aboutsummaryrefslogtreecommitdiffstats
path: root/smbencrypt.c
blob: 8d12f0ca4f8bf0ff2a96bac7209701c48f2346a7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
/* 
   Unix SMB/Netbios implementation.
   Version 1.9.
   SMB parameters and setup
   Copyright (C) Andrew Tridgell 1992-1998
   Modified by Jeremy Allison 1995.
   
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.
   
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
   
   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#define DEBUG(a,b) ;

extern int DEBUGLEVEL;

#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include "smbbyteorder.h"
#include "smbdes.h"
#include "smbencrypt.h"
#include "smbmd4.h"

#ifndef _AIX
typedef unsigned char uchar;
typedef signed short int16;
#endif
typedef int BOOL;
#define False 0
#define True  1

/****************************************************************************
 Like strncpy but always null terminates. Make sure there is room!
 The variable n should always be one less than the available size.
****************************************************************************/

char *StrnCpy(char *dest,const char *src, size_t n)
{
  char *d = dest;
  if (!dest) return(NULL);
  if (!src) {
    *dest = 0;
    return(dest);
  }
  while (n-- && (*d++ = *src++)) ;
  *d = 0;
  return(dest);
}

size_t skip_multibyte_char(char c)
{
    (void)c;
    return 0;
}


/*******************************************************************
safe string copy into a known length string. maxlength does not
include the terminating zero.
********************************************************************/

char *safe_strcpy(char *dest,const char *src, size_t maxlength)
{
    size_t len;

    if (!dest) {
        DEBUG(0,("ERROR: NULL dest in safe_strcpy\n"));
        return NULL;
    }

    if (!src) {
        *dest = 0;
        return dest;
    }  

    len = strlen(src);

    if (len > maxlength) {
            DEBUG(0,("ERROR: string overflow by %d in safe_strcpy [%.50s]\n",
                     (int)(len-maxlength), src));
            len = maxlength;
    }
      
    memcpy(dest, src, len);
    dest[len] = 0;
    return dest;
}  


void strupper(char *s)
{
while (*s)
  {
    {
    size_t skip = skip_multibyte_char( *s );
    if( skip != 0 )
      s += skip;
    else
      {
      if (islower((unsigned char)*s))
	*s = toupper((unsigned char)*s);
      s++;
      }
    }
  }
}

extern void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]);

/*
 This implements the X/Open SMB password encryption
 It takes a password, a 8 byte "crypt key" and puts 24 bytes of 
 encrypted password into p24 
 */

void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24)
  {
  uchar p14[15], p21[21];
  
  memset(p21,'\0',21);
  memset(p14,'\0',14);
  StrnCpy((char *)p14,(char *)passwd,14);
  
  strupper((char *)p14);
  E_P16(p14, p21); 
  
  SMBOWFencrypt(p21, c8, p24);
  
#ifdef DEBUG_PASSWORD
  DEBUG(100,("SMBencrypt: lm#, challenge, response\n"));
  dump_data(100, (char *)p21, 16);
  dump_data(100, (char *)c8, 8);
  dump_data(100, (char *)p24, 24);
#endif
  }

/* Routines for Windows NT MD4 Hash functions. */
static int _my_wcslen(int16 *str)
{
	int len = 0;
	while(*str++ != 0)
		len++;
	return len;
}

/*
 * Convert a string into an NT UNICODE string.
 * Note that regardless of processor type 
 * this must be in intel (little-endian)
 * format.
 */
 
static int _my_mbstowcs(int16 *dst, uchar *src, int len)
{
	int i;
	int16 val;
 
	for(i = 0; i < len; i++) {
		val = *src;
		SSVAL(dst,0,val);
		dst++;
		src++;
		if(val == 0)
			break;
	}
	return i;
}

/* 
 * Creates the MD4 Hash of the users password in NT UNICODE.
 */
 
void E_md4hash(uchar *passwd, uchar *p16)
{
	int len;
	int16 wpwd[129];
	
	/* Password cannot be longer than 128 characters */
	len = strlen((char *)passwd);
	if(len > 128)
		len = 128;
	/* Password must be converted to NT unicode */
	_my_mbstowcs(wpwd, passwd, len);
	wpwd[len] = 0; /* Ensure string is null terminated */
	/* Calculate length in bytes */
	len = _my_wcslen(wpwd) * sizeof(int16);

	mdfour(p16, (unsigned char *)wpwd, len);
}

/* Does both the NT and LM owfs of a user's password */
void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16])
{
	char passwd[130];

	memset(passwd,'\0',130);
	safe_strcpy( passwd, pwd, sizeof(passwd)-1);

	/* Calculate the MD4 hash (NT compatible) of the password */
	memset(nt_p16, '\0', 16);
	E_md4hash((uchar *)passwd, nt_p16);

#ifdef DEBUG_PASSWORD
	DEBUG(100,("nt_lm_owf_gen: pwd, nt#\n"));
	dump_data(120, passwd, strlen(passwd));
	dump_data(100, (char *)nt_p16, 16);
#endif

	/* Mangle the passwords into Lanman format */
	passwd[14] = '\0';
	strupper(passwd);

	/* Calculate the SMB (lanman) hash functions of the password */

	memset(p16, '\0', 16);
	E_P16((uchar *) passwd, (uchar *)p16);

#ifdef DEBUG_PASSWORD
	DEBUG(100,("nt_lm_owf_gen: pwd, lm#\n"));
	dump_data(120, passwd, strlen(passwd));
	dump_data(100, (char *)p16, 16);
#endif
	/* clear out local copy of user's password (just being paranoid). */
	memset(passwd, '\0', sizeof(passwd));
}

/* Does the des encryption from the NT or LM MD4 hash. */
void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24])
{
	uchar p21[21];
 
	memset(p21,'\0',21);
 
	memcpy(p21, passwd, 16);    
	E_P24(p21, c8, p24);
}

/* Does the des encryption from the FIRST 8 BYTES of the NT or LM MD4 hash. */
void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24])
{
	uchar p21[21];
 
	memset(p21,'\0',21);
	memcpy(p21, passwd, 8);    
	memset(p21 + 8, 0xbd, 8);    

	E_P24(p21, ntlmchalresp, p24);
#ifdef DEBUG_PASSWORD
	DEBUG(100,("NTLMSSPOWFencrypt: p21, c8, p24\n"));
	dump_data(100, (char *)p21, 21);
	dump_data(100, (char *)ntlmchalresp, 8);
	dump_data(100, (char *)p24, 24);
#endif
}


/* Does the NT MD4 hash then des encryption. */
 
void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24)
{
	uchar p21[21];
 
	memset(p21,'\0',21);
 
	E_md4hash(passwd, p21);    
	SMBOWFencrypt(p21, c8, p24);

#ifdef DEBUG_PASSWORD
	DEBUG(100,("SMBNTencrypt: nt#, challenge, response\n"));
	dump_data(100, (char *)p21, 16);
	dump_data(100, (char *)c8, 8);
	dump_data(100, (char *)p24, 24);
#endif
}

#if 0

BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode)
{
	int new_pw_len = strlen(passwd) * (unicode ? 2 : 1);

	if (new_pw_len > 512)
	{
		DEBUG(0,("make_oem_passwd_hash: new password is too long.\n"));
		return False;
	}

	/*
	 * Now setup the data area.
	 * We need to generate a random fill
	 * for this area to make it harder to
	 * decrypt. JRA.
	 */
	generate_random_buffer((unsigned char *)data, 516, False);
	if (unicode)
	{
		struni2( &data[512 - new_pw_len], passwd);
	}
	else
	{
		fstrcpy( &data[512 - new_pw_len], passwd);
	}
	SIVAL(data, 512, new_pw_len);

#ifdef DEBUG_PASSWORD
	DEBUG(100,("make_oem_passwd_hash\n"));
	dump_data(100, data, 516);
#endif
	SamOEMhash( (unsigned char *)data, (unsigned char *)old_pw_hash, True);

	return True;
}

#endif
class="o">-1 or buf.find("wait") > -1 or buf.find("[IN-USE]") > -1 or buf.find("[LOGIN-DELAY]") > -1: # We always want to pass the user lock-busy messages, because # they're red flags. Other stuff (like AUTH failures on non- # RFC1734 servers) only if we're debugging. if outlevel < O_VERBOSE: stderr.write(buf + "\n") raise FetchError(PS_LOCKBUSY) elif buf.find("ervice") > -1 and buf.find("unavailable") > -1: raise FetchError(PS_AUTHFAIL) else: raise FetchError(PS_PROTOCOL) def getauth(sock, ctl): did_stls = has_gssapi = has_kerberos = has_cram = has_ssl = False if ctl.server.authenticate == A_SSH: return def getrange(sock, ctl, folder): def fetch(sock, ctl, number): def trail(sock, ctl, number): def logout(sock, ctl): return gen_transact(sock, "QUIT") class hostdata: "Per-mailserver control data." # rc file data pollname = None # poll label of host via = None # "true" server name if non-NULL akalist = [] # server name first, then akas localdomains = [] # list of pass-through domains protocol = None # protocol type netsec = None # IPv6 security request port = None # TCP/IP service port number (name in IPV6) interval = 0 # cycles to skip between polls authenticate = 'password' # authentication mode to try timeout = 300 # inactivity timout in seconds envelope = None # envelope address list header envskip = 0 # skip to numbered envelope header qvirtual = None # prefix removed from local user id skip = False # suppress poll in implicit mode? dns = True # do DNS lookup on multidrop? uidl = False # use RFC1725 UIDLs? sdps = False # use Demon Internet SDPS *ENV checkalias = False # resolve aliases by comparing IPs? principal = None # Kerberos principal for mail service esmtp_name = None # ESMTP AUTH information esmtp_password = None # Only used under Linux interface = None monitor = None monitor_io = 0 #struct interface_pair_s *interface_pair plugin = None plugout = None # computed for internal use base_protocol = None # relevant protocol method table poll_count = 0 # count of polls so far queryname = None # name to attempt DNS lookup on truename = None # "true name" of server host trueaddr = None # IP address of truename, as char lead_server = None # ptr to lead query for this server esmtp_options = [] # ESMTP option list def is_mailbox_protocol(self): # We need to distinguish between mailbox and mailbag protocols. # Under a mailbox protocol we're pulling mail for a speecific user. # Under a mailbag protocol we're fetching mail for an entire domain. return self.protocol != proto_etrn class query: "All the parameters of a fetchmail query." # mailserver connection controls server = None # per-user data localnames = [] # including calling user's name wildcard = False # should unmatched names be passed through remotename = None # remote login name to use password = None # remote password to use mailboxes = [] # list of mailboxes to check # per-forwarding-target data smtphunt = [] # list of SMTP hosts to try forwarding to domainlist = [] # domainlist to fetch from smtpaddress = None # address to force in RCPT TO smtpname = None # full RCPT TO name, including domain antispam = [] # list of listener's antispam response mda = None # local MDA to pass mail to bsmtp = None # BSMTP output file listener = 'SMTP' # what's the listener's wire protocol? preconnect = None # pre-connection command to execute postconnect = None # post-connection command to execute # per-user control flags keep = False # if TRUE, leave messages undeleted fetchall = False # if TRUE, fetch all (not just unseen) flush = False # if TRUE, delete messages already seen rewrite = False # if TRUE, canonicalize recipient addresses stripcr = False # if TRUE, strip CRs in text forcecr = False # if TRUE, force CRs before LFs in text pass8bits = False # if TRUE, ignore Content-Transfer-Encoding dropstatus = False # if TRUE, drop Status lines in mail dropdelivered = False # if TRUE, drop Delivered-To lines in mail mimedecode = False # if TRUE, decode MIME-armored messages idle = False # if TRUE, idle after each poll limit = 0 # limit size of retrieved messages warnings = 3600 # size warning interval fetchlimit = 0 # max # msgs to get in single poll batchlimit = 0 # max # msgs to pass in single SMTP session expunge = 1 # max # msgs to pass between expunges use_ssl = False # use SSL encrypted session sslkey = None # optional SSL private key file sslcert = None # optional SSL certificate file sslproto = None # force usage of protocol (ssl2|ssl3|tls1) - defaults to ssl23 sslcertpath = None # Trusted certificate directory for checking the server cert sslcertck = False # Strictly check the server cert. sslfingerprint = None # Fingerprint to check against properties = [] # passthrough properties for extensions tracepolls = False # if TRUE, add poll trace info to Received # internal use -- per-poll state active = False # should we actually poll this server? destaddr = None # destination host for this query errcount = 0 # count transient errors in last pass authfailcount = 0 # count of authorization failures wehaveauthed = 0 # We've managed to logon at least once! wehavesentauthnote = 0 # We've sent an authorization failure note wedged = 0 # wedged by auth failures or timeouts? smtphost = None # actual SMTP host we connected to smtp_socket = -1 # socket descriptor for SMTP connection uid = 0 # UID of user to deliver to skipped = [] # messages skipped on the mail server oldsaved = [] newsaved = [] oldsavedend = [] lastid = None # last Message-ID seen on this connection thisid = None # Message-ID of current message # internal use -- per-message state mimemsg = 0 # bitmask indicating MIME body-type digest = None def dump(self): print "Options for retrieving from %s@%s:" \ % (self.remotename, self.server.pollname) if self.server.via and self.server.server.is_mailbox_protocol(): print " Mail will be retrieved via %s" % self.server.via if self.server.interval: print " Poll of this server will occur every %d intervals." \ % self.server.interval; if self.server.truename: print " True name of server is %s." % self.server.truename if self.server.skip || outlevel >= O_VERBOSE: if self.server.skip: print " Will not be queried when no host is specified." else: print " Will not be queried when no host is specified." if self.server.authenticate not in ('KERBEROS', 'GSSAPI', 'SSH'): if not self.password: print " Password will be prompted for." else if outlevel >= O_VERBOSE: if self.server.protocol == proto_apop: print " APOP secret = \"%s\"." % self.password elif self.server.protocol == proto_rpop: print " RPOP id = \"%s\"." % self.password else print " Password = \"%s\"." % self.password if self.server.protocol == proto_pop3 \ and self.server.port == KPOP_PORT \ and self.server.authenticate.startswith("Kerberos"): sys.stdout.write(" Protocol is KPOP with %s authentication" \ % self.server.authenticate) else sys.stdout.write(" Protocol is %s" % self.server.protocol.name) if ipv6: if self.server.port: sys.stdout.write(" (using service %s)" % self.server.port) if (self.server.netsec) sys.stdout.write(" (using network security options %s)" % self.server.netsec) else: if self.server.port: sys.stdout.write(" (using port %d)" % self.server.port) else if outlevel >= O_VERBOSE: sys.stdout.write(" (using default port)") if self.server.uidl and self.server.is_mailbox.protocol()) sys.stdout.write(" (forcing UIDL use)") sys.stdout.write("\n") print { None : " All available authentication methods will be tried.", 'password' : " Password authentication will be forced.", 'NTLM' : " NTLM authentication will be forced.", 'OTP' : " OTP authentication will be forced.", 'CRAM-MD5' " CRAM-MD5 authentication will be forced.", 'GSSAPI' : " GSSAPI authentication will be forced.", 'Kerberos V4' : " Kerberos V4 authentication will be forced.", 'Kerberos V5' : " Kerberos V5 authentication will be forced.", 'ssh' : " End-to-end encryption will be assumed.", }[self.server.authenticate] if self.server.principal: print " Mail service principal is: %s" % self.server.principal if self.use_ssl: print " SSL encrypted sessions enabled." if self.sslproto: print " SSL protocol: %s." % self.sslproto; if self.sslcertck: print " SSL server certificate checking enabled." if self.sslcertpath: print " SSL trusted certificate directory: %s" % self.sslcertpath; if self.sslfingerprint: print " SSL key fingerprint (checked against the server key): %s" % self.sslfingerprint; if self.server.timeout > 0: print " Server nonresponse timeout is %d seconds" % self.server.timeout; if self.server.is_mailbox_protocol(): if not self.mailboxes.id: print " Default mailbox selected." else print " Selected mailboxes are: ", ", ".join(self.mailboxes) flagarray = ( ('fetchall', "%s messages will be retrieved (--all %s)." "All", "Only new") ('keep', " Fetched messages %s be kept on the server (--keep %s)." "will", "will not") ('flush', " Old messages %s be flushed before message retrieval (--flush %s).", "will", "will not") ('rewrite', " Rewrite of server-local addresses is %s (norewrite %s).", "enabled", "disabled") ('stripcr', " Carriage-return stripping is %s (stripcr %s).", "enabled", "disabled") ('forcecr', " Carriage-return forcing is %s (forcecr %s).", "enabled", "disabled") ('pass8bits', " Interpretation of Content-Transfer-Encoding is %s (pass8bits %s).", "enabled", "disabled") ('mimedecode', " MIME decoding is %s (mimedecode %s).", "enabled", "disabled") ('idle', " Idle after poll is %s (idle %s).", "enabled", "disabled") ('dropstatus', " Nonempty Status lines will be %s (dropstatus %s)", "discarded", "kept") ('dropdelivered', " Delivered-To lines will be %s (dropdelivered %s)", "discarded", "kept") ) for (attr, template, on, off) in flagarray: flag = getattr(self, att) if flag: onoff1 = on onoff2 = "on" else: onoff1 = off onoff2 = "off" print template % (onoff1, onoff2) if self.limit: { if NUM_NONZERO(self.limit): print " Message size limit is %d octets (--limit %d)." % self.limit, self.limit); else if outlevel >= O_VERBOSE: print " No message size limit (--limit 0)." if run.poll_interval > 0: print " Message size warning interval is %d seconds (--warnings %d)." % self.warnings, self.warnings); else if outlevel >= O_VERBOSE: print " Size warnings on every poll (--warnings 0)." } if NUM_NONZERO(self.fetchlimit): print " Received-message limit is %d (--fetchlimit %d)."), self.fetchlimit, self.fetchlimit); else if outlevel >= O_VERBOSE: print " No received-message limit (--fetchlimit 0)." if NUM_NONZERO(self.batchlimit): print " SMTP message batch limit is %d." % self.batchlimit); else if outlevel >= O_VERBOSE: print " No SMTP message batch limit (--batchlimit 0)." if MAILBOX_PROTOCOL(ctl): { if NUM_NONZERO(self.expunge): print " Deletion interval between expunges forced to %d (--expunge %d)." % self.expunge, self.expunge); else if outlevel >= O_VERBOSE: print " No forced expunges (--expunge 0)." } } else /* ODMR or ETRN */ { struct idlist *idp; print " Domains for which mail will be fetched are:" for (idp = self.domainlist; idp; idp = idp.next: { printf(" %s", idp.id); if not idp.val.status.mark: print " (default)" } printf(""); } if self.bsmtp: print " Messages will be appended to %s as BSMTP" % visbuf(self.bsmtp else if self.mda and MAILBOX_PROTOCOL(ctl): print " Messages will be delivered with \"%s\"." % visbuf(self.mda else { struct idlist *idp; if self.smtphunt: { print " Messages will be %cMTP-forwarded to:" % self.listener); for (idp = self.smtphunt; idp; idp = idp.next: { printf(" %s", idp.id); if not idp.val.status.mark: print " (default)" } printf(""); } if self.smtpaddress: print " Host part of MAIL FROM line will be %s"), self.smtpaddress); if self.smtpname: print " Address to be put in RCPT TO lines shipped to SMTP will be %s"), self.smtpname); } if MAILBOX_PROTOCOL(ctl): { if self.antispam != (struct idlist *)NULL: { struct idlist *idp; print " Recognized listener spam block responses are:" for (idp = self.antispam; idp; idp = idp.next: printf(" %d", idp.val.status.num); printf(""); } else if outlevel >= O_VERBOSE: print " Spam-blocking disabled" } if self.preconnect: print " Server connection will be brought up with \"%s\"."), visbuf(self.preconnect else if outlevel >= O_VERBOSE: print " No pre-connection command." if self.postconnect: print " Server connection will be taken down with \"%s\"."), visbuf(self.postconnect else if outlevel >= O_VERBOSE: print " No post-connection command." if MAILBOX_PROTOCOL(ctl)) { if !self.localnames: print " No localnames declared for this host." else { struct idlist *idp; int count = 0; for (idp = self.localnames; idp; idp = idp.next: ++count; if count > 1 || self.wildcard: print " Multi-drop mode: " else print " Single-drop mode: " print "%d local name(s) recognized." % count); if outlevel >= O_VERBOSE: { for (idp = self.localnames; idp; idp = idp.next: if idp.val.id2: printf("\t%s . %s", idp.id, idp.val.id2); else printf("\t%s", idp.id); if self.wildcard: fputs("\t*", stdout); } if count > 1 || self.wildcard: { print " DNS lookup for multidrop addresses is %s."), self.server.dns ? GT_("enabled") : GT_("disabled" if self.server.dns: { print " Server aliases will be compared with multidrop addresses by " if self.server.checkalias: print "IP address." else print "name." } if self.server.envelope == STRING_DISABLED: print " Envelope-address routing is disabled" else { print " Envelope header is assumed to be: %s"), self.server.envelope ? self.server.envelope:GT_("Received" if self.server.envskip > 1 || outlevel >= O_VERBOSE: print " Number of envelope header to be parsed: %d"), self.server.envskip); if self.server.qvirtual: print " Prefix %s will be removed from user id"), self.server.qvirtual); else if outlevel >= O_VERBOSE) print " No prefix stripping" } if self.server.akalist: { struct idlist *idp; print " Predeclared mailserver aliases:" for (idp = self.server.akalist; idp; idp = idp.next: printf(" %s", idp.id); putchar(''); } if self.server.localdomains: { struct idlist *idp; print " Local domains:" for (idp = self.server.localdomains; idp; idp = idp.next: printf(" %s", idp.id); putchar(''); } } } } #if defined(linux) || defined(__FreeBSD__: if self.server.interface: print " Connection must be through interface %s." % self.server.interface); else if outlevel >= O_VERBOSE: print " No interface requirement specified." if self.server.monitor: print " Polling loop will monitor %s." % self.server.monitor); else if outlevel >= O_VERBOSE: print " No monitor interface specified." #endif if self.server.plugin: print " Server connections will be made via plugin %s (--plugin %s)." % self.server.plugin, self.server.plugin); else if outlevel >= O_VERBOSE: print " No plugin command specified." if self.server.plugout: print " Listener connections will be made via plugout %s (--plugout %s)." % self.server.plugout, self.server.plugout); else if outlevel >= O_VERBOSE: print " No plugout command specified." if self.server.protocol > P_POP2 and MAILBOX_PROTOCOL(ctl): { if !self.oldsaved: print " No UIDs saved from this host." else { struct idlist *idp; int count = 0; for (idp = self.oldsaved; idp; idp = idp.next: ++count; print " %d UIDs saved." % count); if outlevel >= O_VERBOSE: for (idp = self.oldsaved; idp; idp = idp.next: printf("\t%s", idp.id); } } if self.tracepolls: print " Poll trace information will be added to the Received header." else if outlevel >= O_VERBOSE: print " No poll trace information will be added to the Received header.." if self.properties: print " Pass-through properties \"%s\"." % self.properties if __name__ == '__main__': # C version queried FETCHMAILUSER, then USER, then LOGNAME. # Order here is FETCHMAILUSER, LOGNAME, USER, LNAME and USERNAME. user = os.getenv("FETCHMAILUSER") or getpass.getuser() for injector in ("QMAILINJECT", "NULLMAILER_FLAGS"): if os.getenv(injector): print >>sys.stderr, \ ("fetchmail: The %s environment variable is set.\n" "This is dangerous, as it can make qmail-inject or qmail's\n" "sendmail wrapper tamper with your From or Message-ID " "headers.\n" "Try 'env %s= fetchmail YOUR ARGUMENTS HERE'\n") % (injector, injector) sys.exit(PS_UNDEFINED) # Figure out who calling user is and where the run-control file is. # C version handled multiple usernames per PID; this doesn't. try: pwp = pwd.getpwuid(os.getuid()) except: print >>sys.stderr, "You don't exist. Go away." sys.exit(PS_UNDEFINED) home = os.getenv("HOME") or pwp.pw_dir fmhome = os.getenv("FETCHMAILHOME") or home rcfile = os.path.join(fmhome, ".fetchmailpyrc") idfile = os.path.join(fmhome, ".fetchids") cmdhelp = \ "usage: fetchmail [options] [server ...]\n" \ " Options are as follows:\n" \ " -?, --help display this option help\n" \ " -V, --version display version info\n" \ " -c, --check check for messages without fetching\n" \ " -s, --silent work silently\n" \ " -v, --verbose work noisily (diagnostic output)\n" \ " -d, --daemon run as a daemon once per n seconds\n" \ " -N, --nodetach don't detach daemon process\n" \ " -q, --quit kill daemon process\n" \ " -f, --fetchmailrc specify alternate run control file\n" \ " -a, --all retrieve old and new messages\n" \ " -k, --keep save new messages after retrieval\n" \ " -F, --flush delete old messages from server\n" # Now time to parse the command line try: (options, arguments) = getopt.getopt(sys.argv[1:], "?Vcsvd:NqfakF", ("help", "version", "check", "silent", "verbose", "daemon", "nodetach", "quit", "fetchmailrc", "all", "keep", "flush", )) except getopt.GetoptError: print cmdhelp sys.exit(PS_SYNTAX) versioninfo = checkonly = silent = nodetach = quitmode = False fetchall = keep = flutch = False outlevel = O_NORMAL poll_interval = -1 for (switch, val) in options: if switch in ("-?", "--help"): print cmdhelp sys.exit(0) elif switch in ("-V", "--version"): versioninfo = True elif switch in ("-c", "--check"): checkonly = True elif switch in ("-s", "--silent"): outlevel = O_SILENT elif switch in ("-v", "--verbose"): if outlevel == O_VERBOSE: outlevel = O_DEBUG else: outlevel = O_VERBOSE elif switch in ("-d", "--daemon"): poll_interval = int(val) elif switch in ("-N", "--nodetach"): outlevel = O_SILENT elif switch in ("-q", "--quitmode"): quitmode = True elif switch in ("-f", "--fetchmailrc"): rcfile = val elif switch in ("-a", "--all"): fetchall = True elif switch in ("-k", "--keep"): keep = True elif switch in ("-F", "--flush"): flush = True if versioninfo: print "This is fetchmail release", VERSION os.system("uname -a") # avoid parsing the config file if all we're doing is killing a daemon fetchmailrc = {} if not quitmode or len(sys.argv) != 2: # user probably supplied a configuration file, check security if os.path.exists(rcfile): # the run control file must have the same uid as the # REAL uid of this process, it must have permissions # no greater than 600, and it must not be a symbolic # link. We check these conditions here. try: st = os.lstat(rcfile) except IOError: sys.exit(PS_IOERR) if not versioninfo: if not stat.S_ISREG(st.st_mode): print >>sys.stderr, \ "File %s must be a regular file." % pathname; sys.exit(PS_IOERR); if st.st_mode & 0067: print >>sys.stderr, \ "File %s must have no more than -rwx--x--- (0710) permissions." % pathname; sys.exit(PS_IOERR); # time to read the configuration if rcfile == '-': ifp = sys.stdin elif os.path.exists(rcfile): ifp = file(rcfile) try: exec ifp in globals() except SyntaxError: print >>sys.stderr, \ "File %s is ill-formed." % pathname; sys.exit(PS_SYNTAX); ifp.close() # generate a default configuration if user did not supply one if not fetchmailrc: fetchmailrc = { 'poll_interval': 300, "logfile": None, "idfile": idfile, "postmaster": "esr", 'bouncemail': True, 'spambounce': False, "properties": "", 'invisible': False, 'showdots': False, 'syslog': False, 'servers': [] } for site in arguments: fetchmailrc['servers'].append({ "pollname" : site, 'active' : False, "via" : None, "protocol" : "IMAP", 'port' : 0, 'timeout' : 300, 'interval' : 0, "envelope" : "Received", 'envskip' : 0, "qvirtual" : None, "auth" : "any", 'dns' : True, 'uidl' : False, "aka" : [], "localdomains" : [], "interface" : None, "monitor" : None, "plugin" : None, "plugout" : None, "principal" : None, 'tracepolls' : False, 'users' : [ { "remote" : user, "password" : None, 'localnames' : [user], 'fetchall' : False, 'keep' : False, 'flush' : False, 'rewrite' : True, 'stripcr' : True, 'forcecr' : False, 'pass8bits' : False, 'dropstatus' : False, 'dropdelivered' : False, 'mimedecode' : False, 'idle' : False, "mda" : "/usr/bin/procmail -d %T", "bsmtp" : None, 'lmtp' : False, "preconnect" : None, "postconnect" : None, 'limit' : 0, 'warnings' : 3600, 'fetchlimit' : 0, 'batchlimit' : 0, 'expunge' : 0, "properties" : None, "smtphunt" : ["localhost"], "fetchdomains" : [], "smtpaddress" : None, "smtpname" : None, 'antispam' : '', "mailboxes" : [], } ] }) if poll_interval != -1: fetchmailrc['poll_interval'] = poll_interval # now turn the configuration into control structures