+static void SMTP_auth_error(int sock, const char *msg)
+{
+ SockPrintf(sock, "*\r\n");
+ SockRead(sock, smtp_response, sizeof(smtp_response) - 1);
+ if (outlevel >= O_MONITOR) report(stdout, "%s", msg);
+}
+
+static void SMTP_auth(int sock, char smtp_mode, char *username, char *password, char *buf)
+/* ESMTP Authentication support for fetchmail by Wojciech Polak */
+{
+ int c;
+ char *p = 0;
+ char b64buf[512];
+ char tmp[512];
+
+ if (!username || !password) return;
+
+ memset(b64buf, 0, sizeof(b64buf));
+ memset(tmp, 0, sizeof(tmp));
+
+ if (strstr(buf, "CRAM-MD5")) {
+ unsigned char digest[16];
+ memset(digest, 0, sizeof(digest));
+
+ if (outlevel >= O_MONITOR)
+ report(stdout, GT_("ESMTP CRAM-MD5 Authentication...\n"));
+ SockPrintf(sock, "AUTH CRAM-MD5\r\n");
+ SockRead(sock, smtp_response, sizeof(smtp_response) - 1);
+ strlcpy(tmp, smtp_response, sizeof(tmp));
+
+ if (strncmp(tmp, "334", 3)) { /* Server rejects AUTH */
+ SMTP_auth_error(sock, GT_("Server rejected the AUTH command.\n"));
+ return;
+ }
+
+ p = strchr(tmp, ' ');
+ p++;
+ /* (hmh) from64tobits will not NULL-terminate strings! */
+ if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
+ SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n"));
+ return;
+ }
+ if (outlevel >= O_DEBUG)
+ report(stdout, GT_("Challenge decoded: %s\n"), b64buf);
+ hmac_md5((unsigned char *)password, strlen(password),
+ (unsigned char *)b64buf, strlen(b64buf), digest, sizeof(digest));
+ snprintf(tmp, sizeof(tmp),
+ "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+ username, digest[0], digest[1], digest[2], digest[3],
+ digest[4], digest[5], digest[6], digest[7], digest[8],
+ digest[9], digest[10], digest[11], digest[12], digest[13],
+ digest[14], digest[15]);
+
+ to64frombits(b64buf, tmp, strlen(tmp));
+ SockPrintf(sock, "%s\r\n", b64buf);
+ SMTP_ok(sock, smtp_mode, TIMEOUT_DEFAULT);
+ }
+ else if (strstr(buf, "PLAIN")) {
+ int len;
+ if (outlevel >= O_MONITOR)
+ report(stdout, GT_("ESMTP PLAIN Authentication...\n"));
+ snprintf(tmp, sizeof(tmp), "^%s^%s", username, password);
+
+ len = strlen(tmp);
+ for (c = len - 1; c >= 0; c--)
+ {
+ if (tmp[c] == '^')
+ tmp[c] = '\0';
+ }
+ to64frombits(b64buf, tmp, len);
+ SockPrintf(sock, "AUTH PLAIN %s\r\n", b64buf);
+ SMTP_ok(sock, smtp_mode, TIMEOUT_DEFAULT);
+ }
+ else if (strstr(buf, "LOGIN")) {
+ if (outlevel >= O_MONITOR)
+ report(stdout, GT_("ESMTP LOGIN Authentication...\n"));
+ SockPrintf(sock, "AUTH LOGIN\r\n");
+ SockRead(sock, smtp_response, sizeof(smtp_response) - 1);
+ strlcpy(tmp, smtp_response, sizeof(tmp));
+
+ if (strncmp(tmp, "334", 3)) { /* Server rejects AUTH */
+ SMTP_auth_error(sock, GT_("Server rejected the AUTH command.\n"));
+ return;
+ }
+
+ p = strchr(tmp, ' ');
+ p++;
+ if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
+ SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n"));
+ return;
+ }
+ to64frombits(b64buf, username, strlen(username));
+ SockPrintf(sock, "%s\r\n", b64buf);
+ SockRead(sock, smtp_response, sizeof(smtp_response) - 1);
+ strlcpy(tmp, smtp_response, sizeof(tmp));
+ p = strchr(tmp, ' ');
+ if (!p) {
+ SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n"));
+ return;
+ }
+ p++;
+ memset(b64buf, 0, sizeof(b64buf));
+ if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
+ SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n"));
+ return;
+ }
+ to64frombits(b64buf, password, strlen(password));
+ SockPrintf(sock, "%s\r\n", b64buf);
+ SMTP_ok(sock, smtp_mode, TIMEOUT_DEFAULT);
+ }
+ return;
+}
+
+int SMTP_ehlo(int sock, char smtp_mode, const char *host, char *name, char *password, int *opt)