From 12543c76ce635e1efa5a6585f47ebd85b5c7db90 Mon Sep 17 00:00:00 2001 From: "Eric S. Raymond" Date: Tue, 30 Sep 1997 21:26:42 +0000 Subject: Integrated RPA support. svn path=/trunk/; revision=1444 --- Makefile.in | 9 ++++--- NEWS | 1 + README | 5 ++-- acconfig.h | 3 +++ configure.in | 9 ++++++- fetchmail-features.html | 7 +++-- fetchmail.h | 1 + fetchmail.man | 8 +++++- pop3.c | 68 +++++++++++++++++++++++++++++++++++++------------ rpa.c | 8 ++++-- 10 files changed, 91 insertions(+), 28 deletions(-) diff --git a/Makefile.in b/Makefile.in index 0c247ba8..faae099b 100644 --- a/Makefile.in +++ b/Makefile.in @@ -81,8 +81,8 @@ CTAGS = ctags protobjs = rcfile_y.o rcfile_l.o socket.o getpass.o pop2.o pop3.o imap.o \ etrn.o fetchmail.o env.o options.o daemon.o driver.o rfc822.o smtp.o \ - xmalloc.o uid.o mxget.o md5c.o md5ify.o interface.o netrc.o base64.o \ - error.o + xmalloc.o uid.o mxget.o md5c.o md5ify.o rpa.o interface.o netrc.o \ + base64.o error.o objs = $(protobjs) $(extras) $(EXTRAOBJ) @@ -92,8 +92,9 @@ srcs = $(srcdir)/socket.c $(srcdir)/getpass.c $(srcdir)/pop2.c \ $(srcdir)/options.c $(srcdir)/daemon.c \ $(srcdir)/driver.c $(srcdir)/rfc822.c $(srcdir)/smtp.c \ $(srcdir)/xmalloc.c $(srcdir)/uid.c $(srcdir)/mxget.c \ - $(srcdir)/md5c.c $(srcdir)/md5ify.c $(srcdir)/interface.c \ - $(srcdir)/netrc.c $(srcdir)/base64.c $(srcdir)/error.c + $(srcdir)/md5c.c $(srcdir)/md5ify.c $(srcdir)/rpa.c \ + $(srcdir)/interface.c $(srcdir)/netrc.c $(srcdir)/base64.c \ + $(srcdir)/error.c .SUFFIXES: .SUFFIXES: .o .c .h .y .l .ps .dvi .info .texi diff --git a/NEWS b/NEWS index 2e50c0db..de6e58a3 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,7 @@ fetchmail-4.2.9 () * Fetchmail's synthetic Received line is now inserted just before the first existing Received line and *after* any From headers shipped up by the server. This fixes odd problems with some sensitive sendmails. +* Compuserve RPA authentication support. There are 285 people on the fetchmail-friends list. diff --git a/README b/README index 9d7e697d..e89f117b 100644 --- a/README +++ b/README @@ -9,8 +9,9 @@ normal mail user agents such as elm(1) or Mail(1). fetchmail supports standard all mail-retrieval protocols in use on the Internet: POP2, POP3 (including POP3 with RFC1938 one-time passwords), -RPOP, APOP, KPOP, all flavors of IMAP (including IMAP4rev1 with -RFC1731 Kerberos v4 authentication), and ESMTP ETRN. +RPOP, APOP, KPOP, Compuserve's POP3 with RPA, all flavors of IMAP +(including IMAP4rev1 with RFC1731 Kerberos v4 authentication), and +ESMTP ETRN. The fetchmail code was developed under Linux, but has also been extensively tested under 4.4BSD, AIX, HP-UX versions 9 and 10, diff --git a/acconfig.h b/acconfig.h index e7f225a6..e31bd2fb 100644 --- a/acconfig.h +++ b/acconfig.h @@ -55,6 +55,9 @@ /* Define if you want POP2 support compiled in */ #undef POP2_ENABLE +/* Define if you want RPA support compiled in */ +#undef RPA_ENABLE + /* Define if you want OPIE support compiled in */ #undef OPIE_ENABLE diff --git a/configure.in b/configure.in index 9dad13fb..735e7953 100644 --- a/configure.in +++ b/configure.in @@ -147,13 +147,20 @@ AC_CHECK_SIZEOF(short) AC_CHECK_SIZEOF(int) AC_CHECK_SIZEOF(long) -### use option --enable-POP2 to compile in the POP2 fallback support +### use option --enable-POP2 to compile in the POP2 support AC_ARG_ENABLE(POP2, [ --enable-POP2 compile in POP2 protocol support (obsolete)], [with_POP2=$enableval], [with_POP2=no]) test "$with_POP2" = "yes" && AC_DEFINE(POP2_ENABLE) +### use option --enable-RPA to compile in the RPA support +AC_ARG_ENABLE(RPA, + [ --enable-RPA compile in RPA protocol support], + [with_RPA=$enableval], + [with_RPA=no]) +test "$with_RPA" = "yes" && AC_DEFINE(RPA_ENABLE) + ### use option --enable-opie to compile in the OPIE support AC_ARG_ENABLE(opie, [ --enable-opie support OTP through the OPIE library], diff --git a/fetchmail-features.html b/fetchmail-features.html index 9978889f..dcff9d2f 100644 --- a/fetchmail-features.html +++ b/fetchmail-features.html @@ -10,7 +10,7 @@
Back to Fetchmail Home Page To Site Map -$Date: 1997/09/25 06:42:28 $ +$Date: 1997/09/30 21:26:41 $
@@ -26,6 +26,9 @@ are listed first.

  • Support for responding with a one-time password when a POP3 server issues an RFC1938-conforming OTP challenge. + +
  • Support for Compuserve's RPA authentication protocol for POP3 + (not compiled in by default, but configurable).

    Since 3.0:

    @@ -129,7 +132,7 @@ get-mail, gwpop, pimp-1.0, pop-perl5-1.2, popc, popmail-1.6 and upop.

    Back to Fetchmail Home Page To Site Map -$Date: 1997/09/25 06:42:28 $ +$Date: 1997/09/30 21:26:41 $

    Eric S. Raymond <esr@snark.thyrsus.com>
    diff --git a/fetchmail.h b/fetchmail.h index 17dbeb22..56b3c4c6 100644 --- a/fetchmail.h +++ b/fetchmail.h @@ -294,6 +294,7 @@ struct query *hostalloc(struct query *); int parsecmdline (int, char **, struct query *); void optmerge(struct query *, struct query *); char *MD5Digest (unsigned char *); +int POP3_auth_rpa(unsigned char *, unsigned char *, int socket); int daemonize(const char *, void (*)(int)); char *getpassword(char *); void escapes(const char *, char *); diff --git a/fetchmail.man b/fetchmail.man index 5b794fb5..53d50d63 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -451,6 +451,12 @@ If you are using POP3, and the server issues a one-time-password challenge conforming to RFC1938, \fIfetchmail\fR will use your password as a pass phrase to generate the required response. This avoids sending secrets over the net unencrypted. +.PP +Compuserve's RPA authentication (similar to APOP) is supported. If +you are using POP3, and the RPA code has been compiled into your +binary, and you query a server in the Compuserve csi.com domain, +\fIfetchmail\fR will try to perform an RPA pass-phrase authentication +instead of sending over the password en clair. .SH DAEMON MODE The @@ -1371,7 +1377,7 @@ The RFC822 parser used in multidrop mode chokes on some @-addresses that are technically legal but bizarre. Strange uses of quoting and embedded comments are likely to confuse it. .PP -Use of any of the supported protocols other than POP3 with OTP, APOP, +Use of any of the supported protocols other than POP3 with OTP or RPA, APOP, KPOP, IMAP-K4, or ETRN requires that the program send unencrypted passwords over the TCP/IP connection to the mailserver. This creates a risk that name/password pairs might be snaffled with a packet diff --git a/pop3.c b/pop3.c index 0fa1abdc..59d7f9e1 100644 --- a/pop3.c +++ b/pop3.c @@ -23,8 +23,6 @@ #include #endif /* HAVE_LIBOPIE */ -#define PROTOCOL_ERROR {error(0, 0, "protocol error"); return(PS_ERROR);} - extern char *strstr(); /* needed on sysV68 R3V7.1. */ static int last; @@ -102,24 +100,59 @@ int pop3_getauth(int sock, struct query *ctl, char *greeting) switch (ctl->server.protocol) { case P_POP3: - if ((gen_transact(sock, "USER %s", ctl->remotename)) != 0) - PROTOCOL_ERROR + if ((ok = gen_transact(sock, "USER %s", ctl->remotename)) != 0) + break; #if defined(HAVE_LIBOPIE) && defined(OPIE_ENABLE) /* see RFC1938: A One-Time Password System */ - if (challenge = strstr(lastok, "otp-")) + if (challenge = strstr(greeting, "otp-")) { char response[OPIE_RESPONSE_MAX+1]; if (opiegenerator(challenge, ctl->password, response)) - PROTOCOL_ERROR + { + ok = PS_ERROR; + break; + } ok = gen_transact(sock, "PASS %s", response); + break; } - else #endif /* defined(HAVE_LIBOPIE) && defined(OPIE_ENABLE) */ - /* ordinary validation, no one-time password */ - ok = gen_transact(sock, "PASS %s", ctl->password); + +#ifdef ENABLE_RPA + /* if we're talking to CompuServe, try RPA */ + if (strstr(greeting, "csi.com")) + { + /* AUTH command should return a list of available mechanisms */ + if (gen_transact(sock, "AUTH") == 0) + { + char buffer[10]; + flag authenticated = FALSE; + + while ((ok = gen_recv(sock, buffer, sizeof(buffer))) == 0) + { + if (buffer[0] == '.') + break; + if (strncasecmp(buffer, "rpa", 3) == 0) + { + if (POP3_auth_rpa(ctl->remotename, + ctl->password, sock) == PS_SUCCEED) + { + authenticated = TRUE; + break; + } + } + } + + if (authenticated) + break; + } + } +#endif /* ENABLE_RPA */ + + /* ordinary validation, no one-time password or RPA */ + ok = gen_transact(sock, "PASS %s", ctl->password); break; case P_APOP: @@ -154,10 +187,8 @@ int pop3_getauth(int sock, struct query *ctl, char *greeting) break; case P_RPOP: - if ((gen_transact(sock,"USER %s", ctl->remotename)) != 0) - PROTOCOL_ERROR - - ok = gen_transact(sock, "RPOP %s", ctl->password); + if ((ok = gen_transact(sock,"USER %s", ctl->remotename)) == 0) + ok = gen_transact(sock, "RPOP %s", ctl->password); break; default: @@ -173,7 +204,6 @@ int pop3_getauth(int sock, struct query *ctl, char *greeting) error(0, 0, "lock busy! Is another session active?"); return(PS_LOCKBUSY); } - PROTOCOL_ERROR } /* @@ -342,7 +372,10 @@ static int pop3_getrange(int sock, if (ok == 0) { if (sscanf(buf, "%d", &last) == 0) - PROTOCOL_ERROR + { + error(0, 0, "protocol error"); + return(PS_ERROR); + } *newp = (*countp - last); } else @@ -352,7 +385,10 @@ static int pop3_getrange(int sock, { /* don't worry, yet! do it the slow way */ if((ok = pop3_slowuidl( sock, ctl, countp, newp))!=0) - PROTOCOL_ERROR + { + error(0, 0, "protocol error while fetching UIDLs"); + return(PS_ERROR); + } } else { diff --git a/rpa.c b/rpa.c index e417ad58..99e37f53 100644 --- a/rpa.c +++ b/rpa.c @@ -8,6 +8,9 @@ description: RPA authorisation code for POP3 client ***********************************************************************/ +#include "config.h" + +#ifdef RPA_ENABLE #include #include #include @@ -16,8 +19,6 @@ #include "fetchmail.h" #include "md5.h" - - #ifdef TESTMODE extern unsigned char line1[]; extern unsigned char line2[]; @@ -880,3 +881,6 @@ unsigned char* out; fprintf(stderr,"\n"); } } +#endif /* RPA_ENABLE */ + +/* rpa.c ends here */ -- cgit v1.2.3