diff options
| -rw-r--r-- | Makefile.in | 2 | ||||
| -rw-r--r-- | NEWS | 13 | ||||
| -rw-r--r-- | conf.c | 1 | ||||
| -rw-r--r-- | configure.in | 6 | ||||
| -rw-r--r-- | driver.c | 41 | ||||
| -rw-r--r-- | fetchmail-FAQ.html | 29 | ||||
| -rw-r--r-- | fetchmail.c | 4 | ||||
| -rw-r--r-- | fetchmail.h | 1 | ||||
| -rw-r--r-- | fetchmail.man | 11 | ||||
| -rwxr-xr-x | fetchmailconf | 9 | ||||
| -rw-r--r-- | imap.c | 6 | ||||
| -rw-r--r-- | options.c | 8 | ||||
| -rw-r--r-- | rcfile_l.l | 1 | ||||
| -rw-r--r-- | rcfile_y.y | 3 | ||||
| -rw-r--r-- | sample.rcfile | 1 | ||||
| -rw-r--r-- | sink.c | 4 |
16 files changed, 125 insertions, 15 deletions
diff --git a/Makefile.in b/Makefile.in index 269976f8..70e887d7 100644 --- a/Makefile.in +++ b/Makefile.in @@ -4,7 +4,7 @@ # So just uncomment all the lines marked QNX. PACKAGE = fetchmail -VERSION = 5.5.5 +VERSION = 5.5.6 SUBDIRS = @INTLSUB@ @POSUB@ @@ -2,9 +2,20 @@ (The `lines' figures total .c, .h, .l, and .y files under version control.) -* Chip Salzenberg's patch to prevent wilcards in Common Names from causing +fetchmail-5.5.5 (Sat Nov 11 14:22:24 EST 2000), 19563 lines: + +* Chip Salzenberg's patch to prevent wildcards in Common Names from causing spurious error messages (resolved Debian bug #75011). * Added --showdots option by Thomas Jarosch <tomj@gmx.de>. +* Added --principal option from R. Lindsay Todd" <toddr@rpi.edu>. +* Spanish-language update from Javier Kohen. +* Nalin Dahyabai's fix to handle untagged responses during imap-gss + authentication. +* Koyama Mituru's patch for improved spam handling under qmail; checks + for a 553 reponse to RCPT TO. +* Added FAQ item F5 of %h and %p interpolation from Matthias Andree. + +There are 279 people on fetchmail-friends and 568 on fetchmail-announce. fetchmail-5.5.5 (Tue Oct 17 17:50:46 EDT 2000), 19523 lines: @@ -291,6 +291,7 @@ void dump_config(struct runctl *runp, struct query *querylist) stringdump("plugin", ctl->server.plugin); stringdump("plugout", ctl->server.plugout); + stringdump("principal", ctl->server.principal); indent(0); fputs("'users': ", stdout); diff --git a/configure.in b/configure.in index 7f9c9ca9..73edf920 100644 --- a/configure.in +++ b/configure.in @@ -343,7 +343,7 @@ then else LIBS="$LIBS -lkrb5 -lcrypto -lcom_err" fi -elif test "$with_kerberos" != "no"; then +elif test "$with_kerberos" != "no" -a "$with_kerberos5" != "no" ; then for dir in /usr/kerberos /usr/local/krb5 /usr/athena do if test -f "$dir/include/krb5.h" @@ -437,7 +437,7 @@ then echo "Configuring kerberosIV for `uname`" CEFLAGS="$CEFLAGS -DKERBEROS_V4 -I/usr/include/kerberosIV" LIBS="$LIBS -lkrb -ldes" -elif test -n "$with_kerberos" -a -n "$with_kerberos5" -a "$with_kerberos" != "no" +elif test -n "$with_kerberos" -a -n "$with_kerberos5" -a "$with_kerberos" != "no" -a "$with_kerberos5" != "no" then CEFLAGS="$CEFLAGS -DKERBEROS_V4 -I$with_kerberos/include" LDEFLAGS="$LDEFLAGS -L$with_kerberos/lib" @@ -448,7 +448,7 @@ then else LIBS="-lkrb4 -ldes425 $LIBS" fi -elif test -n "$with_kerberos5" -a "$with_kerberos" != "no" +elif test -n "$with_kerberos5" -a "$with_kerberos" != "no" -a "$with_kerberos5" != "no" then for dir in /usr/kerberos /usr/kerberosIV /usr/athena do @@ -1288,7 +1288,7 @@ static int readbody(int sock, struct query *ctl, flag forward, int len) #ifdef KERBEROS_V4 int -kerberos_auth (socket, canonical) +kerberos_auth (socket, canonical, principal) /* authenticate to the server host using Kerberos V4 */ int socket; /* socket to server host */ #if defined(__FreeBSD__) || defined(__OpenBSD__) @@ -1296,6 +1296,7 @@ char *canonical; /* server name */ #else const char *canonical; /* server name */ #endif +char *principal; { char * host_primary; KTEXT ticket; @@ -1303,11 +1304,36 @@ const char *canonical; /* server name */ CREDENTIALS cred; Key_schedule schedule; int rem; + char * prin_copy = (char *) NULL; + char * prin = (char *) NULL; + char * inst = (char *) NULL; + char * realm = (char *) NULL; + + if (principal != (char *)NULL && *principal) + { + char *cp; + prin = prin_copy = xstrdup(principal); + for (cp = prin_copy; *cp && *cp != '.'; ++cp) + ; + if (*cp) + { + *cp++ = '\0'; + inst = cp; + while (*cp && *cp != '@') + ++cp; + if (*cp) + { + *cp++ = '\0'; + realm = cp; + } + } + } xalloca(ticket, KTEXT, sizeof (KTEXT_ST)); - rem = (krb_sendauth (0L, socket, ticket, "pop", - canonical, - ((char *) (krb_realmofhost (canonical))), + rem = (krb_sendauth (0L, socket, ticket, + prin ? prin : "pop", + inst ? inst : canonical, + realm ? realm : ((char *) (krb_realmofhost (canonical))), ((unsigned long) 0), (&msg_data), (&cred), @@ -1315,6 +1341,10 @@ const char *canonical; /* server name */ ((struct sockaddr_in *) 0), ((struct sockaddr_in *) 0), "KPOPV0.1")); + if (prin_copy) + { + free(prin_copy); + } if (rem != KSUCCESS) { report(stderr, _("kerberos error %s\n"), (krb_get_err_text (rem))); @@ -1735,7 +1765,8 @@ const int maxfetch; /* maximum number of messages to fetch */ if (ctl->server.preauthenticate == A_KERBEROS_V4) { set_timeout(mytimeout); - ok = kerberos_auth(mailserver_socket, ctl->server.truename); + ok = kerberos_auth(mailserver_socket, ctl->server.truename, + ctl->server.principal); set_timeout(0); if (ok != 0) goto cleanUp; diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html index befc865f..5b52eb67 100644 --- a/fetchmail-FAQ.html +++ b/fetchmail-FAQ.html @@ -10,7 +10,7 @@ <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 2000/11/11 18:20:46 $ +<td width="30%" align=right>$Date: 2000/11/11 19:23:49 $ </table> <HR> <H1>Frequently Asked Questions About Fetchmail</H1> @@ -53,6 +53,7 @@ IP address?</a><br> <a href="#F2">F2. The .fetchmailrc parser won't accept my all-numeric user name.</a><br> <a href="#F3">F3. The .fetchmailrc parser won't accept my host or username beginning with `no'.</a><br> <a href="#F4">F4. I'm getting a `parse error' message I don't understand.</a><br> +<a href="#F5">F5. The %h and %p escapes aren't being interporated correctly.</a><br> <h1>Configuration questions:</h1> @@ -797,6 +798,30 @@ Unfortunately, they're necessary in order to allow the `defaults' feature to work.<P> <hr> +<h2><a name="F5">F5. The %h and %p escapes aren't being interporated correctly.</a></h2> + +Note that %h and %p are only recognized as placeholders if they are a +single word each; you cannot use %h:%p or other interpolations that +aren't space-delimited. If you happen to need such a thing, write a +wrapper. For example, in .fetchmailrc you can add this line:<p> + +<pre> +plugin 'mywrap.sh %h %p' +</pre> + +With mywrap.sh containing:<p> + +<pre> +#! /bin/sh +if test $# -ne 2 ; then + echo "usage: `basename $0` <host> <port>" + exit 1 +fi +exec openssl 2>/dev/null s_client -connect $1:$2 -quiet +exit 2 # never reached unless openssl fails +</pre> + +<hr> <h2><a name="C1">C1. Why do I need a .fetchmailrc when running as root on my own machine?</a></h2> Ian T. Zimmerman <itz@rahul.net> asked:<p> @@ -2941,7 +2966,7 @@ install Linux on your server...<p> <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 2000/11/11 18:20:46 $ +<td width="30%" align=right>$Date: 2000/11/11 19:23:49 $ </table> <P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com"><esr@snark.thyrsus.com></A></ADDRESS> diff --git a/fetchmail.c b/fetchmail.c index 617d4e80..e4035813 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -842,6 +842,7 @@ static void optmerge(struct query *h2, struct query *h1, int force) FLAG_MERGE(server.dns); FLAG_MERGE(server.checkalias); FLAG_MERGE(server.uidl); + FLAG_MERGE(server.principal); #if defined(linux) || defined(__FreeBSD__) FLAG_MERGE(server.interface); @@ -1571,6 +1572,9 @@ static void dump_params (struct runctl *runp, printf(_(" Kerberos V5 preauthentication enabled.\n")); else if (ctl->server.preauthenticate == A_SSH) printf(_(" End-to-end encryption assumed.\n")); + if (ctl->server.principal != (char *) NULL) { + printf(_(" Mail service principal is: %s\n"), ctl->server.principal); + } #ifdef SSL_ENABLE if (ctl->use_ssl) printf(" SSL encrypted sessions enabled.\n"); diff --git a/fetchmail.h b/fetchmail.h index 8907696a..819ff6c7 100644 --- a/fetchmail.h +++ b/fetchmail.h @@ -207,6 +207,7 @@ struct hostdata /* shared among all user connections to given server */ flag sdps; /* use Demon Internet SDPS *ENV */ #endif /* SDPS_ENABLE */ flag checkalias; /* resolve aliases by comparing IPs? */ + char *principal; /* Kerberos principal for mail service */ #if defined(linux) || defined(__FreeBSD__) diff --git a/fetchmail.man b/fetchmail.man index 6f803d43..a9b8a21e 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -221,6 +221,12 @@ news drop for a group of users. The port option permits you to specify a TCP/IP port to connect on. This option will seldom be necessary as all the supported protocols have well-established default port numbers. +.TP +.B \--principal <principal> +(Keyword: principal) +The principal option permits you to specify a service principal for +mutual authentication. This is applicable to POP3 or IMAP with Kerberos +authentication. .TP .B \-t, --timeout <seconds> (Keyword: timeout) @@ -1884,7 +1890,8 @@ on the server but not selected for retrieval.) .IP 2 An error was encountered when attempting to open a socket to retrieve mail. If you don't know what a socket is, don't worry about it -- -just treat this as an 'unrecoverable error'. +just treat this as an 'unrecoverable error'. This error can also be +because a protocol fetchmail wants to use is not listed in /etc/services. .IP 3 The user authentication step failed. This usually means that a bad user-id, password, or APOP id was specified. Or it may mean that you @@ -2054,6 +2061,8 @@ The UIDL code is generally flaky and tends to lose its state on errors and line drops (so that old messages are re-seen). If this happens to you, switch to IMAP4. .PP +The `principal' option only handles Kerberos IV, not V. +.PP Send comments, bug reports, gripes, and the like to the fetchmail-friends list <fetchmail-friends@ccil.org>. An HTML FAQ is available at the fetchmail home page; surf to diff --git a/fetchmailconf b/fetchmailconf index 05a599ed..a17adbc0 100755 --- a/fetchmailconf +++ b/fetchmailconf @@ -226,6 +226,7 @@ class User: self.ssl = 0 # Enable Seccure Socket Layer self.sslkey = None # SSL key filename self.sslcert = None # SSL certificate filename + self.principal = None # Kerberos principal self.properties = None # Extension properties User.typemap = ( ('remote', 'String'), @@ -258,6 +259,7 @@ class User: ('ssl', 'Boolean'), ('sslkey', 'String'), ('sslcert', 'String'), + ('principal', 'String'), ('properties', 'String')) def __repr__(self): @@ -318,6 +320,8 @@ class User: res = res + " sslkey " + `self.sslkey` if self.sslcert and self.sslcert != UserDefaults.sslcert: res = res + " sslcert " + `self.sslcert` + if self.principal and self.principal != UserDefaults.principal: + res = res + " principal " + `self.principal` if self.expunge != UserDefaults.expunge: res = res + " expunge " + `self.expunge` res = res + "\n" @@ -1475,6 +1479,11 @@ class UserEdit(Frame, MyWidget): self.sslcert, '14').pack(side=TOP, fill=X) sslwin.pack(fill=X, anchor=N) + # Someday this should handle Kerberos 5 too + if 'imap-k4': + LabeledEntry(secwin, 'Principal:', + self.principal, '12').pack(side=TOP, fill=X) + names = Frame(leftwin, relief=RAISED, bd=5) Label(names, text="Local names").pack(side=TOP) ListEdit("New name: ", @@ -608,8 +608,10 @@ static int do_gssauth(int sock, char *hostname, char *username) SockWrite(sock, buf1, strlen(buf1)); /* we should be done. Get status and finish up */ - if (result = gen_recv(sock, buf1, sizeof buf1)) - return result; + do { + if (result = gen_recv(sock, buf1, sizeof buf1)) + return result; + } while(strncmp(buf1, tag, strlen(tag)) != 0); if (strstr(buf1, "OK")) { /* flush security context */ if (outlevel >= O_DEBUG) @@ -79,6 +79,7 @@ #endif #define LA_SHOWDOTS 53 +#define LA_PRINCIPAL 54 /* options still left: CDgGhHjJoORwWxXYz */ static const char *shortoptions = @@ -147,6 +148,8 @@ static const struct option longoptions[] = { {"sslcert", required_argument, (int *) 0, LA_SSLCERT }, #endif + {"principal", required_argument, (int *) 0, LA_PRINCIPAL }, + #if (defined(linux) && !INET6_ENABLE) || defined(__FreeBSD__) {"interface", required_argument, (int *) 0, LA_INTERFACE }, {"monitor", required_argument, (int *) 0, LA_MONITOR }, @@ -559,6 +562,10 @@ struct query *ctl; /* option record to be initialized */ break; #endif + case LA_PRINCIPAL: + ctl->server.principal = xstrdup(optarg); + break; + case 'y': case LA_YYDEBUG: yydebug = TRUE; @@ -629,6 +636,7 @@ struct query *ctl; /* option record to be initialized */ P(_(" -t, --timeout server nonresponse timeout\n")); P(_(" -E, --envelope envelope address header\n")); P(_(" -Q, --qvirtual prefix to remove from local user id\n")); + P(_(" --principal mail service principal\n")); P(_(" -u, --username specify users's login on server\n")); P(_(" -a, --all retrieve old and new messages\n")); @@ -90,6 +90,7 @@ ssh { SETSTATE(0); return SSH; } timeout { return TIMEOUT;} envelope { return ENVELOPE; } qvirtual { return QVIRTUAL; } +principal { return PRINCIPAL; } user(name)? {SETSTATE(NAME); return USERNAME; } pass(word)? {SETSTATE(NAME); return PASSWORD; } @@ -73,6 +73,7 @@ extern char * yytext; %token DROPSTATUS DROPDELIVERED %token DNS SERVICE PORT UIDL INTERVAL MIMEDECODE IDLE CHECKALIAS %token SSL SSLKEY SSLCERT +%token PRINCIPAL %% @@ -148,6 +149,7 @@ serv_option : AKA alias_list current.server.port = KPOP_PORT; #endif /* INET6_ENABLE */ } + | PRINCIPAL STRING {current.server.principal = xstrdup($2);} | PROTOCOL SDPS { #ifdef SDPS_ENABLE current.server.protocol = P_POP3; @@ -483,6 +485,7 @@ static void reset_server(const char *name, int skip) current.smtp_socket = -1; current.server.pollname = xstrdup(name); current.server.skip = skip; + current.server.principal = (char *)NULL; } diff --git a/sample.rcfile b/sample.rcfile index 299ec8cd..865b3a18 100644 --- a/sample.rcfile +++ b/sample.rcfile @@ -27,6 +27,7 @@ # uidl # no uidl # port -- must be followed by a TCP/IP port number +# principal -- must be followed by a principal name # ssl # sslkeyfile -- must be followed by path to private key file # sslcertfile -- must be followed by path to certificate file @@ -803,6 +803,10 @@ int open_sink(struct query *ctl, struct msgblk *msg, else { char errbuf[POPBUFSIZE]; + int res; + + if ((res = handle_smtp_report(ctl, msg))==PS_REFUSED) + return PS_REFUSED; strcpy(errbuf, idp->id); strcat(errbuf, ": "); |