72 Commits

Author SHA1 Message Date
Eygene Ryabinkin
f69613965f Make OS-default CA certificate file to be requested explicitely
This simplifies logics for the user, especially if he uses both
fingerprint and certificate validation: it is hard to maintain
the compatibility with the prior behaviour and to avoid getting
default CA bundle to be disabled when fingerprint verification
is requested.

See
  http://thread.gmane.org/gmane.mail.imap.offlineimap.general/6695
for discussion about this change.

Default CA bundle is requested via 'sslcertfile = OS-DEFAULT'.

I had also enforced all cases where explicitely-requested CA bundles
are non-existent to be hard errors: when users asks us to use CA
bundle (and, thus, certificate validation), but we can't find one,
we must error out rather than happily continue and downgrade to
no validation.

Reported-By: Edd Barrett <edd@theunixzoo.co.uk>
Reviewed-By: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2015-01-18 22:05:49 +03:00
Nicolas Sebrecht
41fa3ae4fc more style consistency
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2015-01-13 18:16:25 +01:00
Nicolas Sebrecht
a44718130d minor: add comments
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2015-01-12 17:17:42 +01:00
Nicolas Sebrecht
c2b8a99fa2 repository: IMAP.py: do not redefine string
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2015-01-12 17:17:42 +01:00
Eygene Ryabinkin
e7fabf9e57 Properly re-raise exception to save original tracebacks
We usually mutate some exceptions to OfflineImapError() and it is
a whole lot better if such exception will show up with the original
traceback, so all valid occurrences of such mutations were transformed
to the 3-tuple form of "raise".  Had also added coding guidelines
document where this re-raise strategy is documented.

Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2015-01-12 17:51:21 +03:00
Nicolas Sebrecht
61021260cb more consistent style
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2015-01-07 21:31:43 +01:00
Eygene Ryabinkin
e51ed80ecc Enable tilde and environment variable expansion on some items
Expand environment variables in the following configuration items:
- general.pythonfile;
- general.metadata;
- mbnames.filename;
- Repository.localfolders.
- Repository.sslcacertfile.

Make tilde and environment variable expansion in the following
configuration items:
- Repository.sslclientcert;
- Repository.sslclientkey.

GitHub pull request: https://github.com/OfflineIMAP/offlineimap/pull/113
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-11-12 09:40:12 +03:00
Eygene Ryabinkin
8f3c22e227 Introduce CustomConfig method that applies set of transforms
It is a bit cleaner than making chains of calls like
{{{
value = os.path.expanduser(value)
value = os.path.abspath(value)
}}}
since we do see all transformations to be applied in a single
iterable and have no repeated code like in the above example.

Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-11-02 11:53:05 +03:00
Eygene Ryabinkin
818486283e Add support for OS-specific CA bundle locations
GitHub pull: #19
Suggested-by: Michael Vogt <mvo@ubuntu.com>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-09-22 09:52:57 +04:00
Eygene Ryabinkin
d2ec2a4e9e Extend handling of cert_fingerprint
Add ability to specify multiple fingerprints.

Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-05-11 22:45:34 +04:00
Eygene Ryabinkin
8b6f10e2e7 Pass folder names for the foldersort function
Bring the description in the template offlineimap.conf in sync to the
actual implementation: pass folder names to the sorting function, not
the offlineimap.folder.IMAP.IMAPFolder objects themselves.

GitHub issue: https://github.com/OfflineIMAP/offlineimap/issues/27
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-08-27 16:27:36 +04:00
Andreas Mack
e26827c1cb Make authentication mechanisms configurable
Added configuration option "auth_mechanisms" to the config file:
it is a list of mechanisms that will be tried in the specified order.

Author: Andreas Mack <andreas.mack@konsec.com>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-08-08 22:34:30 +04:00
Steve Purcell
968d5520da Allow transport-type tunnels to the IMAP servers
It's nice to set up an ssh tunnel command which forwards an IMAP tcp
port inside an encrypted session, e.g. with ssh's "-W" flag.  In this
case the tunnelled connection still requires authentication inside
IMAP session, because this is transport-only tunnel that substitutes
normal TCP/SSL connection.

New directive, 'transporttunnel' was added: it specifies the command
that will create the tunnel.  Only one type of tunnel must be
specified for a single repository: we can't have both preauthenticated
and transport-type tunnels, they won't chain together.

From: Steve Purcell <steve@sanityinc.com>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-08-06 12:18:21 +04:00
Andreas Mack
acaa96291d Add SASL PLAIN authentication method
- this method isn't as deprecated as IMAP LOGIN;

 - it allows to keep hashed passwords on the server side;

 - it has the ability to specify that the remote identity
   is different from authenticating username, so it even
   can be useful in some cases (e.g., migrated mailboxes);
   configuration variable "remote_identity" was introduced
   to leverage this functionality.

From: Andreas Mack <andreas.mack@konsec.com>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-08-06 01:51:41 +04:00
Eygene Ryabinkin
41cb0f577f Prune trailing whitespaces from code and documentation
They are redundant in all pruned cases and sometimes even create some
problems, e.g., when one tries to jump through paragraphs in vi.

Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-07-21 23:00:23 +04:00
Dmitrijs Ledkovs
e8c40a9285 Merge branch 'master' into next 2013-07-10 02:49:52 +01:00
Dmitrijs Ledkovs
7a21cab6c5 Correct whitespace & add docs about remoteporteval. 2013-07-10 02:17:01 +01:00
Ryan Kavanagh
2bacdb7fa3 Allow setting IMAP servers' SSL version
We now allow setting the SSL version used when connecting to IMAPS servers, and
do so via the `ssl_version` configuration option. We default to the current
practice (letting python's "ssl" library automatically detect the correct
version). There are however rare cases where one must specify the version to
use.

Signed-off-by: Ryan Kavanagh <rak@debian.org>
2013-07-08 10:57:58 -04:00
Kim Lidström
dde021ce52 Added remoteporteval 2013-06-20 11:38:45 +02:00
Dave Abrahams
e94642bb4d Determine folder syncing on Folder initialization
Rather than later when retrieving them by IMAP, we determine the
"sync_this" value of a folder on Folder() initialization.

This also fixes a bug where folder structure was not propagated when
a folder was filtered out but included in the folderincludes list.

Patch by Dave, split and modified slightly by Sebastian

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2012-09-01 02:30:46 +02:00
Sebastian Spaeth
29ba2fc523 Warn about nonsensical config option 'sep' for IMAP repositories
We autodetect the folder separator on IMAP servers and ignore any 'sep'
setting in the repository section for IMAP servers. Detect if there is
such a setting and warn the user about it.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2012-04-02 23:26:59 +02:00
Sebastian Spaeth
b6807355b5 Implement ui.makefolder and abort repo.makefolder() in dry-run mode
IMAP, Maildir, and LocalStatus abort if in dry-run mode. IMAP and Maildir
will log that they "would have" created a new folder.

This will probably fail later on as we can not cache messagelists on
folder that don't exist, so --dry-run is not yet safe when new folders
have been created.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2012-02-17 13:17:03 +01:00
Sebastian Spaeth
19c014c6cd Implement foldersort in a python3 compatible way
By default we sort folders alphabetically (for IMAP) according to their
transposed names. For python3, we need to bend a bit backwards to still
allow the use of a cmp() function for foldersort. While going through, I
discovered that we never sort folders for Maildir.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2012-02-13 08:36:28 +01:00
Sebastian Spaeth
ba3a698a67 No need to test for types.StringType
all we want to know is if we got some string'ish type and testing for isinstance
 'basestring' is sufficient for that. Remove the import.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2012-02-06 17:41:43 +01:00
Sebastian Spaeth
0844d27f9f except Ex, e: --> except Ex as e:
Nudge us towards python3 compatability by converting deprecated python2 syntax.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2012-02-06 17:41:42 +01:00
Cédric Krier
3028648e8f Don't fail if /etc/netrc is not readable 2012-01-09 16:39:12 +01:00
Sebastian Spaeth
78a37f27ef WIP, revamp how we treat top-level dirs
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2012-01-06 19:08:48 +01:00
Sebastian Spaeth
20f2edfcec Sanity check to notify us when we call IMAPRepository.getsep() too early
The folder delimiter is only initialized after a call to
acquireconnection(), so we must never call this function too
early. Include an assert() to make sure we get notified when we do.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-12-01 09:49:09 +01:00
Sebastian Spaeth
33b4a16dac Fix mbox.select(foldername) readonly parameter comparison
The default parameter value was "None", and we were comparing that
directly to the imaplib2 value of is_readonly which is False or True, so
the comparison always returned "False".

Fix this by setting the default parameter to "False" and not
"None". Also convert all users of that function to use False/True.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-11-02 08:57:01 +01:00
Sebastian Spaeth
9578f29195 Use 'reference' value when creating an IMAP directory
A repositories 'reference value is always prefixed to the full folder
path, so we should do so when creating a new one. The code had existed
but was commented out since 2003, I guess the "reference" option is not
too often used.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-09-30 16:57:07 +02:00
Sebastian Spaeth
4e89bbfe6e Recache folder list after creating a new folder
If we create a new folder we would previously not update our folder
list, which led to us skipping the synchronization of those new folders
during the initial run (subsequent runs would pick it up).

Invalidate the folder cache when we create a folder during folder
structure sync. Regetting the whole list from an IMAP server might be
slightly suboptimal from a performance point, but it is easy and will
lead to consistent results. Hopefully we will not have to create new
folders on each new run.

Reported-by: Daniel Shahaf <d.s@daniel.shahaf.name>
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-09-30 09:05:49 +02:00
Sebastian Spaeth
9c5f73d3b3 Move self.folderfilter|nametrans|sort from IMAPFolder to BaseFolder
We want to have these functions available for Maildir folders too, so we
can folderfilter a Maildir repository too (which is currently not possible)

This commit only move the corresponding functions from the IMAP to the Base
implementation. It should not change behavior in any way yet.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-09-19 14:23:08 +02:00
Sebastian Spaeth
c7420e6ad4 Debug log/error proof the creation of new IMAP folders
Output a debug log line whenever we create a new folder on an IMAP
server. Also raise an OfflineImap Error in case we failed to create it.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-09-19 11:36:03 +02:00
Sebastian Spaeth
8ba17c5bd1 add sync_this variable to all Folder() instances
This variable shows if this folder should be synced or is disabled due to
a folderfilter statement. This lets us distinguish between a non-existent
folder and one that has been filtered out. Previously any filtered folder
would simply appear to be non-existing.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
2011-09-19 11:35:52 +02:00
Sebastian Spaeth
0d3303ec12 Remove visiblename as parameter to IMAPFolder creation
IMAPFolder has the repository and foldername values so it can get the
transposed (aka visiblename) of a folder itself just fine. There is no
need to pass it in as an separate parameter.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-09-16 12:54:29 +02:00
Sebastian Spaeth
410e2d35e9 Set accountname in BaseFolder, and don't pass it in initialization
We passed in the accountname to all derivatives of BaseFolder, such as
IMAPFolder(...,repository,...,accountname), although it is perfectly
possible to get the accountname from the Repository(). So remove this
unneeded parameter. Each backend had to define getaccountname() (although
the function is hardly used and most accessed .accountname directly).

On the other hand BaseFolder was using getaccountname but it never defined
the function. So make the sane thing, remove all definitions from backends
and define accountname() once in Basefolder. It was made a property and not
just a (public) attribute, so it will show up in our developer
documentation as public API.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-09-16 12:54:12 +02:00
Sebastian Spaeth
d2af21d57d Simplify testing for 'subscribedonly' setting
We only explicitly tested for 'yes' when we have a nice function to get
boolean settings which also works with Treu/False/NO, etc...

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-09-15 19:27:01 +02:00
Sebastian Spaeth
8800fa37a3 Implement Server SSL fingerprint check
If we connect to a SSL server (not STARTTLS) and no CA cert has been
specified for verification, we check the configured SSL fingerprint and
bail out in case it has not been set yet, or it does not match.

This means one more mandatory option for SSL configuration, but it
improves security a lot.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-09-12 19:45:15 +02:00
Nicolas Sebrecht
a38c6da49d Merge branch 'ss/improved-folderfilter-errors' into next
Conflicts:
	Changelog.draft.rst
2011-08-12 18:29:23 +02:00
Sebastian Spaeth
fa18968642 Catch folderfilter errors in repository.IMAP.getfolders()
Rather than throwing ValueError, we now properly throw OfflineImapError
when selecting a folder in folderincludes. So we also need to catch
OfflineImapErrors here. If they are of severity FOLDER, just ignore the
invalid folder and continue. If the error is more severe, bubble it up.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-08-12 18:28:49 +02:00
Sebastian Spaeth
131298c2b1 Remove superfluous class ConfigedIMAPServer
Remove a level of wrapper abstraction that is not needed. Just use
IMAPserver and be done with it.

We do this by passing in the IMAPRepository() instance rather than a
long list of single paramters to the IMAPServer instanciation. This way
we can retrieve all repository parameters ourselves, rather than passing
a dozen paramters into IMAPServer. Also, this enables us to pass the
repository() object into our WrappedIMAP4() instance, so that it can
query, e.g. the SSL fingerprint configuration.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-08-12 18:18:26 +02:00
Sebastian Spaeth
b20f5192fb Allow to specify remote hostname even for the Gmail case
Previously we hard-coded the imap server name in the case of Gmail
repositories, but often we need a different host name. So, allow people
to specify the hostname via the regular "remotehosteval" and
"remotehost" settings, and only falling back to imap.gmail.com when
nothing has been specified.

Cache the hostname, so we don't evaluate the whole thing each time we
query the host name.

Make the remotehosteval processing more robust, by catching any
Exceptions that occur, and throw a OfflineImapError, that explains where
exactly the error had occured. You can test this, e.g. by setting
remotehosteval to 1/"n" or some other invalid expression.

The whole IMAP.gethost() function has been documented code wise while
going through.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-06-08 17:19:07 +02:00
Ethan Glasser-Camp
2cc2ead503 Let the user configure how long to IDLE for
This commit was originally by James Bunton <jamesbunton@fastmail.fm>.

Signed-off-by: Ethan Glasser-Camp <ethan@betacantrips.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-05-24 18:55:46 +02:00
Ethan Glasser-Camp
52cefb582c Recognize configuration for idlefolders
Mark this option as experimental and document its shortcomings in
MANUAL.rst.

This code was originally by James Bunton <jamesbunton@fastmail.fm>.

Signed-off-by: Ethan Glasser-Camp <ethan@betacantrips.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-05-24 18:55:46 +02:00
Nicolas Sebrecht
8a34edc8ca cleanup import satements
- conform to PEP8
- explicitly define symbols instead of 'import *'
- remove unused import

Reviewed-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-05-12 18:26:29 +02:00
Nicolas Sebrecht
3b45782cc4 Merge branch 'master' into next 2011-03-15 19:28:02 +01:00
Sebastian Spaeth
1c71e37f8f Sanity checks for SSL cacertfile configuration
We were not able to handle ~/... type of path configurations and we
crashed with mysterious SSL errors when no file was found at the
configured location. Expand '~' and bomb out with usable error messages
in case such a file does not exist. This will still not protect against
corrupt cacert files but it goes a long way towards user friendliness.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-03-15 18:45:31 +01:00
Nicolas Sebrecht
c9ac254c8c Merge branch 'ss/debug-folderfilter' into next 2011-03-03 19:07:35 +01:00
Sebastian Spaeth
93f7d0bd1f Enable debug output to see what folderfilter actually filters out
It is currently very hard to find out what folderfilter actually does
and makes it hard to debug for a user. With this patch if the user has
enabled "-d imap" (even better would perhaps be a different debug type
for this kind of thing?), we see a message
"Filtering out folder 'foo' due to folderfilter"
in the logs.

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-03-03 19:05:57 +01:00
Sebastian Spaeth
d5e7620ce9 Create an abstract Repository class
A Repository() returns the correctly instanciated dervivate of a
BaseRepository, depending on the parameters passed to it. The returned
instance is eg an ImapRepository(). This makes the code look nicer,
and we have less functions lying around outside of classes (no more
global LoadRepository() function).

This will also enable us to conveniently hand back a
LocalStatusRepository based on SQLITE rather than plain text, if the
user configures this to be the experimental and optional backend
(once it exists).

Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-03-03 18:19:42 +01:00