protobjs = rcfile_y.o rcfile_l.o socket.o getpass.o pop2.o pop3.o imap.o \
etrn.o fetchmail.o env.o options.o daemon.o driver.o rfc822.o smtp.o \
- xmalloc.o uid.o mxget.o md5c.o md5ify.o interface.o netrc.o base64.o \
- error.o
+ xmalloc.o uid.o mxget.o md5c.o md5ify.o rpa.o interface.o netrc.o \
+ base64.o error.o
objs = $(protobjs) $(extras) $(EXTRAOBJ)
$(srcdir)/options.c $(srcdir)/daemon.c \
$(srcdir)/driver.c $(srcdir)/rfc822.c $(srcdir)/smtp.c \
$(srcdir)/xmalloc.c $(srcdir)/uid.c $(srcdir)/mxget.c \
- $(srcdir)/md5c.c $(srcdir)/md5ify.c $(srcdir)/interface.c \
- $(srcdir)/netrc.c $(srcdir)/base64.c $(srcdir)/error.c
+ $(srcdir)/md5c.c $(srcdir)/md5ify.c $(srcdir)/rpa.c \
+ $(srcdir)/interface.c $(srcdir)/netrc.c $(srcdir)/base64.c \
+ $(srcdir)/error.c
.SUFFIXES:
.SUFFIXES: .o .c .h .y .l .ps .dvi .info .texi
* Fetchmail's synthetic Received line is now inserted just before the first
existing Received line and *after* any From headers shipped up by the
server. This fixes odd problems with some sensitive sendmails.
+* Compuserve RPA authentication support.
There are 285 people on the fetchmail-friends list.
fetchmail supports standard all mail-retrieval protocols in use on the
Internet: POP2, POP3 (including POP3 with RFC1938 one-time passwords),
-RPOP, APOP, KPOP, all flavors of IMAP (including IMAP4rev1 with
-RFC1731 Kerberos v4 authentication), and ESMTP ETRN.
+RPOP, APOP, KPOP, Compuserve's POP3 with RPA, all flavors of IMAP
+(including IMAP4rev1 with RFC1731 Kerberos v4 authentication), and
+ESMTP ETRN.
The fetchmail code was developed under Linux, but has also been
extensively tested under 4.4BSD, AIX, HP-UX versions 9 and 10,
/* Define if you want POP2 support compiled in */
#undef POP2_ENABLE
+/* Define if you want RPA support compiled in */
+#undef RPA_ENABLE
+
/* Define if you want OPIE support compiled in */
#undef OPIE_ENABLE
AC_CHECK_SIZEOF(int)
AC_CHECK_SIZEOF(long)
-### use option --enable-POP2 to compile in the POP2 fallback support
+### use option --enable-POP2 to compile in the POP2 support
AC_ARG_ENABLE(POP2,
[ --enable-POP2 compile in POP2 protocol support (obsolete)],
[with_POP2=$enableval],
[with_POP2=no])
test "$with_POP2" = "yes" && AC_DEFINE(POP2_ENABLE)
+### use option --enable-RPA to compile in the RPA support
+AC_ARG_ENABLE(RPA,
+ [ --enable-RPA compile in RPA protocol support],
+ [with_RPA=$enableval],
+ [with_RPA=no])
+test "$with_RPA" = "yes" && AC_DEFINE(RPA_ENABLE)
+
### use option --enable-opie to compile in the OPIE support
AC_ARG_ENABLE(opie,
[ --enable-opie support OTP through the OPIE library],
<table width="100%" cellpadding=0><tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
<td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 1997/09/25 06:42:28 $
+<td width="30%" align=right>$Date: 1997/09/30 21:26:41 $
</table>
<HR>
<LI> Support for responding with a one-time password when a POP3 server
issues an RFC1938-conforming OTP challenge.
+
+<LI> Support for Compuserve's RPA authentication protocol for POP3
+ (not compiled in by default, but configurable).
</UL>
<H2>Since 3.0:</H2>
<table width="100%" cellpadding=0><tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
<td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 1997/09/25 06:42:28 $
+<td width="30%" align=right>$Date: 1997/09/30 21:26:41 $
</table>
<P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com"><esr@snark.thyrsus.com></A></ADDRESS>
int parsecmdline (int, char **, struct query *);
void optmerge(struct query *, struct query *);
char *MD5Digest (unsigned char *);
+int POP3_auth_rpa(unsigned char *, unsigned char *, int socket);
int daemonize(const char *, void (*)(int));
char *getpassword(char *);
void escapes(const char *, char *);
challenge conforming to RFC1938, \fIfetchmail\fR will use your
password as a pass phrase to generate the required response. This
avoids sending secrets over the net unencrypted.
+.PP
+Compuserve's RPA authentication (similar to APOP) is supported. If
+you are using POP3, and the RPA code has been compiled into your
+binary, and you query a server in the Compuserve csi.com domain,
+\fIfetchmail\fR will try to perform an RPA pass-phrase authentication
+instead of sending over the password en clair.
.SH DAEMON MODE
The
are technically legal but bizarre. Strange uses of quoting and
embedded comments are likely to confuse it.
.PP
-Use of any of the supported protocols other than POP3 with OTP, APOP,
+Use of any of the supported protocols other than POP3 with OTP or RPA, APOP,
KPOP, IMAP-K4, or ETRN requires that the program send unencrypted
passwords over the TCP/IP connection to the mailserver. This creates
a risk that name/password pairs might be snaffled with a packet
#include <opie.h>
#endif /* HAVE_LIBOPIE */
-#define PROTOCOL_ERROR {error(0, 0, "protocol error"); return(PS_ERROR);}
-
extern char *strstr(); /* needed on sysV68 R3V7.1. */
static int last;
switch (ctl->server.protocol) {
case P_POP3:
- if ((gen_transact(sock, "USER %s", ctl->remotename)) != 0)
- PROTOCOL_ERROR
+ if ((ok = gen_transact(sock, "USER %s", ctl->remotename)) != 0)
+ break;
#if defined(HAVE_LIBOPIE) && defined(OPIE_ENABLE)
/* see RFC1938: A One-Time Password System */
- if (challenge = strstr(lastok, "otp-"))
+ if (challenge = strstr(greeting, "otp-"))
{
char response[OPIE_RESPONSE_MAX+1];
if (opiegenerator(challenge, ctl->password, response))
- PROTOCOL_ERROR
+ {
+ ok = PS_ERROR;
+ break;
+ }
ok = gen_transact(sock, "PASS %s", response);
+ break;
}
- else
#endif /* defined(HAVE_LIBOPIE) && defined(OPIE_ENABLE) */
- /* ordinary validation, no one-time password */
- ok = gen_transact(sock, "PASS %s", ctl->password);
+
+#ifdef ENABLE_RPA
+ /* if we're talking to CompuServe, try RPA */
+ if (strstr(greeting, "csi.com"))
+ {
+ /* AUTH command should return a list of available mechanisms */
+ if (gen_transact(sock, "AUTH") == 0)
+ {
+ char buffer[10];
+ flag authenticated = FALSE;
+
+ while ((ok = gen_recv(sock, buffer, sizeof(buffer))) == 0)
+ {
+ if (buffer[0] == '.')
+ break;
+ if (strncasecmp(buffer, "rpa", 3) == 0)
+ {
+ if (POP3_auth_rpa(ctl->remotename,
+ ctl->password, sock) == PS_SUCCEED)
+ {
+ authenticated = TRUE;
+ break;
+ }
+ }
+ }
+
+ if (authenticated)
+ break;
+ }
+ }
+#endif /* ENABLE_RPA */
+
+ /* ordinary validation, no one-time password or RPA */
+ ok = gen_transact(sock, "PASS %s", ctl->password);
break;
case P_APOP:
break;
case P_RPOP:
- if ((gen_transact(sock,"USER %s", ctl->remotename)) != 0)
- PROTOCOL_ERROR
-
- ok = gen_transact(sock, "RPOP %s", ctl->password);
+ if ((ok = gen_transact(sock,"USER %s", ctl->remotename)) == 0)
+ ok = gen_transact(sock, "RPOP %s", ctl->password);
break;
default:
error(0, 0, "lock busy! Is another session active?");
return(PS_LOCKBUSY);
}
- PROTOCOL_ERROR
}
/*
if (ok == 0)
{
if (sscanf(buf, "%d", &last) == 0)
- PROTOCOL_ERROR
+ {
+ error(0, 0, "protocol error");
+ return(PS_ERROR);
+ }
*newp = (*countp - last);
}
else
{
/* don't worry, yet! do it the slow way */
if((ok = pop3_slowuidl( sock, ctl, countp, newp))!=0)
- PROTOCOL_ERROR
+ {
+ error(0, 0, "protocol error while fetching UIDLs");
+ return(PS_ERROR);
+ }
}
else
{
description: RPA authorisation code for POP3 client
***********************************************************************/
+#include "config.h"
+
+#ifdef RPA_ENABLE
#include <stdio.h>
#include <unistd.h>
#include <ctype.h>
#include "fetchmail.h"
#include "md5.h"
-
-
#ifdef TESTMODE
extern unsigned char line1[];
extern unsigned char line2[];
fprintf(stderr,"\n");
}
}
+#endif /* RPA_ENABLE */
+
+/* rpa.c ends here */
projects / ~andy / fetchmail / commitdiff