[mew-int 2181] Re: confirm 2aba38db059d444b7c3467a469df883f30433c71
Harald Barth
haba at example.com
Tue Jun 20 16:24:24 JST 2006
Hi, I'm trying to make the leap from 4.2 to 5.x and use IMAP instead
of POP. Short introduction of myself: Sysadmin and mew user quite
a long time. Programming occasionaly. Physical location Stockholm.
1. IMAP + ssl (stunnel):
I have managed to set up a stunnel by hand and get mew -> localhost ->
stunnel -> server. I have not been able to figure out what to set to
get mew to set the stunnel for me, but that seems just to be a matter
of finding what variables to set to what values. The documentation
could benefit from some "working examples", cut and pasted from your
.emacs files.
2. IMAP + GSSAPI (imtest):
As IMAP + ssl is nice, IMAP + GSSAPI would fit me better. There is a
program shipped with cyrus imapd called imtest that I want to use. As
a start I have modified mew-open-ssl-stream (see below). In the future
this would be mew-open-gssapi-stream. This starts imtest and connects
to the server. But after "Running1" below, synchrinzation between mew
and imtest seems to be lost because imtest has allready done all the
login and greeting and so on.
A run of imtest from the command line looks like:
-bash-3.00$ imtest -m gssapi -u $USER -p 143 mail1.kth.se
S: * OK mail1.kth.se Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS LOGINDISABLED AUTH=GSSAPI SASL-IR
S: C01 OK Completed
C: A01 AUTHENTICATE GSSAPI XXXXXXXXXXXXXXXXXXX Deleted the secret parts XXXXX
S: + XXXXXXXXXXXXXXXXXXXXX
C:
S: + XXXXXXXXXXXXXXXXXXXXX
C: XXXXXXXXXXXXXXXXXXXX
S: A01 OK Success (privacy protection)
Authenticated.
Security strength factor: 56
So I would need some way for the IMAP state machine to start here
instead of with the greeting.
I can code plain lisp/scheme but I feel a bit lost when it comes to
emacs process synchronization and other elisp speciffic stuff. I am
sure the mew-open-gssapi-stream could be coded very short as no user
interaction for passwords is needed. That is allready fixed by
gssapi/kerberos in advance. I just can't wrap my head around how
the mew-open-*-stream interacts with the IMAP state machine.
Thanks for your help,
Harald.
----------------------code--------------------
(setq mew-imap-server "mail1.kth.se")
(setq mew-imap-ssh-server nil)
(setq mew-imap-ssl t)
(setq mew-imap-ssl-port "imap")
(defun mew-open-ssl-stream (case server serv tls)
"Open an SSL/TLS stream for SERVER's SERV.
This function returns a process when an SSL/TLS connection is created
successfully.
If TLS is nil, an SSL connection is created.
If TLS is a magic word for 'stunnel', a TLS connection is created.
A local port number can be obtained the process name after ':'. "
(cond
((not (and (stringp server) (stringp serv)))
nil)
((or (null mew-ssl-ver) (not (mew-which-exec "imtest")))
(message "'%s' is not found" "imtest")
nil)
(t
(let* ((remoteport (mew-serv-to-port serv))
(localport (+ 8000 (% (mew-random) 4000)))
(process-connection-type mew-connection-type2)
(i 0) (N mew-ssl-process-exec-cnt)
(pros (process-list))
(regex (mew-ssl-info-name-regex server remoteport))
name pnm pro dummy bound opts)
(catch 'find
(while pros
(when (string-match regex (process-name (car pros)))
(if (memq (process-status (car pros)) '(run))
(setq pro (car pros))
(delete-process (car pros)))
(throw 'find nil))
(setq pros (cdr pros))))
(if pro
pro
(message "Creating an SSL/TLS connection...")
(setq pro nil)
(catch 'loop
(while (< i N)
(setq name (mew-ssl-info-name server remoteport localport))
(setq opts (mew-ssl-options case server remoteport localport tls))
(setq pro (apply 'start-process
name nil
"imtest" "-m" "gssapi" "-u" "haba" "-p" "143"
(list server)))
;; An error would occur. So, let's exit in the case.
(cond
((not (processp pro))
(message "Creating an SSL/TLS connection...FAILED")
(throw 'loop nil))
((not (memq (process-status pro) '(run)))
(delete-process pro)
(message "Creating an SSL/TLS connection...FAILED")
(throw 'loop nil)))
;; stunnel is now running.
(message "Running1...")
(process-kill-without-query pro)
(setq pnm (process-name pro))
(mew-info-clean-up pnm)
(mew-ssl-set-try pnm 0)
(if (= mew-ssl-ver 4) (mew-ssl-set-file pnm (car opts)))
(mew-set-process-cs pro mew-cs-text-for-read mew-cs-text-for-write)
(set-process-filter pro 'mew-ssl-filter1)
(set-process-sentinel pro 'mew-ssl-sentinel)
(mew-rendezvous (null (mew-ssl-get-status pnm)))
(message "Running2...")
(if (eq (mew-ssl-get-status pnm) t)
(throw 'loop (setq bound t)))
;; bind-failure
(setq localport (1+ localport))
(setq i (1+ i))))
(mew-ssl-set-status pnm nil)
(message "Running3...")
(if (not bound)
(progn
(message "Creating an SSL/TLS connection...FAILED")
nil)
;; "stunnel" does not gain access to the remote port
;; until a tunneled connection is created.
;; So, we need to check the SSL/TLS tunnel with a dummy
;; tunneled connection here.
(set-process-filter pro 'mew-ssl-filter2)
(setq dummy (open-network-stream " *Mew dummy*" nil mew-ssl-localhost localport))
(with-temp-buffer
(insert "Timing problem!"))
(mew-rendezvous (null (mew-ssl-get-status pnm)))
(with-temp-buffer
(insert "Timing problem!"))
(if (processp dummy) (delete-process dummy))
(if (eq (mew-ssl-get-status pnm) t)
(progn
(message "Creating an SSL/TLS connection...done")
(set-process-filter pro 'mew-ssl-filter3)
pro)
;; verify-failure
(delete-process pro)
(message "Creating an SSL/TLS connection...FAILED (cert verify failure)")
nil)))))))
More information about the Mew-int
mailing list