mirror/ git
1
0
Fork 0
mirror of https://github.com/git/git.git synced 2024-04-19 17:43:53 +02:00
Code
git/imap-send.c
René Scharfe 21b5821acd imap-send: increase command size limit 
nfvasprintf() has a 8KB limit, but it's not relevant, as its result is
combined with other strings and added to a 1KB buffer by its caller.
That 1KB limit is not mentioned in RFC 9051, which specifies IMAP.

While 1KB is plenty for user names, passwords and mailbox names,
there's no point in limiting our commands like that.  Call xstrvfmt()
instead of open-coding it and use strbuf to format the command to
send, as we need its length.  Fail hard if it exceeds INT_MAX, because
socket_write() can't take more than that.

Suggested-by: Jeff King <peff@peff.net>
Signed-off-by: René Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2024-04-15 11:34:17 -07:00

1568 lines
36 KiB
C
Raw Permalink Blame History

/*
* git-imap-send - drops patches into an imap Drafts folder
* derived from isync/mbsync - mailbox synchronizer
*
* Copyright (C) 2000-2002 Michael R. Elkins <me@mutt.org>
* Copyright (C) 2002-2004 Oswald Buddenhagen <ossi@users.sf.net>
* Copyright (C) 2004 Theodore Y. Ts'o <tytso@mit.edu>
* Copyright (C) 2006 Mike McCormack
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <https://www.gnu.org/licenses/>.
*/
#include "git-compat-util.h"
#include "config.h"
#include "credential.h"
#include "gettext.h"
#include "run-command.h"
#include "parse-options.h"
#include "setup.h"
#include "strbuf.h"
#if defined(NO_OPENSSL) && !defined(HAVE_OPENSSL_CSPRNG)
typedef void *SSL;
#endif
#ifdef USE_CURL_FOR_IMAP_SEND
#include "http.h"
#endif
#if defined(USE_CURL_FOR_IMAP_SEND)
/* Always default to curl if it's available. */
#define USE_CURL_DEFAULT 1
#else
/* We don't have curl, so continue to use the historical implementation */
#define USE_CURL_DEFAULT 0
#endif
static int verbosity;
static int use_curl = USE_CURL_DEFAULT;
static const char * const imap_send_usage[] = { "git imap-send [-v] [-q] [--[no-]curl] < <mbox>", NULL };
static struct option imap_send_options[] = {
OPT__VERBOSITY(&verbosity),
OPT_BOOL(0, "curl", &use_curl, "use libcurl to communicate with the IMAP server"),
OPT_END()
};
#undef DRV_OK
#define DRV_OK 0
#define DRV_MSG_BAD -1
#define DRV_BOX_BAD -2
#define DRV_STORE_BAD -3
__attribute__((format (printf, 1, 2)))
static void imap_info(const char *, ...);
__attribute__((format (printf, 1, 2)))
static void imap_warn(const char *, ...);
static char *next_arg(char **);
struct imap_server_conf {
const char *name;
const char *tunnel;
const char *host;
int port;
const char *folder;
const char *user;
const char *pass;
int use_ssl;
int ssl_verify;
int use_html;
const char *auth_method;
};
static struct imap_server_conf server = {
.ssl_verify = 1,
};
struct imap_socket {
int fd[2];
SSL *ssl;
};
struct imap_buffer {
struct imap_socket sock;
int bytes;
int offset;
char buf[1024];
};
struct imap_cmd;
struct imap {
int uidnext; /* from SELECT responses */
unsigned caps, rcaps; /* CAPABILITY results */
/* command queue */
int nexttag, num_in_progress, literal_pending;
struct imap_cmd *in_progress, **in_progress_append;
struct imap_buffer buf; /* this is BIG, so put it last */
};
struct imap_store {
/* currently open mailbox */
const char *name; /* foreign! maybe preset? */
int uidvalidity;
struct imap *imap;
const char *prefix;
};
struct imap_cmd_cb {
int (*cont)(struct imap_store *ctx, const char *prompt);
void *ctx;
char *data;
int dlen;
};
struct imap_cmd {
struct imap_cmd *next;
struct imap_cmd_cb cb;
char *cmd;
int tag;
};
#define CAP(cap) (imap->caps & (1 << (cap)))
enum CAPABILITY {
NOLOGIN = 0,
UIDPLUS,
LITERALPLUS,
NAMESPACE,
STARTTLS,
AUTH_CRAM_MD5
};
static const char *cap_list[] = {
"LOGINDISABLED",
"UIDPLUS",
"LITERAL+",
"NAMESPACE",
"STARTTLS",
"AUTH=CRAM-MD5",
};
#define RESP_OK 0
#define RESP_NO 1
#define RESP_BAD 2
static int get_cmd_result(struct imap_store *ctx, struct imap_cmd *tcmd);
#ifndef NO_OPENSSL
static void ssl_socket_perror(const char *func)
{
fprintf(stderr, "%s: %s\n", func, ERR_error_string(ERR_get_error(), NULL));
}
#endif
static void socket_perror(const char *func, struct imap_socket *sock, int ret)
{
#ifndef NO_OPENSSL
if (sock->ssl) {
int sslerr = SSL_get_error(sock->ssl, ret);
switch (sslerr) {
case SSL_ERROR_NONE:
break;
case SSL_ERROR_SYSCALL:
perror("SSL_connect");
break;
default:
ssl_socket_perror("SSL_connect");
break;
}
} else
#endif
{
if (ret < 0)
perror(func);
else
fprintf(stderr, "%s: unexpected EOF\n", func);
}
/* mark as used to appease -Wunused-parameter with NO_OPENSSL */
(void)sock;
}
#ifdef NO_OPENSSL
static int ssl_socket_connect(struct imap_socket *sock UNUSED,
int use_tls_only UNUSED,
int verify UNUSED)
{
fprintf(stderr, "SSL requested but SSL support not compiled in\n");
return -1;
}
#else
static int host_matches(const char *host, const char *pattern)
{
if (pattern[0] == '*' && pattern[1] == '.') {
pattern += 2;
if (!(host = strchr(host, '.')))
return 0;
host++;
}
return *host && *pattern && !strcasecmp(host, pattern);
}
static int verify_hostname(X509 *cert, const char *hostname)
{
int len;
X509_NAME *subj;
char cname[1000];
int i, found;
STACK_OF(GENERAL_NAME) *subj_alt_names;
/* try the DNS subjectAltNames */
found = 0;
if ((subj_alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL))) {
int num_subj_alt_names = sk_GENERAL_NAME_num(subj_alt_names);
for (i = 0; !found && i < num_subj_alt_names; i++) {
GENERAL_NAME *subj_alt_name = sk_GENERAL_NAME_value(subj_alt_names, i);
if (subj_alt_name->type == GEN_DNS &&
strlen((const char *)subj_alt_name->d.ia5->data) == (size_t)subj_alt_name->d.ia5->length &&
host_matches(hostname, (const char *)(subj_alt_name->d.ia5->data)))
found = 1;
}
sk_GENERAL_NAME_pop_free(subj_alt_names, GENERAL_NAME_free);
}
if (found)
return 0;
/* try the common name */
if (!(subj = X509_get_subject_name(cert)))
return error("cannot get certificate subject");
if ((len = X509_NAME_get_text_by_NID(subj, NID_commonName, cname, sizeof(cname))) < 0)
return error("cannot get certificate common name");
if (strlen(cname) == (size_t)len && host_matches(hostname, cname))
return 0;
return error("certificate owner '%s' does not match hostname '%s'",
cname, hostname);
}
static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int verify)
{
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
const SSL_METHOD *meth;
#else
SSL_METHOD *meth;
#endif
SSL_CTX *ctx;
int ret;
X509 *cert;
SSL_library_init();
SSL_load_error_strings();
meth = SSLv23_method();
if (!meth) {
ssl_socket_perror("SSLv23_method");
return -1;
}
ctx = SSL_CTX_new(meth);
if (!ctx) {
ssl_socket_perror("SSL_CTX_new");
return -1;
}
if (use_tls_only)
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
if (verify)
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
if (!SSL_CTX_set_default_verify_paths(ctx)) {
ssl_socket_perror("SSL_CTX_set_default_verify_paths");
return -1;
}
sock->ssl = SSL_new(ctx);
if (!sock->ssl) {
ssl_socket_perror("SSL_new");
return -1;
}
if (!SSL_set_rfd(sock->ssl, sock->fd[0])) {
ssl_socket_perror("SSL_set_rfd");
return -1;
}
if (!SSL_set_wfd(sock->ssl, sock->fd[1])) {
ssl_socket_perror("SSL_set_wfd");
return -1;
}
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
/*
* SNI (RFC4366)
* OpenSSL does not document this function, but the implementation
* returns 1 on success, 0 on failure after calling SSLerr().
*/
ret = SSL_set_tlsext_host_name(sock->ssl, server.host);
if (ret != 1)
warning("SSL_set_tlsext_host_name(%s) failed.", server.host);
#endif
ret = SSL_connect(sock->ssl);
if (ret <= 0) {
socket_perror("SSL_connect", sock, ret);
return -1;
}
if (verify) {
/* make sure the hostname matches that of the certificate */
cert = SSL_get_peer_certificate(sock->ssl);
if (!cert)
return error("unable to get peer certificate.");
if (verify_hostname(cert, server.host) < 0)
return -1;
}
return 0;
}
#endif
static int socket_read(struct imap_socket *sock, char *buf, int len)
{
ssize_t n;
#ifndef NO_OPENSSL
if (sock->ssl)
n = SSL_read(sock->ssl, buf, len);
else
#endif
n = xread(sock->fd[0], buf, len);
if (n <= 0) {
socket_perror("read", sock, n);
close(sock->fd[0]);
close(sock->fd[1]);
sock->fd[0] = sock->fd[1] = -1;
}
return n;
}
static int socket_write(struct imap_socket *sock, const char *buf, int len)
{
int n;
#ifndef NO_OPENSSL
if (sock->ssl)
n = SSL_write(sock->ssl, buf, len);
else
#endif
n = write_in_full(sock->fd[1], buf, len);
if (n != len) {
socket_perror("write", sock, n);
close(sock->fd[0]);
close(sock->fd[1]);
sock->fd[0] = sock->fd[1] = -1;
}
return n;
}
static void socket_shutdown(struct imap_socket *sock)
{
#ifndef NO_OPENSSL
if (sock->ssl) {
SSL_shutdown(sock->ssl);
SSL_free(sock->ssl);
}
#endif
close(sock->fd[0]);
close(sock->fd[1]);
}
/* simple line buffering */
static int buffer_gets(struct imap_buffer *b, char **s)
{
int n;
int start = b->offset;
*s = b->buf + start;
for (;;) {
/* make sure we have enough data to read the \r\n sequence */
if (b->offset + 1 >= b->bytes) {
if (start) {
/* shift down used bytes */
*s = b->buf;
assert(start <= b->bytes);
n = b->bytes - start;
if (n)
memmove(b->buf, b->buf + start, n);
b->offset -= start;
b->bytes = n;
start = 0;
}
n = socket_read(&b->sock, b->buf + b->bytes,
sizeof(b->buf) - b->bytes);
if (n <= 0)
return -1;
b->bytes += n;
}
if (b->buf[b->offset] == '\r') {
assert(b->offset + 1 < b->bytes);
if (b->buf[b->offset + 1] == '\n') {
b->buf[b->offset] = 0; /* terminate the string */
b->offset += 2; /* next line */
if (0 < verbosity)
puts(*s);
return 0;
}
}
b->offset++;
}
/* not reached */
}
__attribute__((format (printf, 1, 2)))
static void imap_info(const char *msg, ...)
{
va_list va;
if (0 <= verbosity) {
va_start(va, msg);
vprintf(msg, va);
va_end(va);
fflush(stdout);
}
}
__attribute__((format (printf, 1, 2)))
static void imap_warn(const char *msg, ...)
{
va_list va;
if (-2 < verbosity) {
va_start(va, msg);
vfprintf(stderr, msg, va);
va_end(va);
}
}
static char *next_arg(char **s)
{
char *ret;
if (!s || !*s)
return NULL;
while (isspace((unsigned char) **s))
(*s)++;
if (!**s) {
*s = NULL;
return NULL;
}
if (**s == '"') {
++*s;
ret = *s;
*s = strchr(*s, '"');
} else {
ret = *s;
while (**s && !isspace((unsigned char) **s))
(*s)++;
}
if (*s) {
if (**s)
*(*s)++ = 0;
if (!**s)
*s = NULL;
}
return ret;
}
static struct imap_cmd *issue_imap_cmd(struct imap_store *ctx,
struct imap_cmd_cb *cb,
const char *fmt, va_list ap)
{
struct imap *imap = ctx->imap;
struct imap_cmd *cmd;
int n;
struct strbuf buf = STRBUF_INIT;
cmd = xmalloc(sizeof(struct imap_cmd));
cmd->cmd = xstrvfmt(fmt, ap);
cmd->tag = ++imap->nexttag;
if (cb)
cmd->cb = *cb;
else
memset(&cmd->cb, 0, sizeof(cmd->cb));
while (imap->literal_pending)
get_cmd_result(ctx, NULL);
if (!cmd->cb.data)
strbuf_addf(&buf, "%d %s\r\n", cmd->tag, cmd->cmd);
else
strbuf_addf(&buf, "%d %s{%d%s}\r\n", cmd->tag, cmd->cmd,
cmd->cb.dlen, CAP(LITERALPLUS) ? "+" : "");
if (buf.len > INT_MAX)
die("imap command overflow!");
if (0 < verbosity) {
if (imap->num_in_progress)
printf("(%d in progress) ", imap->num_in_progress);
if (!starts_with(cmd->cmd, "LOGIN"))
printf(">>> %s", buf.buf);
else
printf(">>> %d LOGIN <user> <pass>\n", cmd->tag);
}
if (socket_write(&imap->buf.sock, buf.buf, buf.len) != buf.len) {
free(cmd->cmd);
free(cmd);
if (cb)
free(cb->data);
strbuf_release(&buf);
return NULL;
}
strbuf_release(&buf);
if (cmd->cb.data) {
if (CAP(LITERALPLUS)) {
n = socket_write(&imap->buf.sock, cmd->cb.data, cmd->cb.dlen);
free(cmd->cb.data);
if (n != cmd->cb.dlen ||
socket_write(&imap->buf.sock, "\r\n", 2) != 2) {
free(cmd->cmd);
free(cmd);
return NULL;
}
cmd->cb.data = NULL;
} else
imap->literal_pending = 1;
} else if (cmd->cb.cont)
imap->literal_pending = 1;
cmd->next = NULL;
*imap->in_progress_append = cmd;
imap->in_progress_append = &cmd->next;
imap->num_in_progress++;
return cmd;
}
__attribute__((format (printf, 3, 4)))
static int imap_exec(struct imap_store *ctx, struct imap_cmd_cb *cb,
const char *fmt, ...)
{
va_list ap;
struct imap_cmd *cmdp;
va_start(ap, fmt);
cmdp = issue_imap_cmd(ctx, cb, fmt, ap);
va_end(ap);
if (!cmdp)
return RESP_BAD;
return get_cmd_result(ctx, cmdp);
}
__attribute__((format (printf, 3, 4)))
static int imap_exec_m(struct imap_store *ctx, struct imap_cmd_cb *cb,
const char *fmt, ...)
{
va_list ap;
struct imap_cmd *cmdp;
va_start(ap, fmt);
cmdp = issue_imap_cmd(ctx, cb, fmt, ap);
va_end(ap);
if (!cmdp)
return DRV_STORE_BAD;
switch (get_cmd_result(ctx, cmdp)) {
case RESP_BAD: return DRV_STORE_BAD;
case RESP_NO: return DRV_MSG_BAD;
default: return DRV_OK;
}
}
static int skip_imap_list_l(char **sp, int level)
{
char *s = *sp;
for (;;) {
while (isspace((unsigned char)*s))
s++;
if (level && *s == ')') {
s++;
break;
}
if (*s == '(') {
/* sublist */
s++;
if (skip_imap_list_l(&s, level + 1))
goto bail;
} else if (*s == '"') {
/* quoted string */
s++;
for (; *s != '"'; s++)
if (!*s)
goto bail;
s++;
} else {
/* atom */
for (; *s && !isspace((unsigned char)*s); s++)
if (level && *s == ')')
break;
}
if (!level)
break;
if (!*s)
goto bail;
}
*sp = s;
return 0;
bail:
return -1;
}
static void skip_list(char **sp)
{
skip_imap_list_l(sp, 0);
}
static void parse_capability(struct imap *imap, char *cmd)
{
char *arg;
unsigned i;
imap->caps = 0x80000000;
while ((arg = next_arg(&cmd)))
for (i = 0; i < ARRAY_SIZE(cap_list); i++)
if (!strcmp(cap_list[i], arg))
imap->caps |= 1 << i;
imap->rcaps = imap->caps;
}
static int parse_response_code(struct imap_store *ctx, struct imap_cmd_cb *cb,
char *s)
{
struct imap *imap = ctx->imap;
char *arg, *p;
if (!s || *s != '[')
return RESP_OK; /* no response code */
s++;
if (!(p = strchr(s, ']'))) {
fprintf(stderr, "IMAP error: malformed response code\n");
return RESP_BAD;
}
*p++ = 0;
arg = next_arg(&s);
if (!arg) {
fprintf(stderr, "IMAP error: empty response code\n");
return RESP_BAD;
}
if (!strcmp("UIDVALIDITY", arg)) {
if (!(arg = next_arg(&s)) || !(ctx->uidvalidity = atoi(arg))) {
fprintf(stderr, "IMAP error: malformed UIDVALIDITY status\n");
return RESP_BAD;
}
} else if (!strcmp("UIDNEXT", arg)) {
if (!(arg = next_arg(&s)) || !(imap->uidnext = atoi(arg))) {
fprintf(stderr, "IMAP error: malformed NEXTUID status\n");
return RESP_BAD;
}
} else if (!strcmp("CAPABILITY", arg)) {
parse_capability(imap, s);
} else if (!strcmp("ALERT", arg)) {
/* RFC2060 says that these messages MUST be displayed
* to the user
*/
for (; isspace((unsigned char)*p); p++);
fprintf(stderr, "*** IMAP ALERT *** %s\n", p);
} else if (cb && cb->ctx && !strcmp("APPENDUID", arg)) {
if (!(arg = next_arg(&s)) || !(ctx->uidvalidity = atoi(arg)) ||
!(arg = next_arg(&s)) || !(*(int *)cb->ctx = atoi(arg))) {
fprintf(stderr, "IMAP error: malformed APPENDUID status\n");
return RESP_BAD;
}
}
return RESP_OK;
}
static int get_cmd_result(struct imap_store *ctx, struct imap_cmd *tcmd)
{
struct imap *imap = ctx->imap;
struct imap_cmd *cmdp, **pcmdp;
char *cmd;
const char *arg, *arg1;
int n, resp, resp2, tag;
for (;;) {
if (buffer_gets(&imap->buf, &cmd))
return RESP_BAD;
arg = next_arg(&cmd);
if (!arg) {
fprintf(stderr, "IMAP error: empty response\n");
return RESP_BAD;
}
if (*arg == '*') {
arg = next_arg(&cmd);
if (!arg) {
fprintf(stderr, "IMAP error: unable to parse untagged response\n");
return RESP_BAD;
}
if (!strcmp("NAMESPACE", arg)) {
/* rfc2342 NAMESPACE response. */
skip_list(&cmd); /* Personal mailboxes */
skip_list(&cmd); /* Others' mailboxes */
skip_list(&cmd); /* Shared mailboxes */
} else if (!strcmp("OK", arg) || !strcmp("BAD", arg) ||
!strcmp("NO", arg) || !strcmp("BYE", arg)) {
if ((resp = parse_response_code(ctx, NULL, cmd)) != RESP_OK)
return resp;
} else if (!strcmp("CAPABILITY", arg)) {
parse_capability(imap, cmd);
} else if ((arg1 = next_arg(&cmd))) {
; /*
* Unhandled response-data with at least two words.
* Ignore it.
*
* NEEDSWORK: Previously this case handled '<num> EXISTS'
* and '<num> RECENT' but as a probably-unintended side
* effect it ignores other unrecognized two-word
* responses. imap-send doesn't ever try to read
* messages or mailboxes these days, so consider
* eliminating this case.
*/
} else {
fprintf(stderr, "IMAP error: unable to parse untagged response\n");
return RESP_BAD;
}
} else if (!imap->in_progress) {
fprintf(stderr, "IMAP error: unexpected reply: %s %s\n", arg, cmd ? cmd : "");
return RESP_BAD;
} else if (*arg == '+') {
/* This can happen only with the last command underway, as
it enforces a round-trip. */
cmdp = (struct imap_cmd *)((char *)imap->in_progress_append -
offsetof(struct imap_cmd, next));
if (cmdp->cb.data) {
n = socket_write(&imap->buf.sock, cmdp->cb.data, cmdp->cb.dlen);
FREE_AND_NULL(cmdp->cb.data);
if (n != (int)cmdp->cb.dlen)
return RESP_BAD;
} else if (cmdp->cb.cont) {
if (cmdp->cb.cont(ctx, cmd))
return RESP_BAD;
} else {
fprintf(stderr, "IMAP error: unexpected command continuation request\n");
return RESP_BAD;
}
if (socket_write(&imap->buf.sock, "\r\n", 2) != 2)
return RESP_BAD;
if (!cmdp->cb.cont)
imap->literal_pending = 0;
if (!tcmd)
return DRV_OK;
} else {
tag = atoi(arg);
for (pcmdp = &imap->in_progress; (cmdp = *pcmdp); pcmdp = &cmdp->next)
if (cmdp->tag == tag)
goto gottag;
fprintf(stderr, "IMAP error: unexpected tag %s\n", arg);
return RESP_BAD;
gottag:
if (!(*pcmdp = cmdp->next))
imap->in_progress_append = pcmdp;
imap->num_in_progress--;
if (cmdp->cb.cont || cmdp->cb.data)
imap->literal_pending = 0;
arg = next_arg(&cmd);
if (!arg)
arg = "";
if (!strcmp("OK", arg))
resp = DRV_OK;
else {
if (!strcmp("NO", arg))
resp = RESP_NO;
else /*if (!strcmp("BAD", arg))*/
resp = RESP_BAD;
fprintf(stderr, "IMAP command '%s' returned response (%s) - %s\n",
!starts_with(cmdp->cmd, "LOGIN") ?
cmdp->cmd : "LOGIN <user> <pass>",
arg, cmd ? cmd : "");
}
if ((resp2 = parse_response_code(ctx, &cmdp->cb, cmd)) > resp)
resp = resp2;
free(cmdp->cb.data);
free(cmdp->cmd);
free(cmdp);
if (!tcmd || tcmd == cmdp)
return resp;
}
}
/* not reached */
}
static void imap_close_server(struct imap_store *ictx)
{
struct imap *imap = ictx->imap;
if (imap->buf.sock.fd[0] != -1) {
imap_exec(ictx, NULL, "LOGOUT");
socket_shutdown(&imap->buf.sock);
}
free(imap);
}
static void imap_close_store(struct imap_store *ctx)
{
imap_close_server(ctx);
free(ctx);
}
#ifndef NO_OPENSSL
/*
* hexchar() and cram() functions are based on the code from the isync
* project (https://isync.sourceforge.io/).
*/
static char hexchar(unsigned int b)
{
return b < 10 ? '0' + b : 'a' + (b - 10);
}
#define ENCODED_SIZE(n) (4 * DIV_ROUND_UP((n), 3))
static char *cram(const char *challenge_64, const char *user, const char *pass)
{
int i, resp_len, encoded_len, decoded_len;
unsigned char hash[16];
char hex[33];
char *response, *response_64, *challenge;
/*
* length of challenge_64 (i.e. base-64 encoded string) is a good
* enough upper bound for challenge (decoded result).
*/
encoded_len = strlen(challenge_64);
challenge = xmalloc(encoded_len);
decoded_len = EVP_DecodeBlock((unsigned char *)challenge,
(unsigned char *)challenge_64, encoded_len);
if (decoded_len < 0)
die("invalid challenge %s", challenge_64);
if (!HMAC(EVP_md5(), pass, strlen(pass), (unsigned char *)challenge, decoded_len, hash, NULL))
die("HMAC error");
hex[32] = 0;
for (i = 0; i < 16; i++) {
hex[2 * i] = hexchar((hash[i] >> 4) & 0xf);
hex[2 * i + 1] = hexchar(hash[i] & 0xf);
}
/* response: "<user> <digest in hex>" */
response = xstrfmt("%s %s", user, hex);
resp_len = strlen(response);
response_64 = xmallocz(ENCODED_SIZE(resp_len));
encoded_len = EVP_EncodeBlock((unsigned char *)response_64,
(unsigned char *)response, resp_len);
if (encoded_len < 0)
die("EVP_EncodeBlock error");
return (char *)response_64;
}
#else
static char *cram(const char *challenge_64 UNUSED,
const char *user UNUSED,
const char *pass UNUSED)
{
die("If you want to use CRAM-MD5 authenticate method, "
"you have to build git-imap-send with OpenSSL library.");
}
#endif
static int auth_cram_md5(struct imap_store *ctx, const char *prompt)
{
int ret;
char *response;
response = cram(prompt, server.user, server.pass);
ret = socket_write(&ctx->imap->buf.sock, response, strlen(response));
if (ret != strlen(response))
return error("IMAP error: sending response failed");
free(response);
return 0;
}
static void server_fill_credential(struct imap_server_conf *srvc, struct credential *cred)
{
if (srvc->user && srvc->pass)
return;
cred->protocol = xstrdup(srvc->use_ssl ? "imaps" : "imap");
cred->host = xstrdup(srvc->host);
cred->username = xstrdup_or_null(srvc->user);
cred->password = xstrdup_or_null(srvc->pass);
credential_fill(cred);
if (!srvc->user)
srvc->user = xstrdup(cred->username);
if (!srvc->pass)
srvc->pass = xstrdup(cred->password);
}
static struct imap_store *imap_open_store(struct imap_server_conf *srvc, const char *folder)
{
struct credential cred = CREDENTIAL_INIT;
struct imap_store *ctx;
struct imap *imap;
char *arg, *rsp;
int s = -1, preauth;
CALLOC_ARRAY(ctx, 1);
ctx->imap = CALLOC_ARRAY(imap, 1);
imap->buf.sock.fd[0] = imap->buf.sock.fd[1] = -1;
imap->in_progress_append = &imap->in_progress;
/* open connection to IMAP server */
if (srvc->tunnel) {
struct child_process tunnel = CHILD_PROCESS_INIT;
imap_info("Starting tunnel '%s'... ", srvc->tunnel);
strvec_push(&tunnel.args, srvc->tunnel);
tunnel.use_shell = 1;
tunnel.in = -1;
tunnel.out = -1;
if (start_command(&tunnel))
die("cannot start proxy %s", srvc->tunnel);
imap->buf.sock.fd[0] = tunnel.out;
imap->buf.sock.fd[1] = tunnel.in;
imap_info("ok\n");
} else {
#ifndef NO_IPV6
struct addrinfo hints, *ai0, *ai;
int gai;
char portstr[6];
xsnprintf(portstr, sizeof(portstr), "%d", srvc->port);
memset(&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
imap_info("Resolving %s... ", srvc->host);
gai = getaddrinfo(srvc->host, portstr, &hints, &ai);
if (gai) {
fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(gai));
goto bail;
}
imap_info("ok\n");
for (ai0 = ai; ai; ai = ai->ai_next) {
char addr[NI_MAXHOST];
s = socket(ai->ai_family, ai->ai_socktype,
ai->ai_protocol);
if (s < 0)
continue;
getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
sizeof(addr), NULL, 0, NI_NUMERICHOST);
imap_info("Connecting to [%s]:%s... ", addr, portstr);
if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0) {
close(s);
s = -1;
perror("connect");
continue;
}
break;
}
freeaddrinfo(ai0);
#else /* NO_IPV6 */
struct hostent *he;
struct sockaddr_in addr;
memset(&addr, 0, sizeof(addr));
addr.sin_port = htons(srvc->port);
addr.sin_family = AF_INET;
imap_info("Resolving %s... ", srvc->host);
he = gethostbyname(srvc->host);
if (!he) {
perror("gethostbyname");
goto bail;
}
imap_info("ok\n");
addr.sin_addr.s_addr = *((int *) he->h_addr_list[0]);
s = socket(PF_INET, SOCK_STREAM, 0);
imap_info("Connecting to %s:%hu... ", inet_ntoa(addr.sin_addr), ntohs(addr.sin_port));
if (connect(s, (struct sockaddr *)&addr, sizeof(addr))) {
close(s);
s = -1;
perror("connect");
}
#endif
if (s < 0) {
fputs("Error: unable to connect to server.\n", stderr);
goto bail;
}
imap->buf.sock.fd[0] = s;
imap->buf.sock.fd[1] = dup(s);
if (srvc->use_ssl &&
ssl_socket_connect(&imap->buf.sock, 0, srvc->ssl_verify)) {
close(s);
goto bail;
}
imap_info("ok\n");
}
/* read the greeting string */
if (buffer_gets(&imap->buf, &rsp)) {
fprintf(stderr, "IMAP error: no greeting response\n");
goto bail;
}
arg = next_arg(&rsp);
if (!arg || *arg != '*' || (arg = next_arg(&rsp)) == NULL) {
fprintf(stderr, "IMAP error: invalid greeting response\n");
goto bail;
}
preauth = 0;
if (!strcmp("PREAUTH", arg))
preauth = 1;
else if (strcmp("OK", arg) != 0) {
fprintf(stderr, "IMAP error: unknown greeting response\n");
goto bail;
}
parse_response_code(ctx, NULL, rsp);
if (!imap->caps && imap_exec(ctx, NULL, "CAPABILITY") != RESP_OK)
goto bail;
if (!preauth) {
#ifndef NO_OPENSSL
if (!srvc->use_ssl && CAP(STARTTLS)) {
if (imap_exec(ctx, NULL, "STARTTLS") != RESP_OK)
goto bail;
if (ssl_socket_connect(&imap->buf.sock, 1,
srvc->ssl_verify))
goto bail;
/* capabilities may have changed, so get the new capabilities */
if (imap_exec(ctx, NULL, "CAPABILITY") != RESP_OK)
goto bail;
}
#endif
imap_info("Logging in...\n");
server_fill_credential(srvc, &cred);
if (srvc->auth_method) {
struct imap_cmd_cb cb;
if (!strcmp(srvc->auth_method, "CRAM-MD5")) {
if (!CAP(AUTH_CRAM_MD5)) {
fprintf(stderr, "You specified "
"CRAM-MD5 as authentication method, "
"but %s doesn't support it.\n", srvc->host);
goto bail;
}
/* CRAM-MD5 */
memset(&cb, 0, sizeof(cb));
cb.cont = auth_cram_md5;
if (imap_exec(ctx, &cb, "AUTHENTICATE CRAM-MD5") != RESP_OK) {
fprintf(stderr, "IMAP error: AUTHENTICATE CRAM-MD5 failed\n");
goto bail;
}
} else {
fprintf(stderr, "Unknown authentication method:%s\n", srvc->host);
goto bail;
}
} else {
if (CAP(NOLOGIN)) {
fprintf(stderr, "Skipping account %s@%s, server forbids LOGIN\n",
srvc->user, srvc->host);
goto bail;
}
if (!imap->buf.sock.ssl)
imap_warn("*** IMAP Warning *** Password is being "
"sent in the clear\n");
if (imap_exec(ctx, NULL, "LOGIN \"%s\" \"%s\"", srvc->user, srvc->pass) != RESP_OK) {
fprintf(stderr, "IMAP error: LOGIN failed\n");
goto bail;
}
}
} /* !preauth */
if (cred.username)
credential_approve(&cred);
credential_clear(&cred);
/* check the target mailbox exists */
ctx->name = folder;
switch (imap_exec(ctx, NULL, "EXAMINE \"%s\"", ctx->name)) {
case RESP_OK:
/* ok */
break;
case RESP_BAD:
fprintf(stderr, "IMAP error: could not check mailbox\n");
goto out;
case RESP_NO:
if (imap_exec(ctx, NULL, "CREATE \"%s\"", ctx->name) == RESP_OK) {
imap_info("Created missing mailbox\n");
} else {
fprintf(stderr, "IMAP error: could not create missing mailbox\n");
goto out;
}
break;
}
ctx->prefix = "";
return ctx;
bail:
if (cred.username)
credential_reject(&cred);
credential_clear(&cred);
out:
imap_close_store(ctx);
return NULL;
}
/*
* Insert CR characters as necessary in *msg to ensure that every LF
* character in *msg is preceded by a CR.
*/
static void lf_to_crlf(struct strbuf *msg)
{
char *new_msg;
size_t i, j;
char lastc;
/* First pass: tally, in j, the size of the new_msg string: */
for (i = j = 0, lastc = '\0'; i < msg->len; i++) {
if (msg->buf[i] == '\n' && lastc != '\r')
j++; /* a CR will need to be added here */
lastc = msg->buf[i];
j++;
}
new_msg = xmallocz(j);
/*
* Second pass: write the new_msg string. Note that this loop is
* otherwise identical to the first pass.
*/
for (i = j = 0, lastc = '\0'; i < msg->len; i++) {
if (msg->buf[i] == '\n' && lastc != '\r')
new_msg[j++] = '\r';
lastc = new_msg[j++] = msg->buf[i];
}
strbuf_attach(msg, new_msg, j, j + 1);
}
/*
* Store msg to IMAP. Also detach and free the data from msg->data,
* leaving msg->data empty.
*/
static int imap_store_msg(struct imap_store *ctx, struct strbuf *msg)
{
struct imap *imap = ctx->imap;
struct imap_cmd_cb cb;
const char *prefix, *box;
int ret;
lf_to_crlf(msg);
memset(&cb, 0, sizeof(cb));
cb.dlen = msg->len;
cb.data = strbuf_detach(msg, NULL);
box = ctx->name;
prefix = !strcmp(box, "INBOX") ? "" : ctx->prefix;
ret = imap_exec_m(ctx, &cb, "APPEND \"%s%s\" ", prefix, box);
imap->caps = imap->rcaps;
if (ret != DRV_OK)
return ret;
return DRV_OK;
}
static void wrap_in_html(struct strbuf *msg)
{
struct strbuf buf = STRBUF_INIT;
static char *content_type = "Content-Type: text/html;\n";
static char *pre_open = "<pre>\n";
static char *pre_close = "</pre>\n";
const char *body = strstr(msg->buf, "\n\n");
if (!body)
return; /* Headers but no body; no wrapping needed */
body += 2;
strbuf_add(&buf, msg->buf, body - msg->buf - 1);
strbuf_addstr(&buf, content_type);
strbuf_addch(&buf, '\n');
strbuf_addstr(&buf, pre_open);
strbuf_addstr_xml_quoted(&buf, body);
strbuf_addstr(&buf, pre_close);
strbuf_release(msg);
*msg = buf;
}
static int count_messages(struct strbuf *all_msgs)
{
int count = 0;
char *p = all_msgs->buf;
while (1) {
if (starts_with(p, "From ")) {
p = strstr(p+5, "\nFrom: ");
if (!p) break;
p = strstr(p+7, "\nDate: ");
if (!p) break;
p = strstr(p+7, "\nSubject: ");
if (!p) break;
p += 10;
count++;
}
p = strstr(p+5, "\nFrom ");
if (!p)
break;
p++;
}
return count;
}
/*
* Copy the next message from all_msgs, starting at offset *ofs, to
* msg. Update *ofs to the start of the following message. Return
* true iff a message was successfully copied.
*/
static int split_msg(struct strbuf *all_msgs, struct strbuf *msg, int *ofs)
{
char *p, *data;
size_t len;
if (*ofs >= all_msgs->len)
return 0;
data = &all_msgs->buf[*ofs];
len = all_msgs->len - *ofs;
if (len < 5 || !starts_with(data, "From "))
return 0;
p = strchr(data, '\n');
if (p) {
p++;
len -= p - data;
*ofs += p - data;
data = p;
}
p = strstr(data, "\nFrom ");
if (p)
len = &p[1] - data;
strbuf_add(msg, data, len);
*ofs += len;
return 1;
}
static int git_imap_config(const char *var, const char *val,
const struct config_context *ctx, void *cb)
{
if (!strcmp("imap.sslverify", var))
server.ssl_verify = git_config_bool(var, val);
else if (!strcmp("imap.preformattedhtml", var))
server.use_html = git_config_bool(var, val);
else if (!strcmp("imap.folder", var))
return git_config_string(&server.folder, var, val);
else if (!strcmp("imap.user", var))
return git_config_string(&server.user, var, val);
else if (!strcmp("imap.pass", var))
return git_config_string(&server.pass, var, val);
else if (!strcmp("imap.tunnel", var))
return git_config_string(&server.tunnel, var, val);
else if (!strcmp("imap.authmethod", var))
return git_config_string(&server.auth_method, var, val);
else if (!strcmp("imap.port", var))
server.port = git_config_int(var, val, ctx->kvi);
else if (!strcmp("imap.host", var)) {
if (!val) {
return config_error_nonbool(var);
} else {
if (starts_with(val, "imap:"))
val += 5;
else if (starts_with(val, "imaps:")) {
val += 6;
server.use_ssl = 1;
}
if (starts_with(val, "//"))
val += 2;
server.host = xstrdup(val);
}
} else
return git_default_config(var, val, ctx, cb);
return 0;
}
static int append_msgs_to_imap(struct imap_server_conf *server,
struct strbuf* all_msgs, int total)
{
struct strbuf msg = STRBUF_INIT;
struct imap_store *ctx = NULL;
int ofs = 0;
int r;
int n = 0;
ctx = imap_open_store(server, server->folder);
if (!ctx) {
fprintf(stderr, "failed to open store\n");
return 1;
}
ctx->name = server->folder;
fprintf(stderr, "sending %d message%s\n", total, (total != 1) ? "s" : "");
while (1) {
unsigned percent = n * 100 / total;
fprintf(stderr, "%4u%% (%d/%d) done\r", percent, n, total);
if (!split_msg(all_msgs, &msg, &ofs))
break;
if (server->use_html)
wrap_in_html(&msg);
r = imap_store_msg(ctx, &msg);
if (r != DRV_OK)
break;
n++;
}
fprintf(stderr, "\n");
imap_close_store(ctx);
return 0;
}
#ifdef USE_CURL_FOR_IMAP_SEND
static CURL *setup_curl(struct imap_server_conf *srvc, struct credential *cred)
{
CURL *curl;
struct strbuf path = STRBUF_INIT;
char *uri_encoded_folder;
if (curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK)
die("curl_global_init failed");
curl = curl_easy_init();
if (!curl)
die("curl_easy_init failed");
server_fill_credential(srvc, cred);
curl_easy_setopt(curl, CURLOPT_USERNAME, srvc->user);
curl_easy_setopt(curl, CURLOPT_PASSWORD, srvc->pass);
strbuf_addstr(&path, srvc->use_ssl ? "imaps://" : "imap://");
strbuf_addstr(&path, srvc->host);
if (!path.len || path.buf[path.len - 1] != '/')
strbuf_addch(&path, '/');
uri_encoded_folder = curl_easy_escape(curl, srvc->folder, 0);
if (!uri_encoded_folder)
die("failed to encode server folder");
strbuf_addstr(&path, uri_encoded_folder);
curl_free(uri_encoded_folder);
curl_easy_setopt(curl, CURLOPT_URL, path.buf);
strbuf_release(&path);
curl_easy_setopt(curl, CURLOPT_PORT, srvc->port);
if (srvc->auth_method) {
#ifndef GIT_CURL_HAVE_CURLOPT_LOGIN_OPTIONS
warning("No LOGIN_OPTIONS support in this cURL version");
#else
struct strbuf auth = STRBUF_INIT;
strbuf_addstr(&auth, "AUTH=");
strbuf_addstr(&auth, srvc->auth_method);
curl_easy_setopt(curl, CURLOPT_LOGIN_OPTIONS, auth.buf);
strbuf_release(&auth);
#endif
}
if (!srvc->use_ssl)
curl_easy_setopt(curl, CURLOPT_USE_SSL, (long)CURLUSESSL_TRY);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, srvc->ssl_verify);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, srvc->ssl_verify);
curl_easy_setopt(curl, CURLOPT_READFUNCTION, fread_buffer);
curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
if (0 < verbosity || getenv("GIT_CURL_VERBOSE"))
http_trace_curl_no_data();
setup_curl_trace(curl);
return curl;
}
static int curl_append_msgs_to_imap(struct imap_server_conf *server,
struct strbuf* all_msgs, int total)
{
int ofs = 0;
int n = 0;
struct buffer msgbuf = { STRBUF_INIT, 0 };
CURL *curl;
CURLcode res = CURLE_OK;
struct credential cred = CREDENTIAL_INIT;
curl = setup_curl(server, &cred);
curl_easy_setopt(curl, CURLOPT_READDATA, &msgbuf);
fprintf(stderr, "sending %d message%s\n", total, (total != 1) ? "s" : "");
while (1) {
unsigned percent = n * 100 / total;
int prev_len;
fprintf(stderr, "%4u%% (%d/%d) done\r", percent, n, total);
prev_len = msgbuf.buf.len;
if (!split_msg(all_msgs, &msgbuf.buf, &ofs))
break;
if (server->use_html)
wrap_in_html(&msgbuf.buf);
lf_to_crlf(&msgbuf.buf);
curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE,
(curl_off_t)(msgbuf.buf.len-prev_len));
res = curl_easy_perform(curl);
if(res != CURLE_OK) {
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
break;
}
n++;
}
fprintf(stderr, "\n");
curl_easy_cleanup(curl);
curl_global_cleanup();
if (cred.username) {
if (res == CURLE_OK)
credential_approve(&cred);
else if (res == CURLE_LOGIN_DENIED)
credential_reject(&cred);
}
credential_clear(&cred);
return res != CURLE_OK;
}
#endif
int cmd_main(int argc, const char **argv)
{
struct strbuf all_msgs = STRBUF_INIT;
int total;
int nongit_ok;
setup_git_directory_gently(&nongit_ok);
git_config(git_imap_config, NULL);
argc = parse_options(argc, (const char **)argv, "", imap_send_options, imap_send_usage, 0);
if (argc)
usage_with_options(imap_send_usage, imap_send_options);
#ifndef USE_CURL_FOR_IMAP_SEND
if (use_curl) {
warning("--curl not supported in this build");
use_curl = 0;
}
#elif defined(NO_OPENSSL)
if (!use_curl) {
warning("--no-curl not supported in this build");
use_curl = 1;
}
#endif
if (!server.port)
server.port = server.use_ssl ? 993 : 143;
if (!server.folder) {
fprintf(stderr, "no imap store specified\n");
return 1;
}
if (!server.host) {
if (!server.tunnel) {
fprintf(stderr, "no imap host specified\n");
return 1;
}
server.host = "tunnel";
}
/* read the messages */
if (strbuf_read(&all_msgs, 0, 0) < 0) {
error_errno(_("could not read from stdin"));
return 1;
}
if (all_msgs.len == 0) {
fprintf(stderr, "nothing to send\n");
return 1;
}
total = count_messages(&all_msgs);
if (!total) {
fprintf(stderr, "no messages to send\n");
return 1;
}
/* write it to the imap server */
if (server.tunnel)
return append_msgs_to_imap(&server, &all_msgs, total);
#ifdef USE_CURL_FOR_IMAP_SEND
if (use_curl)
return curl_append_msgs_to_imap(&server, &all_msgs, total);
#endif
return append_msgs_to_imap(&server, &all_msgs, total);
}
View Git Blame Copy Permalink