Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AUTHENTICATE PLAIN authzid #3916

Closed
rcubetrac opened this issue Sep 5, 2012 · 4 comments
Closed

AUTHENTICATE PLAIN authzid #3916

rcubetrac opened this issue Sep 5, 2012 · 4 comments
Labels
bug C: IMAP
Milestone
0.8.2

Comments

@rcubetrac
Copy link

Reported by lefoyer on 5 Sep 2012 15:32 UTC as Trac ticket #1488674

Some servers do not accept authentication with authzid.

Sample problem:

Auth line with authzid:

echo -ne "[email protected]\[email protected]\000UneTbx8Sa"|base64
dGVzdC11c2VyMDAwMgB0ZXN0LXVzZXIwMDAyQHlhbmRleC5ydQBVbmVUYng4U2E=

Auth line without authzid:

echo -ne "\[email protected]\000UneTbx8Sa"|base64
AHRlc3QtdXNlcjAwMDJAeWFuZGV4LnJ1AFVuZVRieDhTYQ==

openssl s_client -crlf -connect imap.yandex.ru:993
* OK Yandex IMAP4rev1 1.0.0 at imap5e.mail.yandex.net:993 ready to talk with 188.244.44.84:47549, 2012-Sep-05 18:35:32, WZVoefPaWeA1
a002 AUTHENTICATE PLAIN
+
dGVzdC11c2VyMDAwMgB0ZXN0LXVzZXIwMDAyQHlhbmRleC5ydQBVbmVUYng4U2E=
a002 BAD command syntax error
a003 AUTHENTICATE PLAIN
+
AHRlc3QtdXNlcjAwMDJAeWFuZGV4LnJ1AFVuZVRieDhTYQ==
a003 OK AUTHENTICATE completed

Authentification success without authzid but not with authzid.
I am test mail client thunderbird, he does not send authzid and auth success.

/* RFC 4616.2. PLAIN SASL Mechanism.
The mechanism consists of a single message, a string of [[Unicode](UTF-8]
encoded) characters, from the client to the server. The
client presents the authorization identity (identity to act as),
followed by a NUL (U+0000) character, followed by the authentication
identity (identity whose password will be used), followed by a NUL
(U+0000) character, followed by the clear-text password. As with
other SASL mechanisms, the client does not provide an authorization
identity when it wishes the server to derive an identity from the
credentials and use that as the authorization identity.

message = [authzid] UTF8NUL authcid UTF8NUL passwd

Example:

C: a002 AUTHENTICATE "PLAIN"
S: + ""
C: {21}
C: <NUL>tim<NUL>tanstaaftanstaaf
S: a002 OK "Authenticated"
*/

diff --git a/program/include/rcube_imap_generic.php b/program/include/rcube_imap_generic.php
index c3cfabc..17868c0 100644
--- a/program/include/rcube_imap_generic.php
+++ b/program/include/rcube_imap_generic.php
@@ -570,7 +570,7 @@ class rcube_imap_generic
                 $authc = $user;
             }

-            $reply = base64_encode($user . chr(0) . $authc . chr(0) . $pass);
+            $reply = base64_encode(chr(0) . $authc . chr(0) . $pass);

             // RFC 4959 (SASL-IR): save one round trip
             if ($this->getCapability('SASL-IR')) {

Migrated-From: http://trac.roundcube.net/ticket/1488674
@rcubetrac
Copy link
Author

Milestone changed by @alecpl on 5 Sep 2012 17:24 UTC

later => 0.9-beta

@rcubetrac
Copy link
Author

Comment by @alecpl on 9 Sep 2012 15:36 UTC

Fixed in 4e383e2.

@rcubetrac
Copy link
Author

Status changed by @alecpl on 9 Sep 2012 15:36 UTC

new => closed

@rcubetrac
Copy link
Author

Milestone changed by @alecpl on 19 Sep 2012 07:15 UTC

0.9-beta => 0.8.2

@rcubetrac rcubetrac added this to the 0.8.2 milestone Mar 20, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug C: IMAP
Projects
None yet
Milestone
0.8.2
Development

No branches or pull requests
1 participant
@rcubetrac