Article delegate-en/3028 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3026@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Authenticating IMAP access
14 Jul 2005 21:52:35 GMT Peter Kaldis <pw4fqbdyi-6cfuxbsigb3r.ml@ml.delegate.org>


Thanks Yutaka, this patch seems to be working!



Yutaka Sato wrote:
> In message <_A3024@delegate-en.ML_> on 07/14/05(10:08:15) I wrote:
>  |In message <_A3023@delegate-en.ML_> on 07/14/05(08:46:04)
>  |you Peter Kaldis <pw4fqbdyi-6cfuxbsigb3r.ml@ml.delegate.org> wrote:
>  | |Second, I'd like to ask for your help once more. I've built and installed version 9.0.3-pre29 which contains your IMAP patch to support the AUTHORIZOR argument. Running it with the -list argument as per your
>  | |example works fine. However if I try to use "localhost" or the -Fauth to define a set of users:passwords, this doesn't seem to work.
>  |...
>  | |07/13 16:15:19.81 [27880] 1+0: C: 1 login "pkaldis" ****
>  | |07/13 16:15:19.81 [27880] 1+0: persistent auth: ftp://pkaldis@localhost:21 /var/spool/delegate-nobody/adm/authorizer/localhost/457ac90b1c1f4d78f47db9fba87aeca4
>  | |07/13 16:15:19.81 [27880] 1+0: ConnectToServer connected [18] {127.0.0.1:21 <- 127.0.0.1:33352} [0.000s]
>  | |07/13 16:15:19.81 [27880] 1+0: willSTLS_SV: ServerFlags=10
>  | |07/13 16:15:22.18 [27880] 1+0: ## Auth/FTP = -1 <pkaldis:****@localhost>
>  |
>  |I suppose the reason of the failure is that the password argument for LOGIN
>  |is sent as "String" rather than Atom.  You can see what is sent from the
>  |client with "FFROMCL=-tee" parameter.
>  |
>  |The patch should have been like the enclosed patch to cope with String. 
>  |And, I should support AUTHENTICATE command as well as LOGIN command...
> 
> I modified the IMAP-DeleGate to reject AUTHENTICATE command when it is
> running with AUTHORIZER restriction.  I confirmed that Thunderbird works
> with the modified version, sending AUTHENTICATE first to be rejected,
> then retrying with LOGIN with "username" "password" arguments.
> The modified version will be uploaded as 9.0.3-pre30.
> 
> Cheers,
> Yutaka
> --
>   D G   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
>  ( - )  National Institute of Advanced Industrial Science and Technology
> _<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> Do the more with the less -- B. Fuller
> 
> 
> *** ../delegate9.0.3-pre29/src/imap.c	Mon Jul 11 05:54:34 2005
> --- src/imap.c	Fri Jul 15 01:26:58 2005
> ***************
> *** 228,239 ****
> --- 228,255 ----
>   		}
>   		else	newconn = 0;
>   
> + 		if( strcaseeq(qcmd,"AUTHENTICATE") ){
> + 			if( CTX_withAuth(Conn) ){
> + 				sv1log("#### NO AUTHENTICATE [%s]\n",qarg);
> + 				fprintf(tc,"%s NO do LOGIN instead\r\n",qtag);
> + 				fflush(tc);
> + 				continue;
> + 			}
> + 		}
>   		if( strcaseeq(qcmd,"LOGIN") ){
>   			CStr(user,64);
> + 			CStr(pass,64);
>   			if( *qarg == '"' )
>   				wordScanY(qarg+1,user,"^\"");
>   			else	wordScan(qarg,user);
> + 			if( *qrem == '"' )
> + 				wordScanY(qrem+1,pass,"^\"");
> + 			else	wordScan(qrem,pass);
> + 			/*
>   			if( CTX_auth(Conn,user,qrem) < 0 ){
> + 			*/
> + 			if( CTX_auth(Conn,user,pass) < 0 ){
> + 				sv1log("#### [%s] LOGIN forbidden\n",user);
>   				fprintf(tc,"%s NO LOGIN forbidden\r\n",qtag);
>   				fflush(tc);
>   				continue;


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V