don't ask for untrusted certificates if askauth is 0

NEWS

@@ -18,6 +18,9 @@ with pam_mount. I am not sure wether this is really usefull because
 I think that for typical use cases of pam_mount davfs2 is not
 well suited. Please report your experience with this option.
 
+If option askauth ist set to 0 davfs2 will no longer ask the user
+if a servercert is not trusted but silently not accept the certificate.
+
 
 What is new in davfs2 1.4.1
 ===========================

TODO

@@ -24,9 +24,5 @@ davfs2 TODO 2009-10-18
 
 - restructure file name extraction and href construction
 
-- add option to not ask any questions at all
-
-- how to deal with Microsft ASP backends? Translate: F
-
 - revisit precedence rules for options (e.g. username)
 

man/davfs2.conf.5

@@ -202,7 +202,7 @@ secrets file is allways \fI@SYS_CONF_DIR@/@SECRETSFILE@\fP.
 .TP
 .B ask_auth
 Ask the user interactively for credentials and passwords if not found in the
-secretsfile. 0 = no, 1 = yes.
+secretsfile. Ask the user if a servercert cannot be verified. 0 = no, 1 = yes.
 .br
 Default: 1
 
@@ -364,7 +364,8 @@ Default: 15
 .B add_header
 Your server might expect special headers to do what you want. Different from
 other options, this one takes two values: the name of the header and its value.
-Example:
+Some ASP-backends to IIS seem to require the Microsoft specific header
+"Translate: F". You can add it like this: 
 .br
 add_header Translate F
 .br

man/mount.davfs.8

@@ -188,9 +188,10 @@ Default: ID of the mounting user.
 .B username=\fIWebDAV_user\fP
 Use this name to authenticate with the WebDAV server. This option
 is intended for use with pam_mount only. When this option is set the
-credentials in the secrets files will be ignored. Do not use it in
-\fIfstab\fP. The username will be visible for everyone in the output of
-\fIps\fP.
+credentials in the secrets files will be ignored. The password will
+always be read from stdin, even when option \fIaskauth\fP is set to 0.
+Do not use it in \fIfstab\fP. The username will be visible for everyone
+in the output of \fIps\fP.
 .br
 Default: no username.
 .br

src/mount_davfs.c

@@ -354,6 +354,7 @@ main(int argc, char *argv[])
                    _("failed to release tty properly"));
             kill(getppid(), SIGHUP);
         }
+        dav_set_no_terminal();
     }
 
     if (!ret) {
@@ -1152,10 +1153,12 @@ parse_secrets(dav_args *args)
     if (args->cl_username) {
         if (args->username)
             free(args->username);
-        if (args->password)
-            free(args->password);
         args->username = args->cl_username;
         args->cl_username = NULL;
+        if (args->password)
+            free(args->password);
+        args->password = NULL;
+        args->p_passwd = user_input(_("Password: "));
     }
 
     if (args->askauth && args->useproxy && !args->p_user) {

src/webdav.c

@@ -193,7 +193,7 @@ static int initialized;
 /* Whether a terminal is available to communicate with the user.
    Should be reset with set_no_terminal() when forking into daemon mode.
    Needed by  ssl_verify() which may be called at any time. */
-static int have_terminal = 1;
+static int have_terminal;
 
 /* Handle to convert character encoding from utf-8 to LC_CTYPE.
    If NULL no conversion is done. */
@@ -439,6 +439,8 @@ dav_init_webdav(const dav_args *args)
         }
     }
 
+    have_terminal = args->askauth;
+
     if (args->locks) {
         locks = ne_lockstore_create();
         if (!args->lock_owner) {