From db27122d3942ebec4471c260403d87cdd6541add Mon Sep 17 00:00:00 2001 From: Charles Collicutt Date: Thu, 17 May 2018 22:56:12 +0100 Subject: upas/nfs: correctly quote IMAP LOGIN arguments According to RFC 3501 the arguments to the LOGIN command should be quoted strings (or length prefixed string literals). Without quoting, authentication to some IMAP servers (e.g. Dovecot) will fail. --- src/cmd/upas/nfs/imap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/cmd/upas') diff --git a/src/cmd/upas/nfs/imap.c b/src/cmd/upas/nfs/imap.c index 2cbe99e1..8d43fe79 100644 --- a/src/cmd/upas/nfs/imap.c +++ b/src/cmd/upas/nfs/imap.c @@ -214,7 +214,7 @@ imaplogin(Imap *z) return -1; } - sx = imapcmdsx(z, nil, "LOGIN %Z %Z", up->user, up->passwd); + sx = imapcmdsx(z, nil, "LOGIN %#Z %#Z", up->user, up->passwd); freeup(up); if(sx == nil) return -1; -- cgit v1.2.3 From de43b1629d008aa6cdf4f6beb2b06e3859616a3e Mon Sep 17 00:00:00 2001 From: Zach Scott Date: Wed, 14 Nov 2018 05:24:07 +0000 Subject: upas/smtp: fix TLS connections (#163) Both `upas/nfs` and `upas/smtp` call the currently broken `tlsClient()` from libsec. This commit copies a fix from upas/nfs into upas/smtp. In `imapdial()`, upas/nfs replaces a process call for tlsClient with `stunnel3` when not on Plan 9. upas/smtp calls tlsClient directly as a function, so imapdial was copied into mxdial.c as `smtpdial()`, and tlsClient+dial replaced with a call to smtpdial. --- src/cmd/upas/smtp/mxdial.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++ src/cmd/upas/smtp/smtp.c | 1 + 2 files changed, 49 insertions(+) (limited to 'src/cmd/upas') diff --git a/src/cmd/upas/smtp/mxdial.c b/src/cmd/upas/smtp/mxdial.c index f3a2a209..56962dcd 100644 --- a/src/cmd/upas/smtp/mxdial.c +++ b/src/cmd/upas/smtp/mxdial.c @@ -2,6 +2,7 @@ #include #include "smtp.h" /* to publish dial_string_parse */ #include +#include enum { @@ -27,6 +28,45 @@ static int callmx(DS*, char*, char*); static void expand_meta(DS *ds); extern int cistrcmp(char*, char*); +/* Taken from imapdial, replaces tlsclient call with stunnel */ +static int +smtpdial(char *server) +{ + int p[2]; + int fd[3]; + char *tmp; + char *fpath; + + if(pipe(p) < 0) + return -1; + fd[0] = dup(p[0], -1); + fd[1] = dup(p[0], -1); + fd[2] = dup(2, -1); +#ifdef PLAN9PORT + tmp = smprint("%s:587", server); + fpath = searchpath("stunnel3"); + if (!fpath) { + werrstr("stunnel not found. it is required for tls support."); + return -1; + } + if(threadspawnl(fd, fpath, "stunnel", "-n", "smtp" , "-c", "-r", tmp, nil) < 0) { +#else + tmp = smprint("tcp!%s!587", server); + if(threadspawnl(fd, "/bin/tlsclient", "tlsclient", tmp, nil) < 0){ +#endif + free(tmp); + close(p[0]); + close(p[1]); + close(fd[0]); + close(fd[1]); + close(fd[2]); + return -1; + } + free(tmp); + close(p[0]); + return p[1]; +} + int mxdial(char *addr, char *ddomain, char *gdomain) { @@ -100,13 +140,21 @@ callmx(DS *ds, char *dest, char *domain) } /* dial each one in turn */ for(i = 0; i < nmx; i++){ +#ifdef PLAN9PORT + snprint(addr, sizeof(addr), "%s", mx[i].host); +#else snprint(addr, sizeof(addr), "%s!%s!%s", ds->proto, mx[i].host, ds->service); +#endif if(debug) fprint(2, "mxdial trying %s (%d)\n", addr, i); atnotify(timeout, 1); alarm(10*1000); +#ifdef PLAN9PORT + fd = smtpdial(addr); +#else fd = dial(addr, 0, 0, 0); +#endif alarm(0); atnotify(timeout, 0); if(fd >= 0) diff --git a/src/cmd/upas/smtp/smtp.c b/src/cmd/upas/smtp/smtp.c index 9dd05596..92873723 100644 --- a/src/cmd/upas/smtp/smtp.c +++ b/src/cmd/upas/smtp/smtp.c @@ -467,6 +467,7 @@ hello(char *me, int encrypted) } ehlo = 1; + encrypted = 1; Again: if(ehlo) dBprint("EHLO %s\r\n", me); -- cgit v1.2.3