[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: XYMPKI Authentication (Yahoo!) Support
From: Joerg Lehrke <jlehrke () noc ! de>
Date: 2008-04-18 20:45:16
Message-ID: 200804182245.16994.jlehrke () noc ! de
[Download RAW message or body]
The iPhone mail client uses IMAP to access Yahoo! accounts. You can even
access all folders of your free account this way. The IMAP server
imap.mai.yahoo.com does not accept common authentication mechanisms for this
access but implements AUTH=XYMPKI.
This method is using a "magic cookie" generated from Yahoo! credentials and
device ssl certificates. No challenge-response is necessary. The simplest way
to access your Yahoo! account with KMail is to use the cookie generated from
your iPhone -- e.g. from a network trace which looks like this:
S: * OK IMAP4rev1 server ready (3.5.23.2)
C: 1 CAPABILITY
S: * CAPABILITY IMAP4rev1 LOGIN-REFERRALS AUTH=XYMCOOKIE AUTH=XYMCOOKIEB64
AUTH=XYMPKI ID
S: 1 OK CAPABILITY completed
C: 2 AUTHENTICATE XYMPKI
S: +
C: MAGIC-COOKIE
S: 2 OK AUTHENTICATE completed
C: 3 LIST "" "*"
I patched the KMail version from kdepim-3.5.9-6.fc8.src.rpm to support this
authentication mechanism. The cookie (actually two lines) must be copied in
the username field, the password is ignored.
Hope you find this usefull. If somebody likes to look deeper into the cookie
structure, follow this discussion:
http://www.hackint0sh.org/forum/archive/index.php/t-1349.html
Cheers,
J"org
--
Joerg Lehrke GnuPG-KeyID: C66844AC Pi-BI: 2593079121
The Knoc http://k.noc.de/ GNU -- Protect your freedom!
["kmail-XYMPKI.patch" (text/x-diff)]
--- ./kioslaves/imap4/imapparser.cc.yahoo-imap 2008-02-13 10:39:38.000000000 +0100
+++ ./kioslaves/imap4/imapparser.cc 2008-04-18 20:25:03.000000000 +0200
@@ -215,6 +215,43 @@
#endif
bool
+imapParser::yahooAuthenticate ( KIO::SlaveBase *slave, KIO::AuthInfo &ai,
+ const QString & aCookie, const QString & aAuth, bool isSSL, QString & resultInfo)
+{
+ imapCommand *cmd;
+ bool retVal = false;
+
+ // see if server supports this authenticator
+ if (!hasCapability ("AUTH=" + aAuth))
+ return false;
+
+ cmd = sendCommand (new imapCommand ("AUTHENTICATE", aAuth));
+
+ while ( true )
+ {
+ //read the next line
+ while (parseLoop() == 0);
+ if ( cmd->isComplete() ) break;
+
+ if (continuation.isEmpty() && continuation.size() != 1)
+ return false;
+
+ parseWriteLine (aCookie);
+ continuation.resize(0);
+ }
+
+ if (cmd->result () == "OK")
+ {
+ currentState = ISTATE_LOGIN;
+ retVal = true;
+ }
+ resultInfo = cmd->resultInfo();
+ completeQueue.removeRef (cmd);
+
+ return retVal;
+}
+
+bool
imapParser::clientAuthenticate ( KIO::SlaveBase *slave, KIO::AuthInfo &ai,
const QString & aFQDN, const QString & aAuth, bool isSSL, QString & resultInfo)
{
--- ./kioslaves/imap4/README.yahoo-imap 2005-09-10 10:24:05.000000000 +0200
+++ ./kioslaves/imap4/README 2008-04-18 20:25:03.000000000 +0200
@@ -1,8 +1,8 @@
This is s.carstens@gmx.de release of KDE 2.0 kioslave
for the IMAP protocol.
-It supports LOGIN, AUTHENTICATE LOGIN, AUTHENTICATE ANONYMOUS and
-AUTHENTICATE CRAM-MD5.
+It supports LOGIN, AUTHENTICATE LOGIN, AUTHENTICATE ANONYMOUS,
+AUTHENTICATE CRAM-MD5 and AUTHETICATE XYMPKI (Yahoo!)
It supports the rfc2192 URL naming convention.
- UIDVALIDITY check is conditional
--- ./kioslaves/imap4/imap4.cc.yahoo-imap 2008-02-13 10:39:38.000000000 +0100
+++ ./kioslaves/imap4/imap4.cc 2008-04-18 20:25:03.000000000 +0200
@@ -2135,6 +2135,7 @@
}
else
{
+ if (!yahooAuthenticate (this, authInfo, myUser, myAuth, mySSL, resultInfo)) {
#ifdef HAVE_LIBSASL2
if (!clientAuthenticate (this, authInfo, myHost, myAuth, mySSL, resultInfo))
error(KIO::ERR_COULD_NOT_AUTHENTICATE, i18n("Unable to authenticate via %1.\n"
@@ -2146,6 +2147,7 @@
#else
error(KIO::ERR_COULD_NOT_LOGIN, i18n("SASL authentication is not compiled into kio_imap4."));
#endif
+ }
}
if ( hasCapability("NAMESPACE") )
{
--- ./kioslaves/imap4/imapparser.h.yahoo-imap 2008-02-13 10:39:38.000000000 +0100
+++ ./kioslaves/imap4/imapparser.h 2008-04-18 20:25:03.000000000 +0200
@@ -244,6 +244,9 @@
* @param resultInfo The resultinfo from the command
* @return success or failure
*/
+ bool yahooAuthenticate (KIO::SlaveBase *slave, KIO::AuthInfo &ai, const QString & aCookie,
+ const QString & aAuth, bool isSSL, QString & resultInfo);
+
bool clientAuthenticate (KIO::SlaveBase *slave, KIO::AuthInfo &ai, const QString & aFQDN,
const QString & aAuth, bool isSSL, QString & resultInfo);
--- ./kmail/accountdialog.h.yahoo-imap 2008-02-13 10:39:38.000000000 +0100
+++ ./kmail/accountdialog.h 2008-04-18 20:25:04.000000000 +0200
@@ -195,6 +195,7 @@
QRadioButton *authCramMd5;
QRadioButton *authDigestMd5;
QRadioButton *authGSSAPI;
+ QRadioButton *authXYMPKI;
QRadioButton *authNTLM;
QRadioButton *authAnonymous;
QPushButton *checkCapabilities;
@@ -289,6 +290,7 @@
STARTTLS = 512, // TLS for IMAP
GSSAPI = 1024,
NTLM = 2048,
+ XYMPKI = 4096, // Yahoo!
AllCapa = 0xffffffff
};
unsigned int mCurCapa;
--- ./kmail/accountdialog.cpp.yahoo-imap 2008-02-13 10:39:37.000000000 +0100
+++ ./kmail/accountdialog.cpp 2008-04-18 20:25:04.000000000 +0200
@@ -1121,6 +1121,7 @@
mImap.authNTLM = new QRadioButton( i18n("&NTLM"), mImap.authGroup );
mImap.authGSSAPI = new QRadioButton( i18n("&GSSAPI"), mImap.authGroup );
mImap.authAnonymous = new QRadioButton( i18n("&Anonymous"), mImap.authGroup );
+ mImap.authXYMPKI = new QRadioButton( i18n("&XYMPKI"), mImap.authGroup );
vlay->addWidget( mImap.authGroup );
vlay->addStretch();
@@ -1291,6 +1292,8 @@
mImap.authNTLM->setChecked( true );
else if (ai.auth() == "GSSAPI")
mImap.authGSSAPI->setChecked( true );
+ else if (ai.auth() == "XYMPKI")
+ mImap.authXYMPKI->setChecked( true );
else if (ai.auth() == "ANONYMOUS")
mImap.authAnonymous->setChecked( true );
else if (ai.auth() == "PLAIN")
@@ -1342,7 +1345,9 @@
else if (ai.auth() == "NTLM")
mImap.authNTLM->setChecked( true );
else if (ai.auth() == "ANONYMOUS")
- mImap.authAnonymous->setChecked( true );
+ mImap.authNTLM->setChecked( true );
+ else if (ai.auth() == "XYMPKI")
+ mImap.authXYMPKI->setChecked( true );
else if (ai.auth() == "PLAIN")
mImap.authPlain->setChecked( true );
else if (ai.auth() == "LOGIN")
@@ -1699,6 +1704,8 @@
capa |= NTLM;
else if ( cur == "AUTH=GSSAPI" )
capa |= GSSAPI;
+ else if ( cur == "AUTH=XYMPKI" )
+ capa |= XYMPKI;
else if ( cur == "AUTH=ANONYMOUS" )
capa |= Anonymous;
else if ( cur == "STARTTLS" )
@@ -1757,6 +1764,7 @@
mImap.authNTLM->setEnabled( capa & NTLM );
mImap.authGSSAPI->setEnabled( capa & GSSAPI );
mImap.authAnonymous->setEnabled( capa & Anonymous );
+ mImap.authXYMPKI->setEnabled( capa & XYMPKI );
}
@@ -2233,6 +2241,8 @@
na.setAuth("NTLM");
else if (mImap.authGSSAPI->isChecked())
na.setAuth("GSSAPI");
+ else if (mImap.authXYMPKI->isChecked())
+ na.setAuth("XYMPKI");
else if (mImap.authAnonymous->isChecked())
na.setAuth("ANONYMOUS");
else if (mImap.authLogin->isChecked())
--- ./kmail/imapaccountbase.cpp.yahoo-imap 2008-02-13 10:39:37.000000000 +0100
+++ ./kmail/imapaccountbase.cpp 2008-04-18 22:12:02.000000000 +0200
@@ -276,8 +276,10 @@
}
if ( mPasswordDialogIsActive ) return Connecting;
- if( mAskAgain || ( ( passwd().isEmpty() || login().isEmpty() ) &&
- auth() != "GSSAPI" ) ) {
+ if( mAskAgain ||
+ (passwd().isEmpty() && auth() != "GSSAPI" && auth() != "XYMPKI") ||
+ (login().isEmpty() && auth() != "GSSAPI") )
+ {
Q_ASSERT( !mSlave ); // disconnected on 'wrong login' error already, or first try
QString log = login();
_______________________________________________
KMail developers mailing list
KMail-devel@kde.org
https://mail.kde.org/mailman/listinfo/kmail-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic