aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric S. Raymond <esr@thyrsus.com>1997-07-17 20:54:32 +0000
committerEric S. Raymond <esr@thyrsus.com>1997-07-17 20:54:32 +0000
commit5b6b38cbd82468ac720d25b1889f63f4251bf4db (patch)
treed12e69b8843a9388be9793b4ba32caa6d35f3c61
parent7b413aaa538cb43e69f954e2c7ee6a19951a48c8 (diff)
downloadfetchmail-5b6b38cbd82468ac720d25b1889f63f4251bf4db.tar.gz
fetchmail-5b6b38cbd82468ac720d25b1889f63f4251bf4db.tar.bz2
fetchmail-5b6b38cbd82468ac720d25b1889f63f4251bf4db.zip
First round of changes for OPIE support.
svn path=/trunk/; revision=1173
-rw-r--r--INSTALL29
-rw-r--r--Makefile.in5
-rw-r--r--NEWS9
-rw-r--r--README9
-rw-r--r--configure.in1
-rw-r--r--design-notes.html1
-rw-r--r--fetchmail.man32
-rw-r--r--pop3.c41
8 files changed, 99 insertions, 28 deletions
diff --git a/INSTALL b/INSTALL
index 55737d31..eaafb6f8 100644
--- a/INSTALL
+++ b/INSTALL
@@ -1,6 +1,6 @@
INSTALL Instructions for fetchmail
-If you have installed binaries (e.g. from an RPM) you can skip to step 4.
+If you have installed binaries (e.g. from an RPM) you can skip to step 5.
If you are a Linux system packager, be aware that the build process generates
an RPM spec file at fetchmail.spec, and you can "make rpm" to generate an
@@ -10,7 +10,20 @@ The Frequently Asked Questions list, included as the file FAQ in this
distributions, answers the most common questions about configuring and
running fetchmail.
-1. CONFIGURE
+1. USEFUL THINGS TO INSTALL FIRST
+
+If you want support for RFC1938-compliant one-time passwords, you'll
+need to install Craig Metz's OPIE libraries first. The fetchmail
+build process will detect them and configure appropriately.
+
+Note: there is no point in doing this unless your server is
+OTP-enabled. To test this, telnet to the server port and give it
+a valid USER id. If the OK response includes the string "otp-",
+you should install OPIE.
+
+The OPIE library sources are available at ftp://ftp.inner.net/pub/opie.
+
+2. CONFIGURE
Installing fetchmail is easy. From within this directory, type:
@@ -50,7 +63,7 @@ If you're running QNX, edit the distributed Makefile directly. The
QNX values for various macros are there but commented out; all you
have to do is uncomment them.
-2. MAKE
+3. MAKE
You may find you need flex at version 2.5.3 or greater to build
fetchmail. The stock lex distributed with some versions of Linux does
@@ -63,7 +76,7 @@ Run
This should compile fetchmail for your system.
-3. INSTALL
+4. INSTALL
Lastly, become root and run
@@ -77,14 +90,14 @@ NOTE: If you are using an MTA other than sendmail (such as qmail,
exim, or smail), see the FAQ (section T) for discussion of any special
configuration steps that may be necessary.
-4. SET UP A RUN CONTROL FILE
+5. SET UP A RUN CONTROL FILE
See the man page and the file sample.rcfile for a description of how to
configure your individual preferences.
If you're upgrading from popclient, see question F4 in the FAQ file.
-5. TEST
+6. TEST
I strongly recommend that your first fetchmail run use the -v and -k
options, in case there is something not quite right with your server,
@@ -96,11 +109,11 @@ freeware POP3 servers; also with the IMAP2bis and IMAP4 servers that are
distributed with Pine from the University of Washington. This covers
all the servers normally hosted on Linux and *BSD systems.
-6. REPORTING BUGS
+7. REPORTING BUGS
You should read the FAQ file question G3 before reporting a bug.
-7. USE IT
+8. USE IT
Once you've verified your configuration, you can start fetchmail to
run in background and forget about it. Enjoy!
diff --git a/Makefile.in b/Makefile.in
index 5445622f..8ab9c207 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -3,7 +3,7 @@
# If you're running QNX, we can't assume a working autoconf.
# So just uncomment all the lines marked QNX.
-VERS=4.0.1
+VERS=4.0.2
# Ultrix 2.2 make doesn't expand the value of VPATH.
srcdir = @srcdir@
@@ -147,7 +147,8 @@ distclean: clean
-rm -f fetchmail.log fetchmail.toc fetchmail.*aux
realclean: distclean # fetchmail.info*
- rm -f FAQ FEATURES
+ rm -f FAQ FEATURES NOTES \
+ MANIFEST config.cache config.log configure Makefile
mostlyclean: clean
diff --git a/NEWS b/NEWS
index 48bbda6f..11076535 100644
--- a/NEWS
+++ b/NEWS
@@ -15,14 +15,19 @@
Release Notes:
------------------------------------------------------------------------------
-fetchmail-4.0.1 (Wed Jul 16 14:32:08 EDT 1997)
+fetchmail 4.0.2 ()
+* Experimental RFC1938 one-time password support using OPIE library,
+ courtesy of Craig Metz <cmetz@inner.net> (couthor of RFC1938).
-(Minor cleanup release for non-Linux systems.)
+Private release to Craig Metz only for OPIE testing.
+There are 251 people on the fetchmail-friends list.
+fetchmail-4.0.1 (Wed Jul 16 14:32:08 EDT 1997)
* Compilation cleanup for DEC Unix 4.0 and AIX.
* Corrected the machinery for remote builds.
* Minor improvements in failed-connection error messages.
+A minor cleanup release for non-Linux systems.
There are 254 people on the fetchmail-friends list.
------------------------------------------------------------------------------
diff --git a/README b/README
index 77bd35d8..fdd70467 100644
--- a/README
+++ b/README
@@ -2,13 +2,16 @@
fetchmail is a free, full-featured, robust, well-documented remote
mail retrieval and forwarding utility intended to be used over
-on-demand TCP/IP links (such as SLIP or PPP connections). It supports
-POP2, POP3, RPOP, APOP, KPOP, all flavors of IMAP (including IMAP4rev1
-with RFC1731 Kerberos v4 authentication), and ESMTP ETRN. It
+on-demand TCP/IP links (such as SLIP or PPP connections). It
retrieves mail from remote mail servers and forwards it to your local
(client) machine's delivery system, so it can then be be read by
normal mail user agents such as elm(1) or Mail(1).
+fetchmail supports standard all mail-retrieval protocols in use on the
+Internet: POP2, POP3 (including POP3 with RFC1938 one-time passwords),
+RPOP, APOP, KPOP, all flavors of IMAP (including IMAP4rev1 with
+RFC1731 Kerberos v4 authentication), and ESMTP ETRN.
+
The fetchmail code was developed under Linux, but has also been
extensively tested under 4.4BSD, AIX, Solaris and NEXTSTEP. It should be
readily portable to other Unix variants (it uses GNU autoconf). It
diff --git a/configure.in b/configure.in
index 5939a046..241140d7 100644
--- a/configure.in
+++ b/configure.in
@@ -34,6 +34,7 @@ AC_SUBST(LIBOBJS)
AC_CHECK_LIB(nsl,inet_addr)
AC_CHECK_LIB(socket,socket)
AC_CHECK_LIB(inet,socket)
+AC_CHECK_LIB(opie,opiegenerator)
AC_CHECK_FUNC(strstr, AC_DEFINE(HAVE_STRSTR),
[EXTRASRC="$EXTRASRC \$(srcdir)/strstr.c"
diff --git a/design-notes.html b/design-notes.html
index 8b08efe8..134f0066 100644
--- a/design-notes.html
+++ b/design-notes.html
@@ -368,6 +368,7 @@ all shaped the design in one way or another.<P>
<DT>RFC1891<DD> SMTP Service Extension for Delivery Status Notifications
<DT>RFC1893<DD> Enhanced Mail System Status Codes
<DT>RFC1894<DD> An Extensible Message Format for Delivery Status Notifications
+<DT>RFC1938<DD> A One-Time Password System
<DT>RFC1939<DD> Post Office Protocol - Version 3
<DT>RFC1985<DD> SMTP Service Extension for Remote Message Queue Starting
<DT>RFC2060<DD> Internet Message Access Protocol - Version 4rev1
diff --git a/fetchmail.man b/fetchmail.man
index 964beb4c..e2b4ce62 100644
--- a/fetchmail.man
+++ b/fetchmail.man
@@ -421,8 +421,13 @@ Kerberos preauthentication (either with --auth or the \fI.fetchmailrc\fR
option \fBauthenticate kerberos_v4\fR) it will try to get a Kerberos
ticket from the mailserver at the start of each query.
.PP
-If you use IMAP-K4 the code will expect the IMAP server to have
-RFC1731-conformant AUTHENTICATE KERBEROS_V4 capability.
+If you use IMAP-K4, \fIfetchmail\fR will expect the IMAP server to have
+RFC1731-conformant AUTHENTICATE KERBEROS_V4 capability, and will use it.
+.PP
+If you are using POP3, and the server issues a one-time-password
+challenge conforming to RFC1938, \fIfetchmail\fR will use your
+password as a pass phrase to generate the required response. This
+avoids sending secrets over the net unencrypted.
.SH DAEMON MODE
The
@@ -1162,16 +1167,16 @@ The RFC822 parser used in multidrop mode chokes on some @-addresses that
are technically legal but bizarre. Strange uses of quoting and
embedded comments are likely to confuse it.
.PP
-Use of any of the supported protocols other than APOP, KPOP, IMAP-K4,
-or ETRN requires that the program send unencrypted passwords over the
-TCP/IP connection to the mailserver. This creates a risk that
-name/password pairs might be snaffled with a packet sniffer or more
-sophisticated monitoring software. Under Linux, the --interface
-option can be used to restrict polling to availability of a specific
-interface device with a specific local IP address, but snooping is
-still possible if (a) either host has a network device that can be
-opened in promiscuous mode, or (b) the intervening network link can be
-tapped.
+Use of any of the supported protocols other than POP3 with OTP, APOP,
+KPOP, IMAP-K4, or ETRN requires that the program send unencrypted
+passwords over the TCP/IP connection to the mailserver. This creates
+a risk that name/password pairs might be snaffled with a packet
+sniffer or more sophisticated monitoring software. Under Linux, the
+--interface option can be used to restrict polling to availability of
+a specific interface device with a specific local IP address, but
+snooping is still possible if (a) either host has a network device
+that can be opened in promiscuous mode, or (b) the intervening network
+link can be tapped.
.PP
Send comments, bug reports, gripes, and the like to Eric S. Raymond
<esr@thyrsus.com>. An HTML FAQ is available at the fetchmail home
@@ -1208,3 +1213,6 @@ RFC 1730, RFC 1731, RFC 1732, RFC 2060, RFC 2061
.TP 5
ETRN:
RFC 1985
+.TP 5
+OTP:
+RFC 1938
diff --git a/pop3.c b/pop3.c
index fdd87539..edc99110 100644
--- a/pop3.c
+++ b/pop3.c
@@ -19,6 +19,10 @@
#include "fetchmail.h"
#include "socket.h"
+#if HAVE_LIBOPIE
+#include <opie.h>
+#endif /* HAVE_LIBOPIE */
+
#define PROTOCOL_ERROR {error(0, 0, "protocol error"); return(PS_ERROR);}
#define LOCKBUSY_ERROR {error(0, 0, "lock busy! Is another session active?"); return(PS_LOCKBUSY);}
@@ -27,6 +31,10 @@ extern char *strstr(); /* needed on sysV68 R3V7.1. */
static int last;
+#if HAVE_LIBOPIE
+static char lastok[POPBUFSIZE+1];
+#endif /* HAVE_LIBOPIE */
+
int pop3_ok (int sock, char *argbuf)
/* parse command response */
{
@@ -47,7 +55,12 @@ int pop3_ok (int sock, char *argbuf)
*(bufp++) = '\0';
if (strcmp(buf,"+OK") == 0)
+ {
+#if HAVE_LIBOPIE
+ strcpy(lastok, bufp);
+#endif /* HAVE_LIBOPIE */
ok = 0;
+ }
else if (strcmp(buf,"-ERR") == 0)
{
/*
@@ -79,6 +92,9 @@ int pop3_getauth(int sock, struct query *ctl, char *greeting)
/* apply for connection authorization */
{
int ok;
+#if HAVE_LIBOPIE
+ char *challenge;
+#endif /* HAVE_LIBOPIE */
/* build MD5 digest from greeting timestamp + password */
if (ctl->server.protocol == P_APOP)
@@ -118,7 +134,30 @@ int pop3_getauth(int sock, struct query *ctl, char *greeting)
if ((gen_transact(sock, "USER %s", ctl->remotename)) != 0)
PROTOCOL_ERROR
- if ((ok = gen_transact(sock, "PASS %s", ctl->password)) != 0)
+#ifdef HAVE_LIBOPIE
+ /* see RFC1938: A One-Time Password System */
+ if (challenge = strstr(lastok, "otp-"))
+ {
+ char response[OPIE_RESPONSE_MAX+1];
+
+ if (ctl->password && !strcmp(ctl->password, "opie"))
+ {
+ if (ok = opiegenerator(challenge, "", response))
+ if (ok != 2)
+ PROTOCOL_ERROR
+ }
+ else if (opiegenerator(challenge, ctl->password, response))
+ PROTOCOL_ERROR
+
+ ok = gen_transact(sock, "PASS %s", response);
+ }
+ else
+#else
+ /* ordinary validation, no one-time password */
+ ok = gen_transact(sock, "PASS %s", ctl->password);
+#endif /* HAVE_LIBOPIE */
+
+ if (ok != 0)
{
if (ok == PS_LOCKBUSY)
LOCKBUSY_ERROR