--- /dev/null
-
+ When compiled with pwmd (Password Manager Daemon) support (--enable-pwmd)
+ fetchmail can retrieve server details from pwmd. pwmd v2.0 and libpwmd v6.0.0
+ or later are required.
+
+ Three new configuration parameters are added: pwmd_socket (optional) to
+ specify the socket to connect to (default is ~/.pwmd/socket), pwmd_file
+ (required) which specifies the filename on the server to open, and a global
+ parameter pinentry_timeout (optional) which specifies the number of seconds
+ until pinentry is cancelled while waiting for the password.
+
+ Three new command line options are also added:
+ --pwmd-socket, -C same as pwmd_socket
+ --pwmd-file, -G same as pwmd_file
+ --pinentry_timeout, -O same as pinentry_timeout
+
+ If no pinentry timeout value is specified then the server default will be
+ used.
+
+ The format of pwmd_socket and --pwmd-socket can be either a URL string in the
+ form of:
+ file://[path/to/socket]
++
+ or
+
+ ssh[46]://[username@]hostname[:port],identity_file,known_hosts_file
+
+ If neither file:// or ssh[46]:// are specified it is assumed to be a local
+ UNIX domain socket to connect to (file://~/.pwmd/socket).
+
+ See the pwmc(1) manual page for details about the identity and known_hosts
+ files. Note that if connecting to a remote pwmd server, pwmd's pinentry will
+ be disabled and a local pinentry will be tried.
+
+ The data that pwmd uses to serve clients is stored in an (encrypted) XML file.
+ You'll need to create the file you want fetchmail to use by connecting to the
+ server with a pwmd client (socat or pwmc from libpwmd) and send commands to
+ store the data. See COMMANDS included with pwmd for details.
+
+ The password, if any, to open the encrypted data file is either cached on the
+ server (the file has been opened before), or gotten from pinentry(1). See the
+ pwmd(1) manual page for information about the ~/.pwmd/pinentry.conf file which
+ may contain DISPLAY and TTYNAME settings to let pinentry(1) know where to
+ prompt for the password.
+
+ An account (e.g., pollname) may be an element path. Instead of separating the
+ elements with a TAB character, separate them with a '^'.
+
+ Here are the elements that fetchmail uses:
+
+ [...]elements in the element path (^ separated)[...]
+ <pollname>
+ <username> - Optional (--username/username)
+ <password> - Optional (--password/password)
+ <POP3|IMAP|etc..> - Server protocol (must match the protocol
+ keyword from the rcfile or command line)
+ <hostname> - Required (servername/via)
+ <port> - Required (--service/protocol)
+ <ssl> - Optional (--ssl/ssl)
+ <sslfingerprint> - Optional (--sslfingerprint/sslfingerprint)
+ </POP3|IMAP|etc..>
+ </pollname>
+
+
+ A minimal fetchmailrc might look like this:
+
+ set pinentry_timeout 30
+ poll isp proto POP3:
+ pwmd_file default
+
+ poll myaccounts^isp proto IMAP:
+ pwmd_file default
+ pwmd_socket "ssh://user@host,~/.pwmd/fetchmail,~/.pwmd/known_hosts"
+
+
+ Or from the command line:
+
+ fetchmail -f fetchmailrc isp
+ fetchmail --pwmd-file somefile -p POP3 isp
+
+
+ Ben Kibbey <bjk@luxsci.net>
+ http://bjk.sourceforge.net/pwmd/.
AC_MSG_CHECKING(sys_siglist declaration in signal.h or unistd.h)
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <signal.h>
/* NetBSD declares sys_siglist in <unistd.h>. */
-#ifdef HAVE_UNISTD_H
#include <unistd.h>
-#endif]], [[char *msg = *(sys_siglist + 1);]])],[AC_DEFINE(SYS_SIGLIST_DECLARED,1,[Define if 'sys_siglist' is declared by <signal.h>.]) AC_MSG_RESULT(yes)],[AC_MSG_RESULT(no)])
-
-# Find the right directory to put the root-mode PID file in
-for dir in "/var/run" "/etc"
-do
- if test -d $dir
- then
- break;
- fi
-done
-AC_MSG_RESULT(root-mode pid file will go in $dir)
-AC_DEFINE_UNQUOTED(PID_DIR, "$dir", directory for PID lock files)
+]], [[char *msg = *(sys_siglist + 1);]])],[AC_DEFINE(SYS_SIGLIST_DECLARED,1,[Define if 'sys_siglist' is declared by <signal.h>.]) AC_MSG_RESULT(yes)],[AC_MSG_RESULT(no)])
+
+AC_DEFINE_UNQUOTED(PID_DIR, "/var/run", directory for PID lock files)
+ AC_ARG_ENABLE(pwmd,
+ [ --enable-pwmd enable Password Manager Daemon support],
+ , [enable_pwmd=no])
+
+ if test "$enable_pwmd" = "yes"; then
+ PKG_CHECK_EXISTS([libpwmd], have_libpwmd=1,
+ AC_MSG_ERROR([Could not find libpwmd pkg-config module.]))
+
+
+ PKG_CHECK_MODULES([libpwmd], [libpwmd >= 6.0.0])
+ AM_CONDITIONAL(HAVE_LIBPWMD, true)
+ AC_DEFINE(HAVE_LIBPWMD, 1, [Define if you have libPWMD installed.])
+ else
+ AM_CONDITIONAL(HAVE_LIBPWMD, false)
+ fi
+
# We may have a fallback MDA available in case the socket open to the
# local SMTP listener fails. Best to use procmail for this, as we know
# it won't try delivering through local SMTP and cause a mail loop.
static struct runctl cmd_run; /* global options set from command line */
static time_t parsetime; /* time of last parse */
-static RETSIGTYPE terminate_run(int);
-static RETSIGTYPE terminate_poll(int);
+static void terminate_run(int);
+static void terminate_poll(int);
+ #ifdef HAVE_LIBPWMD
+ static pwm_t *pwm; /* the handle */
+ static const char *pwmd_socket; /* current socket */
+ static const char *pwmd_file; /* current file */
+ #endif
+
#if defined(__FreeBSD__) && defined(__FreeBSD_USE_KVM)
/* drop SGID kmem privileage until we need it */
static void dropprivs(void)
#ifdef KERBEROS_V5
"+KRB5"
#endif /* KERBEROS_V5 */
-#ifndef HAVE_RES_SEARCH
- "-DNS"
-#endif
+ #ifdef HAVE_LIBPWMD
+ "+PWMD"
+ #endif /* HAVE_LIBPWMD */
".\n";
printf(GT_("This is fetchmail release %s"), VERSION);
fputs(features, stdout);
* call later on.
*/
ctl = hostalloc((struct query *)NULL);
- ctl->server.via =
- ctl->server.pollname = xstrdup(argv[optind]);
+
+ #ifdef HAVE_LIBPWMD
+ if (cmd_opts.pwmd_file) {
+ /*
+ * Cannot get an element path without a service.
+ */
+ if (cmd_opts.server.protocol == 0 || cmd_opts.server.protocol == 1) {
+ report(stderr, GT_("Option --pwmd-file needs a service (-p) parameter.\n"));
+ exit(PS_SYNTAX);
+ }
+
+ fprintf(stderr, "%s(%i): %s\n", __FILE__, __LINE__, __FUNCTION__);
+ if (do_pwmd_connect(cmd_opts.pwmd_socket, cmd_opts.pwmd_file))
+ continue;
+
+ if (get_pwmd_details(argv[optind], cmd_opts.server.protocol,
+ ctl))
+ continue;
+ }
+ else
+ ctl->server.via =
+ ctl->server.pollname = xstrdup(argv[optind]);
+ #else
+ ctl->server.via =
+ ctl->server.pollname = xstrdup(argv[optind]);
+ #endif
ctl->active = TRUE;
ctl->server.lead_server = (struct hostdata *)NULL;
}
#include <netdb.h>
#include <stdio.h>
-/* Import Trio if needed */
-#if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF)
-# include "trio/trio.h"
-#endif
+#include "fm_strl.h"
+
+#include "uid_db.h"
-/* We need this for strstr */
-#if !defined(HAVE_STRSTR) && !defined(strstr)
-char *strstr(const char *, const char *);
-#endif
-
+ #ifdef HAVE_LIBPWMD
+ #include <libpwmd.h>
+ #endif
+
/* constants designating the various supported protocols */
#define P_AUTO 1
-#define P_POP2 2
#define P_POP3 3
#define P_APOP 4
-#define P_RPOP 5
#define P_IMAP 6
#define P_ETRN 7
#define P_ODMR 8
LA_BADHEADER
};
- /* options still left: CgGhHjJoORTWxXYz */
- static const char *shortoptions =
++static const char *shortoptions =
++/* options still left: ghHjJoRTWxXYz */
+ #ifdef HAVE_LIBPWMD
-static const char *shortoptions =
- "O:C:G:?Vcsvd:NqL:f:i:p:UP:A:t:E:Q:u:akKFnl:r:S:Z:b:B:e:m:I:M:yw:D:";
-#else
-/* options still left: CgGhHjJoORTWxXYz */
-static const char *shortoptions =
- "?Vcsvd:NqL:f:i:p:UP:A:t:E:Q:u:akKFnl:r:S:Z:b:B:e:m:I:M:yw:D:";
++ "O:C:G:"
+ #endif
+ "?Vcsvd:NqL:f:i:p:UP:A:t:E:Q:u:akKFnl:r:S:Z:b:B:e:m:I:M:yw:D:";
static const struct option longoptions[] = {
/* this can be const because all flag fields are 0 and will never get set */
- {"pwmd-socket", required_argument, (int *) 0, 'C' },
- {"pwmd-file", required_argument, (int *) 0, 'G' },
- {"pinentry-timeout", required_argument, (int *) 0, 'O' },
+ #ifdef HAVE_LIBPWMD
++ {"pwmd-socket", required_argument, (int *) 0, 'C' },
++ {"pwmd-file", required_argument, (int *) 0, 'G' },
++ {"pinentry-timeout", required_argument, (int *) 0, 'O' },
+ #endif
{"help", no_argument, (int *) 0, '?' },
{"version", no_argument, (int *) 0, 'V' },
{"check", no_argument, (int *) 0, 'c' },
%token DEFAULTS POLL SKIP VIA AKA LOCALDOMAINS PROTOCOL
%token AUTHENTICATE TIMEOUT KPOP SDPS ENVELOPE QVIRTUAL
-%token PINENTRY_TIMEOUT PWMD_SOCKET PWMD_FILE USERNAME PASSWORD FOLDER SMTPHOST FETCHDOMAINS MDA BSMTP LMTP
++%token PINENTRY_TIMEOUT PWMD_SOCKET PWMD_FILE
+%token USERNAME PASSWORD FOLDER SMTPHOST FETCHDOMAINS MDA BSMTP LMTP
%token SMTPADDRESS SMTPNAME SPAMRESPONSE PRECONNECT POSTCONNECT LIMIT WARNINGS
%token INTERFACE MONITOR PLUGIN PLUGOUT
-%token IS HERE THERE TO MAP WILDCARD
+%token IS HERE THERE TO MAP
%token BATCHLIMIT FETCHLIMIT FETCHSIZELIMIT FASTUIDL EXPUNGE PROPERTIES
%token SET LOGFILE DAEMON SYSLOG IDFILE PIDFILE INVISIBLE POSTMASTER BOUNCEMAIL
%token SPAMBOUNCE SOFTBOUNCE SHOWDOTS
| SET NO INVISIBLE {run.invisible = FALSE;}
| SET SHOWDOTS {run.showdots = FLAG_TRUE;}
| SET NO SHOWDOTS {run.showdots = FLAG_FALSE;}
-#endif
+ | SET PINENTRY_TIMEOUT optmap NUMBER {
+ #ifdef HAVE_LIBPWMD
+ run.pinentry_timeout = $4;
+ #else
+ yyerror(GT_("pwmd not enabled"));
++#endif
+ }
/*
* The way the next two productions are written depends on the fact that
| EXPUNGE NUMBER {current.expunge = NUM_VALUE_IN($2);}
| PROPERTIES STRING {current.properties = $2;}
-#endif
+
+ | PWMD_SOCKET STRING {
+ #ifdef HAVE_LIBPWMD
+ current.pwmd_socket = xstrdup($2);
+ #else
+ yyerror(GT_("pwmd not enabled"));
-#endif
++#endif
+ }
+
+ | PWMD_FILE STRING {
+ #ifdef HAVE_LIBPWMD
+ current.pwmd_file = xstrdup($2);
+ #else
+ yyerror(GT_("pwmd not enabled"));
++#endif
+ }
;
%%