From kmail-devel Fri Apr 18 20:45:16 2008 From: Joerg Lehrke Date: Fri, 18 Apr 2008 20:45:16 +0000 To: kmail-devel Subject: XYMPKI Authentication (Yahoo!) Support Message-Id: <200804182245.16994.jlehrke () noc ! de> X-MARC-Message: https://marc.info/?l=kmail-devel&m=120855435315031 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--Boundary-00=_chQCIKSlKvg8aHK" --Boundary-00=_chQCIKSlKvg8aHK Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline The iPhone mail client uses IMAP to access Yahoo! accounts. You can even access all folders of your free account this way. The IMAP server imap.mai.yahoo.com does not accept common authentication mechanisms for this access but implements AUTH=XYMPKI. This method is using a "magic cookie" generated from Yahoo! credentials and device ssl certificates. No challenge-response is necessary. The simplest way to access your Yahoo! account with KMail is to use the cookie generated from your iPhone -- e.g. from a network trace which looks like this: S: * OK IMAP4rev1 server ready (3.5.23.2) C: 1 CAPABILITY S: * CAPABILITY IMAP4rev1 LOGIN-REFERRALS AUTH=XYMCOOKIE AUTH=XYMCOOKIEB64 AUTH=XYMPKI ID S: 1 OK CAPABILITY completed C: 2 AUTHENTICATE XYMPKI S: + C: MAGIC-COOKIE S: 2 OK AUTHENTICATE completed C: 3 LIST "" "*" I patched the KMail version from kdepim-3.5.9-6.fc8.src.rpm to support this authentication mechanism. The cookie (actually two lines) must be copied in the username field, the password is ignored. Hope you find this usefull. If somebody likes to look deeper into the cookie structure, follow this discussion: http://www.hackint0sh.org/forum/archive/index.php/t-1349.html Cheers, J"org -- Joerg Lehrke GnuPG-KeyID: C66844AC Pi-BI: 2593079121 The Knoc http://k.noc.de/ GNU -- Protect your freedom! --Boundary-00=_chQCIKSlKvg8aHK Content-Type: text/x-diff; charset="us-ascii"; name="kmail-XYMPKI.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="kmail-XYMPKI.patch" --- ./kioslaves/imap4/imapparser.cc.yahoo-imap 2008-02-13 10:39:38.000000000 +0100 +++ ./kioslaves/imap4/imapparser.cc 2008-04-18 20:25:03.000000000 +0200 @@ -215,6 +215,43 @@ #endif bool +imapParser::yahooAuthenticate ( KIO::SlaveBase *slave, KIO::AuthInfo &ai, + const QString & aCookie, const QString & aAuth, bool isSSL, QString & resultInfo) +{ + imapCommand *cmd; + bool retVal = false; + + // see if server supports this authenticator + if (!hasCapability ("AUTH=" + aAuth)) + return false; + + cmd = sendCommand (new imapCommand ("AUTHENTICATE", aAuth)); + + while ( true ) + { + //read the next line + while (parseLoop() == 0); + if ( cmd->isComplete() ) break; + + if (continuation.isEmpty() && continuation.size() != 1) + return false; + + parseWriteLine (aCookie); + continuation.resize(0); + } + + if (cmd->result () == "OK") + { + currentState = ISTATE_LOGIN; + retVal = true; + } + resultInfo = cmd->resultInfo(); + completeQueue.removeRef (cmd); + + return retVal; +} + +bool imapParser::clientAuthenticate ( KIO::SlaveBase *slave, KIO::AuthInfo &ai, const QString & aFQDN, const QString & aAuth, bool isSSL, QString & resultInfo) { --- ./kioslaves/imap4/README.yahoo-imap 2005-09-10 10:24:05.000000000 +0200 +++ ./kioslaves/imap4/README 2008-04-18 20:25:03.000000000 +0200 @@ -1,8 +1,8 @@ This is s.carstens@gmx.de release of KDE 2.0 kioslave for the IMAP protocol. -It supports LOGIN, AUTHENTICATE LOGIN, AUTHENTICATE ANONYMOUS and -AUTHENTICATE CRAM-MD5. +It supports LOGIN, AUTHENTICATE LOGIN, AUTHENTICATE ANONYMOUS, +AUTHENTICATE CRAM-MD5 and AUTHETICATE XYMPKI (Yahoo!) It supports the rfc2192 URL naming convention. - UIDVALIDITY check is conditional --- ./kioslaves/imap4/imap4.cc.yahoo-imap 2008-02-13 10:39:38.000000000 +0100 +++ ./kioslaves/imap4/imap4.cc 2008-04-18 20:25:03.000000000 +0200 @@ -2135,6 +2135,7 @@ } else { + if (!yahooAuthenticate (this, authInfo, myUser, myAuth, mySSL, resultInfo)) { #ifdef HAVE_LIBSASL2 if (!clientAuthenticate (this, authInfo, myHost, myAuth, mySSL, resultInfo)) error(KIO::ERR_COULD_NOT_AUTHENTICATE, i18n("Unable to authenticate via %1.\n" @@ -2146,6 +2147,7 @@ #else error(KIO::ERR_COULD_NOT_LOGIN, i18n("SASL authentication is not compiled into kio_imap4.")); #endif + } } if ( hasCapability("NAMESPACE") ) { --- ./kioslaves/imap4/imapparser.h.yahoo-imap 2008-02-13 10:39:38.000000000 +0100 +++ ./kioslaves/imap4/imapparser.h 2008-04-18 20:25:03.000000000 +0200 @@ -244,6 +244,9 @@ * @param resultInfo The resultinfo from the command * @return success or failure */ + bool yahooAuthenticate (KIO::SlaveBase *slave, KIO::AuthInfo &ai, const QString & aCookie, + const QString & aAuth, bool isSSL, QString & resultInfo); + bool clientAuthenticate (KIO::SlaveBase *slave, KIO::AuthInfo &ai, const QString & aFQDN, const QString & aAuth, bool isSSL, QString & resultInfo); --- ./kmail/accountdialog.h.yahoo-imap 2008-02-13 10:39:38.000000000 +0100 +++ ./kmail/accountdialog.h 2008-04-18 20:25:04.000000000 +0200 @@ -195,6 +195,7 @@ QRadioButton *authCramMd5; QRadioButton *authDigestMd5; QRadioButton *authGSSAPI; + QRadioButton *authXYMPKI; QRadioButton *authNTLM; QRadioButton *authAnonymous; QPushButton *checkCapabilities; @@ -289,6 +290,7 @@ STARTTLS = 512, // TLS for IMAP GSSAPI = 1024, NTLM = 2048, + XYMPKI = 4096, // Yahoo! AllCapa = 0xffffffff }; unsigned int mCurCapa; --- ./kmail/accountdialog.cpp.yahoo-imap 2008-02-13 10:39:37.000000000 +0100 +++ ./kmail/accountdialog.cpp 2008-04-18 20:25:04.000000000 +0200 @@ -1121,6 +1121,7 @@ mImap.authNTLM = new QRadioButton( i18n("&NTLM"), mImap.authGroup ); mImap.authGSSAPI = new QRadioButton( i18n("&GSSAPI"), mImap.authGroup ); mImap.authAnonymous = new QRadioButton( i18n("&Anonymous"), mImap.authGroup ); + mImap.authXYMPKI = new QRadioButton( i18n("&XYMPKI"), mImap.authGroup ); vlay->addWidget( mImap.authGroup ); vlay->addStretch(); @@ -1291,6 +1292,8 @@ mImap.authNTLM->setChecked( true ); else if (ai.auth() == "GSSAPI") mImap.authGSSAPI->setChecked( true ); + else if (ai.auth() == "XYMPKI") + mImap.authXYMPKI->setChecked( true ); else if (ai.auth() == "ANONYMOUS") mImap.authAnonymous->setChecked( true ); else if (ai.auth() == "PLAIN") @@ -1342,7 +1345,9 @@ else if (ai.auth() == "NTLM") mImap.authNTLM->setChecked( true ); else if (ai.auth() == "ANONYMOUS") - mImap.authAnonymous->setChecked( true ); + mImap.authNTLM->setChecked( true ); + else if (ai.auth() == "XYMPKI") + mImap.authXYMPKI->setChecked( true ); else if (ai.auth() == "PLAIN") mImap.authPlain->setChecked( true ); else if (ai.auth() == "LOGIN") @@ -1699,6 +1704,8 @@ capa |= NTLM; else if ( cur == "AUTH=GSSAPI" ) capa |= GSSAPI; + else if ( cur == "AUTH=XYMPKI" ) + capa |= XYMPKI; else if ( cur == "AUTH=ANONYMOUS" ) capa |= Anonymous; else if ( cur == "STARTTLS" ) @@ -1757,6 +1764,7 @@ mImap.authNTLM->setEnabled( capa & NTLM ); mImap.authGSSAPI->setEnabled( capa & GSSAPI ); mImap.authAnonymous->setEnabled( capa & Anonymous ); + mImap.authXYMPKI->setEnabled( capa & XYMPKI ); } @@ -2233,6 +2241,8 @@ na.setAuth("NTLM"); else if (mImap.authGSSAPI->isChecked()) na.setAuth("GSSAPI"); + else if (mImap.authXYMPKI->isChecked()) + na.setAuth("XYMPKI"); else if (mImap.authAnonymous->isChecked()) na.setAuth("ANONYMOUS"); else if (mImap.authLogin->isChecked()) --- ./kmail/imapaccountbase.cpp.yahoo-imap 2008-02-13 10:39:37.000000000 +0100 +++ ./kmail/imapaccountbase.cpp 2008-04-18 22:12:02.000000000 +0200 @@ -276,8 +276,10 @@ } if ( mPasswordDialogIsActive ) return Connecting; - if( mAskAgain || ( ( passwd().isEmpty() || login().isEmpty() ) && - auth() != "GSSAPI" ) ) { + if( mAskAgain || + (passwd().isEmpty() && auth() != "GSSAPI" && auth() != "XYMPKI") || + (login().isEmpty() && auth() != "GSSAPI") ) + { Q_ASSERT( !mSlave ); // disconnected on 'wrong login' error already, or first try QString log = login(); --Boundary-00=_chQCIKSlKvg8aHK Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ KMail developers mailing list KMail-devel@kde.org https://mail.kde.org/mailman/listinfo/kmail-devel --Boundary-00=_chQCIKSlKvg8aHK--