diff options
-rw-r--r-- | NEWS | 6 | ||||
-rw-r--r-- | conf.c | 2 | ||||
-rw-r--r-- | design-notes.html | 8 | ||||
-rw-r--r-- | driver.c | 48 | ||||
-rw-r--r-- | fetchmail-features.html | 8 | ||||
-rw-r--r-- | fetchmail.c | 25 | ||||
-rw-r--r-- | fetchmail.h | 1 | ||||
-rw-r--r-- | fetchmail.man | 18 | ||||
-rwxr-xr-x | fetchmailconf | 20 | ||||
-rw-r--r-- | imap.c | 6 | ||||
-rw-r--r-- | options.c | 4 | ||||
-rw-r--r-- | pop3.c | 13 | ||||
-rw-r--r-- | rcfile_l.l | 3 | ||||
-rw-r--r-- | rcfile_y.y | 3 | ||||
-rw-r--r-- | socket.c | 2 |
15 files changed, 114 insertions, 53 deletions
@@ -1,7 +1,5 @@ Things to do: -Scrollbars on fetchmailconf help windows (Debian normal bug #51770). - Notify user by mail when pop server nonexistent (Debian wishlist #47143). In the SSL support, we need to add server certificate validation (In @@ -29,7 +27,11 @@ The Debian bug-tracking page for fetchmail is: before close (sigh...NFS might still betray us...). * Added Martijn Lievaart's sendmail hacks for multidrop to the contrib directory. +* Fix bug in processing of plugout option. +* Add support for `ssh' preauth type to suppress password prompts at startup. +* Support for RFC2449 extended POP3 responses [IN-USE] and [LOGIN-DELAY]. * Log bounced messages via syslog (Debian bug #50184). +* Add scrollbars on fetchmailconf help windows (Debian bug #51770). * Debian buglist cleanup. fetchmail-5.2.5 (Mon Jan 31 02:02:48 EST 2000), 18445 lines: @@ -270,6 +270,8 @@ void dump_config(struct runctl *runp, struct query *querylist) stringdump("preauth", "kerberos_v4"); else if (ctl->server.preauthenticate == A_KERBEROS_V5) stringdump("preauth", "kerberos_v5"); + else if (ctl->server.preauthenticate == A_SSH) + stringdump("preauth", "ssh"); else stringdump("preauth", "password"); diff --git a/design-notes.html b/design-notes.html index 14912240..0707878a 100644 --- a/design-notes.html +++ b/design-notes.html @@ -10,7 +10,7 @@ <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="/~esr/index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 2000/01/08 22:37:39 $ +<td width="30%" align=right>$Date: 2000/02/05 04:10:38 $ </table> <HR> <H1 ALIGN=CENTER>Design Notes On Fetchmail</H1> @@ -513,6 +513,8 @@ all shaped the design in one way or another.<P> <DD> A One-Time Password System <DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc1939.txt">RFC1939</A> <DD> Post Office Protocol - Version 3 +<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc1957.txt">RFC1957</A> +<DD> Some Observations on Implementations of the Post Office Protocol (POP3) <DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc1985.txt">RFC1985</A> <DD> SMTP Service Extension for Remote Message Queue Starting <DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc2033.txt">RFC2033</A> @@ -523,6 +525,8 @@ all shaped the design in one way or another.<P> <DD> IMAP4 Compatibility With IMAP2bis <DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc2062.txt">RFC2062</A> <DD> Internet Message Access Protocol - Obsolete Syntax +<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc2195.txt">RFC2195</A> +<DD> IMAP/POP AUTHorize Extension for Simple Challenge/Response <DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc2195.txt">RFC2449</A> <DD> IMAP/POP AUTHorize Extension for Simple Challenge/Response <DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc2449.txt">RFC2449</A> @@ -533,7 +537,7 @@ all shaped the design in one way or another.<P> <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 2000/01/08 22:37:39 $ +<td width="30%" align=right>$Date: 2000/02/05 04:10:38 $ </table> <P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com"><esr@snark.thyrsus.com></A></ADDRESS> @@ -1045,7 +1045,7 @@ static int readheaders(int sock, free_str_list(&msgblk.recipients); return(PS_IOERR); } - else if (!run.use_syslog && outlevel >= O_VERBOSE) + else if ((run.poll_interval == 0 || nodetach) && outlevel >= O_VERBOSE) fputs("#", stderr); /* write error notifications */ @@ -1155,7 +1155,7 @@ static int readbody(int sock, struct query *ctl, flag forward, int len) sizeticker += linelen; while (sizeticker >= SIZETICKER) { - if (!run.use_syslog && outlevel > O_SILENT) + if ((run.poll_interval == 0 || nodetach) && outlevel > O_SILENT) { fputc('.', stdout); fflush(stdout); @@ -1596,30 +1596,34 @@ const int maxfetch; /* maximum number of messages to fetch */ * in daemon mode but the connection to the outside world * is down. */ - if (err_no == EHOSTUNREACH && run.poll_interval) - goto ehostunreach; - - report_build(stderr, _("fetchmail: %s connection to %s failed"), - protocol->name, ctl->server.pollname); -#ifdef HAVE_RES_SEARCH - if (h_errno != 0) + if (!(err_no == EHOSTUNREACH && run.poll_interval)) { - if (h_errno == HOST_NOT_FOUND) - report_complete(stderr, _(": host is unknown\n")); - else if (h_errno == NO_ADDRESS) - report_complete(stderr, _(": name is valid but has no IP address\n")); - else if (h_errno == NO_RECOVERY) - report_complete(stderr, _(": unrecoverable name server error\n")); - else if (h_errno == TRY_AGAIN) - report_complete(stderr, _(": temporary name server error\n")); + report_build(stderr, _("fetchmail: %s connection to %s failed"), + protocol->name, ctl->server.pollname); +#ifdef HAVE_RES_SEARCH + if (h_errno != 0) + { + if (h_errno == HOST_NOT_FOUND) + report_complete(stderr, + _(": host is unknown\n")); + else if (h_errno == NO_ADDRESS) + report_complete(stderr, + _(": name is valid but has no IP address\n")); + else if (h_errno == NO_RECOVERY) + report_complete(stderr, + _(": unrecoverable name server error\n")); + else if (h_errno == TRY_AGAIN) + report_complete(stderr, + _(": temporary name server error\n")); + else + report_complete(stderr, + _(": unknown DNS error %d\n"), h_errno); + } else - report_complete(stderr, _(": unknown DNS error %d\n"), h_errno); - } - else #endif /* HAVE_RES_SEARCH */ - report_complete(stderr, ": %s\n", strerror(err_no)); + report_complete(stderr, ": %s\n", strerror(err_no)); - ehostunreach: + } #endif /* INET6_ENABLE */ ok = PS_SOCKET; set_timeout(0); diff --git a/fetchmail-features.html b/fetchmail-features.html index 4f24b622..619e7971 100644 --- a/fetchmail-features.html +++ b/fetchmail-features.html @@ -10,7 +10,7 @@ <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 1999/12/21 03:45:26 $ +<td width="30%" align=right>$Date: 2000/02/05 04:10:38 $ </table> <HR> @@ -19,6 +19,10 @@ <H2>Since 5.0:</H2> <UL> <LI> +Fetchail now recognizes the RFC 2449 extended responses [IN-USE] and +[LOGIN-DELAY]. + +<LI> Fetchmail running in daemon mode now restarts itself quietly when the rc file is touched. @@ -188,7 +192,7 @@ get-mail, gwpop, pimp-1.0, pop-perl5-1.2, popc, popmail-1.6 and upop.<P> <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 1999/12/21 03:45:26 $ +<td width="30%" align=right>$Date: 2000/02/05 04:10:38 $ </table> <P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com"><esr@snark.thyrsus.com></A></ADDRESS> diff --git a/fetchmail.c b/fetchmail.c index 27054b1d..7721aea6 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -335,11 +335,12 @@ int main(int argc, char **argv) if (ctl->active && !(implicitmode && ctl->server.skip)&&!ctl->password) { if (ctl->server.preauthenticate == A_KERBEROS_V4 || - ctl->server.preauthenticate == A_KERBEROS_V5 || + ctl->server.preauthenticate == A_KERBEROS_V5 || + ctl->server.preauthenticate == A_SSH || #ifdef GSSAPI - ctl->server.protocol == P_IMAP_GSS || + ctl->server.protocol == P_IMAP_GSS || #endif /* GSSAPI */ - ctl->server.protocol == P_IMAP_K4) + ctl->server.protocol == P_IMAP_K4) /* Server won't care what the password is, but there must be some non-null string here. */ ctl->password = ctl->remotename; @@ -602,7 +603,12 @@ int main(int argc, char **argv) struct stat rcstat; if (stat(rcfile, &rcstat) == -1) - report(stderr, _("couldn't time-check %s\n"), rcfile); + { + if (errno != ENOENT) + report(stderr, + _("couldn't time-check %s (error %d)\n"), + rcfile, errno); + } else if (rcstat.st_mtime > parsetime) { report(stdout, _("restarting fetchmail (%s changed)\n"), rcfile); @@ -954,10 +960,11 @@ static int load_params(int argc, char **argv, int optind) def_opts.listener = SMTP_MODE; /* note the parse time, so we can pick up on modifications */ - if (stat(rcfile, &rcstat) == -1) - report(stderr, _("couldn't time-check the run-control file\n")); - else + parsetime = 0; /* foil compiler warnings */ + if (stat(rcfile, &rcstat) != -1) parsetime = rcstat.st_mtime; + else if (errno != ENOENT) + report(stderr, _("couldn't time-check the run-control file\n")); /* this builds the host list */ if ((st = prc_parse_file(rcfile, !versioninfo)) != 0) @@ -1561,8 +1568,10 @@ static void dump_params (struct runctl *runp, putchar('\n'); if (ctl->server.preauthenticate == A_KERBEROS_V4) printf(_(" Kerberos V4 preauthentication enabled.\n")); - if (ctl->server.preauthenticate == A_KERBEROS_V5) + else if (ctl->server.preauthenticate == A_KERBEROS_V5) printf(_(" Kerberos V5 preauthentication enabled.\n")); + else if (ctl->server.preauthenticate == A_SSH) + printf(_(" End-to-end encryption assumed.\n")); #ifdef SSL_ENABLE if (ctl->use_ssl) printf(" SSL encrypted sessions enabled.\n"); diff --git a/fetchmail.h b/fetchmail.h index 805021a3..ade31a5a 100644 --- a/fetchmail.h +++ b/fetchmail.h @@ -35,6 +35,7 @@ #define A_PASSWORD 0 /* password or inline authentication */ #define A_KERBEROS_V4 1 /* preauthenticate w/ Kerberos V4 */ #define A_KERBEROS_V5 2 /* preauthenticate w/ Kerberos V5 */ +#define A_SSH 3 /* preauthentication at session level */ /* * Definitions for buffer sizes. We get little help on setting maxima diff --git a/fetchmail.man b/fetchmail.man index 87a16229..94cb377d 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -490,9 +490,12 @@ when interface data is being collected. This option permits you to specify a preauthentication type (see USER AUTHENTICATION below for details). The possible values are \&`\fBpassword\fR', `\fBkerberos_v5\fR' and `\fBkerberos\fR' (or, for -excruciating exactness, `\fBkerberos_v4\fR'). This option is provided -primarily for developers; choosing KPOP protocol automatically selects -Kerberos preauthentication, and all other alternatives use password +excruciating exactness, `\fBkerberos_v4\fR'), and \fBssh\fR. Use +\fBssh\fR to suppress fetchmail's normal inquiry for a password when +you are using an end-to-end secure connection such as an ssh tunnel. +Other values of this option are provided primarily for developers; +choosing KPOP protocol automatically selects Kerberos +preauthentication, and all other alternatives use password authentication (though APOP uses a generated one-time key as the password and IMAP-K4 uses RFC1731 Kerberos v4 authentication). This option does not work with ETRN. @@ -578,7 +581,9 @@ configuration report to standard output. The configuration report is a data structure assignment in the language Python. This option is meant to be used with an interactive .I ~/.fetchmailrc -editor written in Python. +editor like +.IR fetchmailconf , +written in Python. .SH USER AUTHENTICATION AND ENCRYPTION Every mode except ETRN requires authentication of the client. @@ -684,6 +689,9 @@ the \fI.fetchmailrc\fR option \fBuser\fR. If your IMAP daemon returns the PREAUTH response in its greeting line, fetchmail will notice this and skip the normal authentication step. This could be useful, e.g. if you start imapd explicitly using ssh. +In this case you can declare the preauthentication value `ssh' on that +site entry to stop \fI.fetchmail\fR from asking you for a password +when it starts up. .PP If you are using POP3, and the server issues a one-time-password challenge conforming to RFC1938, \fIfetchmail\fR will use your @@ -1970,7 +1978,7 @@ POP2: RFC 937 .TP 5 POP3: -RFC 1081, RFC 1225, RFC 1460, RFC 1725, RFC 1939, RFC 2449 +RFC 1081, RFC 1225, RFC 1460, RFC 1725, RFC 1939, RFC 1957, RFC2195, RFC 2449 .TP 5 APOP: RFC 1460, RFC 1725, RFC 1939 diff --git a/fetchmailconf b/fetchmailconf index 000dcfa0..199f78b6 100755 --- a/fetchmailconf +++ b/fetchmailconf @@ -4,7 +4,7 @@ # by Eric S. Raymond, <esr@snark.thyrsus.com>. # Requires Python with Tkinter, and the following OS-dependent services: # posix, posixpath, socket -version = "1.19" +version = "1.20" from Tkinter import * from Dialog import * @@ -352,7 +352,7 @@ defaultports = {"auto":0, "IMAP-K4":143, "ETRN":25} -preauthlist = ("password", "kerberos") +preauthlist = ("password", "kerberos", "ssh") listboxhelp = { 'title' : 'List Selection Help', @@ -407,10 +407,18 @@ def helpwin(helpdict): helpwin.title(helpdict['title']) helpwin.iconname(helpdict['title']) Label(helpwin, text=helpdict['banner']).pack() - textwin = Message(helpwin, text=helpdict['text'], width=600) - textwin.pack() + textframe = Frame(helpwin) + scroll = Scrollbar(textframe) + helpwin.textwidget = Text(textframe, setgrid=TRUE) + textframe.pack(side=TOP, expand=YES, fill=BOTH) + helpwin.textwidget.config(yscrollcommand=scroll.set) + helpwin.textwidget.pack(side=LEFT, expand=YES, fill=BOTH) + scroll.config(command=helpwin.textwidget.yview) + scroll.pack(side=RIGHT, fill=BOTH) + helpwin.textwidget.insert(END, helpdict['text']); Button(helpwin, text='Done', command=lambda x=helpwin: Widget.destroy(x), bd=2).pack() + textframe.pack(side=TOP) def make_icon_window(base, image): try: @@ -867,7 +875,7 @@ The `interface' and `monitor' options are available only for Linux and freeBSD systems. See the fetchmail manual page for details on these. -The ssl option enables SSL communication with a maolserver +The ssl option enables SSL communication with a mailserver supporting Secure Sockets Layer. The sslkey and sslcert options declare key and certificate files for use with SSL. @@ -1531,7 +1539,7 @@ return to the main panel. self.master.destroy() self.onexit() -# Run a command an a scrolling text widget, displaying its output +# Run a command in a scrolling text widget, displaying its output class RunWindow(Frame): def __init__(self, command, master, parent): @@ -894,7 +894,11 @@ int imap_getauth(int sock, struct query *ctl, char *greeting) else expunge_period = 1; - if (preauth) + /* + * If either (a) we saw a PREAUTH token in the capability response, or + * (b) the user specified ssh preauthentication, then we're done. + */ + if (preauth || ctl->server.preauthenticate == A_SSH) return(PS_SUCCESS); #if OPIE_ENABLE @@ -391,6 +391,8 @@ struct query *ctl; /* option record to be initialized */ ctl->server.preauthenticate = A_KERBEROS_V5; else if (strcmp(optarg, "kerberos_v4") == 0) ctl->server.preauthenticate = A_KERBEROS_V4; + else if (strcmp(optarg, "ssh") == 0) + ctl->server.preauthenticate = A_SSH; else { fprintf(stderr,_("Invalid preauthentication `%s' specified.\n"), optarg); errflag++; @@ -612,7 +614,7 @@ struct query *ctl; /* option record to be initialized */ P(_(" -p, --protocol specify retrieval protocol (see man page)\n")); P(_(" -U, --uidl force the use of UIDLs (pop3 only)\n")); P(_(" -P, --port TCP/IP service port to connect to\n")); - P(_(" --preauth preauthentication type (password or kerberos)\n")); + P(_(" --preauth preauthentication type (password/kerberos/ssh)\n")); P(_(" -t, --timeout server nonresponse timeout\n")); P(_(" -E, --envelope envelope address header\n")); P(_(" -Q, --qvirtual prefix to remove from local user id\n")); @@ -93,7 +93,9 @@ int pop3_ok (int sock, char *argbuf) else if (strstr(bufp,"lock") || strstr(bufp,"Lock") || strstr(bufp,"LOCK") - || strstr(bufp,"wait")) + || strstr(bufp,"wait") + /* these are blessed by RFC 2449 */ + || strstr(bufp,"[IN-USE]")||strstr(bufp,"[LOGIN-DELAY]")) ok = PS_LOCKBUSY; else ok = PS_AUTHFAIL; @@ -130,6 +132,15 @@ int pop3_getauth(int sock, struct query *ctl, char *greeting) ctl->server.sdps = TRUE; #endif /* SDPS_ENABLE */ + /* + * In theory, we ought to probe with CAPA here (RFC 2449). + * But AFAIK this commpand is not widely implemented, and + * we have our own tests for optional commands, and it seems + * vanishingly unlikely that the RFC 2449 extended responses + * [IN-USE] and [LOGIN-DELAY] will ever be accidentally spoofed. + * So we'll not bother, and save ourselves the overhead. + */ + switch (ctl->server.protocol) { case P_POP3: #ifdef RPA_ENABLE @@ -84,6 +84,7 @@ preauth(enticate)? { SETSTATE(PREAUTH); return PREAUTHENTICATE; } kerberos(_v)?4 { SETSTATE(0); return KERBEROS4; } kerberos(_v)?5 { SETSTATE(0); return KERBEROS5; } kerberos { SETSTATE(0); return KERBEROS; } +ssh { SETSTATE(0); return SSH; } <PREAUTH>password { SETSTATE(0); return PASSWORD; } timeout { return TIMEOUT;} envelope { return ENVELOPE; } @@ -104,7 +105,7 @@ netsec { return NETSEC; } interface { return INTERFACE; } monitor { return MONITOR; } plugin { return PLUGIN; } -plugout { return PLUGIN; } +plugout { return PLUGOUT; } batchlimit { return BATCHLIMIT; } fetchlimit { return FETCHLIMIT; } expunge { return EXPUNGE; } @@ -58,7 +58,7 @@ extern char * yytext; } %token DEFAULTS POLL SKIP VIA AKA LOCALDOMAINS PROTOCOL -%token PREAUTHENTICATE TIMEOUT KPOP SDPS KERBEROS4 KERBEROS5 KERBEROS +%token PREAUTHENTICATE TIMEOUT KPOP SDPS KERBEROS4 KERBEROS5 KERBEROS SSH %token ENVELOPE QVIRTUAL USERNAME PASSWORD FOLDER SMTPHOST MDA BSMTP LMTP %token SMTPADDRESS SPAMRESPONSE PRECONNECT POSTCONNECT LIMIT WARNINGS %token NETSEC INTERFACE MONITOR PLUGIN PLUGOUT @@ -177,6 +177,7 @@ serv_option : AKA alias_list current.server.preauthenticate = A_KERBEROS_V4; #endif /* KERBEROS_V5 */ } + | PREAUTHENTICATE SSH {current.server.preauthenticate = A_SSH;} | TIMEOUT NUMBER {current.server.timeout = $2;} | ENVELOPE NUMBER STRING @@ -680,7 +680,7 @@ int SockClose(int sock) * side is acknowledged at the TCP level. */ if (recv(sock, &ch, 1, MSG_PEEK) > 0) - while (recv(sock, &ch, 1, MSG_NOSIGNAL) > 0) + while (read(sock, &ch, 1) > 0) continue; /* if there's an error closing at this point, not much we can do */ |