From 6b87c9de3ab319846baa303544084a76254d55f5 Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Mon, 30 May 2022 15:31:53 -0600 Subject: * All unix (non mac) versions of Alpine will have a default password file which will be created by default when Alpine is compiled with encryption. The default name will be .alpine.pwd, but it can be overriden with the --with-passfile option or by a default set by a linux distribution. --- alpine/imap.c | 23 ++++++++-- configure | 144 ++++++++++++++++++++++++++++++++-------------------------- configure.ac | 101 ++++++++++++++++++++++------------------ pith/filter.c | 11 +++++ pith/pine.hlp | 18 +++++++- 5 files changed, 184 insertions(+), 113 deletions(-) diff --git a/alpine/imap.c b/alpine/imap.c index 460908ba..34905c79 100644 --- a/alpine/imap.c +++ b/alpine/imap.c @@ -3591,7 +3591,7 @@ read_passfile(pinerc, l) #else /* PASSFILE */ char tmp[MAILTMPLEN], *ui[5]; - int i, j, n, rv = 0; + int i, j, n, rv = 0, error = 0; size_t len = 0; char *tmptext = NULL; struct stat sbuf; @@ -3607,11 +3607,28 @@ read_passfile(pinerc, l) dprint((9, "read_passfile\n")); - /* if there's no password to read, bag it!! */ + /* if there's no password to read, create it if we can encrypt it, + * or else let the user create it and bail out of here. + */ + tmp[0] = '\0'; if(!passfile_name(pinerc, tmp, sizeof(tmp)) || !(fp = our_fopen(tmp, "rb"))){ +#ifdef SMIME + i = our_creat(tmp, 0600); + if(i >= 0){ + close(i); + if(!(fp = our_fopen(tmp, "rb"))) + error++; + } + else error++; +#else + error++; +#endif + }; + + if(error){ using_passfile = 0; return(using_passfile); - }; + } #ifndef SMIME if(our_stat(tmp, &sbuf) == 0) diff --git a/configure b/configure index 1c23860a..8bb67f46 100755 --- a/configure +++ b/configure @@ -905,9 +905,6 @@ with_smime_public_cert_directory with_smime_private_key_directory with_smime_cacert_directory with_default_printer -with_passfile -with_local_password_cache -with_local_password_cache_method with_default_sshpath with_default_sshcmd with_ssl @@ -936,6 +933,9 @@ with_pthread with_system_mail_directory with_c_client_target with_bundled_tools +with_passfile +with_local_password_cache +with_local_password_cache_method with_ipv6 with_dlopen with_ntlm @@ -1742,14 +1742,6 @@ Optional Packages: Default Cert Authority Directory (.alpine-smime/ca) --with-default-printer=VALUE Default printer (ANSI_PRINTER) - --with-passfile=FILENAME - Password cache file (recommended when S/MIME is - enabled and configured) - --without-local-password-cache - Disable OS-specific password cache, if supported - --with-local-password-cache-method - OS-specific credential cache (OSX=APPLEKEYCHAIN, - Windows=WINCRED) --with-default-sshpath=FILENAME set default value of ssh command path (defining should cause ssh to be preferred to rsh) @@ -1792,6 +1784,14 @@ Optional Packages: IMAP build target (see imap/Makefile) --with-bundled-tools Build additional tools (mtest, imapd, etc.) Default: --with-bundled-tools=no + --with-passfile=FILENAME + Password cache file (recommended when S/MIME is + enabled and configured) + --without-local-password-cache + Disable OS-specific password cache, if supported + --with-local-password-cache-method + OS-specific credential cache (OSX=APPLEKEYCHAIN, + Windows=WINCRED) --without-ipv6 Disable IPv6, primarily to work around resolver problems --without-dlopen Do not test for dlopen because this system does not @@ -18174,59 +18174,6 @@ _ACEOF -# Check whether --with-passfile was given. -if test "${with_passfile+set}" = set; then : - withval=$with_passfile; - case "$withval" in - no) - ;; - yes) - ;; - *) - alpine_PASSFILE=$withval - ;; - esac - -fi - - - - -# Check whether --with-local-password-cache was given. -if test "${with_local_password_cache+set}" = set; then : - withval=$with_local_password_cache; - alpine_os_credential_cache=$withval - -fi - - - -# Check whether --with-local-password-cache-method was given. -if test "${with_local_password_cache_method+set}" = set; then : - withval=$with_local_password_cache_method; - alpine_os_credential_cache_method=$withval - -fi - - -if test -n "$alpine_PASSFILE" ; then - case $alpine_os_credential_cache in - no) - ;; - *) - alpine_os_credential_cache="no" - { $as_echo "$as_me:${as_lineno-$LINENO}: --with-passfile definition overrides OS-Specific password caching" >&5 -$as_echo "$as_me: --with-passfile definition overrides OS-Specific password caching" >&6;} - ;; - esac - -cat >>confdefs.h <<_ACEOF -#define PASSFILE "$alpine_PASSFILE" -_ACEOF - -fi - - # Check whether --with-default-sshpath was given. if test "${with_default_sshpath+set}" = set; then : withval=$with_default_sshpath; @@ -18814,6 +18761,7 @@ case "$host" in if test -f /etc/fedora-release ; then systype="LFD" alpine_PAM="yes" + alpine_SYSTEM_PASSFILE=".alpine.passfile" if test -d /etc/pki/tls ; then alpine_c_client_target="lfd" else @@ -18826,6 +18774,7 @@ case "$host" in elif test -f /etc/redhat-release -o -f /etc/redhat_version ; then systype="LRH" alpine_PAM="yes" + alpine_SYSTEM_PASSFILE=".alpine.passfile" if test -d /etc/pki/tls ; then alpine_c_client_target="lr5" else @@ -18839,11 +18788,13 @@ case "$host" in systype="DEB" alpine_c_client_target="ldb" alpine_PAM="yes" + alpine_SYSTEM_PASSFILE=".pine-passfile" fi - elif test -f /etc/SuSE-release; then + elif test -f /etc/SuSE-release -o -f /etc/SUSE-brand ; then systype="LSU" alpine_c_client_target="lsu" alpine_PAM="yes" + alpine_SYSTEM_PASSFILE=".pinepw" else systype="LNX" if test -z "$alpine_c_client_bundled" ; then @@ -19128,6 +19079,69 @@ $as_echo "#define _WINDOWS 1" >>confdefs.h esac +# Check whether --with-passfile was given. +if test "${with_passfile+set}" = set; then : + withval=$with_passfile; + case "$withval" in + no) + ;; + yes) + ;; + *) + alpine_PASSFILE=$withval + ;; + esac + +fi + + + + +# Check whether --with-local-password-cache was given. +if test "${with_local_password_cache+set}" = set; then : + withval=$with_local_password_cache; + alpine_os_credential_cache=$withval + +fi + + + +# Check whether --with-local-password-cache-method was given. +if test "${with_local_password_cache_method+set}" = set; then : + withval=$with_local_password_cache_method; + alpine_os_credential_cache_method=$withval + +fi + + +if test -z "$alpine_PASSFILE" ; then + if test -z "$alpine_SYSTEM_PASSFILE" ; then + alpine_PASSFILE=".alpine.pwd" + else + alpine_PASSFILE="$alpine_SYSTEM_PASSFILE" + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: * * * Setting up $alpine_PASSFILE as default password file" >&5 +$as_echo "$as_me: * * * Setting up $alpine_PASSFILE as default password file" >&6;} +fi + +if test -n "$alpine_PASSFILE" ; then + case $alpine_os_credential_cache in + no) + ;; + *) + alpine_os_credential_cache="no" + { $as_echo "$as_me:${as_lineno-$LINENO}: --with-passfile definition overrides OS-Specific password caching" >&5 +$as_echo "$as_me: --with-passfile definition overrides OS-Specific password caching" >&6;} + ;; + esac + +cat >>confdefs.h <<_ACEOF +#define PASSFILE "$alpine_PASSFILE" +_ACEOF + +fi + + # Check whether --with-ipv6 was given. if test "${with_ipv6+set}" = set; then : withval=$with_ipv6; with_ipv6=$withval diff --git a/configure.ac b/configure.ac index eecde374..585057a8 100644 --- a/configure.ac +++ b/configure.ac @@ -631,48 +631,6 @@ AC_DEFINE_UNQUOTED([DF_CA_CONTAINER], "CAContainer", [Name of default certificat AC_DEFINE_UNQUOTED([DEFAULT_SSLUSERCAPATH], ".alpine-certs", [Default directory for user trusted certificates]) AC_DEFINE_UNQUOTED([DEFAULT_SSLUSERCAFILE], ".alpine-certs/certs.pem", [Name of default container for user trusted certificates]) -dnl set PASSFILE? -AC_ARG_WITH(passfile, - AS_HELP_STRING([--with-passfile=FILENAME],[Password cache file (recommended when S/MIME is enabled and configured)]), - [ - case "$withval" in - no) - ;; - yes) - ;; - *) - alpine_PASSFILE=$withval - ;; - esac - ]) - - -dnl os-specific credential cache? -AC_ARG_WITH(local-password-cache, - AS_HELP_STRING([--without-local-password-cache],[Disable OS-specific password cache, if supported]), - [ - alpine_os_credential_cache=$withval - ]) - -dnl Particular os-specific credential cache? -AC_ARG_WITH(local-password-cache-method, - AS_HELP_STRING([--with-local-password-cache-method],[OS-specific credential cache (OSX=APPLEKEYCHAIN, Windows=WINCRED)]), - [ - alpine_os_credential_cache_method=$withval - ]) - -if test -n "$alpine_PASSFILE" ; then - case $alpine_os_credential_cache in - no) - ;; - *) - alpine_os_credential_cache="no" - AC_MSG_NOTICE([--with-passfile definition overrides OS-Specific password caching]) - ;; - esac - AC_DEFINE_UNQUOTED([PASSFILE], "$alpine_PASSFILE", [Password cache file (recommended if S/MIME is enabled and configured)]) -fi - dnl set DF_SSHPATH? AC_ARG_WITH(default-sshpath, AS_HELP_STRING([--with-default-sshpath=FILENAME],[set default value of ssh command path (defining should cause ssh to be preferred to rsh)]), @@ -1174,6 +1132,7 @@ case "$host" in if test -f /etc/fedora-release ; then systype="LFD" alpine_PAM="yes" + alpine_SYSTEM_PASSFILE=".alpine.passfile" if test -d /etc/pki/tls ; then alpine_c_client_target="lfd" else @@ -1186,7 +1145,8 @@ case "$host" in elif test -f /etc/redhat-release -o -f /etc/redhat_version ; then systype="LRH" alpine_PAM="yes" - if test -d /etc/pki/tls ; then + alpine_SYSTEM_PASSFILE=".alpine.passfile" + if test -d /etc/pki/tls ; then alpine_c_client_target="lr5" else alpine_c_client_target="lrh" @@ -1199,11 +1159,13 @@ case "$host" in systype="DEB" alpine_c_client_target="ldb" alpine_PAM="yes" + alpine_SYSTEM_PASSFILE=".pine-passfile" fi - elif test -f /etc/SuSE-release; then + elif test -f /etc/SuSE-release -o -f /etc/SUSE-brand ; then systype="LSU" alpine_c_client_target="lsu" alpine_PAM="yes" + alpine_SYSTEM_PASSFILE=".pinepw" else systype="LNX" if test -z "$alpine_c_client_bundled" ; then @@ -1396,6 +1358,57 @@ case "$host" in ;; esac +dnl set PASSFILE? +AC_ARG_WITH(passfile, + AS_HELP_STRING([--with-passfile=FILENAME],[Password cache file (recommended when S/MIME is enabled and configured)]), + [ + case "$withval" in + no) + ;; + yes) + ;; + *) + alpine_PASSFILE=$withval + ;; + esac + ]) + + +dnl os-specific credential cache? +AC_ARG_WITH(local-password-cache, + AS_HELP_STRING([--without-local-password-cache],[Disable OS-specific password cache, if supported]), + [ + alpine_os_credential_cache=$withval + ]) + +dnl Particular os-specific credential cache? +AC_ARG_WITH(local-password-cache-method, + AS_HELP_STRING([--with-local-password-cache-method],[OS-specific credential cache (OSX=APPLEKEYCHAIN, Windows=WINCRED)]), + [ + alpine_os_credential_cache_method=$withval + ]) + +if test -z "$alpine_PASSFILE" ; then + if test -z "$alpine_SYSTEM_PASSFILE" ; then + alpine_PASSFILE=".alpine.pwd" + else + alpine_PASSFILE="$alpine_SYSTEM_PASSFILE" + fi + AC_MSG_NOTICE([* * * Setting up $alpine_PASSFILE as default password file]) +fi + +if test -n "$alpine_PASSFILE" ; then + case $alpine_os_credential_cache in + no) + ;; + *) + alpine_os_credential_cache="no" + AC_MSG_NOTICE([--with-passfile definition overrides OS-Specific password caching]) + ;; + esac + AC_DEFINE_UNQUOTED([PASSFILE], "$alpine_PASSFILE", [Password cache file (recommended if S/MIME is enabled and configured)]) +fi + dnl Without IPv6? AC_ARG_WITH(ipv6, AS_HELP_STRING([--without-ipv6],[Disable IPv6, primarily to work around resolver problems]), diff --git a/pith/filter.c b/pith/filter.c index 8900b51d..32dfc494 100644 --- a/pith/filter.c +++ b/pith/filter.c @@ -7635,6 +7635,12 @@ html_element_comment(FILTER_S *f, char *s) #ifdef _WINDOWS else if(!strucmp(s, "os_windows")) HD(f)->bitbucket = 0; +#elif OSX_TARGET + else if(!strucmp(s, "os_osx") || !strucmp(s, "os_unix_and_osx")) + HD(f)->bitbucket = 0; +#else + else if(!strucmp(s, "os_unix") || !strucmp(s, "os_unix_and_osx")) + HD(f)->bitbucket = 0; #endif } @@ -7717,6 +7723,11 @@ html_element_comment(FILTER_S *f, char *s) else if(!strcmp(s, "C_CLIENT_VERSION")){ p = CCLIENTVERSION; } +#ifdef PASSFILE + else if(!strcmp(s, "PASSWORD_FILE")){ + p = PASSFILE; + } +#endif else if(!strcmp(s, "ALPINE_COMPILE_DATE")){ p = datestamp; } diff --git a/pith/pine.hlp b/pith/pine.hlp index 5460eca7..f9240e53 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -71,6 +71,12 @@ screen's text: WARNING ABOUT CHTML "if-else-endif" CLAUSES: They don't nest. +1d) Other operating systems added to 1c) above are + + os_unix_and_osx means all unices, incluing mac + os_unix means all unices except mac + os_osx means only mac + 2a) Several "server side include" commented elements are supported: @@ -97,6 +103,7 @@ Where "variable" is one of either: _BUGS_ADDRESS_ CURRENT_DIR HOME_DIR + PASSWORD_FILE PINE_CONF_PATH PINE_CONF_FIXED_PATH PINE_INFO_PATH @@ -140,7 +147,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 646 2022-05-29 14:01:33 +Alpine Commit 647 2022-05-30 15:31:49 ============= h_news ================= @@ -189,6 +196,15 @@ new additions to Alpine, please check it periodically.

New features include: