Article delegate-en/3026 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3024@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Authenticating IMAP access
14 Jul 2005 16:36:44 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


In message <_A3024@delegate-en.ML_> on 07/14/05(10:08:15) I wrote:
 |In message <_A3023@delegate-en.ML_> on 07/14/05(08:46:04)
 |you Peter Kaldis <pw4fqbdyi-6rjyzcjfez3r.ml@ml.delegate.org> wrote:
 | |Second, I'd like to ask for your help once more. I've built and installed version 9.0.3-pre29 which contains your IMAP patch to support the AUTHORIZOR argument. Running it with the -list argument as per your
 | |example works fine. However if I try to use "localhost" or the -Fauth to define a set of users:passwords, this doesn't seem to work.
 |...
 | |07/13 16:15:19.81 [27880] 1+0: C: 1 login "pkaldis" ****
 | |07/13 16:15:19.81 [27880] 1+0: persistent auth: ftp://pkaldis@localhost:21 /var/spool/delegate-nobody/adm/authorizer/localhost/457ac90b1c1f4d78f47db9fba87aeca4
 | |07/13 16:15:19.81 [27880] 1+0: ConnectToServer connected [18] {127.0.0.1:21 <- 127.0.0.1:33352} [0.000s]
 | |07/13 16:15:19.81 [27880] 1+0: willSTLS_SV: ServerFlags=10
 | |07/13 16:15:22.18 [27880] 1+0: ## Auth/FTP = -1 <pkaldis:****@localhost>
 |
 |I suppose the reason of the failure is that the password argument for LOGIN
 |is sent as "String" rather than Atom.  You can see what is sent from the
 |client with "FFROMCL=-tee" parameter.
 |
 |The patch should have been like the enclosed patch to cope with String. 
 |And, I should support AUTHENTICATE command as well as LOGIN command...

I modified the IMAP-DeleGate to reject AUTHENTICATE command when it is
running with AUTHORIZER restriction.  I confirmed that Thunderbird works
with the modified version, sending AUTHENTICATE first to be rejected,
then retrying with LOGIN with "username" "password" arguments.
The modified version will be uploaded as 9.0.3-pre30.

Cheers,
Yutaka
--
  D G   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller


*** ../delegate9.0.3-pre29/src/imap.c	Mon Jul 11 05:54:34 2005
--- src/imap.c	Fri Jul 15 01:26:58 2005
***************
*** 228,239 ****
--- 228,255 ----
  		}
  		else	newconn = 0;
  
+ 		if( strcaseeq(qcmd,"AUTHENTICATE") ){
+ 			if( CTX_withAuth(Conn) ){
+ 				sv1log("#### NO AUTHENTICATE [%s]\n",qarg);
+ 				fprintf(tc,"%s NO do LOGIN instead\r\n",qtag);
+ 				fflush(tc);
+ 				continue;
+ 			}
+ 		}
  		if( strcaseeq(qcmd,"LOGIN") ){
  			CStr(user,64);
+ 			CStr(pass,64);
  			if( *qarg == '"' )
  				wordScanY(qarg+1,user,"^\"");
  			else	wordScan(qarg,user);
+ 			if( *qrem == '"' )
+ 				wordScanY(qrem+1,pass,"^\"");
+ 			else	wordScan(qrem,pass);
+ 			/*
  			if( CTX_auth(Conn,user,qrem) < 0 ){
+ 			*/
+ 			if( CTX_auth(Conn,user,pass) < 0 ){
+ 				sv1log("#### [%s] LOGIN forbidden\n",user);
  				fprintf(tc,"%s NO LOGIN forbidden\r\n",qtag);
  				fflush(tc);
  				continue;

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V