fetchmail/fetchmail-re-read-passwordfile-on-every-poll.patch

From: Matthew Ogilvie <mmogilvi+fml@zoho.com>
Date: Fri, 9 Jun 2017 18:20:40 -0600
Subject: re-read passwordfile on every poll
Git-repo: https://gitlab.com/fetchmail/fetchmail.git
Git-commit: c2b96715bb39b9cfd1c751eae6b0111bed9c8581

---
 fetchmail.c   |  100 ++++++++++++++++++++++++++++++++++++++--------------------
 fetchmail.man |    9 +----
 2 files changed, 69 insertions(+), 40 deletions(-)

Index: fetchmail-6.5.1/fetchmail.c
===================================================================
--- fetchmail-6.5.1.orig/fetchmail.c
+++ fetchmail-6.5.1/fetchmail.c
@@ -681,48 +681,19 @@ int main(int argc, char **argv)
 		}
 
 		ctl->password = xstrdup(msg);
+		ctl->passwordfile = NULL;
 		memset(msg, 0x55, mi-msg);
 	    } else if (ctl->passwordfile) {
-		int fd = open(ctl->passwordfile, O_RDONLY);
-		char msg[PASSWORDLEN+1];
-		char *newline;
-		int res;
-
-		if (fd == -1) {
+		if (access(ctl->passwordfile, R_OK) != 0) {
 		    int saveErrno = errno;
 		    fprintf(stderr,
-			    GT_("fetchmail: unable to open %s: %s\n"),
+			    GT_("fetchmail: unable to access %s: %s\n"),
 			    ctl->passwordfile,
 			    strerror(saveErrno));
 		    return PS_AUTHFAIL;
 		}
-
-		res = read(fd, msg, sizeof(msg)-1);
-		if (res == -1 || close(fd) == -1) {
-		    int saveErrno = errno;
-		    fprintf(stderr,
-			    GT_("fetchmail: error reading %s: %s\n"),
-			    ctl->passwordfile,
-			    strerror(saveErrno));
-		    return PS_AUTHFAIL;
-		}
-		msg[res] = '\0';
-
-		newline = memchr(msg, '\n', res);
-		if (newline != NULL) {
-		    *newline = '\0';
-		}
-
-		if (strlen(msg) == 0) {
-		    fprintf(stderr,
-			    GT_("fetchmail: empty password read from %s\n"),
-			    ctl->passwordfile);
-		    memset(msg, 0x55, res);
-		    return PS_AUTHFAIL;
-		}
-
-		ctl->password = xstrdup(msg);
-		memset(msg, 0x55, res);
+		ctl->password = xstrdup("dummy");
+		/* file will be read/re-read on each poll interval below */
 	    } else if (!isatty(0)) {
 		fprintf(stderr,
 			GT_("fetchmail: can't find a password for %s@%s.\n"),
@@ -739,6 +710,8 @@ int main(int argc, char **argv)
 		ctl->password = xstrdup((char *)fm_getpassword(tmpbuf));
 		free(tmpbuf);
 	    }
+	} else {
+	    ctl->passwordfile = NULL;
 	}
     }
 
@@ -938,6 +911,65 @@ int main(int argc, char **argv)
 
 		    dofastuidl = 0; /* this is reset in the driver if required */
 
+		    if (ctl->passwordfile) {
+			int fd = open(ctl->passwordfile, O_RDONLY);
+			char msg[PASSWORDLEN+1];
+			char *newline;
+			int res;
+
+			if (fd == -1) {
+			    int saveErrno = errno;
+			    report(stderr,
+				   GT_("fetchmail: unable to open %s: %s\n"),
+				   ctl->passwordfile,
+				   strerror(saveErrno));
+			    continue;
+			}
+
+			res = read(fd, msg, sizeof(msg)-1);
+			close(fd);
+			if (res == -1) {
+			    int saveErrno = errno;
+			    report(stderr,
+				   GT_("fetchmail: error reading %s: %s\n"),
+				   ctl->passwordfile,
+				   strerror(saveErrno));
+			    continue;
+			}
+			msg[res] = '\0';
+
+			newline = memchr(msg, '\n', res);
+			if (newline != NULL) {
+			    *newline = '\0';
+			}
+
+			if (strlen(msg) == 0) {
+			    report(stderr,
+				   GT_("fetchmail: empty password read from %s\n"),
+				   ctl->passwordfile);
+			    memset(msg, 0x55, res);
+			    continue;
+			}
+
+			if (ctl->password) {
+			    memset(ctl->password, 0x55, strlen(ctl->password));
+			    xfree(ctl->password);
+			}
+			ctl->password = xstrdup(msg);
+			memset(msg, 0x55, res);
+		    }
+
+		    if (!ctl->password) {
+			/* This shouldn't be reachable (all cases caught
+			 * earlier), but keep it for safety since there
+			 * are many cases.
+			 */
+			report(stderr,
+			       GT_("password is unexpectedly NULL querying %s\n"),
+			       ctl->server.pollname);
+			continue;
+		    }
+
 		    querystatus = query_host(ctl);
 
 		    if (NUM_NONZERO(ctl->fastuidl))
Index: fetchmail-6.5.1/fetchmail.man
===================================================================
--- fetchmail-6.5.1.orig/fetchmail.man
+++ fetchmail-6.5.1/fetchmail.man
@@ -1061,12 +1061,9 @@ See USER AUTHENTICATION below for a comp
 .br
 Specifies a file name from which to read the first line to use as the password.
 Useful if something changes the password/token often without regenerating a
-long fetchmailrc file, such as with typical xoauth2 authentication tokens.
+long fetchmailrc file, such as with typical oauth2 authentication tokens.
 Protect the file with appropriate permissions to avoid leaking your password.
-Fetchmail might not re-read the file in daemon mode (-d) unless the
-fetchmailrc file also changes, so it might make sense to run it in
-non-daemon mode from some other background process (cron and/or whatever
-updates the password).
+Fetchmail will re-read the file for each poll when in daemon mode.
 .TP
 .B \-\-passwordfd <integer>
 (Keyword: passwordfd)
@@ -1079,7 +1076,7 @@ although it could also be a redirected i
 (equivalent to "fetchmail \-\-passwordfd 5 5</path/to/file").
 Useful if something wants to manage password ownership more securely
 than files, or if the password/token changes often,
-such as with typical xoauth2 authentication tokens.  Normal interactive
+such as with typical oauth2 authentication tokens.  Normal interactive
 mode passwords requires that standard input is a terminal and disables
 echo, but passwordfd does not care.  Do not do something
 like "echo 'password' | fetchmail ...", since echo's arguments are
Accepting request 1227336 from home:ayankov:branches:server:mail - Upgrade to 6.5.1 * Drop two wolfSSL compile-time checks that were for older 6.4 or for future 7.0 releases and broke compilation with wolfSSL 5.7.4. Fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282413#c4 * Use %p instead of non-portable %#p for one wolfSSL-related diagnostic message (FreeBSD defines %#p to be %p, on many other platforms it's undefined behavior). * Add regex_helper.c to list of files that contain translatable strings, which contains two strings we missed to translate. * Simplify EVP_MD_fetch API detection ("like OpenSSL 3" vs. "like OpenSSL 1") for version switch and base it on the claimed OpenSSL version of the crypto SSL, which works for LibreSSL (claims OpenSSL 2) and wolfSSL alike. * Several translations added - Rebased fetchmail-6.3.8-smtp_errors.patch - Rebased fetchmail-FAQ-list-gmail-options-including-oauthbearer-and-app.patch - Rebased fetchmail-add-contrib-fetchnmail-oauth2.py-token-acquisition-u.patch - Rebased fetchmail-add-imap-oauthbearer-support.patch - Rebased fetchmail-add-passwordfile-and-passwordfd-options.patch - Rebased fetchmail-add-query_to64_outsize-utility-function.patch - Rebased fetchmail-bump-max-passwordlen-to-1bytes.patch - Rebased fetchmail-give-each-ctl-it-s-own-copy-of-password.patch - Rebased fetchmail-increase-max-password-length-to-handle-oauth-tokens.patch - Rebased fetchmail-re-read-passwordfile-on-every-poll.patch - Rebased fetchmail-support-oauthbearer-xoauth2-with-pop3.patch - Rebased fetchmailconf-no-more-future.patch OBS-URL: https://build.opensuse.org/request/show/1227336 OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=159 2024-11-29 15:58:57 +01:00			`From: Matthew Ogilvie <mmogilvi+fml@zoho.com>`
			`Date: Fri, 9 Jun 2017 18:20:40 -0600`
			`Subject: re-read passwordfile on every poll`
			`Git-repo: https://gitlab.com/fetchmail/fetchmail.git`
			`Git-commit: c2b96715bb39b9cfd1c751eae6b0111bed9c8581`

			`---`
			`fetchmail.c \| 100 ++++++++++++++++++++++++++++++++++++++--------------------`
			`fetchmail.man \| 9 +----`
			`2 files changed, 69 insertions(+), 40 deletions(-)`

			`Index: fetchmail-6.5.1/fetchmail.c`
			`===================================================================`
			`--- fetchmail-6.5.1.orig/fetchmail.c`
			`+++ fetchmail-6.5.1/fetchmail.c`
			`@@ -681,48 +681,19 @@ int main(int argc, char **argv)`
			`}`

			`ctl->password = xstrdup(msg);`
			`+ ctl->passwordfile = NULL;`
			`memset(msg, 0x55, mi-msg);`
			`} else if (ctl->passwordfile) {`
			`- int fd = open(ctl->passwordfile, O_RDONLY);`
			`- char msg[PASSWORDLEN+1];`
			`- char *newline;`
			`- int res;`
			`-`
			`- if (fd == -1) {`
			`+ if (access(ctl->passwordfile, R_OK) != 0) {`
			`int saveErrno = errno;`
			`fprintf(stderr,`
			`- GT_("fetchmail: unable to open %s: %s\n"),`
			`+ GT_("fetchmail: unable to access %s: %s\n"),`
			`ctl->passwordfile,`
			`strerror(saveErrno));`
			`return PS_AUTHFAIL;`
			`}`
			`-`
			`- res = read(fd, msg, sizeof(msg)-1);`
			`- if (res == -1 \|\| close(fd) == -1) {`
			`- int saveErrno = errno;`
			`- fprintf(stderr,`
			`- GT_("fetchmail: error reading %s: %s\n"),`
			`- ctl->passwordfile,`
			`- strerror(saveErrno));`
			`- return PS_AUTHFAIL;`
			`- }`
			`- msg[res] = '\0';`
			`-`
			`- newline = memchr(msg, '\n', res);`
			`- if (newline != NULL) {`
			`- *newline = '\0';`
			`- }`
			`-`
			`- if (strlen(msg) == 0) {`
			`- fprintf(stderr,`
			`- GT_("fetchmail: empty password read from %s\n"),`
			`- ctl->passwordfile);`
			`- memset(msg, 0x55, res);`
			`- return PS_AUTHFAIL;`
			`- }`
			`-`
			`- ctl->password = xstrdup(msg);`
			`- memset(msg, 0x55, res);`
			`+ ctl->password = xstrdup("dummy");`
			`+ /* file will be read/re-read on each poll interval below */`
			`} else if (!isatty(0)) {`
			`fprintf(stderr,`
			`GT_("fetchmail: can't find a password for %s@%s.\n"),`
			`@@ -739,6 +710,8 @@ int main(int argc, char **argv)`
			`ctl->password = xstrdup((char *)fm_getpassword(tmpbuf));`
			`free(tmpbuf);`
			`}`
			`+ } else {`
			`+ ctl->passwordfile = NULL;`
			`}`
			`}`

			`@@ -938,6 +911,65 @@ int main(int argc, char **argv)`

			`dofastuidl = 0; /* this is reset in the driver if required */`

			`+ if (ctl->passwordfile) {`
			`+ int fd = open(ctl->passwordfile, O_RDONLY);`
			`+ char msg[PASSWORDLEN+1];`
			`+ char *newline;`
			`+ int res;`
			`+`
			`+ if (fd == -1) {`
			`+ int saveErrno = errno;`
			`+ report(stderr,`
			`+ GT_("fetchmail: unable to open %s: %s\n"),`
			`+ ctl->passwordfile,`
			`+ strerror(saveErrno));`
			`+ continue;`
			`+ }`
			`+`
			`+ res = read(fd, msg, sizeof(msg)-1);`
			`+ close(fd);`
			`+ if (res == -1) {`
			`+ int saveErrno = errno;`
			`+ report(stderr,`
			`+ GT_("fetchmail: error reading %s: %s\n"),`
			`+ ctl->passwordfile,`
			`+ strerror(saveErrno));`
			`+ continue;`
			`+ }`
			`+ msg[res] = '\0';`
			`+`
			`+ newline = memchr(msg, '\n', res);`
			`+ if (newline != NULL) {`
			`+ *newline = '\0';`
			`+ }`
			`+`
			`+ if (strlen(msg) == 0) {`
			`+ report(stderr,`
			`+ GT_("fetchmail: empty password read from %s\n"),`
			`+ ctl->passwordfile);`
			`+ memset(msg, 0x55, res);`
			`+ continue;`
			`+ }`
			`+`
			`+ if (ctl->password) {`
			`+ memset(ctl->password, 0x55, strlen(ctl->password));`
			`+ xfree(ctl->password);`
			`+ }`
			`+ ctl->password = xstrdup(msg);`
			`+ memset(msg, 0x55, res);`
			`+ }`
			`+`
			`+ if (!ctl->password) {`
			`+ /* This shouldn't be reachable (all cases caught`
			`+ * earlier), but keep it for safety since there`
			`+ * are many cases.`
			`+ */`
			`+ report(stderr,`
			`+ GT_("password is unexpectedly NULL querying %s\n"),`
			`+ ctl->server.pollname);`
			`+ continue;`
			`+ }`
			`+`
			`querystatus = query_host(ctl);`

			`if (NUM_NONZERO(ctl->fastuidl))`
			`Index: fetchmail-6.5.1/fetchmail.man`
			`===================================================================`
			`--- fetchmail-6.5.1.orig/fetchmail.man`
			`+++ fetchmail-6.5.1/fetchmail.man`
			`@@ -1061,12 +1061,9 @@ See USER AUTHENTICATION below for a comp`
			`.br`
			`Specifies a file name from which to read the first line to use as the password.`
			`Useful if something changes the password/token often without regenerating a`
			`-long fetchmailrc file, such as with typical xoauth2 authentication tokens.`
			`+long fetchmailrc file, such as with typical oauth2 authentication tokens.`
			`Protect the file with appropriate permissions to avoid leaking your password.`
			`-Fetchmail might not re-read the file in daemon mode (-d) unless the`
			`-fetchmailrc file also changes, so it might make sense to run it in`
			`-non-daemon mode from some other background process (cron and/or whatever`
			`-updates the password).`
			`+Fetchmail will re-read the file for each poll when in daemon mode.`
			`.TP`
			`.B \-\-passwordfd <integer>`
			`(Keyword: passwordfd)`
			`@@ -1079,7 +1076,7 @@ although it could also be a redirected i`
			`(equivalent to "fetchmail \-\-passwordfd 5 5</path/to/file").`
			`Useful if something wants to manage password ownership more securely`
			`than files, or if the password/token changes often,`
			`-such as with typical xoauth2 authentication tokens. Normal interactive`
			`+such as with typical oauth2 authentication tokens. Normal interactive`
			`mode passwords requires that standard input is a terminal and disables`
			`echo, but passwordfd does not care. Do not do something`
			`like "echo 'password' \| fetchmail ...", since echo's arguments are`