* For license terms, see the file COPYING in this directory.
*/
#include "config.h"
+
+#ifdef KERBEROS_V4
+
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#endif
#include "fetchmail.h"
#include "socket.h"
+#include "kerberos.h"
#include <sys/types.h>
#include <netinet/in.h> /* for htonl/ntohl */
-#ifdef KERBEROS_V4
-
-# ifdef KERBEROS_V5
-# include <kerberosIV/des.h>
-# include <kerberosIV/krb.h>
-# else
-# if defined (__bsdi__)
-# include <des.h>
-# define krb_get_err_text(e) (krb_err_txt[e])
-# endif
-# if defined(__NetBSD__) || (__FreeBSD__) || defined(__linux__)
-# define krb_get_err_text(e) (krb_err_txt[e])
-# endif
-# include <krb.h>
-# endif
-
-/* des.h might define _ for no good reason. */
-#undef _
#include "i18n.h"
#if SIZEOF_INT == 4
#error Cannot deduce a 32-bit-type
#endif
-int do_rfc1731(int sock, char *command, char *truename)
+int do_rfc1731(int sock, const char *command, const char *truename)
/* authenticate as per RFC1731 -- note 32-bit integer requirement here */
{
int result = 0, len;
* in network byte order.
*/
- if (result = gen_recv(sock, buf1, sizeof buf1)) {
+ if ((result = gen_recv(sock, buf1, sizeof buf1)) != 0) {
return result;
}
- len = from64tobits(challenge1.cstr, buf1);
+ len = from64tobits(challenge1.cstr, buf1, sizeof(challenge1.cstr));
if (len < 0) {
- report(stderr, _("could not decode initial BASE64 challenge\n"));
+ report(stderr, GT_("could not decode initial BASE64 challenge\n"));
return PS_AUTHFAIL;
}
strncpy(srvinst, truename, (sizeof srvinst)-1);
srvinst[(sizeof srvinst)-1] = '\0';
for (p = srvinst; *p; p++) {
- if (isupper(*p)) {
- *p = tolower(*p);
+ if (isupper((unsigned char)*p)) {
+ *p = tolower((unsigned char)*p);
}
}
strncpy(srvrealm, (char *)krb_realmofhost(srvinst), (sizeof srvrealm)-1);
srvrealm[(sizeof srvrealm)-1] = '\0';
- if (p = strchr(srvinst, '.')) {
+ if ((p = strchr(srvinst, '.')) != NULL) {
*p = '\0';
}
memcpy(session, credentials.session, sizeof session);
memset(&credentials, 0, sizeof credentials);
- des_key_sched(session, schedule);
+ des_key_sched(&session, schedule);
result = krb_get_tf_fullname(TKT_FILE, tktuser, tktinst, tktrealm);
if (result) {
*/
if (strcmp(tktuser, user) != 0) {
report(stderr,
- _("principal %s in ticket does not match -u %s\n"), tktuser,
+ GT_("principal %s in ticket does not match -u %s\n"), tktuser,
user);
return PS_AUTHFAIL;
}
if (tktinst[0]) {
report(stderr,
- _("non-null instance (%s) might cause strange behavior\n"),
+ GT_("non-null instance (%s) might cause strange behavior\n"),
tktinst);
- strcat(tktuser, ".");
- strcat(tktuser, tktinst);
+ strlcat(tktuser, ".", sizeof(tktuser));
+ strlcat(tktuser, tktinst, sizeof(tktuser));
}
if (strcmp(tktrealm, srvrealm) != 0) {
- strcat(tktuser, "@");
- strcat(tktuser, tktrealm);
+ strlcat(tktuser, "@", sizeof(tktuser));
+ strlcat(tktuser, tktrealm, sizeof(tktuser));
}
result = krb_mk_req(&authenticator, "imap", srvinst, srvrealm,
* checksum it previously sent.
*/
- if (result = gen_recv(sock, buf1, sizeof buf1))
+ if ((result = gen_recv(sock, buf1, sizeof buf1)) != 0)
return result;
/* The client must construct data with the first four octets
* process is complete.
*/
- len = from64tobits(buf2, buf1);
+ len = from64tobits(buf2, buf1, sizeof(buf2));
if (len < 0) {
- report(stderr, _("could not decode BASE64 ready response\n"));
+ report(stderr, GT_("could not decode BASE64 ready response\n"));
return PS_AUTHFAIL;
}
des_ecb_encrypt((des_cblock *)buf2, (des_cblock *)buf2, schedule, 0);
memcpy(challenge2.cstr, buf2, 4);
- if (ntohl(challenge2.cint) != challenge1.cint + 1) {
- report(stderr, _("challenge mismatch\n"));
+ if ((int32)ntohl(challenge2.cint) != challenge1.cint + 1) {
+ report(stderr, GT_("challenge mismatch\n"));
return PS_AUTHFAIL;
}
authenticator.dat[4] = 1;
len = strlen(tktuser);
- strncpy(authenticator.dat+8, tktuser, len);
+ strncpy((char *)authenticator.dat+8, tktuser, len);
authenticator.length = len + 8 + 1;
while (authenticator.length & 7) {
authenticator.length++;
}
- des_pcbc_encrypt((des_cblock *)authenticator.dat,
- (des_cblock *)authenticator.dat, authenticator.length, schedule,
+ des_pcbc_encrypt((const unsigned char *)authenticator.dat,
+ (unsigned char *)authenticator.dat, authenticator.length, schedule,
&session, 1);
to64frombits(buf1, authenticator.dat, authenticator.length);
/* ship down the response, accept the server's error/ok indication */
suppress_tags = TRUE;
- result = gen_transact(sock, buf1, strlen(buf1));
+ result = gen_transact(sock, "%s", buf1);
suppress_tags = FALSE;
if (result)
return(result);