142 Commits

Author SHA1 Message Date
Nicolas Sebrecht
8c04684f3b imapserver: provide some SSL info while in imap debug mode
Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/457
Tested-by: Maximilian Kaul <https://github.com/maximiliankaul>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2017-04-30 12:15:08 +02:00
Nicolas Sebrecht
39b657194a XOAUTH2: don't try this authentication method when not configured
Checking if we have to run this authentication method once it's already passed
to imaplib2 is too late. Make the checks at correct time, before we try the
authentication method. IOW, before we call

  imapobj.authenticate('XOAUTH2', self.__xoauth2handler)

Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/442
Tested-by: Klemens Schölhorn <klemens@schoelhorn.eu>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2017-04-27 21:17:25 +02:00
lkcl
dda27e0962 learn authproxy configuration option
Allow to use a another proxy for authentication than for IMAP.

Signed-off-by: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-12-19 12:20:19 +01:00
Nicolas Sebrecht
04ae3c8dad folder: IMAP: display error message before starting next try
Fetching messages is tried more than once. Display the error message at correct
time.

Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-11-22 00:58:14 +01:00
Nicolas Sebrecht
0fe4562269 manual: add known issues entry about XOAUTH2 "invalid_grant"
- Split the manual asciidoc source file.
- Improve the Makefile to build the manuals.

Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/374
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-11-05 19:20:39 +01:00
Nicolas Sebrecht
c0f4fa44eb imapserver: minor code cleaning: reorder methods
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-09-23 16:27:22 +02:00
Nicolas Sebrecht
3d3e66fbb2 ensure logs are in bytes for PLAIN authentication
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-09-21 03:54:41 +02:00
Nicolas Sebrecht
dbcfc0b173 idle: protect all calls to imapobj.noop() (coonection might be dropped)
Some code refactoring.

Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-09-13 04:41:31 +02:00
Nicolas Sebrecht
38c6785636 XOAUTH2: raise error if string 'error' is in the response
Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/374
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-08-23 01:19:30 +02:00
Nicolas Sebrecht
71d86b6d47 XOAUTH2: improve error message while trying to get access token
Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/338
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-08-21 20:30:19 +02:00
Łukasz Żarnowiecki
48611398e0 imapserver: change lambdas with map to list comprehension
It is more readable and returns a list.

This continues work done in 19c4330.

Signed-off-by: Łukasz Żarnowiecki <dolohow@outlook.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-08-05 00:06:26 +02:00
Nicolas Sebrecht
203c28f21f add the repository name when connecting
Otherwise, it might be impossible to know which account is connecting when more
than one is syncing.

Code style.

Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-07-30 01:44:27 +02:00
Nicolas Sebrecht
9aa5afa951 XOAUTH2: fix the *_eval configuration options
They introduce a regression not allowing to discard the XOAUTH2 method when
expected.

The default lambda did not take the "account_name" argument.

Github-fix: https://github.com/OfflineIMAP/offlineimap/issues/362
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-07-29 16:38:58 +02:00
Nicolas Sebrecht
03859e89c3 improve error message when ssl_version must be set due to the tls_level
Improve the ssl documentation.

Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-07-25 03:29:25 +02:00
Nicolas Sebrecht
7945e10a76 correctly reraise errors with six
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-07-03 19:56:14 +02:00
Nicolas Sebrecht
e8509a04e6 remove dead code
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-06-26 17:09:03 +02:00
Nicolas Sebrecht
ac2a547ec4 learn to disable STARTTLS
Some servers might have this feature broken.

Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/207
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-06-26 17:01:01 +02:00
Nicolas Sebrecht
08e17de7e2 require usernames and passwords to be UTF-8 encoded
- Learn to support UTF-8 characters where it was not supported for usernames and
  passwords (but for netrc).
- Fix the types in the code for both py2 and py3: we now expect unicode for
  usernames and passwords.

Unicode (UTF-8) is required only for variables with non-ASCII characters.

Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-06-26 16:57:22 +02:00
Nicolas Sebrecht
922bed05a7 threading: improve comments
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-06-04 02:25:44 +02:00
Nicolas Sebrecht
bb1160f0ee minor: fix copyright date
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-05-20 18:20:07 +02:00
Nicolas Sebrecht
a2a8a908ca threading: fix variable names about namespaces
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-05-19 08:36:23 +02:00
Nicolas Sebrecht
0b32e787c7 imapserver: use boolean where it makes sense
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-05-19 08:33:14 +02:00
Łukasz Żarnowiecki
0addcbabf0 py3: raise exceptions using six module
There is no other way to make Python2 and Python3 happy, because syntax
raise E, V, T is incompatible with the latter.

Signed-off-by: Łukasz Żarnowiecki <dolohow@outlook.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-05-18 01:49:09 +02:00
Łukasz Żarnowiecki
19c43308b9 Change filter with lambda to list comprehension
It is more readable and returns a list therefore it is compatible both
with Python 2 and 3.

Signed-off-by: Łukasz Żarnowiecki <dolohow@outlook.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-05-10 02:53:09 +02:00
Nicolas Sebrecht
2fb2f840dc XOAUTH2: don't force oauth2_request_url to be defined
Not all users want XOAUTH2.

Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-04-25 18:38:31 +02:00
Ebben Aries
9bfd610230 change hard coding of AF_UNSPEC to user-defined address-families per repository
Some environments that return AAAA records for their IMAP servers can pose
problems for clients that do not have end-to-end IPv6 connectivity for a number
of reasons (e.g. policy, lack of full routing, security, etc..)

Even with a fallback mechanism in place, you can still arrive at IMAP
implementations that could prevent authentication from unknown IPv6 space. This
in itself is not enough to fallback to IPv4 since there is an actual connection
on that socket.

This change is for introducing a user-defined value:

  [Repository imap-remote]
  ipv6 = no

to create a preference per repository on which AF to connect to the remote
server on

ipv6 = yes (AF_INET6)
ipv6 = no (AF_INET)
unspecified = default

Signed-off-by: Ebben Aries <e@dscp.org>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-02-23 06:57:21 +01:00
Ray Song
b670bb2022 XOAUTH2 handler: urlopen with proxied socket
Signed-off-by: Ray Song <i@maskray.me>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2016-02-15 11:14:50 +01:00
ojab
cfa704bbf2 Allow authorization via XOAUTH2 using access token
Signed-off-by: Slava Kardakov <ojab@ojab.ru>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2015-12-30 00:25:57 +01:00
Valentin Lab
b2adf2d258 fix: avoid writing password to log
Github-fix: #266
Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2015-11-04 08:00:50 +01:00
Ben Boeckel
f03afcd224 imapserver: add a tls_level option
Allow the user to block usage of known-bad versions of SSL and TLS.

Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2015-10-12 15:54:15 +02:00
Christopher Corley
f7efaa2093 learn XOAUTH2 authentication
Signed-off-by: François Lamboley <francois.lamboley@happn.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2015-10-06 14:24:42 +02:00
Nicolas Sebrecht
300f884c09 idle: continue trying selecting the folder on OfflineImapError.Error
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2015-03-18 23:09:34 +01:00
夏恺(Xia Kai)
d36209a305 add proxy support powered by PySocks
Read proxy option in imapserver, instantiate a class in imaplibutil
using a self-defined keyword and a socket instance, and use this socket
instance to substitute the default socket instance used in imaplib2.

Signed-off-by: 夏恺(Xia Kai) <xiaket@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2015-02-17 10:34:20 +01:00
Nicolas Sebrecht
461554b7b1 more style consistency
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2015-02-10 17:25:00 +01:00
Eygene Ryabinkin
f69613965f Make OS-default CA certificate file to be requested explicitely
This simplifies logics for the user, especially if he uses both
fingerprint and certificate validation: it is hard to maintain
the compatibility with the prior behaviour and to avoid getting
default CA bundle to be disabled when fingerprint verification
is requested.

See
  http://thread.gmane.org/gmane.mail.imap.offlineimap.general/6695
for discussion about this change.

Default CA bundle is requested via 'sslcertfile = OS-DEFAULT'.

I had also enforced all cases where explicitely-requested CA bundles
are non-existent to be hard errors: when users asks us to use CA
bundle (and, thus, certificate validation), but we can't find one,
we must error out rather than happily continue and downgrade to
no validation.

Reported-By: Edd Barrett <edd@theunixzoo.co.uk>
Reviewed-By: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2015-01-18 22:05:49 +03:00
Eygene Ryabinkin
e7fabf9e57 Properly re-raise exception to save original tracebacks
We usually mutate some exceptions to OfflineImapError() and it is
a whole lot better if such exception will show up with the original
traceback, so all valid occurrences of such mutations were transformed
to the 3-tuple form of "raise".  Had also added coding guidelines
document where this re-raise strategy is documented.

Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2015-01-12 17:51:21 +03:00
Nicolas Sebrecht
0f40ca4799 more style consistency
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2015-01-08 23:36:19 +01:00
Eygene Ryabinkin
1746676af8 Make IDLE mode to work again
Refactoring in commit 6cbd2498 touched wrong class's "idle" call.

Found-by: Tomasz Żok <tomasz.zok@gmail.com>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-05-23 13:19:11 +04:00
Abdo Roig-Maranges
8c43e52173 Fix multiple typos in var, function and exception names
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-05-07 18:29:47 +04:00
Abdo Roig-Maranges
96c9cca83a Class IMAPServer: idle() is private now
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-05-07 18:29:47 +04:00
Eygene Ryabinkin
d96af192ed Move space to the end of string
... to be aligned with the rest of the code.

Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-05-07 00:07:56 +04:00
Ben Boeckel
7c271d5131 Imapserver: add missing space to the log message
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-05-07 00:04:44 +04:00
Abdó Roig-Maranges
0903428fda Enable compressed connections to the IMAP server
Added the configuration setting usecompression for the IMAP repositories.
When enabled, the data from and to the IMAP server is compressed.

Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-05-02 19:30:49 +04:00
Eygene Ryabinkin
6cbd2498ae Refactoring: make functions to be private if we can
Make external API of class/module to be smaller, explicitely mark
all internal functions.  Also annotate methods that are implemented
as the part of the parent class interface.

Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2014-04-30 19:35:56 +04:00
Andreas Mack
e26827c1cb Make authentication mechanisms configurable
Added configuration option "auth_mechanisms" to the config file:
it is a list of mechanisms that will be tried in the specified order.

Author: Andreas Mack <andreas.mack@konsec.com>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-08-08 22:34:30 +04:00
Steve Purcell
968d5520da Allow transport-type tunnels to the IMAP servers
It's nice to set up an ssh tunnel command which forwards an IMAP tcp
port inside an encrypted session, e.g. with ssh's "-W" flag.  In this
case the tunnelled connection still requires authentication inside
IMAP session, because this is transport-only tunnel that substitutes
normal TCP/SSL connection.

New directive, 'transporttunnel' was added: it specifies the command
that will create the tunnel.  Only one type of tunnel must be
specified for a single repository: we can't have both preauthenticated
and transport-type tunnels, they won't chain together.

From: Steve Purcell <steve@sanityinc.com>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-08-06 12:18:21 +04:00
Andreas Mack
acaa96291d Add SASL PLAIN authentication method
- this method isn't as deprecated as IMAP LOGIN;

 - it allows to keep hashed passwords on the server side;

 - it has the ability to specify that the remote identity
   is different from authenticating username, so it even
   can be useful in some cases (e.g., migrated mailboxes);
   configuration variable "remote_identity" was introduced
   to leverage this functionality.

From: Andreas Mack <andreas.mack@konsec.com>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-08-06 01:51:41 +04:00
Eygene Ryabinkin
7d313f49dc Refactored authentication handling
- created helper routine that will do authentication;

 - routine tries each method in turn, first successful
   one terminates it: makes things easier to read
   and handle;

 - renamed plainauth() inside offlineimap/imapserver.py
   to loginauth(): the function does IMAP LOGIN authentication
   and there is PLAIN SASL method, so previous name was
   a bit misleading;

 - slightly improved error reporting: all exceptions during
   authentication will be reported at the end of the run;

 - now loginauth() is never called if LOGINDISABLED is advertized
   by the server; it used to be invoked unconditionally when
   CRAM-MD5 fails, but we should respect server's opinion on
   how to handle its users.

Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-08-06 01:10:10 +04:00
mxgr7
0d992ee7d3 Execute pre/post hooks for IDLE-toggled syncs
Make IDLE syncs be equal to the regular synchronisations
in respect to pre-sync and post-sync hooks.

From: mxgr7 <maxgerer@gmail.com>
Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-08-02 13:53:21 +04:00
Eygene Ryabinkin
67d68c2fc8 IMAP: simplify locking and fix potential lock loss
Run the locked code under 'with': this guarantees that lock
will be released in any case.

This modification also avoids the case when our thread wasn't running
locked when exception was caught, another thread got the lock, our
code checked it via self.connectionlock.locked() and errorneously
released the lock thinking that is was running locked.

Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-07-22 00:08:39 +04:00