Commit Graph

105 Commits

Author SHA1 Message Date
Eygene Ryabinkin
1746676af8 Make IDLE mode to work again
Refactoring in commit 6cbd2498 touched wrong class's "idle" call.

Found-by: Tomasz Żok <tomasz.zok@gmail.com>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-05-23 13:19:11 +04:00
Abdo Roig-Maranges
8c43e52173 Fix multiple typos in var, function and exception names
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-05-07 18:29:47 +04:00
Abdo Roig-Maranges
96c9cca83a Class IMAPServer: idle() is private now
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-05-07 18:29:47 +04:00
Eygene Ryabinkin
d96af192ed Move space to the end of string
... to be aligned with the rest of the code.

Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-05-07 00:07:56 +04:00
Ben Boeckel
7c271d5131 Imapserver: add missing space to the log message
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-05-07 00:04:44 +04:00
Abdó Roig-Maranges
0903428fda Enable compressed connections to the IMAP server
Added the configuration setting usecompression for the IMAP repositories.
When enabled, the data from and to the IMAP server is compressed.

Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-05-02 19:30:49 +04:00
Eygene Ryabinkin
6cbd2498ae Refactoring: make functions to be private if we can
Make external API of class/module to be smaller, explicitely mark
all internal functions.  Also annotate methods that are implemented
as the part of the parent class interface.

Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-04-30 19:35:56 +04:00
Andreas Mack
e26827c1cb Make authentication mechanisms configurable
Added configuration option "auth_mechanisms" to the config file:
it is a list of mechanisms that will be tried in the specified order.

Author: Andreas Mack <andreas.mack@konsec.com>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-08-08 22:34:30 +04:00
Steve Purcell
968d5520da Allow transport-type tunnels to the IMAP servers
It's nice to set up an ssh tunnel command which forwards an IMAP tcp
port inside an encrypted session, e.g. with ssh's "-W" flag.  In this
case the tunnelled connection still requires authentication inside
IMAP session, because this is transport-only tunnel that substitutes
normal TCP/SSL connection.

New directive, 'transporttunnel' was added: it specifies the command
that will create the tunnel.  Only one type of tunnel must be
specified for a single repository: we can't have both preauthenticated
and transport-type tunnels, they won't chain together.

From: Steve Purcell <steve@sanityinc.com>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-08-06 12:18:21 +04:00
Andreas Mack
acaa96291d Add SASL PLAIN authentication method
- this method isn't as deprecated as IMAP LOGIN;

 - it allows to keep hashed passwords on the server side;

 - it has the ability to specify that the remote identity
   is different from authenticating username, so it even
   can be useful in some cases (e.g., migrated mailboxes);
   configuration variable "remote_identity" was introduced
   to leverage this functionality.

From: Andreas Mack <andreas.mack@konsec.com>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-08-06 01:51:41 +04:00
Eygene Ryabinkin
7d313f49dc Refactored authentication handling
- created helper routine that will do authentication;

 - routine tries each method in turn, first successful
   one terminates it: makes things easier to read
   and handle;

 - renamed plainauth() inside offlineimap/imapserver.py
   to loginauth(): the function does IMAP LOGIN authentication
   and there is PLAIN SASL method, so previous name was
   a bit misleading;

 - slightly improved error reporting: all exceptions during
   authentication will be reported at the end of the run;

 - now loginauth() is never called if LOGINDISABLED is advertized
   by the server; it used to be invoked unconditionally when
   CRAM-MD5 fails, but we should respect server's opinion on
   how to handle its users.

Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-08-06 01:10:10 +04:00
mxgr7
0d992ee7d3 Execute pre/post hooks for IDLE-toggled syncs
Make IDLE syncs be equal to the regular synchronisations
in respect to pre-sync and post-sync hooks.

From: mxgr7 <maxgerer@gmail.com>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-08-02 13:53:21 +04:00
Eygene Ryabinkin
67d68c2fc8 IMAP: simplify locking and fix potential lock loss
Run the locked code under 'with': this guarantees that lock
will be released in any case.

This modification also avoids the case when our thread wasn't running
locked when exception was caught, another thread got the lock, our
code checked it via self.connectionlock.locked() and errorneously
released the lock thinking that is was running locked.

Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-07-22 00:08:39 +04:00
Eygene Ryabinkin
41cb0f577f Prune trailing whitespaces from code and documentation
They are redundant in all pruned cases and sometimes even create some
problems, e.g., when one tries to jump through paragraphs in vi.

Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-07-21 23:00:23 +04:00
Ryan Kavanagh
2bacdb7fa3 Allow setting IMAP servers' SSL version
We now allow setting the SSL version used when connecting to IMAPS servers, and
do so via the `ssl_version` configuration option. We default to the current
practice (letting python's "ssl" library automatically detect the correct
version). There are however rare cases where one must specify the version to
use.

Signed-off-by: Ryan Kavanagh <rak@debian.org>
2013-07-08 10:57:58 -04:00
Sebastian Spaeth
03566b2037 Replace thread.get_ident()
Replace low-level thread.get_ident() with threading.currentThread().ident.
This works both in python2.6 and python3. (thread is renamed _thread and its
direct use is not recommended)

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2012-02-06 17:41:43 +01:00
Sebastian Spaeth
81fc20c7ca Remove python<2.6 import workarounds (set & ssl)
'set' is builtin since python2.6, so remove the imports. Also 'ssl' exists
since 2.6 and has everything we need, so no need for conditional import
tests here anymore.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2012-02-06 17:41:42 +01:00
Sebastian Spaeth
0844d27f9f except Ex, e: --> except Ex as e:
Nudge us towards python3 compatability by converting deprecated python2 syntax.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2012-02-06 17:41:42 +01:00
Sebastian Spaeth
17f60f7233 Remove from __future__ import with_statements
These were needed for python <2.6 compatability, but since we depend on
python 2.6 now, these can go.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2012-01-06 23:13:55 +01:00
Sebastian Spaeth
bf4127c2d6 Remove unused imapserver getdelim()
imapserver.getdelim() was not used at all, so remove this function. The
folder delimiter is available via the repository.getsep() call.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-12-01 10:12:54 +01:00
Sebastian Spaeth
ab184d84e2 Reduce parameter list to account.syncfolder call
The remote|local|statusrepo is an anttribute of each SyncableAccount()
anyway, so we don't need to pass it in, we can simply get it from the
Account().

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-11-03 13:29:43 +01:00
Sebastian Spaeth
8dbf62cfdb Add a TODO comment
This function can IMHO lead to possible deadlocks when waiting for the
connectionlock. Do add a comment to that regard, this will need to audit.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-11-02 11:56:04 +01:00
Sebastian Spaeth
ccfa747ce6 Use lock with 'with' statement
To make sure, the lock gets released even if we raise an exception between
acquire() and release()

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-11-02 11:30:16 +01:00
Sebastian Spaeth
006f19aba9 Make releaseconnection a NOOP when conn is None
During cleanup we often call releaseconnection in a finally: block. But
in cases of error, we might have dropped the connection earlier already
and set it to "None". In this case don't fail releaseconnection() but
make it a NOOP.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-11-02 10:36:30 +01:00
Sebastian Spaeth
f6f8fc8528 Simplify the keepalive code a bit
Should not change behavior.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-10-27 16:56:18 +02:00
Sebastian Spaeth
76b0d7cf25 imapserver: Make noop() more resitent against dropped connections.
Drop a connection, if the NOOP to keep a connection open fails due to
broken connections.

Note that I believe this function is not working as intended. We grab
one random connection and send a NOOP. This is not enough to keep all
connections open, and if we invoke this function multiple times, we
might well always get the same connection to send a NOOP through.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-10-05 18:18:55 +02:00
Sebastian Spaeth
4bfc1e8227 except imapobj.abort() -> except imapobj.abort
When checking for the IMAP4.abort() exception, we need of course to
perform:

except imapobj.abort:

and not

except imapobj.abort():

Thanks to Johannes Stezenbach <js@sig21.net> for pointing to the glitch.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-09-27 14:08:20 +02:00
Sebastian Spaeth
347e1eaa32 update CAPABILITIES after login
Some Webservers (I am looking at you Gmail) send different capabilities
before and after login, so they can tailor their server capabilities to
the user. While legal, this is uncommon and we were not updating our
server capabilities. Doing so allows us to detect that Gmail actually
supports the UIDPLUS extension, and we will stop mangling headers when
uploading to Gmail. This could lead to some performance gains when we
upload many messages to Gmail.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-09-21 02:32:45 +02:00
Sebastian Spaeth
eeef8f4bab Don't ask for hostname if using a tunnel
In tunnel mode, we don't need to ask for a hostname because there is no
need for one. Fix this.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-09-19 15:07:34 +02:00
Sebastian Spaeth
1ac9dc7fb4 Implement RFC 2595 LOGINDISABLED
Warn the user and abort when we attempt a plaintext login, but the
server has explicitly disabled plaintext logins.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-09-19 09:55:27 +02:00
Sebastian Spaeth
82e47896cf Don't ask for username in the preauthtunnel case
repos.getuesr() asks for a username if none is specified, but in the
case of a tunnel connection, we don't need one, so we need to skip the
repos.getuser() call here.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-09-19 08:31:14 +02:00
Nicolas Sebrecht
78a67ac73c Merge branch 'ss/cleanup-idle' into next 2011-09-12 20:02:26 +02:00
Sebastian Spaeth
ce8471a011 IMAP IDLE cleanup(5): Really discard connections when they are dropped
Finally, actually discard dropped connections when we detect them as an
imapobj.abort() has been thrown. In this case, invoke releaseconnection
with drop_conn=True.

We don't need the self.aborted attribute to get signified of dropped
connections. An Execption during the noop will do.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-09-12 19:55:14 +02:00
Sebastian Spaeth
59753fc06f IMAP IDLE cleanup(4): Simplify code
while True: if a: return

is equivalent to

   while not a:

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-09-12 19:55:14 +02:00
Sebastian Spaeth
6ad0de08ef IMAP IDLE cleanup(3): Rename self.event to self.stop_sig
Variable name 'event' is as bad as it gets. Rename it to something that
actually describes what it is about.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-09-12 19:55:14 +02:00
Sebastian Spaeth
0bebd65ba0 IMAP IDLE cleanup(2): Add code documentation
Add code documentation throughout the idle() function.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-09-12 19:55:14 +02:00
Sebastian Spaeth
f369961a87 IMAP IDLE cleanup(1): Move idle callback out of loop
Don't redefine the idle callback function on every run in the while
loop, define it once when we enter the function.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-09-12 19:55:13 +02:00
Sebastian Spaeth
8800fa37a3 Implement Server SSL fingerprint check
If we connect to a SSL server (not STARTTLS) and no CA cert has been
specified for verification, we check the configured SSL fingerprint and
bail out in case it has not been set yet, or it does not match.

This means one more mandatory option for SSL configuration, but it
improves security a lot.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-09-12 19:45:15 +02:00
Sebastian Spaeth
9c678c9d6b Allow Imapserver.releaseconnection() to drop a connection
If a connection is broken, we want to have it really dropped and not be
reused. So far, we are checking the .Terminate attribute for this, but
according to the imaplib2 author, it is only set on normal shutdown and
it is an undocumented attribute whose meaning could change any time.

This patch introduces the parameter drop_conn which allows to tell
releaseconnection() that we really want to connection being dropped from
the pool of available connections and properly destroy it.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-09-06 19:51:49 +02:00
Sebastian Spaeth
f1555ec893 Catch terminated connections on the IDLE SELECT operation
Handle the case gracefully where a server has closed an IMAP connection
that we want to use for IDLEing. Simply have it dropped and get a new one
in this case. THis should get rid of the errors reported by John Wiegley
in mail id:"m2sjohd16t.fsf@gmail.com".

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-09-06 19:00:21 +02:00
Sebastian Spaeth
2b9b6be6be Fix standard port for SSL/TLS
443 is of course the https and not the IMAPS standard port. Fix.

Thanks to Daniel Shahaf <d.s@daniel.shahaf.name> for the heads up.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-08-23 20:57:38 +02:00
Sebastian Spaeth
8d858a0b78 Disable certificate verification if there is no certificate
imaplib2 always attempts to verify a certificate if a verification
callback function is passed in, even the certificate is None
specified. Disable the verification excplictly by setting the
verification function to None in that case.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-08-16 22:22:47 +02:00
Nicolas Sebrecht
82bf23ee57 Merge branch 'ss/import-errno' into next
Conflicts:
	offlineimap/imapserver.py
2011-08-15 14:46:52 +02:00
Sebastian Spaeth
4a0d17b566 Import errno
we need errno.CONNREFUSED, but through some merging mishaps(?) the part
that actually imported errno was missing. Import the errno module.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-08-15 13:58:44 +02:00
Sebastian Spaeth
3a91e296f0 Adapt the code to work with the new imaplib2
imaplib renamed self.sslobj to self.sock and our overriden open()
functions were failing for that reason when updating imaplib2 to
v2.28. It turns out that all of our custom initializations are being
done by stock imaplib2 now anyway, so there is no need to override them
anymore. This lets us simplify the code we have to worry about.

Move the verifycert() function to the imapserver.py file, it is now a
callback function that is being handed to imaplib from there, so it
makes sense to also define it in our imapserver function...
(this also lets us easily make use of the verifycert function in the
starttls case in the future)

TODO: we need to examine if and why we still need to override the
select() function, it is the only reason why we still wrap the IMAP4
classes.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-08-15 12:21:38 +02:00
Sebastian Spaeth
3c89a72be9 remove unused 'mustquote' regex
We set an imapobj.mustquote which apparently was used in previous
incarnations of imaplib or imaplib2, however, nothing in our codebase
makes use of that. So let us remove it.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-08-14 17:15:38 +02:00
Sebastian Spaeth
131298c2b1 Remove superfluous class ConfigedIMAPServer
Remove a level of wrapper abstraction that is not needed. Just use
IMAPserver and be done with it.

We do this by passing in the IMAPRepository() instance rather than a
long list of single paramters to the IMAPServer instanciation. This way
we can retrieve all repository parameters ourselves, rather than passing
a dozen paramters into IMAPServer. Also, this enables us to pass the
repository() object into our WrappedIMAP4() instance, so that it can
query, e.g. the SSL fingerprint configuration.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-08-12 18:18:26 +02:00
Arnaud Fontaine
09ba269576 Add missing import of SSLError exception.
In commit 89cbdc9, usage of SSLError was dropped but later reintroduced
without importing SSLError exception.

Signed-off-by: Arnaud Fontaine <arnau@debian.org>
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-07-07 18:31:38 +02:00
Sebastian Spaeth
928c363044 imapserver.py: Make severity var available where it is needed
We we using the variable 'severity' in a few places to throw
OfflineImapErrorrs of severity REPO. Somehow, that variable is now not
accessible in all places that refer to it, so we move where it is
defined to before all the 'if' checks which might make use of it.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-06-27 18:43:45 +02:00
Sebastian Spaeth
6311716edb imapserver.py: Implement STARTTLS
If we do not use a SSL connection anyway and if the server supports it,
authenticate automatically with STARTTLS.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-06-25 17:09:52 +02:00