"X-Fetchmail-ID" header in fetched messages for debugging.
* Total byte count in status message?
* -U/--userdefault option to specify postmaster overriding USER.
+* imap_canonicalize screws up password shrouding.
Release Notes:
+------------------------------------------------------------------------------
+fetchmail-4.4.1 ():
+* We now properly shroud IMAP passwords containing ", \, and SP.
+
+There are 273 people on fetchmail-friends and 160 on fetchmail-announce.
+
------------------------------------------------------------------------------
fetchmail-4.4.0 (Mon Mar 16 14:57:38 EST 1998):
* Fix bug that prevented graceful exit from POP3 validation on wrong password.
static int tagnum;
#define GENSYM (sprintf(tag, "A%04d", ++tagnum % TAGMOD), tag)
-static char *shroud; /* string to shroud in debug output, if non-NULL */
-static int mytimeout; /* value of nonreponse timeout */
-static int msglen; /* actual message length */
+static char shroud[PASSWORDLEN]; /* string to shroud in debug output */
+static int mytimeout; /* value of nonreponse timeout */
+static int msglen; /* actual message length */
/* use these to track what was happening when the nonresponse timer fired */
#define GENERAL_WAIT 0 /* unknown wait type */
/* try to get authorized to fetch mail */
if (protocol->getauth)
{
- shroud = ctl->password;
+ if (protocol->password_canonify)
+ (protocol->password_canonify)(shroud, ctl->password);
+ else
+ strcpy(shroud, ctl->password);
+
ok = (protocol->getauth)(sock, ctl, buf);
- shroud = (char *)NULL;
if (ok != 0)
{
if (ok == PS_LOCKBUSY)
FALSE, /* this is not a tagged protocol */
FALSE, /* this does not use a message delimiter */
etrn_ok, /* parse command response */
+ NULL, /* no password canonicalization */
NULL, /* no need to get authentication */
etrn_getrange, /* initialize message sending */
NULL, /* we cannot get a list of sizes */
flag tagged; /* if true, generate & expect command tags */
flag delimited; /* if true, accept "." message delimiter */
int (*parse_response)(); /* response_parsing function */
+ int (*password_canonify)(); /* canonicalize password */
int (*getauth)(); /* authorization fetcher */
int (*getrange)(); /* get message range to fetch */
int (*getsizes)(); /* get sizes of messages */
}
#endif /* GSSAPI */
-static char *canonicalize_imap_password(char *passwd)
+int imap_canonicalize(char *result, char *passwd)
/* encode an IMAP password as per RFC1730's quoting conventions */
{
- char *result;
int i, j;
- result = malloc(2*strlen(passwd));
- if (!result)
- return 0;
-
- j=0;
- for (i=0; i<strlen(passwd); ++i)
+ j = 0;
+ for (i = 0; i < strlen(passwd); i++)
{
if ((passwd[i] == '\\') || (passwd[i] == '"'))
result[j++] = '\\';
}
result[j] = '\0';
- return(result);
+ return(i);
}
int imap_getauth(int sock, struct query *ctl, char *greeting)
/* apply for connection authorization */
{
int ok = 0;
+ char password[PASSWORDLEN*2];
/* probe to see if we're running IMAP4 and can use RFC822.PEEK */
capabilities[0] = '\0';
};
#endif /* __UNUSED__ */
- /* try to get authorized in the ordinary (AUTH=LOGIN) way */
- {
- char *newpass = canonicalize_imap_password(ctl->password);
-
- if (!newpass)
- return(PS_AUTHFAIL); /* should report error better!!!! */
-
- ok = gen_transact(sock, "LOGIN \"%s\" \"%s\"", ctl->remotename,newpass);
-
- free(newpass);
-
- if (ok)
- return(ok);
- }
+ imap_canonicalize(password, ctl->password);
+ ok = gen_transact(sock, "LOGIN \"%s\" \"%s\"", ctl->remotename, password);
+ if (ok)
+ return(ok);
return(PS_SUCCESS);
}
TRUE, /* this is a tagged protocol */
FALSE, /* no message delimiter */
imap_ok, /* parse command response */
+ imap_canonicalize, /* deal with embedded slashes and spaces */
imap_getauth, /* get authorization */
imap_getrange, /* query range of messages */
imap_getsizes, /* get sizes of messages (used for --limit option */
FALSE, /* this is not a tagged protocol */
FALSE, /* does not use message delimiter */
pop2_ok, /* parse command response */
+ NULL, /* no password canonicalization */
pop2_getauth, /* get authorization */
pop2_getrange, /* query range of messages */
NULL, /* no way to get sizes */
FALSE, /* this is not a tagged protocol */
TRUE, /* this uses a message delimiter */
pop3_ok, /* parse command response */
+ NULL, /* no password canonicalization */
pop3_getauth, /* get authorization */
pop3_getrange, /* query range of messages */
pop3_getsizes, /* we can get a list of sizes */