src/imap-login/client-authenticate.c

	client-authenticate.c revision c49a19168dab6fda80aee16ad799a8a56d3bc18f
02c335c23bf5fa225a467c19f2c063fb0dc7b8c3Timo Sirainen/* Copyright (C) 2002-2004 Timo Sirainen */
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen#include "common.h"
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen#include "base64.h"
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen#include "buffer.h"
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen#include "ioloop.h"
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen#include "istream.h"
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen#include "ostream.h"
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen#include "safe-memset.h"
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen#include "str.h"
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen#include "str-sanitize.h"
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen#include "imap-parser.h"
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen#include "auth-client.h"
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen#include "client.h"
998395f6743fbecc07ee65ae08c416fa6cea9e09Teemu Huovila#include "client-authenticate.h"
af177be2664018e8074d69449b9c6a2d9741ec25Teemu Huovila
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainenconst char *client_authenticate_get_capabilities(int secured)
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen{
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    const struct auth_mech_desc *mech;
3448096d5b1cd324ed5132045de0345cd7120a25Timo Sirainen    unsigned int i, count;
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    string_t *str;
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    str = t_str_new(128);
19ed8f08b23d6ed204e6b27e5d1c0c6fe6bb11ddPhil Carmody    mech = auth_client_get_available_mechs(auth_client, &count);
19ed8f08b23d6ed204e6b27e5d1c0c6fe6bb11ddPhil Carmody    for (i = 0; i < count; i++) {
19ed8f08b23d6ed204e6b27e5d1c0c6fe6bb11ddPhil Carmody        /* a) transport is secured
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen           b) auth mechanism isn't plaintext
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen           c) we allow insecure authentication
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen                - but don't advertise AUTH=PLAIN, as RFC 2595 requires
b04e76cbc807707d299055be79500f8ff131da43Timo Sirainen        */
b04e76cbc807707d299055be79500f8ff131da43Timo Sirainen        if (mech[i].advertise &&
72c4ef3b44c50c662b37bba93b463b0caeb63a4fTimo Sirainen            (secured || !mech[i].plaintext)) {
0c5854b6891c59c1c3f443569bc823d7db571582Teemu Huovila            str_append_c(str, ' ');
19ed8f08b23d6ed204e6b27e5d1c0c6fe6bb11ddPhil Carmody            str_append(str, "AUTH=");
19ed8f08b23d6ed204e6b27e5d1c0c6fe6bb11ddPhil Carmody            str_append(str, mech[i].name);
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen        }
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen    }
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen    return str_c(str);
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen}
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainenstatic void client_auth_input(void *context)
202468f94e6c6c8b5d3d98ee74e01bb0d0bb04aaTimo Sirainen{
83172e28d4ac684dfed83f7c9db933493d7c5922Timo Sirainen    struct imap_client *client = context;
83172e28d4ac684dfed83f7c9db933493d7c5922Timo Sirainen    buffer_t *buf;
83172e28d4ac684dfed83f7c9db933493d7c5922Timo Sirainen    char *line;
83172e28d4ac684dfed83f7c9db933493d7c5922Timo Sirainen    size_t linelen, bufsize;
83172e28d4ac684dfed83f7c9db933493d7c5922Timo Sirainen
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    if (!client_read(client))
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        return;
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    if (client->skip_line) {
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        if (i_stream_next_line(client->input) == NULL)
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen            return;
3a54211bd6c4dc3f8687c16020770551cf83a548Teemu Huovila
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        client->skip_line = FALSE;
3a54211bd6c4dc3f8687c16020770551cf83a548Teemu Huovila    }
3a54211bd6c4dc3f8687c16020770551cf83a548Teemu Huovila
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    /* @UNSAFE */
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    line = i_stream_next_line(client->input);
f5c0d5cada4da23a167c38426d0c481a3e1d5583Timo Sirainen    if (line == NULL)
f5c0d5cada4da23a167c38426d0c481a3e1d5583Timo Sirainen        return;
f5c0d5cada4da23a167c38426d0c481a3e1d5583Timo Sirainen
f5c0d5cada4da23a167c38426d0c481a3e1d5583Timo Sirainen    if (strcmp(line, "*") == 0) {
f5c0d5cada4da23a167c38426d0c481a3e1d5583Timo Sirainen        sasl_server_auth_cancel(&client->common,
f5c0d5cada4da23a167c38426d0c481a3e1d5583Timo Sirainen                    "Authentication aborted");
f5c0d5cada4da23a167c38426d0c481a3e1d5583Timo Sirainen        return;
f5c0d5cada4da23a167c38426d0c481a3e1d5583Timo Sirainen    }
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen    linelen = strlen(line);
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    buf = buffer_create_static_hard(pool_datastack_create(), linelen);
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen    if (base64_decode(line, linelen, NULL, buf) < 0) {
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen        /* failed */
8b1a9a4d63b0abccdf7cb1acb8359d5396dd657bTimo Sirainen        sasl_server_auth_cancel(&client->common, "Invalid base64 data");
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    } else if (client->common.auth_request == NULL) {
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen        sasl_server_auth_cancel(&client->common,
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen                    "Don't send unrequested data");
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    } else {
8b1a9a4d63b0abccdf7cb1acb8359d5396dd657bTimo Sirainen        auth_client_request_continue(client->common.auth_request,
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen                         buf->data, buf->used);
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen    }
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen
8b1a9a4d63b0abccdf7cb1acb8359d5396dd657bTimo Sirainen    /* clear sensitive data */
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen    safe_memset(line, 0, linelen);
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen    bufsize = buffer_get_used_size(buf);
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    safe_memset(buffer_free_without_data(buf), 0, bufsize);
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen}
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainenstatic void sasl_callback(struct client *_client, enum sasl_server_reply reply,
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen              const char *data)
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen{
8b1a9a4d63b0abccdf7cb1acb8359d5396dd657bTimo Sirainen    struct imap_client *client = (struct imap_client *)_client;
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen    struct const_iovec iov[3];
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen    size_t data_len;
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen    ssize_t ret;
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen
8b1a9a4d63b0abccdf7cb1acb8359d5396dd657bTimo Sirainen    switch (reply) {
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen    case SASL_SERVER_REPLY_SUCCESS:
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen        client_send_tagline(client, "OK Logged in.");
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen        client_destroy(client, t_strconcat(
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen            "Login: ", client->common.virtual_user, NULL));
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen        break;
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen    case SASL_SERVER_REPLY_AUTH_FAILED:
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        if (data == NULL)
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen            client_send_tagline(client, "Authentication failed");
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen        else {
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen            client_send_tagline(client, t_strconcat(
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen                "NO Authentication failed: ", data, NULL));
8b1a9a4d63b0abccdf7cb1acb8359d5396dd657bTimo Sirainen        }
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen        /* get back to normal client input. */
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen        if (client->io != NULL)
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen            io_remove(client->io);
8b1a9a4d63b0abccdf7cb1acb8359d5396dd657bTimo Sirainen        client->io = io_add(client->common.fd, IO_READ,
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen                    client_input, client);
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen        break;
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen    case SASL_SERVER_REPLY_MASTER_FAILED:
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        client_send_line(client, "* BYE Internal login failure. "
0c5854b6891c59c1c3f443569bc823d7db571582Teemu Huovila                 "Error report written to server log.");
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        client_destroy(client, t_strconcat("Internal login failure: ",
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen                           client->common.virtual_user,
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen                           NULL));
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        break;
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    case SASL_SERVER_REPLY_CONTINUE:
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        data_len = strlen(data);
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        iov[0].iov_base = "+ ";
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        iov[0].iov_len = 2;
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        iov[1].iov_base = data;
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        iov[1].iov_len = data_len;
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        iov[2].iov_base = "\r\n";
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        iov[2].iov_len = 2;
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        ret = o_stream_sendv(client->output, iov, 3);
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen        if (ret < 0)
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen            client_destroy(client, "Disconnected");
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen        else if ((size_t)ret != 2 + data_len + 2)
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen            client_destroy(client, "Transmit buffer full");
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen        else {
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen            /* continue */
3448096d5b1cd324ed5132045de0345cd7120a25Timo Sirainen            return;
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen        }
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen        break;
19ed8f08b23d6ed204e6b27e5d1c0c6fe6bb11ddPhil Carmody    }
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen    client_unref(client);
78f87ea1d30f3f54bdf8560ea947ab7ee094283aTeemu Huovila}
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainenint cmd_authenticate(struct imap_client *client, struct imap_arg *args)
b04e76cbc807707d299055be79500f8ff131da43Timo Sirainen{
b04e76cbc807707d299055be79500f8ff131da43Timo Sirainen    const char *mech_name;
0c5854b6891c59c1c3f443569bc823d7db571582Teemu Huovila
0c5854b6891c59c1c3f443569bc823d7db571582Teemu Huovila    /* we want only one argument: authentication mechanism name */
0c5854b6891c59c1c3f443569bc823d7db571582Teemu Huovila    if (args[0].type != IMAP_ARG_ATOM && args[0].type != IMAP_ARG_STRING)
19ed8f08b23d6ed204e6b27e5d1c0c6fe6bb11ddPhil Carmody        return -1;
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen    if (args[1].type != IMAP_ARG_EOL)
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen        return -1;
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen    mech_name = IMAP_ARG_STR(&args[0]);
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen    if (*mech_name == '\0')
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen        return FALSE;
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen    client_ref(client);
202468f94e6c6c8b5d3d98ee74e01bb0d0bb04aaTimo Sirainen    sasl_server_auth_begin(&client->common, "IMAP", mech_name, NULL, 0,
83172e28d4ac684dfed83f7c9db933493d7c5922Timo Sirainen                   sasl_callback);
83172e28d4ac684dfed83f7c9db933493d7c5922Timo Sirainen    if (!client->common.authenticating)
83172e28d4ac684dfed83f7c9db933493d7c5922Timo Sirainen        return 1;
83172e28d4ac684dfed83f7c9db933493d7c5922Timo Sirainen
83172e28d4ac684dfed83f7c9db933493d7c5922Timo Sirainen    /* following input data will go to authentication */
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen    if (client->io != NULL)
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen        io_remove(client->io);
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    client->io = io_add(client->common.fd, IO_READ,
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen                client_auth_input, client);
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    return 0;
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen}
3a54211bd6c4dc3f8687c16020770551cf83a548Teemu Huovila
3a54211bd6c4dc3f8687c16020770551cf83a548Teemu Huovilaint cmd_login(struct imap_client *client, struct imap_arg *args)
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen{
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen    const char *user, *pass;
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen    string_t *plain_login;
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen    /* two arguments: username and password */
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    if (args[0].type != IMAP_ARG_ATOM && args[0].type != IMAP_ARG_STRING)
f5c0d5cada4da23a167c38426d0c481a3e1d5583Timo Sirainen        return -1;
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    if (args[1].type != IMAP_ARG_ATOM && args[1].type != IMAP_ARG_STRING)
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        return -1;
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen    if (args[2].type != IMAP_ARG_EOL)
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen        return -1;
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen    user = IMAP_ARG_STR(&args[0]);
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen    pass = IMAP_ARG_STR(&args[1]);
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen    if (!client->common.secured && disable_plaintext_auth) {
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen        if (verbose_auth) {
62fc0b4f07eb6f18a3bff4b1fccb636e6fae3cf4Timo Sirainen            client_syslog(&client->common, "Login failed: "
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen                      "Plaintext authentication disabled");
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen        }
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen        client_send_line(client,
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen            "* BAD [ALERT] Plaintext authentication is disabled, "
3448096d5b1cd324ed5132045de0345cd7120a25Timo Sirainen            "but your client sent password in plaintext anyway. "
fdf70410de49eadfbb77997bb60ebba19aee4752Teemu Huovila            "If anyone was listening, the password was exposed.");
fdf70410de49eadfbb77997bb60ebba19aee4752Teemu Huovila        client_send_tagline(client,
19ed8f08b23d6ed204e6b27e5d1c0c6fe6bb11ddPhil Carmody                    "NO Plaintext authentication disabled.");
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen        return 1;
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen    }
568fec5b1e629f25d288b48007485b9aa4a018b1Timo Sirainen
fdf70410de49eadfbb77997bb60ebba19aee4752Teemu Huovila    /* authorization ID \0 authentication ID \0 pass */
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen    plain_login = buffer_create_dynamic(pool_datastack_create(), 64);
b04e76cbc807707d299055be79500f8ff131da43Timo Sirainen    buffer_append_c(plain_login, '\0');
b04e76cbc807707d299055be79500f8ff131da43Timo Sirainen    buffer_append(plain_login, user, strlen(user));
0c5854b6891c59c1c3f443569bc823d7db571582Teemu Huovila    buffer_append_c(plain_login, '\0');
0c5854b6891c59c1c3f443569bc823d7db571582Teemu Huovila    buffer_append(plain_login, pass, strlen(pass));
0c5854b6891c59c1c3f443569bc823d7db571582Teemu Huovila
19ed8f08b23d6ed204e6b27e5d1c0c6fe6bb11ddPhil Carmody    client_ref(client);
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen    sasl_server_auth_begin(&client->common, "IMAP", "PLAIN",
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen                   plain_login->data, plain_login->used,
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen                   sasl_callback);
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen    if (!client->common.authenticating)
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen        return 1;
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen    /* don't read any input from client until login is finished */
b6b06530d654f0436bfbaefc1e988d53fff0cbeeTimo Sirainen    if (client->io != NULL) {
202468f94e6c6c8b5d3d98ee74e01bb0d0bb04aaTimo Sirainen        io_remove(client->io);
83172e28d4ac684dfed83f7c9db933493d7c5922Timo Sirainen        client->io = NULL;
83172e28d4ac684dfed83f7c9db933493d7c5922Timo Sirainen    }
83172e28d4ac684dfed83f7c9db933493d7c5922Timo Sirainen
83172e28d4ac684dfed83f7c9db933493d7c5922Timo Sirainen    return 0;
83172e28d4ac684dfed83f7c9db933493d7c5922Timo Sirainen}
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen