diff options
Diffstat (limited to 'src/operator-authenticate.cc')
| -rw-r--r-- | src/operator-authenticate.cc | 130 |
1 files changed, 64 insertions, 66 deletions
diff --git a/src/operator-authenticate.cc b/src/operator-authenticate.cc index 03f994c..7802c47 100644 --- a/src/operator-authenticate.cc +++ b/src/operator-authenticate.cc @@ -4,32 +4,28 @@ * @author Andreas Aardal Hanssen, Erwin Hoffmann * @date 2002-2005, 2023 * ----------------------------------------------------------------- **/ -#include <string> - #include "authenticate.h" #include "base64.h" #include "convert.h" #include "depot.h" +#include "globals.h" #include "iodevice.h" #include "iofactory.h" -#include "globals.h" #include "operators.h" #include "recursivedescent.h" #include "session.h" + #include <cstring> +#include <string> using namespace ::std; using namespace Binc; //---------------------------------------------------------------------- -AuthenticateOperator::AuthenticateOperator(void) -{ -} +AuthenticateOperator::AuthenticateOperator(void) {} //---------------------------------------------------------------------- -AuthenticateOperator::~AuthenticateOperator(void) -{ -} +AuthenticateOperator::~AuthenticateOperator(void) {} //---------------------------------------------------------------------- const string AuthenticateOperator::getName(void) const @@ -44,7 +40,7 @@ int AuthenticateOperator::getState(void) const } //------------------------------------------------------------------------ -Operator::ProcessResult AuthenticateOperator::Login(string& username, string& password) +Operator::ProcessResult AuthenticateOperator::Login(string &username, string &password) { Session &session = Session::getInstance(); @@ -71,7 +67,7 @@ Operator::ProcessResult AuthenticateOperator::Login(string& username, string& pa bincClient << "+ " << base64encode("Password") << endl; bincClient.flush(); - // Read password + // Read password string b64pwd; for (;;) { char c; @@ -87,14 +83,15 @@ Operator::ProcessResult AuthenticateOperator::Login(string& username, string& pa session.setLastError("Authentication cancelled by user"); return NO; } - + username = base64decode(b64usr); password = base64decode(b64pwd); return OK; } + //------------------------------------------------------------------------ -Operator::ProcessResult AuthenticateOperator::Plain(string& username, string& password) +Operator::ProcessResult AuthenticateOperator::Plain(string &username, string &password) { Session &session = Session::getInstance(); @@ -122,17 +119,17 @@ Operator::ProcessResult AuthenticateOperator::Plain(string& username, string& pa string::size_type pos = 0; if ((pos = plain.find('\0')) == string::npos) { - session.setLastError("Authentication failed. In PLAIN mode, " - "there must be at least two null characters " - "in the input string, but none were found"); + session.setLastError("Authentication failed. In PLAIN mode, " + "there must be at least two null characters " + "in the input string, but none were found"); return NO; } plain = plain.substr(pos + 1); if ((pos = plain.find('\0')) == string::npos) { - session.setLastError("Authentication failed. In PLAIN mode, " - "there must be at least two null characters " - "in the input string, but only one was found"); + session.setLastError("Authentication failed. In PLAIN mode, " + "there must be at least two null characters " + "in the input string, but only one was found"); return NO; } @@ -141,9 +138,9 @@ Operator::ProcessResult AuthenticateOperator::Plain(string& username, string& pa return OK; } + //------------------------------------------------------------------------ -Operator::ProcessResult AuthenticateOperator::Cram(string& username, string& password, - string& challenge) +Operator::ProcessResult AuthenticateOperator::Cram(string &username, string &password, string &challenge) { Session &session = Session::getInstance(); @@ -151,11 +148,15 @@ Operator::ProcessResult AuthenticateOperator::Cram(string& username, string& pas time_t timer; struct tm y2k = {0}; int timestamp; - y2k.tm_hour = 0; y2k.tm_min = 0; y2k.tm_sec = 0; - y2k.tm_year = 100; y2k.tm_mon = 0; y2k.tm_mday = 1; + y2k.tm_hour = 0; + y2k.tm_min = 0; + y2k.tm_sec = 0; + y2k.tm_year = 100; + y2k.tm_mon = 0; + y2k.tm_mday = 1; - time(&timer); /* get current time; same as: timer = time(NULL) */ - timestamp = difftime(timer,mktime(&y2k)); + time(&timer); /* get current time; same as: timer = time(NULL) */ + timestamp = difftime(timer, mktime(&y2k)); challenge += "<"; challenge += to_string(session.getPid()); @@ -171,7 +172,7 @@ Operator::ProcessResult AuthenticateOperator::Cram(string& username, string& pas // Read response string b64; for (;;) { - char c; + char c; if (!bincClient.readChar(&c)) return BAD; if (c == '\n') break; b64 += c; @@ -183,8 +184,8 @@ Operator::ProcessResult AuthenticateOperator::Cram(string& username, string& pas if ((pos = response.find(' ')) == string::npos) { session.setLastError("Authentication failed. In CRAM-MD5 mode, " - "there must be a white space in the " - "input string between username and digest"); + "there must be a white space in the " + "input string between username and digest"); return NO; } @@ -193,9 +194,9 @@ Operator::ProcessResult AuthenticateOperator::Cram(string& username, string& pas return OK; } + //------------------------------------------------------------------------ -Operator::ProcessResult AuthenticateOperator::process(Depot &depot, - Request &command) +Operator::ProcessResult AuthenticateOperator::process(Depot &depot, Request &command) { Session &session = Session::getInstance(); @@ -204,14 +205,13 @@ Operator::ProcessResult AuthenticateOperator::process(Depot &depot, string username; string password; - string challenge; + string challenge; ProcessResult r = NOTHING; if (authtype == "LOGIN") { - // we only allow this type of authentication over an unencryted connection + // we only allow this type of authentication over an unencryted connection // if it is explicitely commanded - if (!session.command.ssl - && !session.hasEnv("ALLOW_NONSSL_PLAINTEXT_LOGINS")) { + if (!session.command.ssl && !session.hasEnv("ALLOW_NONSSL_PLAINTEXT_LOGINS")) { session.setLastError("Plain text password authentication is disallowd. " "Please enable StartTLS or TLS in your mail client."); return NO; @@ -220,25 +220,24 @@ Operator::ProcessResult AuthenticateOperator::process(Depot &depot, } else if (authtype == "PLAIN") { // we only allow this type of authentication over an TLS encrypted connection. - if (!session.command.ssl - && !session.hasEnv("ALLOW_NONSSL_PLAINTEXT_LOGINS")) { + if (!session.command.ssl && !session.hasEnv("ALLOW_NONSSL_PLAINTEXT_LOGINS")) { session.setLastError("Plain text password authentication is disallowd. " "Please enable StartTLS or TLS in your mail client."); return NO; } if ((r = Plain(username, password)) != OK) return r; - } else if (authtype == "CRAM-MD5" ) { + } else if (authtype == "CRAM-MD5") { // this type can be used even over unencrypted connections if ((r = Cram(username, password, challenge)) != OK) return r; - } else { // Any other disallowed - session.setLastError("The authentication method " - + toImapString(authtype) + " is not supported. " - "Please try again with a different method. " - "There is built in support for \"PLAIN\" " - "and \"LOGIN\"."); + } else { // Any other disallowed + session.setLastError("The authentication method " + toImapString(authtype) + + " is not supported. " + "Please try again with a different method. " + "There is built in support for \"PLAIN\" " + "and \"LOGIN\"."); return NO; } @@ -253,28 +252,28 @@ Operator::ProcessResult AuthenticateOperator::process(Depot &depot, // error) or 2 (failed) switch (authenticate(depot, username, password, challenge)) { - case 1: - session.setLastError("An internal error occurred when you attempted " - "to log in to the IMAP server. Please contact " - "your system administrator."); - return NO; - case 2: - session.setLastError("Login failed. Either your user name " - "or your password was wrong. Please try again, " - "and if the problem persists, please contact " - "your system administrator."); - return NO; - case 3: - bincClient << "* BYE Timeout after " << IDLE_TIMEOUT - << " seconds of inactivity." << endl; - break; - case -1: - bincClient << "* BYE The server died unexpectedly. Please contact " - "your system administrator for more information." << endl; - break; - default: -// bincLog << "<" << username.c_str() << "> authenticated" << endl; - break; + case 1: + session.setLastError("An internal error occurred when you attempted " + "to log in to the IMAP server. Please contact " + "your system administrator."); + return NO; + case 2: + session.setLastError("Login failed. Either your user name " + "or your password was wrong. Please try again, " + "and if the problem persists, please contact " + "your system administrator."); + return NO; + case 3: + bincClient << "* BYE Timeout after " << IDLE_TIMEOUT << " seconds of inactivity." << endl; + break; + case -1: + bincClient << "* BYE The server died unexpectedly. Please contact " + "your system administrator for more information." + << endl; + break; + default: + // bincLog << "<" << username.c_str() << "> authenticated" << endl; + break; } // auth was ok. go to logout state @@ -282,7 +281,6 @@ Operator::ProcessResult AuthenticateOperator::process(Depot &depot, return NOTHING; } - //---------------------------------------------------------------------- Operator::ParseResult AuthenticateOperator::parse(Request &c_in) const { |