This is the v1 version, had the v2 before.

2025-05-01 12:02:19 +03:00
parent bcc3f95e8e
commit 0e253ba422
130 changed files with 18061 additions and 2179 deletions
--- a/commands/authenticate.go
+++ b/commands/authenticate.go
@@ -0,0 +1,124 @@
+package commands
+
+import (
+	"bufio"
+	"encoding/base64"
+	"errors"
+	"io"
+	"strings"
+
+	"github.com/emersion/go-imap"
+	"github.com/emersion/go-sasl"
+)
+
+// AuthenticateConn is a connection that supports IMAP authentication.
+type AuthenticateConn interface {
+	io.Reader
+
+	// WriteResp writes an IMAP response to this connection.
+	WriteResp(res imap.WriterTo) error
+}
+
+// Authenticate is an AUTHENTICATE command, as defined in RFC 3501 section
+// 6.2.2.
+type Authenticate struct {
+	Mechanism       string
+	InitialResponse []byte
+}
+
+func (cmd *Authenticate) Command() *imap.Command {
+	args := []interface{}{imap.RawString(cmd.Mechanism)}
+	if cmd.InitialResponse != nil {
+		var encodedResponse string
+		if len(cmd.InitialResponse) == 0 {
+			// Empty initial response should be encoded as "=", not empty
+			// string.
+			encodedResponse = "="
+		} else {
+			encodedResponse = base64.StdEncoding.EncodeToString(cmd.InitialResponse)
+		}
+
+		args = append(args, imap.RawString(encodedResponse))
+	}
+	return &imap.Command{
+		Name:      "AUTHENTICATE",
+		Arguments: args,
+	}
+}
+
+func (cmd *Authenticate) Parse(fields []interface{}) error {
+	if len(fields) < 1 {
+		return errors.New("Not enough arguments")
+	}
+
+	var ok bool
+	if cmd.Mechanism, ok = fields[0].(string); !ok {
+		return errors.New("Mechanism must be a string")
+	}
+	cmd.Mechanism = strings.ToUpper(cmd.Mechanism)
+
+	if len(fields) != 2 {
+		return nil
+	}
+
+	encodedResponse, ok := fields[1].(string)
+	if !ok {
+		return errors.New("Initial response must be a string")
+	}
+	if encodedResponse == "=" {
+		cmd.InitialResponse = []byte{}
+		return nil
+	}
+
+	var err error
+	cmd.InitialResponse, err = base64.StdEncoding.DecodeString(encodedResponse)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (cmd *Authenticate) Handle(mechanisms map[string]sasl.Server, conn AuthenticateConn) error {
+	sasl, ok := mechanisms[cmd.Mechanism]
+	if !ok {
+		return errors.New("Unsupported mechanism")
+	}
+
+	scanner := bufio.NewScanner(conn)
+
+	response := cmd.InitialResponse
+	for {
+		challenge, done, err := sasl.Next(response)
+		if err != nil || done {
+			return err
+		}
+
+		encoded := base64.StdEncoding.EncodeToString(challenge)
+		cont := &imap.ContinuationReq{Info: encoded}
+		if err := conn.WriteResp(cont); err != nil {
+			return err
+		}
+
+		if !scanner.Scan() {
+			if err := scanner.Err(); err != nil {
+				return err
+			}
+			return errors.New("unexpected EOF")
+		}
+
+		encoded = scanner.Text()
+		if encoded != "" {
+			if encoded == "*" {
+				return &imap.ErrStatusResp{Resp: &imap.StatusResp{
+					Type: imap.StatusRespBad,
+					Info: "negotiation cancelled",
+				}}
+			}
+			response, err = base64.StdEncoding.DecodeString(encoded)
+			if err != nil {
+				return err
+			}
+		}
+	}
+}