Commit Graph

1000 Commits

Author SHA1 Message Date
Oswald Buddenhagen
d789f0c1ce make some string buffers non-static
this was clearly bogus; these are short-lived local variables.

amends 4cc5ad5a.
2022-06-19 16:02:03 +02:00
Oswald Buddenhagen
4eff48c54e replace 1-t => t^1
this is consistent with what we already did for in-place operations.
arguably, it's also a bit more intuitive.
2022-06-19 16:02:03 +02:00
Oswald Buddenhagen
08a375ea07 rename nfcalloc() => nfzalloc()
the signature is like that of zalloc() (as found in the linux kernel;
not to be confused with zone allocators, etc.), not like that of
calloc().
2022-06-19 16:02:03 +02:00
Oswald Buddenhagen
603e740b63 move expand_strdup() to config.c
it's not really a generic function.
2022-06-19 16:02:03 +02:00
Oswald Buddenhagen
7d02d6c1fe move checked FILE functions to util.c
while they are used only in sync.c, they are conceptually low-level.
2022-06-19 16:02:03 +02:00
Oswald Buddenhagen
6f023376a1 turn debug() functions into macros
this makes calling them with more expensive arguments efficient without
wrapping them into additional conditionals.
2022-06-19 16:02:03 +02:00
Oswald Buddenhagen
1a0255c566 centralize some #includes
these are used (almost) everywhere, so put them in common.h.
2022-06-19 16:02:03 +02:00
Oswald Buddenhagen
98f4fd4586 shuffle around global variables
the new organization clarifies the ownership, making things more
self-contained. this will potentially help with unit testing.
2022-06-19 16:01:58 +02:00
Oswald Buddenhagen
0f2220634d coding style: add "superfluous" braces
- wrap flow-controlled statements that contain blocks into blocks
  themselves
- wrap bodies of do-while()s into blocks
- use braces on 'else' symmetrically (this obviously has a cascading
  effect, so this patch touches lots of lines)
- attach braces

unavoidably, the rules are sometimes broken around #ifdef-ery.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
156e9c5058 comment updates 2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
6061de0ba6 autotest: use more legible format for test data
instead of specifying the mailboxes and sync state verbatim, use a
format which deals only with "subjects" (but no UIDs), and specifies the
whole state for each subject on a single line (exceptions prove the
rule).

the dumpers don't try to re-create the abstraction, as that's deemed
to be an unreasonable effort.

while rewriting most of the test data anyway, move it to the bottom of
the file, which is a more natural location for it.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
db66c4d746 autotest: remove show()
this somewhat crude way of generating test data will be obsolete soon.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
3040625a62 autotest: make state comparison more elaborate
don't abort the comparison if continuing makes sense, and try to be more
specific about the problems.

we give up if messages are excessive/missing or the subject is wrong,
as that touches upon the rather complex problem of diff optimization.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
7ce8c09145 autotest: support tests that don't modify the state file
a test run may (legitimately or not) modify only the mailboxes, or even
nothing at all. do something sensible in this case.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
96ee50d6ba autotest: transform ck*() => cmp*()
this avoids the ugly and error-prone repeated reading of the state
after a failure.

cmpbox() had to be made non-destructive on the box state.

readchan() had to be created.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
325551ce79 autotest: use ints where we mean ints
... instead of using strings. perl allows being sloppy, but it doesn't
really help understanding the code.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
fc0ad9eb65 autotest: use more appropriate data formats
parse the test data into hierarchical structures instead of using it in
its raw form. this is semantically cleaner and allows us to change the
input format more easily.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
697f35fd97 autotest: factor out readstate() from showstate() and ckstate() 2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
e0c1a83fc1 autotest: make more use of readfile() 2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
640b2a6649 autotest: factor out mkstate()
for clarity and structural consistency.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
9f9a2af959 autotest: let mkchan() take an atomic channel state
this is consistent with ckchan() and printchan().
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
7f38c5dc53 autotest: add support for strace-ing
works just like valgrind-ing.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
22a1df73e4 autotest: add support for starting at a specific test
... which is often useful for continuation after test data fixes.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
03a38e48d3 autotest: use sub-string matching for test selection
typing the full names is rather tedious when they get long.
also, using sub-strings, we can match multiple tests with one argument.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
27f0c47010 autotest: be more verbose about internal errors & warnings 2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
929aa3281b autotest: don't die on failure to read state file
this can happen as part of a "regular" test failure.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
5d7f2c7461 autotest: remove excessive close()s from showstate()'s error path 2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
254d2be9f4 remove pointless "lost track of ... messages" warnings
it doesn't really add any value when resuming after an interruption, as
incomplete propagations are perfectly expected, and are recovered from.
but it does make sense in the non-UIDPLUS path, where not finding just
stored messages indicates a problem.
so move the reporting from match_tuids() to msgs_found_new(), and remove
a redundant warning from the latter.

amends 6577bf3e.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
2b797fac61 delay TUID assignment less
we can't delay TUID assignment until after starting propagation if we
want to provide both safety and performance.

amends a0961d65.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
04e225c7ce make some maildir (error) messages more helpful
include the affected path.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
8e83649c33 slightly improve maildir rescan debugging 2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
b9f0162642 make free_*_messages() loops less obfuscated
notably, free_maildir_messages() had a dead assignment.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
35375df63f don't put IMAP stores in SST_BAD state into the unowned list
nothing would ever recycle them, so they'd just waste space. so cancel
them right away.

amends 9d22641.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
ae3a61b668 clarify / micro-optimize cancel_sync() 2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
75113ef796 get rid of some redundant casts
amends c3d91ae1, 1b67c499, 9c86ec34, and 83ebe902+1039ee25.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
11352708b8 fix roff abuse in mdconvert man page
this one was missed in a33e4475.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
9356300952 convert licensing to SPDX
while at it, add/fix some licenses/copyrights/comments:
- it makes no sense to have a GPL exception in scripts
- ted did not contribute to the man page
- tst_timers is not part of the mbsync executable
- explicitly put the build system under GPL and add copyrights
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
72ba7ef125 bump copyrights
it's legally irrelevant, but whatever.
2022-06-19 16:01:29 +02:00
Oswald Buddenhagen
043a8b5835 documentation tweaks
manual:
- explain what "rename on move" really means
- reword "remote" to "opposite" to make it less confusing
  (possibly renaming TrashRemoteNew left as an exercise for later)
- mention example mbsyncrc
- consistently capitalize Store/Channel/Group where they refer to the
  respective configuration entities
- emphasize that SyncState may need a trailing slash (as we do for Path)
- fix missing mention of global usage/default for some options
example mbsyncrc:
- add big fat note that empty lines matter
- stop demoing deprecated options
- point out that CertificateFile is optional

REFMAIL: 877dd11jb3.fsf@angela.anarc.at
2022-06-19 16:01:22 +02:00
Oswald Buddenhagen
16db3498b3 fix .gitignores
- src/tmp/ is actually a symlink (and thus not a dir)
- autoconf now generates configure~
- the coverity result archive was missed so far
2022-06-19 16:01:22 +02:00
Oswald Buddenhagen
7a4a887b3c sort lists of trashed messages after journal replay
the messages are trashed in mailbox (and thus UID) order, and in
practice we expect the operations to complete in order. however, if
older messages need to be trashed after a journal replay, and we get
interrupted again, the next replay would produce an unsorted array,
and thus break the binary search.

amends 2bba9b9.
2022-06-19 16:01:22 +02:00
Oswald Buddenhagen
c1feba585a don't clobber message status when upgrading placeholders
we'd reset the possibly set M_RECENT flag, which would lead to
pointless maildir rescans.

amends 70bad661.
2022-06-19 16:01:22 +02:00
Oswald Buddenhagen
2e17f427a9 fix severing of msg -> srec links upon maildir rescan
amends 9c86ec34 (the relevant line was arguably misplaced there, and
should have been in 2277ecef or whereabouts already).
2022-06-19 16:01:22 +02:00
Oswald Buddenhagen
f74b4e0d11 fix --debug-crash suppressing the progress display
there isn't really a reason for that; DEBUG_CRASH is quite unlike the
other DEBUG_ flags.

note that the DEBUG_*_ALL flags are not checked, because they always
come with their corresponding less verbose flag anyway.
2022-06-19 16:01:19 +02:00
Oswald Buddenhagen
c9b52f5aec fix maildir driver's debug flag
copy-pasto; it certainly wasn't meant to respond to --debug-sync.
the problem was barely noticeable, as the maildir driver's only debugs
are in the rarely triggered rescan path, apart from the flags usually
being used en bloc anyway.

amends 0e1f8f9a.
2022-06-19 16:00:15 +02:00
Oswald Buddenhagen
9c2cd0abd8 plug memory leaks when OPEN_OLD_IDS is used with Maildir
amends 77acc268.
2022-06-19 16:00:15 +02:00
Oswald Buddenhagen
259132b7e7 plug memory leaks in imap_{store,trash}_msg() error paths 2022-06-19 16:00:15 +02:00
Oswald Buddenhagen
4c2fb74207 fix storing messages on non-UIDPLUS servers
the fetch mode needs to be set for messages.

amends 42f165ec.
2022-06-19 16:00:15 +02:00
Oswald Buddenhagen
ee9fd2f5c7 workaround iCloud IMAP bug
thanks to Sabahattin Gucukoglu <listsebby@me.com> for the thorough
investigation.

REFMAIL: 29C5E84D-5FE7-47BB-9A14-2EC34D3921C5@me.com
2022-06-19 16:00:09 +02:00
Oswald Buddenhagen
d6b9a139e4 re-issue IMAP CAPABILITY after authentication
... if the server didn't include a corresponding response code by
itself. required for the sorry excuse of an imap server that ms
exchange is.
2022-06-19 16:00:09 +02:00
Oswald Buddenhagen
b6c36624f0 work around "unexpected EOF" error messages at end of SSL connections
gmail apparently doesn't send a close notification (SSL_shutdown())
before closing the TCP socket.
2022-06-19 16:00:09 +02:00
Oswald Buddenhagen
6b22c837f6 overflow-check ranges[] in imap_set_range()
amends 3d64f167.
2022-06-19 16:00:09 +02:00
Oswald Buddenhagen
87c2ac1cc9 reserve enough UID ranges in imap_load_box()
in certain configurations, under very unlikely conditions (which are
practically impossible to control remotely), we'd overflow ranges[].
in a typical gcc build, the values (which are also practically
impossible to control remotely) would be written at the end of buf[],
which would be rather harmless, as only a tiny part of buf is used
subsequently. so i'm not classifying this as a security issue.

amends 77acc268.
2022-06-19 16:00:09 +02:00
Oswald Buddenhagen
e686f88318 don't complain about concurrent flagging as deleted
the result of propagating a deletion is flagging as deleted, so shut up
if the only remote change is exactly that.
2021-12-03 11:56:16 +01:00
Oswald Buddenhagen
51673214ab fix read beyond end of input in copy_msg_convert()
the input isn't necessarily null-terminated (it currently is for imap,
but not for maildir), so if the message ended somewhere within the
header field name, we'd read beyond its end, which theoretically could
cause a crash. no other adverse effects could result, as we'd stop
processing such a broken message right afterwards.

amends 70bad661.
2021-12-03 11:46:33 +01:00
Oswald Buddenhagen
127003ee37 reject unreasonably long mailbox names from IMAP LIST
this wasn't really a security problem, as the name mapping we actually
do does not change the string length, and the iteration was already
safe after the literal length fix, but it's still better to catch weird
input.
2021-12-01 10:07:40 +01:00
Oswald Buddenhagen
92921b1d3b reject messages that grow too large due to conversion
that shouldn't really be a problem, as we have 2GB of headroom, and most
growth would happen when sending an all-newlines message from maildir to
imap (due to CR additions), which is mostly non-critical. but better
safe than sorry.
2021-12-01 10:07:40 +01:00
Oswald Buddenhagen
bc15e571b6 report conversion errors directly in copy_msg_convert()
that makes it easier to report various conditions without introducing
separate error codes.
2021-12-01 10:07:40 +01:00
Oswald Buddenhagen
ba13362a52 deal with oversized messages in maildirs
don't try to read messages > 2G, as that will only lead to trouble down
the line.

this wouldn't have worked on linux anyway (we read in one chunk, and
that is limited to (2^31 - 2^12) on all architectures), but on
platforms were big reads work, this was a security problem if one
synchronized other users' maildirs.

as a minor fix on the side, we now also clip the reported message size,
so MaxSize works for excessively big messages.
2021-12-01 10:07:40 +01:00
Oswald Buddenhagen
463272eab8 CVE-2021-3657: reject excessively large IMAP literals
we didn't limit the 32-bit size of literals so far, which, given that we
use int-sized lengths & offsets, permitted all kinds of buffer
overflows. malicious/compromised servers may have been able to exploit
this. actual email senders would be constrained by size limits for
delivered mails, and to cause more than a crash they'd have to predict
the exact size of the final message.

we now limit to 2GB, which, given that we use unsigned ints since
e2d3b4d55 (v1.4.0), gives the handlers downstream plenty of headroom.

an alternative would have been using 64-bit offsets, but this seems like
major overkill, even if IMAP4rev2 recently mandated it (we talk only
IMAP4rev1, so we can ignore it).
2021-12-01 10:07:24 +01:00
Oswald Buddenhagen
87065c12b4 CVE-2021-44143: don't overflow heap on messages without headers
when a broken/compromised/malicious server gives us a message that
starts with an empty line, we'd enter the path for inserting a pristine
placeholder subject, for which we unfortunately didn't actually allocate
space (unless MaxSize is in use and the message exceeds it).

note that this cannot be triggered by merely receiving a crafted mail
with no headers (yes, it's actually possible to send such a thing), as
the delivery of mails adds plenty of headers.

amends 70bad661.
2021-11-25 16:14:32 +01:00
Oswald Buddenhagen
7979782676 limit maildir nesting depth
this is a cheap way to catch symlink loops. 10 seems like a reasonable
limit, as it's unlikely that anyone would be able to actually work with
such a deeply nested mailbox tree.

fixes debian bug #990117.
2021-07-29 13:14:18 +02:00
Oswald Buddenhagen
a846ab054d enable embedding arbitrarily long strings into IMAP commands
the AUTHENTICATE command may get insanely long for GSSAPI when SASL-IR
is available. instead of growing the buffers each time someone hits the
limit (as done in f7cec306), remove the limitation altogether.

imap_vprintf() still contains a fixed-size buffer which could overflow
when really long strings (e.g., mailbox names) need to be quoted. this
seems very unlikely, so we'll deal with it if someone actually hits it.

REFMAIL: 87sg1qxdye.fsf@cern.ch
2021-06-11 18:24:00 +02:00
Oswald Buddenhagen
444601a1e0 Merge branch '1.3' into 1.4
Conflicts:
	configure.ac
	src/drv_imap.c
2021-06-03 11:04:56 +02:00
Oswald Buddenhagen
589d2ed428 CVE-2021-3578: fix handling of unexpected APPENDUID response code
if the code was sent in response to anything but a STORE, we'd overwrite
a data pointer in one of our imap_cmd subclasses, an allocator data
structure, or the start of the next allocation, with an int that was
completely under the server's control. it's plausible that this could be
exploited for remote code execution.

to avoid this, we could ensure that the object is of the right type
prior to casting, by using a new flag in the parameter block. but it's
easier to just dispose of the out_uid field altogether and reuse the uid
field that is present in the parameter block anyway, but was used only
for FETCH commands so far.

this problem was found by Lukas Braun <koomi@moshbit.net> using a
fuzzer.
2021-06-03 11:02:23 +02:00
Oswald Buddenhagen
a86e6f8c7c don't crash on malformed CAPABILITY responses
amends 95a83c822.

this problem was found by Lukas Braun <koomi@moshbit.net> using a
fuzzer.
2021-06-02 15:51:23 +02:00
Oswald Buddenhagen
d8feb67dae tolerate INBOX mis-casing in Path
while it's technically reasonable to expect the user to match the
server's casing of INBOX if they set Path, this might come as a
surprise to those who know that the IMAP INBOX is case-insensitive.
so tolerate any casing instead. as a minor side effect, we'd now even be
able to deal with a server using different casing in NAMESPACE and LIST.
2021-03-19 18:21:34 +01:00
Oswald Buddenhagen
4b185e35fe Merge branch '1.3' into 1.4
Conflicts:
	configure.ac
	src/drv_imap.c
2021-02-21 21:26:54 +01:00
Oswald Buddenhagen
594e60bd74 make UIDVALIDITY recovery more strict about vanished messages
in particular, this covers the case of a mailbox being replaced with an
empty new one, which would subsequently lead to the opposite end being
emptied as well, which would typically be undesired.

also add plenty of comments.
2021-02-21 21:11:58 +01:00
Oswald Buddenhagen
6796e041ae improve error messages about irrecoverably changed UIDVALIDITY
don't print the actual values, which are meaningless technicalities
to the average user, and can be obtained separately for debugging if
really necessary.
also, fix the omission of the affected mailboxes from one of the
messages.
2021-02-21 21:11:58 +01:00
Oswald Buddenhagen
fe5d59f8e3 CVE-2021-20247: reject funny mailbox names from IMAP LIST/LSUB
in particular, '..' in the name could be used to escape the Path/Inbox
of a Maildir Store, which could be exploited for stealing or deleting
data, or staging a (mild) DoS attack.
2021-02-21 20:40:22 +01:00
Oswald Buddenhagen
95a83c8220 be more tolerant of formally malformed response codes
fastmail sends flags containing ']' in PERMANENTFLAGS, which is formally
illegal. however, if we parse the embedded list before looking for the
response code's closing ']', things work out fine.

as a side effect we won't complain about similarly or completely
malformed response codes we don't recognize at all, which may or may not
be considered an improvement ...
2021-02-14 23:47:14 +01:00
Oswald Buddenhagen
8c86f34bf0 fix bogus continuation of IMAP list parsing
on error, parse_imap_list() needs to reset the nesting level in the
state, as imap_socket_read() uses that as an indicator whether list
parsing is ongoing.
2021-02-14 23:47:14 +01:00
Oswald Buddenhagen
32392adbe3 accept unsolicited FETCH responses (without payload) after all
while the spec says that the server SHOULD not send FETCH responses
about STORE FLAGS when .SILENT is used, at least gmail and fastmail seem
to do it nonetheless. also, in case of concurrent flag updates on the
affected messages such responses can be legitimately sent.

in earlier versions of mbsync this would lead to duplicate messages
piling up in the store, though that would pose no problem at that point.
2021-02-14 23:47:14 +01:00
Nihal Jere
7a0ea1f15c use correct <poll.h> header
In POSIX, poll() should be accessible using <poll.h>, although most
implementations keep <sys/poll.h> to avoid breakage. This fixes some
warnings when building on musl.
2021-02-08 17:26:11 +01:00
Oswald Buddenhagen
062706fcbf Merge branch '1.3'
Conflicts:
	configure.ac
	src/drv_imap.c
2021-02-03 15:53:05 +01:00
Oswald Buddenhagen
c8b73acad2 unbreak handling of 'INBOX.' NAMESPACE again
INBOX matching must not prevent prefix (namespace) stripping, as INBOX
may be the namespace.

amends 04fc586e7.

REFMAIL: 186391612191752@vla1-ea7e194e8506.qloud-c.yandex.net
2021-02-03 14:43:11 +01:00
Anton Khirnov
fc300fd811 Set authentication id for the SASL EXTERNAL mechanism
The SASL library will refuse to use the EXTERNAL module when no auth id
is set a priori.

Tested to work with Dovecot, using TLS client certificates for
authentication.
2021-01-05 19:50:21 +01:00
Oswald Buddenhagen
e67cf01eb8 improve SASL error messages
provide context, and remove the redundant numeric codes.
2021-01-05 19:46:29 +01:00
Oswald Buddenhagen
c2e6e962b5 tune SASL-related comments
- add explanations to the callbacks
- remove bogus comment - EXTERNAL can be in fact missing (when no
  authentication id is set)
2021-01-05 19:46:29 +01:00
Oswald Buddenhagen
e295f483d9 save errno in sys_error()
the print functions prior to perror() might otherwise clobber it.
2021-01-01 14:46:31 +01:00
Oswald Buddenhagen
6e56f39fa9 autotest: remove unused boxname parameter from printbox() 2020-12-19 13:22:29 +01:00
Oswald Buddenhagen
9fbf5c2f6c autotest: pass containers by reference
this makes function prototypes a lot more useful for parameter checking.
2020-12-19 13:22:29 +01:00
Oswald Buddenhagen
4423a932f3 add forced async mode to proxy driver
to test async operation of the syncing core while using the synchronous
maildir driver, we add a mode to the proxy driver where it queues
callback invocations to the next main loop iteration.
2020-12-19 13:22:29 +01:00
Oswald Buddenhagen
be657530ee localize a variable more appropriately 2020-12-17 22:18:10 +01:00
Oswald Buddenhagen
30af61fb24 consolidate testing options behind common switch
don't pollute the namespace with random uppercase switches. instead,
have a new -T switch with suboptions, just like -D.
2020-12-17 22:18:10 +01:00
Oswald Buddenhagen
c3d91ae1e8 introduce new inheritance model based on C11 anonymous structs
the struct declarations got uglier, but their usage requires a lot fewer
explicit references to the parent struct (though some are added where
using the derived struct is more practical now).

we also use something i'd term "covariant members": derivatives of
store_t also reference derivatives of store_conf_t, etc., which
drastically cuts down the number of casts.
fwiw, to achieve this with "proper" inheritance in C++, we'd use
covariant getter functions which hide the still existing casts.

C11 is almost a decade old now, and compilers supported that feature
even longer than that, so i don't expect this to be a problem.
2020-12-17 22:18:10 +01:00
Oswald Buddenhagen
bf66f210bd add some error checking to proxy template processor
debugging is a lot easier when the unconsumed (and therefore likely
mistyped) replacements are complained about.
2020-12-17 22:18:10 +01:00
Oswald Buddenhagen
cd6f18fd2b handle indentation in proxy driver template code more flexibly
use the indentation of the placeholder, not the replacement.
this doesn't matter right now, as all placeholders are indented by one
step, but that will change soon.

the indent function cannot be inlined into the substitution, as for some
reason ^ then matches the end of the string, not the embedded line
starts (with perl v5.32). also, $1 needs to go into a temporary anyway.
2020-12-17 22:17:11 +01:00
Oswald Buddenhagen
ba7b634186 make FALLTHROUGH work with qtcreator's code model
the code model inspector claims that __GNUC__ is 10, but the #if works
only with >= 4, which is plain wrong. so just handle clang explicitly.
2020-12-16 13:42:40 +01:00
Oswald Buddenhagen
5b4766fbe4 improve docu for {Pass,User}Cmd 2020-12-12 14:56:27 +01:00
Oswald Buddenhagen
dec4b36595 improve wording in man page 2020-10-05 13:50:23 +02:00
Oswald Buddenhagen
a9ce7be962 streamline init of type & name in imap_parse_store() 2020-10-05 13:15:28 +02:00
Oswald Buddenhagen
09341c10c5 make complaints about unrecognized keywords more verbose
tell the user in what section the keyword appeared, as that may help
spotting mistakes like stray empty lines.
2020-10-05 13:14:48 +02:00
Oswald Buddenhagen
217764bd35 complain about global options following sections
while harmless for most options, such usage is counter to the
documentation, and actually breaks CopyArrivalDate, MaxMessages, and
ExpireUnread.
2020-10-05 12:41:35 +02:00
Oswald Buddenhagen
ee39e684aa make exit from parsing Group sections less convoluted
this is a de-optimization, but it makes the code consistent with the
other sections (which do not use the shortcut due to having to
post-process the data or being encapsulated by a function call).
2020-10-05 12:31:14 +02:00
Oswald Buddenhagen
6463a72f12 remove the -cT option
it was another vestige from the compat wrapper.

amends cbac8aa75.
2020-10-05 11:56:30 +02:00
Oswald Buddenhagen
23513564df improve error handling in post-STORE UIDNEXT fallback
that's mostly hypothetical, but let's not make assumptions.

this also adds EXPUNGE response handling to make total_msgs reliable. in
principle, this affects the post-SELECT UIDNEXT fallback as well, but
there the racing window is so short that this barely improves anything.

amends 94022a67.
2020-08-24 12:51:47 +02:00
Oswald Buddenhagen
42f165ecf7 fix UIDNEXT query vs. concurrent imap_fetch_msg()
the uidnext query following message stores can be interleaved with
message fetches. that means that we cannot rely on the 1st command in
flight being that query. but instead of iterating over all commands in
flight, move the uidnext query flag to imap_store (and make sure to
check for the presence of a message body before testing it) - this
avoids the loop and an extra byte in every command.

this also makes it clear that the query is mutually exclusive with
loading messages (the untagged responses are not distinguishable).
2020-08-24 12:51:47 +02:00
Oswald Buddenhagen
f099141e42 make item tracking in parse_fetch_rsp() more uniform
amends 67ea5bea7 & a5a8783ea.
2020-08-24 12:51:42 +02:00
Oswald Buddenhagen
ec47c90554 delay allocation of msgdata.msgid field
this allows us to simplify the exit path of parse_fetch_rsp().
2020-08-05 17:59:28 +02:00
Oswald Buddenhagen
b37d6b1c00 fix invalid free() in error path
the tuid isn't actually allocated - it's a pointer into the raw data.

amends a5a8783e.
2020-08-05 17:36:35 +02:00
Oswald Buddenhagen
c69718baab remove redundant zero initializations
we already use calloc().

amends 130664b6.
2020-08-05 17:29:58 +02:00
Oswald Buddenhagen
b148fd9e44 de-duplicate exit paths of imap_alloc_store() 2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
c83330ffe8 don't unnecessarily re-initialize some members of imap_store
... when recycling server connections.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
8457225a50 use more appropriate return value in driver_t::select_box()
don't say DRV_CANCELED when it's really DRV_STORE_BAD, as apart from
being just wrong, it lead to the confusing effect of canceling a store
as the result of a supposed cancellation of the same store.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
481c12a8b3 handle CertificateFile more cleanly
properly distribute the certificates between the SSL context's trust
store and our host cert list.

as a drive-by, clean up some nasty type casts at the cost of including
a second OpenSSL header into socket.h.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
cfaa4848dd actually implement imap_commit_cmds()
delay reporting success of STORE FLAGS until a subsequent CHECK
succeeds.

this fixes (inverse flag change propagation) and (deletes not being
propagated) after an interruption due to prematurely logged flag
updates.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
70bad66129 create placeholders for messages over MaxSize
this is vastly more useful than just omitting the messages with no
indication at all.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
68a412115a don't rewrite state gratuitously
delay the creation of the new state and journal until there is actually
something interesting to write. this saves some cpu cycles and prolongs
ssd life a whee bit.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
0e5046e14a add/fix/de-duplicate comments 2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
fd7b5659ab de-duplicate updating of uid in sync records 2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
e9efc49b6c do away with newmaxuid
now that expiration order is determined by a single loop ordered by
far-side UIDs, it is no longer necessary to accurately track the highest
seen UID.

as a side effect, this fixes a problem reported (way too long ago) by
Yuri D'Elia: we failed to up newmaxuid for messages we produced
ourselves, so we would keep enumerating the same messages until we also
propagated externally generated messages from that mailbox - which might
have been never for the server side of archive/trash mailboxes.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
de6dc699c9 make expiration loops solely far-side-driven
we can do that, as unpaired near-side messages are ignored anyway.

this mildly changes expiration order, as near-side messages that
existed for a long time but were propagated much later will be expired
later. however, that has no practical relevance.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
ca72383fe9 don't forget to skip dead messages on far side during expiration
this is mostly theoretical, as at this point no updates to the message
list can have actually happened. but it's future-proof and consistent
with the near-side loop.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
5d6741a9a8 streamline counting of currently pushed messages wrt. expiration
don't count them as alive just to ignore them in the next step.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
8df1f5dd64 re-nest conditions for syncing new messages
this makes the logic easier to follow and document in place.
also, make the comments actually match reality.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
ceb09fcd44 handle messages which are newly doomed after an interruption
we already didn't propagate messages which would be instantly expunged
from the target, but failed to cancel propagations that were already
scheduled before we got interrupted. this matters a bit when the
resumption happens significantly later than the initial attempt, giving
the user time to mark messages on the source as deleted.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
4aaada18e9 remove redundant condition
the 'pending' and 'skipped' sync record states are mutually exclusive
with having a complementary message, so there is no point in testing it
explicitly.

amends bd5fb6ff.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
395f802500 fix loading of some messages' sizes in some partial sync scenarios
we need to pass a different "boundary" UID to driver_t::load_box() for
every OPEN_* flag that queries a partial range:
- OPEN_FIND refers to messages newer than all we know about
- OPEN_OLD_IDS refers to messages which are paired
- OPEN_{OLD,NEW}_SIZE refers to messages (not) above the committed
  boundary of already propagated messages

we treated the 3rd like the 2nd, which was just wrong - the actual
boundary may be lower or higher, so we'd produce wrong results when
MaxSize was set and only one of New and ReNew was requested.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
c8f402e43f deprecate master/slave terminology
the underlying metaphor refers to an inhumane practice, so using it
casually is rightfully offensive to many people. it isn't even a
particularly apt metaphor, as it suggests a strict hierarchy that is
counter to mbsync's highly symmetrical mode of operation.

the far/near terminology has been chosen as the replacement, as it is a
natural fit for the push/pull terminology. on the downside, due to these
not being nouns, a few uses are a bit awkward, and several others had to
be amended to include 'side'. also, it's conceptually quite close to
remote/local, which matches the typical use case, but is maybe a bit too
suggestive of actually non-existing limitations.

the new f/n suffixes of the -C/-R/-X options clash with pre-existing
options, so direct concatenation of short options is even less practical
than before (some suffixes of -D already clashed), but doing that leads
to unreadable command lines anyway.

as with previous deprecations, all pre-existing command line and config
options keep working, but yield a warning. the state files are silently
upgraded.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
b514d9ddbc purge handling of pending sync entries from state file
these cannot actually end up in the committed state.

amends bd5fb6ff.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
d93726067d wrap jFprintf()+debug() into a macro
this ensures that everything that is logged to the journal also appears
in the debug output, and it makes the code less noisy.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
198ca65b6e add option to get password from macOS Keychain
this is better than using PassCmd, as it allows the keychain manager to
identify the calling process and therefore use a selective whitelist.

unlike in the now removed example, we use an "internet password" for the
imap protocol, rather than a "generic password" - this seems more
appropriate.

based on a patch by Oliver Runge <oliver.runge@gmail.com>
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
03b15dbdd3 add ability to script IMAP user query
It was already possible to retrieve passwords from arbitrary commands.
But this goes only half the way to allowing automated derivation of
login credentials, as some environments may also have different user
names based on the system. Therefore, add the UserCmd option to
complement PassCmd.

Based on a patch series by Patrick Steinhardt <ps@pks.im>
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
503478533c de-duplicate FETCH response data item traversal somewhat 2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
8acf56b311 complain about malformed item names in FETCH responses 2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
47b477b3fb re-nest parse_fetch_rsp()
prefer early exits over else branches, which is easier to follow.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
81c4bfeefa extract parse_fetched_flags() from parse_fetch_rsp() 2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
d4ead05a02 extract parse_fetched_header() from parse_fetch_rsp() 2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
67ea5bea7f handle bogus IMAP FETCH responses more robustly
don't use assert()s when the error condition can stem not only from
errors in mbsync's logic, but also from the IMAP stream being corrupted.

amends 72be55b0e.

REFMAIL: 20191021233411.55ctuvslkfqf2pna@koblih.localdomain
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
a5a8783ea3 sanitize error handling in IMAP FETCH response processing
abort on actual error conditions (protocol errors) and downgrade the
rest to warnings.

REFMAIL: 20191102164509.dxayakg3hrmozjnm@carbon
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
b91dd5b3bc centralize disposal of parsed IMAP lists
makes the code less cluttered, and it's harder to introduce leaks.

this has the hypothetical disadvantage that due to freeing being
delayed, the peak memory usage would rise significantly if we chained to
another parse_list() call which produces a big list while already
holding a big list, but that isn't the case anywhere.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
7af7354dbc fully decompose NAMESPACE response early on
that way the code becomes clearer, and we don't keep useless nodes in
memory.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
6fd4e8de24 don't store 'shared' and 'other' namespaces
they are never used anyway, and aren't going to be (because configuring
that would be more annoying than just specifying Path manually).
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
c391b06b07 drop redundant conn->writing member
this information is already encoded in the socket notifier's config.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
6010fe104e rewrite nonsensical struct packing magic
this couldn't have possibly worked - the alignment also determines the
sizeof, thus defeating the intent of the packing.
2020-08-04 17:16:03 +02:00
Oswald Buddenhagen
64e5f07ad3 consistently use NULL for null pointers
makes the code noisier, but also somewhat more expressive.
2020-08-04 17:16:01 +02:00
Oswald Buddenhagen
e2d3b4d55b fix lots of sign conversion warnings
... by making a lot of objects unsigned, and some signed.
casts which lose precision and change the sign in one go (ssize_t and
time_t to uint on LP64) are made explicit as well.
2020-08-04 17:15:39 +02:00
Oswald Buddenhagen
cc176df2c3 make some narrowing of integers explicit
this does specifically *not* cover about a bazillion warnings about
size_t being shrunk to uint - these make no sense given the expected
data set size.
2020-08-04 17:14:55 +02:00
Oswald Buddenhagen
4d7e169e57 shrink some data at the source to avoid subsequent narrowing 2020-08-04 17:14:55 +02:00
Oswald Buddenhagen
def22db096 constness fixes
add missing const qualifications, and add "const cast" suppressions
where unavoidable.
2020-08-04 17:14:55 +02:00
Oswald Buddenhagen
5c2e8d3e14 make more objects static 2020-08-04 17:14:55 +02:00
Oswald Buddenhagen
71d7d3e6df add some ATTR_* (mostly)
mostly ATTR_PRINTFLIKE(*, 0) for functions with a va_list argument.

also, one ATTR_NORETURN and one ATTR_UNUSED, both on functions.

also, an explicit suppression for a format string stored in a variable.
2020-08-04 17:13:56 +02:00
Oswald Buddenhagen
df22514ced turn maildir_again() into a proper varargs function
this is mostly to work around the fact that both gcc and clang won't
accept the format string declaration (i.e., will complain with
-Wformat-nonliteral) if the *called* function does not actually take a
va_list.

on the upside, it makes one caller cleaner. yay ...
2020-08-04 16:54:28 +02:00
Oswald Buddenhagen
234becf530 remove support for SSLv3
it's insecure and default builds of openssl don't include it any more.
2020-08-04 14:49:58 +02:00
Oswald Buddenhagen
d09f988c70 add support for (disabling) TLS v1.3
this is actually potentially counterproductive, as people who have set
SSLVersions and fail to adjust it will _lose_ tls 1.3 support. however,
without the option being there, people (incorrectly) believe that tls
1.3 is not supported.
2020-08-04 14:49:58 +02:00
Oswald Buddenhagen
990cc112f1 Add option to use IMAP LSUB instead of LIST
Based on patch by Cedric Ware <cedric.ware__bml@normalesup.org>
2020-08-04 14:49:58 +02:00
Oswald Buddenhagen
e9407cc1f7 IMAP: reject unqualified non-uppercased INBOX spellings
otherwise the server would interpret it as INBOX contrary to our
expectations, which might lead to moderately surprising effects.

if you really want to sync your ~/maildir/inbox to the IMAP INBOX,
specify it as the Maildir Store's Inbox.
2020-08-04 14:49:58 +02:00
Jaroslav Suchanek
07cb422cbb Add support for specifying cipher string used for ssl connection
Some distributions (e.g. Fedora) added support for system wide crypto
policies. This is supported in most common crypto libraries including
OpenSSL. Applications can override this policy using their own cipher
string. This commit adds support for specifying the cipher string in
the mbsync configuration.

For example, to exclude Diffie-Hellman, the user can specify
  CipherString "DEFAULT:!DH"
in the IMAP Account's configuration.
2020-08-04 14:49:58 +02:00