[REBOL] SMTP Authentication Solution (for Microsoft Exchange at least)
From: gjones05::mail::orion::org at: 21-Apr-2001 12:26
Nick Kitson previously requested in formation on SMTP authorization support
in REBOL. Feedback indicated that it is not currently supported, but
encouraged one of us to give it a go.
As explained earlier by Holger, "There are five different incompatible
formats, not all of
which are documented...We will probably add support in the next Core
release."
Nick's server apparently uses Microsoft Exchange server, and as promised,
there is indeed remarkably little documented about accessing SMTP through
authentication. A Microsoft knowledge base article recommends disabling
authentication at increased security if non-Microsoft clients must be used.
I found nothing else officially nor unoffically through several www searches
and newsgroup archive searches (yes, google finally has reopened archive
searches of the old deja archives!!). I was about to give up, but with
Nick's cool logical assessment of what must be true and his gentle
encouragment, I persisted.
Using several RFC's and a telnet session, here's what I uncovered is
Microsoft's scheme.
Telnet transcript with comments added
S: = "server"
C: = "client"
S: 220-my-smtp.mail.dom Microsoft SMTP MAIL ready at Sat, 21 Apr 2001
02:04:43 +0
S: 800 Version: 5.5.1877.467.46
S: 220 ESMTP spoken here
C: EHLO my-client-host-url #ESMTP recommends this version of HELO,
#but Microsoft Exchange will
respond to either
#however, it does not give the
recommended response to HELO,
#it gives different and
non-standard server repsonse,
#but authorization can still
proceed
S: 250-my-smtp.mail.dom Hello [x.x.x.x]
S: 250-AUTH=LOGIN
S: 250-AUTH MBS_BASIC LOGIN
S: 250-AUTH=MBS_BASIC LOGIN
S: 250-SIZE 10485760
S: 250-ETRN
S: 250-PIPELINING
S: 250-8bitmime
S: 250-TURN
S: 250 ATRN
C: AUTH LOGIN #I believe the client can choose which method from the
list above
#I arbitrarily chose "LOGIN", which seems
to only require base
#64 encoding, which is good news. I could
find *no* documentation
#for MBS_BASIC
S: 334 VXNlcm5hbWU6
C: xxxxxxxxxxxx #base 64 encoding of user name (real encoding left
off intentionally)
S: 334 UGFzc3dvcmQ6
C: xxxxxxxx #base 64 encoding of user password (real encoding
left off intentionally)
S: 235 Authentication successful
That was the hard part, at least for me. I made a blind stab as to the
method of encoding based on how Microsoft's FTP server authenticates, namely
base 64 encoding. It worked. It was remarkably simple to make a quick
hacks of RT's 'smtp scheme and 'send function to check to see if it worked,
and it did. So I spent a little more time deciding how to avoid protocol
and command conflicts and how to request the authenticating username and
password. Here is what I derived. I left tabs in; sorry if your client
doesn't expand tabs. After you copy the info, the tabs should still be
there.
Following are the two files named esmtp.r and esend.r. The scripts document
where changes where made to RT code, and why.
REBOL [
Title: "esmtp scheme"
Author: "Rebol Technologies, with modifications by G. Scott Jones"
Email: [gjones05--mail--orion--org]
Date: 21-Apr-2001
File: %esmtp.r
Version: 0.1.0
Purpose: "A modified, extended version of smtp scheme"
History: [
0.1.0 [21-Apr-2001 "Modified RT 'system/schemes/smtp" "GSJ"]
]
Comment: {The bulk of this code is simply a copy
of Rebol Technolgies' code in /Core 2.5.0.3.1.
The only changes I made are as follows. I changed the name
of the scheme to 'esmtp, which was an arbitrary choice. I
added additional check pairs in the open-check block to
handle Microsoft's Exchange Server's SMTP authentication
scheme. On first use, I added prompts requesting for the
authenticating username and password. These are stored in
memory for current session only for subsequent use. These
are passed to smtp server using base 64 encoding. I chose
to use separate function name and scheme inorder to avoid
incompatibilty or confusion with Rebol Techologies' current
or future implementations. This version is known to work
with Microsoft Exchange Server 5.5, using base 64 encoded
authentication.
--Scott Jones (21-Apr-2001)
}
Usage: {Place this file in your REBOL directory, along with a
copy of esend.r. At either the interpreter prompt or the
user.r file, type:
do %esmtp.r
do %esend.r ;separate file
Then use 'esend as you would use 'send. The first time
the function is used, you will be prompted for the smtp
authentication username and password. These values are
stored in clear text in the current REBOL session for
later usage, but the values are not saved to disk for
security reasons.
}
]
system/schemes: make system/schemes [
ESMTP:
make object! [
scheme: 'ESMTP
host: none
port-id: 25
user: none
pass: none
target: none
path: none
proxy:
make object! [
host: none
port-id: none
user: none
pass: none
type: none
bypass: none
]
access: none
allow: none
buffer-size: none
limit: none
handler:
make object! [
port-flags: 524288
;added additional pairs
open-check: [none "220" ["EHLO" system/network/host] "250" "AUTH LOGIN"
334
(enbase/base port/user 64) "334" (enbase/base port/pass 64) "235"]
close-check: ["QUIT" "221"]
write-check: [none "250"]
init: func [
"Parse URL and/or check the port spec object"
port "Unopened port spec"
spec {Argument passed to open or make (a URL or port-spec)}
/local scheme
][
if url? spec [net-utils/url-parser/parse-url port spec]
scheme: port/scheme
port/url: spec
if none? port/host [
net-error reform ["No network server for" scheme "is specified"]
]
if none? port/port-id [
net-error reform ["No port address for" scheme "is specified"]
]
]
open: func [
{Open the socket connection and confirm server response.}
port "Initalized port spec"
/locals sub-port data in-bypass find-bypass bp
][
net-utils/net-log ["Opening tcp for" port/scheme]
if not system/options/quiet [print ["connecting to:" port/host]]
find-bypass: func [host bypass /local x] [
if found? host [
foreach item bypass [
if all [x: find/match/any host item tail? x] [return true]
]
]
false
]
in-bypass: func [host bypass /local item x] [
if any [none? bypass empty? bypass] [return false]
if not tuple? load host [host: form system/words/read join dns:// host]
either find-bypass host bypass [
true
] [
host: system/words/read join dns:// host
find-bypass host bypass
]
]
either all [port/proxy/host bp: not in-bypass port/host
port/proxy/bypass find [socks4 socks5 socks] port/proxy/type] [
port/sub-port: net-utils/connect-proxy port 'connect
] [
sub-port: system/words/open/lines [
scheme: 'tcp
host: either all [port/proxy/type = 'generic bp] [port/proxy/host]
[port/proxy/host: none port/host]
user: port/user
pass: port/pass
port-id: either all [port/proxy/type = 'generic bp]
[port/proxy/port-id] [port/port-id]
]
port/sub-port: sub-port
]
port/sub-port/timeout: port/timeout
;added prompts to obtain authenticated username and password and store
either user = none [
user: port/user: ask "Enter SMTP authentication username: "
][
port/user: user
]
either pass = none [
pass: port/pass: ask "Enter SMTP authentication password: "
][
port/pass: pass
]
port/sub-port/user: port/user
port/sub-port/pass: port/pass
port/sub-port/path: port/path
port/sub-port/target: port/target
net-utils/confirm/multiline port/sub-port open-check
port/state/flags: port/state/flags or port-flags
]
open-proto: func [
{Open the socket connection and confirm server response.}
port "Initalized port spec"
/locals sub-port data in-bypass find-bypass bp
][
net-utils/net-log ["Opening tcp for" port/scheme]
if not system/options/quiet [print ["connecting to:" port/host]]
find-bypass: func [host bypass /local x] [
if found? host [
foreach item bypass [
if all [x: find/match/any host item tail? x] [return true]
]
]
false
]
in-bypass: func [host bypass /local item x] [
if any [none? bypass empty? bypass] [return false]
if not tuple? load host [host: form system/words/read join dns:// host]
either find-bypass host bypass [
true
] [
host: system/words/read join dns:// host
find-bypass host bypass
]
]
either all [port/proxy/host bp: not in-bypass port/host
port/proxy/bypass find [socks4 socks5 socks] port/proxy/type] [
port/sub-port: net-utils/connect-proxy port 'connect
] [
sub-port: system/words/open/lines [
scheme: 'tcp
host: either all [port/proxy/type = 'generic bp] [port/proxy/host]
[port/proxy/host: none port/host]
user: port/user
pass: port/pass
port-id: either all [port/proxy/type = 'generic bp]
[port/proxy/port-id] [port/port-id]
]
port/sub-port: sub-port
]
port/sub-port/timeout: port/timeout
port/sub-port/user: port/user
port/sub-port/pass: port/pass
port/sub-port/path: port/path
port/sub-port/target: port/target
net-utils/confirm/multiline port/sub-port open-check
port/state/flags: port/state/flags or port-flags
]
close: func [
{Quit server, confirm and close the socket connection}
port "An open port spec"
][
port: port/sub-port
net-utils/confirm port close-check
system/words/close port
]
write: func [
{Default write operation is a command, so check handshake.}
port "An open port spec"
data "Data to write"
/local here
][
port: port/sub-port
either here: find/match data "DATA" [
net-utils/confirm port data-check
insert port here
insert port "."
] [
net-utils/net-log data
insert port data
]
net-utils/confirm port write-check
]
read: func [
port "An open port spec"
data "A buffer to use for the read"
][
net-utils/net-log ["low level read of " port/state/num "bytes"]
read-io port/sub-port data port/state/num
]
get-sub-port: func [
port "An open port spec"
][
port/sub-port
]
awake: func [
prot "An open port spec"
][
none
]
get-modes: func [
port "An open port spec"
modes "A mode block"
][
system/words/get-modes port/sub-port modes
]
set-modes: func [
port "An open port spec"
modes "A mode block"
][
system/words/set-modes port/sub-port modes
]
data-check: ["DATA" "354"]
]
status: none
size: none
date: none
url: none
sub-port: none
locals: none
state: none
timeout: none
local-ip: none
local-service: none
remote-service: none
last-remote-service: none
direction: none
key: none
strength: none
algorithm: none
block-chaining: none
init-vector: none
padding: none
async-modes: none
remote-ip: none
local-port: none
remote-port: none
backlog: none
device: none
speed: none
data-bits: none
parity: none
stop-bits: none
rts-cts: true
user-data: none
awake: none
passive: none
cache-size: 5
]
]
Second file code:
REBOL [
Title: "esend - smtp client"
Author: "Rebol Technologies, with modifications by G. Scott Jones"
Email: [gjones05--mail--orion--org]
Date: 21-Apr-2001
File: %esend.r
Version: 0.1.0
Purpose: "A modified version of 'send for ESMTP"
History: [
0.1.0 [21-Apr-2001 "Modified RT 'send" "GSJ"]
]
Comment: {The bulk of this code is simply a copy
of Rebol Technolgies' code in /Core 2.5.0.3.1.
The only changes I made are as follows. I changed
the name of the function in order to distinquish this
version of 'send that uses an extended smtp scheme from
the original. The additional change is that 'esend uses
'esmtp scheme, which is located in a separate file. I
chose to use separate function name and scheme inorder
to avoid incompatibilty or confusion with Rebol
Techologies' current or future implementations. This
version is known to work with Microsoft Exchange Server
5.5, using base 64 encoded authentication.
--Scott Jones (21-Apr-2001)
}
Usage: {Place this file in your REBOL directory, along with a
copy of esmtp.r. At either the interpreter prompt or the
user.r file, type:
do %esmtp.r ;separate file
do %esend.r
Then use 'esend as you would use 'send. The first time
the function is used, you will be prompted for the smtp
authentication username and password. These values are
stored in clear text in the current REBOL session for
later usage, but the values are not saved to disk for
security reasons.
}
]
esend: func [
{Send a message to an address (or block of addresses)}
address [email! block!] "An address or block of addresses"
message "Text of message. First line is subject."
/only "Send only one message to multiple addresses"
/header "Supply your own custom header"
header-obj [object!] "The header to use"
/local smtp-port content do-send
][
do-send: func [port data] [
foreach item reduce data [
if string? item [replace/all item "^/." "^/.."]]
insert port reduce data
]
smtp-port: open [scheme: 'esmtp]
if email? address [address: reduce [address]]
message: content: either string? message [copy message] [mold message]
if not header [
header-obj: make system/standard/email [
subject: copy/part message any [find message newline 50]
]
]
if none? header-obj/from [
if none? header-obj/from: system/user/email [net-error "Email header not
set: no from address"]
]
if none? header-obj/to [header-obj/to: make string! 20]
if none? header-obj/date [header-obj/date: to-idate now]
either only [
do-send smtp-port ["MAIL FROM: <" header-obj/from ">"]
foreach addr address [
if email? addr [
do-send smtp-port ["RCPT TO: <" addr ">"]
]
]
insert insert message net-utils/export header-obj newline
do-send smtp-port ["DATA" message]
][
foreach addr address [
if email? addr [
do-send smtp-port ["MAIL FROM: <" header-obj/from ">"]
do-send smtp-port ["RCPT TO: <" addr ">"]
head insert clear header-obj/to addr
remove/part message content
content: insert message net-utils/export header-obj
content: insert content newline
do-send smtp-port ["DATA" message]
]
]
]
close smtp-port
]
I suggest saving these files in the rebol install directory. The headers
document how the files can be loaded from the interpreter prompt or from the
user.r file on start-up. Then you simply use the command esend as you would
use send. Example:
esend [luke--rebol--com] "Hello, Luke"
Upon using the command for the first time, you will be prompted to supply
your authenticating user name and password. These are saved in memory for
the session, but are not saved to disk for security reasons.
I hope this description has been helpful to those looking for an SMTP
authentication work-around and helpful to RT as a starting point on
developing a more robust solution for a future release.
--Scott Jones