diff options
| -rw-r--r-- | Makefile.in | 9 | ||||
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | README | 5 | ||||
| -rw-r--r-- | acconfig.h | 3 | ||||
| -rw-r--r-- | configure.in | 9 | ||||
| -rw-r--r-- | fetchmail-features.html | 7 | ||||
| -rw-r--r-- | fetchmail.h | 1 | ||||
| -rw-r--r-- | fetchmail.man | 8 | ||||
| -rw-r--r-- | pop3.c | 68 | ||||
| -rw-r--r-- | rpa.c | 8 |
10 files changed, 91 insertions, 28 deletions
diff --git a/Makefile.in b/Makefile.in index 0c247ba8..faae099b 100644 --- a/Makefile.in +++ b/Makefile.in @@ -81,8 +81,8 @@ CTAGS = ctags protobjs = rcfile_y.o rcfile_l.o socket.o getpass.o pop2.o pop3.o imap.o \ etrn.o fetchmail.o env.o options.o daemon.o driver.o rfc822.o smtp.o \ - xmalloc.o uid.o mxget.o md5c.o md5ify.o interface.o netrc.o base64.o \ - error.o + xmalloc.o uid.o mxget.o md5c.o md5ify.o rpa.o interface.o netrc.o \ + base64.o error.o objs = $(protobjs) $(extras) $(EXTRAOBJ) @@ -92,8 +92,9 @@ srcs = $(srcdir)/socket.c $(srcdir)/getpass.c $(srcdir)/pop2.c \ $(srcdir)/options.c $(srcdir)/daemon.c \ $(srcdir)/driver.c $(srcdir)/rfc822.c $(srcdir)/smtp.c \ $(srcdir)/xmalloc.c $(srcdir)/uid.c $(srcdir)/mxget.c \ - $(srcdir)/md5c.c $(srcdir)/md5ify.c $(srcdir)/interface.c \ - $(srcdir)/netrc.c $(srcdir)/base64.c $(srcdir)/error.c + $(srcdir)/md5c.c $(srcdir)/md5ify.c $(srcdir)/rpa.c \ + $(srcdir)/interface.c $(srcdir)/netrc.c $(srcdir)/base64.c \ + $(srcdir)/error.c .SUFFIXES: .SUFFIXES: .o .c .h .y .l .ps .dvi .info .texi @@ -20,6 +20,7 @@ fetchmail-4.2.9 () * Fetchmail's synthetic Received line is now inserted just before the first existing Received line and *after* any From headers shipped up by the server. This fixes odd problems with some sensitive sendmails. +* Compuserve RPA authentication support. There are 285 people on the fetchmail-friends list. @@ -9,8 +9,9 @@ normal mail user agents such as elm(1) or Mail(1). fetchmail supports standard all mail-retrieval protocols in use on the Internet: POP2, POP3 (including POP3 with RFC1938 one-time passwords), -RPOP, APOP, KPOP, all flavors of IMAP (including IMAP4rev1 with -RFC1731 Kerberos v4 authentication), and ESMTP ETRN. +RPOP, APOP, KPOP, Compuserve's POP3 with RPA, all flavors of IMAP +(including IMAP4rev1 with RFC1731 Kerberos v4 authentication), and +ESMTP ETRN. The fetchmail code was developed under Linux, but has also been extensively tested under 4.4BSD, AIX, HP-UX versions 9 and 10, @@ -55,6 +55,9 @@ /* Define if you want POP2 support compiled in */ #undef POP2_ENABLE +/* Define if you want RPA support compiled in */ +#undef RPA_ENABLE + /* Define if you want OPIE support compiled in */ #undef OPIE_ENABLE diff --git a/configure.in b/configure.in index 9dad13fb..735e7953 100644 --- a/configure.in +++ b/configure.in @@ -147,13 +147,20 @@ AC_CHECK_SIZEOF(short) AC_CHECK_SIZEOF(int) AC_CHECK_SIZEOF(long) -### use option --enable-POP2 to compile in the POP2 fallback support +### use option --enable-POP2 to compile in the POP2 support AC_ARG_ENABLE(POP2, [ --enable-POP2 compile in POP2 protocol support (obsolete)], [with_POP2=$enableval], [with_POP2=no]) test "$with_POP2" = "yes" && AC_DEFINE(POP2_ENABLE) +### use option --enable-RPA to compile in the RPA support +AC_ARG_ENABLE(RPA, + [ --enable-RPA compile in RPA protocol support], + [with_RPA=$enableval], + [with_RPA=no]) +test "$with_RPA" = "yes" && AC_DEFINE(RPA_ENABLE) + ### use option --enable-opie to compile in the OPIE support AC_ARG_ENABLE(opie, [ --enable-opie support OTP through the OPIE library], diff --git a/fetchmail-features.html b/fetchmail-features.html index 9978889f..dcff9d2f 100644 --- a/fetchmail-features.html +++ b/fetchmail-features.html @@ -10,7 +10,7 @@ <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 1997/09/25 06:42:28 $ +<td width="30%" align=right>$Date: 1997/09/30 21:26:41 $ </table> <HR> @@ -26,6 +26,9 @@ are listed first. <P> <LI> Support for responding with a one-time password when a POP3 server issues an RFC1938-conforming OTP challenge. + +<LI> Support for Compuserve's RPA authentication protocol for POP3 + (not compiled in by default, but configurable). </UL> <H2>Since 3.0:</H2> @@ -129,7 +132,7 @@ get-mail, gwpop, pimp-1.0, pop-perl5-1.2, popc, popmail-1.6 and upop.<P> <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 1997/09/25 06:42:28 $ +<td width="30%" align=right>$Date: 1997/09/30 21:26:41 $ </table> <P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com"><esr@snark.thyrsus.com></A></ADDRESS> diff --git a/fetchmail.h b/fetchmail.h index 17dbeb22..56b3c4c6 100644 --- a/fetchmail.h +++ b/fetchmail.h @@ -294,6 +294,7 @@ struct query *hostalloc(struct query *); int parsecmdline (int, char **, struct query *); void optmerge(struct query *, struct query *); char *MD5Digest (unsigned char *); +int POP3_auth_rpa(unsigned char *, unsigned char *, int socket); int daemonize(const char *, void (*)(int)); char *getpassword(char *); void escapes(const char *, char *); diff --git a/fetchmail.man b/fetchmail.man index 5b794fb5..53d50d63 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -451,6 +451,12 @@ If you are using POP3, and the server issues a one-time-password challenge conforming to RFC1938, \fIfetchmail\fR will use your password as a pass phrase to generate the required response. This avoids sending secrets over the net unencrypted. +.PP +Compuserve's RPA authentication (similar to APOP) is supported. If +you are using POP3, and the RPA code has been compiled into your +binary, and you query a server in the Compuserve csi.com domain, +\fIfetchmail\fR will try to perform an RPA pass-phrase authentication +instead of sending over the password en clair. .SH DAEMON MODE The @@ -1371,7 +1377,7 @@ The RFC822 parser used in multidrop mode chokes on some @-addresses that are technically legal but bizarre. Strange uses of quoting and embedded comments are likely to confuse it. .PP -Use of any of the supported protocols other than POP3 with OTP, APOP, +Use of any of the supported protocols other than POP3 with OTP or RPA, APOP, KPOP, IMAP-K4, or ETRN requires that the program send unencrypted passwords over the TCP/IP connection to the mailserver. This creates a risk that name/password pairs might be snaffled with a packet @@ -23,8 +23,6 @@ #include <opie.h> #endif /* HAVE_LIBOPIE */ -#define PROTOCOL_ERROR {error(0, 0, "protocol error"); return(PS_ERROR);} - extern char *strstr(); /* needed on sysV68 R3V7.1. */ static int last; @@ -102,24 +100,59 @@ int pop3_getauth(int sock, struct query *ctl, char *greeting) switch (ctl->server.protocol) { case P_POP3: - if ((gen_transact(sock, "USER %s", ctl->remotename)) != 0) - PROTOCOL_ERROR + if ((ok = gen_transact(sock, "USER %s", ctl->remotename)) != 0) + break; #if defined(HAVE_LIBOPIE) && defined(OPIE_ENABLE) /* see RFC1938: A One-Time Password System */ - if (challenge = strstr(lastok, "otp-")) + if (challenge = strstr(greeting, "otp-")) { char response[OPIE_RESPONSE_MAX+1]; if (opiegenerator(challenge, ctl->password, response)) - PROTOCOL_ERROR + { + ok = PS_ERROR; + break; + } ok = gen_transact(sock, "PASS %s", response); + break; } - else #endif /* defined(HAVE_LIBOPIE) && defined(OPIE_ENABLE) */ - /* ordinary validation, no one-time password */ - ok = gen_transact(sock, "PASS %s", ctl->password); + +#ifdef ENABLE_RPA + /* if we're talking to CompuServe, try RPA */ + if (strstr(greeting, "csi.com")) + { + /* AUTH command should return a list of available mechanisms */ + if (gen_transact(sock, "AUTH") == 0) + { + char buffer[10]; + flag authenticated = FALSE; + + while ((ok = gen_recv(sock, buffer, sizeof(buffer))) == 0) + { + if (buffer[0] == '.') + break; + if (strncasecmp(buffer, "rpa", 3) == 0) + { + if (POP3_auth_rpa(ctl->remotename, + ctl->password, sock) == PS_SUCCEED) + { + authenticated = TRUE; + break; + } + } + } + + if (authenticated) + break; + } + } +#endif /* ENABLE_RPA */ + + /* ordinary validation, no one-time password or RPA */ + ok = gen_transact(sock, "PASS %s", ctl->password); break; case P_APOP: @@ -154,10 +187,8 @@ int pop3_getauth(int sock, struct query *ctl, char *greeting) break; case P_RPOP: - if ((gen_transact(sock,"USER %s", ctl->remotename)) != 0) - PROTOCOL_ERROR - - ok = gen_transact(sock, "RPOP %s", ctl->password); + if ((ok = gen_transact(sock,"USER %s", ctl->remotename)) == 0) + ok = gen_transact(sock, "RPOP %s", ctl->password); break; default: @@ -173,7 +204,6 @@ int pop3_getauth(int sock, struct query *ctl, char *greeting) error(0, 0, "lock busy! Is another session active?"); return(PS_LOCKBUSY); } - PROTOCOL_ERROR } /* @@ -342,7 +372,10 @@ static int pop3_getrange(int sock, if (ok == 0) { if (sscanf(buf, "%d", &last) == 0) - PROTOCOL_ERROR + { + error(0, 0, "protocol error"); + return(PS_ERROR); + } *newp = (*countp - last); } else @@ -352,7 +385,10 @@ static int pop3_getrange(int sock, { /* don't worry, yet! do it the slow way */ if((ok = pop3_slowuidl( sock, ctl, countp, newp))!=0) - PROTOCOL_ERROR + { + error(0, 0, "protocol error while fetching UIDLs"); + return(PS_ERROR); + } } else { @@ -8,6 +8,9 @@ description: RPA authorisation code for POP3 client ***********************************************************************/ +#include "config.h" + +#ifdef RPA_ENABLE #include <stdio.h> #include <unistd.h> #include <ctype.h> @@ -16,8 +19,6 @@ #include "fetchmail.h" #include "md5.h" - - #ifdef TESTMODE extern unsigned char line1[]; extern unsigned char line2[]; @@ -880,3 +881,6 @@ unsigned char* out; fprintf(stderr,"\n"); } } +#endif /* RPA_ENABLE */ + +/* rpa.c ends here */ |