Re: authentication failure with UW imapd IMAP4rev1 2000.283

"Eric S. Raymond" <esr(_at_)thyrsus(_dot_)com> writes:

> Todd Sabin <tas(_at_)webspan(_dot_)net>:
> > > One one side, I can use my fetchmail 5.6.2 to go to one of our UW imap 
> > > server (running IMAP4rev1 v12.264), but when I try to go to the 2nd 
> > > server (running IMAP4rev1 2000.283), it fails. Details :
> > > [...]
> > You need the patch below.  I sent this a while back when someone else
> > had the same problem, but it doesn't seem to have been applied to
> > the source, yet.  The patch is against an older version of fetchmail,
> > probably 5.5.5...
> > Assuming this works, something similar needs to be done to the rest
> > of the SASL mechanisms as well...
> Argh.  Todd, your fix is not going to apply as-is.  The problem is that
> I refactored the way CRAM is handled so that I could support CRAM-MD5 
> authentication in ODMR as well as IMAP.  Take a look at the new cram.c 
> and odmr.c modules to see what I mean...
>
> Would you please download the 5.6.3 sources and do what's necessary 
> to make CRAM work?  I'd do this myself, but the IMAP server I have
> available to test with doesn't support CRAM.
>
> You may have to pull something odd, like passing a pointer to the
> appropriate ok_* function in through do_cram_md5()'s arguments.
Well, here's what I came up with.  This patch is against 5.6.4 and
make CRAM-MD5 work again, for me at least.  It was broken in the
general case, not just the uw-imap2000 case.  The problem was the
usage of gen_transact, which caused part of the CRAM dialog to be
tagged, which is wrong.  Note that I haven't tested the odmr stuff.

BTW, I'm not so happy with the ok function.  The char* argument seems
to be completely unnecessary most of the places *_ok is used.  Note
the otherwise unnecessary dummy variable in do_cram_md5 now.  Also,
there's no size argument for the char*, which makes it an accident
waiting to happen.  Would you accept a patch to eliminate that arg?
I.e., make things int foo_ok (int sock);

Also, feel free to ignore the driver.c change.  It's unrelated, but
something that I've been adding to my builds for a long time.  I fetch
mail from a number of mailboxes and find that having a header that
tells which mailbox fetchmail pulled it from makes sorting it properly
that much simpler.  Figured someone else might find it useful.


Todd

p.s.  If you want to use a free mail server that support CRAM-MD5, try
www.mailandnews.com.  Their IMAP server has other issues, but it does
support CRAM-MD5.


diff -u fetchmail-5.6.4 fetchmail-5.6.4-tas/
diff -u fetchmail-5.6.4/cram.c fetchmail-5.6.4-tas/cram.c
--- fetchmail-5.6.4/cram.c      Sun Feb 11 00:41:10 2001
+++ fetchmail-5.6.4-tas/cram.c  Sun Feb 11 16:47:07 2001
@@ -60,7 +60,8 @@
     MD5Final (response, &ctx);
 }
 
-int do_cram_md5 (int sock, struct query *ctl)
+int do_cram_md5 (int sock, struct query *ctl,
+                 int (*ok_method)(int, char*))
 /* authenticate as per RFC2195 */
 {
     int result;
@@ -69,6 +70,7 @@
     unsigned char msg_id[768];
     unsigned char response[16];
     unsigned char reply[1024];
+    unsigned char dummy[MSGBUFSIZE+1];
 
     gen_send (sock, "AUTHENTICATE CRAM-MD5");
 
@@ -131,7 +133,10 @@
 
     /* ship the authentication back, accept the server's responses */
     /* PMDF5.2 IMAP has a bug that requires this to be a single write */
-    result = gen_transact(sock, buf1, sizeof(buf1));
+    strcat (buf1, "\r\n");
+    SockWrite (sock, buf1, strlen (buf1));
+
+    result = ok_method (sock, dummy);
     if (result)
        return(result);
     else
diff -u fetchmail-5.6.4/driver.c fetchmail-5.6.4-tas/driver.c
--- fetchmail-5.6.4/driver.c    Wed Feb  7 01:59:22 2001
+++ fetchmail-5.6.4-tas/driver.c        Sun Feb 11 16:15:59 2001
@@ -1184,6 +1184,13 @@
        stuffline(ctl, errmsg);
     }
 
+    {
+        char buf[200];
+        snprintf (buf, sizeof (buf), "X-fetched-from: %s(_at_)%s\r\n",
+                  ctl->remotename, ctl->server.truename);
+        stuffline (ctl, buf);
+    }
+
     /* issue the delimiter line */
     cp = buf;
     *cp++ = '\r';
diff -u fetchmail-5.6.4/fetchmail.h fetchmail-5.6.4-tas/fetchmail.h
--- fetchmail-5.6.4/fetchmail.h Sat Feb 10 16:14:57 2001
+++ fetchmail-5.6.4-tas/fetchmail.h     Sun Feb 11 16:41:42 2001
@@ -533,7 +533,7 @@
 char *host_fqdn(void);
 char *rfc822timestamp(void);
 flag isafile(int);
-int do_cram_md5 (int sock, struct query *ctl);
+int do_cram_md5 (int sock, struct query *ctl, int (*ok_method)(int, char*));
 
 void yyerror(const char *);
 int yylex(void);
diff -u fetchmail-5.6.4/imap.c fetchmail-5.6.4-tas/imap.c
--- fetchmail-5.6.4/imap.c      Wed Feb  7 00:49:28 2001
+++ fetchmail-5.6.4-tas/imap.c  Sun Feb 11 16:42:01 2001
@@ -852,7 +852,7 @@
             report (stdout, _("CRAM-MD5 authentication is supported\n"));
         if (ctl->server.protocol != P_IMAP_LOGIN)
         {
-            if ((ok = do_cram_md5 (sock, ctl)))
+            if ((ok = do_cram_md5 (sock, ctl, imap_ok)))
             {
                 if (outlevel >= O_MONITOR)
                     report (stdout, "IMAP> *\n");
diff -u fetchmail-5.6.4/odmr.c fetchmail-5.6.4-tas/odmr.c
--- fetchmail-5.6.4/odmr.c      Thu Feb  8 15:25:15 2001
+++ fetchmail-5.6.4-tas/odmr.c  Sun Feb 11 16:42:10 2001
@@ -62,7 +62,7 @@
     *bytes = *countp = *newp = -1;
 
     /* authenticate via CRAM-MD5 */
-    ok = do_cram_md5(sock, ctl);
+    ok = do_cram_md5(sock, ctl, odmr_ok);
     if (ok)
        return(ok);