From: Jochen Hein <jochen@jochen.org>
To: Andreas Schwab <schwab@linux-m68k.org>
Cc: ding@gnus.org, Lars Ingebrigtsen <larsi@gnus.org>,
Florian Weimer <fw@deneb.enyo.de>
Subject: Re: gssapi authentication for nnimap
Date: Tue, 09 Feb 2016 21:05:45 +0100 [thread overview]
Message-ID: <83wpqd4pk6.fsf@echidna.jochen.org> (raw)
In-Reply-To: <83zivammhs.fsf@echidna.jochen.org> (Jochen Hein's message of "Tue, 09 Feb 2016 07:22:23 +0100")
Jochen Hein <jochen@jochen.org> writes:
I've got a few steps further - I seem to be able to authenticate with
GSSAPI. Here's what I've done right now:
First the log from *Messages*:
Opening nnimap server on jochen@jochen.org...
jk:Opening connection to imap.jochen.org via GSSAPI...
Opening GSSAPI connection with `gsasl %s %p --mechanism GSSAPI --authentication-id %l'...
GSSAPI connection: Client authentication finished (server trusted)...
YYY ...
ZZZ ...
Unable to open server nnimap+jochen@jochen.org due to: Wrong type argument: stringp, nil
Opening nnimap server on jochen@jochen.org...failed:
Right now I have the following diff to nnimap.el. The second hunk
hardcodes the imap port number - I didn't get that to work otherwise.
In the third hunk I call open-gssapi-stream directly -
open-protocol-stream doesn't handle the nnimap-user. Should that be
added to open-protocol-stream?
diff --git a/lisp/nnimap.el b/lisp/nnimap.el
index 05251ed..d11f4d0 100644
--- a/lisp/nnimap.el
+++ b/lisp/nnimap.el
@@ -65,7 +65,7 @@ it will default to `imap'.")
(defvoo nnimap-stream 'undecided
"How nnimap talks to the IMAP server.
The value should be either `undecided', `ssl' or `tls',
-`network', `starttls', `plain', or `shell'.
+`network', `starttls', `plain', `gssapi' or `shell'.
If the value is `undecided', nnimap tries `ssl' first, then falls
back on `network'.")
@@ -408,6 +408,10 @@ textual parts.")
(nnheader-message 7 "Opening connection to %s via shell..."
nnimap-address)
'("imap"))
+ ((eq nnimap-stream 'gssapi)
+ (nnheader-message 7 "jk:Opening connection to %s via GSSAPI..."
+ nnimap-address)
+ '(143))
((memq nnimap-stream '(ssl tls))
(nnheader-message 7 "Opening connection to %s via tls..."
nnimap-address)
@@ -417,28 +421,33 @@ textual parts.")
login-result credentials)
(when nnimap-server-port
(push nnimap-server-port ports))
- (let* ((stream-list
- (open-protocol-stream
- "*nnimap*" (current-buffer) nnimap-address
- (nnimap-map-port (car ports))
- :type nnimap-stream
- :warn-unless-encrypted t
- :return-list t
- :shell-command nnimap-shell-program
- :capability-command "1 CAPABILITY\r\n"
- :always-query-capabilities t
- :end-of-command "\r\n"
- :success " OK "
- :starttls-function
- (lambda (capabilities)
- (when (gnus-string-match-p "STARTTLS" capabilities)
- "1 STARTTLS\r\n"))))
+ (let* ((stream-list
+ (if (eq nnimap-stream 'gssapi)
+ (list (open-gssapi-stream
+ "*nnimap*" (current-buffer) nnimap-address
+ (nnimap-map-port (car ports)) nnimap-user))
+ (open-protocol-stream
+ "*nnimap*" (current-buffer) nnimap-address
+ (nnimap-map-port (car ports))
+ :type nnimap-stream
+ :warn-unless-encrypted t
+ :return-list t
+ :shell-command nnimap-shell-program
+ :capability-command "1 CAPABILITY\r\n"
+ :always-query-capabilities t
+ :end-of-command "\r\n"
+ :success " OK "
+ :starttls-function
+ (lambda (capabilities)
+ (when (gnus-string-match-p "STARTTLS" capabilities)
+ "1 STARTTLS\r\n")))))
(stream (car stream-list))
(props (cdr stream-list))
(greeting (plist-get props :greeting))
(capabilities (plist-get props :capabilities))
(stream-type (plist-get props :type)))
(when (and stream (not (memq (process-status stream) '(open run))))
+ (nnheader-message 7 "XXX ...")
(setq stream nil))
(when (and (fboundp 'set-network-process-option) ;; Not in XEmacs.
@@ -450,12 +459,14 @@ textual parts.")
(setf (nnimap-process nnimap-object) stream)
(setf (nnimap-stream-type nnimap-object) stream-type)
+ (nnheader-message 7 "YYY ...")
(if (not stream)
(progn
(nnheader-report 'nnimap "Unable to contact %s:%s via %s"
nnimap-address (car ports) nnimap-stream)
'no-connect)
(gnus-set-process-query-on-exit-flag stream nil)
+ (nnheader-message 7 "ZZZ ...")
(if (not (gnus-string-match-p "[*.] \\(OK\\|PREAUTH\\)" greeting))
(nnheader-report 'nnimap "%s" greeting)
;; Store the greeting (for debugging purposes).
I've sprinkled some messages into the function, which trigger when
connecting as a non-GSSAPI user:
My gnus config for gnus-secondary select methods is:
(require 'gssapi) ; move into which gnus files?
; Mail mittels nnml und imap lesen
(setq gnus-secondary-select-methods
'((nnml "private")
(nnimap "jochen@jochen.org"
(nnimap-expunge t)
(nnimap-stream gssapi)
(nnimap-user "jochen@jochen.org")
(nnimap-address "imap.jochen.org"))
[...]
My current guess is that my gssapi-session is already authenticated,
but nnimap-open-connection-1 after "ZZZ" is getting confused somehow.
Some more debugging shows, that the next statement fails:
(if (not (gnus-string-match-p "[*.] \\(OK\\|PREAUTH\\)" greeting))
(nnheader-report 'nnimap "%s" greeting)
That is somewhat expected, since my call to open-gssapi-stream doesn't
set greeting (and I'm almost sure that later capability will also fail).
Is my current approach ok, or should I massage open-protocol-stream to
handle nnimap-user? Any hints how to proceed?
Jochen
--
The only problem with troubleshooting is that the trouble shoots back.
next prev parent reply other threads:[~2016-02-09 20:05 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-29 14:35 Florian Weimer
2016-02-06 6:40 ` Lars Ingebrigtsen
2016-02-07 17:16 ` Jochen Hein
2016-02-08 5:23 ` Lars Ingebrigtsen
2016-02-08 9:51 ` Jochen Hein
2016-02-08 20:59 ` Jochen Hein
2016-02-08 21:51 ` Andreas Schwab
2016-02-08 23:21 ` Jochen Hein
2016-02-08 23:47 ` Andreas Schwab
2016-02-09 6:22 ` Jochen Hein
2016-02-09 20:05 ` Jochen Hein [this message]
2016-02-09 23:31 ` Lars Ingebrigtsen
2016-02-10 4:16 ` Jochen Hein
2016-02-10 4:23 ` Lars Ingebrigtsen
2016-02-10 4:30 ` Lars Ingebrigtsen
2016-02-10 4:42 ` Jochen Hein
2016-02-10 4:50 ` Lars Ingebrigtsen
2016-02-10 21:37 ` Jochen Hein
2016-02-11 19:51 ` [PATCH] GSSAPI " Jochen Hein
2016-02-13 6:50 ` Lars Ingebrigtsen
2016-02-13 10:30 ` Jochen Hein
2016-02-14 2:25 ` Lars Ingebrigtsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83wpqd4pk6.fsf@echidna.jochen.org \
--to=jochen@jochen.org \
--cc=ding@gnus.org \
--cc=fw@deneb.enyo.de \
--cc=larsi@gnus.org \
--cc=schwab@linux-m68k.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).