sasl.h File Reference

SASL authentication support. More...

#include <sasl/sasl.h>
#include <stdbool.h>

Include dependency graph for sasl.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions
bool	sasl_auth_validator (const char *authenticator)
	SASL callback functions, e.g. mutt_sasl_cb_authname(), mutt_sasl_cb_pass()
int	mutt_sasl_client_new (struct Connection *conn, sasl_conn_t **saslconn)
	Wrapper for sasl_client_new()
void	mutt_sasl_cleanup (void)
	Invoke when processing is complete.
int	mutt_sasl_interact (sasl_interact_t *interaction)
	Perform an SASL interaction with the user.
void	mutt_sasl_setup_conn (struct Connection *conn, sasl_conn_t *saslconn)
	Set up an SASL connection.
int	mutt_sasl_start (void)
	Initialise SASL library.

Detailed Description

SASL authentication support.

Authors

• Richard Russon

Copyright

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

Definition in file sasl.h.

Function Documentation

sasl_auth_validator()

bool sasl_auth_validator

(

const char *

authenticator

)

SASL callback functions, e.g. mutt_sasl_cb_authname(), mutt_sasl_cb_pass()

SASL secret, to store the password Validate an auth method against Cyrus SASL methods

Parameters

authenticator

Name of the authenticator to validate

Return values

true	Argument matches an accepted auth method

Definition at line 133 of file sasl.c.

{
  for (size_t i = 0; i < countof(SaslAuthenticators); i++)
  {
    const char *auth = SaslAuthenticators[i];
    if (mutt_istr_equal(auth, authenticator))
      return true;
  }
 
  return false;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mutt_sasl_client_new()

int mutt_sasl_client_new	(	struct Connection *	conn,
		sasl_conn_t **	saslconn )

Wrapper for sasl_client_new()

Parameters

[in]	conn	Connection to a server
[out]	saslconn	SASL connection

Return values

0	Success
-1	Error

which also sets various security properties. If this turns out to be fine for POP too we can probably stop exporting mutt_sasl_get_callbacks().

Definition at line 610 of file sasl.c.

{
  if (mutt_sasl_start() != SASL_OK)
    return -1;
 
  if (!conn->account.service)
  {
    mutt_error(_("Unknown SASL profile"));
    return -1;
  }
 
  socklen_t size;
 
  struct sockaddr_storage local = { 0 };
  char iplocalport[IP_PORT_BUFLEN] = { 0 };
  char *plp = NULL;
  size = sizeof(local);
  if (getsockname(conn->fd, (struct sockaddr *) &local, &size) == 0)
  {
    if (iptostring((struct sockaddr *) &local, size, iplocalport, IP_PORT_BUFLEN) == SASL_OK)
      plp = iplocalport;
    else
      mutt_debug(LL_DEBUG2, "SASL failed to parse local IP address\n");
  }
  else
  {
    mutt_debug(LL_DEBUG2, "SASL failed to get local IP address\n");
  }
 
  struct sockaddr_storage remote = { 0 };
  char ipremoteport[IP_PORT_BUFLEN] = { 0 };
  char *prp = NULL;
  size = sizeof(remote);
  if (getpeername(conn->fd, (struct sockaddr *) &remote, &size) == 0)
  {
    if (iptostring((struct sockaddr *) &remote, size, ipremoteport, IP_PORT_BUFLEN) == SASL_OK)
      prp = ipremoteport;
    else
      mutt_debug(LL_DEBUG2, "SASL failed to parse remote IP address\n");
  }
  else
  {
    mutt_debug(LL_DEBUG2, "SASL failed to get remote IP address\n");
  }
 
  mutt_debug(LL_DEBUG2, "SASL local ip: %s, remote ip:%s\n", NONULL(plp), NONULL(prp));
 
  int rc = sasl_client_new(conn->account.service, conn->account.host, plp, prp,
                           mutt_sasl_get_callbacks(&conn->account), 0, saslconn);
  if (rc != SASL_OK)
  {
    mutt_error(_("Error allocating SASL connection"));
    return -1;
  }
 
  /* Work around a casting bug in the SASL krb4 module */
  sasl_security_properties_t secprops = { 0 };
  secprops.max_ssf = 0x7fff;
  secprops.maxbufsize = MUTT_SASL_MAXBUF;
  if (sasl_setprop(*saslconn, SASL_SEC_PROPS, &secprops) != SASL_OK)
  {
    mutt_error(_("Error setting SASL security properties"));
    sasl_dispose(saslconn);
    return -1;
  }
 
  if (conn->ssf != 0)
  {
    /* I'm not sure this actually has an effect, at least with SASLv2 */
    mutt_debug(LL_DEBUG2, "External SSF: %d\n", conn->ssf);
    if (sasl_setprop(*saslconn, SASL_SSF_EXTERNAL, &conn->ssf) != SASL_OK)
    {
      mutt_error(_("Error setting SASL external security strength"));
      sasl_dispose(saslconn);
      return -1;
    }
  }
  if (conn->account.user[0])
  {
    mutt_debug(LL_DEBUG2, "External authentication name: %s\n", conn->account.user);
    if (sasl_setprop(*saslconn, SASL_AUTH_EXTERNAL, conn->account.user) != SASL_OK)
    {
      mutt_error(_("Error setting SASL external user name"));
      sasl_dispose(saslconn);
      return -1;
    }
  }
 
  return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mutt_sasl_cleanup()

void mutt_sasl_cleanup

(

void

)

Invoke when processing is complete.

This is a cleanup function, used to free all memory used by the library. Invoke when processing is complete.

Definition at line 789 of file sasl.c.

{
  /* As we never use the server-side, the silently ignore the return value */
  sasl_client_done();
}

Here is the caller graph for this function:

mutt_sasl_interact()

int mutt_sasl_interact

(

sasl_interact_t *

interaction

)

Perform an SASL interaction with the user.

Parameters

interaction

Details of interaction

Return values

num	SASL error code: SASL_OK or SASL_FAIL

An example interaction might be asking the user for a password.

Definition at line 708 of file sasl.c.

{
  int rc = SASL_OK;
  char prompt[128] = { 0 };
  struct Buffer *resp = buf_pool_get();
 
  while (interaction->id != SASL_CB_LIST_END)
  {
    mutt_debug(LL_DEBUG2, "filling in SASL interaction %ld\n", interaction->id);
 
    snprintf(prompt, sizeof(prompt), "%s: ", interaction->prompt);
    buf_reset(resp);
 
    if (!OptGui || (mw_get_field(prompt, resp, MUTT_COMP_NONE, HC_OTHER, NULL, NULL) != 0))
    {
      rc = SASL_FAIL;
      break;
    }
 
    interaction->len = buf_len(resp) + 1;
    interaction->result = buf_strdup(resp);
    interaction++;
  }
 
  buf_pool_release(&resp);
  return rc;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mutt_sasl_setup_conn()

void mutt_sasl_setup_conn	(	struct Connection *	conn,
		sasl_conn_t *	saslconn )

Set up an SASL connection.

Parameters

conn	Connection to a server
saslconn	SASL connection

Replace connection methods, sockdata with SASL wrappers, for protection layers. Also get ssf, as a fastpath for the read/write methods.

Definition at line 744 of file sasl.c.

{
  struct SaslSockData *sasldata = MUTT_MEM_MALLOC(1, struct SaslSockData);
  /* work around sasl_getprop aliasing issues */
  const void *tmp = NULL;
 
  sasldata->saslconn = saslconn;
  /* get ssf so we know whether we have to (en|de)code read/write */
  sasl_getprop(saslconn, SASL_SSF, &tmp);
  sasldata->ssf = tmp;
  mutt_debug(LL_DEBUG3, "SASL protection strength: %u\n", *sasldata->ssf);
  /* Add SASL SSF to transport SSF */
  conn->ssf += *sasldata->ssf;
  sasl_getprop(saslconn, SASL_MAXOUTBUF, &tmp);
  sasldata->pbufsize = tmp;
  mutt_debug(LL_DEBUG3, "SASL protection buffer size: %u\n", *sasldata->pbufsize);
 
  /* clear input buffer */
  sasldata->buf = NULL;
  sasldata->bpos = 0;
  sasldata->blen = 0;
 
  /* preserve old functions */
  sasldata->sockdata = conn->sockdata;
  sasldata->open = conn->open;
  sasldata->read = conn->read;
  sasldata->write = conn->write;
  sasldata->poll = conn->poll;
  sasldata->close = conn->close;
 
  /* and set up new functions */
  conn->sockdata = sasldata;
  conn->open = mutt_sasl_conn_open;
  conn->read = mutt_sasl_conn_read;
  conn->write = mutt_sasl_conn_write;
  conn->poll = mutt_sasl_conn_poll;
  conn->close = mutt_sasl_conn_close;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mutt_sasl_start()

int mutt_sasl_start

(

void

)

Initialise SASL library.

Return values

num	SASL error code, e.g. SASL_OK

Call before doing an SASL exchange (initialises library if necessary).

Definition at line 274 of file sasl.c.

{
  static bool sasl_init = false;
 
  static sasl_callback_t callbacks[2];
  int rc;
 
  if (sasl_init)
    return SASL_OK;
 
  /* set up default logging callback */
  callbacks[0].id = SASL_CB_LOG;
  callbacks[0].proc = (int (*)(void))(intptr_t) mutt_sasl_cb_log;
  callbacks[0].context = NULL;
 
  callbacks[1].id = SASL_CB_LIST_END;
  callbacks[1].proc = NULL;
  callbacks[1].context = NULL;
 
  rc = sasl_client_init(callbacks);
 
  if (rc != SASL_OK)
  {
    mutt_debug(LL_DEBUG1, "libsasl initialisation failed\n");
    return SASL_FAIL;
  }
 
  sasl_init = true;
 
  return SASL_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function: