diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | fetchmail.man | 4 | ||||
| -rw-r--r-- | pop3.c | 53 |
3 files changed, 39 insertions, 19 deletions
@@ -106,6 +106,7 @@ fetchmail-6.3.18 (not yet released): * When encountering incorrect headers, fetchmail will refer to the bad-header option in the manpage. BerliOS Bug #17272, change suggested by Björn Voigt. * Fetchmail now decodes and reports GSSAPI status codes upon errors. +* Fetchmail now autoprobes NTLM for POP3. # TRANSLATION UPDATES [zh_CN] Chinese/simplified (Ji Zheng-Yu) diff --git a/fetchmail.man b/fetchmail.man index 2f526827..442bf4d6 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -918,8 +918,8 @@ excruciating exactness, \fBkerberos_v4\fP), \fBgssapi\fP, When \fBany\fP (the default) is specified, fetchmail tries first methods that don't require a password (EXTERNAL, GSSAPI, KERBEROS\ IV, KERBEROS\ 5); then it looks for methods that mask your password -(CRAM-MD5, X\-OTP - note that NTLM and MSN are not autoprobed for POP3 -and MSN is only supported for POP3); and only if the server doesn't +(CRAM-MD5, NTLM, X\-OTP - note that MSN is only supported for POP3, but not +autoprobed); and only if the server doesn't support any of those will it ship your password en clair. Other values may be used to force various authentication methods (\fBssh\fP suppresses authentication and is thus useful for IMAP PREAUTH). @@ -52,6 +52,9 @@ static flag has_cram = FALSE; #ifdef OPIE_ENABLE flag has_otp = FALSE; #endif /* OPIE_ENABLE */ +#ifdef NTLM_ENABLE +flag has_ntlm = FALSE; +#endif /* NTLM_ENABLE */ #ifdef SSL_ENABLE static flag has_stls = FALSE; #endif /* SSL_ENABLE */ @@ -209,6 +212,9 @@ static int capa_probe(int sock) #ifdef OPIE_ENABLE has_otp = FALSE; #endif /* OPIE_ENABLE */ +#ifdef NTLM_ENABLE + has_ntlm = FALSE; +#endif /* NTLM_ENABLE */ ok = gen_transact(sock, "CAPA"); if (ok == PS_SUCCESS) @@ -220,22 +226,32 @@ static int capa_probe(int sock) { if (DOTLINE(buffer)) break; + #ifdef SSL_ENABLE if (strstr(buffer, "STLS")) has_stls = TRUE; #endif /* SSL_ENABLE */ + #if defined(GSSAPI) if (strstr(buffer, "GSSAPI")) has_gssapi = TRUE; #endif /* defined(GSSAPI) */ + #if defined(KERBEROS_V4) if (strstr(buffer, "KERBEROS_V4")) has_kerberos = TRUE; #endif /* defined(KERBEROS_V4) */ + #ifdef OPIE_ENABLE if (strstr(buffer, "X-OTP")) has_otp = TRUE; #endif /* OPIE_ENABLE */ + +#ifdef NTLM_ENABLE + if (strstr(buffer, "NTLM")) + has_ntlm = TRUE; +#endif /* NTLM_ENABLE */ + if (strstr(buffer, "CRAM-MD5")) has_cram = TRUE; } @@ -328,22 +344,7 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) ctl->server.sdps = TRUE; #endif /* SDPS_ENABLE */ -#ifdef NTLM_ENABLE - /* MSN servers require the use of NTLM (MSN) authentication */ - if (!strcasecmp(ctl->server.pollname, "pop3.email.msn.com") || - ctl->server.authenticate == A_MSN) - return (do_pop3_ntlm(sock, ctl, 1) == 0) ? PS_SUCCESS : PS_AUTHFAIL; - if (ctl->server.authenticate == A_NTLM) - return (do_pop3_ntlm(sock, ctl, 0) == 0) ? PS_SUCCESS : PS_AUTHFAIL; -#else - if (ctl->server.authenticate == A_NTLM || ctl->server.authenticate == A_MSN) - { - report(stderr, - GT_("Required NTLM capability not compiled into fetchmail\n")); - } -#endif - - switch (ctl->server.protocol) { + switch (ctl->server.protocol) { case P_POP3: #ifdef RPA_ENABLE /* XXX FIXME: AUTH probing (RFC1734) should become global */ @@ -542,7 +543,25 @@ static int pop3_getauth(int sock, struct query *ctl, char *greeting) } #endif /* OPIE_ENABLE */ - if (ctl->server.authenticate == A_CRAM_MD5 || +#ifdef NTLM_ENABLE + /* MSN servers require the use of NTLM (MSN) authentication */ + if (!strcasecmp(ctl->server.pollname, "pop3.email.msn.com") || + ctl->server.authenticate == A_MSN) + return (do_pop3_ntlm(sock, ctl, 1) == 0) ? PS_SUCCESS : PS_AUTHFAIL; + if (ctl->server.authenticate == A_NTLM || (has_ntlm && ctl->server.authenticate == A_ANY)) { + ok = do_pop3_ntlm(sock, ctl, 0); + if (ok == 0 || ctl->server.authenticate != A_ANY) + break; + } +#else + if (ctl->server.authenticate == A_NTLM || ctl->server.authenticate == A_MSN) + { + report(stderr, + GT_("Required NTLM capability not compiled into fetchmail\n")); + } +#endif + + if (ctl->server.authenticate == A_CRAM_MD5 || (has_cram && ctl->server.authenticate == A_ANY)) { ok = do_cram_md5(sock, "AUTH", ctl, NULL); |