Article delegate-en/3023 of [1-4095] on the server localhost:7119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3019@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en
[DeleGate-En] Re: Authenticating IMAP access
13 Jul 2005 23:48:13 GMT Peter Kaldis <pw4fqbdyi-mykgh43ig4tw.ml@delegate.org> 
Peter Kaldis wrote:
 > Thanks! I'll give it a try.
 >
 > Yutaka Sato wrote:
 >
 >> Oh, I see.  I think you can do it with MOUNT, but it is straightforward
 >> to do it with AUTHORIZER in the case.  So I made a patch for imap.c to
 >> refer AUTHORIZER in IMAP LOGIN.  With this patch and with an AUTHORIZER
 >> parameter, only users authorized with AUTHORIZER is permitted to pass
 >> the proxy-IMAP-DeleGate.  A simple AUTHORIZER of type "-list" can be used
 >> to enumerate users to be permitted like this.
 >>
 >>   delegated -P143 SERVER=imap://server AUTHORIZER="-list{user1,user2,...}"
 >>
 >> Cheers,
 >> Yutaka

Yutaka, first off, I'd like to thank you for an excellent piece of software. Its very useful in so many ways.

Second, I'd like to ask for your help once more. I've built and installed version 9.0.3-pre29 which contains your IMAP patch to support the AUTHORIZOR argument. Running it with the -list argument as per your
example works fine. However if I try to use "localhost" or the -Fauth to define a set of users:passwords, this doesn't seem to work.

Here's some examples with the logs. First with localhost.

[root@bigwilly Delegated]# ./delegated -v -P143 SERVER="imap://nsmail.pixar.com" AUTHORIZER="localhost" RELIABLE="*"
07/13 16:15:09.30 [27879] 0+0: PORT> -P143
07/13 16:15:09.30 [27879] 0+0: configuring default RESOLV ...
07/13 16:15:09.30 [27879] 0+0: ... SYS: bigwilly -> 138.72.42.18
07/13 16:15:09.30 [27879] 0+0: ... DNS: 138.72.42.18 -> bigwilly.pixar.com
07/13 16:15:09.30 [27879] 0+0: ... DNS available
07/13 16:15:09.30 [27879] 0+0: ... NIS domain: pixar.com
07/13 16:15:09.30 [27879] 0+0: ... export RES_ORDER=CFND
07/13 16:15:09.30 [27879] 0+0: export RESOLV=cache,file,nis,dns (set by default)
07/13 16:15:09.30 [27879] 0+0: --INITIALIZATION START: 9.0.3-pre29 on Linux/2.4.21-4.ELsmp--
07/13 16:15:09.30 [27879] 0+0: BINSHELL=/bin/sh
07/13 16:15:09.30 [27879] 0+0: server_open(delegate,:143,listen=20)
07/13 16:15:09.30 [27879] 0+0: server_open(delegate,:143) BOUND
07/13 16:15:09.30 [27879] 0+0: DGROOT=/var/spool/delegate-nobody^M
07/13 16:15:09.30 [27879] 0+0: <DeleGate/9.0.3-pre29> [27879] -P143 READY^M
<DeleGate/9.0.3-pre29> [27879] -P143 READY
DGROOT=/var/spool/delegate-nobody
ADMIN=pw4fqbdyi-mykgh43ig4tw.ml@delegate.org
AIST-Product-ID: 2000-ETL-198715-01, H14PRO-049, H15PRO-165
Copyright (c) 1994-2000 Yutaka Sato and ETL,AIST,MITI
Copyright (c) 2001-2005 National Institute of Advanced Industrial Science and Technology (AIST)
07/13 16:15:09.30 [27879] 0+0: PORT= 143/10 (0,143)
07/13 16:15:09.30 [27879] 0+0: OWNER=nobody => OWNER=nobody/nobody(nobody/nobody)
07/13 16:15:09.31 [27879] 0+0: REMITTABLE = imap,imaps
07/13 16:15:09.31 [27879] 0+0: --- [z] 82413B0 libz.so
07/13 16:15:09.31 [27879] 0+0: ---- [z] loaded 5 syms, unknown=0, already=0
07/13 16:15:09.31 [27879] 0+0: #### gzip/gunzip = dynamically linked
07/13 16:15:09.31 [27879] 0+0: ADMIN=pw4fqbdyi-mykgh43ig4tw.ml@delegate.org protocol=imap(specialist)
-delegated[27879]- WARNING! ADMIN="your_mail_address" should be specified.
-delegated[27879]- INFO: using ADMIN=pw4fqbdyi-mykgh43ig4tw.ml@delegate.org given at compile time.
07/13 16:15:09.31 [27879] 0+0: MOUNT[0]X[2] /-/builtin/icons/* = default
07/13 16:15:09.31 [27879] 0+0: MOUNT[1]X[3] /-/* = forbidden,from=!.RELIABLE,default
07/13 16:15:09.31 [27879] 0+0: MOUNT[2]X[0] /-* = default
07/13 16:15:09.31 [27879] 0+0: MOUNT[3]X[1] /=* = default
07/13 16:15:09.31 [27879] 0+0: MOUNT[4]=[4] //* = default
07/13 16:15:09.31 [27879] 0+0: env[25] LIBPATH=.;/data/Delegated;/var/spool/delegate-nobody/lib;.;/var/spool/delegate-nobody/etc
07/13 16:15:09.31 [27879] 0+0: env[27] RESOLV=cache,file,nis,dns
07/13 16:15:09.31 [27879] 0+0: arg[3] SERVER=imap://nsmail.pixar.com
07/13 16:15:09.31 [27879] 0+0: arg[4] AUTHORIZER=localhost
07/13 16:15:09.31 [27879] 0+0: arg[5] RELIABLE=*
07/13 16:15:09.31 [27879] 0+0: DELEGATE_Modified[1]: 42d5a07d
07/13 16:15:09.31 [27879] 0+0: --INITIALIZATION DONE: 9.0.3-pre29 on Linux/2.4.21-4.ELsmp--


07/13 16:15:15.81 [27880] 1+0: -- Fork(OnetimeServer): 27879 -> 27880
07/13 16:15:15.81 [27880] 1+0: (0) accepted [40] -@[138.72.82.232]chameleon.mobile.pixar.com:3371 (0.002s)(1)
07/13 16:15:15.81 [27880] 1+0: PATH: imap://nsmail.pixar.com:143!bigwilly.pixar.com:143!chameleon.mobile.pixar.com:3371!anonymous@chameleon.mobile.pixar.com;1121296515
07/13 16:15:15.83 [27880] 1+0: ConnectToServer: DFLT=imap://nsmail.pixar.com:143 REAL=://:0
07/13 16:15:15.83 [27880] 1+0: ConnectToServer connected [10] {138.72.19.137:143 <- 138.72.42.18:33351} [0.000s]
07/13 16:15:15.83 [27880] 1+0: willSTLS_SV: ServerFlags=10
07/13 16:15:15.83 [27880] 1+0: S: * OK postpony.pixar.com IMAP4 service (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep  8 2003))^M
07/13 16:15:15.83 [27880] 1+0: willSTLS_SV: ServerFlags=10
07/13 16:15:19.81 [27880] 1+0: C: 1 login "pkaldis" ****
07/13 16:15:19.81 [27880] 1+0: persistent auth: ftp://pkaldis@localhost:21 /var/spool/delegate-nobody/adm/authorizer/localhost/457ac90b1c1f4d78f47db9fba87aeca4
07/13 16:15:19.81 [27880] 1+0: ConnectToServer connected [18] {127.0.0.1:21 <- 127.0.0.1:33352} [0.000s]
07/13 16:15:19.81 [27880] 1+0: willSTLS_SV: ServerFlags=10
07/13 16:15:22.18 [27880] 1+0: ## Auth/FTP = -1 <pkaldis:****@localhost>
07/13 16:15:22.18 [27880] 1+0: AUTHORIZER=localhost host=[localhost] user=[pkaldis] -> NO


The localhost allows a simple ftp connection with this same user:password combination to succeed, so I assumed the above should work as well since AUTHORIZOR is defaulting to ftp as the auth mechanism, right?

[root@bigwilly Delegated]# ftp 127.0.0.1
Connected to 127.0.0.1.
220 (vsFTPd 1.2.0)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): pkaldis
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.


Now an example with -Fauth

[root@bigwilly Delegated]# ./delegated -Fauth -v pkaldis -users.local
+OK current auth. for ftp://pkaldis@-users..:21 follows:
PATH: /var/spool/delegate-nobody/adm/authorizer/-users.local/ac3db719d11bb50c174505fca4cd7bfa
AUTH: ftp://pkaldis@-users..:21
PASS: 7bac51812a6a224e63c9b8f85f8e234c
EXPIRE: never


[root@bigwilly Delegated]# ./delegated -v -P143 SERVER="imap://nsmail.pixar.com" AUTHORIZER="-users.local" RELIABLE="*"
07/13 16:31:30.31 [27897] 0+0: PORT> -P143
07/13 16:31:30.32 [27897] 0+0: configuring default RESOLV ...
07/13 16:31:30.32 [27897] 0+0: ... SYS: bigwilly -> 138.72.42.18
07/13 16:31:30.32 [27897] 0+0: ... DNS: 138.72.42.18 -> bigwilly.pixar.com
07/13 16:31:30.32 [27897] 0+0: ... DNS available
07/13 16:31:30.32 [27897] 0+0: ... NIS domain: pixar.com
07/13 16:31:30.32 [27897] 0+0: ... export RES_ORDER=CFND
07/13 16:31:30.32 [27897] 0+0: export RESOLV=cache,file,nis,dns (set by default)
07/13 16:31:30.32 [27897] 0+0: --INITIALIZATION START: 9.0.3-pre29 on Linux/2.4.21-4.ELsmp--
07/13 16:31:30.32 [27897] 0+0: BINSHELL=/bin/sh
07/13 16:31:30.32 [27897] 0+0: server_open(delegate,:143,listen=20)
07/13 16:31:30.32 [27897] 0+0: server_open(delegate,:143) BOUND
07/13 16:31:30.32 [27897] 0+0: DGROOT=/var/spool/delegate-nobody^M
07/13 16:31:30.32 [27897] 0+0: <DeleGate/9.0.3-pre29> [27897] -P143 READY^M
<DeleGate/9.0.3-pre29> [27897] -P143 READY
DGROOT=/var/spool/delegate-nobody
ADMIN=pw4fqbdyi-mykgh43ig4tw.ml@delegate.org
AIST-Product-ID: 2000-ETL-198715-01, H14PRO-049, H15PRO-165
Copyright (c) 1994-2000 Yutaka Sato and ETL,AIST,MITI
Copyright (c) 2001-2005 National Institute of Advanced Industrial Science and Technology (AIST)
07/13 16:31:30.32 [27897] 0+0: PORT= 143/10 (0,143)
07/13 16:31:30.32 [27897] 0+0: OWNER=nobody => OWNER=nobody/nobody(nobody/nobody)
07/13 16:31:30.32 [27897] 0+0: REMITTABLE = imap,imaps
07/13 16:31:30.32 [27897] 0+0: --- [z] 8240DB8 libz.so
07/13 16:31:30.32 [27897] 0+0: ---- [z] loaded 5 syms, unknown=0, already=0
07/13 16:31:30.32 [27897] 0+0: #### gzip/gunzip = dynamically linked
07/13 16:31:30.32 [27897] 0+0: ADMIN=pw4fqbdyi-mykgh43ig4tw.ml@delegate.org protocol=imap(specialist)
-delegated[27897]- WARNING! ADMIN="your_mail_address" should be specified.
-delegated[27897]- INFO: using ADMIN=pw4fqbdyi-mykgh43ig4tw.ml@delegate.org given at compile time.
07/13 16:31:30.32 [27897] 0+0: MOUNT[0]X[2] /-/builtin/icons/* = default
07/13 16:31:30.32 [27897] 0+0: MOUNT[1]X[3] /-/* = forbidden,from=!.RELIABLE,default
07/13 16:31:30.32 [27897] 0+0: MOUNT[2]X[0] /-* = default
07/13 16:31:30.32 [27897] 0+0: MOUNT[3]X[1] /=* = default
07/13 16:31:30.32 [27897] 0+0: MOUNT[4]=[4] //* = default
07/13 16:31:30.32 [27897] 0+0: env[25] LIBPATH=.;/data/Delegated;/var/spool/delegate-nobody/lib;.;/var/spool/delegate-nobody/etc
07/13 16:31:30.32 [27897] 0+0: env[27] RESOLV=cache,file,nis,dns
07/13 16:31:30.32 [27897] 0+0: arg[3] SERVER=imap://nsmail.pixar.com
07/13 16:31:30.32 [27897] 0+0: arg[4] AUTHORIZER=-users.local
07/13 16:31:30.32 [27897] 0+0: arg[5] RELIABLE=*
07/13 16:31:30.32 [27897] 0+0: DELEGATE_Modified[1]: 42d5a452
07/13 16:31:30.32 [27897] 0+0: --INITIALIZATION DONE: 9.0.3-pre29 on Linux/2.4.21-4.ELsmp--


07/13 16:31:38.89 [27898] 1+0: -- Fork(OnetimeServer): 27897 -> 27898
07/13 16:31:38.89 [27898] 1+0: (0) accepted [26] -@[138.72.82.232]chameleon.mobile.pixar.com:3397 (0.005s)(1)
07/13 16:31:38.89 [27898] 1+0: PATH: imap://nsmail.pixar.com:143!bigwilly.pixar.com:143!chameleon.mobile.pixar.com:3397!anonymous@chameleon.mobile.pixar.com;1121297498
07/13 16:31:53.94 [27898] 1+0: ConnectToServer: DFLT=imap://nsmail.pixar.com:143 REAL=://:0
07/13 16:31:53.94 [27898] 1+0: ConnectToServer connected [10] {138.72.19.137:143 <- 138.72.42.18:33366} [0.002s]
07/13 16:31:53.94 [27898] 1+0: willSTLS_SV: ServerFlags=10
07/13 16:31:53.94 [27898] 1+0: S: * OK postpony.pixar.com IMAP4 service (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep  8 2003))^M
07/13 16:31:53.94 [27898] 1+0: willSTLS_SV: ServerFlags=10
07/13 16:31:59.44 [27898] 1+0: C: 1 login "pkaldis" ****
07/13 16:31:59.44 [27898] 1+0: persistent auth: ftp://pkaldis@-users..:21 /var/spool/delegate-nobody/adm/authorizer/-users.local/ac3db719d11bb50c174505fca4cd7bfa
07/13 16:31:59.44 [27898] 1+0: ## Auth/FTP = -1 <pkaldis:****@-users.local>
07/13 16:31:59.44 [27898] 1+0: AUTHORIZER=-users.local host=[-users.local] user=[pkaldis] -> NO


Did I misunderstand your patch, or is it not working as it should?
  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V