* Use flim's sasl.el to authenticate to IMAP servers
@ 2004-03-23 17:20 Kim Minh Kaplan
2004-05-16 14:25 ` Lars Magne Ingebrigtsen
0 siblings, 1 reply; 9+ messages in thread
From: Kim Minh Kaplan @ 2004-03-23 17:20 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 345 bytes --]
Hello,
I recently wanted to use other authentication mechanisms than plain
IMAP LOGIN command. Unfortunately, I could not get hold of the file
digest-md5.el that I needed. But I found that flim¹ implements a
framework for SASL. Attached is a patch to make it work with IMAP.
Kim Minh.
¹ <URL:ftp://ftp.m17n.org/pub/mule/flim/>
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: IMAP with SASL --]
[-- Type: text/x-patch, Size: 3401 bytes --]
--- imap.el.~6.67.~ 2003-11-17 06:55:15.000000000 +0100
+++ imap.el 2004-03-23 18:01:05.000000000 +0100
@@ -143,6 +143,7 @@
(autoload 'base64-encode-string "base64")
(autoload 'starttls-open-stream "starttls")
(autoload 'starttls-negotiate "starttls")
+ (autoload 'sasl-find-mechanism "sasl")
(autoload 'digest-md5-parse-digest-challenge "digest-md5")
(autoload 'digest-md5-digest-response "digest-md5")
(autoload 'digest-md5-digest-uri "digest-md5")
@@ -297,6 +298,7 @@
kerberos4
digest-md5
cram-md5
+ sasl
login
anonymous)
"Priority of authenticators to consider when authenticating to server.")
@@ -304,6 +306,7 @@
(defvar imap-authenticator-alist
'((gssapi imap-gssapi-auth-p imap-gssapi-auth)
(kerberos4 imap-kerberos4-auth-p imap-kerberos4-auth)
+ (sasl imap-sasl-auth-p imap-sasl-auth)
(cram-md5 imap-cram-md5-p imap-cram-md5-auth)
(login imap-login-p imap-login-auth)
(anonymous imap-anonymous-p imap-anonymous-auth)
@@ -904,6 +907,61 @@
(concat "LOGIN anonymous \"" (concat (user-login-name) "@"
(system-name)) "\"")))))
+(defun imap-sasl-make-mechanisms (buffer)
+ (let ((mecs '()))
+ (mapc (lambda (sym)
+ (let ((name (symbol-name sym)))
+ (if (and (> (length name) 5)
+ (string-equal "AUTH=" (substring name 0 5 )))
+ (setq mecs (cons (substring name 5) mecs)))))
+ (imap-capability nil buffer))
+ mecs))
+
+(defun imap-sasl-auth-p (buffer)
+ (and (condition-case ()
+ (require 'sasl)
+ (error nil))
+ (sasl-find-mechanism (imap-sasl-make-mechanisms buffer))))
+
+(defun imap-sasl-auth (buffer)
+ "Login to server using the SASL method."
+ (message "imap: Authenticating using SASL...")
+ (with-current-buffer buffer
+ (make-local-variable 'imap-username)
+ (make-local-variable 'imap-sasl-client)
+ (make-local-variable 'imap-sasl-step)
+ (let ((mechanism (sasl-find-mechanism (imap-sasl-make-mechanisms buffer)))
+ logged user)
+ (while (not logged)
+ (setq user (or imap-username
+ (read-from-minibuffer
+ (concat "IMAP username for " imap-server " using SASL "
+ (sasl-mechanism-name mechanism) ": ")
+ (or user imap-default-user))))
+ (when user
+ (setq imap-sasl-client (sasl-make-client mechanism user "imap2" imap-server)
+ imap-sasl-step (sasl-next-step imap-sasl-client nil))
+ (let ((tag (imap-send-command
+ (if (sasl-step-data imap-sasl-step)
+ (format "AUTHENTICATE %s %s"
+ (sasl-mechanism-name mechanism)
+ (sasl-step-data imap-sasl-step))
+ (format "AUTHENTICATE %s" (sasl-mechanism-name mechanism)))
+ buffer)))
+ (while (eq (imap-wait-for-tag tag) 'INCOMPLETE)
+ (sasl-step-set-data imap-sasl-step (base64-decode-string imap-continuation))
+ (setq imap-continuation nil
+ imap-sasl-step (sasl-next-step imap-sasl-client imap-sasl-step))
+ (imap-send-command-1 (if (sasl-step-data imap-sasl-step)
+ (base64-encode-string (sasl-step-data imap-sasl-step) t)
+ "")))
+ (if (imap-ok-p (imap-wait-for-tag tag))
+ (setq imap-username user
+ logged t)
+ (message "Login failed...")
+ (sit-for 1)))))
+ logged)))
+
(defun imap-digest-md5-p (buffer)
(and (imap-capability 'AUTH=DIGEST-MD5 buffer)
(condition-case ()
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Use flim's sasl.el to authenticate to IMAP servers
2004-03-23 17:20 Use flim's sasl.el to authenticate to IMAP servers Kim Minh Kaplan
@ 2004-05-16 14:25 ` Lars Magne Ingebrigtsen
2004-05-17 2:02 ` Katsumi Yamaoka
2004-05-17 8:00 ` Use flim's sasl.el to authenticate to IMAP servers anti
0 siblings, 2 replies; 9+ messages in thread
From: Lars Magne Ingebrigtsen @ 2004-05-16 14:25 UTC (permalink / raw)
Kim Minh Kaplan <kmkaplan@selfoffice.com> writes:
> I recently wanted to use other authentication mechanisms than plain
> IMAP LOGIN command. Unfortunately, I could not get hold of the file
> digest-md5.el that I needed. But I found that flim¹ implements a
> framework for SASL. Attached is a patch to make it work with IMAP.
Thanks for the patch; I've applied it to No Gnus v0.3 (i. e., CVS).
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Use flim's sasl.el to authenticate to IMAP servers
2004-05-16 14:25 ` Lars Magne Ingebrigtsen
@ 2004-05-17 2:02 ` Katsumi Yamaoka
2004-05-17 12:36 ` Lars Magne Ingebrigtsen
2004-05-17 8:00 ` Use flim's sasl.el to authenticate to IMAP servers anti
1 sibling, 1 reply; 9+ messages in thread
From: Katsumi Yamaoka @ 2004-05-17 2:02 UTC (permalink / raw)
Cc: ding
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=iso-2022-jp-2, Size: 1453 bytes --]
Hi,
>>>>> In <m3zn88e9fg.fsf@quimbies.gnus.org>
>>>>> Lars Magne Ingebrigtsen <larsi@gnus.org> wrote:
> Kim Minh Kaplan <kmkaplan@selfoffice.com> writes:
>> I recently wanted to use other authentication mechanisms than plain
>> IMAP LOGIN command. Unfortunately, I could not get hold of the file
>> digest-md5.el that I needed. But I found that flim^[.A^[N9 implements a
>> framework for SASL. Attached is a patch to make it work with IMAP.
> Thanks for the patch; I've applied it to No Gnus v0.3 (i. e., CVS).
I'm using nnml, and the IMAP connection for fetching new mails
with the following mail source:
(setq mail-sources '((imap :server "MAILHOST" :port 143
:password "PASSWORD"
:stream starttls)))
The server's response is:
* OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS AUTH=LOGIN]\
MAILHOST IMAP4rev1 2001.315rh...
After the recent change, Gnus requires a password whenever I get
new mails, and fails to get them. :<
nnml: Reading incoming mail from imap...
imap: Connecting to MAILHOST...
imap: Connecting with STARTTLS...done
Waiting for response from MAILHOST...done
imap: Authenticating to `MAILHOST' using `sasl'...
imap: Authenticating using SASL...
PLAIN passphrase for yamaoka:
The problem is solved by modifying the imap-authenticators
variable as follows:
(delq 'sasl imap-authenticators)
Is it always necessary to me? Or, is there any other solution?
Regards,
--
Katsumi Yamaoka <yamaoka@jpl.org>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Use flim's sasl.el to authenticate to IMAP servers
2004-05-17 2:02 ` Katsumi Yamaoka
@ 2004-05-17 12:36 ` Lars Magne Ingebrigtsen
2004-05-17 12:38 ` Katsumi Yamaoka
0 siblings, 1 reply; 9+ messages in thread
From: Lars Magne Ingebrigtsen @ 2004-05-17 12:36 UTC (permalink / raw)
Katsumi Yamaoka <yamaoka@jpl.org> writes:
> The problem is solved by modifying the imap-authenticators
> variable as follows:
>
> (delq 'sasl imap-authenticators)
I've commented out the sasl from the source now until someone who
knows what it's doing can take a look at it. :-)
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Use flim's sasl.el to authenticate to IMAP servers
2004-05-16 14:25 ` Lars Magne Ingebrigtsen
2004-05-17 2:02 ` Katsumi Yamaoka
@ 2004-05-17 8:00 ` anti
1 sibling, 0 replies; 9+ messages in thread
From: anti @ 2004-05-17 8:00 UTC (permalink / raw)
Cc: ding
Lars Magne Ingebrigtsen wrote:
>Kim Minh Kaplan <kmkaplan@selfoffice.com> writes:
>
>
>
>>I recently wanted to use other authentication mechanisms than plain
>>IMAP LOGIN command. Unfortunately, I could not get hold of the file
>>digest-md5.el that I needed. But I found that flim¹ implements a
>>framework for SASL. Attached is a patch to make it work with IMAP.
>>
>>
>
>Thanks for the patch; I've applied it to No Gnus v0.3 (i. e., CVS).
>
>
>
It's probably due to this change that I can't log into my imaps/plain
server any more. Here's the *Messages* part:
Opening nnimap server on hop...
imap: Connecting to hop...
imap: Opening SSL connection with `openssl s_client -quiet -ssl3 -connect %s:%p'...done
Waiting for response from hop...done
imap: Authenticating using SASL...
PLAIN passphrase for anti:
PLAIN passphrase for anti: .
PLAIN passphrase for anti: ..
PLAIN passphrase for anti: ........
Unable to open server due to: Internal error, tag 6 status BAD code nil text Unexpected extra arguments to Authenticate
Opening nnimap server on hop...failed
If more debugging is needed, please advise.
anti
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2004-05-17 15:11 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-03-23 17:20 Use flim's sasl.el to authenticate to IMAP servers Kim Minh Kaplan
2004-05-16 14:25 ` Lars Magne Ingebrigtsen
2004-05-17 2:02 ` Katsumi Yamaoka
2004-05-17 12:36 ` Lars Magne Ingebrigtsen
2004-05-17 12:38 ` Katsumi Yamaoka
2004-05-17 13:49 ` ~/.authinfo is now ignored for nnimap (was: Use flim's sasl.el to authenticate to IMAP servers) Ted Zlatanov
2004-05-17 15:11 ` ~/.authinfo is now ignored for nnimap Lars Magne Ingebrigtsen
2004-05-17 15:11 ` Ted Zlatanov
2004-05-17 8:00 ` Use flim's sasl.el to authenticate to IMAP servers anti
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).