[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AUTH= !*, what to do...

From: Sam Roberts
Subject: Re: AUTH= !*, what to do...
Date: Tue, 30 Oct 2001 00:58:13 -0500
User-agent: Mutt/1.3.16i


The world's slowest programmer is back for a few days, before returning
to Montreal for another weekend...

The attached patch does (a), from below, for the anonymous SASL mechanism.

Notice I split the authentication states out. It should be a tiny bit
easier to implement more AUTHENTICATE types. It still PREAUTHs (though
I don't have a preauthed server to test against).

I am guessing that there needs to be a state between every call that
could return EWOULDBLOCK if the socket was non-blocking, but I'd like
confirmation that I am using the IMAP macros correctly, and I am doing
the aproximately correct thing before committing.

Try with:


It has +11,000 messages! Anybody need a stress test?

$ ./mbox-check 'imap://;address@hidden/archive.info-cyrus'
g1 SELECT archive.info-cyrus
g1 OK [READ-ONLY] Completed
g2 OK Completed
count 11008 messages in <imap://;address@hidden/archive.info-cyrus>


Quoting Sam Roberts <address@hidden>, who wrote:
> I don't like the idea of making a network connection before the mailbox has
> been opened, and I don't think it's necessary.
> How about, in mailbox_create():
> If no auth mechanism is supplied in the URL, create a LOGIN auth mechanism
> (the one we currently have, this would be sensible and backwards compatible).
> If an AUTH= was supplied in the URL, that's the one the person wants, if we
> support it, create it, if we don't, return an error.
> Next, in mailbox_open():
> We make a network connection, the server responds with (from 3.4 of rfc2060):
> (3) BYE -> close the connection
> (2) PREAUTH -> move to authenticated state, bypassing any authentication,
>     even if the URL had one specified.
> (1) OK -> in this case we are supposed to authenticate.
>   We have two options:
>   a - attempt to use the auth mechanism we created (if it's not supported,
>       authentication will fail). If the mailbox is an anonymous mailbox,
>       then the auth mechanism auth=anonymous MUST have been specified for
>       authentication to work.
>   b - issue CAPABILITY, if the server supports auth=anonymous, authenticate
>       using it, bypassing "real" authentication. Otherwise, try (a). We
>       could see if the auth mechanism we are about to try is supported, but
>       I don't see the point.
> Future enhancement, have AUTH=* register ALL implemented mechanisms, then try

Sam Roberts <address@hidden> (Vivez sans temps mort!)

Attachment: _diff
Description: Text document

reply via email to

[Prev in Thread] Current Thread [Next in Thread]