182 Commits

Author SHA1 Message Date
Rodolfo García Peñas (kix)
721d579a32
Merge pull request #66 from duritong/fix-fingerprint-verification
disable verification of ssl certs via CA if fingerpint is set
2021-05-09 11:28:17 +02:00
mh
871b1175f1 disable verification of ssl certs via CA if fingerpint is set
Up to a4863b2 offlineimap did not include a default CA bundle. And
folks who set cert_fingerprint (because they might connect to a
host using a self-signed cert or an onion service without the onion
address in the SANs) were able to validate their certificates.

Since a4863b2 you always have a `sslcacertfile` configured (since
it always falls back to the os one) and thus the old way didn't
work anymore.

If a use defines a `cert_fingerprint` there is not much use to
validate the cert through the CA chain, since the fingerprint
is the stronges verification you can get. Therefor we can disable
verfication when `cert_fingerprint` is set.

This enables users to fetch emails again from onion services or
hosts using self-signed certifcates, but doesn't question nor
change any other behavior.

Fixes #41
2021-04-29 14:34:06 +02:00
Sudip Mukherjee
3afd3395bd BUG: Exception with debug logs
When ui is set to 'Curses Blinkenlights' and debug logs are enabled,
we get an exception with 'embedded null character'.

Remove the NULL from the log, keeping the log message same as before.

Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
2021-02-20 00:20:36 +00:00
Guido Günther
d19024ef20 imapserver: GSSAPI: make sure reply is all bytes
The current code mixed string and bytes leading to:

ERROR: Exceptions occurred during the run!
ERROR: While attempting to sync account 'honk.sigxcpu.org'
  sequence item 1: expected str instance, int found

Traceback:
  File "/usr/share/offlineimap3/offlineimap/accounts.py", line 298, in syncrunner
    self.__sync()
  File "/usr/share/offlineimap3/offlineimap/accounts.py", line 374, in __sync
    remoterepos.getfolders()
  File "/usr/share/offlineimap3/offlineimap/repository/IMAP.py", line 648, in getfolders
    imapobj = self.imapserver.acquireconnection()
  File "/usr/share/offlineimap3/offlineimap/imapserver.py", line 592, in acquireconnection
    self.__authn_helper(imapobj)
  File "/usr/share/offlineimap3/offlineimap/imapserver.py", line 449, in __authn_helper
    if func(imapobj):
  File "/usr/share/offlineimap3/offlineimap/imapserver.py", line 362, in __authn_gssapi
    imapobj.authenticate('GSSAPI', self.__gsshandler)
  File "/usr/lib/python3/dist-packages/imaplib2.py", line 691, in authenticate
    typ, dat = self._simple_command('AUTHENTICATE', mechanism.upper())
  File "/usr/lib/python3/dist-packages/imaplib2.py", line 1684, in _simple_command
    return self._command_complete(self._command(name, *args), kw)
  File "/usr/lib/python3/dist-packages/imaplib2.py", line 1404, in _command
    literal = literator(data, rqb)
  File "/usr/lib/python3/dist-packages/imaplib2.py", line 2247, in process
    ret = self.mech(self.decode(data))
  File "/usr/share/offlineimap3/offlineimap/imapserver.py", line 318, in __gsshandler
    reply = ''.join(reply)

Closes: #46
Signed-off-by: Guido Günther <agx@sigxcpu.org>
2021-02-03 20:34:48 +01:00
Thomas De Schampheleire
58d34df29f imapserver: fix exception handling in xoauth2handler
In case of an exception in XOAUTH2 code refresh (HTTP Error 400: Bad
Request), following exception occurs:

ERROR: While attempting to sync account 'xxx'
  __init__() missing 3 required positional arguments: 'msg', 'hdrs', and 'fp'

Traceback:
  File ".../offlineimap3/offlineimap/accounts.py", line 298, in syncrunner
    self.__sync()
  File ".../offlineimap3/offlineimap/accounts.py", line 374, in __sync
    remoterepos.getfolders()
  File ".../offlineimap3/offlineimap/repository/IMAP.py", line 648, in getfolders
    imapobj = self.imapserver.acquireconnection()
  File ".../offlineimap3/offlineimap/imapserver.py", line 591, in acquireconnection
    self.__authn_helper(imapobj)
  File ".../offlineimap3/offlineimap/imapserver.py", line 448, in __authn_helper
    if func(imapobj):
  File ".../offlineimap3/offlineimap/imapserver.py", line 382, in __authn_xoauth2
    imapobj.authenticate('XOAUTH2', self.__xoauth2handler)
  File ".../offlineimap3/venv/lib/python3.7/site-packages/imaplib2.py", line 682, in authenticate
    typ, dat = self._simple_command('AUTHENTICATE', mechanism.upper())
  File ".../offlineimap3/venv/lib/python3.7/site-packages/imaplib2.py", line 1675, in _simple_command
    return self._command_complete(self._command(name, *args), kw)
  File ".../offlineimap3/venv/lib/python3.7/site-packages/imaplib2.py", line 1395, in _command
    literal = literator(data, rqb)
  File ".../offlineimap3/venv/lib/python3.7/site-packages/imaplib2.py", line 2238, in process
    ret = self.mech(self.decode(data))
  File ".../offlineimap3/offlineimap/imapserver.py", line 257, in __xoauth2handler
    raise type(e)(msg, exc_info()[2])

The exception 'e' is of type HTTPError, which does not have the same kind of
constructor as normal Python exceptions.

Instead, print the constructed message and just raise the existing
exception.

With that change, the same condition triggers another problem further on:

ERROR: While attempting to sync account 'xxx'
  tuple index out of range

Traceback:
  File ".../offlineimap3/offlineimap/accounts.py", line 298, in syncrunner
    self.__sync()
  File ".../offlineimap3/offlineimap/accounts.py", line 374, in __sync
    remoterepos.getfolders()
  File ".../offlineimap3/offlineimap/repository/IMAP.py", line 648, in getfolders
    imapobj = self.imapserver.acquireconnection()
  File ".../offlineimap3/offlineimap/imapserver.py", line 664, in acquireconnection
    elif isinstance(e, socket.error) and e.args[0] == errno.ECONNREFUSED:

because e.args is empty.
2021-01-04 10:26:01 +01:00
Rodolfo García Peñas (kix)
ca0a2651a3 Added Debug for imaplib2
When I ported offlineimap from Python 2 to Python 3 I removed the Debug for
IMAP (imaplib2).
The reason was offlineimap was setting the Debug directly in imaplib2,
not using the proper way (using the IMAP4 argument). Because we are
removing the virtual_imaplib2, I removed this option.

I removed this line in offlineimap/init.py:303:

---8<---
 300        dtype = dtype.strip()
 301        self.ui.add_debug(dtype)
 302        if dtype.lower() == u'imap':
-303          imaplib.Debug = 5
 304
 305     if options.runonce:
 306         # Must kill the possible default option.
---8<---

With this patch, the debug level 5 is restored in imaplib if the user
set the -d ALL or -d imap in offlineimap.
2020-11-08 21:30:22 +01:00
Rodolfo García Peñas (kix)
c130e84a84 BUG: Support for server capabilities
Server capabilities are returned as list of bytes. We need convert them
to list of strings.

This patch do it. Probably you must recreate your cache after this patch.
2020-11-07 15:52:06 +01:00
Rodolfo García Peñas (kix)
cbbeebbf44 imapserver.py removed extra parenthesis
We can remove this parenthesis.
2020-10-31 15:39:28 +01:00
Rodolfo García Peñas (kix)
352133dcc0 call to setDaemon uses Bool argument
The argument 1 should be True in these files.
2020-10-31 15:35:54 +01:00
Rodolfo García Peñas (kix)
78aeed20a9 imapserver call to OfflineImapError with right arguments
Call to OfflineImapError has the arguments:

- message
- severity
- error code

The None argument ir wrong here, we can remove it and then we have three arguments not four.
2020-10-31 15:29:24 +01:00
Rodolfo García Peñas (kix)
26efc62ba7 imapserver import style
This patch removes the unused import socket line. (warning)

Split the line with multiple imports in different lines. (warning)
2020-10-31 15:24:40 +01:00
Rodolfo García Peñas (kix)
a60ca038ce Updated cram-md5 authentication
This patch updates the cram-md5 auth. We include two steps:

- Convert the password variable from string to bytes. This change is
  because in Python2 strings and bytes are the same, but not in Python3
- Updates the call to hmac.new, now the digestmod argument is mandatory.
  I used hashlib.md5, because we need md5 hash.

Closes #19

    Signed-off-by: Rodolfo García Peñas (kix) <kix@kix.es>
2020-10-31 00:09:38 +01:00
Thomas De Schampheleire
78807b55b4 imapserver.py: fix __xoauth2handler in Python 3
Error when using the XOAUTH2 token refresh logic:

  ("POST data should be bytes, an iterable of bytes, or a file object. It cannot be of type str. (configuration is: {....}", <traceback object at 0x7fc6e69f2b40>)
     ['  File ".../offlineimap3/offlineimap/accounts.py", line 298, in syncrunner
        self.__sync()
    ', '  File ".../offlineimap3/offlineimap/accounts.py", line 374, in __sync
        remoterepos.getfolders()
    ', '  File ".../offlineimap3/offlineimap/repository/IMAP.py", line 446, in getfolders
        imapobj = self.imapserver.acquireconnection()
    ', '  File ".../offlineimap3/offlineimap/imapserver.py", line 579, in acquireconnection
        self.__authn_helper(imapobj)
    ', '  File ".../offlineimap3/offlineimap/imapserver.py", line 443, in __authn_helper
        if func(imapobj):
    ', '  File ".../offlineimap3/offlineimap/imapserver.py", line 377, in __authn_xoauth2
        imapobj.authenticate(\'XOAUTH2\', self.__xoauth2handler)
    ', '  File ".../offlineimap3/venv/lib/python3.7/site-packages/imaplib2.py", line 681, in authenticate
        typ, dat = self._simple_command(\'AUTHENTICATE\', mechanism.upper())
    ', '  File ".../offlineimap3/venv/lib/python3.7/site-packages/imaplib2.py", line 1674, in _simple_command
        return self._command_complete(self._command(name, *args), kw)
    ', '  File ".../offlineimap3/venv/lib/python3.7/site-packages/imaplib2.py", line 1394, in _command
        literal = literator(data, rqb)
    ', '  File ".../offlineimap3/venv/lib/python3.7/site-packages/imaplib2.py", line 2237, in process
        ret = self.mech(self.decode(data))
    ', '  File ".../offlineimap3/offlineimap/imapserver.py", line 253, in __xoauth2handler
        raise type(e)(msg, exc_info()[2])
    ']

Fix by encoding the data passed to urllib.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
2020-09-29 10:04:07 +02:00
Rodolfo García Peñas (kix)
4e1558adc3 six: changed offlineimap/imapserver.py
This patch removes the library six, compatible with python2.

I need change these re-raise calls.

Signed-off-by: Rodolfo García Peñas (kix) <kix@kix.es>
2020-09-03 21:36:03 +02:00
Rodolfo García Peñas (kix)
7947aea7a9 imapserver call LIST using empty quotes
The LIST command needs empty quotes, like

LIST ""

This is the right argument.
2020-09-01 18:21:27 +02:00
Rodolfo García Peñas (kix)
54fbfc67b4 imapserver.py updated docstring
Added argument.
2020-08-30 18:37:09 +02:00
Rodolfo García Peñas (kix)
b118b80897 imapserver.py Removed unused variables
These variables are not used.
2020-08-30 18:35:01 +02:00
Rodolfo García Peñas (kix)
b860e93072 imapserver.py removed unreacheable code
This code is not reacheable.
2020-08-30 18:32:42 +02:00
Rodolfo García Peñas (kix)
26668d29b0 imapserver.py removed extra characters
these characters could be removed.
2020-08-30 18:31:30 +02:00
Rodolfo García Peñas (kix)
1a529b6b0e offlineimap/ files singleton-comparison
This patch change these errors in the offlineimap folder

C0121: Comparison to None should be 'expr is None' (singleton-comparison)
C0121: Comparison to None should be 'expr is not None' (singleton-comparison)
2020-08-30 11:27:03 +02:00
Rodolfo García Peñas (kix)
e77440552c Do not make object inheritance
This patch removes these lintian warnings:

Warning R0205: Class 'X' inherits from object,
can be safely removed from bases in python3 (useless-object-inheritance)
2020-08-29 21:44:18 +02:00
Rodolfo García Peñas (kix)
b6a686e56f Reformat offlineimap/imapserver.py
Add some spaces, remove lines,... now format is better (lintian).
2020-08-29 20:19:23 +02:00
Rodolfo García Peñas (kix)
22dfbd7a54 Split the IMAP folders
This patch modifies two files. First, we need split using '', not '""'.
Else we don't split anything.

OTOH, we need convert the bytes to string, then we can parse the folder
names.
2020-08-28 16:35:00 +02:00
Rodolfo García Peñas (kix)
6378c722b0 Do not use binary in the plain auth
Changed from binary to string in plain auth.
2020-08-28 13:06:31 +02:00
Rodolfo García Peñas (kix)
75ce6e71f3 Comparison error 2020-08-28 03:33:49 +02:00
Rodolfo García Peñas (kix)
6ec6111896 2to3 main 2020-08-28 03:32:43 +02:00
Robbie Harwood
096aa07650 Handle empty token with complete GSSAPI context
This fixes a potential traceback when we try to unwrap(None).

Tested-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2018-12-14 21:28:30 +01:00
Frode Aannevik
8692799e65 Fix expired oauth2_access_token
Use `expires_in` from the oauth2 response
to reset the oauth2_access_token before
it expires

divides the `expires_in` by 2 to ensure
the access_token is cleared before it
expires

ref: https://github.com/OfflineIMAP/offlineimap/issues/536

Signed-off-by: Frode Aannevik <frode.aa@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2018-11-18 21:07:54 +01:00
Benedikt Heine
ce9a1981c1 Chain tls_level and ssl_version only if ssl is enabled
If the tls_level is set to a cipherset other than tls_compat, the
ssl cipherset has to get specified extra, if ssl is used.

But if the user explicitly disabled SSL, and set tls_level to anything
else than tls_compat required the user to explicitly set ssl_version,
which is contradicting.

Signed-off-by: Benedikt Heine <bebe@bebehei.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2018-07-02 18:44:08 +02:00
Benedikt Heine
d3ba837900 Fix typo in exception message
Signed-off-by: Benedikt Heine <bebe@bebehei.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2018-07-02 18:44:08 +02:00
Carnë Draug
c9005cd4ff Check if username is provided before trying plain authentication.
If the username value is not provided on the configuration file, then
username if of NoneType and NULL.join will bomb since Nones can't be
joined with strings.  So check if username is empty and raise an
exception if so.

Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/558
Signed-off-by: David Miguel Susano Pinto <carandraug+dev@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2018-06-16 15:17:35 +02:00
Carnë Draug
5f9474e10d Print username instead of accountname when asking for password
When asking for a password interactively, the username is never
displayed which may hide problems (typos on the configuration, or
issues on offlineimap parsing of the config file).  The hostname,
port, and account name are already displayed when establishing the
connection.  When asking for password, the account name is displayed
again.  Change it to display the username.

Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/558
Signed-off-by: David Miguel Susano Pinto <carandraug+dev@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2018-06-16 15:17:35 +02:00
Nicolas Sebrecht
b5ffa1c163 imapserver: fix copyright line
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2018-06-07 18:39:08 +02:00
Robbie Harwood
17cfb63db6 Pass username through in GSSAPI connections
Fix bug in GSSAPI auth where the username was not being negotiated.

Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/541
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Tested-by: Frank Lenormand <lenormf@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2018-06-07 18:36:58 +02:00
Robbie Harwood
88724949fa Port to python-gssapi from pykerberos
python-gssapi has a visible, active upstream and a more pleasant
interface.  python-gssapi is present in most distributions, while
pykerberos is slated for removal from Fedora/RHEL/CentOS.

Github-ref: https://github.com/OfflineIMAP/offlineimap/pull/529
Tested-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2018-03-02 16:24:36 +01:00
Thomas Merkel
ee17e3dc3c Fix: if any tunnel (preauth_tunnel or transport_tunnel) the hostname should not be required
It's required to modify my change 1ce596d7135e58186f14b7b193aa2100e5f296fa
because a hostname shouldn't be needed if any tunnel is used. Both tunnels
provide a regular IMAP interface which is used by offlineimap.

Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/503
Reported-by: Ilias Tsitsimpis <i.tsitsimpis@gmail.com>
Signed-off-by: Thomas Merkel <tm@core.io>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2017-10-27 20:03:17 +02:00
Urs Liska
36d726763d utf8: implement utf8foldernames option
If utf8foldernames is enabled on account level all folder names read
from the IMAP server will immediately be reencoded to UTF-8. Names
will be treated as UTF-8 as long as the IMAP server isn't contacted again,
for which they are reencoded to IMAP4-UTF-7.

This means that any further processing such as nametrans, folderfilter
etc. will act upon the UTF-8 names, which will have to be documented
carefully.

NOTE 1:
GMail repositories and folders inherit from the IMAP... classes, so I don't
know yet if these changes have ugly side-effects. But web research suggests
that GMail IMAP folders are equally encoded in UTF-7 so that should work
identically here and incorporate the same improvements.

NOTE 2:
I could not test the behaviour with idlefolders as I didn't get this option
to work at all, not even with the latest stable version.

NOTE 3:
I *did* test to sync an IMAP repository against another IMAP repository.

Signed-off-by: Urs Liska <git@ursliska.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2017-10-02 21:09:43 +02:00
Thomas Merkel
1ce596d713 remotehost should not be required if transporttunnel is used
If the config option `transporttunnel` is used the option `remotehost` is not
needed, because the tunnel provide the IMAP connection.

Signed-off-by: Thomas Merkel <tm@core.io>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2017-09-21 18:50:57 +02:00
Nicolas Sebrecht
212ed87509 imapserver: fix syntax error
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2017-06-30 16:42:47 +02:00
Nicolas Sebrecht
90244b7fa6 provide more details in error message when SSL fails on non-standard port
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2017-06-30 05:10:14 +02:00
Nicolas Sebrecht
8c04684f3b imapserver: provide some SSL info while in imap debug mode
Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/457
Tested-by: Maximilian Kaul <https://github.com/maximiliankaul>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2017-04-30 12:15:08 +02:00
Nicolas Sebrecht
39b657194a XOAUTH2: don't try this authentication method when not configured
Checking if we have to run this authentication method once it's already passed
to imaplib2 is too late. Make the checks at correct time, before we try the
authentication method. IOW, before we call

  imapobj.authenticate('XOAUTH2', self.__xoauth2handler)

Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/442
Tested-by: Klemens Schölhorn <klemens@schoelhorn.eu>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2017-04-27 21:17:25 +02:00
lkcl
dda27e0962 learn authproxy configuration option
Allow to use a another proxy for authentication than for IMAP.

Signed-off-by: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-12-19 12:20:19 +01:00
Nicolas Sebrecht
04ae3c8dad folder: IMAP: display error message before starting next try
Fetching messages is tried more than once. Display the error message at correct
time.

Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-11-22 00:58:14 +01:00
Nicolas Sebrecht
0fe4562269 manual: add known issues entry about XOAUTH2 "invalid_grant"
- Split the manual asciidoc source file.
- Improve the Makefile to build the manuals.

Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/374
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-11-05 19:20:39 +01:00
Nicolas Sebrecht
c0f4fa44eb imapserver: minor code cleaning: reorder methods
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-09-23 16:27:22 +02:00
Nicolas Sebrecht
3d3e66fbb2 ensure logs are in bytes for PLAIN authentication
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-09-21 03:54:41 +02:00
Nicolas Sebrecht
dbcfc0b173 idle: protect all calls to imapobj.noop() (coonection might be dropped)
Some code refactoring.

Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-09-13 04:41:31 +02:00
Nicolas Sebrecht
38c6785636 XOAUTH2: raise error if string 'error' is in the response
Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/374
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-08-23 01:19:30 +02:00
Nicolas Sebrecht
71d86b6d47 XOAUTH2: improve error message while trying to get access token
Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/338
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-08-21 20:30:19 +02:00