On Thu, 25 Jun 2009 10:22:19 -0230, Robert King <[email protected]> wrote:
Folks,
I'm experiencing a very odd issue with a custom plug-in using the
authenticate hook. Here at our university we use a Web based single
sign
on authentication called CAS (http://www.jasig.org/cas). I am trying to
write a plug-in to allow CAS to work with Roundcube proxying a
connection
through imapproxy (http://www.imapproxy.org/).
The normal operation for authentication for IMAP by CAS service is to
get
a one time use CAS ticket for every authentication. Since RC stores and
reuses the initial password CAS cannot work in direction connection to
the
IMAP server. This is not an issue because when we proxy through
imapproxy,
it holds open the imap connection by password/username combination.
So everything should be working great and superficially it seems okay,
that is until you try and delete an e-mail. It seems that a delete will
call the authenticate hook again and grab a new CAS ticket. The new CAS
ticket breaks the imapproxy connection identifier because the password is
now different. In turn this causes rc to have a "lost imap connection"
error.
The way I look at it I have 2 possibilities:
1. Figure a way out to only request the CAS ticket once in the plugin.
I'm guessing do a check for existing ticket before requesting.
This is the quick fix, but feels like a "duct tape" solution for what
might be a larger issue in extending RC for alternative authentication
mechanisms.
2. Extend RC so that instead of caching a password, it uses a password
recall function that can has an exec handler for custom plug-ins
$rcmail->auth->getpass() returns a clear text password and has an exec
handler for password return. Default it would be an abstraction of the
decrypt session password to keep current functionality
The value with option two is it would allow plug-in authors to
authenticate to peripheral services like managesieve with out limiting
alternative authentication methods.
I've included the current sort of working plugin for anyones interest.
--
Robert King
System Administrator
Computing & Communications
Memorial University
As an update, it seems the issue is different from my original
suspicions. The issue only pops up when deleting/moving a file when the
preview pane is enabled. The plug-in is still trying to use the same
CAS ticket and it is not requesting a new one(as I had thought).
Any ideas from the core developers as to why the preview pane/delete
combo would cause a sometimes IMAP server disconnect?
I've included a Wink screen cast of the bug in action for clarity.
--
Robert King
System Administrator
Computing & Communications
Memorial University of Newfoundland
--- 8< --- detachments --- 8< ---
The following attachments have been detached and are available for viewing.
http://detached.gigo.com/rc/ci/gq6ggExY/bug.swf
Only click these links if you trust the sender, as well as this message.
--- 8< --- detachments --- 8< ---
_______________________________________________
List info: http://lists.roundcube.net/dev/
