From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/86805 Path: news.gmane.org!not-for-mail From: Jochen Hein Newsgroups: gmane.emacs.gnus.general Subject: Re: gssapi authentication for nnimap Date: Tue, 09 Feb 2016 07:22:23 +0100 Message-ID: <83zivammhs.fsf@echidna.jochen.org> References: <87oaecan6t.fsf@mid.deneb.enyo.de> <87d1sanxyx.fsf@gnus.org> <83a8ncfnkc.fsf@echidna.jochen.org> <8737t3g4hk.fsf@gnus.org> <831t8mgbpi.fsf@echidna.jochen.org> <87io1ykh0h.fsf@linux-m68k.org> <83vb5yhjpo.fsf@echidna.jochen.org> <87wpqeix2s.fsf@linux-m68k.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1454999213 24106 80.91.229.3 (9 Feb 2016 06:26:53 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 9 Feb 2016 06:26:53 +0000 (UTC) Cc: ding@gnus.org, Lars Ingebrigtsen , Florian Weimer To: Andreas Schwab Original-X-From: ding-owner+M35030@lists.math.uh.edu Tue Feb 09 07:26:42 2016 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from lists1.math.uh.edu ([129.7.128.208]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1aT1l2-00072y-J7 for ding-account@gmane.org; Tue, 09 Feb 2016 07:26:40 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by lists1.math.uh.edu with smtp (Exim 4.85) (envelope-from ) id 1aT1kM-0000wr-9I; Tue, 09 Feb 2016 00:25:58 -0600 Original-Received: from mx2.math.uh.edu ([129.7.128.33]) by lists1.math.uh.edu with esmtps (TLSv1.2:AES128-GCM-SHA256:128) (Exim 4.85) (envelope-from ) id 1aT1kH-0000wO-6C for ding@lists.math.uh.edu; Tue, 09 Feb 2016 00:25:53 -0600 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx2.math.uh.edu with esmtps (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.85) (envelope-from ) id 1aT1kF-00026L-Im for ding@lists.math.uh.edu; Tue, 09 Feb 2016 00:25:53 -0600 Original-Received: from smtp.dinoex.de ([188.40.204.4] ident=root) by quimby.gnus.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1aT1kD-0001nr-UP; Tue, 09 Feb 2016 07:25:50 +0100 Original-Received: from smtp.dinoex.de (uucp@smtp.dinoex.de [188.40.204.4]) by smtp.dinoex.de (8.15.2/8.15.1) with ESMTPS id u196P5T7091245 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 9 Feb 2016 07:25:06 +0100 (CET) (envelope-from jochen@jochen.org) Original-Received: (from uucp@localhost) by smtp.dinoex.de (8.15.2/8.15.1/Submit) with UUCP id u196P5RW091244; Tue, 9 Feb 2016 07:25:05 +0100 (CET) (envelope-from jochen@jochen.org) Original-Received: from echidna.jochen.org (echidna.jochen.org [IPv6:fd23:e163:19f7:1234:222:4dff:fe7c:d76a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by jupiter.jochen.org (Postfix) with ESMTPSA id C228F1E8; Tue, 9 Feb 2016 07:22:23 +0100 (CET) X-Message-Flag: This space is intentionally left blank User-Agent: Gnus/5.130015 (Ma Gnus v0.15) Emacs/24.4 (gnu/linux) X-Milter: Spamilter (Reciever: smtp.dinoex.de; Sender-ip: 188.40.204.4; Sender-helo: smtp.dinoex.de;) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (smtp.dinoex.de [188.40.204.4]); Tue, 09 Feb 2016 07:25:07 +0100 (CET) X-Spam-Score: -1.9 (-) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:86805 Archived-At: Andreas Schwab writes: > What did you try? Right now I have the following diff to nnimap.el: diff --git a/lisp/nnimap.el b/lisp/nnimap.el index 05251ed..02c651e 100644 --- a/lisp/nnimap.el +++ b/lisp/nnimap.el @@ -65,7 +65,7 @@ it will default to `imap'.") (defvoo nnimap-stream 'undecided "How nnimap talks to the IMAP server. The value should be either `undecided', `ssl' or `tls', -`network', `starttls', `plain', or `shell'. +`network', `starttls', `plain', `gssapi' or `shell'. If the value is `undecided', nnimap tries `ssl' first, then falls back on `network'.") @@ -408,6 +408,10 @@ textual parts.") (nnheader-message 7 "Opening connection to %s via shell..." nnimap-address) '("imap")) + ((eq nnimap-stream 'gssapi) + (nnheader-message 7 "jk:Opening connection to %s via GSSAPI..." + nnimap-address) + '("imap")) ((memq nnimap-stream '(ssl tls)) (nnheader-message 7 "Opening connection to %s via tls..." nnimap-address) @@ -417,28 +421,35 @@ textual parts.") login-result credentials) (when nnimap-server-port (push nnimap-server-port ports)) - (let* ((stream-list - (open-protocol-stream - "*nnimap*" (current-buffer) nnimap-address - (nnimap-map-port (car ports)) - :type nnimap-stream - :warn-unless-encrypted t - :return-list t - :shell-command nnimap-shell-program - :capability-command "1 CAPABILITY\r\n" - :always-query-capabilities t - :end-of-command "\r\n" - :success " OK " - :starttls-function - (lambda (capabilities) - (when (gnus-string-match-p "STARTTLS" capabilities) - "1 STARTTLS\r\n")))) + (let* ((stream-list + (if (eq nnimap-stream 'gssapi) + (open-protocol-stream + "*nnimap*" (current-buffer) nnimap-address + (nnimap-map-port (car ports)) nnimap-user + :return-list t) + (open-protocol-stream + "*nnimap*" (current-buffer) nnimap-address + (nnimap-map-port (car ports)) + :type nnimap-stream + :warn-unless-encrypted t + :return-list t + :shell-command nnimap-shell-program + :capability-command "1 CAPABILITY\r\n" + :always-query-capabilities t + :end-of-command "\r\n" + :success " OK " + :starttls-function + (lambda (capabilities) + (when (gnus-string-match-p "STARTTLS" capabilities) + "1 STARTTLS\r\n"))))) (stream (car stream-list)) (props (cdr stream-list)) (greeting (plist-get props :greeting)) (capabilities (plist-get props :capabilities)) (stream-type (plist-get props :type))) (when (and stream (not (memq (process-status stream) '(open run)))) + (nnheader-message 7 "XXX ...") (setq stream nil)) (when (and (fboundp 'set-network-process-option) ;; Not in XEmacs. @@ -450,12 +461,14 @@ textual parts.") (setf (nnimap-process nnimap-object) stream) (setf (nnimap-stream-type nnimap-object) stream-type) + (nnheader-message 7 "YYY ...") (if (not stream) (progn (nnheader-report 'nnimap "Unable to contact %s:%s via %s" nnimap-address (car ports) nnimap-stream) 'no-connect) (gnus-set-process-query-on-exit-flag stream nil) + (nnheader-message 7 "ZZZ ...") (if (not (gnus-string-match-p "[*.] \\(OK\\|PREAUTH\\)" greeting)) (nnheader-report 'nnimap "%s" greeting) ;; Store the greeting (for debugging purposes). I've sprinled some messages into the function, which trigger when connecting as a non-GSSAPI user: Opening nnimap server on jochen@jochen.org... jk:Opening connection to imap.jochen.org via GSSAPI... Unable to open server nnimap+jochen@jochen.org due to: Wrong type argument: listp, # Opening nnimap server on jochen@jochen.org...failed: Opening nnimap server on nongssapi-user@jochen.org... Opening connection to imap.jochen.org via tls... YYY ... ZZZ ... Opening connection to imap.jochen.org...done Opening nnimap server on nongssapi-user@jochen.org...done I was not successful getting a backtrace at the "Wrong type" message - so I'm not sure what call is failing. My gnus config for gnus-secondary select methods is: (require 'gssapi) (setq debug-on-error t) ; Mail mittels nnml und imap lesen (setq gnus-secondary-select-methods '((nnml "private") (nnimap "jochen@jochen.org" (nnimap-expunge t) (nnimap-stream gssapi) (nnimap-address "imap.jochen.org")) [...] When I quit gnus after connecting with that config I get asked: Buffer " *nnimap imap.jochen.org nil *nntpd**" has a running process; kill it? (yes or no) If I look at the buffer I see: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED AUTH=GSSAPI SASL-IR] jupiter.jochen.org Cyrus IMAP git2.5+0-Debian-2.5~dev2015021301-0~kolab2 server ready^M But no running process... I've not arrived at gssapi.el, because that message is missing: (defun open-gssapi-stream (name buffer server port user) (let ((cmds gssapi-program) cmd done) (with-current-buffer buffer (while (and (not done) (setq cmd (pop cmds))) (message "Opening GSSAPI connection with `%s'..." cmd) Any idea how to get further? Jochen -- The only problem with troubleshooting is that the trouble shoots back.