`presynchook` and `postsynchook` for IDLE-triggered syncs were broken by
da69fd8. This fixes them.
Signed-off-by: Reto Schnyder <reto.a.schnyder@bluewin.ch>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
Inside __authn_gssapi function, the else clause is never executed
because the return statement in the try section, which means if there is
an error and a reconnect is tried, the authentication will now fail with
due the stale self.gss_vc value. For example, offlineimap will be
stuck after any socket error and unable to reconnect, even if I have a
valid kerberos ticket:
========================================================================
abort: command: FETCH => socket error: <type 'exceptions.IOError'> - Too many read 0
command: FETCH => socket error: <type 'exceptions.IOError'> - Too many read 0
GSSAPI authentication failed: AUTHENTICATE command error: BAD ['AUTHENTICATE aborted']. Data: BLMC2 AUTHENTICATE GSSAPI
Enter password for user 'XXX':
========================================================================
You can verify this try..finally behaviour with this slightly modified
example that I copied from python documentation:
>>> def divide(x, y):
... try:
... result = x / y
... return 1
... except ZeroDivisionError:
... print("division by zero!")
... else:
... print("result is", result)
... finally:
... print("executing finally clause")
...
>>> divide(2, 1)
executing finally clause
1
>>>
The else section is never executed with a return inside try.
To fix the issue here, instead of relying on else clause, just clear
gss_vc always inside finally, and we don't need to handle any exception
to set self.gssapi, it can be left False by default and just set to True
after authentication is done.
I'm running with this fix and now offlineimap doesn't stop requiring manual
intervention, and succesfully re-authenticate after errors while fetching
data.
Signed-off-by: Herton R. Krzesinski <herton@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This fixes a potential traceback when we try to unwrap(None).
Tested-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
Use `expires_in` from the oauth2 response
to reset the oauth2_access_token before
it expires
divides the `expires_in` by 2 to ensure
the access_token is cleared before it
expires
ref: https://github.com/OfflineIMAP/offlineimap/issues/536
Signed-off-by: Frode Aannevik <frode.aa@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
If the tls_level is set to a cipherset other than tls_compat, the
ssl cipherset has to get specified extra, if ssl is used.
But if the user explicitly disabled SSL, and set tls_level to anything
else than tls_compat required the user to explicitly set ssl_version,
which is contradicting.
Signed-off-by: Benedikt Heine <bebe@bebehei.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
If the username value is not provided on the configuration file, then
username if of NoneType and NULL.join will bomb since Nones can't be
joined with strings. So check if username is empty and raise an
exception if so.
Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/558
Signed-off-by: David Miguel Susano Pinto <carandraug+dev@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
When asking for a password interactively, the username is never
displayed which may hide problems (typos on the configuration, or
issues on offlineimap parsing of the config file). The hostname,
port, and account name are already displayed when establishing the
connection. When asking for password, the account name is displayed
again. Change it to display the username.
Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/558
Signed-off-by: David Miguel Susano Pinto <carandraug+dev@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
Fix bug in GSSAPI auth where the username was not being negotiated.
Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/541
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Tested-by: Frank Lenormand <lenormf@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
python-gssapi has a visible, active upstream and a more pleasant
interface. python-gssapi is present in most distributions, while
pykerberos is slated for removal from Fedora/RHEL/CentOS.
Github-ref: https://github.com/OfflineIMAP/offlineimap/pull/529
Tested-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
It's required to modify my change 1ce596d713
because a hostname shouldn't be needed if any tunnel is used. Both tunnels
provide a regular IMAP interface which is used by offlineimap.
Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/503
Reported-by: Ilias Tsitsimpis <i.tsitsimpis@gmail.com>
Signed-off-by: Thomas Merkel <tm@core.io>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
If utf8foldernames is enabled on account level all folder names read
from the IMAP server will immediately be reencoded to UTF-8. Names
will be treated as UTF-8 as long as the IMAP server isn't contacted again,
for which they are reencoded to IMAP4-UTF-7.
This means that any further processing such as nametrans, folderfilter
etc. will act upon the UTF-8 names, which will have to be documented
carefully.
NOTE 1:
GMail repositories and folders inherit from the IMAP... classes, so I don't
know yet if these changes have ugly side-effects. But web research suggests
that GMail IMAP folders are equally encoded in UTF-7 so that should work
identically here and incorporate the same improvements.
NOTE 2:
I could not test the behaviour with idlefolders as I didn't get this option
to work at all, not even with the latest stable version.
NOTE 3:
I *did* test to sync an IMAP repository against another IMAP repository.
Signed-off-by: Urs Liska <git@ursliska.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
If the config option `transporttunnel` is used the option `remotehost` is not
needed, because the tunnel provide the IMAP connection.
Signed-off-by: Thomas Merkel <tm@core.io>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
Checking if we have to run this authentication method once it's already passed
to imaplib2 is too late. Make the checks at correct time, before we try the
authentication method. IOW, before we call
imapobj.authenticate('XOAUTH2', self.__xoauth2handler)
Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/442
Tested-by: Klemens Schölhorn <klemens@schoelhorn.eu>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
Allow to use a another proxy for authentication than for IMAP.
Signed-off-by: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
It is more readable and returns a list.
This continues work done in 19c4330.
Signed-off-by: Łukasz Żarnowiecki <dolohow@outlook.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
Otherwise, it might be impossible to know which account is connecting when more
than one is syncing.
Code style.
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
They introduce a regression not allowing to discard the XOAUTH2 method when
expected.
The default lambda did not take the "account_name" argument.
Github-fix: https://github.com/OfflineIMAP/offlineimap/issues/362
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
- Learn to support UTF-8 characters where it was not supported for usernames and
passwords (but for netrc).
- Fix the types in the code for both py2 and py3: we now expect unicode for
usernames and passwords.
Unicode (UTF-8) is required only for variables with non-ASCII characters.
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
There is no other way to make Python2 and Python3 happy, because syntax
raise E, V, T is incompatible with the latter.
Signed-off-by: Łukasz Żarnowiecki <dolohow@outlook.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
It is more readable and returns a list therefore it is compatible both
with Python 2 and 3.
Signed-off-by: Łukasz Żarnowiecki <dolohow@outlook.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
Some environments that return AAAA records for their IMAP servers can pose
problems for clients that do not have end-to-end IPv6 connectivity for a number
of reasons (e.g. policy, lack of full routing, security, etc..)
Even with a fallback mechanism in place, you can still arrive at IMAP
implementations that could prevent authentication from unknown IPv6 space. This
in itself is not enough to fallback to IPv4 since there is an actual connection
on that socket.
This change is for introducing a user-defined value:
[Repository imap-remote]
ipv6 = no
to create a preference per repository on which AF to connect to the remote
server on
ipv6 = yes (AF_INET6)
ipv6 = no (AF_INET)
unspecified = default
Signed-off-by: Ebben Aries <e@dscp.org>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
Allow the user to block usage of known-bad versions of SSL and TLS.
Signed-off-by: Ben Boeckel <mathstuf@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
Read proxy option in imapserver, instantiate a class in imaplibutil
using a self-defined keyword and a socket instance, and use this socket
instance to substitute the default socket instance used in imaplib2.
Signed-off-by: 夏恺(Xia Kai) <xiaket@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
Rodolfo García Peñas (kix)
Reto Schnyder
Herton R. Krzesinski
Robbie Harwood
Frode Aannevik
Benedikt Heine
Carnë Draug
Nicolas Sebrecht
Thomas Merkel
Urs Liska
lkcl
Łukasz Żarnowiecki
Ebben Aries
Ray Song
ojab
Valentin Lab
Ben Boeckel
Christopher Corley
夏恺(Xia Kai)