Fix GSASL in imap4d.

* auth/gsasl.c (_gsasl_readline): Prevent stucking in
blocking streams.
* imap4d/auth_gsasl.c: Remove deprecated functions and data types.
* imap4d/auth_gss.c (auth_gssapi): Fix signature.
* imap4d/copy.c (imap4d_copy0): Fix return value.
* imap4d/imap4d.c (imap4d_cfg_param): Fix type of login-disabled.
* include/mailutils/gsasl.h (struct mu_gsasl_module_data): New
members: service, realm, hostname, anon_user.
* libcfg/gsasl.c (mu_gsasl_param): New keywords: service,
realm, hostname, anonymous-user.

+2008-08-14  Sergey Poznyakoff  <gray@gnu.org.ua>
+
+	Fix GSASL in imap4d.
+	* auth/gsasl.c (_gsasl_readline): Prevent stucking in
+	blocking streams.
+	* imap4d/auth_gsasl.c: Remove deprecated functions and data types.
+	* imap4d/auth_gss.c (auth_gssapi): Fix signature.
+	* imap4d/copy.c (imap4d_copy0): Fix return value.
+	* imap4d/imap4d.c (imap4d_cfg_param): Fix type of login-disabled.
+	* include/mailutils/gsasl.h (struct mu_gsasl_module_data): New
+	members: service, realm, hostname, anon_user.
+	* libcfg/gsasl.c (mu_gsasl_param): New keywords: service,
+	realm, hostname, anonymous-user.
+
 2008-08-13  Sergey Poznyakoff  <gray@gnu.org.ua>
 2008-08-13  Sergey Poznyakoff  <gray@gnu.org.ua>
 
 
 	* imap4d/util.c (imap4d_readline): Fix loop break condition.
 	* imap4d/util.c (imap4d_readline): Fix loop break condition.

 /* GNU Mailutils -- a suite of utilities for electronic mail
 /* GNU Mailutils -- a suite of utilities for electronic mail
-   Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
+   Copyright (C) 2003, 2004, 2005, 2008 Free Software Foundation, Inc.
 
 
    This library is free software; you can redistribute it and/or
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
    modify it under the terms of the GNU Lesser General Public
@@ -90,11 +90,11 @@ _gsasl_readline (mu_stream_t stream, char *optr, size_t osize,
 
 
   do
   do
     {
     {
-      char buf[80];
+      char c;
       size_t sz;
       size_t sz;
       int status;
       int status;
       
       
-      status = mu_stream_sequential_read (s->stream, buf, sizeof (buf), &sz);
+      status = mu_stream_sequential_read (s->stream, &c, 1, &sz);
       if (status == EINTR)
       if (status == EINTR)
 	continue;
 	continue;
       else if (status)
       else if (status)
@@ -102,7 +102,7 @@ _gsasl_readline (mu_stream_t stream, char *optr, size_t osize,
 	  free (bufp);
 	  free (bufp);
 	  return status;
 	  return status;
 	}
 	}
-      rc = _auth_lb_grow (s->lb, buf, sz);
+      rc = _auth_lb_grow (s->lb, &c, sz);
       if (rc)
       if (rc)
 	return rc;
 	return rc;
       
       

 /* GNU Mailutils -- a suite of utilities for electronic mail
 /* GNU Mailutils -- a suite of utilities for electronic mail
-   Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation, Inc.
+   Copyright (C) 2003, 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
 
 
    GNU Mailutils is free software; you can redistribute it and/or modify
    GNU Mailutils is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    it under the terms of the GNU General Public License as published by
@@ -23,8 +23,8 @@
 # include <mailutils/sql.h>
 # include <mailutils/sql.h>
 #endif
 #endif
 
 
-static Gsasl_ctx *ctx;   
-static Gsasl_session_ctx *sess_ctx; 
+static Gsasl *ctx;   
+static Gsasl_session *sess_ctx; 
 
 
 static void auth_gsasl_capa_init (int disable);
 static void auth_gsasl_capa_init (int disable);
 
 
@@ -69,21 +69,18 @@ gsasl_replace_streams (void *self, void *data)
 static void
 static void
 finish_session (void)
 finish_session (void)
 {
 {
-  gsasl_server_finish (sess_ctx);
+  gsasl_finish (sess_ctx);
 }
 }
 
 
 static int
 static int
-auth_gsasl (struct imap4d_command *command,
-	    char *auth_type, char *arg, char **username)
+auth_gsasl (struct imap4d_command *command, char *auth_type, char **username)
 {
 {
-  char *input = NULL;
+  char *input_str = NULL;
+  size_t input_size = 0;
+  size_t input_len;
   char *output;
   char *output;
-  char *s;
   int rc;
   int rc;
   
   
-  input = util_getword (arg, &s);
-  util_unquote (&input);
-  
   rc = gsasl_server_start (ctx, auth_type, &sess_ctx);
   rc = gsasl_server_start (ctx, auth_type, &sess_ctx);
   if (rc != GSASL_OK)
   if (rc != GSASL_OK)
     {
     {
@@ -92,18 +89,21 @@ auth_gsasl (struct imap4d_command *command,
       return 0;
       return 0;
     }
     }
 
 
-  gsasl_server_application_data_set (sess_ctx, username);
+  gsasl_callback_hook_set (ctx, username);
 
 
   output = NULL;
   output = NULL;
-  while ((rc = gsasl_step64 (sess_ctx, input, &output)) == GSASL_NEEDS_MORE)
+  while ((rc = gsasl_step64 (sess_ctx, input_str, &output))
+	   == GSASL_NEEDS_MORE)
     {
     {
       util_send ("+ %s\r\n", output);
       util_send ("+ %s\r\n", output);
-      input = imap4d_readline_ex ();
+      imap4d_getline (&input_str, &input_size, &input_len);
     }
     }
   
   
+  free (input_str);
   if (rc != GSASL_OK)
   if (rc != GSASL_OK)
     {
     {
-      mu_diag_output (MU_DIAG_NOTICE, _("GSASL error: %s"), gsasl_strerror (rc));
+      mu_diag_output (MU_DIAG_NOTICE, _("GSASL error: %s"),
+		      gsasl_strerror (rc));
       free (output);
       free (output);
       return RESP_NO;
       return RESP_NO;
     }
     }
@@ -169,133 +169,142 @@ auth_gsasl_capa_init (int disable)
   free (listmech);
   free (listmech);
 }
 }
 
 
-/* This is for DIGEST-MD5 */
+#define IMAP_GSSAPI_SERVICE "imap"
+
 static int
 static int
-cb_realm (Gsasl_session_ctx *ctx, char *out, size_t *outlen, size_t nth)
+retrieve_password (Gsasl *ctx, Gsasl_session *sctx)
 {
 {
-  char *realm = util_localname ();
+  char **username = gsasl_callback_hook_get (ctx);
+  char *authid = gsasl_property_get (sctx, GSASL_AUTHID);
   
   
-  if (nth > 0)
-    return GSASL_NO_MORE_REALMS;
+  if (username && *username == 0)
+    *username = strdup (authid);
 
 
-  if (out)
+  if (mu_gsasl_module_data.cram_md5_pwd
+      && access (mu_gsasl_module_data.cram_md5_pwd, R_OK) == 0)
+    {
+      char *key;
+      int rc = gsasl_simple_getpass (mu_gsasl_module_data.cram_md5_pwd,
+				     authid, &key);
+      if (rc == GSASL_OK)
 	{
 	{
-      if (*outlen < strlen (realm))
-	return GSASL_TOO_SMALL_BUFFER;
-      memcpy (out, realm, strlen (realm));
+	  gsasl_property_set (sctx, GSASL_PASSWORD, key);
+	  free (key);
+	  return rc;
+	}
     }
     }
   
   
-  *outlen = strlen (realm);
-
+#ifdef USE_SQL
+  if (mu_sql_module_config.password_type == password_plaintext)
+    {
+      char *passwd;
+      int status = mu_sql_getpass (*username, &passwd);
+      if (status == 0)
+	{
+	  gsasl_property_set (sctx, GSASL_PASSWORD, passwd);
+	  free (passwd);
 	  return GSASL_OK;
 	  return GSASL_OK;
+	}
+    }
+#endif
+  
+  return GSASL_AUTHENTICATION_ERROR; 
 }
 }
 
 
 static int
 static int
-cb_validate (Gsasl_session_ctx *ctx,
-	     const char *authorization_id,
-	     const char *authentication_id,
-	     const char *password)
+cb_validate (Gsasl *ctx, Gsasl_session *sctx)
 {
 {
   int rc;
   int rc;
   struct mu_auth_data *auth;
   struct mu_auth_data *auth;
-  char **username = gsasl_server_application_data_get (ctx);
+  char **username = gsasl_callback_hook_get (ctx);
+  const char *authid = gsasl_property_get (sctx, GSASL_AUTHID);
+  const char *pass = gsasl_property_get (sctx, GSASL_PASSWORD);
 
 
-  *username = strdup (authentication_id ?
-		      authentication_id : authorization_id);
+  if (!authid)
+    return GSASL_NO_AUTHID;
+  if (!pass)
+    return GSASL_NO_PASSWORD;
   
   
-  auth_data = mu_get_auth_by_name (*username);
+  *username = strdup (authid);
   
   
-  if (auth_data == NULL)
+  auth = mu_get_auth_by_name (*username);
+
+  if (auth == NULL)
     return GSASL_AUTHENTICATION_ERROR;
     return GSASL_AUTHENTICATION_ERROR;
 
 
-  rc = mu_authenticate (auth, password);
+  rc = mu_authenticate (auth, pass);
   mu_auth_data_free (auth);
   mu_auth_data_free (auth);
   
   
   return rc == 0 ? GSASL_OK : GSASL_AUTHENTICATION_ERROR;
   return rc == 0 ? GSASL_OK : GSASL_AUTHENTICATION_ERROR;
 }
 }
   
   
-#define GSSAPI_SERVICE "imap"
-
 static int
 static int
-cb_service (Gsasl_session_ctx *ctx, char *srv, size_t *srvlen,
-	    char *host, size_t *hostlen)
+callback (Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop)
 {
 {
-  char *hostname = util_localname ();
-
-  if (srv)
-    {
-      if (*srvlen < strlen (GSSAPI_SERVICE))
-       return GSASL_TOO_SMALL_BUFFER;
-
-      memcpy (srv, GSSAPI_SERVICE, strlen (GSSAPI_SERVICE));
-    }
+    int rc = GSASL_OK;
+
+    switch (prop) {
+    case GSASL_PASSWORD:
+      rc = retrieve_password (ctx, sctx);
+      break;
+      
+    case GSASL_SERVICE:
+      gsasl_property_set (sctx, prop,
+			  mu_gsasl_module_data.service ?
+			    mu_gsasl_module_data.service :IMAP_GSSAPI_SERVICE);
+      break;
+      
+    case GSASL_REALM:
+      gsasl_property_set (sctx, prop,
+			  mu_gsasl_module_data.realm ?
+			    mu_gsasl_module_data.realm : util_localname ());
+      break;
+      
+    case GSASL_HOSTNAME:
+      gsasl_property_set (sctx, prop,
+			  mu_gsasl_module_data.hostname ?
+			    mu_gsasl_module_data.hostname : util_localname ());
+      break;
+      
+#if 0
+    FIXME:
+    case GSASL_VALIDATE_EXTERNAL:
+    case GSASL_VALIDATE_SECURID:
+#endif
       
       
-  if (srvlen)
-    *srvlen = strlen (GSSAPI_SERVICE);
+    case GSASL_VALIDATE_SIMPLE:
+      rc = cb_validate (ctx, sctx);
+      break;
       
       
-  if (host)
+    case GSASL_VALIDATE_ANONYMOUS:
+      if (mu_gsasl_module_data.anon_user)
 	{
 	{
-      if (*hostlen < strlen (hostname))
-       return GSASL_TOO_SMALL_BUFFER;
-
-      memcpy (host, hostname, strlen (hostname));
+	  char **username = gsasl_callback_hook_get (ctx);
+	  mu_diag_output (MU_DIAG_INFO, _("Anonymous user %s logged in"),
+			  gsasl_property_get (sctx, GSASL_ANONYMOUS_TOKEN));
+	  *username = strdup (mu_gsasl_module_data.anon_user);
 	}
 	}
-
-  if (hostlen)
-    *hostlen = strlen (hostname);
-
-  return GSASL_OK;
-}
-
-/* This gets called when SASL mechanism EXTERNAL is invoked */
-static int
-cb_external (Gsasl_session_ctx *ctx)
-{
-  return GSASL_AUTHENTICATION_ERROR;
-}
-
-/* This gets called when SASL mechanism CRAM-MD5 or DIGEST-MD5 is invoked */
-
-static int
-cb_retrieve (Gsasl_session_ctx *ctx,
-	     const char *authentication_id,
-	     const char *authorization_id,
-	     const char *realm,
-	     char *key,
-	     size_t *keylen)
-{
-  char **username = gsasl_server_application_data_get (ctx);
-
-  if (username && *username == 0 && authentication_id)
-    *username = strdup (authentication_id);
-
-  if (mu_gsasl_module_data.cram_md5_pwd
-      && access (mu_gsasl_module_data.cram_md5_pwd, R_OK) == 0)
+      else
 	{
 	{
-      int rc = gsasl_md5pwd_get_password (mu_gsasl_module_data.cram_md5_pwd,
-					  authentication_id,
-					  key, keylen);
-      if (rc == GSASL_OK)
-	return rc;
+	  mu_diag_output (MU_DIAG_ERR,
+			  _("Attempt to log in as anonymous user denied"));
 	}
 	}
+      break;
       
       
-#ifdef USE_SQL
-  if (mu_sql_module_config.password_type == password_plaintext)
-    {
-      char *passwd;
-      int status = mu_sql_getpass (username, &passwd);
-      if (status == 0)
+    case GSASL_VALIDATE_GSSAPI:
       {
       {
-	  *keylen = strlen (passwd);
-	  if (key)
-	    memcpy (key, passwd, *keylen);
-	  free (passwd);
-	  return GSASL_OK;
+	char **username = gsasl_callback_hook_get (ctx);
+	*username = strdup (gsasl_property_get(sctx, GSASL_AUTHZID));
+	break;
       }
       }
+      
+    default:
+	rc = GSASL_NO_CALLBACK;
+	mu_error (_("Unsupported callback property %d"), prop);
+	break;
     }
     }
-#endif
 
 
-  return GSASL_AUTHENTICATION_ERROR; 
+    return rc;
 }
 }
 
 
 void
 void
@@ -310,12 +319,7 @@ auth_gsasl_init ()
 	      gsasl_strerror (rc));
 	      gsasl_strerror (rc));
     }
     }
 
 
-  gsasl_server_callback_realm_set (ctx, cb_realm);
-  gsasl_server_callback_external_set (ctx, cb_external);
-  gsasl_server_callback_validate_set (ctx, cb_validate);
-  gsasl_server_callback_service_set (ctx, cb_service);
-
-  gsasl_server_callback_retrieve_set (ctx, cb_retrieve);
+  gsasl_callback_set (ctx, callback);
   
   
   auth_gsasl_capa_init (0);
   auth_gsasl_capa_init (0);
 }
 }

@@ -110,7 +110,7 @@ imap4d_gss_userok (gss_buffer_t client_name, char *name)
 
 
 static int
 static int
 auth_gssapi (struct imap4d_command *command,
 auth_gssapi (struct imap4d_command *command,
-	     char *auth_type_unused, char *arg_unused, char **username)
+	     char *auth_type_unused, char **username)
 {
 {
   gss_buffer_desc tokbuf, outbuf;
   gss_buffer_desc tokbuf, outbuf;
   OM_uint32 maj_stat, min_stat, min_stat2;
   OM_uint32 maj_stat, min_stat, min_stat2;

@@ -130,6 +130,6 @@ imap4d_copy0 (imap4d_tokbuf_t tok, int isuid, char **err_text)
      of the text of the tagged NO response.  This gives a hint to the
      of the text of the tagged NO response.  This gives a hint to the
      client that it can attempt a CREATE command and retry the copy if
      client that it can attempt a CREATE command and retry the copy if
      the CREATE is successful.  */
      the CREATE is successful.  */
-  *err_text = "NO [TRYCREATE] failed";
-  return RESP_NONE;
+  *err_text = "[TRYCREATE] failed";
+  return RESP_NO;
 }
 }

@@ -294,7 +294,7 @@ static struct mu_cfg_param imap4d_cfg_param[] = {
   { "shared-namespace", mu_cfg_callback, NULL, 0, cb_shared,
   { "shared-namespace", mu_cfg_callback, NULL, 0, cb_shared,
     N_("Set shared namespace.  Argument is a colon-separated list "
     N_("Set shared namespace.  Argument is a colon-separated list "
        "of directories comprising the namespace.") },
        "of directories comprising the namespace.") },
-  { "login-disabled", mu_cfg_int, &login_disabled, 0, NULL,
+  { "login-disabled", mu_cfg_bool, &login_disabled, 0, NULL,
     N_("Disable LOGIN command.") },
     N_("Disable LOGIN command.") },
   { "create-home-dir", mu_cfg_bool, &create_home_dir, 0, NULL,
   { "create-home-dir", mu_cfg_bool, &create_home_dir, 0, NULL,
     N_("If true, create non-existing user home directories.") },
     N_("If true, create non-existing user home directories.") },

 /* GNU Mailutils -- a suite of utilities for electronic mail
 /* GNU Mailutils -- a suite of utilities for electronic mail
-   Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation, Inc.
+   Copyright (C) 2003, 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
 
 
    This library is free software; you can redistribute it and/or
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
    modify it under the terms of the GNU Lesser General Public
@@ -21,6 +21,10 @@
 
 
 struct mu_gsasl_module_data
 struct mu_gsasl_module_data
 {
 {
+  char *service;
+  char *realm;
+  char *hostname;
+  char *anon_user;
   char *cram_md5_pwd;
   char *cram_md5_pwd;
 };
 };
 
 

@@ -28,6 +28,19 @@ static struct mu_cfg_param mu_gsasl_param[] = {
   { "cram-passwd", mu_cfg_string, &gsasl_settings.cram_md5_pwd, 0, NULL,
   { "cram-passwd", mu_cfg_string, &gsasl_settings.cram_md5_pwd, 0, NULL,
     N_("Name of GSASL password file."),
     N_("Name of GSASL password file."),
     N_("file") },
     N_("file") },
+  { "service", mu_cfg_string, &gsasl_settings.service, 0, NULL,
+    N_("SASL service name."),
+    N_("name") },
+  { "realm", mu_cfg_string, &gsasl_settings.realm, 0, NULL,
+    N_("SASL realm name."),
+    N_("name") },
+  { "hostname", mu_cfg_string, &gsasl_settings.hostname, 0, NULL,
+    N_("SASL host name."),
+    N_("name") },
+  { "anonymous-user", mu_cfg_string, &gsasl_settings.anon_user, 0, NULL,
+    N_("Anonymous user name."),
+    N_("name") },
+
   { NULL }
   { NULL }
 };
 };