Commit Graph

53 Commits

Author SHA1 Message Date
Oswald Buddenhagen
95276cd967 don't insert unnecessary linebreaks upon PassCmd invocation
the PassCmd will be typically non-interactive (or it will use a gui
password agent), so starting a new line just makes the progress counter
uglier. so make it configurable and default to no line break.
2015-03-30 14:52:02 +02:00
Oswald Buddenhagen
03a124051f add debugging for main()
so far, that's mostly mailbox listing
2015-03-30 10:31:59 +02:00
Oswald Buddenhagen
0e1f8f9a3f revamp console output options
- the old meaning of -V[V] was moved to -D{n|N}, as these are really
  debugging options.
- don't print the info messages by default; this can be re-enabled with
  the -V switch, and is implied by most debug options (it was really
  kind of stupid that verbose/debug operation disabled these).
- the sync algo/state debugging can be separately enabled with -Ds now.
2015-03-30 10:31:26 +02:00
Oswald Buddenhagen
8aa22a62e7 make progress counters global
which means they are now cumulative, and include channels and boxes.
2015-03-30 10:30:35 +02:00
Oswald Buddenhagen
a8b26dc4ac soft-limit peak memory usage
propagating many messages from a fast store (typically maildir or a
local IMAP server) to a slow asynchronous store could cause gigabytes of
data being buffered. avoid this by throttling fetches if the target
context reports memory usage above a configurable limit.

REFMAIL: 9737edb14457c71af4ed156c1be0ae59@mpcjanssen.nl
2015-02-15 18:13:05 +01:00
Oswald Buddenhagen
d9a983add6 add support for propagating folder deletions 2015-01-17 17:51:20 +01:00
Oswald Buddenhagen
f377e7b696 introduce FieldDelimiter and InfoDelimiter options
... for windows fs compatibility.

the maildir-specific InfoDelimiter inherits the global FieldDelimiter
(which affects SyncState), based on the assumption that if the sync
state is on a windows FS, the mailboxes certainly will be as well, while
the inverse is not necessarily true (when running on unix, anyway).

REFMAIL: <CA+m_8J1ynqAjHRJagvKt9sb31yz047Q7NH-ODRmHOKyfru8vtA@mail.gmail.com>
2014-10-25 17:42:48 +02:00
Oswald Buddenhagen
eb1005151c add SASL support
patch initially by Jack Stone <jwjstone@fastmail.fm>,
cleaned up by Jan Synacek <jsynacek@redhat.com>,
... and then almost completely rewritten by me. ^^
2014-10-20 10:10:55 +02:00
Oswald Buddenhagen
1217193fbb rework authentication mechanism configuration
RequireCRAM (another fairly stupid "use if available" option) is now
deprecated. instead, the AuthMech option can be used to give a precise
list of acceptable authentication mechanisms (which is currently "a bit"
short). in particular, this allows *not* using CRAM-MD5 even if it's
available.
2014-10-18 16:18:48 +02:00
Oswald Buddenhagen
aba3524d9b make it possible to disable usage of system cert store 2014-10-18 16:18:48 +02:00
Oswald Buddenhagen
7822bd8a91 require Host if SSL is used despite Tunnel 2014-10-18 16:18:48 +02:00
Oswald Buddenhagen
2745813367 re-design SSL/TLS configuration
the combinations of the various options made quite a mess. additionally,
'RequireSSL no' is inherently insecure - "use SSL if available" is plain
stupid.

the old options are still accepted, but will elicit a warning.
2014-10-18 16:18:48 +02:00
Oswald Buddenhagen
003ddb2199 permit IMAP Stores with explicitly empty Path
this is useful if the server sends an unhelpful NAMESPACE like
"INBOX." (which precludes clean use of Patterns with the real INBOX).
2014-10-04 18:37:34 +02:00
Oswald Buddenhagen
313c9193f8 use \fB and \fI consistently
notably, the docu for the Sync option had it mixed up in the
description.
2014-07-12 14:08:34 +02:00
Oswald Buddenhagen
d9c78b7787 clarify effect of Tunnel on Host and Port 2014-07-06 09:09:54 +02:00
Oswald Buddenhagen
639c84ea28 don't ignore RequireSSL for PREAUTHenticated connections
such connections don't support STARTTLS. that is reasonable, as whatever
makes the connection preauthenticated (typically a Tunnel used to launch
imapd via a shell login) must already rely on the connection's security.
consequently, we would not try to use STARTTLS with such connections.
unfortunately, we'd also skip the RequireSSL check as a side effect.

this means that a rogue server (via a MITM attack) could simply offer a
preauthenticated connection to make us not use SSL, and thus bypass
server authentication. as a result, we could send potentially sensitive
data to the attacker:
- with Patterns used, we would send a LIST command which reveals the
  remote Path setting. this isn't very useful to an attacker. also, IMAP
  Accounts usually rely on the server-provided NAMESPACE to start with.
- with Create enabled for the remote Store, we would upload messages
  from newly appeared local folders. this isn't a very likely situation,
  unless the attacker manages to convince the victim to move/copy
  interesting mails to a new folder right before the attack.
- with Expunge enabled for the local Store, previously synchronized
  folders would be wiped. however, this would require the attacker to
  know the correct UIDVALIDITY of each remote folder, which would
  require incredible luck or convincing the victim to disclose them.
  the first mismatch would likely tip off the victim.

in practice, someone with the level of technical and social engineering
skills required for this attack would very likely find more attractive
attack vectors. therefore, i don't consider this a particularly serious
issue.

configurations with UseIMAPS enabled or using a secure Tunnel were not
affected to start with.

a side effect of this fix is that most users of Tunnel will now need to
explicitly set RequireSSL to false.
an alternative approach would be defaulting all SSL-related settings to
off when Tunnel is used. this would be too invasive for a patch release,
but i'll consider it for 1.2.

see also CVE-2014-2567 for the Trojita MUA.
2014-07-06 09:09:54 +02:00
Oswald Buddenhagen
4ab12ae76e don't lie about the default of User
unlike the isync wrapper, mbsync does not have a default for the IMAP
user. the remote user seldomly matches the local one, so "forwarding" it
is more confusing than helpful.

CCMAIL: 744389@bugs.debian.org
2014-04-13 17:07:53 +02:00
Oswald Buddenhagen
1c758be695 fix typos 2014-01-25 13:19:02 +01:00
Oswald Buddenhagen
8b2bc912b4 elaborate on expunging and trashing 2013-12-15 13:46:25 +01:00
Oswald Buddenhagen
4481702da3 clarify wording in MapInbox doc 2013-12-15 13:46:25 +01:00
Oswald Buddenhagen
cf0f32f800 allow prefixes to Patterns
this makes it possible to "rename" a "namespace" while syncing.
2013-12-08 11:12:18 +01:00
Oswald Buddenhagen
f485d69332 refuse box list overrides if Channel has no Patterns
as the named boxes are the same on both sides, they logically make
sense only when the channel is in that mode anyway, which is the case
when using patterns.
2013-12-08 11:12:17 +01:00
Oswald Buddenhagen
71524cb6b0 reduce FSync option to a boolean
there is no use for Thorough mode any more, so simplify the
configuration.
2013-12-08 11:12:09 +01:00
Oswald Buddenhagen
8d5bd62537 add ExpireUnread option 2013-12-08 11:12:09 +01:00
Oswald Buddenhagen
f586c0bee5 make it possible to specify CopyArrivalDate and MaxMessages globally
sneaky change on the side: the wording of the man page is changed from
"outside any section" to "before any section" to get global options.
this is not entirely true ... the previously existing options behave as
before, while the two newcomers actually affect subsequent channels.
2013-12-08 11:12:09 +01:00
Oswald Buddenhagen
17c4748dfa support backslash-escaping in the config file
note that no attempt is made at making this work in the compat wrapper.
2013-09-26 09:17:08 +02:00
Oswald Buddenhagen
0b59ee0df3 support multi-character path separators
this applies to both the IMAP PathDelimiter (which is needed by Lotus
Domino), as well as the Flatten-ed separators.
2013-08-11 10:20:02 +02:00
Oswald Buddenhagen
eb1f10762f added sync support for the arrival date of messages
initial patch by Marc Hoersken <info@marc-hoersken.de>
2013-08-03 18:54:34 +02:00
Oswald Buddenhagen
bf049d6466 add PassCmd option to query IMAP password dynamically
inspired by patches by
Aurélien Francillon <aurelien.francillon@eurecom.fr>,
Martin Stenberg <martin@gnutiken.se> and
sbfnk@users.sf.net.
2013-07-27 11:31:31 +02:00
Oswald Buddenhagen
ca3a319e60 update copyrights 2013-04-20 16:57:16 +02:00
Oswald Buddenhagen
01358ec8b4 man page fixups 2013-04-13 20:07:16 +02:00
Oswald Buddenhagen
406e967430 don't let wildcards match INBOX, unless it lives under Path
it's counter-intuitive to have '*' match the (always present) INBOX
when the rest of the mailboxes lives in a different namespace.
2013-04-13 19:58:50 +02:00
Oswald Buddenhagen
89c81e382e discourage use of MapInbox 2013-04-07 16:57:45 +02:00
Oswald Buddenhagen
15d57b95b7 make paths relative to CWD, after all
the test suite actually relies on it. it would be possible to adjust it,
but there is not much reason to make paths relative to HOME (as we
support convenient tilde expansion). so use the least invasive approach,
which is simply the old behavior. adjust the documentation accordingly.

This reverts commit da5ce5d8f4.
2013-03-30 16:46:18 +01:00
Oswald Buddenhagen
b142778e56 match flag names in man page
"Full" is an alias for "All", but let's stick to one.
2013-03-24 18:42:57 +01:00
Oswald Buddenhagen
acb1c870b4 rewrite SSL certificate verification. again.
leave all the hard work to OpenSSL. this has several consequences:
- certificate chain validation actually works instead of throwing
  around error 20
- the interactive approval is gone. i don't expect it to be useful
  anyway, as mbsync is mostly a batch tool
- the code is much shorter
2013-03-17 19:49:03 +01:00
Oswald Buddenhagen
fbba8f1cda add support for (disabling) TLS v1.1 and v1.2 2013-02-10 09:56:33 +01:00
Oswald Buddenhagen
35851f133b add option to control amount of fsync()ing 2012-09-15 15:28:15 +02:00
Oswald Buddenhagen
0a8f19294c pre-release doc updates 2012-09-01 21:15:53 +02:00
Oswald Buddenhagen
d4c786823d replace FSF address with something more ... contemporary 2012-09-01 21:15:53 +02:00
Oswald Buddenhagen
18225344c6 make use of UID EXPUNGE 2012-09-01 21:15:52 +02:00
Oswald Buddenhagen
dfd7516b9a introduce ability to flatten the hierarchy of Stores 2012-09-01 21:15:52 +02:00
Oswald Buddenhagen
2585dd3324 add support for hierarchical mailboxes 2012-09-01 21:15:18 +02:00
Oswald Buddenhagen
9bbb02b8fd Revert "fix UIDNEXT handling"
in fact, UIDNEXT (and UIDVALIDITY) null is *not* allowed (see RFC3501
section 9). them popping up nonetheless was a dovecot bug (which would
also confuse dovecot itself).
having it in as a workaround was no good either, as quite some other
code in mbsync assumes that UIDs are not null.

This reverts commit e1fa867 and most of 39006d7.

-REFMAIL: 4CA62BA1.4020104@lemma.co.uk
2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
bd93d689db fully asynchronous IMAP operation
- asynchronous sockets using an event loop
  - connect & starttls have completion callback parameters
  - callbacks for notification about filled input buffer and emptied
    output buffer
- unsent imap command queue
  - used when
    - socket output buffer is non-empty
    - number of commands in flight exceeds limit
    - last sent command requires round-trip
    - command has a dependency on completion of previous command
  - trashnc is tri-state so only a single "scout" trash APPEND/COPY is
    sent at first. a possibly resulting CREATE is injected in front of
    the remaining trash commands, so they can succeed (or be cancel()d
    if it fails).
  - queue's presence necessitates imap_cancel implementation
2012-09-01 16:03:36 +02:00
Oswald Buddenhagen
a85013d6ff make IMAP pipeline depth configurable
currently, this affects only "clustered" message listings and
flag stores.
2012-09-01 16:03:36 +02:00
Oswald Buddenhagen
39006d7f24 document some breakage 2010-11-14 17:23:59 +01:00
Oswald Buddenhagen
516c3bfa99 remove mail addresses from man pages
apparently, some people don't see the "maintained by" bits, so make them
look harder for explicit contact information (to be found in AUTHORS).
2010-02-28 22:23:20 +01:00
Oswald Buddenhagen
c8275e2aa7 be *slightly* more explicit about which options Tunnel makes
superfluous.
2006-05-28 16:02:56 +00:00
Oswald Buddenhagen
dbbab78881 un-document "Host imaps:[...]" syntax and introduce new option UseIMAPS
instead.
apply ted's patch to support UseIMAPS in conjunction with Tunnel.
document that SSLv2 is No Good (TM).
2006-05-28 15:43:58 +00:00