| Commit message (Collapse) | Author | Age |
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
|
|
| |
Robbie Harwood says that "gssapi" is more accurate.
I regularly get perplexed by the layers of SASL, GSSAPI, and Kerberos,
so i'm happy to have this alias Just Work in any case.
Suggested-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
|
|
| |
Verified with the author.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After discussion with Sean Whitton and Robbie Harwood, I think makes
more sense to have a straight "retriever.authentication" configuration
setting rather than a rather odd boolean "use_kerberos".
This is a divergence from getmail, but that seems OK at this point.
The implementation now also makes it pretty straightforward to add new
authentication mechanisms if someone wants to add them.
One additional thing that would be nice would be for imap-dl to be
able to dynamically choose the "best" available authentication method.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthorseman.net>
|
|
|
|
|
|
|
|
|
|
|
| |
This is based off offlineimap's code rather than getmail's. getmail
relied on pykerberos, which is considered deprecated in
Fedora/RHEL/CentOS; offlineimap relied on python-gssapi, which is
considered its replacement there. python3-gssapi doesn't yet have type
annotations, but this is planned to change in the future.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Acked-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Acked-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In my case, this allows supporting servers which have unacceptably (for
systemwide OpenSSL) small DH sizes by requesting non-DH ciphers.
Specifically, hardcoding AES256-GCM-SHA384 prevents this traceback:
Traceback (most recent call last):
File "/usr/bin/imap-dl", line 273, in <module>
scan_msgs(confname, args.verbose)
File "/usr/bin/imap-dl", line 133, in scan_msgs
ssl_context=ctx) as imap:
File "/usr/lib/python3.7/imaplib.py", line 1288, in __init__
IMAP4.__init__(self, host, port)
File "/usr/lib/python3.7/imaplib.py", line 198, in __init__
self.open(host, port)
File "/usr/lib/python3.7/imaplib.py", line 1301, in open
IMAP4.open(self, host, port)
File "/usr/lib/python3.7/imaplib.py", line 299, in open
self.sock = self._create_socket()
File "/usr/lib/python3.7/imaplib.py", line 1293, in _create_socket
server_hostname=self.host)
File "/usr/lib/python3.7/ssl.py", line 423, in wrap_socket
session=session
File "/usr/lib/python3.7/ssl.py", line 870, in _create
self.do_handshake()
File "/usr/lib/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1076)
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Acked-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
|
| |
The fact that imap-dl came out of getmail and borrows a bit of
configuration shouldn't be relevant for new users.
Make the documentation more agnostic about where they're coming from.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
|
|
| |
Also some refactoring for readability.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
getmail upstream appears to have no plans to convert to python3 in the
near future.
Some of us use only a minimal subset of features of getmail, and it
would be nice to have something simpler, with the main complexity
offloaded to the modern python3 stdlib.
This patch represents a squashed series of changes from both Jameson
Graef Rollins and Daniel Kahn Gillmor (dkg), though dkg is primarily
responsible for any remaining bugs.
Thanks to Sean Whitton for useful and significant feedback.
Signed-off-by: Jameson Graef Rollins <jrollins@finestructure.net>
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
| |
There is no clear reason why gpgsm should try to invoke dirmngr (see
https://dev.gnupg.org/T4765), but for now we can explicitly avoid the
checks.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
| |
Needed for the gpgsm usage in the test suite, it would seem.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
| |
Thanks, Lintian.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PKCS#7 offers a signed-only mode which is distinct from
multipart/signed. This mode is more robust to breakage by
transforming MTAs, but it is also unreadable *unless* the receiver
knows how to cope with S/MIME.
See https://tools.ietf.org/html/rfc8551#section-3.5 for more details
about the different formats.
email-print-mime-structure should now be able to handle these messages
and display the structure of their content as well.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
|
|
|
| |
I plan to use the same harness to try to transform other leaf subparts
that might be extractable into a MIME subtree, not just decryption.
So give it a more generic name.
No functional change.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
|
|
| |
If the user supplies a secret key like the ones found in
https://www.ietf.org/id/draft-dkg-lamps-samples-01.html, then
email-print-mime-structure will try to use that for decryption of
CMS-encrypted (S/MIME) message parts.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
|
|
| |
Decrypt ciphertext using gpgsm if the user has indicated that it's ok.
This includes a new element in the test suite, which uses secret key
material from https://www.ietf.org/id/draft-dkg-lamps-samples-01.html
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
| |
No functional change.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
| |
No functional change.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
| |
Fully decode the encrypted part before passing it to any decryption
mechanism.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
| |
See dh_elpa_test(1).
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
| |
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
|
|
|
| |
The secret key material in this test comes from
https://datatracker.ietf.org/doc/draft-bre-openpgp-samples/
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
|
|
|
| |
I want to ensure that any changes don't ultimately break the behavior
of email-print-mime-structure.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
|
| |
As we prepare for S/MIME decryption, we want to identify pgp
decryption as just one type of decryption. There is no functional
change here.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
| |
This allows the user to avoid being affected by any future change in
the default.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Turns out that type=bool doesn't really do what we want it to do (see
https://bugs.python.org/issue37564), and there is no built-in easy
answer for argparse to accept a boolean value sensibly
(e.g. type='bool', which might be able to handle "yes" and "no" and
"1" and "0" and "on" and "off" as well as "true" and "false", etc)
So rather than implement all of that here, we'll just have
--use-gpg-agent as a simple flag. This is an API change, but the
previous API has only been out for a few days, and the tool is
documented for interactive use.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|