Hi all, a while ago a user requested GSSAPI (Kerberos v5 single sign-on, RFC 4752) authentication for SMTP. The attached patch implements it for both SMTP and POP3 in addition to IMAP, i.e. with this patch, Balsa now offers SSO for /all/ server connections. Basically, I added a few helper functions to libnetclient, which are used in the specific authentication methods. As the GSSAPI tokens can be /very/ long, the maximum line length for SMTP needs to be enhanced. This also revealed a bug in the net-client.c function net_client_vwrite_line() which used a too short fixed-length buffer (replaced by a GString). As single sign-on requires only the user name, but not a password, I had to extend the auth signal handler with an indication whether the password is needed or not. Unfortunately, I can not write "simple" unit tests as my test "server" (INetSim) does not support GSSAPI. For testing, I installed a Debian VM with Samba4 (which is so nice to configure Kerberos appropriately for me, which otherwise is a real PITA!) plus postfix and dovecot exclusively supporting GSSAPI authentication. Afaict, this implementation works just fine there. However, some more testing with "real world" setups would be highly appreciated. As always, any comment will be welcome! Cheers, Albrecht. --- Patch details: - libbalsa/server.[ch]: changed auth signal handler footprint; check if a password is needed libnetclient/net-client-pop.h, libnetclient/net-client-smtp.h, libnetclient/README, libnetclient/libnetclient.dox: documentation updates - libnetclient/net-client-pop.[ch], libnetclient/net-client-smtp.[ch]: implement GSSAPI authentication - libnetclient/net-client-utils.[ch]: implement GSSAPI authentication helper functions - libnetclient/net-client.[ch]: use a GString instead of a fixed-length line buffer, change auth signal handler footprint - libnetclient/test/tests.c: fix unit tests
Attachment:
gssapi-smtp-pop.diff.bz2
Description: application/bzip
Attachment:
pgp58ARzqlkOR.pgp
Description: PGP signature