aboutsummaryrefslogtreecommitdiffstats
path: root/fetchmail-FAQ.html
Commit message (Expand)AuthorAgeFilesLines
...
* Nailed.Eric S. Raymond1998-10-291-3/+5
* Expand some jargon.Eric S. Raymond1998-10-281-6/+6
* *** empty log message ***Eric S. Raymond1998-10-281-4/+4
* FAQ cleanups.Eric S. Raymond1998-10-201-11/+9
* More verbosity fixes.Eric S. Raymond1998-10-171-12/+14
* Introduced O_DEBUG.Eric S. Raymond1998-10-171-5/+6
* Add a FAQ item.Eric S. Raymond1998-10-161-2/+41
* Updates.Eric S. Raymond1998-10-121-14/+47
* Added URL.Eric S. Raymond1998-09-181-7/+7
* Grammatical correction.Eric S. Raymond1998-08-251-3/+3
* Compatibility note.Eric S. Raymond1998-08-251-2/+10
* SDPS fixes.Eric S. Raymond1998-08-241-6/+8
* Added Geocities FAQ item.Eric S. Raymond1998-08-171-26/+50
* Added experimental SDPS support.Eric S. Raymond1998-08-031-40/+51
* Updated FAQ.Eric S. Raymond1998-07-311-57/+32
* *** empty log message ***Eric S. Raymond1998-07-251-6/+9
* Improved entry on GSSAPI.Eric S. Raymond1998-07-251-102/+136
* Better IMAP link.Eric S. Raymond1998-07-201-5/+6
* Harsh on MS a bit.Eric S. Raymond1998-07-201-4/+5
* Plug Open Source.Eric S. Raymond1998-07-201-3/+7
* Cosmetic fix.Eric S. Raymond1998-07-201-3/+3
* GSSAPI support is rockin'!Eric S. Raymond1998-07-201-5/+8
* Change skip to poll.Eric S. Raymond1998-07-151-4/+4
* Typo fix.Eric S. Raymond1998-07-151-3/+3
* Cleanup and bug fixes.Eric S. Raymond1998-07-131-3/+18
* popper-2.52Eric S. Raymond1998-07-091-4/+6
* Update.Eric S. Raymond1998-06-301-4/+4
* Anti-NT raving.Eric S. Raymond1998-06-301-10/+72
* Added POP source link.Eric S. Raymond1998-06-301-3/+8
* Warning about USA.NET.Eric S. Raymond1998-06-301-2/+6
* Enable CompuServe users to suppress RPA.Eric S. Raymond1998-06-301-3/+4
* Another update.Eric S. Raymond1998-06-051-6/+9
* Reinstate the fetchall kluge.Eric S. Raymond1998-06-051-7/+7
* Minor markup fix.Eric S. Raymond1998-06-051-3/+3
* Fix a markup error.Eric S. Raymond1998-06-051-5/+5
* usa.net problem.Eric S. Raymond1998-06-031-2/+11
* Added material on how to force Delivered-To header in sendmail.Eric S. Raymond1998-06-031-7/+24
* Added new T9.Eric S. Raymond1998-06-031-9/+18
* Remove the fetchall kluge.Eric S. Raymond1998-05-231-17/+15
* Update.Eric S. Raymond1998-05-231-25/+28
* Better fix for qpopper TOP problem.Eric S. Raymond1998-05-161-3/+8
* Changed WWW hosts.Eric S. Raymond1998-05-141-5/+5
* *** empty log message ***Eric S. Raymond1998-05-141-26/+20
* *** empty log message ***Eric S. Raymond1998-05-131-4/+4
* More G3 advice.Eric S. Raymond1998-05-081-2/+8
* Added item X5.Eric S. Raymond1998-04-191-2/+20
* *** empty log message ***Eric S. Raymond1998-04-191-5/+27
* *** empty log message ***Eric S. Raymond1998-04-181-2/+16
* Added info on where to get the socket program.Eric S. Raymond1998-04-141-3/+7
* RPA warnings.Eric S. Raymond1998-04-041-7/+13
+ 1; maj_stat = gss_import_name(&min_stat, &request_buf, GSS_C_NT_HOSTBASED_SERVICE, &target_name); if (maj_stat != GSS_S_COMPLETE) { report(stderr, GT_("Couldn't get service name for [%s]\n"), buf1); return PS_AUTHFAIL; } else if (outlevel >= O_DEBUG) { maj_stat = gss_display_name(&min_stat, target_name, &request_buf, &mech_name); report(stderr, GT_("Using service name [%s]\n"), (char *)request_buf.value); maj_stat = gss_release_buffer(&min_stat, &request_buf); } gen_send(sock, "%s GSSAPI", command); /* upon receipt of the GSSAPI authentication request, server returns * null data ready response. */ result = gen_recv(sock, buf1, sizeof buf1); if (result) return result; /* now start the security context initialisation loop... */ sec_token = GSS_C_NO_BUFFER; context = GSS_C_NO_CONTEXT; if (outlevel >= O_VERBOSE) report(stdout, GT_("Sending credentials\n")); do { send_token.length = 0; send_token.value = NULL; maj_stat = gss_init_sec_context(&min_stat, GSS_C_NO_CREDENTIAL, &context, target_name, GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG, 0, GSS_C_NO_CHANNEL_BINDINGS, sec_token, NULL, &send_token, NULL, NULL); if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) { report(stderr, GT_("Error exchanging credentials\n")); gss_release_name(&min_stat, &target_name); /* wake up server and await NO response */ SockWrite(sock, "\r\n", 2); result = gen_recv(sock, buf1, sizeof buf1); if (result) return result; return PS_AUTHFAIL; } to64frombits(buf1, send_token.value, send_token.length); gss_release_buffer(&min_stat, &send_token); suppress_tags = TRUE; gen_send(sock, buf1, strlen(buf1)); suppress_tags = FALSE; if (maj_stat == GSS_S_CONTINUE_NEEDED) { result = gen_recv(sock, buf1, sizeof buf1); if (result) { gss_release_name(&min_stat, &target_name); return result; } request_buf.length = from64tobits(buf2, buf1 + 2, sizeof(buf2)); if ((int)request_buf.length == -1) /* in case of bad data */ request_buf.length = 0; request_buf.value = buf2; sec_token = &request_buf; } } while (maj_stat == GSS_S_CONTINUE_NEEDED); gss_release_name(&min_stat, &target_name); /* get security flags and buffer size */ result = gen_recv(sock, buf1, sizeof buf1); if (result) return result; request_buf.length = from64tobits(buf2, buf1 + 2, sizeof(buf2)); if ((int)request_buf.length == -1) /* in case of bad data */ request_buf.length = 0; request_buf.value = buf2; maj_stat = gss_unwrap(&min_stat, context, &request_buf, &send_token, &cflags, &quality); if (maj_stat != GSS_S_COMPLETE) { report(stderr, GT_("Couldn't unwrap security level data\n")); gss_release_buffer(&min_stat, &send_token); return PS_AUTHFAIL; } if (outlevel >= O_DEBUG) report(stdout, GT_("Credential exchange complete\n")); /* first octet is security levels supported. We want none, for now */ server_conf_flags = ((char *)send_token.value)[0]; if ( !(((char *)send_token.value)[0] & GSSAUTH_P_NONE) ) { report(stderr, GT_("Server requires integrity and/or privacy\n")); gss_release_buffer(&min_stat, &send_token); return PS_AUTHFAIL; } ((char *)send_token.value)[0] = 0; buf_size = ntohl(*((long *)send_token.value)); /* we don't care about buffer size if we don't wrap data */ gss_release_buffer(&min_stat, &send_token); if (outlevel >= O_DEBUG) { report(stdout, GT_("Unwrapped security level flags: %s%s%s\n"), server_conf_flags & GSSAUTH_P_NONE ? "N" : "-", server_conf_flags & GSSAUTH_P_INTEGRITY ? "I" : "-", server_conf_flags & GSSAUTH_P_PRIVACY ? "C" : "-"); report(stdout, GT_("Maximum GSS token size is %ld\n"),buf_size); } /* now respond in kind (hack!!!) */ buf_size = htonl(buf_size); /* do as they do... only matters if we do enc */ memcpy(buf1, &buf_size, 4); buf1[0] = GSSAUTH_P_NONE; strlcpy(buf1+4, username, sizeof(buf1) - 4); /* server decides if princ is user */ request_buf.length = 4 + strlen(username) + 1; request_buf.value = buf1; maj_stat = gss_wrap(&min_stat, context, 0, GSS_C_QOP_DEFAULT, &request_buf, &cflags, &send_token); if (maj_stat != GSS_S_COMPLETE) { report(stderr, GT_("Error creating security level request\n")); return PS_AUTHFAIL; } to64frombits(buf1, send_token.value, send_token.length); suppress_tags = TRUE; result = gen_transact(sock, buf1, strlen(buf1)); suppress_tags = FALSE; /* flush security context */ if (outlevel >= O_DEBUG) report(stdout, GT_("Releasing GSS credentials\n")); maj_stat = gss_delete_sec_context(&min_stat, &context, &send_token); if (maj_stat != GSS_S_COMPLETE) { report(stderr, GT_("Error releasing credentials\n")); return PS_AUTHFAIL; } /* send_token may contain a notification to the server to flush * credentials. RFC 1731 doesn't specify what to do, and since this * support is only for authentication, we'll assume the server * knows enough to flush its own credentials */ gss_release_buffer(&min_stat, &send_token); if (result) return(result); else return(PS_SUCCESS); } #endif /* GSSAPI */ /* gssapi.c ends here */