+static void SMTP_auth_error(int sock, const char *msg)
+{
+ SockPrintf(sock, "*\r\n");
+ SockRead(sock, smtp_response, sizeof(smtp_response) - 1);
+ if (outlevel >= O_MONITOR) report(stdout, "%s", msg);
+}
+
+static void SMTP_auth(int sock, char smtp_mode, char *username, char *password, char *buf)
+/* ESMTP Authentication support for fetchmail by Wojciech Polak */
+{
+ int c;
+ char *p = 0;
+ char b64buf[512];
+ char tmp[512];
+
+ if (!username || !password) return;
+
+ memset(b64buf, 0, sizeof(b64buf));
+ memset(tmp, 0, sizeof(tmp));
+
+ if (strstr(buf, "CRAM-MD5")) {
+ unsigned char digest[16];
+ memset(digest, 0, sizeof(digest));
+
+ if (outlevel >= O_MONITOR)
+ report(stdout, GT_("ESMTP CRAM-MD5 Authentication...\n"));
+ SockPrintf(sock, "AUTH CRAM-MD5\r\n");
+ SockRead(sock, smtp_response, sizeof(smtp_response) - 1);
+ strlcpy(tmp, smtp_response, sizeof(tmp));
+
+ if (strncmp(tmp, "334", 3)) { /* Server rejects AUTH */
+ SMTP_auth_error(sock, GT_("Server rejected the AUTH command.\n"));
+ return;
+ }
+
+ p = strchr(tmp, ' ');
+ p++;
+ /* (hmh) from64tobits will not NULL-terminate strings! */
+ if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
+ SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n"));
+ return;
+ }
+ if (outlevel >= O_DEBUG)
+ report(stdout, GT_("Challenge decoded: %s\n"), b64buf);
+ hmac_md5((unsigned char *)password, strlen(password),
+ (unsigned char *)b64buf, strlen(b64buf), digest, sizeof(digest));
+ snprintf(tmp, sizeof(tmp),
+ "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+ username, digest[0], digest[1], digest[2], digest[3],
+ digest[4], digest[5], digest[6], digest[7], digest[8],
+ digest[9], digest[10], digest[11], digest[12], digest[13],
+ digest[14], digest[15]);
+
+ to64frombits(b64buf, tmp, strlen(tmp));
+ SockPrintf(sock, "%s\r\n", b64buf);
+ SMTP_ok(sock, smtp_mode, TIMEOUT_DEFAULT);
+ }
+ else if (strstr(buf, "PLAIN")) {
+ int len;
+ if (outlevel >= O_MONITOR)
+ report(stdout, GT_("ESMTP PLAIN Authentication...\n"));
+ snprintf(tmp, sizeof(tmp), "^%s^%s", username, password);
+
+ len = strlen(tmp);
+ for (c = len - 1; c >= 0; c--)
+ {
+ if (tmp[c] == '^')
+ tmp[c] = '\0';
+ }
+ to64frombits(b64buf, tmp, len);
+ SockPrintf(sock, "AUTH PLAIN %s\r\n", b64buf);
+ SMTP_ok(sock, smtp_mode, TIMEOUT_DEFAULT);
+ }
+ else if (strstr(buf, "LOGIN")) {
+ if (outlevel >= O_MONITOR)
+ report(stdout, GT_("ESMTP LOGIN Authentication...\n"));
+ SockPrintf(sock, "AUTH LOGIN\r\n");
+ SockRead(sock, smtp_response, sizeof(smtp_response) - 1);
+ strlcpy(tmp, smtp_response, sizeof(tmp));
+
+ if (strncmp(tmp, "334", 3)) { /* Server rejects AUTH */
+ SMTP_auth_error(sock, GT_("Server rejected the AUTH command.\n"));
+ return;
+ }
+
+ p = strchr(tmp, ' ');
+ p++;
+ if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
+ SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n"));
+ return;
+ }
+ to64frombits(b64buf, username, strlen(username));
+ SockPrintf(sock, "%s\r\n", b64buf);
+ SockRead(sock, smtp_response, sizeof(smtp_response) - 1);
+ strlcpy(tmp, smtp_response, sizeof(tmp));
+ p = strchr(tmp, ' ');
+ if (!p) {
+ SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n"));
+ return;
+ }
+ p++;
+ memset(b64buf, 0, sizeof(b64buf));
+ if (from64tobits(b64buf, p, sizeof(b64buf) - 1) <= 0) {
+ SMTP_auth_error(sock, GT_("Bad base64 reply from server.\n"));
+ return;
+ }
+ to64frombits(b64buf, password, strlen(password));
+ SockPrintf(sock, "%s\r\n", b64buf);
+ SMTP_ok(sock, smtp_mode, TIMEOUT_DEFAULT);
+ }
+ return;
+}
+
+int SMTP_ehlo(int sock, char smtp_mode, const char *host, char *name, char *password, int *opt)
+/* send a "EHLO" message to the SMTP listener, return extension status bits */
+{
+ struct opt *hp;
+ char auth_response[511];
+ SIGHANDLERTYPE alrmsave;
+ const int tmout = (mytimeout >= TIMEOUT_HELO ? mytimeout : TIMEOUT_HELO);
+
+ SockPrintf(sock,"%cHLO %s\r\n", (smtp_mode == 'S') ? 'E' : smtp_mode, host);
+ if (outlevel >= O_MONITOR)
+ report(stdout, "%cMTP> %cHLO %s\n",
+ smtp_mode, (smtp_mode == 'S') ? 'E' : smtp_mode, host);
+
+ alrmsave = set_signal_handler(SIGALRM, null_signal_handler);
+ set_timeout(tmout);
+
+ *opt = 0;
+ while ((SockRead(sock, smtp_response, sizeof(smtp_response)-1)) != -1)
+ {
+ size_t n;
+
+ set_timeout(0);
+ (void)set_signal_handler(SIGALRM, alrmsave);
+
+ n = strlen(smtp_response);
+ if (n > 0 && smtp_response[n-1] == '\n')
+ smtp_response[--n] = '\0';
+ if (n > 0 && smtp_response[n-1] == '\r')
+ smtp_response[--n] = '\0';
+ if (n < 4)
+ return SM_ERROR;
+ smtp_response[n] = '\0';
+ if (outlevel >= O_MONITOR)
+ report(stdout, "%cMTP< %s\n", smtp_mode, smtp_response);
+ for (hp = extensions; hp->name; hp++)
+ if (!strncasecmp(hp->name, smtp_response+4, strlen(hp->name))) {
+ *opt |= hp->value;
+ if (strncmp(hp->name, "AUTH ", 5) == 0)
+ strncpy(auth_response, smtp_response, sizeof(auth_response));
+ auth_response[sizeof(auth_response)-1] = '\0';
+ }
+ if ((smtp_response[0] == '1' || smtp_response[0] == '2' || smtp_response[0] == '3') && smtp_response[3] == ' ') {
+ if (*opt & ESMTP_AUTH)
+ SMTP_auth(sock, smtp_mode, name, password, auth_response);
+ return SM_OK;
+ }
+ else if (smtp_response[3] != '-')
+ return SM_ERROR;
+
+ alrmsave = set_signal_handler(SIGALRM, null_signal_handler);
+ set_timeout(tmout);
+ }
+ return SM_UNRECOVERABLE;
+}
+
+int SMTP_from(int sock, char smtp_mode, const char *from, const char *opts)