X-Git-Url: http://cgit.sxemacs.org/?a=blobdiff_plain;f=lisp%2Fsieve-manage.el;h=a3647061d15906709a9d6111a9cfeae0062f1f03;hb=c9a58d3bdde1e6a8d653c1126f807da23441e459;hp=ca77067f0d3adae5ee4418f934c0f82b68080700;hpb=089df18d7b6e0325ba604b998579916faa0797b3;p=gnus diff --git a/lisp/sieve-manage.el b/lisp/sieve-manage.el index ca77067f0..a3647061d 100644 --- a/lisp/sieve-manage.el +++ b/lisp/sieve-manage.el @@ -1,31 +1,34 @@ ;;; sieve-manage.el --- Implementation of the managesive protocol in elisp -;; Copyright (C) 2001 Free Software Foundation, Inc. + +;; Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, +;; 2010 Free Software Foundation, Inc. ;; Author: Simon Josefsson -;; This file is not part of GNU Emacs, but the same permissions apply. +;; This file is part of GNU Emacs. -;; GNU Emacs is free software; you can redistribute it and/or modify +;; GNU Emacs is free software: you can redistribute it and/or modify ;; it under the terms of the GNU General Public License as published by -;; the Free Software Foundation; either version 2, or (at your option) -;; any later version. +;; the Free Software Foundation, either version 3 of the License, or +;; (at your option) any later version. ;; GNU Emacs is distributed in the hope that it will be useful, ;; but WITHOUT ANY WARRANTY; without even the implied warranty of -;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;; GNU General Public License for more details. ;; You should have received a copy of the GNU General Public License -;; along with GNU Emacs; see the file COPYING. If not, write to the -;; Free Software Foundation, Inc., 59 Temple Place - Suite 330, -;; Boston, MA 02111-1307, USA. +;; along with GNU Emacs. If not, see . ;;; Commentary: ;; This library provides an elisp API for the managesieve network ;; protocol. ;; -;; Currently only the CRAM-MD5 authentication mechanism is supported. +;; It uses the SASL library for authentication, which means it +;; supports DIGEST-MD5, CRAM-MD5, SCRAM-MD5, NTLM, PLAIN and LOGIN +;; methods. STARTTLS is not well tested, but should be easy to get to +;; work if someone wants. ;; ;; The API should be fairly obvious for anyone familiar with the ;; managesieve protocol, interface functions include: @@ -40,20 +43,18 @@ ;; `sieve-manage-close' ;; close a server connection. ;; -;; `sieve-manage-authenticate' ;; `sieve-manage-listscripts' +;; `sieve-manage-deletescript' +;; `sieve-manage-getscript' ;; performs managesieve protocol actions ;; ;; and that's it. Example of a managesieve session in *scratch*: ;; -;; (setq my-buf (sieve-manage-open "my.server.com")) -;; " *sieve* my.server.com:2000*" -;; -;; (sieve-manage-authenticate "myusername" "mypassword" my-buf) -;; 'auth +;; (with-current-buffer (sieve-manage-open "mail.example.com") +;; (sieve-manage-authenticate) +;; (sieve-manage-listscripts)) ;; -;; (sieve-manage-listscripts my-buf) -;; ("vacation" "testscript" ("splitmail") "badscript") +;; => ((active . "main") "vacation") ;; ;; References: ;; @@ -64,16 +65,26 @@ ;; Release history: ;; ;; 2001-10-31 Committed to Oort Gnus. -;; -;; $Id: sieve-manage.el,v 6.2 2001/11/01 01:18:11 zsh Exp $ +;; 2002-07-27 Added DELETESCRIPT. Suggested by Ned Ludd. +;; 2002-08-03 Use SASL library. ;;; Code: -(require 'rfc2104) -(or (fboundp 'md5) - (require 'md5)) +;; For Emacs <22.2 and XEmacs. (eval-and-compile - (autoload 'starttls-open-stream "starttls")) + (unless (fboundp 'declare-function) (defmacro declare-function (&rest r)))) + +(if (locate-library "password-cache") + (require 'password-cache) + (require 'password)) + +(eval-when-compile + (require 'cl) ; caddr + (require 'sasl) + (require 'starttls)) +(autoload 'sasl-find-mechanism "sasl") +(autoload 'starttls-open-stream "starttls") +(autoload 'auth-source-user-or-password "auth-source") ;; User customizable variables: @@ -84,22 +95,22 @@ (defcustom sieve-manage-log "*sieve-manage-log*" "Name of buffer for managesieve session trace." - :type 'string) - -(defcustom sieve-manage-default-user (user-login-name) - "Default username to use." - :type 'string) + :type 'string + :group 'sieve-manage) (defcustom sieve-manage-server-eol "\r\n" "The EOL string sent from the server." - :type 'string) + :type 'string + :group 'sieve-manage) (defcustom sieve-manage-client-eol "\r\n" "The EOL string we send to the server." - :type 'string) + :type 'string + :group 'sieve-manage) (defcustom sieve-manage-streams '(network starttls shell) - "Priority of streams to consider when opening connection to server.") + "Priority of streams to consider when opening connection to server." + :group 'sieve-manage) (defcustom sieve-manage-stream-alist '((network sieve-manage-network-p sieve-manage-network-open) @@ -111,25 +122,44 @@ NAME names the stream, CHECK is a function returning non-nil if the server support the stream and OPEN is a function for opening the -stream.") - -(defcustom sieve-manage-authenticators '(cram-md5 plain) - "Priority of authenticators to consider when authenticating to server.") - -(defcustom sieve-manage-authenticator-alist +stream." + :group 'sieve-manage) + +(defcustom sieve-manage-authenticators '(digest-md5 + cram-md5 + scram-md5 + ntlm + plain + login) + "Priority of authenticators to consider when authenticating to server." + :group 'sieve-manage) + +(defcustom sieve-manage-authenticator-alist '((cram-md5 sieve-manage-cram-md5-p sieve-manage-cram-md5-auth) - (plain sieve-manage-plain-p sieve-manage-plain-auth)) + (digest-md5 sieve-manage-digest-md5-p sieve-manage-digest-md5-auth) + (scram-md5 sieve-manage-scram-md5-p sieve-manage-scram-md5-auth) + (ntlm sieve-manage-ntlm-p sieve-manage-ntlm-auth) + (plain sieve-manage-plain-p sieve-manage-plain-auth) + (login sieve-manage-login-p sieve-manage-login-auth)) "Definition of authenticators. \(NAME CHECK AUTHENTICATE) NAME names the authenticator. CHECK is a function returning non-nil if the server support the authenticator and AUTHENTICATE is a function -for doing the actual authentication.") +for doing the actual authentication." + :group 'sieve-manage) (defcustom sieve-manage-default-port 2000 - "Default port number for managesieve protocol." - :type 'integer) + "Default port number or service name for managesieve protocol." + :type 'integer + :group 'sieve-manage) + +(defcustom sieve-manage-default-stream 'network + "Default stream type to use for `sieve-manage'. +Must be a name of a stream in `sieve-manage-stream-alist'." + :type 'symbol + :group 'sieve-manage) ;; Internal variables: @@ -137,21 +167,16 @@ for doing the actual authentication.") sieve-manage-port sieve-manage-auth sieve-manage-stream - sieve-manage-username - sieve-manage-password sieve-manage-process sieve-manage-client-eol sieve-manage-server-eol sieve-manage-capability)) -(defconst sieve-manage-default-stream 'network) (defconst sieve-manage-coding-system-for-read 'binary) (defconst sieve-manage-coding-system-for-write 'binary) (defvar sieve-manage-stream nil) (defvar sieve-manage-auth nil) (defvar sieve-manage-server nil) (defvar sieve-manage-port nil) -(defvar sieve-manage-username nil) -(defvar sieve-manage-password nil) (defvar sieve-manage-state 'closed "Managesieve state. Valid states are `closed', `initial', `nonauth', and `auth'.") @@ -160,71 +185,10 @@ Valid states are `closed', `initial', `nonauth', and `auth'.") ;; Internal utility functions -(defsubst sieve-manage-disable-multibyte () +(defmacro sieve-manage-disable-multibyte () "Enable multibyte in the current buffer." - (when (fboundp 'set-buffer-multibyte) - (set-buffer-multibyte nil))) - -(defun sieve-manage-read-passwd (prompt &rest args) - "Read a password using PROMPT. -If ARGS, PROMPT is used as an argument to `format'." - (let ((prompt (if args - (apply 'format prompt args) - prompt))) - (funcall (if (or (fboundp 'read-passwd) - (and (load "subr" t) - (fboundp 'read-passwd)) - (and (load "passwd" t) - (fboundp 'read-passwd))) - 'read-passwd - (autoload 'ange-ftp-read-passwd "ange-ftp") - 'ange-ftp-read-passwd) - prompt))) - - -;; Uses the dynamically bound `reason' variable. -(defvar reason) -(defun sieve-manage-interactive-login (buffer loginfunc) - "Login to server in BUFFER. -LOGINFUNC is passed a username and a password, it should return t if -it where sucessful authenticating itself to the server, nil otherwise. -Returns t if login was successful, nil otherwise." - (with-current-buffer buffer - (make-variable-buffer-local 'sieve-manage-username) - (make-variable-buffer-local 'sieve-manage-password) - (let (user passwd ret reason) - ;; (condition-case () - (while (or (not user) (not passwd)) - (setq user (or sieve-manage-username - (read-from-minibuffer - (concat "Managesieve username for " - sieve-manage-server ": ") - (or user sieve-manage-default-user)))) - (setq passwd (or sieve-manage-password - (sieve-manage-read-passwd - (concat "Managesieve password for " user "@" - sieve-manage-server ": ")))) - (when (and user passwd) - (if (funcall loginfunc user passwd) - (progn - (setq ret t - sieve-manage-username user) - (if (and (not sieve-manage-password) - (y-or-n-p "Store password for this session? ")) - (setq sieve-manage-password passwd))) - (if reason - (message "Login failed (reason given: %s)..." reason) - (message "Login failed...")) - (setq reason nil) - (setq passwd nil) - (sit-for 1)))) - ;; (quit (with-current-buffer buffer - ;; (setq user nil - ;; passwd nil))) - ;; (error (with-current-buffer buffer - ;; (setq user nil - ;; passwd nil)))) - ret))) + (unless (featurep 'xemacs) + '(set-buffer-multibyte nil))) (defun sieve-manage-erase (&optional p buffer) (let ((buffer (or buffer (current-buffer)))) @@ -279,15 +243,14 @@ Returns t if login was successful, nil otherwise." (when (memq (process-status process) '(open run)) process)))) -(defun imap-starttls-p (buffer) - ;; (and (imap-capability 'STARTTLS buffer) +(defun sieve-manage-starttls-p (buffer) (condition-case () (progn (require 'starttls) (call-process "starttls")) (error nil))) -(defun imap-starttls-open (name buffer server port) +(defun sieve-manage-starttls-open (name buffer server port) (let* ((port (or port sieve-manage-default-port)) (coding-system-for-read sieve-manage-coding-system-for-read) (coding-system-for-write sieve-manage-coding-system-for-write) @@ -307,76 +270,129 @@ Returns t if login was successful, nil otherwise." process))) ;; Authenticators +(defun sieve-sasl-auth (buffer mech) + "Login to server using the SASL MECH method." + (message "sieve: Authenticating using %s..." mech) + (with-current-buffer buffer + (let* ((user-password (auth-source-user-or-password + '("login" "password") + sieve-manage-server + "sieve" nil t)) + (client (sasl-make-client (sasl-find-mechanism (list mech)) + (car user-password) "sieve" sieve-manage-server)) + (sasl-read-passphrase + ;; We *need* to copy the password, because sasl will modify it + ;; somehow. + `(lambda (prompt) ,(copy-sequence (cadr user-password)))) + (step (sasl-next-step client nil)) + (tag (sieve-manage-send + (concat + "AUTHENTICATE \"" + mech + "\"" + (and (sasl-step-data step) + (concat + " \"" + (base64-encode-string + (sasl-step-data step) + 'no-line-break) + "\""))))) + data rsp) + (catch 'done + (while t + (setq rsp nil) + (goto-char (point-min)) + (while (null (or (progn + (setq rsp (sieve-manage-is-string)) + (if (not (and rsp (looking-at + sieve-manage-server-eol))) + (setq rsp nil) + (goto-char (match-end 0)) + rsp)) + (setq rsp (sieve-manage-is-okno)))) + (accept-process-output sieve-manage-process 1) + (goto-char (point-min))) + (sieve-manage-erase) + (when (sieve-manage-ok-p rsp) + (when (and (cadr rsp) + (string-match "^SASL \"\\([^\"]+\\)\"" (cadr rsp))) + (sasl-step-set-data + step (base64-decode-string (match-string 1 (cadr rsp))))) + (if (and (setq step (sasl-next-step client step)) + (setq data (sasl-step-data step))) + ;; We got data for server but it's finished + (error "Server not ready for SASL data: %s" data) + ;; The authentication process is finished. + (throw 'done t))) + (unless (stringp rsp) + (error "Server aborted SASL authentication: %s" (caddr rsp))) + (sasl-step-set-data step (base64-decode-string rsp)) + (setq step (sasl-next-step client step)) + (sieve-manage-send + (if (sasl-step-data step) + (concat "\"" + (base64-encode-string (sasl-step-data step) + 'no-line-break) + "\"") + "")))) + (message "sieve: Login using %s...done" mech)))) + +(defun sieve-manage-cram-md5-p (buffer) + (sieve-manage-capability "SASL" "CRAM-MD5" buffer)) + +(defun sieve-manage-cram-md5-auth (buffer) + "Login to managesieve server using the CRAM-MD5 SASL method." + (sieve-sasl-auth buffer "CRAM-MD5")) + +(defun sieve-manage-digest-md5-p (buffer) + (sieve-manage-capability "SASL" "DIGEST-MD5" buffer)) + +(defun sieve-manage-digest-md5-auth (buffer) + "Login to managesieve server using the DIGEST-MD5 SASL method." + (sieve-sasl-auth buffer "DIGEST-MD5")) + +(defun sieve-manage-scram-md5-p (buffer) + (sieve-manage-capability "SASL" "SCRAM-MD5" buffer)) + +(defun sieve-manage-scram-md5-auth (buffer) + "Login to managesieve server using the SCRAM-MD5 SASL method." + (sieve-sasl-auth buffer "SCRAM-MD5")) + +(defun sieve-manage-ntlm-p (buffer) + (sieve-manage-capability "SASL" "NTLM" buffer)) + +(defun sieve-manage-ntlm-auth (buffer) + "Login to managesieve server using the NTLM SASL method." + (sieve-sasl-auth buffer "NTLM")) (defun sieve-manage-plain-p (buffer) (sieve-manage-capability "SASL" "PLAIN" buffer)) (defun sieve-manage-plain-auth (buffer) "Login to managesieve server using the PLAIN SASL method." - (let* ((done (sieve-manage-interactive-login - buffer - (lambda (user passwd) - (sieve-manage-send (concat "AUTHENTICATE \"PLAIN\" \"" - (base64-encode-string - (concat (char-to-string 0) - user - (char-to-string 0) - passwd)) - "\"")) - (let ((rsp (sieve-manage-parse-okno))) - (if (sieve-manage-ok-p rsp) - t - (setq reason (cdr-safe rsp)) - nil)))))) - (if done - (message "sieve: Authenticating using PLAIN...done") - (message "sieve: Authenticating using PLAIN...failed")))) + (sieve-sasl-auth buffer "PLAIN")) -(defun sieve-manage-cram-md5-p (buffer) - (sieve-manage-capability "SASL" "CRAM-MD5" buffer)) +(defun sieve-manage-login-p (buffer) + (sieve-manage-capability "SASL" "LOGIN" buffer)) -(defun sieve-manage-cram-md5-auth (buffer) - "Login to managesieve server using the CRAM-MD5 SASL method." - (message "sieve: Authenticating using CRAM-MD5...") - (let* ((done (sieve-manage-interactive-login - buffer - (lambda (user passwd) - (sieve-manage-send "AUTHENTICATE \"CRAM-MD5\" \"\"") - (sieve-manage-send - (concat - "\"" - (base64-encode-string - (concat - user " " - (rfc2104-hash 'md5 64 16 passwd - (base64-decode-string - (prog1 - (sieve-manage-parse-string) - (sieve-manage-erase)))))) - "\"")) - (let ((rsp (sieve-manage-parse-okno))) - (if (sieve-manage-ok-p rsp) - t - (setq reason (cdr-safe rsp)) - nil)))))) - (if done - (message "sieve: Authenticating using CRAM-MD5...done") - (message "sieve: Authenticating using CRAM-MD5...failed")))) +(defun sieve-manage-login-auth (buffer) + "Login to managesieve server using the LOGIN SASL method." + (sieve-sasl-auth buffer "LOGIN")) ;; Managesieve API (defun sieve-manage-open (server &optional port stream auth buffer) "Open a network connection to a managesieve SERVER (string). -Optional variable PORT is port number (integer) on remote server. -Optional variable STREAM is any of `sieve-manage-streams' (a symbol). -Optional variable AUTH indicates authenticator to use, see -`sieve-manage-authenticators' for available authenticators. If nil, chooses -the best stream the server is capable of. -Optional variable BUFFER is buffer (buffer, or string naming buffer) +Optional argument PORT is port number (integer) on remote server. +Optional argument STREAM is any of `sieve-manage-streams' (a symbol). +Optional argument AUTH indicates authenticator to use, see +`sieve-manage-authenticators' for available authenticators. +If nil, chooses the best stream the server is capable of. +Optional argument BUFFER is buffer (buffer, or string naming buffer) to work in." - (setq buffer (or buffer (format " *sieve* %s:%d" server (or port 2000)))) + (setq buffer (or buffer (format " *sieve* %s:%s" server (or port sieve-manage-default-port)))) (with-current-buffer (get-buffer-create buffer) - (mapcar 'make-variable-buffer-local sieve-manage-local-variables) + (mapc 'make-local-variable sieve-manage-local-variables) (sieve-manage-disable-multibyte) (buffer-disable-undo) (setq sieve-manage-server (or server sieve-manage-server)) @@ -395,7 +411,7 @@ to work in." (if (funcall (nth 1 (assq stream sieve-manage-stream-alist)) buffer) (setq stream-changed - (not (eq (or sieve-manage-stream + (not (eq (or sieve-manage-stream sieve-manage-default-stream) stream)) sieve-manage-stream stream @@ -409,14 +425,14 @@ to work in." (if (sieve-manage-open-1 buffer) (message "sieve: Reconnecting with stream `%s'...done" sieve-manage-stream) - (message "sieve: Reconnecting with stream `%s'...failed" + (message "sieve: Reconnecting with stream `%s'...failed" sieve-manage-stream)) (setq sieve-manage-capability nil)) (if (sieve-manage-opened buffer) ;; Choose authenticator (when (and (null sieve-manage-auth) (not (eq sieve-manage-state 'auth))) - (let ((auths sieve-manage-authenticators)) + (let ((auths sieve-manage-authenticators)) (while (setq auth (pop auths)) (if (funcall (nth 1 (assq auth @@ -431,6 +447,17 @@ to work in." (sieve-manage-erase) buffer))) +(defun sieve-manage-authenticate (&optional buffer) + "Authenticate on server in BUFFER. +Return `sieve-manage-state' value." + (with-current-buffer (or buffer (current-buffer)) + (if (eq sieve-manage-state 'nonauth) + (when (funcall (nth 2 (assq sieve-manage-auth + sieve-manage-authenticator-alist)) + (current-buffer)) + (setq sieve-manage-state 'auth)) + sieve-manage-state))) + (defun sieve-manage-opened (&optional buffer) "Return non-nil if connection to managesieve server in BUFFER is open. If BUFFER is nil then the current buffer is used." @@ -454,32 +481,19 @@ If BUFFER is nil, the current buffer is used." (sieve-manage-erase) t)) -(defun sieve-manage-authenticate (&optional user passwd buffer) - "Authenticate to server in BUFFER, using current buffer if nil. -It uses the authenticator specified when opening the server. If the -authenticator requires username/passwords, they are queried from the -user and optionally stored in the buffer. If USER and/or PASSWD is -specified, the user will not be questioned and the username and/or -password is remembered in the buffer." - (with-current-buffer (or buffer (current-buffer)) - (if (not (eq sieve-manage-state 'nonauth)) - (eq sieve-manage-state 'auth) - (make-variable-buffer-local 'sieve-manage-username) - (make-variable-buffer-local 'sieve-manage-password) - (if user (setq sieve-manage-username user)) - (if passwd (setq sieve-manage-password passwd)) - (if (funcall (nth 2 (assq sieve-manage-auth - sieve-manage-authenticator-alist)) buffer) - (setq sieve-manage-state 'auth))))) - (defun sieve-manage-capability (&optional name value buffer) + "Check if capability NAME of server BUFFER match VALUE. +If it does, return the server value of NAME. If not returns nil. +If VALUE is nil, do not check VALUE and return server value. +If NAME is nil, return the full server list of capabilities." (with-current-buffer (or buffer (current-buffer)) (if (null name) sieve-manage-capability - (if (null value) - (nth 1 (assoc name sieve-manage-capability)) - (when (string-match value (nth 1 (assoc name sieve-manage-capability))) - (nth 1 (assoc name sieve-manage-capability))))))) + (let ((server-value (cadr (assoc name sieve-manage-capability)))) + (when (or (null value) + (and server-value + (string-match value server-value))) + server-value))))) (defun sieve-manage-listscripts (&optional buffer) (with-current-buffer (or buffer (current-buffer)) @@ -491,18 +505,22 @@ password is remembered in the buffer." (sieve-manage-send (format "HAVESPACE \"%s\" %s" name size)) (sieve-manage-parse-okno))) -(eval-and-compile - (if (fboundp 'string-bytes) - (defalias 'sieve-string-bytes 'string-bytes) - (defalias 'sieve-string-bytes 'length))) - (defun sieve-manage-putscript (name content &optional buffer) (with-current-buffer (or buffer (current-buffer)) (sieve-manage-send (format "PUTSCRIPT \"%s\" {%d+}%s%s" name - (sieve-string-bytes content) + ;; Here we assume that the coding-system will + ;; replace each char with a single byte. + ;; This is always the case if `content' is + ;; a unibyte string. + (length content) sieve-manage-client-eol content)) (sieve-manage-parse-okno))) +(defun sieve-manage-deletescript (name &optional buffer) + (with-current-buffer (or buffer (current-buffer)) + (sieve-manage-send (format "DELETESCRIPT \"%s\"" name)) + (sieve-manage-parse-okno))) + (defun sieve-manage-getscript (name output-buffer &optional buffer) (with-current-buffer (or buffer (current-buffer)) (sieve-manage-send (format "GETSCRIPT \"%s\"" name)) @@ -529,7 +547,13 @@ password is remembered in the buffer." (when (looking-at (concat "^\\(OK\\|NO\\)\\( (\\([^)]+\\))\\)?\\( \\(.*\\)\\)?" sieve-manage-server-eol)) - (list (match-string 1) (match-string 3) (match-string 5)))) + (let ((status (match-string 1)) + (resp-code (match-string 3)) + (response (match-string 5))) + (when response + (goto-char (match-beginning 5)) + (setq response (sieve-manage-is-string))) + (list status resp-code response)))) (defun sieve-manage-parse-okno () (let (rsp) @@ -551,7 +575,7 @@ password is remembered in the buffer." sieve-manage-capability)) (push (list str) sieve-manage-capability)) (forward-line))) - (when (re-search-forward (concat "^OK" sieve-manage-server-eol) nil t) + (when (re-search-forward (concat "^OK.*" sieve-manage-server-eol) nil t) (setq sieve-manage-state 'nonauth))) (defalias 'sieve-manage-parse-greeting-1 'sieve-manage-parse-capability-1) @@ -561,7 +585,7 @@ password is remembered in the buffer." (prog1 (match-string 1) (goto-char (match-end 0)))) - ((looking-at (concat "{\\([0-9]+\\)}" sieve-manage-server-eol)) + ((looking-at (concat "{\\([0-9]+\\+?\\)}" sieve-manage-server-eol)) (let ((pos (match-end 0)) (len (string-to-number (match-string 1)))) (if (< (point-max) (+ pos len))