#include <ctype.h>
#include <string.h>
#include <limits.h>
+
+#ifdef HAVE_OPENSSL
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#endif
+
#include "citadel.h"
#include "server.h"
#include "sysdep_decls.h"
#include "imap_store.h"
#include "imap_misc.h"
+#ifdef HAVE_OPENSSL
+#include "serv_crypto.h"
+#endif
+
/* imap_rename() uses this struct containing list of rooms to rename */
struct irl {
struct irl *next;
struct visit vbuf;
int i;
- CtdlGetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
+ CtdlGetRelationship(&vbuf, &CC->user, &CC->room);
if (IMAP->num_msgs > 0) {
for (i=0; i<IMAP->num_msgs; ++i) {
if (is_msg_in_mset(vbuf.v_seen, IMAP->msgids[i])) {
/* Load the *current* message list from disk, so we can compare it
* to what we have in memory.
*/
- cdbfr = cdb_fetch(CDB_MSGLISTS, &CC->quickroom.QRnumber, sizeof(long));
+ cdbfr = cdb_fetch(CDB_MSGLISTS, &CC->room.QRnumber, sizeof(long));
if (cdbfr != NULL) {
msglist = mallok(cdbfr->len);
memcpy(msglist, cdbfr->ptr, cdbfr->len);
* implements the CAPABILITY command
*/
void imap_capability(int num_parms, char *parms[]) {
- cprintf("* CAPABILITY IMAP4 IMAP4REV1 AUTH=LOGIN\r\n");
+ cprintf("* CAPABILITY IMAP4 IMAP4REV1 AUTH=LOGIN");
+#ifdef HAVE_OPENSSL
+ cprintf(" STARTTLS");
+#endif
+ cprintf("\r\n");
cprintf("%s OK CAPABILITY completed\r\n", parms[0]);
}
+/*
+ * implements the STARTTLS command
+ */
+#ifdef HAVE_OPENSSL
+void imap_starttls(int num_parms, char *parms[]) {
+ int retval, bits, alg_bits;
+
+ if (!ssl_ctx) {
+ cprintf("%s NO No SSL_CTX available\r\n", parms[0]);
+ return;
+ }
+ if (!(CC->ssl = SSL_new(ssl_ctx))) {
+ lprintf(2, "SSL_new failed: %s\n",
+ ERR_reason_error_string(ERR_peek_error()));
+ cprintf("%s NO SSL_new: %s\r\n", parms[0],
+ ERR_reason_error_string(ERR_get_error()));
+ return;
+ }
+ if (!(SSL_set_fd(CC->ssl, CC->client_socket))) {
+ lprintf(2, "SSL_set_fd failed: %s\n",
+ ERR_reason_error_string(ERR_peek_error()));
+ SSL_free(CC->ssl);
+ CC->ssl = NULL;
+ cprintf("%s NO SSL_set_fd: %s\r\n", parms[0],
+ ERR_reason_error_string(ERR_get_error()));
+ return;
+ }
+ cprintf("%s OK begin TLS negotiation now\r\n", parms[0]);
+ retval = SSL_accept(CC->ssl);
+ if (retval < 1) {
+ /*
+ * Can't notify the client of an error here; they will
+ * discover the problem at the SSL layer and should
+ * revert to unencrypted communications.
+ */
+ long errval;
+
+ errval = SSL_get_error(CC->ssl, retval);
+ lprintf(2, "SSL_accept failed: %s\n",
+ ERR_reason_error_string(ERR_get_error()));
+ SSL_free(CC->ssl);
+ CC->ssl = NULL;
+ return;
+ }
+ BIO_set_close(CC->ssl->rbio, BIO_NOCLOSE);
+ bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(CC->ssl), &alg_bits);
+ lprintf(3, "SSL/TLS using %s on %s (%d of %d bits)\n",
+ SSL_CIPHER_get_name(SSL_get_current_cipher(CC->ssl)),
+ SSL_CIPHER_get_version(SSL_get_current_cipher(CC->ssl)),
+ bits, alg_bits);
+ CC->redirect_ssl = 1;
+}
+#endif
int c = 0;
int ok = 0;
int ra = 0;
- struct quickroom QRscratch;
+ struct ctdlroom QRscratch;
int msgs, new;
int floornum;
int roomflags;
/* Then try a mailbox name match */
if (c != 0) {
MailboxName(augmented_roomname, sizeof augmented_roomname,
- &CC->usersupp, towhere);
+ &CC->user, towhere);
c = getroom(&QRscratch, augmented_roomname);
if (c == 0)
strcpy(towhere, augmented_roomname);
/* If the room exists, check security/access */
if (c == 0) {
/* See if there is an existing user/room relationship */
- ra = CtdlRoomAccess(&QRscratch, &CC->usersupp);
+ ra = CtdlRoomAccess(&QRscratch, &CC->user);
/* normal clients have to pass through security */
if (ra & UA_KNOWN) {
* usergoto() formally takes us to the desired room, happily returning
* the number of messages and number of new messages.
*/
- memcpy(&CC->quickroom, &QRscratch, sizeof(struct quickroom));
+ memcpy(&CC->room, &QRscratch, sizeof(struct ctdlroom));
usergoto(NULL, 0, 0, &msgs, &new);
IMAP->selected = 1;
if (IMAP->num_msgs > 0) for (i=0; i<IMAP->num_msgs; ++i) {
if (IMAP->flags[i] & IMAP_DELETED) {
- CtdlDeleteMessages(CC->quickroom.QRname,
+ CtdlDeleteMessages(CC->room.QRname,
IMAP->msgids[i], "");
++num_expunged;
lprintf(9, "%ld ... deleted\n", IMAP->msgids[i]);
* IMAP "subscribed folder" is equivocated to Citadel "known rooms." This
* may or may not be the desired behavior in the future.
*/
-void imap_lsub_listroom(struct quickroom *qrbuf, void *data) {
+void imap_lsub_listroom(struct ctdlroom *qrbuf, void *data) {
char buf[SIZ];
int ra;
char *pattern;
pattern = (char *)data;
/* Only list rooms to which the user has access!! */
- ra = CtdlRoomAccess(qrbuf, &CC->usersupp);
+ ra = CtdlRoomAccess(qrbuf, &CC->user);
if (ra & UA_KNOWN) {
imap_mailboxname(buf, sizeof buf, qrbuf);
if (imap_mailbox_matches_pattern(pattern, buf)) {
/*
* Back end for imap_list()
*/
-void imap_list_listroom(struct quickroom *qrbuf, void *data) {
+void imap_list_listroom(struct ctdlroom *qrbuf, void *data) {
char buf[SIZ];
int ra;
char *pattern;
pattern = (char *)data;
/* Only list rooms to which the user has access!! */
- ra = CtdlRoomAccess(qrbuf, &CC->usersupp);
+ ra = CtdlRoomAccess(qrbuf, &CC->user);
if ( (ra & UA_KNOWN)
|| ((ra & UA_GOTOALLOWED) && (ra & UA_ZAPPED))) {
imap_mailboxname(buf, sizeof buf, qrbuf);
int flags;
int newroomtype;
+ if (strchr(parms[2], '\\') != NULL) {
+ cprintf("%s NO Invalid character in folder name\r\n", parms[0]);
+ return;
+ }
+
ret = imap_roomname(roomname, sizeof roomname, parms[2]);
if (ret < 0) {
cprintf("%s NO Invalid mailbox name or location\r\n",
char augmented_roomname[ROOMNAMELEN];
char roomname[ROOMNAMELEN];
int c;
- struct quickroom QRscratch;
+ struct ctdlroom QRscratch;
int ra;
int ok = 0;
/* Then try a mailbox name match */
if (c != 0) {
MailboxName(augmented_roomname, sizeof augmented_roomname,
- &CC->usersupp, roomname);
+ &CC->user, roomname);
c = getroom(&QRscratch, augmented_roomname);
if (c == 0)
strcpy(roomname, augmented_roomname);
/* If the room exists, check security/access */
if (c == 0) {
/* See if there is an existing user/room relationship */
- ra = CtdlRoomAccess(&QRscratch, &CC->usersupp);
+ ra = CtdlRoomAccess(&QRscratch, &CC->user);
/* normal clients have to pass through security */
if (ra & UA_KNOWN) {
* folder is selected, save its name so we can return there!!!!!)
*/
if (IMAP->selected) {
- strcpy(savedroom, CC->quickroom.QRname);
+ strcpy(savedroom, CC->room.QRname);
}
usergoto(roomname, 0, 0, &msgs, &new);
* names and simply spew all possible data items. It's far easier to
* code and probably saves us some processing time too.
*/
- imap_mailboxname(buf, sizeof buf, &CC->quickroom);
+ imap_mailboxname(buf, sizeof buf, &CC->room);
cprintf("* STATUS ");
imap_strout(buf);
cprintf(" (MESSAGES %d ", msgs);
* we're looking for.
*/
if (IMAP->selected) {
- strcpy(savedroom, CC->quickroom.QRname);
+ strcpy(savedroom, CC->room.QRname);
}
usergoto(roomname, 0, 0, &msgs, &new);
* usergoto() formally takes us to the desired room.
*/
if (IMAP->selected) {
- strcpy(savedroom, CC->quickroom.QRname);
+ strcpy(savedroom, CC->room.QRname);
}
usergoto(roomname, 0, 0, &msgs, &new);
* folder is selected, save its name so we can return there!!!!!)
*/
if (IMAP->selected) {
- strcpy(savedroom, CC->quickroom.QRname);
+ strcpy(savedroom, CC->room.QRname);
}
usergoto(roomname, 0, 0, &msgs, &new);
/*
* Now delete the room.
*/
- if (CtdlDoIHavePermissionToDeleteThisRoom(&CC->quickroom)) {
+ if (CtdlDoIHavePermissionToDeleteThisRoom(&CC->room)) {
cprintf("%s OK DELETE completed\r\n", parms[0]);
- delete_room(&CC->quickroom);
+ delete_room(&CC->room);
}
else {
cprintf("%s NO Can't delete this folder.\r\n", parms[0]);
/*
* Back end function for imap_rename()
*/
-void imap_rename_backend(struct quickroom *qrbuf, void *data) {
+void imap_rename_backend(struct ctdlroom *qrbuf, void *data) {
char foldername[SIZ];
char newfoldername[SIZ];
char newroomname[ROOMNAMELEN];
struct irl *irlp = NULL; /* scratch pointer */
struct irlparms irlparms;
+ if (strchr(parms[3], '\\') != NULL) {
+ cprintf("%s NO Invalid character in folder name\r\n", parms[0]);
+ return;
+ }
+
oldr = imap_roomname(old_room, sizeof old_room, parms[2]);
newr = imap_roomname(new_room, sizeof new_room, parms[3]);
new_floor = (newr & 0xFF);
imap_capability(num_parms, parms);
}
+#ifdef HAVE_OPENSSL
+ else if (!strcasecmp(parms[1], "STARTTLS")) {
+ imap_starttls(num_parms, parms);
+ }
+#endif
+
else if (!CC->logged_in) {
cprintf("%s BAD Not logged in.\r\n", parms[0]);
}
projects / citadel.git / blobdiff