From 4e24c6f45182b502b54a8f8fbbf1f86b05542764 Mon Sep 17 00:00:00 2001 From: "Eric S. Raymond" Date: Wed, 18 Feb 1998 23:38:00 +0000 Subject: This went to Craig Metz. svn path=/trunk/; revision=1652 --- NEWS | 2 ++ driver.c | 4 +++- fetchmail.c | 2 ++ fetchmail.h | 8 ++----- fetchmail.man | 9 +++++++- options.c | 74 ++++++++++++++++++++++++++++++++--------------------------- rcfile_l.l | 1 + rcfile_y.y | 16 +++++++++++-- socket.c | 19 +++++++-------- socket.h | 2 +- 10 files changed, 83 insertions(+), 54 deletions(-) diff --git a/NEWS b/NEWS index 83f3c003..040f6b8d 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,8 @@ ------------------------------------------------------------------------------ fetchmail-4.4.0 (): * Documentation cleanup. +* -S is back to setting smtphost all the time; net-security option is now -T. +* net-security option is now per-server, with a `netsec' keyword. There are 272 people on fetchmail-friends and 136 on fetchmail-announce. diff --git a/driver.c b/driver.c index 7afe9d3d..1be1dc0e 100644 --- a/driver.c +++ b/driver.c @@ -1665,7 +1665,9 @@ const struct method *proto; /* protocol method table */ #endif /* !INET6 */ realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname; #if INET6 - if ((sock = SockOpen(realhost, ctl->server.service ? ctl->server.service : protocol->service)) == -1) + if ((sock = SockOpen(realhost, + ctl->server.service ? ctl->server.service : protocol->service, + ctl->server.netsec)) == -1) #else /* INET6 */ if ((sock = SockOpen(realhost, port)) == -1) #endif /* INET6 */ diff --git a/fetchmail.c b/fetchmail.c index 25bb42dc..a14390da 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -951,6 +951,8 @@ void dump_params (struct query *ctl) #if INET6 if (ctl->server.service) printf(" (using service %s)", ctl->server.service); + if (ctl->server.netsec) + printf(" (using IPsec options %s)", ctl->server.netsec); #else /* INET6 */ if (ctl->server.port) printf(" (using port %d)", ctl->server.port); diff --git a/fetchmail.h b/fetchmail.h index 3347889f..f3c3fbc9 100644 --- a/fetchmail.h +++ b/fetchmail.h @@ -98,7 +98,8 @@ struct hostdata /* shared among all user connections to given server */ struct idlist *localdomains; /* list of pass-through domains */ int protocol; /* protocol type */ #if INET6 - char *service; + char *service; /* IPv6 service name */ + void *netsec; /* IPv6 security request */ #else /* INET6 */ int port; /* TCP/IP service port number */ #endif /* INET6 */ @@ -262,11 +263,6 @@ extern char *home; /* home directory of invoking user */ extern char *fetchmailhost; /* the name of the host running fetchmail */ extern int pass; /* number of re-polling pass */ -#if NETSEC -extern void *request; -extern int requestlen; -#endif /* NETSEC */ - /* prototypes for globally callable functions */ /* error.c: Error reporting */ diff --git a/fetchmail.man b/fetchmail.man index 4ed52447..00580479 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -405,7 +405,7 @@ identify the original envelope recipient, but you have to strip the `mbox-userstr-' prefix to deliver to the correct user. This is what this option is for. -.SH USER AUTHENTICATION +.SH USER AUTHENTICATION AND ENCRYPTION Every mode except ETRN requires authentication of the client. Normal user authentication in .I fetchmail @@ -513,6 +513,13 @@ you are using POP3, and the RPA code has been compiled into your binary, and you query a server in the Compuserve csi.com domain, \fIfetchmail\fR will try to perform an RPA pass-phrase authentication instead of sending over the password en clair. +.PP +If you are using IPsec, the -T (--netsec) option can be used to pass +an IP security request to be used when outgoing IP connections are +initialized. You can also do this using the `netsec' server option +in the .fetchmailrc file. In either case, the option value is a +string in the format accepted by the net_security_strtorequest() +function of the inet6_apps library. .SH DAEMON MODE The diff --git a/options.c b/options.c index be5089d9..b4277867 100644 --- a/options.c +++ b/options.c @@ -35,26 +35,27 @@ #define LA_AUTHENTICATE 17 #define LA_TIMEOUT 18 #define LA_ENVELOPE 19 -#define LA_USERNAME 20 -#define LA_ALL 21 -#define LA_NOKEEP 22 -#define LA_KEEP 23 -#define LA_FLUSH 24 -#define LA_NOREWRITE 25 -#define LA_LIMIT 26 -#define LA_FOLDER 27 -#define LA_SMTPHOST 28 -#define LA_SMTPADDR 29 -#define LA_BATCHLIMIT 30 -#define LA_FETCHLIMIT 31 -#define LA_EXPUNGE 32 -#define LA_MDA 33 -#define LA_INTERFACE 34 -#define LA_MONITOR 35 -#define LA_YYDEBUG 36 -#define LA_QVIRTUAL 37 - -/* options still left: CgGhHjJoORTUwWxXYzZ */ +#define LA_QVIRTUAL 20 +#define LA_USERNAME 21 +#define LA_ALL 22 +#define LA_NOKEEP 23 +#define LA_KEEP 24 +#define LA_FLUSH 25 +#define LA_NOREWRITE 26 +#define LA_LIMIT 27 +#define LA_FOLDER 28 +#define LA_SMTPHOST 29 +#define LA_SMTPADDR 30 +#define LA_BATCHLIMIT 31 +#define LA_FETCHLIMIT 32 +#define LA_EXPUNGE 33 +#define LA_MDA 34 +#define LA_NETSEC 35 +#define LA_INTERFACE 36 +#define LA_MONITOR 37 +#define LA_YYDEBUG 38 + +/* options still left: CgGhHjJoORUwWxXYzZ */ static const char *shortoptions = "?Vcsvd:NqL:f:i:p:UP:A:t:E:Q:u:akKFnl:r:S:b:B:e:m:I:M:y"; @@ -87,7 +88,7 @@ static const struct option longoptions[] = { {"username", required_argument, (int *) 0, LA_USERNAME }, {"all", no_argument, (int *) 0, LA_ALL }, - {"nokeep", no_argument, (int *) 0, LA_NOKEEP }, + {"nokeep", no_argument, (int *) 0, LA_NOKEEP }, {"keep", no_argument, (int *) 0, LA_KEEP }, {"flush", no_argument, (int *) 0, LA_FLUSH }, {"norewrite", no_argument, (int *) 0, LA_NOREWRITE }, @@ -95,13 +96,17 @@ static const struct option longoptions[] = { {"folder", required_argument, (int *) 0, LA_FOLDER }, {"smtphost", required_argument, (int *) 0, LA_SMTPHOST }, - {"smtpaddress", required_argument, (int *) 0, LA_SMTPADDR }, + {"smtpaddress", required_argument, (int *) 0, LA_SMTPADDR }, {"batchlimit",required_argument, (int *) 0, LA_BATCHLIMIT }, {"fetchlimit",required_argument, (int *) 0, LA_FETCHLIMIT }, {"expunge", required_argument, (int *) 0, LA_EXPUNGE }, {"mda", required_argument, (int *) 0, LA_MDA }, +#ifdef INET6 + {"netsec", required_argument, (int *) 0, LA_NETSEC }, +#endif /* INET6 */ + #if defined(linux) && !INET6 {"interface", required_argument, (int *) 0, LA_INTERFACE }, {"monitor", required_argument, (int *) 0, LA_MONITOR }, @@ -300,13 +305,6 @@ struct query *ctl; /* option record to be initialized */ ((cp = strtok((char *)NULL, ","))); break; case 'S': -#if NETSEC - if (net_security_strtorequest(optarg, request, &requestlen)) { - fprintf(stderr, "fetchmail: net_security_strtorequest(%s, ...) failed!\n", optarg); - errflag++; - }; - break; -#endif /* NETSEC */ case LA_SMTPHOST: strcpy(buf, optarg); cp = strtok(buf, ","); @@ -316,7 +314,7 @@ struct query *ctl; /* option record to be initialized */ ((cp = strtok((char *)NULL, ","))); ocount++; break; - case 'D': + case 'D': case LA_SMTPADDR: ctl->smtpaddress = xstrdup(optarg); break; @@ -341,6 +339,16 @@ struct query *ctl; /* option record to be initialized */ ocount++; break; + case 'T': + case LA_NETSEC: +#if NETSEC + ctl->server.ipsec = (void *)optarg; +#else + fprintf(stderr, "fetchmail: IPv6 support is disabled\n"); + errflag++; +#endif /* NETSEC */ + break; + #if defined(linux) && !INET6 case 'I': case LA_INTERFACE: @@ -412,11 +420,9 @@ struct query *ctl; /* option record to be initialized */ fputs(" -l, --limit don't fetch messages over given size\n", stderr); #if NETSEC - fputs(" -S set security request\n", stderr); - fputs(" --smtphost set SMTP forwarding host\n", stderr); -#else /* NETSEC */ - fputs(" -S, --smtphost set SMTP forwarding host\n", stderr); + fputs(" -T, --netsec set IP security request\n", stderr); #endif /* NETSEC */ + fputs(" -S, --smtphost set SMTP forwarding host\n", stderr); fputs(" -D, --smtpaddress set SMTP delivery domain to use\n", stderr); fputs(" -b, --batchlimit set batch limit for SMTP connections\n", stderr); fputs(" -B, --fetchlimit set fetch limit for server connections\n", stderr); diff --git a/rcfile_l.l b/rcfile_l.l index 1c88b919..465094ba 100644 --- a/rcfile_l.l +++ b/rcfile_l.l @@ -53,6 +53,7 @@ smtpaddress { return SMTPADDRESS; } mda { return MDA; } pre(connect)? { return PRECONNECT; } post(connect)? { return POSTCONNECT; } +netsec { return NETSEC; } interface { return INTERFACE; } monitor { return MONITOR; } batchlimit { return BATCHLIMIT; } diff --git a/rcfile_y.y b/rcfile_y.y index dd8b7654..c59d1798 100644 --- a/rcfile_y.y +++ b/rcfile_y.y @@ -63,7 +63,7 @@ extern char * yytext; %token PRECONNECT POSTCONNECT LIMIT %token IS HERE THERE TO MAP WILDCARD %token BATCHLIMIT FETCHLIMIT EXPUNGE -%token SET LOGFILE DAEMON SYSLOG INVISIBLE INTERFACE MONITOR +%token SET LOGFILE DAEMON SYSLOG INVISIBLE NETSEC INTERFACE MONITOR %token PROTO %token STRING %token NUMBER @@ -162,7 +162,15 @@ serv_option : AKA alias_list current.server.envskip = 0; } - | QVIRTUAL STRING {current.server.qvirtual = xstrdup($2);} + | QVIRTUAL STRING {current.server.qvirtual=xstrdup($2);} + | NETSEC STRING { +#ifdef INET6 + current.server.netsec = + xstrdup($2); +#else + yyerror("IPV6 support disabled") +#endif /* INET6 */ + } | INTERFACE STRING { #if defined(linux) && !defined(INET6) interface_parse($2, ¤t.server); @@ -427,6 +435,7 @@ static void record_current(void) FLAG_FORCE(server.protocol); #if INET6 FLAG_FORCE(server.service); + FLAG_FORCE(server.netsec); #else /* INET6 */ FLAG_FORCE(server.port); #endif /* INET6 */ @@ -490,6 +499,7 @@ void optmerge(struct query *h2, struct query *h1) FLAG_MERGE(server.protocol); #if INET6 FLAG_MERGE(server.service); + FLAG_MERGE(server.netsec); #else /* INET6 */ FLAG_MERGE(server.port); #endif /* INET6 */ @@ -534,3 +544,5 @@ void optmerge(struct query *h2, struct query *h1) int yywrap(void) {return 1;} /* rcfile_y.y ends here */ + + diff --git a/socket.c b/socket.c index abfb8e66..b06fd6e2 100644 --- a/socket.c +++ b/socket.c @@ -29,23 +29,21 @@ #include "socket.h" #if NETSEC -#if MAIN -void *request = NULL; -int requestlen = 0; -#else /* MAIN */ -extern void *request; -extern int requestlen; -#endif /* MAIN */ +#include #endif /* NETSEC */ #if INET6 -int SockOpen(const char *host, const char *service) +int SockOpen(const char *host, const char *service, const char *options) { int i; struct addrinfo *ai, req; memset(&req, 0, sizeof(struct addrinfo)); req.ai_socktype = SOCK_STREAM; +#if NETSEC + net_security_operation request[32]; + int requestlen = 32; +#endif /* NETSEC */ if (i = getaddrinfo(host, service, &req, &ai)) { fprintf(stderr, "fetchmail: getaddrinfo(%s.%s): %s(%d)\n", host, service, gai_strerror(i), i); @@ -53,7 +51,10 @@ int SockOpen(const char *host, const char *service) }; #if NETSEC - i = inner_connect(ai, request, requestlen, NULL, NULL, "fetchmail", NULL); + if (net_security_strtorequest(options, request, &requestlen)) + i = -1; + else + i = inner_connect(ai, request, requestlen, NULL,NULL, "fetchmail", NULL); #else /* NETSEC */ i = inner_connect(ai, NULL, 0, NULL, NULL, "fetchmail", NULL); #endif /* NETSEC */ diff --git a/socket.h b/socket.h index 83e1b366..b7d72a55 100644 --- a/socket.h +++ b/socket.h @@ -9,7 +9,7 @@ /* Create a new client socket; returns (FILE *)NULL on error */ #if INET6 -int SockOpen(const char *host, const char *service); +int SockOpen(const char *host, const char *service, const char *options); #else /* INET6 */ int SockOpen(const char *host, int clientPort); #endif /* INET6 */ -- cgit v1.2.3