# This could be handy for archiving the generated documentation or
# if some version control system is used.
- PROJECT_NUMBER = master
+ PROJECT_NUMBER = legacy_63
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
# base path where the generated documentation will be put.
INCLUDE_PATH = /usr/include \
/usr/include/lsb3 \
- build \
- trio
+ build
# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
# patterns (like *.h and *.hpp) to filter out the header-files in the
# Makefile for fetchmail
SUBDIRS= . po
-AUTOMAKE_OPTIONS= 1.11 foreign no-dist-gzip dist-bzip2 dist-xz
+AUTOMAKE_OPTIONS= 1.11 foreign no-dist-gzip dist-xz
AM_CPPFLAGS= -I$(srcdir)/libesmtp
ACLOCAL_AMFLAGS= -I m4 -I m4-local
pys= fetchmailconf.py
pym= fetchmailconf.man
+if HAVE_LIBPWMD
+CFLAGS += @libpwmd_CFLAGS@
+LDFLAGS += @libpwmd_LIBS@
+endif
+
+if HAVE_PYTHON
nodist_bin_SCRIPTS= fetchmailconf
python_PYTHON= $(pys)
dist_man1_MANS+= $(pym)
- EXTRA_DIST=
- else
- noinst_PYTHON= $(pys)
- EXTRA_DIST= $(pym)
- endif
CLEANFILES= $(nodist_bin_SCRIPTS)
TESTS= t.smoke t.validate-xhtml10 t.validate-xhtml t.x509_name_match
TESTS_ENVIRONMENT= srcdir="$(srcdir)" LC_ALL=C TZ=UTC SHELL="$(SHELL)" $(SHELL)
-if NEED_TRIO
-noinst_LIBRARIES+= libtrio.a
-libtrio_a_SOURCES= trio/triostr.c trio/trio.c trio/trionan.c \
- trio/trio.h trio/triop.h trio/triodef.h \
- trio/trionan.h trio/triostr.h
-check_PROGRAMS+= regression
-regression_SOURCES= trio/regression.c
-LDADD+= libtrio.a -lm
-TESTS+= t.regression
-endif
-
fetchmail_SOURCES= fetchmail.h getopt.h \
- i18n.h kerberos.h fm_md5.h mx.h netrc.h smtp.h \
+ gettext.h kerberos.h fm_md5.h netrc.h smtp.h \
socket.h tunable.h \
socket.c getpass.c \
fetchmail.c env.c idle.c options.c daemon.c \
driver.c transact.c sink.c smtp.c \
- idlist.c uid.c mxget.c md5ify.c cram.c gssapi.c \
+ idlist.c uid.c md5ify.c cram.c gssapi.c \
opie.c interface.c netrc.c \
- unmime.c conf.c checkalias.c \
+ unmime.c conf.c checkalias.c uid_db.h uid_db.c\
lock.h lock.c \
rcfile_l.l rcfile_y.y \
ucs/norm_charmap.c ucs/norm_charmap.h
-if POP2_ENABLE
-fetchmail_SOURCES += pop2.c
-endif
if POP3_ENABLE
fetchmail_SOURCES += pop3.c
endif
if ODMR_ENABLE
fetchmail_SOURCES += odmr.c
endif
-if KERBEROS_V4_ENABLE
-fetchmail_SOURCES += kerberos.c
-endif
if RPA_ENABLE
fetchmail_SOURCES += rpa.c
endif
fetchmail_SOURCES += libesmtp/getaddrinfo.h libesmtp/getaddrinfo.c
endif
-check_PROGRAMS += rfc822 unmime netrc rfc2047e mxget rfc822valid \
+check_PROGRAMS += rfc822 unmime netrc rfc2047e rfc822valid \
x509_name_match
rfc2047e_CFLAGS= -DTEST
netrc_SOURCES= netrc.c xmalloc.c report.c
netrc_CFLAGS= -DSTANDALONE -DHAVE_CONFIG_H -I$(builddir)
-mxget_SOURCES= mxget.c
-mxget_CFLAGS= -DSTANDALONE -DHAVE_CONFIG_H -I$(builddir)
-
@SET_MAKE@
fetchmail.spec: Makefile.in specgen.sh
README.packaging README.SSL-SERVER \
fetchmail-FAQ.book fetchmail-FAQ.pdf fetchmail-FAQ.html \
Mailbox-Names-UTF7.txt Mailbox-Names-UTF7.html \
+ fetchmail-SA-2012-02.txt \
+ fetchmail-SA-2012-01.txt \
fetchmail-SA-2011-01.txt \
fetchmail-EN-2010-03.txt \
fetchmail-SA-2010-02.txt \
# extra directories to ship
distdirs = rh-config contrib beos
- EXTRA_DIST+= $(DISTDOCS) $(distdirs) \
+ EXTRA_DIST= $(DISTDOCS) $(distdirs) \
fetchmail.spec fetchmail.xpm \
- trio/CHANGES trio/README \
strlcpy.3 bighand.png \
m4/codeset.m4 \
m4/gettext.m4 \
# ADVANCE WARNING OF FEATURES TO BE REMOVED OR CHANGED IN FUTURE VERSIONS
(There are no plans to remove features from a 6.3.X release, but they may be
-removed from a 6.4.0 or newer release.)
-* The MX and host alias DNS lookups that fetchmail performs in multidrop mode
- are based on assumptions that are rarely met in practice, somewhat defective,
- deprecated and may be removed from a future fetchmail version.
- They have never supported IPv6 (including IPv6-mapped IPv4).
- Non-DNS based alias keywords such as "aka" will remain in fetchmail.
+removed from a 7.0.0 or newer release.)
* The monitor and interface options may be removed from a future fetchmail
version as they are not reasonably portable across operating systems.
-* POP2 is obsolete, support will be removed from a future fetchmail version.
-* IMAP2 and IMAP4 (not IMAP4r1) are obsolete, support may be removed from a
+* IMAP4 (not IMAP4r1) is obsolete, support may be removed from a
future fetchmail version.
-* RPOP is obsolete, support will be removed from a future fetchmail release.
* --sslcertck will become a default setting in a future fetchmail version.
* The multidrop To/Cc guessing code along with the fragile duplicate suppressor
is deprecated and may be removed from a future release.
inconsistent and confusing.
* The "protocol auto" default inside fetchmail may be removed from a future
fetchmail release. Explicit configuration of the protocol is recommended.
-* Kerberos IV support may be removed from a future fetchmail release.
* Kerberos 5 support may be removed from a future fetchmail release.
-* The --principal option may be removed from a future fetchmail release.
* SIGHUP wakeup support may be removed from a future fetchmail release and
cause fetchmail to terminate - it was broken for many years.
-* Support for operating systems that are not sufficiently POSIX compliant may be
- removed or operation on such systems may be suboptimal for future releases.
- This means that fetchmail may only continue to work on C99 and POSIX 2001
- based systems.
* The maintainer may migrate fetchmail to C++ with STL or C#, and impose further
requirements (dependencies), such as Boost or other class libraries.
-* The softbounce option default will change to "false" in the next release.
* The --bsmtp - mode of operation may be removed in a future release.
* Given that OpenSSL is severely underdocumented, and needs license exceptions,
fetchmail may switch to a different SSL library.
-* SSLv2 support will be removed from a future fetchmail release. It has been
- obsolete for more than a decade.
--------------------------------------------------------------------------------
- fetchmail-6.3.22 (not yet released):
+fetchmail-7.0.0 (not yet released):
+
+NOTE THIS IS AN ALPHA RELEASE THAT HAS NOT BEEN THOROUGHLY TESTED!
+
+# MAJOR CHANGES
+* The UIDL handler code is now much faster, especially noticable with lots of
+ mail kept on a POP3 server. Where the 6.3.X code was of O(n^2) complexity,
+ we're down to O(n log n).
+ Contributed by Rainer Weikusat, MAD Partners Ltd./MSS GmbH.
+* The POP3 code now always uses UIDL, except if "fetchall" is in effect.
+ Fixes BerliOS Bug #16172. Fixes Debian Bug#345788.
+* Fetchmail now enables SSL support by default. If this is undesired,
+ ./configure --without-ssl should help.
+* The OpenSSL code now excludes the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option.
+ This can cause interoperability problems with certain buggy servers, but is
+ required to defang chosen-plaintext attacks against AES. While probably hard
+ to mount against fetchmail, let's play it safe rather than be sorry later.
+
+# FEATURES ADDED
+* Fetchmail can now retrieve credentials from PWMD. This needs to be enabled at
+ compile-time and requires run-time configuration. See README.PWMD for details.
+ Contributed by Ben Kibbey, author of libpwmd and pwmd.
+* Fetchmail now supports a retrieve-error command line or rcfile option that
+ takes exactly one argument, abort (default), continue or markseen. This
+ specifies the policy used by fetchmail to handle messages whose bodies
+ fail to be retrieved due to server errors. Both the continue and markseen
+ options will skip the message with errors and allow the session to
+ continue so that subsequent messages can be retrieved. The markseen
+ option will also mark the message with errors as seen.
+ The default policy is to abort the session whenever a server error occurs.
+ Contributed by Craig Brown.
+* Fetchmailconf offers cram-md5 and apop authentication.
+
+# REMOVED FEATURES
+* IMAP2 protocol support was removed.
+* POP2 protocol support was removed.
+* RPOP (not actually a protocol, but a variant of POP3) was removed
+* POP3: the uidl option has been removed. It is always on.
+* POP3: LAST is no longer used. It was removed from POP3 in 1994, and it could
+ cause mail loss when the connection was interrupted or if clients besides
+ fetchmail polled the mailbox.
+* Trio was removed, fetchmail expects reasonable stdio.h quality levels.
+* Support for systems that do not conform to C89 and POSIX 2001 was removed,
+ this means that BeOS, EMX, NeXTSTEP quirks are no longer worked around.
+* The MX and host alias DNS lookups that fetchmail performs in multidrop mode
+ have been removed. They were based on the mistaken assumption that the
+ IMAP/POP3 server was also the MX server, which is rarely the case. They have
+ never supported IPv6 (including IPv6-mapped IPv4) either.
+ Non-DNS based alias keywords such as "aka" remain.
+* Kerberos IV support was removed.
+* fetchmail no longer supports SSL v2, nor the corresponding SSL2 option to
+ --sslproto. SSLv2 is insecure and had been deprecated 15 years ago. fetchmail
+ will actively forbid SSLv2 negotiation by means of SSL_OP_NO_SSLv2.
+ To fix Debian Bug#622054.
+* A lot of outdated and/or unsafe-to-use material got dropped from contrib/.
+
+# REGRESSION FIXES
+* The mimedecode feature now properly detects multipart/mixed-type matches, so
+ that quoted-printable-encoded multipart messages can get decoded.
+ (Regression in 5.0.0 on 1999-03-27, as a side effect of a PGP-mimedecode fix
+ attributed to Henrik Storner.)
+
+# BUG FIXES
+* The mimedecode feature failed to ship the last line of the body if it was
+ encoded as quoted-printable and had a MIME soft line break in the very last
+ line. Reported by Lars Hecking in June 2011.
+ Bug introduced on 1998-03-20 when the mimedecode support was added by ESR
+ before release 4.4.1 through code contributed by Henrik Storner.
+ Workaround for older releases: do not use mimedecode feature.
+* Fetchmail now detects singly-quoted % expansions in the mda option and refuses
+ to deliver for safety reasons. Fixes Debian Bug#347909.
+* The Server certificate: message in verbose mode now appears on stdout like the
+ remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807.
+
+# CHANGES
+* A foreground fetchmail can now accept a few more options while another copy is
+ running in the background.
+* APOP is no longer a protocol, but an authentication method. In order to use
+ it, use protocol POP3 auth APOP, or on the commandline, -p pop3 --auth apop.
+ If no authentication method is specified, APOP is automatically tried if
+ offered by the server before we resort to sending the password as clear text.
+
+--------------------------------------------------------------------------------
+ fetchmail-6.3.23 (not yet released)
+
+ # NOTE THAT THE RELEASE OF FUTURE FETCHMAIL 6.3.X VERSIONS IS UNCLEAR.
+ Should a 7.0 release be made earlier, chances are that the 6.3.X branch
+ is abandoned and its changes be folded into the 7.0 release, with changes
+ after 6.3.22 not available on their own in a newer 6.3.X release.
+
+ # REGRESSION FIXES
+ * Fix compilation with OpenSSL implementations before 0.9.8m that lack
+ SSL_CTX_clear_options. Patch by Earl Chew.
+ Note that the use of older OpenSSL versions with fetchmail is unsupported and
+ *not* recommended.
+
+ # BUG FIXES
+ * Fix combination of --plugin and -f -. Patch by Alexander Zangerl,
+ to fix Debian Bug#671294.
+
+
+ fetchmail-6.3.22 (released 2012-08-29, 26077 LoC):
+
+ # SECURITY FIXES
+ * for CVE-2012-3482:
+ NTLM: fetchmail mistook an error message that the server sent in response to
+ an NTLM request for protocol exchange, tried to decode it, and crashed while
+ reading from a bad memory location.
+ Also, with a carefully crafted NTLM challenge packet sent from the server, it
+ would be possible that fetchmail conveyed confidential data not meant for the
+ server through the NTLM response packet.
+ Fix: Detect base64 decoding errors, validate the NTLM challenge, and abort
+ NTLM authentication in case of error.
+ See fetchmail-SA-2012-02.txt for further details.
+ Reported by J. Porter Clark.
+
+ * for CVE-2011-3389:
+ SSL/TLS (wrapped and STARTTLS): fetchmail used to disable a countermeasure
+ against a certain kind of attack against cipher block chaining initialization
+ vectors (SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS).
+ Whether this creates an exploitable situation, depends on the server and the
+ negotiated ciphers.
+ As a precaution, fetchmail 6.3.22 enables the countermeasure, by clearing
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.
+
+ NOTE that this can cause connections to certain non-conforming servers to
+ fail, in which case you can set the environment variable
+ FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE to any non-empty value when starting
+ fetchmail to re-instate the compatibility option at the expense of security.
+
+ Reported by Apple Product Security.
+
+ For technical details, refer to <http://www.openssl.org/~bodo/tls-cbc.txt>.
+ See fetchmail-SA-2012-01.txt for further details.
+
+ # BUG FIX
+ * The Server certificate: message in verbose mode now appears on stdout like the
+ remainder of the output. Reported by Henry Jensen, to fix Debian Bug #639807.
+
+ * The GSSAPI-related autoconf code now matches gssapi.c better, and uses
+ a different check to look for GSS_C_NT_HOSTBASED_SERVICE.
+ This fixes the GSSAPI-enabled build on NetBSD 6 Beta.
+
+ # CHANGES
+ * On systems where SSLv2_client_method isn't defined in OpenSSL (such as
+ newer Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't
+ reference it (to fix the build) and if configured, print a run-time error
+ that the OS does not support SSLv2. Fixes Debian Bug #622054,
+ but note that that bug report has a more thorough patch that does away with
+ SSLv2 altogether.
+
+ * The security and errata notices fetchmail-{EN,SA}-20??-??.txt are now
+ under the more relaxed CC BY-ND 3.0 license (the noncommercial clause
+ was dropped). The Creative Commons address was updated.
+
+ * The Python-related Makefile.am parts were simplified to avoid an automake
+ 1.11.X bug around noinst_PYTHON, Automake Bug #10995.
+
+ * Configuring fetchmail without SSL now triggers a configure warning,
+ and asks the user to consider running configure --with-ssl.
+
+ # WORKAROUND
+ * Some servers, notably Zimbra, return A1234 987 FETCH () in response to
+ a header request, in the face of message corruption. fetchmail now treats
+ these as temporary errors. Report and Patch by Mikulas Patocka, Red Hat.
+
* Some servers, notably Microsoft Exchange, return "A0009 OK FETCH completed."
without any header in response to a header request for meeting reminder
messages (with a "meeting.ics" attachment). fetchmail now treats these as
transient errors. Report by John Connett, Patch by Sunil Shetye.
+ # TRANSLATION UPDATES
+ * [cs] Czech, by Petr Pisar
+ * [de] German
+ * [fr] French, by Frédéric Marchal
+ * [ja] Japanese, by Takeshi Hamasaki
+ * [pl] Polish, by Jakub Bogusz
+ * [sv] Swedish, by Göran Uddeborg --- NEW TRANSLATION - Thank you!
+ * [vi] Vietnamese, by Trần Ngọc Quân
+
+ # KNOWN BUGS AND WORKAROUNDS
+ (This section floats upwards through the NEWS file so it stays with the
+ current release information)
+ * Fetchmail does not handle messages without Message-ID header well
+ (See sourceforge.net bug #780933)
+ * BSMTP is mostly untested and errors can cause corrupt output.
+ * Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in
+ 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit
+ fetchmail. Note that fetchmail doesn't take advantage of 64-bit code,
+ so compiling 32-bit SPARC code should not cause any difficulties.
+ * Fetchmail does not track pending deletes across crashes.
+ * The command line interface is sometimes a bit stubborn, for instance,
+ fetchmail -s doesn't work with a daemon running.
+ * Linux systems may return duplicates of an IP address in some circumstances if
+ no or no global IPv6 addresses are configured.
+ (No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
+ * Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
+ messages. This will not be fixed, because the maintainer has no Kerberos 5
+ server to test against. Use GSSAPI.
- fetchmail-6.3.21 (not yet released):
+
+ fetchmail-6.3.21 (released 2011-08-21, 26011 LoC):
# CRITICAL BUG FIX
* The IMAP client no longer inserts NUL bytes into the last line of a message
messages end up in mbox, but adds line termination for storages (like Maildir)
that do not require that the last line be LF- or CRLF-terminated.
+ # CONTRIB/ addition
+ * There is a patch against fetchnews's source, contrib/rawlog.patch, that can
+ log (and hexdump non-printing characters) raw socket data to a file. It proved
+ useful to debug Antoine's bug described above.
-
fetchmail-6.3.20 (released 2011-06-06, 26005 LoC):
# SECURITY BUG FIXES
[pl] Polish (Jakub Bogusz)
[sk] Slovak (Marcel Telka)
- # KNOWN BUGS AND WORKAROUNDS
- (this section floats upwards through the NEWS file so it stays with the
- current release information - however, it was stuck with 6.3.8 for a while)
- * fetchmail does not handle messages without Message-ID header well
- (See sourceforge.net bug #780933)
- * BSMTP is mostly untested and errors can cause corrupt output.
- * Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in
- 64-bit mode. Either compile 32-bit code or use GCC to compile 64-bit
- fetchmail. Note that fetchmail doesn't take advantage of 64-bit code,
- so compiling 32-bit SPARC code should not cause any difficulties.
- * fetchmail does not track pending deletes over crashes.
- * the command line interface is sometimes a bit stubborn, for instance,
- fetchmail -s doesn't work with a daemon running.
- * Linux systems may return duplicates of an IP address in some circumstances if
- no or no global IPv6 addresses are configured.
- (No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
- * Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
- messages. This will not be fixed, because the maintainer has no Kerberos 5
- server to test against. Use GSSAPI.
-
fetchmail-6.3.19 (released 2010-12-10, 25945 LoC):
Note that there is a separate todo.html with different content than this.
soon - MUST:
+ - blacklist DigiNotar/Comodo hacks/certs, possibly with Chrome's serial#
+ list?
+ - check if wildcards from X.509 are handled as strictly as required by
+ the RFCs.
- audit if there are further untrusted data report_*() calls.
- Debian Bug #475239, MIME decoder may break up words (need to quote results)
- put bare IP addresses in brackets for SMTP (check if there are RFC
- fetch IMAP message in one go (fetchmail-devel by Adam Simpkins
<simpkins@cisco.com> around Nov 2nd)?
-6.4:
+7.0:
- Properly free host/user entries (through C++ class instantiation and destructors...)
- Remove stupid options, such as spambounce, or deferred bounces for anything
but wrong addresses
# Fetchmail automatic configuration support
#
# Eric S. Raymond <esr@thyrsus.com>
- # 2004 - 2010 Matthias Andree <matthias.andree@gmx.de>
+ # 2004 - 2012 Matthias Andree <matthias.andree@gmx.de>
#
dnl Process this file with autoconf to produce a configure script.
dnl
dnl XXX - if bumping version here, check fetchmail.man, too!
- AC_INIT([fetchmail],[7.0.0-alpha2],[fetchmail-devel@lists.berlios.de])
-AC_INIT([fetchmail],[6.3.22.1],[fetchmail-users@lists.berlios.de])
++AC_INIT([fetchmail],[7.0.0-alpha3],[fetchmail-devel@lists.berlios.de])
AC_CONFIG_SRCDIR([fetchmail.h])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_LIBOBJ_DIR([.])
AC_CANONICAL_HOST
+dnl keep this before stuff that runs the compiler!
+AC_USE_SYSTEM_EXTENSIONS
+
dnl automake options are in Makefile.am
-AC_PREREQ(2.60)
+AC_PREREQ(2.64)
dnl 2.60 required for AC_USE_SYSTEM_EXTENSIONS
AM_INIT_AUTOMAKE
AM_CONDITIONAL([HAVE_PYTHON], [test "$PYTHON" != :])
AC_PROG_AWK
-AC_PROG_CC
-AM_PROG_CC_C_O
+AC_PROG_CC_C99
AC_PROG_INSTALL
-AC_PROG_CPP dnl Later checks need this.
+AM_PROG_LEX
+AC_PROG_MAKE_SET
AC_PROG_RANLIB
-AM_PROG_CC_C_O
-AC_USE_SYSTEM_EXTENSIONS
-
-AC_ISC_POSIX
-dnl AC_ISC_POSIX: - XXX FIXME: remove in fetchmail 6.4.
-dnl This macro adds `-lcposix' to output variable `LIBS' if necessary
-dnl for Posix facilities. Sun dropped support for the obsolete
-dnl INTERACTIVE Systems Corporation Unix on 2006-07-23. New programs
-dnl need not use this macro. It is implemented as
-dnl `AC_SEARCH_LIBS([strerror], [cposix])'
+AC_PROG_YACC
dnl check for b0rked Solaris (and other shells) and find one that works
AC_MSG_CHECKING(for a working shell...)
AC_MSG_ERROR(no SUS compliant shell found - on Solaris, install SUNWxcu4)
fi
+AC_CHECK_HEADERS([arpa/nameser.h])
-AC_HEADER_STDC
-AC_HEADER_TIME
-AC_TYPE_SIZE_T
-AC_TYPE_PID_T
-AC_TYPE_SIGNAL
-AC_CHECK_HEADERS([unistd.h termios.h termio.h sgtty.h stdarg.h \
- sys/itimer.h fcntl.h sys/fcntl.h memory.h sys/wait.h \
- arpa/inet.h arpa/nameser.h netinet/in.h net/socket.h netdb.h \
- sys/select.h sys/socket.h sys/time.h langinfo.h])
-if test _$ac_cv_header_stdarg_h != _yes ; then
-AC_MSG_WARN([stdarg.h is not defined. Unsupported configuration, proceed at your own risk.])
-fi
-AC_CHECK_TYPE(u_int32_t,,
- AC_DEFINE(u_int32_t,unsigned int,
- [Define to unsigned int if <sys/types.h> does not define.]),
- [AC_INCLUDES_DEFAULT
-#ifdef HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif])
AC_CHECK_HEADERS([resolv.h],,,[
#include <sys/types.h>
-#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
-#endif
#ifdef HAVE_ARPA_NAMESER_H
#include <arpa/nameser.h>
#endif
AC_CHECK_DECLS([h_errno],,,[
AC_INCLUDES_DEFAULT
- #ifdef HAVE_NETDB_H
#include <netdb.h>
- #endif
])
-AC_C_CONST dnl getopt needs this.
-
-AM_PROG_LEX
-AC_PROG_MAKE_SET
-AC_PROG_YACC
-
# Check for OS special cases
case $host_os in
darwin*)
AC_MSG_NOTICE(found FreeBSD - Adding -lkvm -lcom_err to standard libraries)
LIBS="$LIBS -lkvm -lcom_err"
;;
-# Check for LynxOS special case: -lbsd needed (at least on 2.3.0) and -s
-# not working.
-lynxos*)
- AC_MSG_NOTICE(found LynxOS - Adding -lbsd to standard libraries)
- LIBS="$LIBS -lbsd"
- LDFLAGS=`echo $LDFLAGS | sed "s/-s //"`
- AC_MSG_NOTICE(found LynxOS - Prepending standard include path to gcc flags)
- CPPFLAGS="$CPPFLAGS -I/usr/include"
- ;;
-# Check for Rhapsody special case: it doesn't like -s
-rhapsody*)
- AC_MSG_NOTICE(found Rhapsody - Removing -s load flag)
- LDFLAGS=`echo $LDFLAGS | sed "s/-s //"`
- ;;
esac
AC_CACHE_SAVE
AC_MSG_RESULT(using libc's inet_addr),
AC_CHECK_LIB(nsl,inet_addr))
-dnl Port hack for Interactive UNIX System V/386 Release 3.2
-AC_CHECK_LIB(cposix, strchr,
- [DEFS="$DEFS -D_SYSV3"
- LIBS="$LIBS -lcposix"])
-
-dnl Port hack for Sparc/NetBSD-1.5
-dnl
-dnl NB: this has been disabled as it causes the unconditional
-dnl addition of libintl to the build, which is both undesired
-dnl and breaks on Solaris/Blastwave.org machines.
-dnl
-dnl AC_CHECK_LIB(intl, gettext,
-dnl [LIBS="$LIBS -lintl"])
-
-AC_REPLACE_FUNCS([strstr strcasecmp memmove stpcpy strlcpy strlcat])
+AC_REPLACE_FUNCS([stpcpy strlcpy strlcat])
AC_CHECK_FUNC(getopt_long, [],
[AC_LIBSOURCES([getopt.c, getopt1.c])
EXTRAOBJ="$EXTRAOBJ getopt.\$(OBJEXT) getopt1.\$(OBJEXT)"])
-AC_FUNC_VPRINTF
-
AC_SUBST(EXTRAOBJ)
-AC_CHECK_FUNCS(tcsetattr stty setsid geteuid seteuid dnl
- strerror syslog snprintf vprintf vsnprintf vsyslog dnl
- atexit inet_aton strftime setrlimit socketpair dnl
- sigaction strdup setlocale)
+AC_CHECK_FUNCS(vsyslog inet_aton)
-AC_CHECK_DECLS([strerror,getenv])
dnl INET6 is used by KAME/getnameinfo
AC_CACHE_CHECK(for AF_INET6/PF_INET6,ac_cv_inet6,
AC_COMPILE_IFELSE([
AC_LANG_PROGRAM([[
- #ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
- #endif
- #ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
- #endif
]],[[
int foo = AF_INET6;
int bar = PF_INET6;
LIBS="$old_LIBS $lib"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
-#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
-#endif
#ifdef HAVE_ARPA_NAMESER_H
#include <arpa/nameser.h>
#endif
dnl Check for libcrypt -- it may live in libc or libcrypt, as on IRIX
AC_CHECK_FUNC(crypt, , AC_CHECK_LIB(crypt,crypt))
-dnl Check for usable void pointer type
-AC_MSG_CHECKING(use of void pointer type)
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[char *p;
- void *xmalloc();
- p = (char *) xmalloc(1);
- ]])],[AC_DEFINE(HAVE_VOIDPOINTER,1,[Define if your C compiler allows void * as a function result]) AC_MSG_RESULT(yes)],[AC_MSG_RESULT(no)])
-
-dnl Check for ANSI volatile
-AC_C_VOLATILE
-
-dnl Check out the wait reality. We have to assume sys/wait.h is present.
-AC_CHECK_FUNCS(waitpid wait3)
-AC_MSG_CHECKING(for union wait);
-AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
-#include <sys/wait.h>]], [[union wait status; int pid; pid = wait (&status);
-#ifdef WEXITSTATUS
-/* Some POSIXoid systems have both the new-style macros and the old
- union wait type, and they do not work together. If union wait
- conflicts with WEXITSTATUS et al, we don't want to use it at all. */
-if (WEXITSTATUS (status) != 0) pid = -1;
-#endif
-#ifdef HAVE_WAITPID
-/* Make sure union wait works with waitpid. */
-pid = waitpid (-1, &status, 0);
-#endif
-]])],[AC_DEFINE(HAVE_UNION_WAIT,1,Define if 'union wait' is the type of the first arg to wait functions.) AC_MSG_RESULT(yes)],[AC_MSG_RESULT(no)])
-
AC_MSG_CHECKING(sys_siglist declaration in signal.h or unistd.h)
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <signal.h>
/* NetBSD declares sys_siglist in <unistd.h>. */
-#ifdef HAVE_UNISTD_H
#include <unistd.h>
-#endif]], [[char *msg = *(sys_siglist + 1);]])],[AC_DEFINE(SYS_SIGLIST_DECLARED,1,[Define if 'sys_siglist' is declared by <signal.h>.]) AC_MSG_RESULT(yes)],[AC_MSG_RESULT(no)])
-
-# Find the right directory to put the root-mode PID file in
-for dir in "/var/run" "/etc"
-do
- if test -d $dir
- then
- break;
- fi
-done
-AC_MSG_RESULT(root-mode pid file will go in $dir)
-AC_DEFINE_UNQUOTED(PID_DIR, "$dir", directory for PID lock files)
+]], [[char *msg = *(sys_siglist + 1);]])],[AC_DEFINE(SYS_SIGLIST_DECLARED,1,[Define if 'sys_siglist' is declared by <signal.h>.]) AC_MSG_RESULT(yes)],[AC_MSG_RESULT(no)])
+
+AC_DEFINE_UNQUOTED(PID_DIR, "/var/run", directory for PID lock files)
+
+AC_ARG_ENABLE(pwmd,
+ [ --enable-pwmd enable Password Manager Daemon support],
+ , [enable_pwmd=no])
+
+if test "$enable_pwmd" = "yes"; then
+ PKG_CHECK_EXISTS([libpwmd], have_libpwmd=1,
+ AC_MSG_ERROR([Could not find libpwmd pkg-config module.]))
+
+
+ PKG_CHECK_MODULES([libpwmd], [libpwmd >= 6.0.0])
+ AM_CONDITIONAL(HAVE_LIBPWMD, true)
+ AC_DEFINE(HAVE_LIBPWMD, 1, [Define if you have libPWMD installed.])
+else
+ AM_CONDITIONAL(HAVE_LIBPWMD, false)
+fi
# We may have a fallback MDA available in case the socket open to the
# local SMTP listener fails. Best to use procmail for this, as we know
;;
esac
-AC_CHECK_SIZEOF(short)
-AC_CHECK_SIZEOF(int)
-AC_CHECK_SIZEOF(long)
-
-### use option --enable-POP2 to compile in the POP2 support
-AC_ARG_ENABLE(POP2,
- [ --enable-POP2 compile in POP2 protocol support (obsolete)],
- [with_POP2=$enableval],
- [with_POP2=no])
-test "$with_POP2" = "yes" && AC_DEFINE(POP2_ENABLE,1,Define if you want POP2 support compiled in)
-AM_CONDITIONAL(POP2_ENABLE, test "$with_POP2" = yes)
-
### use option --disable-POP3 to omit the POP3 support
AC_ARG_ENABLE(POP3,
[ --disable-POP3 don't compile in POP3 protocol support],
AC_DEFINE(SDPS_ENABLE,1,Define if you want SDPS support compiled in)
fi
fi
-if test "$with_POP3" != yes && test "$with_POP2" != yes \
- && test "$with_IMAP" != yes ; then
- AC_MSG_ERROR([You must enable at least one of POP2, POP3 and IMAP.])
+if test "$with_POP3" != yes && test "$with_IMAP" != yes ; then
+ AC_MSG_ERROR([You must enable at least one of POP3 and IMAP.])
fi
AC_CACHE_SAVE
dnl Mostly stolen from gnulib's getaddrinfo.m4
AC_SEARCH_LIBS(getaddrinfo, [nsl socket])
AC_CACHE_CHECK([for getaddrinfo],[fm_cv_getaddrinfo],[
- AC_TRY_LINK([
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
-#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETDB_H
#include <netdb.h>
-#endif
- ], [getaddrinfo(0, 0, 0, 0);],
- [ fm_cv_getaddrinfo=yes],
- [ fm_cv_getaddrinfo=no ])
+ ]], [[getaddrinfo(0, 0, 0, 0);]])],[ fm_cv_getaddrinfo=yes],[ fm_cv_getaddrinfo=no ])
])
if test x"$fm_cv_getaddrinfo" = "xyes"; then
fi
AC_CACHE_CHECK([for getnameinfo],[fm_cv_getnameinfo],[
- AC_TRY_LINK([
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
-#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETDB_H
#include <netdb.h>
-#endif
#ifndef NULL
#define NULL 0
#endif
- ], [getnameinfo(NULL,0, NULL,0, NULL, 0, 0);],
- [ fm_cv_getnameinfo=yes],
- [ fm_cv_getnameinfo=no ])
+ ]], [[getnameinfo(NULL,0, NULL,0, NULL, 0, 0);]])],[ fm_cv_getnameinfo=yes],[ fm_cv_getnameinfo=no ])
])
if test $fm_cv_getnameinfo = yes ; then
AC_DEFINE(HAVE_GETNAMEINFO,1,[Define to 1 if your system has getnameinfo()])
fi
fi
-# This version of the Kerberos 4 and 5 options addresses the follwing issues:
+# This version of the Kerberos 5 options addresses the follwing issues:
#
# * Build correctly under Heimdal kerberos if it is compiled with db2 and
# OpenSSL support (Debian's is)
-# * Build the kerberos.c stuff (KPOP) only for kerberosIV, to avoid breakage.
-# I don't know if this is 100% correct, but now at least IMAP and POP3
-# behave the same way regarding kerberosV.
-# * Build without any fuss for both kerberosIV and V at the same time.
-# * Move all the kerberos header mess to kerberos.h, and #include that
-# in driver.c and kerberos.c.
-#
-# Tested using the Heimdal Kerberos V libs, Kungliga Tekniska Högskolan (the
-# Royal Institute of Technology in Stockholm, Sweden)'s kerberos IV libs, and
-# the MIT reference implementation of KerberosV (all as packaged in Debian).
### use option --with-kerberos5=DIR to point at a Kerberos 5 directory
### make sure --with-ssl is run before --with-kerberos* !
fi
]) dnl --with-kerberos5=DIR
-### use option --with-kerberos=DIR to point at a Kerberos 4 directory
-KERBEROS_V4=0
-AC_ARG_WITH(kerberos,
- [ --with-kerberos=DIR point fetchmail compilation at a Kerberos 4 directory],
-[
-if test "$with_kerberos" != "no"
-then
- AC_MSG_WARN([Kerberos IV support is obsolete. Use --with-kerberos5 if possible.])
-# Check for a NetBSD/OpenBSD special case
-if test "$with_kerberos" = "yes" && ( test `uname` = "NetBSD" || test `uname` = "OpenBSD" )
-then
- AS_MESSAGE(checking kerberosIV for `uname`...)
- KERBEROS_V4=1
- CFLAGS="$CFLAGS -I/usr/include/kerberosIV"
- case `uname` in
- NetBSD) LIBS="$LIBS -lkrb -ldes -lroken -lcom_err" ;;
- OpenBSD) LIBS="$LIBS -lkrb -ldes" ;;
- esac
-elif krb4-config 2> /dev/null >/dev/null ; then
- krb4_prefix=`krb4-config --prefix`
- AC_MSG_RESULT([krb4-config points to kerberosIV under $krb4_prefix])
- unset krb4_prefix
- CFLAGS="$CFLAGS `krb4-config --cflags`"
- LIBS="$LIBS `krb4-config --libs`"
- KERBEROS_V4=1
-elif krb5-config 2> /dev/null >/dev/null ; then
- krb4_prefix=`krb5-config --prefix krb4`
- AC_MSG_RESULT([krb5-config points to kerberosIV under $krb4_prefix])
- if test -f ${krb4_prefix}/include/kerberosIV/krb.h ; then
- AC_DEFINE(KERBEROS_V4_V5,1,Define if you have Kerberos V4 headers under a kerberosIV directory)
- fi
- unset krb4_prefix
- CFLAGS="$CFLAGS `krb5-config --cflags krb4`"
- LIBS="$LIBS `krb5-config --libs krb4`"
- KERBEROS_V4=1
-else
- #we need to detect when we're building under a kerberosV compatibility
- #layer, btw...
- if test "$with_kerberos" != "yes" ; then
- searchdirs="$with_kerberos"
- else
- searchdirs="$with_kerberos5 /usr/kerberos /usr/kerberosIV /usr/athena /usr"
- fi
- with_kerberos=
- ac_saveLDFLAGS="$LDFLAGS"
- for dir in $searchdirs
- do
- AC_MSG_CHECKING([for Kerberos IV in $dir])
- if test -f "$dir/include/krb.h" || test -f "$dir/include/krb4.h" \
- || test -f "$dir/include/kerberosIV/krb.h"
- then
- AC_MSG_RESULT([found])
- else
- AC_MSG_RESULT([not found])
- continue
- fi
- #Find libs
- if test -f "$with_kerberos5/roken.h" ; then
- AC_CHECK_LIB(45, krb_mk_req)
- fi
- LDFLAGS="-L$dir/lib $ac_saveLDFLAGS"
- if test `uname` = "FreeBSD"; then
- AC_SEARCH_LIBS(_ossl_old_des_string_to_key, [des425 des crypto], [], continue)
- else
- AC_SEARCH_LIBS(des_string_to_key, [crypto], [], continue)
- fi
- AC_SEARCH_LIBS(krb_realmofhost, [krb4 krb], [], continue)
- with_kerberos="$dir"
- if test -f "$dir/include/kerberosIV/krb.h" ; then
- dir="$dir/include/kerberosIV"
- else
- dir="$dir/include"
- fi
- KERBEROS_V4=1
- test -f "$with_kerberos5/roken.h" && AC_DEFINE(HEIMDAL)
- test "$dir" != "/usr/include" && CFLAGS="$CFLAGS -I$dir"
- LDFLAGS="$LDFLAGS -L$with_kerberos/lib"
- break
- done
- if test -z "$with_kerberos" ; then
- AC_MSG_ERROR([Kerberos 4 libraries not found])
- fi
- LDFLAGS="$ac_saveLDFLAGS"
-fi
-fi
-]) dnl --with-kerberos=DIR
-if test "$KERBEROS_V4" = 1 ; then
- AC_DEFINE(KERBEROS_V4,1,Define if you have Kerberos V4)
-fi
-AM_CONDITIONAL(KERBEROS_V4_ENABLE, test "$KERBEROS_V4" = 1)
-
### use option --with-ssl to compile in the SSL support
AC_ARG_WITH(ssl,
[ --with-ssl=[DIR] enable SSL support using libraries in DIR],
[with_ssl=$withval],
- [with_ssl=no])
+ [with_ssl=yes])
test "$with_ssl" != "no" && AC_DEFINE(SSL_ENABLE,1,Define if you want SSL support compiled in)
if test "$with_ssl" = "yes"
dnl XXX FIXME: use pkg-config if available!
AC_DEFINE(SSL_ENABLE)
else
- AC_MSG_NOTICE(Disabling SSL support.)
+ AC_MSG_WARN(Disabling SSL support.)
+ AC_MSG_WARN(Consider re-running configure --with-ssl.)
fi
+ case "$LIBS" in *-lssl*)
+ AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>])
+ ;;
+ esac
+
### use option --with-socks=DIR to point at SOCKS library
AC_ARG_WITH(socks,
[ --with-socks[=DIR] add built-in SOCKS firewall access],
CPPFLAGS="$CPPFLAGS -I$with_gssapi/include"
fi
AC_CHECK_HEADERS(gss.h gssapi.h gssapi/gssapi.h gssapi/gssapi_generic.h)
- if test "$ac_cv_header_gssapi_h" = "yes"; then
- AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi.h, AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE,1,Define if you have MIT kerberos))
- else
- AC_EGREP_HEADER(GSS_C_NT_HOSTBASED_SERVICE, gssapi/gssapi.h, AC_DEFINE(HAVE_GSS_C_NT_HOSTBASED_SERVICE))
- fi
+ AC_CHECK_DECLS(GSS_C_NT_HOSTBASED_SERVICE,,,[
+ AC_INCLUDES_DEFAULT
+ #if HAVE_GSS_H
+ #include <gss.h>
+ #endif
+ #if HAVE_GSSAPI_GSSAPI_H
+ #include <gssapi/gssapi.h>
+ #elif HAVE_GSSAPI_H
+ #include <gssapi.h>
+ #endif
+ #if HAVE_GSSAPI_GSSAPI_GENERIC_H
+ #include <gssapi/gssapi_generic.h>
+ #endif
+ ])
fi])
-dnl ,------------------------------------------------------------------
-dnl Check if we need TRIO
-needtrio=0
-if test "$FORCE_TRIO" = "yes" ; then
- needtrio=1
- ac_cv_func_vsnprintf=no
- ac_cv_func_snprintf=no
-fi
-if test "x$ac_cv_func_snprintf" != "xyes" ; then
- AC_DEFINE(snprintf, trio_snprintf,
- [Define to trio_snprintf if your system lacks snprintf])
- needtrio=1
-fi
-if test "x$ac_cv_func_vsnprintf" != "xyes" ; then
- AC_DEFINE(vsnprintf, trio_vsnprintf,
- [Define to trio_vsnprintf if your system lacks vsnprintf])
- needtrio=1
-fi
-AM_CONDITIONAL(NEED_TRIO, test "$needtrio" = 1)
-
-dnl TRIO IEEE compiler option for Alpha
-dnl
-if test "$needtrio" = 1 ; then
- AC_MSG_CHECKING(for IEEE compilation options)
- AC_CACHE_VAL(ac_cv_ieee_option, [
- AC_TRY_COMPILE(,[
- #if !(defined(__alpha) && (defined(__DECC) || defined(__DECCXX) || (defined(__osf__) && defined(__LANGUAGE_C__))) && (defined(VMS) || defined(__VMS)))
- # error "Option needed"
- #endif
- ],ac_cv_ieee_option="/IEEE_MODE=UNDERFLOW_TO_ZERO/FLOAT=IEEE",
- AC_TRY_COMPILE(,[
- #if !(defined(__alpha) && (defined(__DECC) || defined(__DECCXX) || (defined(__osf__) && defined(__LANGUAGE_C__))) && !(defined(VMS) || defined(__VMS)) && !defined(_CFE))
- # error "Option needed"
- #endif
- ],ac_cv_ieee_option="-ieee",
- AC_TRY_COMPILE(,[
- #if !(defined(__alpha) && (defined(__GNUC__) && (defined(__osf__) || defined(__linux__))))
- # error "Option needed"
- #endif
- ],ac_cv_ieee_option="-mieee",
- ac_cv_ieee_option="none"
- )
- )
- )
- ])
- AC_MSG_RESULT($ac_cv_ieee_option)
- if test $ac_cv_ieee_option != none; then
- CFLAGS="${CFLAGS} ${ac_cv_ieee_option}"
- fi
-fi
-dnl ----------------------------------------------------------------'
-
AC_CONFIG_FILES([Makefile po/Makefile.in genlsm.sh])
AC_OUTPUT
This patch logs raw socket data, to assist debugging when discriminating
between server and fetchmail bugs.
-Apply it to fetchmail 6.3.20 and set the environment variable
-FETCHMAIL_RAW_LOGFILE to a log file writable by fetchmail. If it's not
-there, it gets created with mode 0600 (which requires directory write
-permission).
+Apply it to socket.c (works as of 6.3.20) and set the environment
+variable FETCHMAIL_RAW_LOGFILE to a log file writable by fetchmail. If
+it's not there, it gets created with mode 0600 (which requires directory
+write permission).
The file gets appended to, so you can log into named pipes, character
(stream) devices and to the console if you're so inclined.
Note 1: any logging failures cause fetchmail to abort() forcefully.
+Note 2: raw control characters persist in the log and are not filtered
+out. In doubt use a pager that filters control characters, or use tools
+such as a binary-capable text edtior, vim's xxd, or hexdump, or od, to
+view the raw log message.
+
+-- Matthias Andree, June 2011
+
+diff --git a/socket.c b/socket.c
+index c8117a5..89847fe 100644
+--- a/socket.c
++++ b/socket.c
+@@ -362,6 +362,49 @@ static SSL *_ssl_context[FD_SETSIZE];
++=======
+ Note 2: non-printable characters are hex-escaped, so it is safe to use
+ FETCHMAIL_RAW_LOGFILE=/dev/stderr or similar.
+
+ -- Matthias Andree, August 2011
+
+ diff --git a/sink.c b/sink.c
+ index 5d92556..ff6208d 100644
+ --- a/sink.c
+ +++ b/sink.c
+ @@ -649,6 +649,10 @@ int stuffline(struct query *ctl, char *buf)
+ while ((last += strlen(last)) && (last[-1] != '\n'))
+ last++;
+
+ + if (outlevel >= O_DEBUG && (size_t)(last - buf) != strlen(buf))
+ + report(stdout, GT_("DEBUG: stuffline shipping line with NULs, length=%lu, strlen=%lu\n"), last - buf, strlen(buf));
+ +
+ +
+ /* fix message lines that have only \n termination (for qmail) */
+ if (ctl->forcecr)
+ {
+ diff --git a/socket.c b/socket.c
+ index e338207..dcaf19d 100644
+ --- a/socket.c
+ +++ b/socket.c
+ @@ -381,6 +381,49 @@ static SSL *_ssl_context[FD_SETSIZE];
++>>>>>>> legacy_63
static SSL *SSLGetContext( int );
#endif /* SSL_ENABLE */
int SockWrite(int sock, const char *buf, int len)
{
int n, wrlen = 0;
-@@ -388,6 +431,12 @@ int SockWrite(int sock, const char *buf, int len)
+@@ -369,6 +412,8 @@ int SockWrite(int sock, const char *buf, int len)
SSL *ssl;
#endif
-+ if (SockLog()) {
-+ char *tmps = sdump(buf, len);
-+ LogPrintf("[>%d-%s count=%04d] %s\n", sock, SSLGetContext(sock) ? "crypt" : "plain", len, tmps);
-+ free(tmps);
-+ }
++ LogPrintf("[>%d-%s count=%04d] %.*s%s", sock, SSLGetContext(sock) ? "crypt" : "plain", len, len, buf, (len < 1 || buf[len - 1] != '\n') ? "\n" : "");
+
while (len)
{
#ifdef SSL_ENABLE
-@@ -504,6 +553,13 @@ int SockRead(int sock, char *buf, int len)
+@@ -471,6 +516,8 @@ int SockRead(int sock, char *buf, int len)
(!newline && len);
*bp = '\0';
-+ if (SockLog())
-+ {
-+ char *tmps = sdump(buf, bp - buf);
-+ LogPrintf("[<%d-%s count=%04d] %s\n", sock, SSLGetContext(sock) ? "crypt" : "plain", bp - buf, tmps);
-+ free(tmps);
-+ }
++ LogPrintf("[<%d-%s count=%04d] %.*s%s", sock, SSLGetContext(sock) ? "crypt" : "plain", bp - buf, bp - buf, buf, newline ? "" : "\n");
+
return bp - buf;
}
#include "config.h"
#include <stdio.h>
-#if defined(STDC_HEADERS)
#include <stdlib.h>
-#endif
-#if defined(HAVE_UNISTD_H)
#include <unistd.h>
-#endif
#include <fcntl.h>
#include <string.h>
#include <signal.h>
-#if defined(HAVE_SYSLOG)
#include <syslog.h>
-#endif
#include <pwd.h>
#ifdef __FreeBSD__
#include <grp.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
-#ifdef HAVE_SETRLIMIT
#include <sys/resource.h>
-#endif /* HAVE_SETRLIMIT */
#ifdef HAVE_SOCKS
#include <socks.h> /* SOCKSinit() */
#endif /* HAVE_SOCKS */
-#ifdef HAVE_LANGINFO_H
#include <langinfo.h>
-#endif
#include "fetchmail.h"
#include "socket.h"
#include "tunable.h"
#include "smtp.h"
#include "netrc.h"
-#include "i18n.h"
+#include "gettext.h"
#include "lock.h"
/* need these (and sys/types.h) for res_init() */
static struct runctl cmd_run; /* global options set from command line */
static time_t parsetime; /* time of last parse */
-static RETSIGTYPE terminate_run(int);
-static RETSIGTYPE terminate_poll(int);
+static void terminate_run(int);
+static void terminate_poll(int);
+
+#ifdef HAVE_LIBPWMD
+static pwm_t *pwm; /* the handle */
+static const char *pwmd_socket; /* current socket */
+static const char *pwmd_file; /* current file */
+#endif
#if defined(__FreeBSD__) && defined(__FreeBSD_USE_KVM)
/* drop SGID kmem privileage until we need it */
}
#endif
-#if defined(HAVE_SETLOCALE) && defined(ENABLE_NLS) && defined(HAVE_STRFTIME)
#include <locale.h>
+#if defined(ENABLE_NLS)
/** returns timestamp in current locale,
* and resets LC_TIME locale to POSIX. */
static char *timestamp (void)
#define timestamp rfc822timestamp
#endif
-static RETSIGTYPE donothing(int sig)
+static void donothing(int sig)
{
set_signal_handler(sig, donothing);
lastsig = sig;
fprintf(fp, GT_("Copyright (C) 2002, 2003 Eric S. Raymond\n"
"Copyright (C) 2004 Matthias Andree, Eric S. Raymond,\n"
" Robert M. Funk, Graham Wilson\n"
- "Copyright (C) 2005 - 2006, 2010 - 2011 Sunil Shetye\n"
- "Copyright (C) 2005 - 2011 Matthias Andree\n"
+ "Copyright (C) 2005 - 2006, 2010 - 2012 Sunil Shetye\n"
+ "Copyright (C) 2005 - 2012 Matthias Andree\n"
));
fprintf(fp, GT_("Fetchmail comes with ABSOLUTELY NO WARRANTY. This is free software, and you\n"
"are welcome to redistribute it under certain conditions. For details,\n"
const char *iana_charset;
+#ifdef HAVE_LIBPWMD
+static void exit_with_pwmd_error(gpg_error_t error)
+{
+ gpg_err_code_t code = gpg_err_code(error);
+
+ report(stderr, GT_("pwmd: error %i: %s\n"), code, pwmd_strerror(error));
+
+ if (pwm) {
+ pwmd_close(pwm);
+ pwm = NULL;
+ }
+
+ /* Don't exit if daemonized. There may be other active accounts. */
+ if (isatty(1))
+ exit(PS_UNDEFINED);
+}
+
+static int do_pwmd_connect(const char *socketname, const char *filename)
+{
+ static int init;
+ gpg_error_t rc;
+ pwmd_socket_t s;
+
+ if (!init) {
+ pwmd_init();
+ init = 1;
+ }
+
+ if (!pwm || (pwm && socketname && !pwmd_socket) ||
+ (pwm && !socketname && pwmd_socket) ||
+ (pwm && socketname && pwmd_socket && strcmp(socketname, pwmd_socket))) {
+ if (pwm)
+ pwmd_close(pwm);
+
+ pwm = pwmd_new("Fetchmail");
+ rc = pwmd_connect_url(pwm, socketname);
+
+ if (rc) {
+ exit_with_pwmd_error(rc);
+ return 1;
+ }
+ }
+
+ if (run.pinentry_timeout > 0) {
+ rc = pwmd_setopt(pwm, PWMD_OPTION_PINENTRY_TIMEOUT,
+ run.pinentry_timeout);
+
+ if (rc) {
+ exit_with_pwmd_error(rc);
+ return 1;
+ }
+ }
+
+ rc = pwmd_socket_type(pwm, &s);
+
+ if (rc) {
+ exit_with_pwmd_error(rc);
+ return 1;
+ }
+
+ if (!pwmd_file || strcmp(filename, pwmd_file)) {
+ if (s == PWMD_SOCKET_SSH)
+ /* use a local pinentry since X11 forwarding is broken. */
+ rc = pwmd_open2(pwm, filename);
+ else
+ rc = pwmd_open(pwm, filename);
+
+ if (rc) {
+ exit_with_pwmd_error(rc);
+ return 1;
+ }
+ }
+
+ /* May be null to use the default of ~/.pwmd/socket. */
+ pwmd_socket = socketname;
+ pwmd_file = filename;
+ return 0;
+}
+
+static int get_pwmd_details(const char *pwmd_account, int protocol,
+ struct query *ctl)
+{
+ const char *prot = showproto(protocol);
+ gpg_error_t error;
+ char *result;
+ char *tmp = xstrdup(pwmd_account);
+ int i;
+
+ for (i = 0; tmp[i]; i++) {
+ if (i && tmp[i] == '^')
+ tmp[i] = '\t';
+ }
+
+ /*
+ * Get the hostname for this protocol. Element path must be
+ * account->[protocol]->hostname.
+ */
+ error = pwmd_command(pwm, &result, "GET %s\t%s\thostname", tmp, prot);
+
+ if (error) {
+ if (gpg_err_code(error) == GPG_ERR_NOT_FOUND) {
+ report(stderr, GT_("pwmd: %s->%s->hostname: %s\n"), pwmd_account, prot, pwmd_strerror(error));
+ pwmd_close(pwm);
+ pwm = NULL;
+
+ if (isatty(1))
+ exit(PS_SYNTAX);
+
+ return 1;
+ }
+ else {
+ exit_with_pwmd_error(error);
+ return 1;
+ }
+ }
+
+ if (ctl->server.pollname != ctl->server.via)
+ xfree(ctl->server.via);
+
+ ctl->server.via = xstrdup(result);
+
+ if (ctl->server.queryname)
+ xfree(ctl->server.queryname);
+
+ ctl->server.queryname = xstrdup(ctl->server.via);
+
+ if (ctl->server.truename)
+ xfree(ctl->server.truename);
+
+ ctl->server.truename = xstrdup(ctl->server.queryname);
+ pwmd_free(result);
+
+ /*
+ * Server port. Fetchmail tries standard ports for known services so it
+ * should be alright if this element isn't found. ctl->server.protocol is
+ * already set. This sets ctl->server.service.
+ */
+ error = pwmd_command(pwm, &result, "GET %s\t%s\tport", tmp, prot);
+
+ if (error) {
+ if (gpg_err_code(error) == GPG_ERR_NOT_FOUND)
+ report(stderr, GT_("pwmd: %s->%s->port: %s\n"), pwmd_account, prot, pwmd_strerror(error));
+ else {
+ exit_with_pwmd_error(error);
+ return 1;
+ }
+ }
+ else {
+ if (ctl->server.service)
+ xfree(ctl->server.service);
+
+ ctl->server.service = xstrdup(result);
+ pwmd_free(result);
+ }
+
+ /*
+ * Get the remote username. Element must be account->username.
+ */
+ error = pwmd_command(pwm, &result, "GET %s\tusername", tmp);
+
+ if (error) {
+ if (gpg_err_code(error) == GPG_ERR_NOT_FOUND) {
+ report(stderr, GT_("pwmd: %s->username: %s\n"), pwmd_account, pwmd_strerror(error));
+
+ if (!isatty(1)) {
+ pwmd_close(pwm);
+ pwm = NULL;
+ return 1;
+ }
+ }
+ else {
+ exit_with_pwmd_error(error);
+ return 1;
+ }
+ }
+ else {
+ if (ctl->remotename)
+ xfree(ctl->remotename);
+
+ if (ctl->server.esmtp_name)
+ xfree(ctl->server.esmtp_name);
+
+ ctl->remotename = xstrdup(result);
+ ctl->server.esmtp_name = xstrdup(result);
+ pwmd_free(result);
+ }
+
+ /*
+ * Get the remote password. Element must be account->password.
+ */
+ error = pwmd_command(pwm, &result, "GET %s\tpassword", tmp);
+
+ if (error) {
+ if (gpg_err_code(error) == GPG_ERR_NOT_FOUND) {
+ report(stderr, GT_("pwmd: %s->password: %s\n"), pwmd_account, pwmd_strerror(error));
+
+ if (!isatty(1)) {
+ pwmd_close(pwm);
+ pwm = NULL;
+ return 1;
+ }
+ }
+ else {
+ exit_with_pwmd_error(error);
+ return 1;
+ }
+ }
+ else {
+ if (ctl->password)
+ xfree(ctl->password);
+
+ ctl->password= xstrdup(result);
+ pwmd_free(result);
+ }
+
+#ifdef SSL_ENABLE
+ /*
+ * If there is a ssl element and set to 1, enable ssl for this account.
+ * Element path must be account->[protocol]->ssl.
+ */
+ error = pwmd_command(pwm, &result, "GET %s\t%s\tssl", tmp, prot);
+
+ if (error) {
+ if (gpg_err_code(error) == GPG_ERR_NOT_FOUND) {
+ report(stderr, GT_("pwmd: %s->%s->ssl: %s\n"), pwmd_account, prot, pwmd_strerror(error));
+
+ if (!isatty(1)) {
+ pwmd_close(pwm);
+ pwm = NULL;
+ return 1;
+ }
+ }
+ else {
+ exit_with_pwmd_error(error);
+ return 1;
+ }
+ }
+ else {
+ ctl->use_ssl = atoi(result) >= 1 ? FLAG_TRUE : FLAG_FALSE;
+ pwmd_free(result);
+ }
+
+ /*
+ * account->[protocol]->sslfingerprint.
+ */
+ error = pwmd_command(pwm, &result, "GET %s\t%s\tsslfingerprint", tmp, prot);
+
+ if (error) {
+ if (gpg_err_code(error) == GPG_ERR_NOT_FOUND) {
+ report(stderr, GT_("pwmd: %s->%s->sslfingerprint: %s\n"), pwmd_account, prot, pwmd_strerror(error));
+
+ if (!isatty(1)) {
+ pwmd_close(pwm);
+ pwm = NULL;
+ return 1;
+ }
+ }
+ else {
+ exit_with_pwmd_error(error);
+ return 1;
+ }
+ }
+ else {
+ if (ctl->sslfingerprint)
+ xfree(ctl->sslfingerprint);
+
+ ctl->sslfingerprint = xstrdup(result);
+ pwmd_free(result);
+ }
+#endif
+
+ xfree(tmp);
+ return 0;
+}
+#endif
+
int main(int argc, char **argv)
{
int bkgd = FALSE;
int implicitmode = FALSE;
+ flag safewithbg = FALSE; /** if parsed options are compatible with a
+ fetchmail copy running in the background */
struct query *ctl;
netrc_entry *netrc_list;
char *netrc_file, *tmpbuf;
#define IDFILE_NAME ".fetchids"
run.idfile = prependdir (IDFILE_NAME, fmhome);
-
+
outlevel = O_NORMAL;
/*
{
int i;
- i = parsecmdline(argc, argv, &cmd_run, &cmd_opts);
+ i = parsecmdline(argc, argv, &cmd_run, &cmd_opts, &safewithbg);
if (i < 0)
exit(PS_SYNTAX);
if (versioninfo)
{
const char *features =
-#ifdef POP2_ENABLE
- "+POP2"
-#endif /* POP2_ENABLE */
#ifndef POP3_ENABLE
"-POP3"
#endif /* POP3_ENABLE */
#ifdef ENABLE_NLS
"+NLS"
#endif /* ENABLE_NLS */
-#ifdef KERBEROS_V4
- "+KRB4"
-#endif /* KERBEROS_V4 */
#ifdef KERBEROS_V5
"+KRB5"
#endif /* KERBEROS_V5 */
-#ifndef HAVE_RES_SEARCH
- "-DNS"
-#endif
+#ifdef HAVE_LIBPWMD
+ "+PWMD"
+#endif /* HAVE_LIBPWMD */
".\n";
printf(GT_("This is fetchmail release %s"), VERSION);
fputs(features, stdout);
run.use_syslog = 0;
}
-#if defined(HAVE_SYSLOG)
/* logging should be set up early in case we were restarted from exec */
if (run.use_syslog)
{
-#if defined(LOG_MAIL)
openlog(program_name, LOG_PID, LOG_MAIL);
-#else
- /* Assume BSD4.2 openlog with two arguments */
- openlog(program_name, LOG_PID);
-#endif
report_init(-1);
}
else
-#endif
report_init((run.poll_interval == 0 || nodetach) && !run.logfile);
#ifdef POP3_ENABLE
/* construct the lockfile */
fm_lock_setup(&run);
-#ifdef HAVE_SETRLIMIT
/*
* Before getting passwords, disable core dumps unless -v -d0 mode is on.
* Core dumps could otherwise contain passwords to be scavenged by a
corelimit.rlim_max = 0;
setrlimit(RLIMIT_CORE, &corelimit);
}
-#endif /* HAVE_SETRLIMIT */
#define NETRC_FILE ".netrc"
/* parse the ~/.netrc file (if present) for future password lookups. */
else if (getpid() == pid)
/* this test enables re-execing on a changed rcfile */
fm_lock_assert();
- else if (argc > 1)
+ else if (argc > 1 && !safewithbg)
{
fprintf(stderr,
GT_("fetchmail: can't accept options while a background fetchmail is running.\n"));
+ {
+ int i;
+ fprintf(stderr, "argc = %d, arg list:\n", argc);
+ for (i = 1; i < argc; i++) fprintf(stderr, "arg %d = \"%s\"\n", i, argv[i]);
+ }
return(PS_EXCLUDE);
}
else if (kill(pid, SIGUSR1) == 0)
{
- fprintf(stderr,
- GT_("fetchmail: background fetchmail at %ld awakened.\n"),
- (long)pid);
+ if (outlevel > O_SILENT)
+ fprintf(stderr,
+ GT_("fetchmail: background fetchmail at %ld awakened.\n"),
+ (long)pid);
return(0);
}
else
* leaks...
*/
struct stat rcstat;
+#ifdef HAVE_LIBPWMD
+ time_t now;
+
+ time(&now);
+#endif
if (strcmp(rcfile, "-") == 0) {
/* do nothing */
GT_("couldn't time-check %s (error %d)\n"),
rcfile, errno);
}
+#ifdef HAVE_LIBPWMD
+ /*
+ * isatty() to make sure this is a background process since the
+ * lockfile is removed after each invokation.
+ */
+ else if (!isatty(1) && rcstat.st_mtime > parsetime)
+#else
else if (rcstat.st_mtime > parsetime)
+#endif
{
report(stdout, GT_("restarting fetchmail (%s changed)\n"), rcfile);
dofastuidl = 0; /* this is reset in the driver if required */
+#ifdef HAVE_LIBPWMD
+ /*
+ * At each poll interval, check the pwmd server for
+ * changes in host and auth settings.
+ */
+ if (ctl->pwmd_file) {
+ if (do_pwmd_connect(ctl->pwmd_socket, ctl->pwmd_file))
+ continue;
+
+ if (get_pwmd_details(ctl->server.pollname, ctl->server.protocol, ctl))
+ continue;
+ }
+#endif
querystatus = query_host(ctl);
if (NUM_NONZERO(ctl->fastuidl))
}
}
+#ifdef HAVE_LIBPWMD
+ if (pwm) {
+ pwmd_close(pwm);
+ pwm = NULL;
+ }
+#endif
+
/* close connections cleanly */
terminate_poll(0);
FLAG_MERGE(server.skip);
FLAG_MERGE(server.dns);
FLAG_MERGE(server.checkalias);
- FLAG_MERGE(server.uidl);
FLAG_MERGE(server.principal);
#ifdef CAN_MONITOR
FLAG_MERGE(server.plugout);
FLAG_MERGE(server.tracepolls);
FLAG_MERGE(server.badheader);
+ FLAG_MERGE(server.retrieveerror);
FLAG_MERGE(wildcard);
FLAG_MERGE(remotename);
if ((implicitmode = (optind >= argc)))
{
+#ifdef HAVE_LIBPWMD
+ for (ctl = querylist; ctl; ctl = ctl->next) {
+ ctl->active = !ctl->server.skip;
+
+ if (ctl->pwmd_file) {
+ /*
+ * Cannot get an element path without a service.
+ */
+ if (ctl->server.protocol <= 1) {
+ report(stderr, GT_("fetchmail: %s configuration invalid, pwmd_file requires a protocol specification\n"),
+ ctl->server.pollname);
+ pwmd_close(pwm);
+ exit(PS_SYNTAX);
+ }
+
+ if (do_pwmd_connect(ctl->pwmd_socket, ctl->pwmd_file))
+ continue;
+
+ if (get_pwmd_details(ctl->server.pollname, ctl->server.protocol,
+ ctl))
+ continue;
+
+ time(&rcstat.st_mtime);
+ }
+ }
+
+#else
for (ctl = querylist; ctl; ctl = ctl->next)
ctl->active = !ctl->server.skip;
+#endif
}
else
for (; optind < argc; optind++)
fprintf(stderr,GT_("Warning: multiple mentions of host %s in config file\n"),argv[optind]);
ctl->active = TRUE;
predeclared = TRUE;
+
+#ifdef HAVE_LIBPWMD
+ if (ctl->pwmd_file) {
+ /*
+ * Cannot get an element path without a service.
+ */
+ if (ctl->server.protocol <= 1) {
+ report(stderr, GT_("%s configuration invalid, pwmd_file requires a protocol specification\n"),
+ ctl->server.pollname);
+ exit(PS_SYNTAX);
+ }
+
+ fprintf(stderr, "%s(%i): %s\n", __FILE__, __LINE__, __FUNCTION__);
+ if (do_pwmd_connect(ctl->pwmd_socket, ctl->pwmd_file))
+ continue;
+
+ if (get_pwmd_details(ctl->server.pollname,
+ ctl->server.protocol, ctl))
+ continue;
+ }
+#endif
}
if (!predeclared)
* call later on.
*/
ctl = hostalloc((struct query *)NULL);
+
+#ifdef HAVE_LIBPWMD
+ if (cmd_opts.pwmd_file) {
+ /*
+ * Cannot get an element path without a service.
+ */
+ if (cmd_opts.server.protocol == 0 || cmd_opts.server.protocol == 1) {
+ report(stderr, GT_("Option --pwmd-file needs a service (-p) parameter.\n"));
+ exit(PS_SYNTAX);
+ }
+
+ fprintf(stderr, "%s(%i): %s\n", __FILE__, __LINE__, __FUNCTION__);
+ if (do_pwmd_connect(cmd_opts.pwmd_socket, cmd_opts.pwmd_file))
+ continue;
+
+ if (get_pwmd_details(argv[optind], cmd_opts.server.protocol,
+ ctl))
+ continue;
+ }
+ else
+ ctl->server.via =
+ ctl->server.pollname = xstrdup(argv[optind]);
+#else
ctl->server.via =
ctl->server.pollname = xstrdup(argv[optind]);
+#endif
ctl->active = TRUE;
ctl->server.lead_server = (struct hostdata *)NULL;
}
for (ctl = querylist; ctl; ctl = ctl->next)
if (ctl->active &&
(ctl->server.protocol==P_ETRN || ctl->server.protocol==P_ODMR
- || ctl->server.authenticate == A_KERBEROS_V4
|| ctl->server.authenticate == A_KERBEROS_V5))
{
fetchmailhost = host_fqdn(1);
DEFAULT(ctl->mimedecode, FALSE);
DEFAULT(ctl->idle, FALSE);
DEFAULT(ctl->server.dns, TRUE);
- DEFAULT(ctl->server.uidl, FALSE);
DEFAULT(ctl->use_ssl, FALSE);
DEFAULT(ctl->sslcertck, FALSE);
DEFAULT(ctl->server.checkalias, FALSE);
}
#endif /* SSL_ENABLE */
#undef DEFAULT
-#ifndef KERBEROS_V4
- if (ctl->server.authenticate == A_KERBEROS_V4) {
- report(stderr, GT_("KERBEROS v4 support is configured, but not compiled in.\n"));
- exit(PS_SYNTAX);
- }
-#endif
#ifndef KERBEROS_V5
if (ctl->server.authenticate == A_KERBEROS_V5) {
report(stderr, GT_("KERBEROS v5 support is configured, but not compiled in.\n"));
if (!ctl->localnames) /* for local delivery via SMTP */
save_str_pair(&ctl->localnames, user, NULL);
-#ifndef HAVE_RES_SEARCH
- /* can't handle multidrop mailboxes unless we can do DNS lookups */
- if (MULTIDROP(ctl) && ctl->server.dns)
- {
- ctl->server.dns = FALSE;
- report(stderr, GT_("fetchmail: warning: no DNS available to check multidrop fetches from %s\n"), ctl->server.pollname);
- }
-#endif /* !HAVE_RES_SEARCH */
-
/*
* can't handle multidrop mailboxes without "envelope"
* option, this causes truckloads full of support complaints
ctl->server.pollname);
exit(PS_SYNTAX);
}
- if (ctl->server.protocol == P_RPOP && port >= 1024)
- {
- (void) fprintf(stderr,
- GT_("fetchmail: %s configuration invalid, RPOP requires a privileged port\n"),
- ctl->server.pollname);
- exit(PS_SYNTAX);
- }
}
if (ctl->listener == LMTP_MODE)
{
return(implicitmode);
}
-static RETSIGTYPE terminate_poll(int sig)
+static void terminate_poll(int sig)
/* to be executed at the end of a poll cycle */
{
#endif /* POP3_ENABLE */
}
-static RETSIGTYPE terminate_run(int sig)
+static void terminate_run(int sig)
/* to be executed on normal or signal-induced termination */
{
struct query *ctl;
if (ctl->password)
memset(ctl->password, '\0', strlen(ctl->password));
-#if !defined(HAVE_ATEXIT)
- fm_lock_release();
-#endif
-
if (activecount == 0)
exit(PS_NOMAIL);
else
#ifdef POP3_ENABLE
P_POP3,
#endif /* POP3_ENABLE */
-#ifdef POP2_ENABLE
- P_POP2
-#endif /* POP2_ENABLE */
};
static int query_host(struct query *ctl)
}
ctl->server.protocol = P_AUTO;
break;
- case P_POP2:
-#ifdef POP2_ENABLE
- st = doPOP2(ctl);
-#else
- report(stderr, GT_("POP2 support is not configured.\n"));
- st = PS_PROTOCOL;
-#endif /* POP2_ENABLE */
- break;
case P_POP3:
- case P_APOP:
- case P_RPOP:
#ifdef POP3_ENABLE
do {
st = doPOP3(ctl);
return(st);
}
+static int print_id_of(struct uid_db_record *rec, void *unused)
+{
+ (void)unused;
+
+ printf("\t%s\n", rec->id);
+ return 0;
+}
+
static void dump_params (struct runctl *runp,
struct query *querylist, flag implicit)
/* display query parameters in English */
printf(GT_("Logfile is %s\n"), runp->logfile);
if (strcmp(runp->idfile, IDFILE_NAME))
printf(GT_("Idfile is %s\n"), runp->idfile);
-#if defined(HAVE_SYSLOG)
if (runp->use_syslog)
printf(GT_("Progress messages will be logged via syslog\n"));
-#endif
if (runp->invisible)
printf(GT_("Fetchmail will masquerade and will not generate Received\n"));
if (runp->showdots)
printf(GT_(" Password will be prompted for.\n"));
else if (outlevel >= O_VERBOSE)
{
- if (ctl->server.protocol == P_APOP)
- printf(GT_(" APOP secret = \"%s\".\n"),
- visbuf(ctl->password));
- else if (ctl->server.protocol == P_RPOP)
- printf(GT_(" RPOP id = \"%s\".\n"),
- visbuf(ctl->password));
- else
- printf(GT_(" Password = \"%s\".\n"),
- visbuf(ctl->password));
+ printf(GT_(" Password = \"%s\".\n"),
+ visbuf(ctl->password));
}
}
if (ctl->server.protocol == P_POP3
&& ctl->server.service && !strcmp(ctl->server.service, KPOP_PORT)
- && (ctl->server.authenticate == A_KERBEROS_V4 ||
- ctl->server.authenticate == A_KERBEROS_V5))
+ && (ctl->server.authenticate == A_KERBEROS_V5))
printf(GT_(" Protocol is KPOP with Kerberos %s authentication"),
ctl->server.authenticate == A_KERBEROS_V5 ? "V" : "IV");
else
printf(GT_(" (using service %s)"), ctl->server.service);
else if (outlevel >= O_VERBOSE)
printf(GT_(" (using default port)"));
- if (ctl->server.uidl && MAILBOX_PROTOCOL(ctl))
- printf(GT_(" (forcing UIDL use)"));
putchar('.');
putchar('\n');
switch (ctl->server.authenticate)
case A_GSSAPI:
printf(GT_(" GSSAPI authentication will be forced.\n"));
break;
- case A_KERBEROS_V4:
- printf(GT_(" Kerberos V4 authentication will be forced.\n"));
- break;
case A_KERBEROS_V5:
printf(GT_(" Kerberos V5 authentication will be forced.\n"));
break;
case A_SSH:
printf(GT_(" End-to-end encryption assumed.\n"));
break;
+ case A_APOP:
+ printf(GT_(" APOP authentication will be forced.\n"));
+ break;
+ default:
+ abort();
}
if (ctl->server.principal != (char *) NULL)
printf(GT_(" Mail service principal is: %s\n"), ctl->server.principal);
else if (outlevel >= O_VERBOSE)
printf(GT_(" No plugout command specified.\n"));
- if (ctl->server.protocol > P_POP2 && MAILBOX_PROTOCOL(ctl))
+ if (MAILBOX_PROTOCOL(ctl))
{
- if (!ctl->oldsaved)
+ int count;
+
+ if (!(count = uid_db_n_records(&ctl->oldsaved)))
printf(GT_(" No UIDs saved from this host.\n"));
else
{
- struct idlist *idp;
- int count = 0;
-
- for (idp = ctl->oldsaved; idp; idp = idp->next)
- ++count;
-
printf(GT_(" %d UIDs saved.\n"), count);
- if (outlevel >= O_VERBOSE)
- for (idp = ctl->oldsaved; idp; idp = idp->next)
- printf("\t%s\n", idp->id);
+ traverse_uid_db(&ctl->oldsaved, print_id_of, NULL);
}
}
break;
}
+ switch (ctl->server.retrieveerror) {
+ case RE_ABORT:
+ if (outlevel >= O_VERBOSE)
+ printf(GT_(" Messages with fetch body errors will cause the session to abort.\n"));
+ break;
+ case RE_CONTINUE:
+ printf(GT_(" Messages with fetch body errors will be skipped, the session will continue.\n"));
+ break;
+ case RE_MARKSEEN:
+ printf(GT_(" Messages with fetch body errors will be marked seen, the session will continue.\n"));
+ break;
+ }
+
if (ctl->properties)
printf(GT_(" Pass-through properties \"%s\".\n"),
visbuf(ctl->properties));
.\" Load www macros to process .URL requests, this requires groff:
.mso www.tmac
.\"
- .TH fetchmail 1 "fetchmail 7.0.0-alpha2" "fetchmail" "fetchmail reference manual"
-.TH fetchmail 1 "fetchmail 6.3.22" "fetchmail" "fetchmail reference manual"
++.TH fetchmail 1 "fetchmail 7.0.0-alpha3" "fetchmail" "fetchmail reference manual"
.SH NAME
fetchmail \- fetch mail from a POP, IMAP, ETRN, or ODMR-capable server
to repeatedly poll one or more systems at a specified interval.
.PP
The \fBfetchmail\fP program can gather mail from servers supporting any
-of the common mail-retrieval protocols: POP2 (legacy, to be removed from
-future release), POP3, IMAP2bis, IMAP4, and IMAP4rev1. It can also use
-the ESMTP ETRN extension and ODMR. (The RFCs describing all these
-protocols are listed at the end of this manual page.)
+of the common mail-retrieval protocols: POP3, IMAP2bis, IMAP4, and IMAP4rev1.
+It can also use the ESMTP ETRN extension and ODMR. (The RFCs describing all
+these protocols are listed at the end of this manual page.)
.PP
While \fBfetchmail\fP is primarily intended to be used over on-demand
TCP/IP links (such as SLIP or PPP connections), it may also be useful as
with ETRN or ODMR. It will return a false positive if you leave read but
undeleted mail in your server mailbox and your fetch protocol can't
tell kept messages from new ones. This means it will work with IMAP,
-not work with POP2, and may occasionally flake out under POP3.
+and may occasionally flake out under POP3.
.TP
.B \-s | \-\-silent
Silent mode. Suppresses all progress/status messages that are
Retrieve both old (seen) and new messages from the mailserver. The
default is to fetch only messages the server has not marked seen.
Under POP3, this option also forces the use of RETR rather than TOP.
-Note that POP2 retrieval behaves as though \-\-all is always on (see
-RETRIEVAL FAILURE MODES below) and this option does not work with ETRN
-or ODMR. While the \-a and \-\-all command-line and fetchall rcfile
-options have been supported for a long time, the \-\-fetchall
-command-line option was added in v6.3.3.
+While the \-a and \-\-all command-line and fetchall rcfile options have been
+supported for a long time, the \-\-fetchall command-line option was added in
+v6.3.3.
.TP
.B \-k | \-\-keep
(Keyword: keep)
are deleted from the folder on the mailserver after they have been retrieved.
Specifying the \fBkeep\fP option causes retrieved messages to remain in
your folder on the mailserver. This option does not work with ETRN or
-ODMR. If used with POP3, it is recommended to also specify the \-\-uidl
-option or uidl keyword.
+ODMR.
.TP
.B \-K | \-\-nokeep
(Keyword: nokeep)
fetchmail to delete a message it had never fetched before. It can also
cause mail loss if the mail server marks the message seen after
retrieval (IMAP2 servers). You should probably not use this option in your
-configuration file. If you use it with POP3, you must use the 'uidl'
-option. What you probably want is the default setting: if you don't
+configuration file. What you probably want is the default setting: if you don't
specify '\-k', then fetchmail will automatically delete messages after
successful delivery.
.TP
\fBproto\fP may be one of the following:
.RS
.IP AUTO
-Tries IMAP, POP3, and POP2 (skipping any of these for which support
+Tries IMAP and POP3 (skipping any of these for which support
has not been compiled in).
-.IP POP2
-Post Office Protocol 2 (legacy, to be removed from future release)
.IP POP3
Post Office Protocol 3
-.IP APOP
-Use POP3 with old-fashioned MD5-challenge authentication.
-Considered not resistant to man-in-the-middle attacks.
-.IP RPOP
-Use POP3 with RPOP authentication.
.IP KPOP
-Use POP3 with Kerberos V4 authentication on port 1109.
+Use POP3 with Kerberos V5 authentication on port 1109.
.IP SDPS
Use POP3 with Demon Internet's SDPS extensions.
.IP IMAP
ETRN, except that it does not require the client machine to have
a static DNS.
.TP
-.B \-U | \-\-uidl
-(Keyword: uidl)
-.br
-Force UIDL use (effective only with POP3). Force client-side tracking
-of 'newness' of messages (UIDL stands for "unique ID listing" and is
-described in RFC1939). Use with 'keep' to use a mailbox as a baby
-news drop for a group of users. The fact that seen messages are skipped
-is logged, unless error logging is done through syslog while running in
-daemon mode. Note that fetchmail may automatically enable this option
-depending on upstream server capabilities. Note also that this option
-may be removed and forced enabled in a future fetchmail version. See
-also: \-\-idfile.
-.TP
.B \-\-idle (since 6.3.3)
(Keyword: idle, since before 6.0.0)
.br
(Keyword: sslproto)
.br
Forces an SSL/TLS protocol. Possible values are \fB''\fP,
- \&'\fBSSL23\fP' (note however that fetchmail, since v6.3.20, prohibits
- negotiation of SSLv2 -- it has been deprecated for 15 years and is
- insecure), \&'\fBSSL3\fP', and
+ \&'\fBSSL2\fP' (not supported on all systems),
+ \&'\fBSSL23\fP', (use of these two values is discouraged
+ and should only be used as a last resort) \&'\fBSSL3\fP', and
\&'\fBTLS1\fP'. The default behaviour if this option is unset is: for
connections without \-\-ssl, use \&'\fBTLS1\fP' so that fetchmail will
opportunistically try STARTTLS negotiation with TLS1. You can configure
i. e. headers with bad syntax. Traditionally, fetchmail has rejected such
messages, but some distributors modified fetchmail to accept them. You can now
configure fetchmail's behaviour per server.
+.TP
+.B \-\-retrieve\-error {abort|continue|markseen}
+(Keyword: retrieve\-error; since v7.0)
+.br
+Specify how fetchmail is supposed to treat messages which fail to be
+retrieved due to server errors, i. e. fetching the message body fails with
+a server error. Traditionally, fetchmail has aborted the session leaving
+both the message with the error and any subsequent messages on the server.
+Both the continue and markseen options will allow the session to continue
+enabling subsequent messages on the server to be retrieved. You can now
+configure fetchmail's behaviour per server.
.SS Resource Limit Control Options
.TP
(Keyword: expunge)
.br
Arrange for deletions to be made final after a given number of
-messages. Under POP2 or POP3, fetchmail cannot make deletions final
+messages. Under POP3, fetchmail cannot make deletions final
without sending QUIT and ending the session -- with this option on,
fetchmail will break a long mail retrieval session into multiple
sub-sessions, sending QUIT after each sub-session. This is a good
.br
This option permits you to specify an authentication type (see USER
AUTHENTICATION below for details). The possible values are \fBany\fP,
-\&\fBpassword\fP, \fBkerberos_v5\fP, \fBkerberos\fP (or, for
-excruciating exactness, \fBkerberos_v4\fP), \fBgssapi\fP,
+\&\fBpassword\fP, \fBkerberos_v5\fP, \fBgssapi\fP,
\fBcram\-md5\fP, \fBotp\fP, \fBntlm\fP, \fBmsn\fP (only for POP3),
\fBexternal\fP (only IMAP) and \fBssh\fP.
When \fBany\fP (the default) is specified, fetchmail tries
-first methods that don't require a password (EXTERNAL, GSSAPI, KERBEROS\ IV,
+first methods that don't require a password (EXTERNAL, GSSAPI,
KERBEROS\ 5); then it looks for methods that mask your password
(CRAM-MD5, NTLM, X\-OTP - note that MSN is only supported for POP3, but not
autoprobed); and only if the server doesn't
\&\fBmsn\fP or \fBotp\fP suppresses fetchmail's normal inquiry for a
password. Specify \fBssh\fP when you are using an end-to-end secure
connection such as an ssh tunnel; specify \fBexternal\fP when you use
-TLS with client authentication and specify \fBgssapi\fP or
-\&\fBkerberos_v4\fP if you are using a protocol variant that employs
-GSSAPI or K4. Choosing KPOP protocol automatically selects Kerberos
-authentication. This option does not work with ETRN. GSSAPI service names are
-in line with RFC-2743 and IANA registrations, see
+TLS with client authentication and specify \fBgssapi\fP if you are using a
+protocol variant that employs GSSAPI. Choosing KPOP protocol automatically
+selects Kerberos authentication. This option does not work with ETRN.
+GSSAPI service names are in line with RFC-2743 and IANA registrations, see
.URL http://www.iana.org/assignments/gssapi-service-names/ "Generic Security Service Application Program Interface (GSSAPI)/Kerberos/Simple Authentication and Security Layer (SASL) Service Names" .
.SS Miscellaneous Options
.TP
the correct user-id and password for your mailbox account.
.SH POP3 VARIANTS
.PP
-Early versions of POP3 (RFC1081, RFC1225) supported a crude form of
-independent authentication using the \fI.rhosts\fP file on the
-mailserver side. Under this RPOP variant, a fixed per-user ID
-equivalent to a password was sent in clear over a link to a reserved
-port, with the command RPOP rather than PASS to alert the server that it
-should do special checking. RPOP is supported by \fBfetchmail\fP
-(you can specify 'protocol RPOP' to have the program send 'RPOP'
-rather than 'PASS') but its use is strongly discouraged, and support
-will be removed from a future fetchmail version. This
-facility was vulnerable to spoofing and was withdrawn in RFC1460.
-.PP
RFC1460 introduced APOP authentication. In this variant of POP3,
you register an APOP password on your server host (on some servers, the
program to do this is called \fBpopauth\fP(8)). You put the same
database.
\fBNote that APOP is no longer considered resistant against
-man-in-the-middle attacks.\fP
+man-in-the-middle attacks, and should not be used without a verified
+SSL/TLS connection.\fP
.SS RETR or TOP
\fBfetchmail\fP makes some efforts to make the server believe messages
had not been retrieved, by using the TOP command with a large number of
that.
.PP
\fBfetchmail\fP will always use the RETR command if "fetchall" is set.
-\fBfetchmail\fP will also use the RETR command if "keep" is set and
-"uidl" is unset. Finally, \fBfetchmail\fP will use the RETR command on
+As a workaround, \fBfetchmail\fP will use the RETR command on
Maillennium POP3/PROXY servers (used by Comcast) to avoid a deliberate
TOP misinterpretation in this server that causes message corruption.
.PP
-In all other cases, \fBfetchmail\fP will use the TOP command. This
-implies that in "keep" setups, "uidl" must be set if "TOP" is desired.
-.PP
\fBNote\fP that this description is true for the current version of
fetchmail, but the behavior may change in future versions. In
particular, fetchmail may prefer the RETR command because the TOP
.PP
If your \fBfetchmail\fP was built with Kerberos support and you specify
Kerberos authentication (either with \-\-auth or the \fI.fetchmailrc\fP
-option \fBauthenticate kerberos_v4\fP) it will try to get a Kerberos
+option \fBauthenticate kerberos_v5\fP) it will try to get a Kerberos
ticket from the mailserver at the start of each query. Note: if
either the pollname or via name is 'hesiod', fetchmail will try to use
Hesiod to look up the mailserver.
Note that this also causes the logfile option to be ignored (though
perhaps it shouldn't).
.PP
-Note that while running in daemon mode polling a POP2 or IMAP2bis server,
+Note that while running in daemon mode polling a IMAP2bis server,
transient errors (such as DNS failures or sendmail delivery refusals)
may force the fetchall option on for the duration of the next polling
cycle. This is a robustness feature. It means that if a message is
server are being fetched (and deleted) even when you don't specify
\-\-all. There are several reasons this can happen.
.PP
-One could be that you're using POP2. The POP2 protocol includes no
-representation of 'new' or 'old' state in messages, so \fBfetchmail\fP
-must treat all messages as new all the time. But POP2 is obsolete, so
-this is unlikely.
-.PP
A potential POP3 problem might be servers that insert messages
in the middle of mailboxes (some VMS implementations of mail are
rumored to do this). The \fBfetchmail\fP code assumes that new
T}
proto[col] \-p \& T{
Specify protocol (case insensitive):
-POP2, POP3, IMAP, APOP, KPOP
+POP3, IMAP, KPOP
T}
local[domains] \& m T{
Specify domain(s) to be regarded as local
no checkalias \& m T{
Do comparison by name for multidrop (default)
T}
-uidl \-U \& T{
-Force POP3 to use client-side UIDLs (recommended)
-T}
-no uidl \& \& T{
-Turn off POP3 use of client-side UIDLs (default)
-T}
interval \& \& T{
Only check this site every N poll cycles; N is a numeric argument.
T}
bad-header \& \& T{
How to treat messages with a bad header. Can be reject (default) or accept.
T}
+retrieve-error \& \& T{
+How to behave when messages that cannot be retrieved due to a server error
+are encountered. Can be abort (default), continue or markseen.
+T}
.TE
Here are the legal user descriptions and options:
Command to be executed after each connection
T}
keep \-k \& T{
-Don't delete seen messages from server (for POP3, uidl is recommended)
+Don't delete seen messages from server
T}
flush \-F \& T{
Flush all seen messages before querying (DANGEROUS)
.sp
.nf
auto (or AUTO) (legacy, to be removed from future release)
- pop2 (or POP2) (legacy, to be removed from future release)
+
pop3 (or POP3)
- sdps (or SDPS)
+ sdps (or SDPS) (a POP3 variant specific to Demon)
+ kpop (or KPOP) (a Kerberos-based variant)
+
imap (or IMAP)
- apop (or APOP)
- kpop (or KPOP)
.fi
.sp
.PP
-Legal authentication types are 'any', 'password', 'kerberos',
-\&'kerberos_v4', 'kerberos_v5' and 'gssapi', 'cram\-md5', 'otp', 'msn'
-(only for POP3), 'ntlm', 'ssh', 'external' (only IMAP).
+Legal authentication types are 'any', 'password', 'apop' (only for
+POP3), \&'kerberos_v5' and 'gssapi', 'cram\-md5', 'otp', 'msn'
+(only for POP3), 'ntlm', 'ssh', 'external' (only for IMAP).
The 'password' type specifies
-authentication by normal transmission of a password (the password may be
-plain text or subject to protocol-specific encryption as in CRAM-MD5);
-\&'kerberos' tells \fBfetchmail\fP to try to get a Kerberos ticket at the
+authentication by normal transmission of a password;
+\&'kerberos_v5' tells \fBfetchmail\fP to try to get a Kerberos ticket at the
start of each query instead, and send an arbitrary string as the
password; and 'gssapi' tells fetchmail to use GSSAPI authentication.
See the description of the 'auth' keyword for more.
.PP
-Specifying 'kpop' sets POP3 protocol over port 1109 with Kerberos V4
+Specifying 'kpop' sets POP3 protocol over port 1109 with Kerberos V5
authentication. These defaults may be overridden by later options.
.PP
There are some global option statements: 'set logfile'
.IP
.nf
poll pop.provider.net proto pop3 user "jsmith" pass "secret1"
-poll other.provider.net proto pop2 user "John.Smith" pass "My^Hat"
+poll other.provider.net proto imap user "John.Smith" pass "My^Hat"
.fi
.PP
.nf
poll pop.provider.net proto pop3
user "jsmith", with password secret1, is "jsmith" here;
-poll other.provider.net proto pop2:
+poll other.provider.net proto imap:
user "John.Smith", with password "My^Hat", is "John.Smith" here;
.fi
session ID (this elaborate logic is designed to handle the case of
multiple names per userid gracefully).
+ .IP \fBFETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE\fP
+ (since v6.3.22):
+ If this environment variable is set and not empty, fetchmail will disable
+ a countermeasure against an SSL CBC IV attack (by setting
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS). This is a security risk, but may be
+ necessary for connecting to certain non-standards-conforming servers.
+ See fetchmail's NEWS file and fetchmail-SA-2012-01.txt for details.
+ Earlier fetchmail versions (v6.3.21 and older) used to disable this
+ countermeasure, but v6.3.22 no longer does that as a safety precaution.
+
.IP \fBFETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS\fP
(since v6.3.17):
If this environment variable is set and not empty, fetchmail will always load
Running \fBfetchmail\fP in foreground while a background fetchmail is
running will do whichever of these is appropriate to wake it up.
- .SH BUGS AND KNOWN PROBLEMS
+ .SH BUGS, LIMITATIONS, AND KNOWN PROBLEMS
.PP
Please check the \fBNEWS\fP file that shipped with fetchmail for more
known bugs than those listed here.
only hurt when using UID-based \-\-keep setups, so the 6.3.X versions of
fetchmail won't be fixed.
.PP
+ Fetchmail cannot handle configurations where you have multiple accounts
+ that use the same server name and the same login. Any user@server
+ combination must be unique.
+ .PP
The assumptions that the DNS and in particular the checkalias options
make are not often sustainable. For instance, it has become uncommon for
an MX server to be a POP3 or IMAP server at the same time. Therefore the
The \-f\~\- option (reading a configuration from stdin) is incompatible
with the plugin option.
.PP
-The 'principal' option only handles Kerberos IV, not V.
+The 'principal' option does not work for Kerberos V.
.PP
Interactively entered passwords are truncated after 63 characters. If
you really need to use a longer password, you will have to use a
mail:
RFC 822, RFC 2822, RFC 1123, RFC 1892, RFC 1894.
.TP 5
-POP2:
-RFC 937
.TP 5
POP3:
RFC 1081, RFC 1225, RFC 1460, RFC 1725, RFC 1734, RFC 1939, RFC 1957,
APOP:
RFC 1939.
.TP 5
-RPOP:
-RFC 1081, RFC 1225.
-.TP 5
IMAP2/IMAP2BIS:
RFC 1176, RFC 1732.
.TP 5
#include "config.h"
-#include <sys/types.h>
+#include <stdint.h>
#include "fetchmail.h"
-#if SIZEOF_INT == 4
-typedef unsigned int uint32;
-#else
-typedef unsigned long int uint32;
-#endif
-
struct MD5Context {
- uint32 buf[4];
- uint32 bits[2];
+ uint32_t buf[4];
+ uint32_t bits[2];
- unsigned char in[64];
+ union {
+ unsigned char in[64];
+ uint32 in32[16];
+ } u;
};
void MD5Init(struct MD5Context *context);
void MD5Update(struct MD5Context *context, const void *buf, unsigned len);
void MD5Final(void *digest, struct MD5Context *context);
-void MD5Transform(uint32 buf[4], uint32 const in[16]);
+void MD5Transform(uint32_t buf[4], uint32_t const in[16]);
/*
* This is needed to make RSAREF happy on some MS-DOS compilers.
#include <stdio.h>
#include <string.h>
#include <ctype.h>
-#if defined(STDC_HEADERS)
#include <stdlib.h>
-#endif
#include "fetchmail.h"
#include "socket.h"
-#include "i18n.h"
+#include "gettext.h"
#include "fm_md5.h"
#include <sys/types.h>
# ifdef HAVE_GSSAPI_GSSAPI_GENERIC_H
# include <gssapi/gssapi_generic.h>
# endif
- # ifndef HAVE_GSS_C_NT_HOSTBASED_SERVICE
+ # if HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE + 0 == 0
# define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
# endif
# endif
#include <string.h>
#include <strings.h>
#include <ctype.h>
-#if defined(STDC_HEADERS)
#include <stdlib.h>
#include <limits.h>
#include <errno.h>
-#endif
#include "fetchmail.h"
#include "socket.h"
-#include "i18n.h"
+#include "gettext.h"
/* imap_version values */
-#define IMAP2 -1 /* IMAP2 or IMAP2BIS, RFC1176 */
#define IMAP4 0 /* IMAP4 rev 0, RFC1730 */
#define IMAP4rev1 1 /* IMAP4 rev 1, RFC2060 */
report(stdout, GT_("Protocol identified as IMAP4 rev 0\n"));
}
}
- else if (ok == PS_ERROR)
- {
- imap_version = IMAP2;
- if (outlevel >= O_DEBUG)
- report(stdout, GT_("Protocol identified as IMAP2 or IMAP2BIS\n"));
- }
else
return ok;
report(stdout, GT_("will idle after poll\n"));
}
- peek_capable = (imap_version >= IMAP4);
+ peek_capable = TRUE;
return PS_SUCCESS;
}
}
#endif /* GSSAPI */
-#ifdef KERBEROS_V4
- if ((ctl->server.authenticate == A_ANY
- || ctl->server.authenticate == A_KERBEROS_V4
- || ctl->server.authenticate == A_KERBEROS_V5)
- && strstr(capabilities, "AUTH=KERBEROS_V4"))
- {
- if ((ok = do_rfc1731(sock, "AUTHENTICATE", ctl->server.truename)))
- {
- /* SASL cancellation of authentication */
- gen_send(sock, "*");
- if(ctl->server.authenticate != A_ANY)
- return ok;
- }
- else
- return ok;
- }
-#endif /* KERBEROS_V4 */
-
/*
* No such luck. OK, now try the variants that mask your password
* in a challenge-response.
}
#endif /* NTLM_ENABLE */
-#ifdef __UNUSED__ /* The Cyrus IMAP4rev1 server chokes on this */
- /* this handles either AUTH=LOGIN or AUTH-LOGIN */
- if ((imap_version >= IMAP4rev1) && (!strstr(capabilities, "LOGIN")))
- {
- report(stderr,
- GT_("Required LOGIN capability not supported by server\n"));
- }
-#endif /* __UNUSED__ */
-
/*
* We're stuck with sending the password en clair.
* The reason for this odd-looking logic is that some
* higher and only when keeping mails. This flag will have an
* effect only when user has marked some unread mails for deletion
* using another e-mail client. */
- flag skipdeleted = (imap_version >= IMAP4) && ctl->keep;
+ flag skipdeleted = ctl->keep;
const char *undeleted;
/* structure to keep the end portion of the incomplete response */
/* try to recover for some responses */
if (!strncmp(buf, "* NO", 4) ||
- !strncmp(buf, "* BAD", 5))
+ !strncmp(buf, "* BAD", 5) ||
+ strstr(buf, "FETCH ()"))
{
return(PS_TRANSIENT);
}
* equivalent". However, we know of at least one server that
* treats them differently in the presence of MIME attachments;
* the latter form downloads the attachment, the former does not.
- * The server is InterChange, and the fool who implemented this
- * misfeature ought to be strung up by his thumbs.
+ * The server is InterChange.
*
* When I tried working around this by disabling use of the 4rev1 form,
* I found that doing this breaks operation with M$ Exchange.
* Annoyingly enough, Exchange's refusal to cope is technically legal
- * under RFC2062. Trust Microsoft, the Great Enemy of interoperability
- * standards, to find a way to make standards compliance irritating....
+ * under RFC2062.
*/
switch (imap_version)
{
case IMAP4rev1: /* RFC 2060 */
+ default:
gen_send(sock, "FETCH %d BODY.PEEK[TEXT]", number);
break;
case IMAP4: /* RFC 1730 */
gen_send(sock, "FETCH %d RFC822.TEXT.PEEK", number);
break;
-
- default: /* RFC 1176 */
- gen_send(sock, "FETCH %d RFC822.TEXT", number);
- break;
}
/* looking for FETCH response */
number -= expunged;
/*
- * Use SILENT if possible as a minor throughput optimization.
- * Note: this has been dropped from IMAP4rev1.
- *
- * We set \Seen because there are some IMAP servers (notably HP
- * OpenMail and MS Exchange) do message-receipt DSNs,
- * but only when the seen bit gets set.
- * This is the appropriate time -- we get here right
+ * We set Seen because there are some IMAP servers (notably HP
+ * OpenMail) that do message-receipt DSNs, but only when the seen
+ * bit is set. This is the appropriate time -- we get here right
* after the local SMTP response that says delivery was
* successful.
*/
- if ((ok = gen_transact(sock,
- imap_version == IMAP4
- ? "STORE %d +FLAGS.SILENT (%s)"
- : "STORE %d +FLAGS (%s)",
- number, delflags)))
+ if ((ok = gen_transact(sock, "STORE %d +FLAGS.SILENT (\\Seen \\Deleted)", number)))
return(ok);
else
deletions++;
/* expunges change the message numbers */
number -= expunged;
- return(gen_transact(sock,
- imap_version == IMAP4
- ? "STORE %d +FLAGS.SILENT (\\Seen)"
- : "STORE %d +FLAGS (\\Seen)",
- number));
+ return(gen_transact(sock,"STORE %d +FLAGS.SILENT (\\Seen)", number));
}
static int imap_end_mailbox_poll(int sock, struct query *ctl)
#include <stdio.h>
#include <string.h>
-#if defined(STDC_HEADERS)
#include <stdlib.h>
-#endif
-#if defined(HAVE_UNISTD_H)
#include <unistd.h>
-#endif
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <net/if.h>
#if defined(__FreeBSD__)
#if defined __FreeBSD_USE_KVM
-#if __FreeBSD_version >= 300001
#include <net/if_var.h>
-#endif
#include <kvm.h>
#include <nlist.h>
#include <sys/fcntl.h>
-#else
+#else /* !defined __FreeBSD_USE_KVM */
#include <sys/sysctl.h>
#include <net/route.h>
#include <net/if_dl.h>
-#endif
-#endif
+#endif /* defined __FreeBSD_USE_KVM */
+#endif /* defined __FreeBSD__ */
#include "socket.h"
-#include "i18n.h"
+#include "gettext.h"
#include "tunable.h"
typedef struct {
char iname[16];
struct ifnet ifnet;
unsigned long ifnet_addr = ifnet_savedaddr;
-#if __FreeBSD_version >= 300001
struct ifnethead ifnethead;
struct ifaddrhead ifaddrhead;
-#endif
struct ifaddr ifaddr;
unsigned long ifaddr_addr;
struct sockaddr sa;
- unsigned long sa_addr;
uint i;
if (if_egid)
}
}
-#if __FreeBSD_version >= 300001
kvm_read(kvmfd, ifnet_savedaddr, (char *) &ifnethead, sizeof ifnethead);
ifnet_addr = (u_long) ifnethead.tqh_first;
-#else
- ifnet_addr = ifnet_savedaddr;
-#endif
while (ifnet_addr)
{
ifinfo->rx_packets = ifnet.if_ipackets;
ifinfo->tx_packets = ifnet.if_opackets;
-#if __FreeBSD_version >= 300001
ifaddr_addr = (u_long) ifnet.if_addrhead.tqh_first;
-#else
- ifaddr_addr = (u_long) ifnet.if_addrlist;
-#endif
while(ifaddr_addr)
{
if (sa.sa_family != AF_INET)
{
-#if __FreeBSD_version >= 300001
ifaddr_addr = (u_long) ifaddr.ifa_link.tqe_next;
-#else
- ifaddr_addr = (u_long) ifaddr.ifa_next;
-#endif
continue;
}
return 0;
}
-#if __FreeBSD_version >= 300001
ifnet_addr = (u_long) ifnet.if_link.tqe_next;
-#else
- ifnet_addr = (unsigned long) ifnet.if_next;
-#endif
}
if (if_egid)
char iname[16];
int mib[6];
- memset(ifinfo, 0, sizeof(ifinfo));
+ memset(ifinfo, 0, sizeof(*ifinfo));
/* trim interface name */
#include "config.h"
#include "fm_md5.h"
-#ifdef HAVE_STRING_H
#include <string.h> /* memmove */
-#endif
-
#include <inttypes.h>
/*
/* Handle any leading odd-sized chunks */
if (t) {
- unsigned char *p = (unsigned char *) ctx->in + t;
+ unsigned char *p = (unsigned char *) ctx->u.in + t;
t = 64 - t;
if (len < t) {
return;
}
memmove(p, buf, t);
- byteReverse(ctx->in, 16);
- MD5Transform(ctx->buf, (uint32_t *) ctx->in);
+ byteReverse(ctx->u.in, 16);
+ MD5Transform(ctx->buf, ctx->u.in32);
buf += t;
len -= t;
}
/* Process data in 64-byte chunks */
while (len >= 64) {
- memmove(ctx->in, buf, 64);
- byteReverse(ctx->in, 16);
- MD5Transform(ctx->buf, (uint32_t *) ctx->in);
+ memmove(ctx->u.in, buf, 64);
+ byteReverse(ctx->u.in, 16);
+ MD5Transform(ctx->buf, ctx->u.in32);
buf += 64;
len -= 64;
}
/* Handle any remaining bytes of data. */
- memmove(ctx->in, buf, len);
+ memmove(ctx->u.in, buf, len);
}
/*
/* Set the first char of padding to 0x80. This is safe since there is
always at least one byte free */
- p = ctx->in + count;
+ p = ctx->u.in + count;
*p++ = 0x80;
/* Bytes of padding needed to make 64 bytes */
if (count < 8) {
/* Two lots of padding: Pad the first block to 64 bytes */
memset(p, 0, count);
- byteReverse(ctx->in, 16);
- MD5Transform(ctx->buf, (uint32_t *) ctx->in);
+ byteReverse(ctx->u.in, 16);
+ MD5Transform(ctx->buf, ctx->u.in32);
/* Now fill the next block with 56 bytes */
- memset(ctx->in, 0, 56);
+ memset(ctx->u.in, 0, 56);
} else {
/* Pad block to 56 bytes */
memset(p, 0, count - 8);
}
- byteReverse(ctx->in, 14);
+ byteReverse(ctx->u.in, 14);
/* Append length in bits and transform */
- ((uint32_t *) ctx->in)[14] = ctx->bits[0];
- ((uint32_t *) ctx->in)[15] = ctx->bits[1];
+ ctx->u.in32[14] = ctx->bits[0];
+ ctx->u.in32[15] = ctx->bits[1];
- MD5Transform(ctx->buf, (uint32_t *) ctx->in);
+ MD5Transform(ctx->buf, ctx->u.in32);
byteReverse((unsigned char *) ctx->buf, 4);
memmove(digest, ctx->buf, 16);
memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
#ifdef NTLM_ENABLE
#include "fetchmail.h"
-#include "i18n.h"
+#include "gettext.h"
#include "ntlm.h"
#include "socket.h"
if ((result = gen_recv(sock, msgbuf, sizeof msgbuf)))
goto cancelfail;
- (void)from64tobits (&challenge, msgbuf, sizeof(challenge));
+ /*
+ * < 0: decoding error
+ * >= 0 < 32: too short to be plausible
+ */
+ if ((result = from64tobits (&challenge, msgbuf, sizeof(challenge))) < 0
+ || result < 32)
+ {
+ report (stderr, GT_("could not decode BASE64 challenge\n"));
+ /* We do not goto cancelfail; the server has already sent the
+ * tagged reply, so the protocol exchange has ended, no need
+ * for us to send the asterisk. */
+ return PS_AUTHFAIL;
+ }
+
+ /* validate challenge:
+ * - ident
+ * - message type
+ * - that offset points into buffer
+ * - that offset + length does not wrap
+ * - that offset + length is not bigger than buffer */
+ if (0 != memcmp("NTLMSSP", challenge.ident, 8)
+ || challenge.msgType != 2
+ || challenge.uDomain.offset > (unsigned)result
+ || (challenge.uDomain.offset + challenge.uDomain.len) < challenge.uDomain.offset
+ || (challenge.uDomain.offset + challenge.uDomain.len) > (unsigned)result)
+ {
+ report (stderr, GT_("NTLM challenge contains invalid data.\n"));
+ result = PS_AUTHFAIL;
+ goto cancelfail;
+ }
if (outlevel >= O_DEBUG)
dumpSmbNtlmAuthChallenge(stdout, &challenge);
#include <pwd.h>
#include <string.h>
#include <errno.h>
-#if defined(STDC_HEADERS)
#include <stdlib.h>
#include <limits.h>
-#else
-#include <ctype.h>
-#endif
#include "getopt.h"
#include "fetchmail.h"
-#include "i18n.h"
+#include "gettext.h"
enum {
LA_INVISIBLE = 256,
LA_IDLE,
LA_NOSOFTBOUNCE,
LA_SOFTBOUNCE,
- LA_BADHEADER
+ LA_BADHEADER,
+ LA_RETRIEVEERROR
};
-/* options still left: CgGhHjJoORTWxXYz */
-static const char *shortoptions =
+static const char *shortoptions =
+/* options still left: ghHjJoRTWxXYz */
+#ifdef HAVE_LIBPWMD
+ "O:C:G:"
+#endif
"?Vcsvd:NqL:f:i:p:UP:A:t:E:Q:u:akKFnl:r:S:Z:b:B:e:m:I:M:yw:D:";
static const struct option longoptions[] = {
/* this can be const because all flag fields are 0 and will never get set */
+#ifdef HAVE_LIBPWMD
+ {"pwmd-socket", required_argument, (int *) 0, 'C' },
+ {"pwmd-file", required_argument, (int *) 0, 'G' },
+ {"pinentry-timeout", required_argument, (int *) 0, 'O' },
+#endif
{"help", no_argument, (int *) 0, '?' },
{"version", no_argument, (int *) 0, 'V' },
{"check", no_argument, (int *) 0, 'c' },
{"norewrite", no_argument, (int *) 0, 'n' },
{"limit", required_argument, (int *) 0, 'l' },
{"warnings", required_argument, (int *) 0, 'w' },
+ {"retrieve-error", required_argument, (int *) 0, LA_RETRIEVEERROR },
{"folder", required_argument, (int *) 0, 'r' },
{"smtphost", required_argument, (int *) 0, 'S' },
static int xatoi(char *s, int *errflagptr)
/* do safe conversion from string to number */
{
-#if defined (STDC_HEADERS) && defined (LONG_MAX) && defined (INT_MAX)
/* parse and convert numbers, but also check for invalid characters in
* numbers
*/
}
return (int) value; /* shut up, I know what I'm doing */
-#else
- int i;
- char *dp;
-# if defined (STDC_HEADERS)
- size_t len;
-# else
- int len;
-# endif
-
- /* We do only base 10 conversions here (atoi)! */
-
- len = strlen(s);
- /* check for leading white spaces */
- for (i = 0; (i < len) && isspace((unsigned char)s[i]); i++)
- ;
-
- dp = &s[i];
-
- /* check for +/- */
- if (i < len && (s[i] == '+' || s[i] == '-')) i++;
-
- /* skip over digits */
- for ( /* no init */ ; (i < len) && isdigit((unsigned char)s[i]); i++)
- ;
-
- /* check for trailing garbage */
- if (i != len) {
- (void) fprintf(stderr, GT_("String '%s' is not a valid number string.\n"), s);
- (*errflagptr)++;
- return 0;
- }
-
- /* atoi should be safe by now, except for number range over/underflow */
- return atoi(dp);
-#endif
}
/** parse and validate the command line options */
int parsecmdline (int argc /** argument count */,
char **argv /** argument strings */,
struct runctl *rctl /** global run controls to modify */,
- struct query *ctl /** option record to initialize */)
+ struct query *ctl /** option record to initialize */,
+ flag *safewithbg /** set to whether options are
+ compatible with another copy
+ running in the background */)
{
/*
* return value: if positive, argv index of last parsed option + 1
int errflag = 0; /* TRUE when a syntax error is detected */
int helpflag = 0; /* TRUE when option help was explicitly requested */
int option_index;
+ int option_safe; /* to track if option currently parsed is safe
+ with a background copy */
char *buf, *cp;
rctl->poll_interval = -1;
+ *safewithbg = TRUE;
memset(ctl, '\0', sizeof(struct query)); /* start clean */
ctl->smtp_socket = -1;
(c = getopt_long(argc,argv,shortoptions,
longoptions, &option_index)) != -1)
{
+ option_safe = FALSE;
+
switch (c) {
+#ifdef HAVE_LIBPWMD
+ case 'C':
+ ctl->pwmd_socket = prependdir(optarg, currentwd);
+ break;
+ case 'G':
+ ctl->pwmd_file = xstrdup(optarg);
+ break;
+ case 'O':
+ rctl->pinentry_timeout = atoi(optarg);
+ break;
+#endif
case 'V':
versioninfo = TRUE;
+ option_safe = TRUE;
break;
case 'c':
check_only = TRUE;
break;
case 's':
outlevel = O_SILENT;
+ option_safe = 1;
break;
case 'v':
if (outlevel >= O_VERBOSE)
outlevel = O_DEBUG;
else
outlevel = O_VERBOSE;
+ option_safe = TRUE;
break;
case 'd':
rctl->poll_interval = xatoi(optarg, &errflag);
/* XXX -- should probably use a table lookup here */
if (strcasecmp(optarg,"auto") == 0)
ctl->server.protocol = P_AUTO;
- else if (strcasecmp(optarg,"pop2") == 0)
- ctl->server.protocol = P_POP2;
#ifdef SDPS_ENABLE
else if (strcasecmp(optarg,"sdps") == 0)
{
#endif /* SDPS_ENABLE */
else if (strcasecmp(optarg,"pop3") == 0)
ctl->server.protocol = P_POP3;
- else if (strcasecmp(optarg,"apop") == 0)
- ctl->server.protocol = P_APOP;
- else if (strcasecmp(optarg,"rpop") == 0)
- ctl->server.protocol = P_RPOP;
else if (strcasecmp(optarg,"kpop") == 0)
{
ctl->server.protocol = P_POP3;
ctl->server.service = xstrdup(KPOP_PORT);
#ifdef KERBEROS_V5
ctl->server.authenticate = A_KERBEROS_V5;
-#else
- ctl->server.authenticate = A_KERBEROS_V4;
#endif /* KERBEROS_V5 */
}
else if (strcasecmp(optarg,"imap") == 0)
}
break;
case 'U':
- ctl->server.uidl = FLAG_TRUE;
+ /* EMPTY - removed in 7.0.0 */
break;
case LA_IDLE:
ctl->idle = FLAG_TRUE;
case LA_AUTH:
if (strcmp(optarg, "password") == 0)
ctl->server.authenticate = A_PASSWORD;
- else if (strcmp(optarg, "kerberos") == 0)
#ifdef KERBEROS_V5
+ else if (strcmp(optarg, "kerberos") == 0)
ctl->server.authenticate = A_KERBEROS_V5;
-#else
- ctl->server.authenticate = A_KERBEROS_V4;
-#endif /* KERBEROS_V5 */
else if (strcmp(optarg, "kerberos_v5") == 0)
ctl->server.authenticate = A_KERBEROS_V5;
- else if (strcmp(optarg, "kerberos_v4") == 0)
- ctl->server.authenticate = A_KERBEROS_V4;
+#endif /* KERBEROS_V5 */
else if (strcmp(optarg, "ssh") == 0)
ctl->server.authenticate = A_SSH;
else if (strcasecmp(optarg, "external") == 0)
ctl->server.authenticate = A_ANY;
else if (strcmp(optarg, "msn") == 0)
ctl->server.authenticate = A_MSN;
+ else if (strcmp(optarg, "apop") == 0)
+ ctl->server.authenticate = A_APOP;
else {
fprintf(stderr,GT_("Invalid authentication `%s' specified.\n"), optarg);
errflag++;
case LA_CONFIGDUMP:
configdump = TRUE;
+ option_safe = TRUE;
break;
case LA_SYSLOG:
ctl->server.tracepolls = FLAG_TRUE;
break;
+ case LA_RETRIEVEERROR:
+ if (strcasecmp(optarg,"abort") == 0) {
+ ctl->server.retrieveerror = RE_ABORT;
+ } else if (strcasecmp(optarg,"continue") == 0) {
+ ctl->server.retrieveerror = RE_CONTINUE;
+ } else if (strcasecmp(optarg,"markseen") == 0) {
+ ctl->server.retrieveerror = RE_MARKSEEN;
+ } else {
+ fprintf(stderr,GT_("Invalid retrieve-error policy `%s' specified.\n"), optarg);
+ errflag++;
+ }
+ break;
+
case '?':
+ helpflag = 1;
default:
- helpflag++;
+ break;
}
+ *safewithbg &= option_safe;
}
if (errflag || ocount > 1 || helpflag) {
P(GT_(" --sslcertpath path to trusted-CA ssl certificate directory\n"));
P(GT_(" --sslcommonname expect this CommonName from server (discouraged)\n"));
P(GT_(" --sslfingerprint fingerprint that must match that of the server's cert.\n"));
- P(GT_(" --sslproto force ssl protocol (SSL23/SSL3/TLS1)\n"));
+ P(GT_(" --sslproto force ssl protocol (SSL2/SSL3/TLS1)\n"));
#endif
P(GT_(" --plugin specify external command to open connection\n"));
P(GT_(" --plugout specify external command to open smtp connection\n"));
P(GT_(" --bad-header {reject|accept}\n"
" specify policy for handling messages with bad headers\n"));
+ P(GT_(" --retrieve-error {abort|continue|markseen}\n"
+ " specify policy for processing messages with retrieve errors\n"));
P(GT_(" -p, --protocol specify retrieval protocol (see man page)\n"));
- P(GT_(" -U, --uidl force the use of UIDLs (pop3 only)\n"));
+#ifdef HAVE_LIBPWMD
+ P(GT_(" -C, --pwmd-socket pwmd socket path (~/.pwmd/socket)\n"));
+ P(GT_(" -G, --pwmd-file filename to use on the pwmd server\n"));
+ P(GT_(" -O, --pinentry-timeout seconds until pinentry is canceled\n"));
+#endif
+
P(GT_(" --port TCP port to connect to (obsolete, use --service)\n"));
P(GT_(" -P, --service TCP service to connect to (can be numeric TCP port)\n"));
P(GT_(" --auth authentication type (password/kerberos/ssh/otp)\n"));
#include <stdio.h>
#include <sys/types.h>
#include <sys/file.h>
-#if defined(HAVE_SYS_WAIT_H)
#include <sys/wait.h>
-#endif
#include <sys/stat.h>
#include <errno.h>
-#if defined(STDC_HEADERS)
#include <stdlib.h>
-#endif
-#if defined(HAVE_UNISTD_H)
#include <unistd.h>
-#endif
#include <string.h>
#if defined(__CYGWIN__)
#endif /* __CYGWIN__ */
#include "fetchmail.h"
-#include "i18n.h"
+#include "gettext.h"
/* parser reads these */
char *rcfile; /* path name of rc file */
%token DEFAULTS POLL SKIP VIA AKA LOCALDOMAINS PROTOCOL
%token AUTHENTICATE TIMEOUT KPOP SDPS ENVELOPE QVIRTUAL
+%token PINENTRY_TIMEOUT PWMD_SOCKET PWMD_FILE
%token USERNAME PASSWORD FOLDER SMTPHOST FETCHDOMAINS MDA BSMTP LMTP
%token SMTPADDRESS SMTPNAME SPAMRESPONSE PRECONNECT POSTCONNECT LIMIT WARNINGS
%token INTERFACE MONITOR PLUGIN PLUGOUT
%token SET LOGFILE DAEMON SYSLOG IDFILE PIDFILE INVISIBLE POSTMASTER BOUNCEMAIL
%token SPAMBOUNCE SOFTBOUNCE SHOWDOTS
%token BADHEADER ACCEPT REJECT_
+%token RETRIEVEERROR ABORT CONTINUE MARKSEEN
%token <proto> PROTO AUTHTYPE
%token <sval> STRING
%token <number> NUMBER
| SET NO INVISIBLE {run.invisible = FALSE;}
| SET SHOWDOTS {run.showdots = FLAG_TRUE;}
| SET NO SHOWDOTS {run.showdots = FLAG_FALSE;}
+ | SET PINENTRY_TIMEOUT optmap NUMBER {
+#ifdef HAVE_LIBPWMD
+ run.pinentry_timeout = $4;
+#else
+ yyerror(GT_("pwmd not enabled"));
+#endif
+ }
/*
* The way the next two productions are written depends on the fact that
| PROTOCOL PROTO {current.server.protocol = $2;}
| PROTOCOL KPOP {
current.server.protocol = P_POP3;
-
- if (current.server.authenticate == A_PASSWORD)
#ifdef KERBEROS_V5
+ if (current.server.authenticate == A_PASSWORD)
current.server.authenticate = A_KERBEROS_V5;
-#else
- current.server.authenticate = A_KERBEROS_V4;
-#endif /* KERBEROS_V5 */
current.server.service = KPOP_PORT;
+#else
+ yyerror(GT_("Kerberos not enabled."));
+#endif
}
| PRINCIPAL STRING {current.server.principal = $2;}
| ESMTPNAME STRING {current.server.esmtp_name = $2;}
yyerror(GT_("SDPS not enabled."));
#endif /* SDPS_ENABLE */
}
- | UIDL {current.server.uidl = FLAG_TRUE;}
- | NO UIDL {current.server.uidl = FLAG_FALSE;}
+ | UIDL {/* EMPTY - removed in 7.0.0 */}
+ | NO UIDL {/* EMPTY - removed in 7.0.0 */}
| CHECKALIAS {current.server.checkalias = FLAG_TRUE;}
| NO CHECKALIAS {current.server.checkalias = FLAG_FALSE;}
| SERVICE STRING {
| NO TRACEPOLLS {current.server.tracepolls = FLAG_FALSE;}
| BADHEADER ACCEPT {current.server.badheader = BHACCEPT;}
| BADHEADER REJECT_ {current.server.badheader = BHREJECT;}
+ | RETRIEVEERROR ABORT {current.server.retrieveerror = RE_ABORT;}
+ | RETRIEVEERROR CONTINUE {current.server.retrieveerror = RE_CONTINUE;}
+ | RETRIEVEERROR MARKSEEN {current.server.retrieveerror = RE_MARKSEEN;}
;
userspecs : user1opts {record_current(); user_reset();}
| EXPUNGE NUMBER {current.expunge = NUM_VALUE_IN($2);}
| PROPERTIES STRING {current.properties = $2;}
+
+ | PWMD_SOCKET STRING {
+#ifdef HAVE_LIBPWMD
+ current.pwmd_socket = xstrdup($2);
+#else
+ yyerror(GT_("pwmd not enabled"));
+#endif
+ }
+
+ | PWMD_FILE STRING {
+#ifdef HAVE_LIBPWMD
+ current.pwmd_file = xstrdup($2);
+#else
+ yyerror(GT_("pwmd not enabled"));
+#endif
+ }
;
%%
int prc_filecheck(const char *pathname,
const flag securecheck /** shortcuts permission, filetype and uid tests if false */)
{
-#ifndef __EMX__
struct stat statbuf;
errno = 0;
return(PS_IOERR);
}
-#ifndef __BEOS__
#ifdef __CYGWIN__
if (cygwin_internal(CW_CHECK_NTSEC, pathname))
#endif /* __CYGWIN__ */
pathname);
return(PS_IOERR);
}
-#endif /* __BEOS__ */
-#ifdef HAVE_GETEUID
if (statbuf.st_uid != geteuid())
-#else
- if (statbuf.st_uid != getuid())
-#endif /* HAVE_GETEUID */
{
fprintf(stderr, GT_("File %s must be owned by you.\n"), pathname);
return(PS_IOERR);
}
-#endif
return(PS_SUCCESS);
}
yyparse(); /* parse entire file */
- fclose(yyin); /* not checking this should be safe, file mode was r */
+ if (yyin != stdin)
+ fclose(yyin); /* not checking this should be safe, file mode was r */
if (prc_errflag)
return(PS_SYNTAX);
#include <errno.h>
#include <string.h>
#include <ctype.h> /* isspace() */
-#ifdef HAVE_MEMORY_H
-#include <memory.h>
-#endif /* HAVE_MEMORY_H */
#include <sys/types.h>
#include <sys/stat.h>
-#ifndef HAVE_NET_SOCKET_H
#include <sys/socket.h>
-#else
-#include <net/socket.h>
-#endif
#include <sys/un.h>
#include <netinet/in.h>
-#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
-#endif
#include <netdb.h>
-#if defined(STDC_HEADERS)
#include <stdlib.h>
-#endif
-#if defined(HAVE_UNISTD_H)
#include <unistd.h>
-#endif
-#if defined(HAVE_STDARG_H)
#include <stdarg.h>
-#else
-#include <varargs.h>
-#endif
-#if TIME_WITH_SYS_TIME
-# include <sys/time.h>
-# include <time.h>
-#else
-# if HAVE_SYS_TIME_H
-# include <sys/time.h>
-# else
-# include <time.h>
-# endif
-#endif
+#include <sys/time.h>
+#include <time.h>
#include "socket.h"
#include "fetchmail.h"
#include "getaddrinfo.h"
-#include "i18n.h"
+#include "gettext.h"
#include "sdump.h"
-/* Defines to allow BeOS and Cygwin to play nice... */
-#ifdef __BEOS__
-static char peeked;
-#define fm_close(a) closesocket(a)
-#define fm_write(a,b,c) send(a,b,c,0)
-#define fm_peek(a,b,c) recv(a,b,c,0)
-#define fm_read(a,b,c) recv(a,b,c,0)
-#else
-#define fm_close(a) close(a)
+/* Defines to allow Cygwin to play nice... */
+#define fm_close(a) close(a)
#define fm_write(a,b,c) write(a,b,c)
#define fm_peek(a,b,c) recv(a,b,c, MSG_PEEK)
+
#ifdef __CYGWIN__
#define fm_read(a,b,c) cygwin_read(a,b,c)
static ssize_t cygwin_read(int sock, void *buf, size_t count);
#else /* ! __CYGWIN__ */
#define fm_read(a,b,c) read(a,b,c)
#endif /* __CYGWIN__ */
-#endif
/* We need to define h_errno only if it is not already */
#ifndef h_errno
# endif
#endif /* ndef h_errno */
-#ifdef HAVE_SOCKETPAIR
static char *const *parse_plugin(const char *plugin, const char *host, const char *service)
{
char **argvec;
if (!argvec)
{
report(stderr, GT_("fetchmail: malloc failed\n"));
+ free(plugin_copy);
return NULL;
}
memset(argvec, 0, s);
(void) close(fds[0]);
return fds[1];
}
-#endif /* HAVE_SOCKETPAIR */
/** Set socket to SO_KEEPALIVE. \return 0 for success. */
int SockKeepalive(int sock) {
return -1;
}
- /* Socket opened saved. Usefull if connect timeout
+ /* Socket opened saved. Useful if connect timeout
* because it can be closed.
*/
mailserver_socket_temp = sock;
int ord;
char errbuf[8192] = "";
-#ifdef HAVE_SOCKETPAIR
if (plugin)
return handle_plugin(host,service,plugin);
-#endif /* HAVE_SOCKETPAIR */
memset(&req, 0, sizeof(struct addrinfo));
req.ai_socktype = SOCK_STREAM;
return i;
}
-
-#if defined(HAVE_STDARG_H)
int SockPrintf(int sock, const char* format, ...)
{
-#else
-int SockPrintf(sock,format,va_alist)
-int sock;
-char *format;
-va_dcl {
-#endif
-
va_list ap;
char buf[8192];
-#if defined(HAVE_STDARG_H)
va_start(ap, format) ;
-#else
- va_start(ap);
-#endif
vsnprintf(buf, sizeof(buf), format, ap);
va_end(ap);
return SockWrite(sock, buf, strlen(buf));
-
}
#ifdef SSL_ENABLE
+#define OPENSSL_NO_SSL_INTERN 1
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/pem.h>
if (--len < 1)
return(-1);
-#ifdef __BEOS__
- if (peeked != 0){
- (*bp) = peeked;
- bp++;
- len--;
- peeked = 0;
- }
-#endif
do {
/*
* The reason for these gymnastics is that we want two things:
#endif /* SSL_ENABLE */
{
-#ifdef __BEOS__
- if ((n = fm_read(sock, bp, 1)) <= 0)
-#else
if ((n = fm_peek(sock, bp, len)) <= 0)
-#endif
return (-1);
if ((newline = (char *)memchr(bp, '\n', n)) != NULL)
n = newline - bp + 1;
-#ifndef __BEOS__
if ((n = fm_read(sock, bp, n)) == -1)
return(-1);
-#endif /* __BEOS__ */
}
bp += n;
len -= n;
if (n == -1)
return -1;
-#ifdef __BEOS__
- peeked = ch;
-#endif
return(ch);
}
{
struct stat randstat;
int i;
+ long sslopts = SSL_OP_ALL;
SSL_load_error_strings();
SSL_library_init();
/* Make sure a connection referring to an older context is not left */
_ssl_context[sock] = NULL;
if(myproto) {
- if(!strcasecmp("ssl3",myproto)) {
+ if(!strcasecmp("ssl2",myproto)) {
+ #if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
+ _ctx[sock] = SSL_CTX_new(SSLv2_client_method());
+ #else
+ report(stderr, GT_("Your operating system does not support SSLv2.\n"));
+ return -1;
+ #endif
+ } else if(!strcasecmp("ssl3",myproto)) {
_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
} else if(!strcasecmp("tls1",myproto)) {
_ctx[sock] = SSL_CTX_new(TLSv1_client_method());
} else if (!strcasecmp("ssl23",myproto)) {
myproto = NULL;
} else {
- fprintf(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSL23).\n"), myproto);
+ fprintf(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSLv23).\n"), myproto);
myproto = NULL;
}
}
return(-1);
}
- {
- char *tmp = getenv("FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE");
- if (tmp == NULL || *tmp == '\0' || strspn(tmp, " \t") == strlen(tmp))
- sslopts &= ~ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
- }
-
- SSL_CTX_set_options(_ctx[sock], sslopts);
+ SSL_CTX_set_options(_ctx[sock], (SSL_OP_ALL | SSL_OP_NO_SSLv2) & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
if (certck) {
SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);
projects / ~andy / fetchmail / commitdiff