Caseblind comparison of names, more explicitness about Kerberos.

svn path=/trunk/; revision=988

12 files changed, 94 insertions, 50 deletions

diff --git a/NEWS b/NEWS
index ff1accac..fb7c28cf 100644
--- a/NEWS
+++ b/NEWS
@@ -14,9 +14,8 @@ every user entry in a multi-user poll declaration.
   technically RFC822 legal. The general problem is mentioned on the man page.
 
 * fetchmail has been reported to break when processing 0-length (bodyless)
-  messages retrieved via IMAP.  It is not clear whether this is a fetchmail
-  bug or a glitch in some specific IMAP server.  (Such messages are sometimes 
-  issued by the INN suite as status notifications.)
+  messages retrieved via IMAP.  (Such messages are sometimes issued by the
+  INN suite as status notifications.)
 
 * Dave Holland <dave@zenda.demon.co.uk> thinks it's a misfeature that
   --fetchall overrides --limit.  He may have a point.   Perhaps I should
@@ -30,8 +29,11 @@ every user entry in a multi-user poll declaration.
 pl 3.9.4 ():
 * Fixed a compilation glitch for systems like SunOS & others without atexit(3).
 * Fixed a compilation glitch in daemonize for HP-UX.
+* Changes to compile correctly on systems that have on_exit() but not atexit().
+* Changes to forbid duplicate server names in the rc file.
+* Do caseblind comparisons of host and user names everywhere.
 
-------------------------------------------------------------------------------
+There are 239 people on the fetchmail-friends list.
 
 pl 3.9.3 (Wed May  7 11:40:47 EDT 1997):
 * Fix for -I option from George Sipe.
@@ -177,7 +179,7 @@ bugs --
 * The counter referred to by the batchlimit option used to count not only 
   fetched messages but skipped ones.  This has been fixed.
 
-* Compilation fixes for Kerberos support and GNU glibc2 support.
+* Compilation fixes for Kerberos V4 support and GNU glibc2 support.
 
 There are 230 people on the fetchmail-friends list.
 
@@ -540,7 +542,7 @@ features --
 
 bugs --
 
-* Nalin Dahyabhai's fix patch for MIT Kerberos support.
+* Nalin Dahyabhai's fix patch for MIT Kerberos V4 support.
 
 * Fixed a fencepost error in the APOP code that was causing a core dump.
 
@@ -642,7 +644,7 @@ features --
   who forced us to this with RFC1725, but thank Al Longyear <longyear@sii.com>
   for fixing and verifying my slightly buggy implementation.
 
-* Kerberos support ditto.  Thanks to Chris Hanson <cph@martigny.mit.edu>
+* Kerberos V4 support ditto.  Thanks to Chris Hanson <cph@martigny.mit.edu>
   for this feature.
 
 * When there's a daemon fetchmail in background, running fetchmail in
@@ -713,7 +715,7 @@ features --
 
 * Linux packagers: building fetchmail now generates an RPM specfile for it.
 
-* Kerberos support via KPOP protocol (thanks to Chris Hanson).
+* Kerberos V4 support via KPOP protocol (thanks to Chris Hanson).
 
 * New --check option for asking server whether there is mail without
   actually retrieving or deleting it.
diff --git a/README b/README
index 02626f47..966c71c2 100644
--- a/README
+++ b/README
@@ -48,7 +48,7 @@ Since 2.0:
 
 	**  Support POP2, APOP, RPOP, IMAP2, IMAP2bis, IMAP3, IMAP4, IMAP4rev1.
 
-	** Support for Kerberos user authentication (either MIT or Cygnus).
+	** Support for Kerberos V4 user authentication (either MIT or Cygnus).
 
 	** Host is auto-probed for a working server if no protocol is
 	   specified for the connection.  Thus you don't need to know
diff --git a/driver.c b/driver.c
index d92bc10b..21add42b 100644
--- a/driver.c
+++ b/driver.c
@@ -1168,9 +1168,9 @@ const struct method *proto;	/* protocol method table */
     void (*sigsave)();
 
 #ifndef KERBEROS_V4
-    if (ctl->server.authenticate == A_KERBEROS)
+    if (ctl->server.authenticate == A_KERBEROS_V4)
     {
-	error(0, -1, "Kerberos support not linked.");
+	error(0, -1, "Kerberos V4 support not linked.");
 	return(PS_ERROR);
     }
 #endif /* KERBEROS_V4 */
@@ -1245,7 +1245,7 @@ const struct method *proto;	/* protocol method table */
 	}
 
 #ifdef KERBEROS_V4
-	if (ctl->server.authenticate == A_KERBEROS)
+	if (ctl->server.authenticate == A_KERBEROS_V4)
 	{
 	    ok = kerberos_auth(fileno(sockfp), ctl->server.canonical_name);
  	    if (ok != 0)
diff --git a/fetchmail.c b/fetchmail.c
index 152b7f28..c311bad0 100644
--- a/fetchmail.c
+++ b/fetchmail.c
@@ -300,7 +300,7 @@ int main (int argc, char **argv)
     for (ctl = querylist; ctl; ctl = ctl->next)
 	if (ctl->active && !(implicitmode && ctl->server.skip) && !ctl->password)
 	{
-	    if (ctl->server.authenticate == A_KERBEROS)
+	    if (ctl->server.authenticate == A_KERBEROS_V4)
 		/* Server won't care what the password is, but there
 		   must be some non-null string here.  */
 		ctl->password = ctl->remotename;
@@ -402,7 +402,7 @@ int main (int argc, char **argv)
 		 * as a probe to make sure our nameserver is still up.
 		 * The multidrop case (especially) needs it.
 		 */
-		if (ctl->server.authenticate == A_KERBEROS || MULTIDROP(ctl))
+		if (ctl->server.authenticate==A_KERBEROS_V4 || MULTIDROP(ctl))
 		{
 		    struct hostent	*namerec;
 
@@ -823,7 +823,7 @@ void dump_params (struct query *ctl)
 	    printf("  Password = '%s'.\n", visbuf(ctl->password));
     if (ctl->server.protocol == P_POP3 
 		&& ctl->server.port == KPOP_PORT
-		&& ctl->server.authenticate == A_KERBEROS)
+		&& ctl->server.authenticate == A_KERBEROS_V4)
 	printf("  Protocol is KPOP");
     else
 	printf("  Protocol is %s", showproto(ctl->server.protocol));
@@ -835,8 +835,8 @@ void dump_params (struct query *ctl)
 	printf(" (forcing UIDL use)");
     putchar('.');
     putchar('\n');
-    if (ctl->server.authenticate == A_KERBEROS)
-	    printf("  Kerberos authentication enabled.\n");
+    if (ctl->server.authenticate == A_KERBEROS_V4)
+	    printf("  Kerberos V4 preauthentication enabled.\n");
     printf("  Server nonresponse timeout is %d seconds", ctl->server.timeout);
     if (ctl->server.timeout ==  CLIENT_TIMEOUT)
 	printf(" (default).\n");
diff --git a/fetchmail.h b/fetchmail.h
index 4680bfe3..10597a6a 100644
--- a/fetchmail.h
+++ b/fetchmail.h
@@ -14,8 +14,8 @@
 #define		KPOP_PORT	1109
 
 /* authentication types */
-#define		A_PASSWORD	0	/* passwords in cleartext */
-#define		A_KERBEROS	1	/* get Kerberos V4 ticket */
+#define		A_PASSWORD	0	/* password or inline authentication */
+#define		A_KERBEROS_V4	1	/* preauthenticate w/ Kerberos V4 */
 
 /* definitions for buffer sizes -- somewhat arbitrary */
 #define		POPBUFSIZE	512	/* per RFC 937 */
diff --git a/fetchmail.man b/fetchmail.man
index 8fed9e09..ae5cc972 100644
--- a/fetchmail.man
+++ b/fetchmail.man
@@ -139,7 +139,7 @@ Use POP3 with MD5 authentication.
 .IP RPOP
 Use POP3 with RPOP authentication.
 .IP KPOP
-Use POP3 with Kerberos authentication on port 1109.
+Use POP3 with Kerberos V4 authentication on port 1109.
 .IP IMAP
 IMAP2bis, IMAP4, or IMAP4rev1 (\fIfetchmail\fR autodetects their capabilities).
 .IP ETRN
@@ -258,11 +258,12 @@ no other activity has occurred on the link, then the poll will be
 skipped.  This option is currently only supported under Linux.
 .TP
 .B \-A, --auth
-This option permits you to specify an authentication type (see USER
+This option permits you to specify a preauthentication type (see USER
 AUTHENTICATION below for details).  The possible values are
-\&`\fBpassword\fR' and `\fBkerberos\fR'.  This option is provided
+\&`\fBpassword\fR' and `\fBkerberos\fR' (or, for excruciating
+exactness, `\fBkerberos_v4\fR').  This option is provided
 primarily for developers; choosing KPOP protocol automatically selects
-Kerberos authentication, and all other alternatives use ordinary
+Kerberos preauthentication, and all other alternatives use ordinary
 password authentication (though APOP uses a generated one-time
 key as the password).
 This option does not work with ETRN.
@@ -385,8 +386,8 @@ the server greeting time to the server, which can verify it by
 checking its authorization database. 
 .PP
 If your \fIfetchmail\fR was built with Kerberos support and you specify 
-Kerberos authentication (either with --auth or the \fI.fetchmailrc\fR
-option \fBauthenticate kerberos\fR) it will try to get a Kerberos
+Kerberos preauthentication (either with --auth or the \fI.fetchmailrc\fR
+option \fBauthenticate kerberos_v4\fR) it will try to get a Kerberos
 ticket from the mailserver at the start of each query. 
 
 .SH DAEMON MODE
@@ -730,7 +731,7 @@ as in APOP); the second tells \fIfetchmail\fR to try to get a Kerberos
 ticket at the start of each query instead, and send an arbitrary
 string as the password.
 .PP
-Specifying `kpop' sets POP3 protocol over port 1109 with Kerberos
+Specifying `kpop' sets POP3 protocol over port 1109 with Kerberos V4
 authentication.  These defaults may be overridden by later options.
 .PP
 You can use the noise keywords `and', `with',
diff --git a/options.c b/options.c
index f9a8c02a..2a5f91c8 100644
--- a/options.c
+++ b/options.c
@@ -186,7 +186,7 @@ struct query *ctl;	/* option record to be initialized */
 	    {
 		ctl->server.protocol = P_POP3;
 		ctl->server.port = KPOP_PORT;
-		ctl->server.authenticate =  A_KERBEROS;
+		ctl->server.authenticate =  A_KERBEROS_V4;
 	    }
 	    else if (strcasecmp(optarg,"etrn") == 0)
 		ctl->server.protocol = P_ETRN;
@@ -208,7 +208,9 @@ struct query *ctl;	/* option record to be initialized */
 	    if (strcmp(optarg, "password") == 0)
 		ctl->server.authenticate = A_PASSWORD;
 	    else if (strcmp(optarg, "kerberos") == 0)
-		ctl->server.authenticate = A_KERBEROS;
+		ctl->server.authenticate = A_KERBEROS_V4;
+	    else if (strcmp(optarg, "kerberos_v4") == 0)
+		ctl->server.authenticate = A_KERBEROS_V4;
 	    else {
 		fprintf(stderr,"Invalid authentication `%s' specified.\n", optarg);
 		errflag++;
diff --git a/rcfile_l.l b/rcfile_l.l
index 9d36b41e..a23e4dc0 100644
--- a/rcfile_l.l
+++ b/rcfile_l.l
@@ -34,7 +34,8 @@ local(domains)	{ return LOCALDOMAINS; }
 proto(col)? 	{ return PROTOCOL; }
 port		{ return PORT; }
 auth(enticate)?	{ return AUTHENTICATE; }
-kerberos	{ return KERBEROS; }
+kerberos_v4	{ return KERBEROS_V4; }
+kerberos	{ return KERBEROS_V4; }
 timeout		{ return TIMEOUT;}
 envelope	{ return ENVELOPE; }
 
diff --git a/rcfile_y.y b/rcfile_y.y
index 28ca4c8e..2b5bd871 100644
--- a/rcfile_y.y
+++ b/rcfile_y.y
@@ -32,6 +32,7 @@ static int prc_errflag;
 
 static void record_current();
 static void user_reset();
+static int reset_server(char *name, int skip);
 %}
 
 %union {
@@ -41,7 +42,7 @@ static void user_reset();
 }
 
 %token DEFAULTS POLL SKIP AKA LOCALDOMAINS PROTOCOL
-%token AUTHENTICATE TIMEOUT KPOP KERBEROS
+%token AUTHENTICATE TIMEOUT KPOP KERBEROS_V4
 %token ENVELOPE USERNAME PASSWORD FOLDER SMTPHOST MDA PRECONNECT LIMIT
 %token IS HERE THERE TO MAP WILDCARD
 %token SET BATCHLIMIT FETCHLIMIT LOGFILE DAEMON INTERFACE MONITOR
@@ -74,14 +75,27 @@ statement	: SET LOGFILE MAP STRING	{logfile = xstrdup($4);}
 		| define_server serverspecs userspecs
 		;
 
-define_server	: POLL STRING	{memset(&current,'\0',sizeof(current));
-					save_str(&current.server.names, -1,$2);
-					current.server.skip = FALSE;}
-		| SKIP STRING	{memset(&current,'\0',sizeof(current));
-					save_str(&current.server.names, -1,$2);
-					current.server.skip = TRUE;}
-		| DEFAULTS	{memset(&current,'\0',sizeof(current));
-					save_str(&current.server.names, -1,"defaults");}
+define_server	: POLL STRING	{
+    				    if (!reset_server($2, FALSE))
+				    {
+					yyerror("duplicate entry name not allowed");
+					YYERROR;
+				    }
+				}
+		| SKIP STRING	{
+    				    if (!reset_server($2, TRUE))
+				    {
+					yyerror("duplicate entry name not allowed");
+					YYERROR;
+				    }
+				}
+		| DEFAULTS	{
+    				    if (!reset_server("defaults", FALSE))
+				    {
+					yyerror("can't have two default entries");
+					YYERROR;
+				    }
+				}
   		;
 
 serverspecs	: /* EMPTY */
@@ -101,14 +115,14 @@ serv_option	: AKA alias_list
 		| PROTOCOL PROTO	{current.server.protocol = $2;}
 		| PROTOCOL KPOP		{
 					    current.server.protocol = P_POP3;
-		    			    current.server.authenticate = A_KERBEROS;
+		    			    current.server.authenticate = A_KERBEROS_V4;
 					    current.server.port = KPOP_PORT;
 					}
 		| UIDL			{current.server.uidl = FLAG_TRUE;}
 		| NO UIDL		{current.server.uidl  = FLAG_FALSE;}
 		| PORT NUMBER		{current.server.port = $2;}
 		| AUTHENTICATE PASSWORD	{current.server.authenticate = A_PASSWORD;}
-		| AUTHENTICATE KERBEROS	{current.server.authenticate = A_KERBEROS;}
+		| AUTHENTICATE KERBEROS_V4	{current.server.authenticate = A_KERBEROS_V4;}
 		| TIMEOUT NUMBER	{current.server.timeout = $2;}
 		| ENVELOPE STRING	{current.server.envelope = xstrdup($2);}
 		| INTERFACE STRING	{
@@ -303,6 +317,23 @@ const char *pathname;		/* pathname for the configuration file */
 	return(0);
 }
 
+static int reset_server(char *name, int skip)
+/* clear the entire global record and initialize it with a new name */
+{
+    struct query *ctl;
+
+    /* don't allow name collisions, this screws up the data structures */
+    for (ctl = querylist; ctl; ctl = ctl->next)
+	if (strcmp(name, ctl->server.names->id) == 0)
+	    return(FALSE);
+
+    memset(&current,'\0',sizeof(current));
+    save_str(&current.server.names, -1, name);
+    current.server.skip = skip;
+    return(TRUE);
+}
+
+
 static void user_reset(void)
 /* clear the global current record (server parameters) used by the parser */
 {
diff --git a/report.c b/report.c
index 1e653646..f5c2110d 100644
--- a/report.c
+++ b/report.c
@@ -224,8 +224,15 @@ error (status, errnum, message, va_alist)
       fprintf (stderr, message, a1, a2, a3, a4, a5, a6, a7, a8);
 #endif
 
-      if (errnum)
-	fprintf (stderr, ": %s", strerror (errnum));
+      if (errnum) {
+	char *tmps = strerror(errnum);
+	if (tmps) {
+	  fprintf (stderr, ": %s", tmps);
+	}
+	else {
+	  fprintf (stderr, ": Error %d", errnum);
+	}
+      }
       putc ('\n', stderr);
       fflush (stderr);
     }
diff --git a/sample.rcfile b/sample.rcfile
index ade59267..209242f6 100644
--- a/sample.rcfile
+++ b/sample.rcfile
@@ -2,7 +2,7 @@
 #
 # This file (or one of your own creation, rather) should be located 
 # in your home directory with the name .fetchmailrc.  Permissions on this
-# file may be no greater than -rw-------, or fetchmail will refuse to
+# file may be no greater than -rw------- (0600), or fetchmail will refuse to
 # use it.
 #
 # To see what effect your ~/.fetchmailrc file has, do 
diff --git a/uid.c b/uid.c
index bcce0d5d..e6fa1b26 100644
--- a/uid.c
+++ b/uid.c
@@ -23,9 +23,7 @@
  * Machinery for handling UID lists live here.  This is mainly to support
  * RFC1725-conformant POP3 servers without a LAST command, but may also be
  * useful for making the IMAP4 querying logic UID-oriented, if a future
- * revision of IMAP forces me to.  (This would be bad.  Server-side 
- * seen bits are better than UIDs, because they track messages seen by
- * *all* clients.)
+ * revision of IMAP forces me to.
  *
  * Here's the theory:
  *
@@ -57,6 +55,8 @@
  * At the end of the fetchmail run, all current `oldsaved' lists are
  * flushed out to the .fetchids file to be picked up by the next run.
  * If there are no such messages, the file is deleted.
+ *
+ * Note: all comparisons are caseblind!
  */
 
 /* UIDs associated with un-queried hosts */
@@ -84,8 +84,8 @@ void initialize_saved_lists(struct query *hostlist, const char *idfile)
 	    {
 		for (ctl = hostlist; ctl; ctl = ctl->next)
 		{
-		    if (strcmp(host, ctl->server.names->id) == 0
-				&& strcmp(user, ctl->remotename) == 0)
+		    if (strcasecmp(host, ctl->server.names->id) == 0
+				&& strcasecmp(user, ctl->remotename) == 0)
 		    {
 			save_str(&ctl->oldsaved, -1, id);
 			break;
@@ -186,11 +186,11 @@ char *str_find(struct idlist **idl, int number)
 }
 
 char *idpair_find(struct idlist **idl, const char *id)
-/* return the id of the given number in the given list. */
+/* return the id of the given id in the given list (caseblind comparison) */
 {
     if (*idl == (struct idlist *) 0)
 	return((char *) 0);
-    else if (strcmp(id, (*idl)->id) == 0)
+    else if (strcasecmp(id, (*idl)->id) == 0)
 	return((*idl)->val.id2 ? (*idl)->val.id2 : (*idl)->id);
     else
 	return(idpair_find(&(*idl)->next, id));