NeoMutt  2025-12-11-980-ge38c27
Teaching an old dog new tricks
DOXYGEN
Loading...
Searching...
No Matches
sasl.h File Reference

SASL authentication support. More...

#include <sasl/sasl.h>
#include <stdbool.h>
+ Include dependency graph for sasl.h:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

bool sasl_auth_validator (const char *authenticator)
 SASL callback functions, e.g. mutt_sasl_cb_authname(), mutt_sasl_cb_pass()
 
int mutt_sasl_client_new (struct Connection *conn, sasl_conn_t **saslconn)
 Wrapper for sasl_client_new()
 
void mutt_sasl_cleanup (void)
 Invoke when processing is complete.
 
int mutt_sasl_interact (sasl_interact_t *interaction)
 Perform an SASL interaction with the user.
 
void mutt_sasl_setup_conn (struct Connection *conn, sasl_conn_t *saslconn)
 Set up an SASL connection.
 
int mutt_sasl_start (void)
 Initialise SASL library.
 

Detailed Description

SASL authentication support.

Authors
  • Richard Russon

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

Definition in file sasl.h.

Function Documentation

◆ sasl_auth_validator()

bool sasl_auth_validator ( const char * authenticator)

SASL callback functions, e.g. mutt_sasl_cb_authname(), mutt_sasl_cb_pass()

SASL secret, to store the password Validate an auth method against Cyrus SASL methods

Parameters
authenticatorName of the authenticator to validate
Return values
trueArgument matches an accepted auth method

Definition at line 133 of file sasl.c.

134{
135 for (size_t i = 0; i < countof(SaslAuthenticators); i++)
136 {
137 const char *auth = SaslAuthenticators[i];
138 if (mutt_istr_equal(auth, authenticator))
139 return true;
140 }
141
142 return false;
143}
#define countof(x)
Definition memory.h:49
bool mutt_istr_equal(const char *a, const char *b)
Compare two strings, ignoring case.
Definition string.c:678
static const char *const SaslAuthenticators[]
Authentication methods supported by Cyrus SASL.
Definition sasl.c:107
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mutt_sasl_client_new()

int mutt_sasl_client_new ( struct Connection * conn,
sasl_conn_t ** saslconn )

Wrapper for sasl_client_new()

Parameters
[in]connConnection to a server
[out]saslconnSASL connection
Return values
0Success
-1Error

which also sets various security properties. If this turns out to be fine for POP too we can probably stop exporting mutt_sasl_get_callbacks().

Definition at line 612 of file sasl.c.

613{
614 if (mutt_sasl_start() != SASL_OK)
615 return -1;
616
617 if (!conn->account.service)
618 {
619 mutt_error(_("Unknown SASL profile"));
620 return -1;
621 }
622
623 socklen_t size;
624
625 struct sockaddr_storage local = { 0 };
626 char iplocalport[IP_PORT_BUFLEN] = { 0 };
627 char *plp = NULL;
628 size = sizeof(local);
629 if (getsockname(conn->fd, (struct sockaddr *) &local, &size) == 0)
630 {
631 if (iptostring((struct sockaddr *) &local, size, iplocalport, IP_PORT_BUFLEN) == SASL_OK)
632 plp = iplocalport;
633 else
634 mutt_debug(LL_DEBUG2, "SASL failed to parse local IP address\n");
635 }
636 else
637 {
638 mutt_debug(LL_DEBUG2, "SASL failed to get local IP address\n");
639 }
640
641 struct sockaddr_storage remote = { 0 };
642 char ipremoteport[IP_PORT_BUFLEN] = { 0 };
643 char *prp = NULL;
644 size = sizeof(remote);
645 if (getpeername(conn->fd, (struct sockaddr *) &remote, &size) == 0)
646 {
647 if (iptostring((struct sockaddr *) &remote, size, ipremoteport, IP_PORT_BUFLEN) == SASL_OK)
648 prp = ipremoteport;
649 else
650 mutt_debug(LL_DEBUG2, "SASL failed to parse remote IP address\n");
651 }
652 else
653 {
654 mutt_debug(LL_DEBUG2, "SASL failed to get remote IP address\n");
655 }
656
657 mutt_debug(LL_DEBUG2, "SASL local ip: %s, remote ip:%s\n", NONULL(plp), NONULL(prp));
658
659 int rc = sasl_client_new(conn->account.service, conn->account.host, plp, prp,
660 mutt_sasl_get_callbacks(&conn->account), 0, saslconn);
661 if (rc != SASL_OK)
662 {
663 mutt_error(_("Error allocating SASL connection"));
664 return -1;
665 }
666
667 /* Work around a casting bug in the SASL krb4 module */
668 sasl_security_properties_t secprops = { 0 };
669 secprops.max_ssf = 0x7fff;
670 secprops.maxbufsize = MUTT_SASL_MAXBUF;
671 if (sasl_setprop(*saslconn, SASL_SEC_PROPS, &secprops) != SASL_OK)
672 {
673 mutt_error(_("Error setting SASL security properties"));
674 sasl_dispose(saslconn);
675 return -1;
676 }
677
678 if (conn->ssf != 0)
679 {
680 /* I'm not sure this actually has an effect, at least with SASLv2 */
681 mutt_debug(LL_DEBUG2, "External SSF: %d\n", conn->ssf);
682 if (sasl_setprop(*saslconn, SASL_SSF_EXTERNAL, &conn->ssf) != SASL_OK)
683 {
684 mutt_error(_("Error setting SASL external security strength"));
685 sasl_dispose(saslconn);
686 return -1;
687 }
688 }
689 if (conn->account.user[0])
690 {
691 mutt_debug(LL_DEBUG2, "External authentication name: %s\n", conn->account.user);
692 if (sasl_setprop(*saslconn, SASL_AUTH_EXTERNAL, conn->account.user) != SASL_OK)
693 {
694 mutt_error(_("Error setting SASL external user name"));
695 sasl_dispose(saslconn);
696 return -1;
697 }
698 }
699
700 return 0;
701}
#define mutt_error(...)
Definition logging2.h:94
#define mutt_debug(LEVEL,...)
Definition logging2.h:91
@ LL_DEBUG2
Log at debug level 2.
Definition logging2.h:46
#define _(a)
Definition message.h:28
#define MUTT_SASL_MAXBUF
Maximum size for SASL protection buffer.
Definition sasl.c:117
#define IP_PORT_BUFLEN
Buffer size for "host;port" string (NI_MAXHOST + NI_MAXSERV)
Definition sasl.c:120
int mutt_sasl_start(void)
Initialise SASL library.
Definition sasl.c:275
static sasl_callback_t * mutt_sasl_get_callbacks(struct ConnAccount *cac)
Get the SASL callback functions.
Definition sasl.c:390
static int iptostring(const struct sockaddr *addr, socklen_t addrlen, char *out, unsigned int outlen)
Convert IP Address to string.
Definition sasl.c:204
#define NONULL(x)
Definition string2.h:44
char user[128]
Username.
Definition connaccount.h:62
const char * service
Name of the service, e.g. "imap".
Definition connaccount.h:67
char host[128]
Server to login to.
Definition connaccount.h:60
unsigned int ssf
Security strength factor, in bits (see notes)
Definition connection.h:50
struct ConnAccount account
Account details: username, password, etc.
Definition connection.h:49
int fd
Socket file descriptor.
Definition connection.h:53
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mutt_sasl_cleanup()

void mutt_sasl_cleanup ( void )

Invoke when processing is complete.

This is a cleanup function, used to free all memory used by the library. Invoke when processing is complete.

Definition at line 791 of file sasl.c.

792{
793 /* As we never use the server-side, the silently ignore the return value */
794 sasl_client_done();
795}
+ Here is the caller graph for this function:

◆ mutt_sasl_interact()

int mutt_sasl_interact ( sasl_interact_t * interaction)

Perform an SASL interaction with the user.

Parameters
interactionDetails of interaction
Return values
numSASL error code: SASL_OK or SASL_FAIL

An example interaction might be asking the user for a password.

Definition at line 710 of file sasl.c.

711{
712 int rc = SASL_OK;
713 char prompt[128] = { 0 };
714 struct Buffer *resp = buf_pool_get();
715
716 while (interaction->id != SASL_CB_LIST_END)
717 {
718 mutt_debug(LL_DEBUG2, "filling in SASL interaction %ld\n", interaction->id);
719
720 snprintf(prompt, sizeof(prompt), "%s: ", interaction->prompt);
721 buf_reset(resp);
722
723 if (!OptGui || (mw_get_field(prompt, resp, MUTT_COMP_NONE, HC_OTHER, NULL, NULL) != 0))
724 {
725 rc = SASL_FAIL;
726 break;
727 }
728
729 interaction->len = buf_len(resp) + 1;
730 interaction->result = buf_strdup(resp);
731 interaction++;
732 }
733
734 buf_pool_release(&resp);
735 return rc;
736}
size_t buf_len(const struct Buffer *buf)
Calculate the length of a Buffer.
Definition buffer.c:497
void buf_reset(struct Buffer *buf)
Reset an existing Buffer.
Definition buffer.c:89
char * buf_strdup(const struct Buffer *buf)
Copy a Buffer's string.
Definition buffer.c:577
@ MUTT_COMP_NONE
No flags are set.
Definition wdata.h:46
bool OptGui
(pseudo) when the gui (and curses) are started
Definition globals.c:48
int mw_get_field(const char *prompt, struct Buffer *buf, CompletionFlags complete, enum HistoryClass hclass, const struct CompleteOps *comp_api, void *cdata)
Ask the user for a string -.
Definition window.c:502
@ HC_OTHER
Miscellaneous strings.
Definition lib.h:61
struct Buffer * buf_pool_get(void)
Get a Buffer from the pool.
Definition pool.c:91
void buf_pool_release(struct Buffer **ptr)
Return a Buffer to the pool.
Definition pool.c:111
String manipulation buffer.
Definition buffer.h:36
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mutt_sasl_setup_conn()

void mutt_sasl_setup_conn ( struct Connection * conn,
sasl_conn_t * saslconn )

Set up an SASL connection.

Parameters
connConnection to a server
saslconnSASL connection

Replace connection methods, sockdata with SASL wrappers, for protection layers. Also get ssf, as a fastpath for the read/write methods.

Definition at line 746 of file sasl.c.

747{
748 struct SaslSockData *sasldata = MUTT_MEM_MALLOC(1, struct SaslSockData);
749 /* work around sasl_getprop aliasing issues */
750 const void *tmp = NULL;
751
752 sasldata->saslconn = saslconn;
753 /* get ssf so we know whether we have to (en|de)code read/write */
754 sasl_getprop(saslconn, SASL_SSF, &tmp);
755 sasldata->ssf = tmp;
756 mutt_debug(LL_DEBUG3, "SASL protection strength: %u\n", *sasldata->ssf);
757 /* Add SASL SSF to transport SSF */
758 conn->ssf += *sasldata->ssf;
759 sasl_getprop(saslconn, SASL_MAXOUTBUF, &tmp);
760 sasldata->pbufsize = tmp;
761 mutt_debug(LL_DEBUG3, "SASL protection buffer size: %u\n", *sasldata->pbufsize);
762
763 /* clear input buffer */
764 sasldata->buf = NULL;
765 sasldata->bpos = 0;
766 sasldata->blen = 0;
767
768 /* preserve old functions */
769 sasldata->sockdata = conn->sockdata;
770 sasldata->open = conn->open;
771 sasldata->read = conn->read;
772 sasldata->write = conn->write;
773 sasldata->poll = conn->poll;
774 sasldata->close = conn->close;
775
776 /* and set up new functions */
777 conn->sockdata = sasldata;
783}
static int mutt_sasl_conn_close(struct Connection *conn)
Close SASL connection - Implements Connection::close() -.
Definition sasl.c:448
int(* close)(struct Connection *conn)
Close a socket Connection - Implements Connection::close() -.
Definition sasl.c:101
int(* open)(struct Connection *conn)
Open a socket Connection - Implements Connection::open() -.
Definition sasl.c:81
static int mutt_sasl_conn_open(struct Connection *conn)
Empty wrapper for underlying open function - Implements Connection::open() -.
Definition sasl.c:432
int(* poll)(struct Connection *conn, time_t wait_secs)
Check if any data is waiting on a socket - Implements Connection::poll() -.
Definition sasl.c:96
static int mutt_sasl_conn_poll(struct Connection *conn, time_t wait_secs)
Check if any data is waiting on a socket - Implements Connection::poll() -.
Definition sasl.c:590
static int mutt_sasl_conn_read(struct Connection *conn, char *buf, size_t count)
Read data from an SASL connection - Implements Connection::read() -.
Definition sasl.c:473
int(* read)(struct Connection *conn, char *buf, size_t count)
Read from a socket Connection - Implements Connection::read() -.
Definition sasl.c:86
static int mutt_sasl_conn_write(struct Connection *conn, const char *buf, size_t count)
Write to an SASL connection - Implements Connection::write() -.
Definition sasl.c:539
int(* write)(struct Connection *conn, const char *buf, size_t count)
Write to a socket Connection - Implements Connection::write() -.
Definition sasl.c:91
@ LL_DEBUG3
Log at debug level 3.
Definition logging2.h:47
#define MUTT_MEM_MALLOC(n, type)
Definition memory.h:53
void * sockdata
Backend-specific socket data.
Definition connection.h:55
int(* poll)(struct Connection *conn, time_t wait_secs)
Definition connection.h:105
int(* write)(struct Connection *conn, const char *buf, size_t count)
Definition connection.h:92
int(* close)(struct Connection *conn)
Definition connection.h:116
int(* open)(struct Connection *conn)
Definition connection.h:66
int(* read)(struct Connection *conn, char *buf, size_t count)
Definition connection.h:79
SASL authentication API -.
Definition sasl.c:66
void * sockdata
Underlying socket data.
Definition sasl.c:76
unsigned int blen
Size of the read buffer.
Definition sasl.c:73
unsigned int bpos
Current read position.
Definition sasl.c:74
const sasl_ssf_t * ssf
Security strength factor, in bits.
Definition sasl.c:68
const unsigned int * pbufsize
Buffer size.
Definition sasl.c:69
const char * buf
Buffer for data read from the connection.
Definition sasl.c:72
sasl_conn_t * saslconn
Raw SASL connection.
Definition sasl.c:67
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mutt_sasl_start()

int mutt_sasl_start ( void )

Initialise SASL library.

Return values
numSASL error code, e.g. SASL_OK

Call before doing an SASL exchange (initialises library if necessary).

Definition at line 275 of file sasl.c.

276{
277 static bool sasl_init = false;
278
279 static sasl_callback_t callbacks[2];
280 int rc;
281
282 if (sasl_init)
283 return SASL_OK;
284
285 /* set up default logging callback */
286 callbacks[0].id = SASL_CB_LOG;
287 callbacks[0].proc = (int (*)(void))(intptr_t) mutt_sasl_cb_log;
288 callbacks[0].context = NULL;
289
290 callbacks[1].id = SASL_CB_LIST_END;
291 callbacks[1].proc = NULL;
292 callbacks[1].context = NULL;
293
294 rc = sasl_client_init(callbacks);
295
296 if (rc != SASL_OK)
297 {
298 mutt_debug(LL_DEBUG1, "libsasl initialisation failed\n");
299 return SASL_FAIL;
300 }
301
302 sasl_init = true;
303
304 return SASL_OK;
305}
@ LL_DEBUG1
Log at debug level 1.
Definition logging2.h:45
static int mutt_sasl_cb_log(void *context, int priority, const char *message)
Callback to log SASL messages.
Definition sasl.c:238
+ Here is the call graph for this function:
+ Here is the caller graph for this function: