* Current state of GSSAPI support?
@ 2017-02-03 3:19 Elias Mårtenson
2017-02-03 4:26 ` Jochen Hein
2017-02-03 7:35 ` Adam Sjøgren
0 siblings, 2 replies; 5+ messages in thread
From: Elias Mårtenson @ 2017-02-03 3:19 UTC (permalink / raw)
To: info-gnus-english
[-- Attachment #1.1: Type: text/plain, Size: 979 bytes --]
A few years ago I inquired about Kerberos authentication for Gnus IMAP and
at the time it was concluded that it had originally worked, but did not
work anymore.
Since then I was waiting for the dynamic module support to land in Emacs so
that I could implement native GSSAPI support and then modify Gnus to take
advantage of it. I now decided to start looking at this.
While implementing this i rediscovered the existence of ‘gssapi.el’ in the
Gnus directory and I noted that it has a copyright year of 2017. That
suggests to me that this file is actually maintained. However, I still do
not see any indication in the Gnus source code that it would be possible to
actually use this with Gnus.
Before I sink any more time into implementing native GSSAPI support in
Emacs, could anyone explain to me what the current state of this is, and if
it might actually be possible to get this to work without me having to
write a lot of new code?
Regards,
Elias
[-- Attachment #1.2: Type: text/html, Size: 1086 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Current state of GSSAPI support?
2017-02-03 3:19 Current state of GSSAPI support? Elias Mårtenson
@ 2017-02-03 4:26 ` Jochen Hein
2017-02-03 7:35 ` Adam Sjøgren
1 sibling, 0 replies; 5+ messages in thread
From: Jochen Hein @ 2017-02-03 4:26 UTC (permalink / raw)
To: Elias Mårtenson; +Cc: info-gnus-english
[-- Attachment #1: Type: text/plain, Size: 751 bytes --]
Elias Mårtenson <lokedhs@gmail.com> writes:
> A few years ago I inquired about Kerberos authentication for Gnus IMAP and
> at the time it was concluded that it had originally worked, but did not
> work anymore.
Yes, I came to the same conclusion last year.
> Before I sink any more time into implementing native GSSAPI support in
> Emacs, could anyone explain to me what the current state of this is, and if
> it might actually be possible to get this to work without me having to
> write a lot of new code?
I posted some patches last year on the emacs list. Unfortunatly they
never git integrated - they use external commands to connect, so the
won't be generic streams.
I'll attach the rough patches I have here.
Jochen
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: gnus-gssapi.diff --]
[-- Type: text/x-diff, Size: 4690 bytes --]
--- network-stream.el.orig 2016-02-11 17:26:06.000000000 +0100
+++ network-stream.el 2016-02-11 18:31:02.000000000 +0100
@@ -44,6 +44,7 @@
(require 'tls)
(require 'starttls)
+(require 'gssapi)
(require 'auth-source)
(autoload 'gnutls-negotiate "gnutls")
@@ -85,6 +86,7 @@
`tls' -- A TLS connection.
`ssl' -- Equivalent to `tls'.
`shell' -- A shell connection.
+ `gssapi' -- a GSSAPI connection.
:return-list specifies this function's return value.
If omitted or nil, return a process object. A non-nil means to
@@ -156,6 +158,7 @@
'network-stream-open-starttls)
((memq type '(tls ssl)) 'network-stream-open-tls)
((eq type 'shell) 'network-stream-open-shell)
+ ((eq type 'gssapi) 'network-stream-open-gssapi)
(t (error "Invalid connection type %s" type))))
result)
(unwind-protect
@@ -172,6 +175,24 @@
:error (nth 4 result))
(car result))))))
+(defun network-stream-open-gssapi (name buffer host service parameters)
+ (let* ((start (with-current-buffer buffer (point)))
+ (capability-command (plist-get parameters :capability-command))
+ (eoc (plist-get parameters :end-of-command))
+ (eo-capa (or (plist-get parameters :end-of-capability)
+ eoc))
+ (stream (open-gssapi-stream name buffer host service))
+ (greeting (network-stream-get-response stream start eoc))
+ (capabilities (when capability-command
+ (network-stream-command stream
+ capability-command
+ (or eo-capa eoc)))))
+ ;; Return (STREAM GREETING CAPABILITIES RESULTING-TYPE)
+ (list stream
+ greeting
+ capabilities
+ 'gssapi)))
+
(defun network-stream-certificate (host service parameters)
(let ((spec (plist-get :client-certificate parameters)))
(cond
diff --git a/lisp/gssapi.el b/lisp/gssapi.el
index 1f72805..08b2ec3 100644
--- a/lisp/gssapi.el
+++ b/lisp/gssapi.el
@@ -29,9 +29,8 @@
(defcustom gssapi-program (list
(concat "gsasl %s %p "
- "--mechanism GSSAPI "
- "--authentication-id %l")
- "imtest -m gssapi -u %l -p %p %s")
+ "--mechanism GSSAPI ")
+ "imtest -m gssapi -p %p %s")
"List of strings containing commands for GSSAPI (krb5) authentication.
%s is replaced with server hostname, %p with port to connect to,
and %l with the user name. The program should accept commands on
@@ -41,7 +40,7 @@ tried until a successful connection is made."
:group 'network
:type '(repeat string))
-(defun open-gssapi-stream (name buffer server port user)
+(defun open-gssapi-stream (name buffer server port)
(let ((cmds gssapi-program)
cmd done)
(with-current-buffer buffer
@@ -57,8 +56,7 @@ tried until a successful connection is made."
cmd
(format-spec-make
?s server
- ?p (number-to-string port)
- ?l user))))
+ ?p (number-to-string port)))))
response)
(when process
(while (and (memq (process-status process) '(open run))
@@ -92,7 +90,6 @@ tried until a successful connection is made."
(setq response (match-string 1)))))
(accept-process-output process 1)
(sit-for 1))
- (erase-buffer)
(message "GSSAPI connection: %s" (or response "failed"))
(if (and response (let ((case-fold-search nil))
(not (string-match "failed" response))))
diff --git a/lisp/nnimap.el b/lisp/nnimap.el
index 05251ed..2eca2b4 100644
--- a/lisp/nnimap.el
+++ b/lisp/nnimap.el
@@ -65,7 +65,7 @@ it will default to `imap'.")
(defvoo nnimap-stream 'undecided
"How nnimap talks to the IMAP server.
The value should be either `undecided', `ssl' or `tls',
-`network', `starttls', `plain', or `shell'.
+`network', `starttls', `plain', `gssapi', or `shell'.
If the value is `undecided', nnimap tries `ssl' first, then falls
back on `network'.")
@@ -408,6 +408,10 @@ textual parts.")
(nnheader-message 7 "Opening connection to %s via shell..."
nnimap-address)
'("imap"))
+ ((eq nnimap-stream 'gssapi)
+ (nnheader-message 7 "Opening connection to %s via GSSAPI..."
+ nnimap-address)
+ '(143))
((memq nnimap-stream '(ssl tls))
(nnheader-message 7 "Opening connection to %s via tls..."
nnimap-address)
@@ -463,7 +467,9 @@ textual parts.")
(setf (nnimap-capabilities nnimap-object)
(mapcar #'upcase
(split-string capabilities)))
- (unless (gnus-string-match-p "[*.] PREAUTH" greeting)
+ (unless (or
+ (eq nnimap-stream 'gssapi)
+ (gnus-string-match-p "[*.] PREAUTH" greeting))
(if (not (setq credentials
(if (eq nnimap-authenticator 'anonymous)
(list "anonymous"
[-- Attachment #3: Type: text/plain, Size: 76 bytes --]
--
The only problem with troubleshooting is that the trouble shoots back.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Current state of GSSAPI support?
2017-02-03 3:19 Current state of GSSAPI support? Elias Mårtenson
2017-02-03 4:26 ` Jochen Hein
@ 2017-02-03 7:35 ` Adam Sjøgren
2017-02-03 7:48 ` Elias Mårtenson
1 sibling, 1 reply; 5+ messages in thread
From: Adam Sjøgren @ 2017-02-03 7:35 UTC (permalink / raw)
To: info-gnus-english
Elias writes:
> While implementing this i rediscovered the existence of ‘gssapi.el’ in the
> Gnus directory and I noted that it has a copyright year of 2017. That
> suggests to me that this file is actually maintained.
I think the GNU Emacs policy is to update all the years every year, so
that might not be the case.
The last 5 commits to gssapi.el:
commit 5badc81c1cdfbb261ad3e6d1b753defb15712f26
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Sun Jan 1 03:14:01 2017 +0000
Update copyright year to 2017
Run admin/update-copyright.
commit 0e963201d03d9229bb8ac4323291d2b0119526ed
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri Jan 1 01:16:19 2016 -0800
Update copyright year to 2016
Run admin/update-copyright.
commit 7e09ef09a479731d01b1ca46e94ddadd73ac98e3
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu Jan 1 14:26:41 2015 -0800
Update copyright year to 2015
Run admin/update-copyright.
commit ba3189039adc8ec5eba5ed3e21d42019a4616b7c
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Wed Jan 1 07:43:34 2014 +0000
Update copyright year to 2014 by running admin/update-copyright.
commit ab422c4d6899b1442cb6954c1829c1fb656b006c
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue Jan 1 09:11:05 2013 +0000
Update copyright notices for 2013.
Best regards,
Adam
--
"Do I really want to set this in Denmark?" Adam Sjøgren
asjo@koldfront.dk
_______________________________________________
info-gnus-english mailing list
info-gnus-english@gnu.org
https://lists.gnu.org/mailman/listinfo/info-gnus-english
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Current state of GSSAPI support?
2017-02-03 7:35 ` Adam Sjøgren
@ 2017-02-03 7:48 ` Elias Mårtenson
2017-02-03 9:49 ` Adam Sjøgren
0 siblings, 1 reply; 5+ messages in thread
From: Elias Mårtenson @ 2017-02-03 7:48 UTC (permalink / raw)
To: Adam Sjøgren; +Cc: info-gnus-english
[-- Attachment #1.1: Type: text/plain, Size: 750 bytes --]
On 3 February 2017 at 15:35, Adam Sjøgren <asjo@koldfront.dk> wrote:
> Elias writes:
>
> > While implementing this i rediscovered the existence of ‘gssapi.el’ in
> the
> > Gnus directory and I noted that it has a copyright year of 2017. That
> > suggests to me that this file is actually maintained.
>
> I think the GNU Emacs policy is to update all the years every year, so
> that might not be the case.
Thank you. That explains a lot. That means that I should continue working
on this.
Do you (or anyone else) have any opinion on the choice to use modules
here? If I complete this, is there a chance that this be accepted for
merge, or would the existence of the module make things more complicated?
Regards,
Elias
[-- Attachment #1.2: Type: text/html, Size: 1145 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Current state of GSSAPI support?
2017-02-03 7:48 ` Elias Mårtenson
@ 2017-02-03 9:49 ` Adam Sjøgren
0 siblings, 0 replies; 5+ messages in thread
From: Adam Sjøgren @ 2017-02-03 9:49 UTC (permalink / raw)
To: info-gnus-english
Elias writes:
> Do you (or anyone else) have any opinion on the choice to use modules
> here? If I complete this, is there a chance that this be accepted for
> merge, or would the existence of the module make things more complicated?
I haven't the foggiest unfortunately, I don't have the bandwidth to
follow the Emacs development - maybe asking on the emacs-devel list is
more likely to give you some informed opinions?
Best regards,
Adam
--
"Do I really want to set this in Denmark?" Adam Sjøgren
asjo@koldfront.dk
_______________________________________________
info-gnus-english mailing list
info-gnus-english@gnu.org
https://lists.gnu.org/mailman/listinfo/info-gnus-english
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-02-03 9:49 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-03 3:19 Current state of GSSAPI support? Elias Mårtenson
2017-02-03 4:26 ` Jochen Hein
2017-02-03 7:35 ` Adam Sjøgren
2017-02-03 7:48 ` Elias Mårtenson
2017-02-03 9:49 ` Adam Sjøgren
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).