imap-send: add PLAIN authentication method to OpenSSL

The current implementation for PLAIN in imap-send works just fine
if using curl, but if attempted to use for OpenSSL, it is treated
as an invalid mechanism. The default implementation for OpenSSL is
IMAP LOGIN command rather than AUTH PLAIN. Since AUTH PLAIN is
still used today by many email providers in form of app passwords,
lets add an implementation that can use AUTH PLAIN if specified.

Signed-off-by: Aditya Garg <gargaditya08@live.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/Documentation/config/imap.adoc b/Documentation/config/imap.adoc
index 29b998d5ff85b058ef4e13cbb6cb0069e1aa1bf0..7c8b2dcce43978f93eaa90fb7ee1758bc075ccd9 100644 (file)
--- a/Documentation/config/imap.adoc
+++ b/Documentation/config/imap.adoc
@@ -40,6 +40,6 @@ imap.authMethod::
        Specify the authentication method for authenticating with the IMAP server.
        If Git was built with the NO_CURL option, or if your curl version is older
        than 7.34.0, or if you're running git-imap-send with the `--no-curl`
-       option, the only supported methods are `CRAM-MD5`, `OAUTHBEARER` and
-       `XOAUTH2`. If this is not set then `git imap-send` uses the basic IMAP
+       option, the only supported methods are `PLAIN`, `CRAM-MD5`, `OAUTHBEARER`
+       and `XOAUTH2`. If this is not set then `git imap-send` uses the basic IMAP
        plaintext `LOGIN` command.

diff --git a/imap-send.c b/imap-send.c
index 6c33318102633bc70959cb718eeb0d5e35147469..54dab627d65a740c4d92cde821400fc518017b46 100644 (file)
--- a/imap-send.c
+++ b/imap-send.c
@@ -139,6 +139,7 @@ enum CAPABILITY {
        LITERALPLUS,
        NAMESPACE,
        STARTTLS,
+       AUTH_PLAIN,
        AUTH_CRAM_MD5,
        AUTH_OAUTHBEARER,
        AUTH_XOAUTH2,
@@ -150,6 +151,7 @@ static const char *cap_list[] = {
        "LITERAL+",
        "NAMESPACE",
        "STARTTLS",
+       "AUTH=PLAIN",
        "AUTH=CRAM-MD5",
        "AUTH=OAUTHBEARER",
        "AUTH=XOAUTH2",
@@ -851,6 +853,38 @@ static char hexchar(unsigned int b)
 }
 
 #define ENCODED_SIZE(n) (4 * DIV_ROUND_UP((n), 3))
+static char *plain_base64(const char *user, const char *pass)
+{
+       struct strbuf raw = STRBUF_INIT;
+       int b64_len;
+       char *b64;
+
+       /*
+        * Compose the PLAIN string
+        *
+        * The username and password are combined to one string and base64 encoded.
+        * "\0user\0pass"
+        *
+        * The method has been described in RFC4616.
+        *
+        * https://datatracker.ietf.org/doc/html/rfc4616
+        */
+       strbuf_addch(&raw, '\0');
+       strbuf_addstr(&raw, user);
+       strbuf_addch(&raw, '\0');
+       strbuf_addstr(&raw, pass);
+
+       b64 = xmallocz(ENCODED_SIZE(raw.len));
+       b64_len = EVP_EncodeBlock((unsigned char *)b64, (unsigned char *)raw.buf, raw.len);
+       strbuf_release(&raw);
+
+       if (b64_len < 0) {
+               free(b64);
+               return NULL;
+       }
+       return b64;
+}
+
 static char *cram(const char *challenge_64, const char *user, const char *pass)
 {
        int i, resp_len, encoded_len, decoded_len;
@@ -947,6 +981,26 @@ static char *xoauth2_base64(const char *user, const char *access_token)
        return b64;
 }
 
+static int auth_plain(struct imap_store *ctx, const char *prompt UNUSED)
+{
+       int ret;
+       char *b64;
+
+       b64 = plain_base64(ctx->cfg->user, ctx->cfg->pass);
+       if (!b64)
+               return error("PLAIN: base64 encoding failed");
+
+       /* Send the base64-encoded response */
+       ret = socket_write(&ctx->imap->buf.sock, b64, strlen(b64));
+       if (ret != (int)strlen(b64)) {
+               free(b64);
+               return error("IMAP error: sending PLAIN response failed");
+       }
+
+       free(b64);
+       return 0;
+}
+
 static int auth_cram_md5(struct imap_store *ctx, const char *prompt)
 {
        int ret;
@@ -1007,6 +1061,7 @@ static int auth_xoauth2(struct imap_store *ctx, const char *prompt UNUSED)
 
 #else
 
+#define auth_plain NULL
 #define auth_cram_md5 NULL
 #define auth_oauthbearer NULL
 #define auth_xoauth2 NULL
@@ -1219,7 +1274,10 @@ static struct imap_store *imap_open_store(struct imap_server_conf *srvc, const c
                server_fill_credential(srvc, &cred);
 
                if (srvc->auth_method) {
-                       if (!strcmp(srvc->auth_method, "CRAM-MD5")) {
+                       if (!strcmp(srvc->auth_method, "PLAIN")) {
+                               if (try_auth_method(srvc, ctx, imap, "PLAIN", AUTH_PLAIN, auth_plain))
+                                       goto bail;
+                       } else if (!strcmp(srvc->auth_method, "CRAM-MD5")) {
                                if (try_auth_method(srvc, ctx, imap, "CRAM-MD5", AUTH_CRAM_MD5, auth_cram_md5))
                                        goto bail;
                        } else if (!strcmp(srvc->auth_method, "OAUTHBEARER")) {