aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--NEWS6
-rw-r--r--conf.c2
-rw-r--r--design-notes.html8
-rw-r--r--driver.c48
-rw-r--r--fetchmail-features.html8
-rw-r--r--fetchmail.c25
-rw-r--r--fetchmail.h1
-rw-r--r--fetchmail.man18
-rwxr-xr-xfetchmailconf20
-rw-r--r--imap.c6
-rw-r--r--options.c4
-rw-r--r--pop3.c13
-rw-r--r--rcfile_l.l3
-rw-r--r--rcfile_y.y3
-rw-r--r--socket.c2
15 files changed, 114 insertions, 53 deletions
diff --git a/NEWS b/NEWS
index e40ddf8a..8d2a0728 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,5 @@
Things to do:
-Scrollbars on fetchmailconf help windows (Debian normal bug #51770).
-
Notify user by mail when pop server nonexistent (Debian wishlist #47143).
In the SSL support, we need to add server certificate validation (In
@@ -29,7 +27,11 @@ The Debian bug-tracking page for fetchmail is:
before close (sigh...NFS might still betray us...).
* Added Martijn Lievaart's sendmail hacks for multidrop to the contrib
directory.
+* Fix bug in processing of plugout option.
+* Add support for `ssh' preauth type to suppress password prompts at startup.
+* Support for RFC2449 extended POP3 responses [IN-USE] and [LOGIN-DELAY].
* Log bounced messages via syslog (Debian bug #50184).
+* Add scrollbars on fetchmailconf help windows (Debian bug #51770).
* Debian buglist cleanup.
fetchmail-5.2.5 (Mon Jan 31 02:02:48 EST 2000), 18445 lines:
diff --git a/conf.c b/conf.c
index 1856b502..6be990db 100644
--- a/conf.c
+++ b/conf.c
@@ -270,6 +270,8 @@ void dump_config(struct runctl *runp, struct query *querylist)
stringdump("preauth", "kerberos_v4");
else if (ctl->server.preauthenticate == A_KERBEROS_V5)
stringdump("preauth", "kerberos_v5");
+ else if (ctl->server.preauthenticate == A_SSH)
+ stringdump("preauth", "ssh");
else
stringdump("preauth", "password");
diff --git a/design-notes.html b/design-notes.html
index 14912240..0707878a 100644
--- a/design-notes.html
+++ b/design-notes.html
@@ -10,7 +10,7 @@
<table width="100%" cellpadding=0><tr>
<td width="30%">Back to <a href="/~esr/index.html">Fetchmail Home Page</a>
<td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 2000/01/08 22:37:39 $
+<td width="30%" align=right>$Date: 2000/02/05 04:10:38 $
</table>
<HR>
<H1 ALIGN=CENTER>Design Notes On Fetchmail</H1>
@@ -513,6 +513,8 @@ all shaped the design in one way or another.<P>
<DD> A One-Time Password System
<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc1939.txt">RFC1939</A>
<DD> Post Office Protocol - Version 3
+<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc1957.txt">RFC1957</A>
+<DD> Some Observations on Implementations of the Post Office Protocol (POP3)
<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc1985.txt">RFC1985</A>
<DD> SMTP Service Extension for Remote Message Queue Starting
<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc2033.txt">RFC2033</A>
@@ -523,6 +525,8 @@ all shaped the design in one way or another.<P>
<DD> IMAP4 Compatibility With IMAP2bis
<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc2062.txt">RFC2062</A>
<DD> Internet Message Access Protocol - Obsolete Syntax
+<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc2195.txt">RFC2195</A>
+<DD> IMAP/POP AUTHorize Extension for Simple Challenge/Response
<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc2195.txt">RFC2449</A>
<DD> IMAP/POP AUTHorize Extension for Simple Challenge/Response
<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc2449.txt">RFC2449</A>
@@ -533,7 +537,7 @@ all shaped the design in one way or another.<P>
<table width="100%" cellpadding=0><tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
<td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 2000/01/08 22:37:39 $
+<td width="30%" align=right>$Date: 2000/02/05 04:10:38 $
</table>
<P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com">&lt;esr@snark.thyrsus.com&gt;</A></ADDRESS>
diff --git a/driver.c b/driver.c
index f627d2cb..4692f009 100644
--- a/driver.c
+++ b/driver.c
@@ -1045,7 +1045,7 @@ static int readheaders(int sock,
free_str_list(&msgblk.recipients);
return(PS_IOERR);
}
- else if (!run.use_syslog && outlevel >= O_VERBOSE)
+ else if ((run.poll_interval == 0 || nodetach) && outlevel >= O_VERBOSE)
fputs("#", stderr);
/* write error notifications */
@@ -1155,7 +1155,7 @@ static int readbody(int sock, struct query *ctl, flag forward, int len)
sizeticker += linelen;
while (sizeticker >= SIZETICKER)
{
- if (!run.use_syslog && outlevel > O_SILENT)
+ if ((run.poll_interval == 0 || nodetach) && outlevel > O_SILENT)
{
fputc('.', stdout);
fflush(stdout);
@@ -1596,30 +1596,34 @@ const int maxfetch; /* maximum number of messages to fetch */
* in daemon mode but the connection to the outside world
* is down.
*/
- if (err_no == EHOSTUNREACH && run.poll_interval)
- goto ehostunreach;
-
- report_build(stderr, _("fetchmail: %s connection to %s failed"),
- protocol->name, ctl->server.pollname);
-#ifdef HAVE_RES_SEARCH
- if (h_errno != 0)
+ if (!(err_no == EHOSTUNREACH && run.poll_interval))
{
- if (h_errno == HOST_NOT_FOUND)
- report_complete(stderr, _(": host is unknown\n"));
- else if (h_errno == NO_ADDRESS)
- report_complete(stderr, _(": name is valid but has no IP address\n"));
- else if (h_errno == NO_RECOVERY)
- report_complete(stderr, _(": unrecoverable name server error\n"));
- else if (h_errno == TRY_AGAIN)
- report_complete(stderr, _(": temporary name server error\n"));
+ report_build(stderr, _("fetchmail: %s connection to %s failed"),
+ protocol->name, ctl->server.pollname);
+#ifdef HAVE_RES_SEARCH
+ if (h_errno != 0)
+ {
+ if (h_errno == HOST_NOT_FOUND)
+ report_complete(stderr,
+ _(": host is unknown\n"));
+ else if (h_errno == NO_ADDRESS)
+ report_complete(stderr,
+ _(": name is valid but has no IP address\n"));
+ else if (h_errno == NO_RECOVERY)
+ report_complete(stderr,
+ _(": unrecoverable name server error\n"));
+ else if (h_errno == TRY_AGAIN)
+ report_complete(stderr,
+ _(": temporary name server error\n"));
+ else
+ report_complete(stderr,
+ _(": unknown DNS error %d\n"), h_errno);
+ }
else
- report_complete(stderr, _(": unknown DNS error %d\n"), h_errno);
- }
- else
#endif /* HAVE_RES_SEARCH */
- report_complete(stderr, ": %s\n", strerror(err_no));
+ report_complete(stderr, ": %s\n", strerror(err_no));
- ehostunreach:
+ }
#endif /* INET6_ENABLE */
ok = PS_SOCKET;
set_timeout(0);
diff --git a/fetchmail-features.html b/fetchmail-features.html
index 4f24b622..619e7971 100644
--- a/fetchmail-features.html
+++ b/fetchmail-features.html
@@ -10,7 +10,7 @@
<table width="100%" cellpadding=0><tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
<td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 1999/12/21 03:45:26 $
+<td width="30%" align=right>$Date: 2000/02/05 04:10:38 $
</table>
<HR>
@@ -19,6 +19,10 @@
<H2>Since 5.0:</H2>
<UL>
<LI>
+Fetchail now recognizes the RFC 2449 extended responses [IN-USE] and
+[LOGIN-DELAY].
+
+<LI>
Fetchmail running in daemon mode now restarts itself quietly when the
rc file is touched.
@@ -188,7 +192,7 @@ get-mail, gwpop, pimp-1.0, pop-perl5-1.2, popc, popmail-1.6 and upop.<P>
<table width="100%" cellpadding=0><tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
<td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 1999/12/21 03:45:26 $
+<td width="30%" align=right>$Date: 2000/02/05 04:10:38 $
</table>
<P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com">&lt;esr@snark.thyrsus.com&gt;</A></ADDRESS>
diff --git a/fetchmail.c b/fetchmail.c
index 27054b1d..7721aea6 100644
--- a/fetchmail.c
+++ b/fetchmail.c
@@ -335,11 +335,12 @@ int main(int argc, char **argv)
if (ctl->active && !(implicitmode && ctl->server.skip)&&!ctl->password)
{
if (ctl->server.preauthenticate == A_KERBEROS_V4 ||
- ctl->server.preauthenticate == A_KERBEROS_V5 ||
+ ctl->server.preauthenticate == A_KERBEROS_V5 ||
+ ctl->server.preauthenticate == A_SSH ||
#ifdef GSSAPI
- ctl->server.protocol == P_IMAP_GSS ||
+ ctl->server.protocol == P_IMAP_GSS ||
#endif /* GSSAPI */
- ctl->server.protocol == P_IMAP_K4)
+ ctl->server.protocol == P_IMAP_K4)
/* Server won't care what the password is, but there
must be some non-null string here. */
ctl->password = ctl->remotename;
@@ -602,7 +603,12 @@ int main(int argc, char **argv)
struct stat rcstat;
if (stat(rcfile, &rcstat) == -1)
- report(stderr, _("couldn't time-check %s\n"), rcfile);
+ {
+ if (errno != ENOENT)
+ report(stderr,
+ _("couldn't time-check %s (error %d)\n"),
+ rcfile, errno);
+ }
else if (rcstat.st_mtime > parsetime)
{
report(stdout, _("restarting fetchmail (%s changed)\n"), rcfile);
@@ -954,10 +960,11 @@ static int load_params(int argc, char **argv, int optind)
def_opts.listener = SMTP_MODE;
/* note the parse time, so we can pick up on modifications */
- if (stat(rcfile, &rcstat) == -1)
- report(stderr, _("couldn't time-check the run-control file\n"));
- else
+ parsetime = 0; /* foil compiler warnings */
+ if (stat(rcfile, &rcstat) != -1)
parsetime = rcstat.st_mtime;
+ else if (errno != ENOENT)
+ report(stderr, _("couldn't time-check the run-control file\n"));
/* this builds the host list */
if ((st = prc_parse_file(rcfile, !versioninfo)) != 0)
@@ -1561,8 +1568,10 @@ static void dump_params (struct runctl *runp,
putchar('\n');
if (ctl->server.preauthenticate == A_KERBEROS_V4)
printf(_(" Kerberos V4 preauthentication enabled.\n"));
- if (ctl->server.preauthenticate == A_KERBEROS_V5)
+ else if (ctl->server.preauthenticate == A_KERBEROS_V5)
printf(_(" Kerberos V5 preauthentication enabled.\n"));
+ else if (ctl->server.preauthenticate == A_SSH)
+ printf(_(" End-to-end encryption assumed.\n"));
#ifdef SSL_ENABLE
if (ctl->use_ssl)
printf(" SSL encrypted sessions enabled.\n");
diff --git a/fetchmail.h b/fetchmail.h
index 805021a3..ade31a5a 100644
--- a/fetchmail.h
+++ b/fetchmail.h
@@ -35,6 +35,7 @@
#define A_PASSWORD 0 /* password or inline authentication */
#define A_KERBEROS_V4 1 /* preauthenticate w/ Kerberos V4 */
#define A_KERBEROS_V5 2 /* preauthenticate w/ Kerberos V5 */
+#define A_SSH 3 /* preauthentication at session level */
/*
* Definitions for buffer sizes. We get little help on setting maxima
diff --git a/fetchmail.man b/fetchmail.man
index 87a16229..94cb377d 100644
--- a/fetchmail.man
+++ b/fetchmail.man
@@ -490,9 +490,12 @@ when interface data is being collected.
This option permits you to specify a preauthentication type (see USER
AUTHENTICATION below for details). The possible values are
\&`\fBpassword\fR', `\fBkerberos_v5\fR' and `\fBkerberos\fR' (or, for
-excruciating exactness, `\fBkerberos_v4\fR'). This option is provided
-primarily for developers; choosing KPOP protocol automatically selects
-Kerberos preauthentication, and all other alternatives use password
+excruciating exactness, `\fBkerberos_v4\fR'), and \fBssh\fR. Use
+\fBssh\fR to suppress fetchmail's normal inquiry for a password when
+you are using an end-to-end secure connection such as an ssh tunnel.
+Other values of this option are provided primarily for developers;
+choosing KPOP protocol automatically selects Kerberos
+preauthentication, and all other alternatives use password
authentication (though APOP uses a generated one-time key as the
password and IMAP-K4 uses RFC1731 Kerberos v4 authentication). This
option does not work with ETRN.
@@ -578,7 +581,9 @@ configuration report to standard output. The configuration report is
a data structure assignment in the language Python. This option
is meant to be used with an interactive
.I ~/.fetchmailrc
-editor written in Python.
+editor like
+.IR fetchmailconf ,
+written in Python.
.SH USER AUTHENTICATION AND ENCRYPTION
Every mode except ETRN requires authentication of the client.
@@ -684,6 +689,9 @@ the \fI.fetchmailrc\fR option \fBuser\fR.
If your IMAP daemon returns the PREAUTH response in its greeting line,
fetchmail will notice this and skip the normal authentication step.
This could be useful, e.g. if you start imapd explicitly using ssh.
+In this case you can declare the preauthentication value `ssh' on that
+site entry to stop \fI.fetchmail\fR from asking you for a password
+when it starts up.
.PP
If you are using POP3, and the server issues a one-time-password
challenge conforming to RFC1938, \fIfetchmail\fR will use your
@@ -1970,7 +1978,7 @@ POP2:
RFC 937
.TP 5
POP3:
-RFC 1081, RFC 1225, RFC 1460, RFC 1725, RFC 1939, RFC 2449
+RFC 1081, RFC 1225, RFC 1460, RFC 1725, RFC 1939, RFC 1957, RFC2195, RFC 2449
.TP 5
APOP:
RFC 1460, RFC 1725, RFC 1939
diff --git a/fetchmailconf b/fetchmailconf
index 000dcfa0..199f78b6 100755
--- a/fetchmailconf
+++ b/fetchmailconf
@@ -4,7 +4,7 @@
# by Eric S. Raymond, <esr@snark.thyrsus.com>.
# Requires Python with Tkinter, and the following OS-dependent services:
# posix, posixpath, socket
-version = "1.19"
+version = "1.20"
from Tkinter import *
from Dialog import *
@@ -352,7 +352,7 @@ defaultports = {"auto":0,
"IMAP-K4":143,
"ETRN":25}
-preauthlist = ("password", "kerberos")
+preauthlist = ("password", "kerberos", "ssh")
listboxhelp = {
'title' : 'List Selection Help',
@@ -407,10 +407,18 @@ def helpwin(helpdict):
helpwin.title(helpdict['title'])
helpwin.iconname(helpdict['title'])
Label(helpwin, text=helpdict['banner']).pack()
- textwin = Message(helpwin, text=helpdict['text'], width=600)
- textwin.pack()
+ textframe = Frame(helpwin)
+ scroll = Scrollbar(textframe)
+ helpwin.textwidget = Text(textframe, setgrid=TRUE)
+ textframe.pack(side=TOP, expand=YES, fill=BOTH)
+ helpwin.textwidget.config(yscrollcommand=scroll.set)
+ helpwin.textwidget.pack(side=LEFT, expand=YES, fill=BOTH)
+ scroll.config(command=helpwin.textwidget.yview)
+ scroll.pack(side=RIGHT, fill=BOTH)
+ helpwin.textwidget.insert(END, helpdict['text']);
Button(helpwin, text='Done',
command=lambda x=helpwin: Widget.destroy(x), bd=2).pack()
+ textframe.pack(side=TOP)
def make_icon_window(base, image):
try:
@@ -867,7 +875,7 @@ The `interface' and `monitor' options are available
only for Linux and freeBSD systems. See the fetchmail
manual page for details on these.
-The ssl option enables SSL communication with a maolserver
+The ssl option enables SSL communication with a mailserver
supporting Secure Sockets Layer. The sslkey and sslcert options
declare key and certificate files for use with SSL.
@@ -1531,7 +1539,7 @@ return to the main panel.
self.master.destroy()
self.onexit()
-# Run a command an a scrolling text widget, displaying its output
+# Run a command in a scrolling text widget, displaying its output
class RunWindow(Frame):
def __init__(self, command, master, parent):
diff --git a/imap.c b/imap.c
index eb57bf4a..3e39b6fb 100644
--- a/imap.c
+++ b/imap.c
@@ -894,7 +894,11 @@ int imap_getauth(int sock, struct query *ctl, char *greeting)
else
expunge_period = 1;
- if (preauth)
+ /*
+ * If either (a) we saw a PREAUTH token in the capability response, or
+ * (b) the user specified ssh preauthentication, then we're done.
+ */
+ if (preauth || ctl->server.preauthenticate == A_SSH)
return(PS_SUCCESS);
#if OPIE_ENABLE
diff --git a/options.c b/options.c
index f4210f62..5f77bb5c 100644
--- a/options.c
+++ b/options.c
@@ -391,6 +391,8 @@ struct query *ctl; /* option record to be initialized */
ctl->server.preauthenticate = A_KERBEROS_V5;
else if (strcmp(optarg, "kerberos_v4") == 0)
ctl->server.preauthenticate = A_KERBEROS_V4;
+ else if (strcmp(optarg, "ssh") == 0)
+ ctl->server.preauthenticate = A_SSH;
else {
fprintf(stderr,_("Invalid preauthentication `%s' specified.\n"), optarg);
errflag++;
@@ -612,7 +614,7 @@ struct query *ctl; /* option record to be initialized */
P(_(" -p, --protocol specify retrieval protocol (see man page)\n"));
P(_(" -U, --uidl force the use of UIDLs (pop3 only)\n"));
P(_(" -P, --port TCP/IP service port to connect to\n"));
- P(_(" --preauth preauthentication type (password or kerberos)\n"));
+ P(_(" --preauth preauthentication type (password/kerberos/ssh)\n"));
P(_(" -t, --timeout server nonresponse timeout\n"));
P(_(" -E, --envelope envelope address header\n"));
P(_(" -Q, --qvirtual prefix to remove from local user id\n"));
diff --git a/pop3.c b/pop3.c
index 9974973a..9eae1441 100644
--- a/pop3.c
+++ b/pop3.c
@@ -93,7 +93,9 @@ int pop3_ok (int sock, char *argbuf)
else if (strstr(bufp,"lock")
|| strstr(bufp,"Lock")
|| strstr(bufp,"LOCK")
- || strstr(bufp,"wait"))
+ || strstr(bufp,"wait")
+ /* these are blessed by RFC 2449 */
+ || strstr(bufp,"[IN-USE]")||strstr(bufp,"[LOGIN-DELAY]"))
ok = PS_LOCKBUSY;
else
ok = PS_AUTHFAIL;
@@ -130,6 +132,15 @@ int pop3_getauth(int sock, struct query *ctl, char *greeting)
ctl->server.sdps = TRUE;
#endif /* SDPS_ENABLE */
+ /*
+ * In theory, we ought to probe with CAPA here (RFC 2449).
+ * But AFAIK this commpand is not widely implemented, and
+ * we have our own tests for optional commands, and it seems
+ * vanishingly unlikely that the RFC 2449 extended responses
+ * [IN-USE] and [LOGIN-DELAY] will ever be accidentally spoofed.
+ * So we'll not bother, and save ourselves the overhead.
+ */
+
switch (ctl->server.protocol) {
case P_POP3:
#ifdef RPA_ENABLE
diff --git a/rcfile_l.l b/rcfile_l.l
index d37f0a7a..91b82d88 100644
--- a/rcfile_l.l
+++ b/rcfile_l.l
@@ -84,6 +84,7 @@ preauth(enticate)? { SETSTATE(PREAUTH); return PREAUTHENTICATE; }
kerberos(_v)?4 { SETSTATE(0); return KERBEROS4; }
kerberos(_v)?5 { SETSTATE(0); return KERBEROS5; }
kerberos { SETSTATE(0); return KERBEROS; }
+ssh { SETSTATE(0); return SSH; }
<PREAUTH>password { SETSTATE(0); return PASSWORD; }
timeout { return TIMEOUT;}
envelope { return ENVELOPE; }
@@ -104,7 +105,7 @@ netsec { return NETSEC; }
interface { return INTERFACE; }
monitor { return MONITOR; }
plugin { return PLUGIN; }
-plugout { return PLUGIN; }
+plugout { return PLUGOUT; }
batchlimit { return BATCHLIMIT; }
fetchlimit { return FETCHLIMIT; }
expunge { return EXPUNGE; }
diff --git a/rcfile_y.y b/rcfile_y.y
index 554aaaa0..cda010c2 100644
--- a/rcfile_y.y
+++ b/rcfile_y.y
@@ -58,7 +58,7 @@ extern char * yytext;
}
%token DEFAULTS POLL SKIP VIA AKA LOCALDOMAINS PROTOCOL
-%token PREAUTHENTICATE TIMEOUT KPOP SDPS KERBEROS4 KERBEROS5 KERBEROS
+%token PREAUTHENTICATE TIMEOUT KPOP SDPS KERBEROS4 KERBEROS5 KERBEROS SSH
%token ENVELOPE QVIRTUAL USERNAME PASSWORD FOLDER SMTPHOST MDA BSMTP LMTP
%token SMTPADDRESS SPAMRESPONSE PRECONNECT POSTCONNECT LIMIT WARNINGS
%token NETSEC INTERFACE MONITOR PLUGIN PLUGOUT
@@ -177,6 +177,7 @@ serv_option : AKA alias_list
current.server.preauthenticate = A_KERBEROS_V4;
#endif /* KERBEROS_V5 */
}
+ | PREAUTHENTICATE SSH {current.server.preauthenticate = A_SSH;}
| TIMEOUT NUMBER {current.server.timeout = $2;}
| ENVELOPE NUMBER STRING
diff --git a/socket.c b/socket.c
index f8e40c34..9008a66d 100644
--- a/socket.c
+++ b/socket.c
@@ -680,7 +680,7 @@ int SockClose(int sock)
* side is acknowledged at the TCP level.
*/
if (recv(sock, &ch, 1, MSG_PEEK) > 0)
- while (recv(sock, &ch, 1, MSG_NOSIGNAL) > 0)
+ while (read(sock, &ch, 1) > 0)
continue;
/* if there's an error closing at this point, not much we can do */