* Current state of GSSAPI support? @ 2017-02-03 3:19 Elias Mårtenson 2017-02-03 4:26 ` Jochen Hein 2017-02-03 7:35 ` Adam Sjøgren 0 siblings, 2 replies; 5+ messages in thread From: Elias Mårtenson @ 2017-02-03 3:19 UTC (permalink / raw) To: info-gnus-english [-- Attachment #1.1: Type: text/plain, Size: 979 bytes --] A few years ago I inquired about Kerberos authentication for Gnus IMAP and at the time it was concluded that it had originally worked, but did not work anymore. Since then I was waiting for the dynamic module support to land in Emacs so that I could implement native GSSAPI support and then modify Gnus to take advantage of it. I now decided to start looking at this. While implementing this i rediscovered the existence of ‘gssapi.el’ in the Gnus directory and I noted that it has a copyright year of 2017. That suggests to me that this file is actually maintained. However, I still do not see any indication in the Gnus source code that it would be possible to actually use this with Gnus. Before I sink any more time into implementing native GSSAPI support in Emacs, could anyone explain to me what the current state of this is, and if it might actually be possible to get this to work without me having to write a lot of new code? Regards, Elias [-- Attachment #1.2: Type: text/html, Size: 1086 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Current state of GSSAPI support? 2017-02-03 3:19 Current state of GSSAPI support? Elias Mårtenson @ 2017-02-03 4:26 ` Jochen Hein 2017-02-03 7:35 ` Adam Sjøgren 1 sibling, 0 replies; 5+ messages in thread From: Jochen Hein @ 2017-02-03 4:26 UTC (permalink / raw) To: Elias Mårtenson; +Cc: info-gnus-english [-- Attachment #1: Type: text/plain, Size: 751 bytes --] Elias Mårtenson <lokedhs@gmail.com> writes: > A few years ago I inquired about Kerberos authentication for Gnus IMAP and > at the time it was concluded that it had originally worked, but did not > work anymore. Yes, I came to the same conclusion last year. > Before I sink any more time into implementing native GSSAPI support in > Emacs, could anyone explain to me what the current state of this is, and if > it might actually be possible to get this to work without me having to > write a lot of new code? I posted some patches last year on the emacs list. Unfortunatly they never git integrated - they use external commands to connect, so the won't be generic streams. I'll attach the rough patches I have here. Jochen [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: gnus-gssapi.diff --] [-- Type: text/x-diff, Size: 4690 bytes --] --- network-stream.el.orig 2016-02-11 17:26:06.000000000 +0100 +++ network-stream.el 2016-02-11 18:31:02.000000000 +0100 @@ -44,6 +44,7 @@ (require 'tls) (require 'starttls) +(require 'gssapi) (require 'auth-source) (autoload 'gnutls-negotiate "gnutls") @@ -85,6 +86,7 @@ `tls' -- A TLS connection. `ssl' -- Equivalent to `tls'. `shell' -- A shell connection. + `gssapi' -- a GSSAPI connection. :return-list specifies this function's return value. If omitted or nil, return a process object. A non-nil means to @@ -156,6 +158,7 @@ 'network-stream-open-starttls) ((memq type '(tls ssl)) 'network-stream-open-tls) ((eq type 'shell) 'network-stream-open-shell) + ((eq type 'gssapi) 'network-stream-open-gssapi) (t (error "Invalid connection type %s" type)))) result) (unwind-protect @@ -172,6 +175,24 @@ :error (nth 4 result)) (car result)))))) +(defun network-stream-open-gssapi (name buffer host service parameters) + (let* ((start (with-current-buffer buffer (point))) + (capability-command (plist-get parameters :capability-command)) + (eoc (plist-get parameters :end-of-command)) + (eo-capa (or (plist-get parameters :end-of-capability) + eoc)) + (stream (open-gssapi-stream name buffer host service)) + (greeting (network-stream-get-response stream start eoc)) + (capabilities (when capability-command + (network-stream-command stream + capability-command + (or eo-capa eoc))))) + ;; Return (STREAM GREETING CAPABILITIES RESULTING-TYPE) + (list stream + greeting + capabilities + 'gssapi))) + (defun network-stream-certificate (host service parameters) (let ((spec (plist-get :client-certificate parameters))) (cond diff --git a/lisp/gssapi.el b/lisp/gssapi.el index 1f72805..08b2ec3 100644 --- a/lisp/gssapi.el +++ b/lisp/gssapi.el @@ -29,9 +29,8 @@ (defcustom gssapi-program (list (concat "gsasl %s %p " - "--mechanism GSSAPI " - "--authentication-id %l") - "imtest -m gssapi -u %l -p %p %s") + "--mechanism GSSAPI ") + "imtest -m gssapi -p %p %s") "List of strings containing commands for GSSAPI (krb5) authentication. %s is replaced with server hostname, %p with port to connect to, and %l with the user name. The program should accept commands on @@ -41,7 +40,7 @@ tried until a successful connection is made." :group 'network :type '(repeat string)) -(defun open-gssapi-stream (name buffer server port user) +(defun open-gssapi-stream (name buffer server port) (let ((cmds gssapi-program) cmd done) (with-current-buffer buffer @@ -57,8 +56,7 @@ tried until a successful connection is made." cmd (format-spec-make ?s server - ?p (number-to-string port) - ?l user)))) + ?p (number-to-string port))))) response) (when process (while (and (memq (process-status process) '(open run)) @@ -92,7 +90,6 @@ tried until a successful connection is made." (setq response (match-string 1))))) (accept-process-output process 1) (sit-for 1)) - (erase-buffer) (message "GSSAPI connection: %s" (or response "failed")) (if (and response (let ((case-fold-search nil)) (not (string-match "failed" response)))) diff --git a/lisp/nnimap.el b/lisp/nnimap.el index 05251ed..2eca2b4 100644 --- a/lisp/nnimap.el +++ b/lisp/nnimap.el @@ -65,7 +65,7 @@ it will default to `imap'.") (defvoo nnimap-stream 'undecided "How nnimap talks to the IMAP server. The value should be either `undecided', `ssl' or `tls', -`network', `starttls', `plain', or `shell'. +`network', `starttls', `plain', `gssapi', or `shell'. If the value is `undecided', nnimap tries `ssl' first, then falls back on `network'.") @@ -408,6 +408,10 @@ textual parts.") (nnheader-message 7 "Opening connection to %s via shell..." nnimap-address) '("imap")) + ((eq nnimap-stream 'gssapi) + (nnheader-message 7 "Opening connection to %s via GSSAPI..." + nnimap-address) + '(143)) ((memq nnimap-stream '(ssl tls)) (nnheader-message 7 "Opening connection to %s via tls..." nnimap-address) @@ -463,7 +467,9 @@ textual parts.") (setf (nnimap-capabilities nnimap-object) (mapcar #'upcase (split-string capabilities))) - (unless (gnus-string-match-p "[*.] PREAUTH" greeting) + (unless (or + (eq nnimap-stream 'gssapi) + (gnus-string-match-p "[*.] PREAUTH" greeting)) (if (not (setq credentials (if (eq nnimap-authenticator 'anonymous) (list "anonymous" [-- Attachment #3: Type: text/plain, Size: 76 bytes --] -- The only problem with troubleshooting is that the trouble shoots back. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Current state of GSSAPI support? 2017-02-03 3:19 Current state of GSSAPI support? Elias Mårtenson 2017-02-03 4:26 ` Jochen Hein @ 2017-02-03 7:35 ` Adam Sjøgren 2017-02-03 7:48 ` Elias Mårtenson 1 sibling, 1 reply; 5+ messages in thread From: Adam Sjøgren @ 2017-02-03 7:35 UTC (permalink / raw) To: info-gnus-english Elias writes: > While implementing this i rediscovered the existence of ‘gssapi.el’ in the > Gnus directory and I noted that it has a copyright year of 2017. That > suggests to me that this file is actually maintained. I think the GNU Emacs policy is to update all the years every year, so that might not be the case. The last 5 commits to gssapi.el: commit 5badc81c1cdfbb261ad3e6d1b753defb15712f26 Author: Paul Eggert <eggert@cs.ucla.edu> Date: Sun Jan 1 03:14:01 2017 +0000 Update copyright year to 2017 Run admin/update-copyright. commit 0e963201d03d9229bb8ac4323291d2b0119526ed Author: Paul Eggert <eggert@cs.ucla.edu> Date: Fri Jan 1 01:16:19 2016 -0800 Update copyright year to 2016 Run admin/update-copyright. commit 7e09ef09a479731d01b1ca46e94ddadd73ac98e3 Author: Paul Eggert <eggert@cs.ucla.edu> Date: Thu Jan 1 14:26:41 2015 -0800 Update copyright year to 2015 Run admin/update-copyright. commit ba3189039adc8ec5eba5ed3e21d42019a4616b7c Author: Paul Eggert <eggert@cs.ucla.edu> Date: Wed Jan 1 07:43:34 2014 +0000 Update copyright year to 2014 by running admin/update-copyright. commit ab422c4d6899b1442cb6954c1829c1fb656b006c Author: Paul Eggert <eggert@cs.ucla.edu> Date: Tue Jan 1 09:11:05 2013 +0000 Update copyright notices for 2013. Best regards, Adam -- "Do I really want to set this in Denmark?" Adam Sjøgren asjo@koldfront.dk _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Current state of GSSAPI support? 2017-02-03 7:35 ` Adam Sjøgren @ 2017-02-03 7:48 ` Elias Mårtenson 2017-02-03 9:49 ` Adam Sjøgren 0 siblings, 1 reply; 5+ messages in thread From: Elias Mårtenson @ 2017-02-03 7:48 UTC (permalink / raw) To: Adam Sjøgren; +Cc: info-gnus-english [-- Attachment #1.1: Type: text/plain, Size: 750 bytes --] On 3 February 2017 at 15:35, Adam Sjøgren <asjo@koldfront.dk> wrote: > Elias writes: > > > While implementing this i rediscovered the existence of ‘gssapi.el’ in > the > > Gnus directory and I noted that it has a copyright year of 2017. That > > suggests to me that this file is actually maintained. > > I think the GNU Emacs policy is to update all the years every year, so > that might not be the case. Thank you. That explains a lot. That means that I should continue working on this. Do you (or anyone else) have any opinion on the choice to use modules here? If I complete this, is there a chance that this be accepted for merge, or would the existence of the module make things more complicated? Regards, Elias [-- Attachment #1.2: Type: text/html, Size: 1145 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Current state of GSSAPI support? 2017-02-03 7:48 ` Elias Mårtenson @ 2017-02-03 9:49 ` Adam Sjøgren 0 siblings, 0 replies; 5+ messages in thread From: Adam Sjøgren @ 2017-02-03 9:49 UTC (permalink / raw) To: info-gnus-english Elias writes: > Do you (or anyone else) have any opinion on the choice to use modules > here? If I complete this, is there a chance that this be accepted for > merge, or would the existence of the module make things more complicated? I haven't the foggiest unfortunately, I don't have the bandwidth to follow the Emacs development - maybe asking on the emacs-devel list is more likely to give you some informed opinions? Best regards, Adam -- "Do I really want to set this in Denmark?" Adam Sjøgren asjo@koldfront.dk _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-02-03 9:49 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2017-02-03 3:19 Current state of GSSAPI support? Elias Mårtenson 2017-02-03 4:26 ` Jochen Hein 2017-02-03 7:35 ` Adam Sjøgren 2017-02-03 7:48 ` Elias Mårtenson 2017-02-03 9:49 ` Adam Sjøgren
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).