------------------------------------------------------------------------------
fetchmail-4.4.0 ():
* Documentation cleanup.
+* -S is back to setting smtphost all the time; net-security option is now -T.
+* net-security option is now per-server, with a `netsec' keyword.
There are 272 people on fetchmail-friends and 136 on fetchmail-announce.
#endif /* !INET6 */
realhost = ctl->server.via ? ctl->server.via : ctl->server.pollname;
#if INET6
- if ((sock = SockOpen(realhost, ctl->server.service ? ctl->server.service : protocol->service)) == -1)
+ if ((sock = SockOpen(realhost,
+ ctl->server.service ? ctl->server.service : protocol->service,
+ ctl->server.netsec)) == -1)
#else /* INET6 */
if ((sock = SockOpen(realhost, port)) == -1)
#endif /* INET6 */
#if INET6
if (ctl->server.service)
printf(" (using service %s)", ctl->server.service);
+ if (ctl->server.netsec)
+ printf(" (using IPsec options %s)", ctl->server.netsec);
#else /* INET6 */
if (ctl->server.port)
printf(" (using port %d)", ctl->server.port);
struct idlist *localdomains; /* list of pass-through domains */
int protocol; /* protocol type */
#if INET6
- char *service;
+ char *service; /* IPv6 service name */
+ void *netsec; /* IPv6 security request */
#else /* INET6 */
int port; /* TCP/IP service port number */
#endif /* INET6 */
extern char *fetchmailhost; /* the name of the host running fetchmail */
extern int pass; /* number of re-polling pass */
-#if NETSEC
-extern void *request;
-extern int requestlen;
-#endif /* NETSEC */
-
/* prototypes for globally callable functions */
/* error.c: Error reporting */
`mbox-userstr-' prefix to deliver to the correct user.
This is what this option is for.
-.SH USER AUTHENTICATION
+.SH USER AUTHENTICATION AND ENCRYPTION
Every mode except ETRN requires authentication of the client.
Normal user authentication in
.I fetchmail
binary, and you query a server in the Compuserve csi.com domain,
\fIfetchmail\fR will try to perform an RPA pass-phrase authentication
instead of sending over the password en clair.
+.PP
+If you are using IPsec, the -T (--netsec) option can be used to pass
+an IP security request to be used when outgoing IP connections are
+initialized. You can also do this using the `netsec' server option
+in the .fetchmailrc file. In either case, the option value is a
+string in the format accepted by the net_security_strtorequest()
+function of the inet6_apps library.
.SH DAEMON MODE
The
#define LA_AUTHENTICATE 17
#define LA_TIMEOUT 18
#define LA_ENVELOPE 19
-#define LA_USERNAME 20
-#define LA_ALL 21
-#define LA_NOKEEP 22
-#define LA_KEEP 23
-#define LA_FLUSH 24
-#define LA_NOREWRITE 25
-#define LA_LIMIT 26
-#define LA_FOLDER 27
-#define LA_SMTPHOST 28
-#define LA_SMTPADDR 29
-#define LA_BATCHLIMIT 30
-#define LA_FETCHLIMIT 31
-#define LA_EXPUNGE 32
-#define LA_MDA 33
-#define LA_INTERFACE 34
-#define LA_MONITOR 35
-#define LA_YYDEBUG 36
-#define LA_QVIRTUAL 37
-
-/* options still left: CgGhHjJoORTUwWxXYzZ */
+#define LA_QVIRTUAL 20
+#define LA_USERNAME 21
+#define LA_ALL 22
+#define LA_NOKEEP 23
+#define LA_KEEP 24
+#define LA_FLUSH 25
+#define LA_NOREWRITE 26
+#define LA_LIMIT 27
+#define LA_FOLDER 28
+#define LA_SMTPHOST 29
+#define LA_SMTPADDR 30
+#define LA_BATCHLIMIT 31
+#define LA_FETCHLIMIT 32
+#define LA_EXPUNGE 33
+#define LA_MDA 34
+#define LA_NETSEC 35
+#define LA_INTERFACE 36
+#define LA_MONITOR 37
+#define LA_YYDEBUG 38
+
+/* options still left: CgGhHjJoORUwWxXYzZ */
static const char *shortoptions =
"?Vcsvd:NqL:f:i:p:UP:A:t:E:Q:u:akKFnl:r:S:b:B:e:m:I:M:y";
{"username", required_argument, (int *) 0, LA_USERNAME },
{"all", no_argument, (int *) 0, LA_ALL },
- {"nokeep", no_argument, (int *) 0, LA_NOKEEP },
+ {"nokeep", no_argument, (int *) 0, LA_NOKEEP },
{"keep", no_argument, (int *) 0, LA_KEEP },
{"flush", no_argument, (int *) 0, LA_FLUSH },
{"norewrite", no_argument, (int *) 0, LA_NOREWRITE },
{"folder", required_argument, (int *) 0, LA_FOLDER },
{"smtphost", required_argument, (int *) 0, LA_SMTPHOST },
- {"smtpaddress", required_argument, (int *) 0, LA_SMTPADDR },
+ {"smtpaddress", required_argument, (int *) 0, LA_SMTPADDR },
{"batchlimit",required_argument, (int *) 0, LA_BATCHLIMIT },
{"fetchlimit",required_argument, (int *) 0, LA_FETCHLIMIT },
{"expunge", required_argument, (int *) 0, LA_EXPUNGE },
{"mda", required_argument, (int *) 0, LA_MDA },
+#ifdef INET6
+ {"netsec", required_argument, (int *) 0, LA_NETSEC },
+#endif /* INET6 */
+
#if defined(linux) && !INET6
{"interface", required_argument, (int *) 0, LA_INTERFACE },
{"monitor", required_argument, (int *) 0, LA_MONITOR },
((cp = strtok((char *)NULL, ",")));
break;
case 'S':
-#if NETSEC
- if (net_security_strtorequest(optarg, request, &requestlen)) {
- fprintf(stderr, "fetchmail: net_security_strtorequest(%s, ...) failed!\n", optarg);
- errflag++;
- };
- break;
-#endif /* NETSEC */
case LA_SMTPHOST:
strcpy(buf, optarg);
cp = strtok(buf, ",");
((cp = strtok((char *)NULL, ",")));
ocount++;
break;
- case 'D':
+ case 'D':
case LA_SMTPADDR:
ctl->smtpaddress = xstrdup(optarg);
break;
ocount++;
break;
+ case 'T':
+ case LA_NETSEC:
+#if NETSEC
+ ctl->server.ipsec = (void *)optarg;
+#else
+ fprintf(stderr, "fetchmail: IPv6 support is disabled\n");
+ errflag++;
+#endif /* NETSEC */
+ break;
+
#if defined(linux) && !INET6
case 'I':
case LA_INTERFACE:
fputs(" -l, --limit don't fetch messages over given size\n", stderr);
#if NETSEC
- fputs(" -S set security request\n", stderr);
- fputs(" --smtphost set SMTP forwarding host\n", stderr);
-#else /* NETSEC */
- fputs(" -S, --smtphost set SMTP forwarding host\n", stderr);
+ fputs(" -T, --netsec set IP security request\n", stderr);
#endif /* NETSEC */
+ fputs(" -S, --smtphost set SMTP forwarding host\n", stderr);
fputs(" -D, --smtpaddress set SMTP delivery domain to use\n", stderr);
fputs(" -b, --batchlimit set batch limit for SMTP connections\n", stderr);
fputs(" -B, --fetchlimit set fetch limit for server connections\n", stderr);
mda { return MDA; }
pre(connect)? { return PRECONNECT; }
post(connect)? { return POSTCONNECT; }
+netsec { return NETSEC; }
interface { return INTERFACE; }
monitor { return MONITOR; }
batchlimit { return BATCHLIMIT; }
%token PRECONNECT POSTCONNECT LIMIT
%token IS HERE THERE TO MAP WILDCARD
%token BATCHLIMIT FETCHLIMIT EXPUNGE
-%token SET LOGFILE DAEMON SYSLOG INVISIBLE INTERFACE MONITOR
+%token SET LOGFILE DAEMON SYSLOG INVISIBLE NETSEC INTERFACE MONITOR
%token <proto> PROTO
%token <sval> STRING
%token <number> NUMBER
current.server.envskip = 0;
}
- | QVIRTUAL STRING {current.server.qvirtual = xstrdup($2);}
+ | QVIRTUAL STRING {current.server.qvirtual=xstrdup($2);}
+ | NETSEC STRING {
+#ifdef INET6
+ current.server.netsec =
+ xstrdup($2);
+#else
+ yyerror("IPV6 support disabled")
+#endif /* INET6 */
+ }
| INTERFACE STRING {
#if defined(linux) && !defined(INET6)
interface_parse($2, ¤t.server);
FLAG_FORCE(server.protocol);
#if INET6
FLAG_FORCE(server.service);
+ FLAG_FORCE(server.netsec);
#else /* INET6 */
FLAG_FORCE(server.port);
#endif /* INET6 */
FLAG_MERGE(server.protocol);
#if INET6
FLAG_MERGE(server.service);
+ FLAG_MERGE(server.netsec);
#else /* INET6 */
FLAG_MERGE(server.port);
#endif /* INET6 */
int yywrap(void) {return 1;}
/* rcfile_y.y ends here */
+
+
#include "socket.h"
#if NETSEC
-#if MAIN
-void *request = NULL;
-int requestlen = 0;
-#else /* MAIN */
-extern void *request;
-extern int requestlen;
-#endif /* MAIN */
+#include <net/security.h>
#endif /* NETSEC */
#if INET6
-int SockOpen(const char *host, const char *service)
+int SockOpen(const char *host, const char *service, const char *options)
{
int i;
struct addrinfo *ai, req;
memset(&req, 0, sizeof(struct addrinfo));
req.ai_socktype = SOCK_STREAM;
+#if NETSEC
+ net_security_operation request[32];
+ int requestlen = 32;
+#endif /* NETSEC */
if (i = getaddrinfo(host, service, &req, &ai)) {
fprintf(stderr, "fetchmail: getaddrinfo(%s.%s): %s(%d)\n", host, service, gai_strerror(i), i);
};
#if NETSEC
- i = inner_connect(ai, request, requestlen, NULL, NULL, "fetchmail", NULL);
+ if (net_security_strtorequest(options, request, &requestlen))
+ i = -1;
+ else
+ i = inner_connect(ai, request, requestlen, NULL,NULL, "fetchmail", NULL);
#else /* NETSEC */
i = inner_connect(ai, NULL, 0, NULL, NULL, "fetchmail", NULL);
#endif /* NETSEC */
/* Create a new client socket; returns (FILE *)NULL on error */
#if INET6
-int SockOpen(const char *host, const char *service);
+int SockOpen(const char *host, const char *service, const char *options);
#else /* INET6 */
int SockOpen(const char *host, int clientPort);
#endif /* INET6 */
projects / ~andy / fetchmail / commitdiff