CMD_NO_FLAGS
#define IMAP_CMD_NO_FLAGS
No flags are set.
Definition private.h:71
IMAP_CMD_PASS
#define IMAP_CMD_PASS
Command contains a password. Suppress logging.
Definition private.h:72
IMAP_EXEC_SUCCESS
@ IMAP_EXEC_SUCCESS
Imap command executed or queued successfully.
Definition private.h:82
IMAP_CAP_SASL_IR
#define IMAP_CAP_SASL_IR
SASL initial response draft.
Definition private.h:134
IMAP_CAP_AUTH_XOAUTH2
#define IMAP_CAP_AUTH_XOAUTH2
AUTH=XOAUTH2, deprecated but used by OWA.
Definition private.h:130
IMAP_CAP_AUTH_OAUTHBEARER
#define IMAP_CAP_AUTH_OAUTHBEARER
RFC7628: AUTH=OAUTHBEARER.
Definition private.h:129
FREE
#define FREE(x)
Definition memory.h:62
_
#define _(a)
Definition message.h:28
mutt_str_asprintf
int mutt_str_asprintf(char **strp, const char *fmt,...)
Definition string.c:803
mutt_clear_error
void mutt_clear_error(void)
Clear the message line (bottom line of screen)
Definition mutt_logging.c:74
mutt_socket_send
#define mutt_socket_send(conn, buf)
Definition socket.h:57
Connection::ssf
unsigned int ssf
Security strength factor, in bits (see notes)
Definition connection.h:50
Connection::account
struct ConnAccount account
Account details: username, password, etc.
Definition connection.h:49
ImapAccountData::capabilities
ImapCapFlags capabilities
Capability flags.
Definition adata.h:55
ImapAccountData::conn
struct Connection * conn
Connection to IMAP server.
Definition adata.h:41
NeoMutt
Container for Accounts, Notifications.
Definition neomutt.h:43
NeoMutt::sub
struct ConfigSubset * sub
Inherited config items.
Definition neomutt.h:47
+ Here is the call graph for this function:
+ Here is the caller graph for this function: