Merge branch '1.3'

This commit is contained in:
Oswald Buddenhagen 2020-08-04 14:48:58 +02:00
commit 5fee222f84
5 changed files with 60 additions and 47 deletions

View File

@ -1586,14 +1586,6 @@ get_cmd_result_p2( imap_store_t *ctx, imap_cmd_t *cmd, int response )
/******************* imap_cancel_store *******************/ /******************* imap_cancel_store *******************/
static void
imap_cleanup_store( imap_store_t *ctx )
{
free_generic_messages( ctx->msgs );
free_string_list( ctx->boxes );
}
static void static void
imap_cancel_store( store_t *gctx ) imap_cancel_store( store_t *gctx )
{ {
@ -1609,7 +1601,8 @@ imap_cancel_store( store_t *gctx )
free_list( ctx->ns_other ); free_list( ctx->ns_other );
free_list( ctx->ns_shared ); free_list( ctx->ns_shared );
free_string_list( ctx->auth_mechs ); free_string_list( ctx->auth_mechs );
imap_cleanup_store( ctx ); free_generic_messages( ctx->msgs );
free_string_list( ctx->boxes );
imap_deref( ctx ); imap_deref( ctx );
} }
@ -1746,7 +1739,9 @@ imap_alloc_store( store_conf_t *conf, const char *label )
for (ctxp = &unowned; (ctx = (imap_store_t *)*ctxp); ctxp = &ctx->gen.next) for (ctxp = &unowned; (ctx = (imap_store_t *)*ctxp); ctxp = &ctx->gen.next)
if (ctx->state != SST_BAD && ((imap_store_conf_t *)ctx->gen.conf)->server == srvc) { if (ctx->state != SST_BAD && ((imap_store_conf_t *)ctx->gen.conf)->server == srvc) {
*ctxp = ctx->gen.next; *ctxp = ctx->gen.next;
imap_cleanup_store( ctx ); free_string_list( ctx->boxes );
ctx->boxes = NULL;
ctx->listed = 0;
/* One could ping the server here, but given that the idle timeout /* One could ping the server here, but given that the idle timeout
* is at least 30 minutes, this sounds pretty pointless. */ * is at least 30 minutes, this sounds pretty pointless. */
ctx->state = SST_HALF; ctx->state = SST_HALF;
@ -1921,7 +1916,7 @@ ensure_password( imap_server_conf_t *srvc )
if (cmd) { if (cmd) {
FILE *fp; FILE *fp;
int ret; int ret;
char buffer[2048]; // Hopefully more than enough room for XOAUTH2, etc. tokens char buffer[8192]; // Hopefully more than enough room for XOAUTH2, etc. tokens
if (*cmd == '+') { if (*cmd == '+') {
flushn(); flushn();

View File

@ -309,9 +309,11 @@ proxy_set_bad_callback( store_t *gctx, void (*cb)( void *aux ), void *aux )
static void static void
proxy_invoke_bad_callback( proxy_store_t *ctx ) proxy_invoke_bad_callback( proxy_store_t *ctx )
{ {
ctx->ref_count++;
debug( "%sCallback enter bad store\n", ctx->label ); debug( "%sCallback enter bad store\n", ctx->label );
ctx->bad_callback( ctx->bad_callback_aux ); ctx->bad_callback( ctx->bad_callback_aux );
debug( "%sCallback leave bad store\n", ctx->label ); \ debug( "%sCallback leave bad store\n", ctx->label );
proxy_store_deref( ctx );
} }
//# EXCLUDE alloc_store //# EXCLUDE alloc_store

View File

@ -379,17 +379,27 @@ if you want to trust only hand-picked certificates.
\fBCertificateFile\fR \fIpath\fR \fBCertificateFile\fR \fIpath\fR
File containing additional X.509 certificates used to verify server File containing additional X.509 certificates used to verify server
identities. identities.
These certificates are always trusted, regardless of validity. It may contain two types of certificates:
.RS
.IP Host
These certificates are matched only against the received server certificate
itself.
They are always trusted, regardless of validity.
A typical use case would be forcing acceptance of an expired certificate.
.br .br
The certificates from this file are matched only against the received These certificates may be obtained using the \fBmbsync-get-cert\fR tool;
server certificate itself; CA certificates are \fBnot\fR supported here. make sure to verify their fingerprints before trusting them, or transfer
Do \fBnot\fR specify the system's CA certificate store here; see them securely from the server's network (if it can be trusted beyond the
\fBSystemCertificates\fR instead. server itself).
.br .IP CA
The contents for this file may be obtained using the These certificates are used as trust anchors when building the certificate
\fBmbsync-get-cert\fR tool; make sure to verify the fingerprints of the chain for the received server certificate.
certificates before trusting them, or transfer them securely from the They are used to supplant or supersede the system's trust store, depending
server's network (if it is trusted). on the \fBSystemCertificates\fR setting;
it is not necessary and not recommended to specify the system's trust store
itself here.
The trust chains are fully validated.
.RE
. .
.TP .TP
\fBClientCertificate\fR \fIpath\fR \fBClientCertificate\fR \fIpath\fR

View File

@ -41,7 +41,7 @@
# include <openssl/err.h> # include <openssl/err.h>
# include <openssl/x509v3.h> # include <openssl/x509v3.h>
# if OPENSSL_VERSION_NUMBER < 0x10100000L \ # if OPENSSL_VERSION_NUMBER < 0x10100000L \
|| (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070100fL) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070100fL)
# define X509_OBJECT_get0_X509(o) ((o)->data.x509) # define X509_OBJECT_get0_X509(o) ((o)->data.x509)
# define X509_STORE_get0_objects(o) ((o)->objs) # define X509_STORE_get0_objects(o) ((o)->objs)
# endif # endif
@ -430,6 +430,32 @@ socket_close_internal( conn_t *sock )
sock->fd = -1; sock->fd = -1;
} }
#ifndef HAVE_IPV6
struct addr_info {
struct addr_info *ai_next;
struct sockaddr_in ai_addr[1];
};
#define freeaddrinfo(ai) free( ai )
static struct addr_info *
init_addrinfo( struct hostent *he )
{
uint naddr = 0;
for (char **addr = he->h_addr_list; *addr; addr++)
naddr++;
struct addr_info *caddr = nfcalloc( naddr * sizeof(struct addrinfo) );
struct addr_info *ret, **caddrp = &ret;
for (char **addr = he->h_addr_list; *addr; addr++, caddr++) {
caddr->ai_addr->sin_family = AF_INET;
memcpy( &caddr->ai_addr->sin_addr.s_addr, *addr, sizeof(struct in_addr) );
*caddrp = caddr;
caddrp = &caddr->ai_next;
}
return ret;
}
#endif
void void
socket_connect( conn_t *sock, void (*cb)( int ok, void *aux ) ) socket_connect( conn_t *sock, void (*cb)( int ok, void *aux ) )
{ {
@ -479,8 +505,6 @@ socket_connect( conn_t *sock, void (*cb)( int ok, void *aux ) )
return; return;
} }
info( "\vok\n" ); info( "\vok\n" );
sock->curr_addr = sock->addrs;
#else #else
struct hostent *he; struct hostent *he;
@ -493,8 +517,9 @@ socket_connect( conn_t *sock, void (*cb)( int ok, void *aux ) )
} }
info( "\vok\n" ); info( "\vok\n" );
sock->curr_addr = he->h_addr_list; sock->addrs = init_addrinfo( he );
#endif #endif
sock->curr_addr = sock->addrs;
socket_connect_one( sock ); socket_connect_one( sock );
} }
} }
@ -506,16 +531,10 @@ socket_connect_one( conn_t *sock )
#ifdef HAVE_IPV6 #ifdef HAVE_IPV6
struct addrinfo *ai; struct addrinfo *ai;
#else #else
struct { struct addr_info *ai;
struct sockaddr_in ai_addr[1];
} ai[1];
#endif #endif
#ifdef HAVE_IPV6
if (!(ai = sock->curr_addr)) { if (!(ai = sock->curr_addr)) {
#else
if (!*sock->curr_addr) {
#endif
error( "No working address found for %s\n", sock->conf->host ); error( "No working address found for %s\n", sock->conf->host );
socket_connect_bail( sock ); socket_connect_bail( sock );
return; return;
@ -532,11 +551,6 @@ socket_connect_one( conn_t *sock )
#endif #endif
{ {
struct sockaddr_in *in = ((struct sockaddr_in *)ai->ai_addr); struct sockaddr_in *in = ((struct sockaddr_in *)ai->ai_addr);
#ifndef HAVE_IPV6
memset( in, 0, sizeof(*in) );
in->sin_family = AF_INET;
in->sin_addr.s_addr = *((int *)*sock->curr_addr);
#endif
in->sin_port = htons( sock->conf->port ); in->sin_port = htons( sock->conf->port );
nfasprintf( &sock->name, "%s (%s:%hu)", nfasprintf( &sock->name, "%s (%s:%hu)",
sock->conf->host, inet_ntoa( in->sin_addr ), sock->conf->port ); sock->conf->host, inet_ntoa( in->sin_addr ), sock->conf->port );
@ -579,11 +593,7 @@ socket_connect_next( conn_t *conn )
sys_error( "Cannot connect to %s", conn->name ); sys_error( "Cannot connect to %s", conn->name );
free( conn->name ); free( conn->name );
conn->name = 0; conn->name = 0;
#ifdef HAVE_IPV6
conn->curr_addr = conn->curr_addr->ai_next; conn->curr_addr = conn->curr_addr->ai_next;
#else
conn->curr_addr++;
#endif
socket_connect_one( conn ); socket_connect_one( conn );
} }
@ -597,12 +607,10 @@ socket_connect_failed( conn_t *conn )
static void static void
socket_connected( conn_t *conn ) socket_connected( conn_t *conn )
{ {
#ifdef HAVE_IPV6
if (conn->addrs) { if (conn->addrs) {
freeaddrinfo( conn->addrs ); freeaddrinfo( conn->addrs );
conn->addrs = 0; conn->addrs = 0;
} }
#endif
conf_notifier( &conn->notify, 0, POLLIN ); conf_notifier( &conn->notify, 0, POLLIN );
socket_expect_read( conn, 0 ); socket_expect_read( conn, 0 );
conn->state = SCK_READY; conn->state = SCK_READY;
@ -612,12 +620,10 @@ socket_connected( conn_t *conn )
static void static void
socket_cleanup_names( conn_t *conn ) socket_cleanup_names( conn_t *conn )
{ {
#ifdef HAVE_IPV6
if (conn->addrs) { if (conn->addrs) {
freeaddrinfo( conn->addrs ); freeaddrinfo( conn->addrs );
conn->addrs = 0; conn->addrs = 0;
} }
#endif
free( conn->name ); free( conn->name );
conn->name = 0; conn->name = 0;
} }

View File

@ -73,7 +73,7 @@ typedef struct {
#ifdef HAVE_IPV6 #ifdef HAVE_IPV6
struct addrinfo *addrs, *curr_addr; /* needed during connect */ struct addrinfo *addrs, *curr_addr; /* needed during connect */
#else #else
char **curr_addr; /* needed during connect */ struct addr_info *addrs, *curr_addr; /* needed during connect */
#endif #endif
char *name; char *name;
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL