forked from pool/fetchmail
Pedro Monreal Gonzalez
fe4b96277c
- Backported support for OAUTH2 authentication from Fetchmail 7.0. - add imap oauthbearer support - support oauthbearer/xoauth2 with pop3 - add passwordfile and passwordfd options - add contrib/fetchnmail-oauth2.py token acquisition utility - FAQ: list gmail options including oauthbearer and app password - give each ctl it's own copy of password - re-read passwordfile on every poll - add query_to64_outsize() utility function - Chase and integrate interface change. - oauth2.c: calculate and pass in correct buffer size to to64frombits() - Increase max password length to handle oauth tokens - Bump max. passwordlen to 10000 bytes. - Add README.OAUTH2 - Added patches: * fetchmail-add-imap-oauthbearer-support.patch * fetchmail-support-oauthbearer-xoauth2-with-pop3.patch * fetchmail-add-passwordfile-and-passwordfd-options.patch * fetchmail-add-contrib-fetchnmail-oauth2.py-token-acquisition-u.patch * fetchmail-FAQ-list-gmail-options-including-oauthbearer-and-app.patch * fetchmail-give-each-ctl-it-s-own-copy-of-password.patch * fetchmail-re-read-passwordfile-on-every-poll.patch * fetchmail-add-query_to64_outsize-utility-function.patch * fetchmail-chase-and-integrate-interface-change.patch * fetchmail-oauth2-c-calculate-and-pass-in-correct-buffer-size-to-to64frombits.patch * fetchmail-increase-max-password-length-to-handle-oauth-tokens.patch * fetchmail-bump-max-passwordlen-to-1bytes.patch * fetchmail-add-readme-oauth2-issue-27.patch OBS-URL: https://build.opensuse.org/request/show/892934 OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=113
176 lines
5.2 KiB
Diff
176 lines
5.2 KiB
Diff
From: Matthew Ogilvie <mmogilvi+fml@zoho.com>
|
|
Date: Fri, 9 Jun 2017 18:20:40 -0600
|
|
Subject: re-read passwordfile on every poll
|
|
Git-repo: https://gitlab.com/fetchmail/fetchmail.git
|
|
Git-commit: c2b96715bb39b9cfd1c751eae6b0111bed9c8581
|
|
|
|
---
|
|
fetchmail.c | 101 +++++++++++++++++++++++++++++++++-----------------
|
|
fetchmail.man | 9 ++---
|
|
2 files changed, 70 insertions(+), 40 deletions(-)
|
|
|
|
diff --git a/fetchmail.c b/fetchmail.c
|
|
index e2828a4f..eb277c28 100644
|
|
--- a/fetchmail.c
|
|
+++ b/fetchmail.c
|
|
@@ -586,48 +586,19 @@ int main(int argc, char **argv)
|
|
}
|
|
|
|
ctl->password = xstrdup(msg);
|
|
+ ctl->passwordfile = NULL;
|
|
memset(msg, 0x55, mi-msg);
|
|
} else if (ctl->passwordfile) {
|
|
- int fd = open(ctl->passwordfile, O_RDONLY);
|
|
- char msg[PASSWORDLEN+1];
|
|
- char *newline;
|
|
- int res;
|
|
-
|
|
- if (fd == -1) {
|
|
- int saveErrno = errno;
|
|
- fprintf(stderr,
|
|
- GT_("fetchmail: unable to open %s: %s\n"),
|
|
- ctl->passwordfile,
|
|
- strerror(saveErrno));
|
|
- return PS_AUTHFAIL;
|
|
- }
|
|
-
|
|
- res = read(fd, msg, sizeof(msg)-1);
|
|
- if (res == -1 || close(fd) == -1) {
|
|
+ if (access(ctl->passwordfile, R_OK) != 0) {
|
|
int saveErrno = errno;
|
|
fprintf(stderr,
|
|
- GT_("fetchmail: error reading %s: %s\n"),
|
|
+ GT_("fetchmail: unable to access %s: %s\n"),
|
|
ctl->passwordfile,
|
|
strerror(saveErrno));
|
|
return PS_AUTHFAIL;
|
|
}
|
|
- msg[res] = '\0';
|
|
-
|
|
- newline = memchr(msg, '\n', res);
|
|
- if (newline != NULL) {
|
|
- *newline = '\0';
|
|
- }
|
|
-
|
|
- if (strlen(msg) == 0) {
|
|
- fprintf(stderr,
|
|
- GT_("fetchmail: empty password read from %s\n"),
|
|
- ctl->passwordfile);
|
|
- memset(msg, 0x55, res);
|
|
- return PS_AUTHFAIL;
|
|
- }
|
|
-
|
|
- ctl->password = xstrdup(msg);
|
|
- memset(msg, 0x55, res);
|
|
+ ctl->password = xstrdup("dummy");
|
|
+ /* file will be read/re-read on each poll interval below */
|
|
} else if (!isatty(0)) {
|
|
fprintf(stderr,
|
|
GT_("fetchmail: can't find a password for %s@%s.\n"),
|
|
@@ -643,6 +614,8 @@ int main(int argc, char **argv)
|
|
ctl->password = xstrdup((char *)fm_getpassword(tmpbuf));
|
|
free(tmpbuf);
|
|
}
|
|
+ } else {
|
|
+ ctl->passwordfile = NULL;
|
|
}
|
|
}
|
|
|
|
@@ -843,6 +816,65 @@ int main(int argc, char **argv)
|
|
|
|
dofastuidl = 0; /* this is reset in the driver if required */
|
|
|
|
+ if (ctl->passwordfile) {
|
|
+ int fd = open(ctl->passwordfile, O_RDONLY);
|
|
+ char msg[PASSWORDLEN+1];
|
|
+ char *newline;
|
|
+ int res;
|
|
+
|
|
+ if (fd == -1) {
|
|
+ int saveErrno = errno;
|
|
+ report(stderr,
|
|
+ GT_("fetchmail: unable to open %s: %s\n"),
|
|
+ ctl->passwordfile,
|
|
+ strerror(saveErrno));
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ res = read(fd, msg, sizeof(msg)-1);
|
|
+ close(fd);
|
|
+ if (res == -1) {
|
|
+ int saveErrno = errno;
|
|
+ report(stderr,
|
|
+ GT_("fetchmail: error reading %s: %s\n"),
|
|
+ ctl->passwordfile,
|
|
+ strerror(saveErrno));
|
|
+ continue;
|
|
+ }
|
|
+ msg[res] = '\0';
|
|
+
|
|
+ newline = memchr(msg, '\n', res);
|
|
+ if (newline != NULL) {
|
|
+ *newline = '\0';
|
|
+ }
|
|
+
|
|
+ if (strlen(msg) == 0) {
|
|
+ report(stderr,
|
|
+ GT_("fetchmail: empty password read from %s\n"),
|
|
+ ctl->passwordfile);
|
|
+ memset(msg, 0x55, res);
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ if (ctl->password) {
|
|
+ memset(ctl->password, 0x55, strlen(ctl->password));
|
|
+ xfree(ctl->password);
|
|
+ }
|
|
+ ctl->password = xstrdup(msg);
|
|
+ memset(msg, 0x55, res);
|
|
+ }
|
|
+
|
|
+ if (!ctl->password) {
|
|
+ /* This shouldn't be reachable (all cases caught
|
|
+ * earlier), but keep it for safety since there
|
|
+ * are many cases.
|
|
+ */
|
|
+ report(stderr,
|
|
+ GT_("password is unexpectedly NULL querying %s\n"),
|
|
+ ctl->server.pollname);
|
|
+ continue;
|
|
+ }
|
|
+
|
|
querystatus = query_host(ctl);
|
|
|
|
if (NUM_NONZERO(ctl->fastuidl))
|
|
diff --git a/fetchmail.man b/fetchmail.man
|
|
index b6309d40..6b375d89 100644
|
|
--- a/fetchmail.man
|
|
+++ b/fetchmail.man
|
|
@@ -877,12 +877,9 @@ See USER AUTHENTICATION below for a complete description.
|
|
.br
|
|
Specifies a file name from which to read the first line to use as the password.
|
|
Useful if something changes the password/token often without regenerating a
|
|
-long fetchmailrc file, such as with typical xoauth2 authentication tokens.
|
|
+long fetchmailrc file, such as with typical oauth2 authentication tokens.
|
|
Protect the file with appropriate permissions to avoid leaking your password.
|
|
-Fetchmail might not re-read the file in daemon mode (-d) unless the
|
|
-fetchmailrc file also changes, so it might make sense to run it in
|
|
-non-daemon mode from some other background process (cron and/or whatever
|
|
-updates the password).
|
|
+Fetchmail will re-read the file for each poll when in daemon mode.
|
|
.TP
|
|
.B \-\-passwordfd <integer>
|
|
(Keyword: passwordfd)
|
|
@@ -895,7 +892,7 @@ although it could also be a redirected input file
|
|
(equivalent to "fetchmail \-\-passwordfd 5 5</path/to/file").
|
|
Useful if something wants to manage password ownership more securely
|
|
than files, or if the password/token changes often,
|
|
-such as with typical xoauth2 authentication tokens. Normal interactive
|
|
+such as with typical oauth2 authentication tokens. Normal interactive
|
|
mode passwords requires that standard input is a terminal and disables
|
|
echo, but passwordfd does not care. Do not do something
|
|
like "echo 'password' | fetchmail ...", since echo's arguments are
|
|
--
|
|
2.31.1
|
|
|