Commit Graph

463 Commits

Author SHA1 Message Date
Oswald Buddenhagen
8310cf78ac fix CVE-2013-0289: add SSL subject verification
we did not check a valid certificate's subject at all so far.
this is no problem if the certificate file contains only exactly the
wanted host's certificate - before revision 04fdf7d1 (dec 2000, < v0.4),
this was even enforced (more or less - if the peer cert had been
signed directly by a root cert, it would be accepted as well).
however, when the file contains root certificates (like the system-wide
certificate file typically does), any host with a valid certificate
could pretend to be the wanted host.
2013-02-17 18:33:04 +01:00
Oswald Buddenhagen
fbba8f1cda add support for (disabling) TLS v1.1 and v1.2 2013-02-10 09:56:33 +01:00
Oswald Buddenhagen
c7ebe2da95 more error checking of IMAP responses
REFMAIL: CA+Tk8fyu-6bwXq=ee2BgcKK_13m9S0RS+-0DhM=_jFqSKCH8aw@mail.gmail.com
2012-10-16 09:37:19 +02:00
Oswald Buddenhagen
8dbb3fe7a9 flush stdout more
to make sure it is timely written and not interleaved with stderr even
when when redirected.
2012-09-22 17:48:09 +02:00
Oswald Buddenhagen
d7eae525bd fix TrashRemoteNew copy direction 2012-09-22 17:35:39 +02:00
Oswald Buddenhagen
c23d251092 consider hierarchy delimiter flattening when deciding what to list
flattened sub-folders of INBOX actually end up in Path, so list that
instead.

REFMAIL: 6c0ecbff0d025387020281c5d2f5e6e8@smallsys.org
2012-09-16 13:06:07 +02:00
Oswald Buddenhagen
66895f9cce try harder to list all necessary boxes
the pattern "INB*" may or may not refer to something in the INBOX. even
just "*" may. so list both the INBOX and the Path in case of
uncertainty.
2012-09-16 12:34:07 +02:00
Oswald Buddenhagen
35851f133b add option to control amount of fsync()ing 2012-09-15 15:28:15 +02:00
Oswald Buddenhagen
49223b2df2 avoid that a system crash can cause messages to be propagated twice
fdatasync() the journal after creating the pair record and recording
the TUID, but before the message propagation actually starts.

all other writes to the journal are not flushed, as they will at worst
cause some unnecessary network traffic without visible effect.
2012-09-15 15:28:15 +02:00
Oswald Buddenhagen
a326bf2f58 avoid that a system crash can lose mails
this fixes two possible failure scenarios:
- if the journal is committed but the mails are not, the missing files
  would be erroneously interpreted as deletions which would be
  propagated
- less seriously, if the mail files' meta data was committed but the
  file contents were not, we would end up with empty files, which would
  have to be re-fetched "behind mbsync's back" (just deleting the files
  would not work - see above)
2012-09-15 15:27:23 +02:00
Oswald Buddenhagen
df6c3b64b7 avoid that a system crash can clobber the sync state file
make sure that the new state is committed to disk before overwriting the
old version - by default meta data is committed first, so we may end up
with no valid state at all otherwise.
2012-09-15 13:25:50 +02:00
Oswald Buddenhagen
bbf98bb165 quote mailbox names written to config file 2012-09-15 11:57:14 +02:00
Oswald Buddenhagen
18936f6696 make more config file errors fatal
we really shouldn't just synchronize despite config parsing errors.
2012-09-15 11:49:24 +02:00
Oswald Buddenhagen
16e5aade3f store config error status in conffile_t object
this makes passing it around more straight-forward
2012-09-15 11:46:42 +02:00
Oswald Buddenhagen
725a122e91 make config parser a bit more careful about quotes
the parsing is more shell-like now:
- quoted and unquoted parts can be mixed in one argument
- the hashmark can be meaningfully quoted
2012-09-15 11:24:57 +02:00
Oswald Buddenhagen
2e07e68630 call fdatasync() after updating .uidvalidity files
they must be flushed before the file system meta data, as otherwise we
may end up with duplicate UIDs after a system crash.
2012-09-09 12:18:14 +02:00
Ben Kibbey
47fe4b7998 Fix certificate verification.
The connection state wasn't getting updated.
2012-09-08 14:26:22 +02:00
Oswald Buddenhagen
0a8f19294c pre-release doc updates 2012-09-01 21:15:53 +02:00
Oswald Buddenhagen
6f2160f136 remove todo about case insensitive INBOX
this is *our* magic string, not IMAP's.
ok, admittedly, we *also* send it to IMAP, but that's just convenience.
actually making it case insensitive would improve interoperability with
thunderbird (which interprets INBOX even if qualified), but would break
existing setups (including mine).
2012-09-01 21:15:53 +02:00
Oswald Buddenhagen
f11504aa07 update copyrights
make the wrapper's help string also mention copyrights pertaining only
to the actual syncer, as this is the only string many people will ever
see.
2012-09-01 21:15:53 +02:00
Oswald Buddenhagen
d4c786823d replace FSF address with something more ... contemporary 2012-09-01 21:15:53 +02:00
Oswald Buddenhagen
4e849196b8 install the config examples to docdir 2012-09-01 21:15:53 +02:00
Oswald Buddenhagen
87cb946eda update debian packaging 2012-09-01 21:15:53 +02:00
Oswald Buddenhagen
c43fc90dcf fix rpm packaging 2012-09-01 21:15:53 +02:00
Oswald Buddenhagen
6d49c343fc use a hash table for message => sync record lookup
this removes the pathological O(<number of sync records> * <number of
new messages>) case at the cost of being a bit more cpu-intensive (but
O(<number of all messages>)) for old messages.
2012-09-01 21:15:53 +02:00
Oswald Buddenhagen
18225344c6 make use of UID EXPUNGE 2012-09-01 21:15:52 +02:00
Oswald Buddenhagen
dfd7516b9a introduce ability to flatten the hierarchy of Stores 2012-09-01 21:15:52 +02:00
Oswald Buddenhagen
2585dd3324 add support for hierarchical mailboxes 2012-09-01 21:15:18 +02:00
Oswald Buddenhagen
4f94197e41 calculate trash box path already in maildir_open_store()
this gives us some cleaner code paths later on, as we can treat the
trash box like a regular mailbox.
2012-09-01 21:15:08 +02:00
Oswald Buddenhagen
8121224744 ensure that mailbox creation in maildir_store() is limited to trashing
other mailboxes would have been maildir_select()ed already.
2012-09-01 21:15:08 +02:00
Oswald Buddenhagen
a3f66f8f1d refactor: imap_select2_p2 => imap_refcounted_done_box
soon, we'll use it for something different, too
2012-09-01 21:15:08 +02:00
Oswald Buddenhagen
343f16771a don't crash when select() on master fails synchronously
svars->drv[S] would not be initialized yet, so cancel_sync() would
crash.
2012-09-01 21:15:08 +02:00
Oswald Buddenhagen
28cccf4b35 fix error handling of invalid SyncState *
when we find that the store is incompatible with in-store sync state,
we want to fail the whole channel. however, we must not claim that the
store died, otherwise it won't be disposed of properly.
2012-09-01 21:15:08 +02:00
Oswald Buddenhagen
1bc9c6d9cf reject qualified mailboxes with the magic name INBOX
otherwise we couldn't tell them apart from the real INBOX after
stripping away the Path.
2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
40f2812a41 suppress bdb complaints about unknown file format
pass DB_TRUNCATE when creating databases. otherwise bdb will complain
about the empty file we pass it (we have to create it upfront to
implement our locking).
2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
9bbb02b8fd Revert "fix UIDNEXT handling"
in fact, UIDNEXT (and UIDVALIDITY) null is *not* allowed (see RFC3501
section 9). them popping up nonetheless was a dovecot bug (which would
also confuse dovecot itself).
having it in as a workaround was no good either, as quite some other
code in mbsync assumes that UIDs are not null.

This reverts commit e1fa867 and most of 39006d7.

-REFMAIL: 4CA62BA1.4020104@lemma.co.uk
2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
233f563569 deal with concurrent maildir modifications during listing
files may be renamed (due to new -> cur transition or flag changes),
which may lead to two effects if ignored:
- we see both the old and the new name, so we report a spurious
  duplicate UID
- we see neither name, so we report a spurious deletion

as countermeasure, record and compare directory modification times. upon
mismatch, we just start over - as usual.
2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
3386285205 make maildir uidvalidity change fatal
it's best to give the user a chance to fix it rather than completely
messing up the syncstate by re-enumerating the UIDs.
2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
a3bd10c04d cleanup maildir error paths
don't try to unlock and close databases and files - this will happen a
moment later anyway, through cancelation or re-selection.
ironically, this plugs a memory leak, because an open main database is
used as a signal to close a temporary db in maildir_scan().
2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
04ca97920d fix potential double free
the store may be discarded before we reach maildir_select() again, which
will leave us with a dangling pointer.
2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
e71ad53b7f plug memory leak in maildir_store_msg() upon failure to acquire UID 2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
9c86ec3442 employ alternative scheme to finding messages by TUID
instead of SEARCHing every single message (which is slow and happens to
be unreliabe with M$ Exchange 2010), just FETCH the new messages from
the mailbox - the ones we just appended will be amongst them.
2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
b4cef554fc clearer debug msg 2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
06b303da88 use ATTR_PRINTFALIKE 2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
7c815538ab fix line wrapping before info messages
unless an info message is explictly marked as a continuation, it must
terminate any pending line (typically the progress information) first.

debug output is not affected, as it is mutually exclusive with info
output, and no debug lines are left unterminated outside clear scopes.
2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
2aae866e80 remove Ontty flag
i can't figure out why i added it in the first place. it doesn't seem to
make any sense ...
2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
6b3b6f12bb centralize flushing of unfinished debug lines 2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
d2bed4990d unify error reporting
- introduce sys_error() and use it instead of perror() and
  error(strerror()) in all expected error conditions
- perror() is used only for "something's really wrong with the system"
  kind of errors
- file names, etc. are quoted if they are not validated yet, so e.g. an
  empty string becomes immediately obvious
- improve and unify language
- add missing newlines
2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
dee9f51096 don't complain about disappearing temp files
some other process might be cleaning up concurrently ...
2012-09-01 21:15:07 +02:00
Oswald Buddenhagen
ae85e455d3 enlarge receive buffer considerably
the tiny buffer makes no sense in the face of huge payloads and now
additionally masses of replies from pipelined commands.
2012-09-01 21:15:06 +02:00