nuke home-grown CRAM-MD5 support
it was obsoleted by SASL support. i deem the additional dependency acceptable when one wants the feature.
This commit is contained in:
parent
eb1005151c
commit
7ee0483436
|
@ -1454,28 +1454,6 @@ imap_cleanup_p2( imap_store_t *ctx,
|
|||
|
||||
/******************* imap_open_store *******************/
|
||||
|
||||
#ifdef HAVE_LIBSSL
|
||||
static int
|
||||
do_cram_auth( imap_store_t *ctx, struct imap_cmd *cmdp, const char *prompt )
|
||||
{
|
||||
imap_server_conf_t *srvc = ((imap_store_conf_t *)ctx->gen.conf)->server;
|
||||
char *resp;
|
||||
int l;
|
||||
|
||||
cmdp->param.cont = 0;
|
||||
|
||||
cram( prompt, srvc->user, srvc->pass, &resp, &l );
|
||||
|
||||
if (DFlags & VERBOSE) {
|
||||
printf( "%s>+> %s\n", ctx->label, resp );
|
||||
fflush( stdout );
|
||||
}
|
||||
if (socket_write( &ctx->conn, resp, l, GiveOwn ) < 0)
|
||||
return -1;
|
||||
return socket_write( &ctx->conn, "\r\n", 2, KeepOwn );
|
||||
}
|
||||
#endif
|
||||
|
||||
static void imap_open_store_connected( int, void * );
|
||||
#ifdef HAVE_LIBSSL
|
||||
static void imap_open_store_tlsstarted1( int, void * );
|
||||
|
@ -1888,9 +1866,6 @@ imap_open_store_authenticate2( imap_store_t *ctx )
|
|||
imap_store_conf_t *cfg = (imap_store_conf_t *)ctx->gen.conf;
|
||||
imap_server_conf_t *srvc = cfg->server;
|
||||
string_list_t *mech, *cmech;
|
||||
#ifdef HAVE_LIBSSL
|
||||
int auth_cram = 0;
|
||||
#endif
|
||||
int auth_login = 0;
|
||||
#ifdef HAVE_LIBSASL
|
||||
char saslmechs[1024], *saslend = saslmechs;
|
||||
|
@ -1906,10 +1881,6 @@ imap_open_store_authenticate2( imap_store_t *ctx )
|
|||
if (ctx->conn.ssl || !any)
|
||||
#endif
|
||||
auth_login = 1;
|
||||
#ifdef HAVE_LIBSSL
|
||||
} else if (!strcasecmp( cmech->string, "CRAM-MD5" )) {
|
||||
auth_cram = 1;
|
||||
#endif
|
||||
} else {
|
||||
#ifdef HAVE_LIBSASL
|
||||
int len = strlen( cmech->string );
|
||||
|
@ -1974,18 +1945,6 @@ imap_open_store_authenticate2( imap_store_t *ctx )
|
|||
free( enc );
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_LIBSSL
|
||||
if (auth_cram) {
|
||||
struct imap_cmd *cmd = new_imap_cmd( sizeof(*cmd) );
|
||||
|
||||
if (!ensure_user( srvc ) || !ensure_password( srvc ))
|
||||
goto bail;
|
||||
info( "Authenticating with CRAM-MD5...\n" );
|
||||
cmd->param.cont = do_cram_auth;
|
||||
imap_exec( ctx, cmd, imap_open_store_authenticate2_p2, "AUTHENTICATE CRAM-MD5" );
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
if (auth_login) {
|
||||
if (!ensure_user( srvc ) || !ensure_password( srvc ))
|
||||
|
|
55
src/socket.c
55
src/socket.c
|
@ -717,58 +717,3 @@ socket_fd_cb( int events, void *aux )
|
|||
if (events & POLLIN)
|
||||
socket_fill( conn );
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBSSL
|
||||
/* this isn't strictly socket code, but let's have all OpenSSL use in one file. */
|
||||
|
||||
#define ENCODED_SIZE(n) (4*((n+2)/3))
|
||||
|
||||
static char
|
||||
hexchar( unsigned int b )
|
||||
{
|
||||
if (b < 10)
|
||||
return '0' + b;
|
||||
return 'a' + (b - 10);
|
||||
}
|
||||
|
||||
void
|
||||
cram( const char *challenge, const char *user, const char *pass, char **_final, int *_finallen )
|
||||
{
|
||||
char *response, *final;
|
||||
unsigned hashlen;
|
||||
int i, clen, blen, flen, olen;
|
||||
unsigned char hash[16];
|
||||
char buf[256], hex[33];
|
||||
HMAC_CTX hmac;
|
||||
|
||||
HMAC_Init( &hmac, (unsigned char *)pass, strlen( pass ), EVP_md5() );
|
||||
|
||||
clen = strlen( challenge );
|
||||
/* response will always be smaller than challenge because we are decoding. */
|
||||
response = nfcalloc( 1 + clen );
|
||||
EVP_DecodeBlock( (unsigned char *)response, (unsigned char *)challenge, clen );
|
||||
HMAC_Update( &hmac, (unsigned char *)response, strlen( response ) );
|
||||
free( response );
|
||||
|
||||
hashlen = sizeof(hash);
|
||||
HMAC_Final( &hmac, hash, &hashlen );
|
||||
assert( hashlen == sizeof(hash) );
|
||||
|
||||
hex[32] = 0;
|
||||
for (i = 0; i < 16; i++) {
|
||||
hex[2 * i] = hexchar( (hash[i] >> 4) & 0xf );
|
||||
hex[2 * i + 1] = hexchar( hash[i] & 0xf );
|
||||
}
|
||||
|
||||
blen = nfsnprintf( buf, sizeof(buf), "%s %s", user, hex );
|
||||
|
||||
flen = ENCODED_SIZE( blen );
|
||||
final = nfmalloc( flen + 1 );
|
||||
final[flen] = 0;
|
||||
olen = EVP_EncodeBlock( (unsigned char *)final, (unsigned char *)buf, blen );
|
||||
assert( olen == flen );
|
||||
|
||||
*_final = final;
|
||||
*_finallen = flen;
|
||||
}
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue
Block a user