From: Jochen Hein <jochen@jochen.org>
To: Andreas Schwab <schwab@linux-m68k.org>
Cc: ding@gnus.org, Lars Ingebrigtsen <larsi@gnus.org>,
Florian Weimer <fw@deneb.enyo.de>
Subject: Re: gssapi authentication for nnimap
Date: Tue, 09 Feb 2016 07:22:23 +0100 [thread overview]
Message-ID: <83zivammhs.fsf@echidna.jochen.org> (raw)
In-Reply-To: <87wpqeix2s.fsf@linux-m68k.org>
Andreas Schwab <schwab@linux-m68k.org> writes:
> What did you try?
Right now I have the following diff to nnimap.el:
diff --git a/lisp/nnimap.el b/lisp/nnimap.el
index 05251ed..02c651e 100644
--- a/lisp/nnimap.el
+++ b/lisp/nnimap.el
@@ -65,7 +65,7 @@ it will default to `imap'.")
(defvoo nnimap-stream 'undecided
"How nnimap talks to the IMAP server.
The value should be either `undecided', `ssl' or `tls',
-`network', `starttls', `plain', or `shell'.
+`network', `starttls', `plain', `gssapi' or `shell'.
If the value is `undecided', nnimap tries `ssl' first, then falls
back on `network'.")
@@ -408,6 +408,10 @@ textual parts.")
(nnheader-message 7 "Opening connection to %s via shell..."
nnimap-address)
'("imap"))
+ ((eq nnimap-stream 'gssapi)
+ (nnheader-message 7 "jk:Opening connection to %s via GSSAPI..."
+ nnimap-address)
+ '("imap"))
((memq nnimap-stream '(ssl tls))
(nnheader-message 7 "Opening connection to %s via tls..."
nnimap-address)
@@ -417,28 +421,35 @@ textual parts.")
login-result credentials)
(when nnimap-server-port
(push nnimap-server-port ports))
- (let* ((stream-list
- (open-protocol-stream
- "*nnimap*" (current-buffer) nnimap-address
- (nnimap-map-port (car ports))
- :type nnimap-stream
- :warn-unless-encrypted t
- :return-list t
- :shell-command nnimap-shell-program
- :capability-command "1 CAPABILITY\r\n"
- :always-query-capabilities t
- :end-of-command "\r\n"
- :success " OK "
- :starttls-function
- (lambda (capabilities)
- (when (gnus-string-match-p "STARTTLS" capabilities)
- "1 STARTTLS\r\n"))))
+ (let* ((stream-list
+ (if (eq nnimap-stream 'gssapi)
+ (open-protocol-stream
+ "*nnimap*" (current-buffer) nnimap-address
+ (nnimap-map-port (car ports)) nnimap-user
+ :return-list t)
+ (open-protocol-stream
+ "*nnimap*" (current-buffer) nnimap-address
+ (nnimap-map-port (car ports))
+ :type nnimap-stream
+ :warn-unless-encrypted t
+ :return-list t
+ :shell-command nnimap-shell-program
+ :capability-command "1 CAPABILITY\r\n"
+ :always-query-capabilities t
+ :end-of-command "\r\n"
+ :success " OK "
+ :starttls-function
+ (lambda (capabilities)
+ (when (gnus-string-match-p "STARTTLS" capabilities)
+ "1 STARTTLS\r\n")))))
(stream (car stream-list))
(props (cdr stream-list))
(greeting (plist-get props :greeting))
(capabilities (plist-get props :capabilities))
(stream-type (plist-get props :type)))
(when (and stream (not (memq (process-status stream) '(open run))))
+ (nnheader-message 7 "XXX ...")
(setq stream nil))
(when (and (fboundp 'set-network-process-option) ;; Not in XEmacs.
@@ -450,12 +461,14 @@ textual parts.")
(setf (nnimap-process nnimap-object) stream)
(setf (nnimap-stream-type nnimap-object) stream-type)
+ (nnheader-message 7 "YYY ...")
(if (not stream)
(progn
(nnheader-report 'nnimap "Unable to contact %s:%s via %s"
nnimap-address (car ports) nnimap-stream)
'no-connect)
(gnus-set-process-query-on-exit-flag stream nil)
+ (nnheader-message 7 "ZZZ ...")
(if (not (gnus-string-match-p "[*.] \\(OK\\|PREAUTH\\)" greeting))
(nnheader-report 'nnimap "%s" greeting)
;; Store the greeting (for debugging purposes).
I've sprinled some messages into the function, which trigger when
connecting as a non-GSSAPI user:
Opening nnimap server on jochen@jochen.org...
jk:Opening connection to imap.jochen.org via GSSAPI...
Unable to open server nnimap+jochen@jochen.org due to: Wrong type
argument: listp, #<process *nnimap*>
Opening nnimap server on jochen@jochen.org...failed:
Opening nnimap server on nongssapi-user@jochen.org...
Opening connection to imap.jochen.org via tls...
YYY ...
ZZZ ...
Opening connection to imap.jochen.org...done
Opening nnimap server on nongssapi-user@jochen.org...done
I was not successful getting a backtrace at the "Wrong type" message -
so I'm not sure what call is failing.
My gnus config for gnus-secondary select methods is:
(require 'gssapi)
(setq debug-on-error t)
; Mail mittels nnml und imap lesen
(setq gnus-secondary-select-methods
'((nnml "private")
(nnimap "jochen@jochen.org"
(nnimap-expunge t)
(nnimap-stream gssapi)
(nnimap-address "imap.jochen.org"))
[...]
When I quit gnus after connecting with that config I get asked:
Buffer " *nnimap imap.jochen.org nil *nntpd**" has a running process;
kill it? (yes or no)
If I look at the buffer I see:
* OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED AUTH=GSSAPI SASL-IR] jupiter.jochen.org Cyrus IMAP git2.5+0-Debian-2.5~dev2015021301-0~kolab2 server ready^M
But no running process...
I've not arrived at gssapi.el, because that message is missing:
(defun open-gssapi-stream (name buffer server port user)
(let ((cmds gssapi-program)
cmd done)
(with-current-buffer buffer
(while (and (not done)
(setq cmd (pop cmds)))
(message "Opening GSSAPI connection with `%s'..." cmd)
Any idea how to get further?
Jochen
--
The only problem with troubleshooting is that the trouble shoots back.
next prev parent reply other threads:[~2016-02-09 6:22 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-29 14:35 Florian Weimer
2016-02-06 6:40 ` Lars Ingebrigtsen
2016-02-07 17:16 ` Jochen Hein
2016-02-08 5:23 ` Lars Ingebrigtsen
2016-02-08 9:51 ` Jochen Hein
2016-02-08 20:59 ` Jochen Hein
2016-02-08 21:51 ` Andreas Schwab
2016-02-08 23:21 ` Jochen Hein
2016-02-08 23:47 ` Andreas Schwab
2016-02-09 6:22 ` Jochen Hein [this message]
2016-02-09 20:05 ` Jochen Hein
2016-02-09 23:31 ` Lars Ingebrigtsen
2016-02-10 4:16 ` Jochen Hein
2016-02-10 4:23 ` Lars Ingebrigtsen
2016-02-10 4:30 ` Lars Ingebrigtsen
2016-02-10 4:42 ` Jochen Hein
2016-02-10 4:50 ` Lars Ingebrigtsen
2016-02-10 21:37 ` Jochen Hein
2016-02-11 19:51 ` [PATCH] GSSAPI " Jochen Hein
2016-02-13 6:50 ` Lars Ingebrigtsen
2016-02-13 10:30 ` Jochen Hein
2016-02-14 2:25 ` Lars Ingebrigtsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83zivammhs.fsf@echidna.jochen.org \
--to=jochen@jochen.org \
--cc=ding@gnus.org \
--cc=fw@deneb.enyo.de \
--cc=larsi@gnus.org \
--cc=schwab@linux-m68k.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).