summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEduardo Chappa <chappa@washington.edu>2020-10-04 10:30:27 -0600
committerEduardo Chappa <chappa@washington.edu>2020-10-04 10:30:27 -0600
commit03649e891d07d976af327a2aeed9bbe9fb3abf34 (patch)
tree138f4c4579ea7eb8b8e21bc93ae8f684025b6765
parent9064dd878d981f06e15278605ba34a299eba375f (diff)
downloadalpine-03649e891d07d976af327a2aeed9bbe9fb3abf34.tar.xz
* Addition of XOAUTH2 support for Yahoo!, and update in documentation.
-rw-r--r--alpine/imap.c44
-rw-r--r--alpine/xoauth2.h9
-rw-r--r--alpine/xoauth2conf.c9
-rw-r--r--pith/pine.hlp136
4 files changed, 180 insertions, 18 deletions
diff --git a/alpine/imap.c b/alpine/imap.c
index b4e044e7..00b5c994 100644
--- a/alpine/imap.c
+++ b/alpine/imap.c
@@ -241,6 +241,38 @@ OAUTH2_S alpine_oauth2_list[] =
1, /* client secret required */
0 /* Cancel refresh token */
},
+ {YAHOO_NAME,
+ {"imap.mail.yahoo.com", "smtp.mail.yahoo.com", NULL, NULL},
+ {{"client_id", NULL},
+ {"client_secret", NULL}, /* used */
+ {"tenant", NULL}, /* not used */
+ {"code", NULL}, /* used during authorization */
+ {"refresh_token", NULL},
+ {"scope", NULL}, /* not used! */
+ {"redirect_uri", "oob"}, /* https://localhost */
+ {"grant_type", "authorization_code"},
+ {"grant_type", "refresh_token"},
+ {"response_type", "code"},
+ {"state", NULL}, /* used */
+ {"device_code", NULL} /* not used */
+ },
+ {{"GET", "https://api.login.yahoo.com/oauth2/request_auth", /* Get Access Code */
+ {OA2_Id, OA2_Redirect, OA2_Response, OA2_State, OA2_End, OA2_End, OA2_End}},
+ {NULL, NULL, {OA2_End, OA2_End, OA2_End, OA2_End, OA2_End, OA2_End, OA2_End}}, /* device code, not used */
+ {"POST", "https://api.login.yahoo.com/oauth2/get_token", /* Get first Refresh Token and Access token */
+ {OA2_Id, OA2_Secret, OA2_Redirect, OA2_Code, OA2_GrantTypeforAccessToken, OA2_End, OA2_End}},
+ {"POST", "https://api.login.yahoo.com/oauth2/get_token", /* Get access token from refresh token */
+ {OA2_Id, OA2_Secret, OA2_Redirect, OA2_RefreshToken, OA2_GrantTypefromRefreshToken, OA2_End, OA2_End}}
+ },
+ {NULL, NULL, NULL, 0, 0, NULL}, /* device_code information, not used */
+ NULL, /* access token */
+ "ALPINE_V1", /* special IMAP ID */
+ 1, /* hide */
+ 0, /* expiration time */
+ 0, /* first time indicator */
+ 1, /* client secret required */
+ 0 /* Cancel refresh token */
+ },
{YANDEX_NAME,
{"imap.yandex.com", "smtp.yandex.com", NULL, NULL},
{{"client_id", NULL},
@@ -3650,8 +3682,8 @@ write_passfile(pinerc, l)
char *authend, *authtype;
#ifdef WINCRED
# if (WINCRED > 0)
- char target[4*MAILTMPLEN];
- char blob[4*MAILTMPLEN];
+ char target[10*MAILTMPLEN];
+ char blob[10*MAILTMPLEN];
CREDENTIAL cred;
LPTSTR ltarget = 0;
@@ -3701,8 +3733,8 @@ write_passfile(pinerc, l)
#elif APPLEKEYCHAIN
int rc;
- char target[4*MAILTMPLEN];
- char blob[4*MAILTMPLEN];
+ char target[10*MAILTMPLEN];
+ char blob[10*MAILTMPLEN];
SecKeychainItemRef itemRef = NULL;
if(using_passfile == 0)
@@ -3769,11 +3801,11 @@ write_passfile(pinerc, l)
}
#else /* PASSFILE */
- char tmp[4*MAILTMPLEN], blob[4*MAILTMPLEN];
+ char tmp[10*MAILTMPLEN], blob[10*MAILTMPLEN];
int i, n;
FILE *fp;
#ifdef SMIME
- char *text = NULL, tmp2[4*MAILTMPLEN];
+ char *text = NULL, tmp2[10*MAILTMPLEN];
int len = 0;
#endif
diff --git a/alpine/xoauth2.h b/alpine/xoauth2.h
index 0a17a222..e889078a 100644
--- a/alpine/xoauth2.h
+++ b/alpine/xoauth2.h
@@ -25,9 +25,14 @@
#define OUTLOOK_SECRET "Tk-DAcEi13-FeSsY_Ja4Y.-MyL66I.wIPt"
#define OUTLOOK_TENANT "common"
-#define YANDEX_NAME "Yandex"
-#define YANDEX_ID "393578fee26f47858023cf59681882a7"
+#define YANDEX_NAME "Yandex"
+#define YANDEX_ID "393578fee26f47858023cf59681882a7"
#define YANDEX_SECRET "7304c4993583498f8ab63e2f21ad6960"
#define YANDEX_TENANT NULL
+#define YAHOO_NAME "Yahoo!"
+#define YAHOO_ID "dj0yJmk9RTdyZEQ2TWxGMzV6JmQ9WVdrOWVrTllZbGgyV2tjbWNHbzlNQT09JnM9Y29uc3VtZXJzZWNyZXQmc3Y9MCZ4PTli"
+#define YAHOO_SECRET "3a8b12d51c09b0a5c0733c36d04cd3c69e33baef"
+#define YAHOO_TENANT NULL
+
#endif /* ALPINE_XOAUTH2_INCLUDED */
diff --git a/alpine/xoauth2conf.c b/alpine/xoauth2conf.c
index 11c53766..71ecfb32 100644
--- a/alpine/xoauth2conf.c
+++ b/alpine/xoauth2conf.c
@@ -28,6 +28,7 @@ extern OAUTH2_S alpine_oauth2_list[];
XOAUTH2_INFO_S xoauth_default[] = {
{ GMAIL_NAME, GMAIL_ID, GMAIL_SECRET, GMAIL_TENANT, NULL, NULL},
{ OUTLOOK_NAME, OUTLOOK_ID, OUTLOOK_SECRET, OUTLOOK_TENANT, NULL, NULL},
+ { YAHOO_NAME, YAHOO_ID, YAHOO_SECRET, YAHOO_TENANT, NULL, NULL},
{ YANDEX_NAME, YANDEX_ID, YANDEX_SECRET, YANDEX_TENANT, NULL, NULL},
{ NULL, NULL, NULL, NULL, NULL, NULL}
};
@@ -886,7 +887,8 @@ alpine_xoauth2_configuration(struct pine *ps, int edit_exceptions)
}
if(lval == NULL || lval[k] == NULL){
OAUTH2_S *oa2list;
- for(oa2list = alpine_oauth2_list; oa2list; oa2list++){
+ for(oa2list = alpine_oauth2_list; oa2list && oa2list->name; oa2list++){
+ if(oa2list->hide) continue;
if(!strcmp(oa2list->name,xoauth_default[i].name)){
xoauth_default[i].flow = cpystr(oa2list->server_mthd[0].name ? "Authorize"
: (oa2list->server_mthd[1].name ? "Device" : "Unknown"));
@@ -913,10 +915,11 @@ alpine_xoauth2_configuration(struct pine *ps, int edit_exceptions)
y->tenant = cpystr(xoauth_default[i].tenant);
for(oa2 = NULL, oa2list = alpine_oauth2_list; oa2 == NULL && oa2list; oa2list++)
if(!strcmp(oa2list->name, y->name)) oa2 = oa2list;
- if(y->flow == NULL)
+ if(oa2 && y->flow == NULL)
y->flow = cpystr(oa2->server_mthd[0].name ? "Authorize"
: (oa2->server_mthd[1].name ? "Device" : "Unknown"));
- write_xoauth_conf_entry(y, &xoauth_default[i], &ctmpa, &ctmpb, &first_line, &varlist, &p, ln, k);
+ if(oa2 && !oa2->hide)
+ write_xoauth_conf_entry(y, &xoauth_default[i], &ctmpa, &ctmpb, &first_line, &varlist, &p, ln, k);
free_xoauth2_info(&y);
}
}
diff --git a/pith/pine.hlp b/pith/pine.hlp
index 94a22588..d8370794 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any
reasonable place to be called from.
Dummy change to get revision in pine.hlp
============= h_revision =================
-Alpine Commit 508 2020-10-03 13:43:20
+Alpine Commit 509 2020-10-04 10:30:23
============= h_news =================
<HTML>
<HEAD>
@@ -191,6 +191,8 @@ problems you find with this release.
<P> Additions include:
<UL>
+<LI> Implementation of XOAUTH2 for Yahoo! Mail. <A href="h_yahoo_configuration">Learn More</A>
+
<LI> Expansion of the configuration screen for XOAUTH2 to include
username, authorization flow, and tenant.
@@ -203,7 +205,7 @@ problems you find with this release.
<A HREF="h_xoauth2_config_screen">Learn more</A>.
<LI> Addition of Yandex.com to the list of services that Alpine can use XOAUTH2 to
- authenticate for reading and sending email.
+ authenticate for reading and sending email. <A href="h_yandex_configuration">Learn More</A>
<LI> Addition of a link to the Apache License 2.0 (see above). This is
available from the Release Notes as well as the welcome screen.
@@ -311,10 +313,10 @@ Additions include:
<UL>
<LI> Implementation of XOAUTH2 authentication support for Outlook.
- Based on documentation suggested by Andrew C Aitchison.
+ Based on documentation suggested by Andrew C Aitchison. <A href="h_outlook_configuration">Learn More</A>
<LI> Add support for the OAUTHBEARER authentication method in Gmail. Thanks to
- Alexander Perlis for suggesting it and explaining how the method works.
+ Alexander Perlis for suggesting it and explaining how the method works. <A href="h_gmail_configuration">Learn More</A>
<LI> Creation of Alpine's Privacy Policy. This is presented as a link to
an online document from the Release Notes (Link at the top of this
@@ -420,6 +422,7 @@ Additions include:
<UL>
<LI> Support for <A HREF="h_xoauth2">XOAUTH2</A> authentication method in Gmail.
+ <A href="h_gmail_configuration">Learn More</A>
<LI> PC-Alpine builds with LibreSSL and supports S/MIME.
@@ -1722,6 +1725,115 @@ modifier to the server definition to create a secure encrypted connection.
&lt;End of help&gt;
</BODY>
</HTML>
+====== h_gmail_configuration ======
+<HTML>
+<HEAD>
+<TITLE>Configuring Access to Gmail Using XOAUTH2</TITLE>
+</HEAD>
+<BODY>
+<H1>Configuring Access to Gmail Using XOAUTH2</H1>
+
+Gmail allows you to access their IMAP and SMTP server using either the XOAUTH2
+or OAUTHBEARER authentication method. You can choose any of them. A sample configuration for reading
+incoming mail is
+
+<P>
+inbox-path = {imap.gmail.com/ssl/user=YourId@gmail.com/auth=xoauth2}INBOX<BR>
+smtp-server = smtp.gmail.com/ssl/user=YourId@gmail.com/auth=xoauth2
+
+<P>
+Note that you can substitute /auth=xoauth2 by /auth=oauthbearer.
+
+<P>
+Gmail implements the authorize method. This means that in order to use xoauth2, you must
+open a URL, login to your Gmail account, and authorize Alpine to access your email. As a
+result of this process, you will get a <B>code</B>, which you must input back into Alpine.
+Once you have done that, Alpine will be able to get a refresh and access token, which
+Alpine will use later to read and send email.
+
+<P>
+&lt;End of help&gt;
+</BODY>
+</HTML>
+====== h_outlook_configuration ======
+<HTML>
+<HEAD>
+<TITLE>Configuring Access to Outlook Using XOAUTH2</TITLE>
+</HEAD>
+<BODY>
+<H1>Configuring Access to Outlook Using XOAUTH2</H1>
+
+Outlook allows you to access their IMAP and SMTP server using the XOAUTH2
+authentication method. A sample configuration for reading incoming mail is
+
+<P>
+inbox-path = {outlook.office365.com/ssl/user=YourId@outlook.com/auth=xoauth2}INBOX<BR>
+smtp-server = smtp.office365.com/submit/user=YourId@outlook.com/auth=xoauth2
+
+<P>
+Outlook implements the authorize and device methods to get your authorization to access
+your account. Alpine uses by default the device method, so try that one first.
+
+<P>
+&lt;End of help&gt;
+</BODY>
+</HTML>
+====== h_yahoo_configuration ======
+<HTML>
+<HEAD>
+<TITLE>Configuring Access to Yahoo! Using XOAUTH2</TITLE>
+</HEAD>
+<BODY>
+<H1>Configuring Access to Yahoo! Using XOAUTH2</H1>
+
+Yahoo! allows you to access their IMAP and SMTP server using either the XOAUTH2 or
+OAUTHBEARER authentication method. You can choose any of them. A sample configuration for
+reading incoming mail is
+
+<P>
+inbox-path = {imap.mail.yahoo.com/ssl/user=YourId@yahoo.com/auth=xoauth2}INBOX<BR>
+smtp-server = smtp.mail.yahoo.com/ssl/user=YourId@yahoo.com/auth=xoauth2
+
+<P>
+Note that you can substitute /auth=xoauth2 by /auth=oauthbearer.
+
+<P>
+Yahoo! implements the authorize method. This means that in order to use xoauth2, you must
+open a URL, login to your Yahoo! account, and authorize Alpine to access your email. As a
+result of this process, you will get a <B>code</B>, which you must input back into Alpine.
+Once you have done that, Alpine will be able to get a refresh and access token, which
+Alpine will use later to read and send email.
+
+<P>
+&lt;End of help&gt;
+</BODY>
+</HTML>
+====== h_yandex_configuration ======
+<HTML>
+<HEAD>
+<TITLE>Configuring Access to Yandex Using XOAUTH2</TITLE>
+</HEAD>
+<BODY>
+<H1>Configuring Access to Yandex Using XOAUTH2</H1>
+
+Yandex allows you to access their IMAP and SMTP server using the XOAUTH2
+authentication method. A sample configuration for reading incoming mail is
+
+<P>
+inbox-path = {imap.yandex.com/ssl/user=YourId@yandex.com/auth=xoauth2}INBOX<BR>
+smtp-server = smtp.yandex.com/ssl/user=YourId@yandex.com/auth=xoauth2
+
+<P>
+Yandex implements the authorize method. This means that in order to use xoauth2, you must
+open a URL, login to your Yandex account, and authorize Alpine to access your email. As a
+result of this process, you will get a <B>code</B>, which you must input back into Alpine.
+Once you have done that, Alpine will be able to get a refresh and access token, which
+Alpine will use later to read and send email.
+
+<P>
+&lt;End of help&gt;
+</BODY>
+</HTML>
====== h_xoauth2 ======
<HTML>
<HEAD>
@@ -1735,6 +1847,16 @@ account to read and send email. This method is different from the traditional
username/password that users are accostumed to, and it needs to be set up
by the user. This text will help you understand this authentication method.
+<P> A quick list of services supported by Alpine are (follow each link for
+specific configuration instructions)
+
+<UL>
+<LI> <A href="h_gmail_configuration">Gmail</A>
+<LI> <A href="h_outlook_configuration">Outlook</A>
+<LI> <A href="h_yahoo_configuration">Yahoo!</A>
+<LI> <A href="h_yandex_configuration">Yandex</A>
+</UL>
+
<P>
The most important difference between this method and other authentication
methods is what happens if someone steals your credentials. This method is
@@ -1823,9 +1945,9 @@ a new one, by getting an Access Code first, and granting authorization to
Alpine to access your email once again.
<P>
-This implementation of XOAUTH2 knows the list of servers that it can
-access using the same credentials, so Alpine will be able to read and send
-emails using the same Access Token. You will not have to create
+This implementation of XOAUTH2 knows the list of servers that it can
+access using the same credentials, so Alpine will be able to read and send
+emails using the same Access Token. You will not have to create
Access and Refresh Tokens for the IMAP and SMTP servers separately.
<P>