From b11b996ab664a8f09b63c1352400ba227cb93253 Mon Sep 17 00:00:00 2001 From: "Eric S. Raymond" Date: Tue, 13 May 1997 06:43:41 +0000 Subject: Caseblind comparison of names, more explicitness about Kerberos. svn path=/trunk/; revision=988 --- NEWS | 18 ++++++++++-------- README | 2 +- driver.c | 6 +++--- fetchmail.c | 10 +++++----- fetchmail.h | 4 ++-- fetchmail.man | 15 ++++++++------- options.c | 6 ++++-- rcfile_l.l | 3 ++- rcfile_y.y | 53 ++++++++++++++++++++++++++++++++++++++++++----------- report.c | 11 +++++++++-- sample.rcfile | 2 +- uid.c | 14 +++++++------- 12 files changed, 94 insertions(+), 50 deletions(-) diff --git a/NEWS b/NEWS index ff1accac..fb7c28cf 100644 --- a/NEWS +++ b/NEWS @@ -14,9 +14,8 @@ every user entry in a multi-user poll declaration. technically RFC822 legal. The general problem is mentioned on the man page. * fetchmail has been reported to break when processing 0-length (bodyless) - messages retrieved via IMAP. It is not clear whether this is a fetchmail - bug or a glitch in some specific IMAP server. (Such messages are sometimes - issued by the INN suite as status notifications.) + messages retrieved via IMAP. (Such messages are sometimes issued by the + INN suite as status notifications.) * Dave Holland thinks it's a misfeature that --fetchall overrides --limit. He may have a point. Perhaps I should @@ -30,8 +29,11 @@ every user entry in a multi-user poll declaration. pl 3.9.4 (): * Fixed a compilation glitch for systems like SunOS & others without atexit(3). * Fixed a compilation glitch in daemonize for HP-UX. +* Changes to compile correctly on systems that have on_exit() but not atexit(). +* Changes to forbid duplicate server names in the rc file. +* Do caseblind comparisons of host and user names everywhere. ------------------------------------------------------------------------------- +There are 239 people on the fetchmail-friends list. pl 3.9.3 (Wed May 7 11:40:47 EDT 1997): * Fix for -I option from George Sipe. @@ -177,7 +179,7 @@ bugs -- * The counter referred to by the batchlimit option used to count not only fetched messages but skipped ones. This has been fixed. -* Compilation fixes for Kerberos support and GNU glibc2 support. +* Compilation fixes for Kerberos V4 support and GNU glibc2 support. There are 230 people on the fetchmail-friends list. @@ -540,7 +542,7 @@ features -- bugs -- -* Nalin Dahyabhai's fix patch for MIT Kerberos support. +* Nalin Dahyabhai's fix patch for MIT Kerberos V4 support. * Fixed a fencepost error in the APOP code that was causing a core dump. @@ -642,7 +644,7 @@ features -- who forced us to this with RFC1725, but thank Al Longyear for fixing and verifying my slightly buggy implementation. -* Kerberos support ditto. Thanks to Chris Hanson +* Kerberos V4 support ditto. Thanks to Chris Hanson for this feature. * When there's a daemon fetchmail in background, running fetchmail in @@ -713,7 +715,7 @@ features -- * Linux packagers: building fetchmail now generates an RPM specfile for it. -* Kerberos support via KPOP protocol (thanks to Chris Hanson). +* Kerberos V4 support via KPOP protocol (thanks to Chris Hanson). * New --check option for asking server whether there is mail without actually retrieving or deleting it. diff --git a/README b/README index 02626f47..966c71c2 100644 --- a/README +++ b/README @@ -48,7 +48,7 @@ Since 2.0: ** Support POP2, APOP, RPOP, IMAP2, IMAP2bis, IMAP3, IMAP4, IMAP4rev1. - ** Support for Kerberos user authentication (either MIT or Cygnus). + ** Support for Kerberos V4 user authentication (either MIT or Cygnus). ** Host is auto-probed for a working server if no protocol is specified for the connection. Thus you don't need to know diff --git a/driver.c b/driver.c index d92bc10b..21add42b 100644 --- a/driver.c +++ b/driver.c @@ -1168,9 +1168,9 @@ const struct method *proto; /* protocol method table */ void (*sigsave)(); #ifndef KERBEROS_V4 - if (ctl->server.authenticate == A_KERBEROS) + if (ctl->server.authenticate == A_KERBEROS_V4) { - error(0, -1, "Kerberos support not linked."); + error(0, -1, "Kerberos V4 support not linked."); return(PS_ERROR); } #endif /* KERBEROS_V4 */ @@ -1245,7 +1245,7 @@ const struct method *proto; /* protocol method table */ } #ifdef KERBEROS_V4 - if (ctl->server.authenticate == A_KERBEROS) + if (ctl->server.authenticate == A_KERBEROS_V4) { ok = kerberos_auth(fileno(sockfp), ctl->server.canonical_name); if (ok != 0) diff --git a/fetchmail.c b/fetchmail.c index 152b7f28..c311bad0 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -300,7 +300,7 @@ int main (int argc, char **argv) for (ctl = querylist; ctl; ctl = ctl->next) if (ctl->active && !(implicitmode && ctl->server.skip) && !ctl->password) { - if (ctl->server.authenticate == A_KERBEROS) + if (ctl->server.authenticate == A_KERBEROS_V4) /* Server won't care what the password is, but there must be some non-null string here. */ ctl->password = ctl->remotename; @@ -402,7 +402,7 @@ int main (int argc, char **argv) * as a probe to make sure our nameserver is still up. * The multidrop case (especially) needs it. */ - if (ctl->server.authenticate == A_KERBEROS || MULTIDROP(ctl)) + if (ctl->server.authenticate==A_KERBEROS_V4 || MULTIDROP(ctl)) { struct hostent *namerec; @@ -823,7 +823,7 @@ void dump_params (struct query *ctl) printf(" Password = '%s'.\n", visbuf(ctl->password)); if (ctl->server.protocol == P_POP3 && ctl->server.port == KPOP_PORT - && ctl->server.authenticate == A_KERBEROS) + && ctl->server.authenticate == A_KERBEROS_V4) printf(" Protocol is KPOP"); else printf(" Protocol is %s", showproto(ctl->server.protocol)); @@ -835,8 +835,8 @@ void dump_params (struct query *ctl) printf(" (forcing UIDL use)"); putchar('.'); putchar('\n'); - if (ctl->server.authenticate == A_KERBEROS) - printf(" Kerberos authentication enabled.\n"); + if (ctl->server.authenticate == A_KERBEROS_V4) + printf(" Kerberos V4 preauthentication enabled.\n"); printf(" Server nonresponse timeout is %d seconds", ctl->server.timeout); if (ctl->server.timeout == CLIENT_TIMEOUT) printf(" (default).\n"); diff --git a/fetchmail.h b/fetchmail.h index 4680bfe3..10597a6a 100644 --- a/fetchmail.h +++ b/fetchmail.h @@ -14,8 +14,8 @@ #define KPOP_PORT 1109 /* authentication types */ -#define A_PASSWORD 0 /* passwords in cleartext */ -#define A_KERBEROS 1 /* get Kerberos V4 ticket */ +#define A_PASSWORD 0 /* password or inline authentication */ +#define A_KERBEROS_V4 1 /* preauthenticate w/ Kerberos V4 */ /* definitions for buffer sizes -- somewhat arbitrary */ #define POPBUFSIZE 512 /* per RFC 937 */ diff --git a/fetchmail.man b/fetchmail.man index 8fed9e09..ae5cc972 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -139,7 +139,7 @@ Use POP3 with MD5 authentication. .IP RPOP Use POP3 with RPOP authentication. .IP KPOP -Use POP3 with Kerberos authentication on port 1109. +Use POP3 with Kerberos V4 authentication on port 1109. .IP IMAP IMAP2bis, IMAP4, or IMAP4rev1 (\fIfetchmail\fR autodetects their capabilities). .IP ETRN @@ -258,11 +258,12 @@ no other activity has occurred on the link, then the poll will be skipped. This option is currently only supported under Linux. .TP .B \-A, --auth -This option permits you to specify an authentication type (see USER +This option permits you to specify a preauthentication type (see USER AUTHENTICATION below for details). The possible values are -\&`\fBpassword\fR' and `\fBkerberos\fR'. This option is provided +\&`\fBpassword\fR' and `\fBkerberos\fR' (or, for excruciating +exactness, `\fBkerberos_v4\fR'). This option is provided primarily for developers; choosing KPOP protocol automatically selects -Kerberos authentication, and all other alternatives use ordinary +Kerberos preauthentication, and all other alternatives use ordinary password authentication (though APOP uses a generated one-time key as the password). This option does not work with ETRN. @@ -385,8 +386,8 @@ the server greeting time to the server, which can verify it by checking its authorization database. .PP If your \fIfetchmail\fR was built with Kerberos support and you specify -Kerberos authentication (either with --auth or the \fI.fetchmailrc\fR -option \fBauthenticate kerberos\fR) it will try to get a Kerberos +Kerberos preauthentication (either with --auth or the \fI.fetchmailrc\fR +option \fBauthenticate kerberos_v4\fR) it will try to get a Kerberos ticket from the mailserver at the start of each query. .SH DAEMON MODE @@ -730,7 +731,7 @@ as in APOP); the second tells \fIfetchmail\fR to try to get a Kerberos ticket at the start of each query instead, and send an arbitrary string as the password. .PP -Specifying `kpop' sets POP3 protocol over port 1109 with Kerberos +Specifying `kpop' sets POP3 protocol over port 1109 with Kerberos V4 authentication. These defaults may be overridden by later options. .PP You can use the noise keywords `and', `with', diff --git a/options.c b/options.c index f9a8c02a..2a5f91c8 100644 --- a/options.c +++ b/options.c @@ -186,7 +186,7 @@ struct query *ctl; /* option record to be initialized */ { ctl->server.protocol = P_POP3; ctl->server.port = KPOP_PORT; - ctl->server.authenticate = A_KERBEROS; + ctl->server.authenticate = A_KERBEROS_V4; } else if (strcasecmp(optarg,"etrn") == 0) ctl->server.protocol = P_ETRN; @@ -208,7 +208,9 @@ struct query *ctl; /* option record to be initialized */ if (strcmp(optarg, "password") == 0) ctl->server.authenticate = A_PASSWORD; else if (strcmp(optarg, "kerberos") == 0) - ctl->server.authenticate = A_KERBEROS; + ctl->server.authenticate = A_KERBEROS_V4; + else if (strcmp(optarg, "kerberos_v4") == 0) + ctl->server.authenticate = A_KERBEROS_V4; else { fprintf(stderr,"Invalid authentication `%s' specified.\n", optarg); errflag++; diff --git a/rcfile_l.l b/rcfile_l.l index 9d36b41e..a23e4dc0 100644 --- a/rcfile_l.l +++ b/rcfile_l.l @@ -34,7 +34,8 @@ local(domains) { return LOCALDOMAINS; } proto(col)? { return PROTOCOL; } port { return PORT; } auth(enticate)? { return AUTHENTICATE; } -kerberos { return KERBEROS; } +kerberos_v4 { return KERBEROS_V4; } +kerberos { return KERBEROS_V4; } timeout { return TIMEOUT;} envelope { return ENVELOPE; } diff --git a/rcfile_y.y b/rcfile_y.y index 28ca4c8e..2b5bd871 100644 --- a/rcfile_y.y +++ b/rcfile_y.y @@ -32,6 +32,7 @@ static int prc_errflag; static void record_current(); static void user_reset(); +static int reset_server(char *name, int skip); %} %union { @@ -41,7 +42,7 @@ static void user_reset(); } %token DEFAULTS POLL SKIP AKA LOCALDOMAINS PROTOCOL -%token AUTHENTICATE TIMEOUT KPOP KERBEROS +%token AUTHENTICATE TIMEOUT KPOP KERBEROS_V4 %token ENVELOPE USERNAME PASSWORD FOLDER SMTPHOST MDA PRECONNECT LIMIT %token IS HERE THERE TO MAP WILDCARD %token SET BATCHLIMIT FETCHLIMIT LOGFILE DAEMON INTERFACE MONITOR @@ -74,14 +75,27 @@ statement : SET LOGFILE MAP STRING {logfile = xstrdup($4);} | define_server serverspecs userspecs ; -define_server : POLL STRING {memset(¤t,'\0',sizeof(current)); - save_str(¤t.server.names, -1,$2); - current.server.skip = FALSE;} - | SKIP STRING {memset(¤t,'\0',sizeof(current)); - save_str(¤t.server.names, -1,$2); - current.server.skip = TRUE;} - | DEFAULTS {memset(¤t,'\0',sizeof(current)); - save_str(¤t.server.names, -1,"defaults");} +define_server : POLL STRING { + if (!reset_server($2, FALSE)) + { + yyerror("duplicate entry name not allowed"); + YYERROR; + } + } + | SKIP STRING { + if (!reset_server($2, TRUE)) + { + yyerror("duplicate entry name not allowed"); + YYERROR; + } + } + | DEFAULTS { + if (!reset_server("defaults", FALSE)) + { + yyerror("can't have two default entries"); + YYERROR; + } + } ; serverspecs : /* EMPTY */ @@ -101,14 +115,14 @@ serv_option : AKA alias_list | PROTOCOL PROTO {current.server.protocol = $2;} | PROTOCOL KPOP { current.server.protocol = P_POP3; - current.server.authenticate = A_KERBEROS; + current.server.authenticate = A_KERBEROS_V4; current.server.port = KPOP_PORT; } | UIDL {current.server.uidl = FLAG_TRUE;} | NO UIDL {current.server.uidl = FLAG_FALSE;} | PORT NUMBER {current.server.port = $2;} | AUTHENTICATE PASSWORD {current.server.authenticate = A_PASSWORD;} - | AUTHENTICATE KERBEROS {current.server.authenticate = A_KERBEROS;} + | AUTHENTICATE KERBEROS_V4 {current.server.authenticate = A_KERBEROS_V4;} | TIMEOUT NUMBER {current.server.timeout = $2;} | ENVELOPE STRING {current.server.envelope = xstrdup($2);} | INTERFACE STRING { @@ -303,6 +317,23 @@ const char *pathname; /* pathname for the configuration file */ return(0); } +static int reset_server(char *name, int skip) +/* clear the entire global record and initialize it with a new name */ +{ + struct query *ctl; + + /* don't allow name collisions, this screws up the data structures */ + for (ctl = querylist; ctl; ctl = ctl->next) + if (strcmp(name, ctl->server.names->id) == 0) + return(FALSE); + + memset(¤t,'\0',sizeof(current)); + save_str(¤t.server.names, -1, name); + current.server.skip = skip; + return(TRUE); +} + + static void user_reset(void) /* clear the global current record (server parameters) used by the parser */ { diff --git a/report.c b/report.c index 1e653646..f5c2110d 100644 --- a/report.c +++ b/report.c @@ -224,8 +224,15 @@ error (status, errnum, message, va_alist) fprintf (stderr, message, a1, a2, a3, a4, a5, a6, a7, a8); #endif - if (errnum) - fprintf (stderr, ": %s", strerror (errnum)); + if (errnum) { + char *tmps = strerror(errnum); + if (tmps) { + fprintf (stderr, ": %s", tmps); + } + else { + fprintf (stderr, ": Error %d", errnum); + } + } putc ('\n', stderr); fflush (stderr); } diff --git a/sample.rcfile b/sample.rcfile index ade59267..209242f6 100644 --- a/sample.rcfile +++ b/sample.rcfile @@ -2,7 +2,7 @@ # # This file (or one of your own creation, rather) should be located # in your home directory with the name .fetchmailrc. Permissions on this -# file may be no greater than -rw-------, or fetchmail will refuse to +# file may be no greater than -rw------- (0600), or fetchmail will refuse to # use it. # # To see what effect your ~/.fetchmailrc file has, do diff --git a/uid.c b/uid.c index bcce0d5d..e6fa1b26 100644 --- a/uid.c +++ b/uid.c @@ -23,9 +23,7 @@ * Machinery for handling UID lists live here. This is mainly to support * RFC1725-conformant POP3 servers without a LAST command, but may also be * useful for making the IMAP4 querying logic UID-oriented, if a future - * revision of IMAP forces me to. (This would be bad. Server-side - * seen bits are better than UIDs, because they track messages seen by - * *all* clients.) + * revision of IMAP forces me to. * * Here's the theory: * @@ -57,6 +55,8 @@ * At the end of the fetchmail run, all current `oldsaved' lists are * flushed out to the .fetchids file to be picked up by the next run. * If there are no such messages, the file is deleted. + * + * Note: all comparisons are caseblind! */ /* UIDs associated with un-queried hosts */ @@ -84,8 +84,8 @@ void initialize_saved_lists(struct query *hostlist, const char *idfile) { for (ctl = hostlist; ctl; ctl = ctl->next) { - if (strcmp(host, ctl->server.names->id) == 0 - && strcmp(user, ctl->remotename) == 0) + if (strcasecmp(host, ctl->server.names->id) == 0 + && strcasecmp(user, ctl->remotename) == 0) { save_str(&ctl->oldsaved, -1, id); break; @@ -186,11 +186,11 @@ char *str_find(struct idlist **idl, int number) } char *idpair_find(struct idlist **idl, const char *id) -/* return the id of the given number in the given list. */ +/* return the id of the given id in the given list (caseblind comparison) */ { if (*idl == (struct idlist *) 0) return((char *) 0); - else if (strcmp(id, (*idl)->id) == 0) + else if (strcasecmp(id, (*idl)->id) == 0) return((*idl)->val.id2 ? (*idl)->val.id2 : (*idl)->id); else return(idpair_find(&(*idl)->next, id)); -- cgit v1.2.3