2 Jul
2009
2 Jul
'09
1:10 p.m.
Hi everybody,
Since an upgrade to our backend IMAPS server (Zarafa 6.20.7), we have some trouble
authenticating via our perdition IMAP4S proxy (version 1.17-7etch1). I've enabled
debug and connection logging, and I see that the LOGIN command is splitted in 3 lines
instead of sending the whole command in one. Is that normal? Can I configure it
somewhere?
Here is the log I get:
Jul 2 14:33:45 floor perdition[9781]: Connect: xx.xx.xx.xx -> [IP proxy]
Jul 2 14:33:45 floor perdition[9781]: SSL connection using AES128-SHA
Jul 2 14:33:45 floor perdition[9781]: SELF: "* OK IMAP4 Ready floor
0001d839\r\n"
Jul 2 14:33:46 floor perdition[9781]: CLIENT: "1.584 CAPABILITY\r\n"
Jul 2 14:33:46 floor perdition[9781]: SELF: "* CAPABILITY IMAP4
IMAP4REV1\r\n"
Jul 2 14:33:46 floor perdition[9781]: SELF: "1.584 OK CAPABILITY\r\n"
Jul 2 14:33:46 floor perdition[9781]: CLIENT: "2.584 LOGIN piekjepuk
6012417\r\n"
Jul 2 14:33:46 floor perdition[9781]: username_add_domain: username_add_domain 0 1
0x807bd1c
Jul 2 14:33:46 floor perdition[9781]: getserver: do_dbserver_get
Jul 2 14:33:46 floor perdition[9781]: SSL connection using AES256-SHA
Jul 2 14:33:46 floor perdition[9781]: REAL: "* OK Zarafa IMAP gateway
ready\r\n"
Jul 2 14:33:46 floor perdition[9781]: SELF: "flim07 CAPABILITY\r\n"
Jul 2 14:33:46 floor perdition[9781]: REAL: "* CAPABILITY IMAP4rev1 CHILDREN
XAOL-OPTION IDLE\r\n"
Jul 2 14:33:46 floor perdition[9781]: REAL: "flim07 OK CAPABILITY
Completed\r\n"
Jul 2 14:33:46 floor perdition[9781]: SELF: "flim08 LOGIN {6}\r\n"
Jul 2 14:33:46 floor perdition[9781]: REAL: "flim08 BAD LOGIN must have 2
arguments\r\n"
Jul 2 14:33:46 floor perdition[9781]: imap4_out_response: invalid tag from server 1
Jul 2 14:33:46 floor perdition[9781]: imap4_out_authenticate: imap4_out_response login
Jul 2 14:33:46 floor perdition[9781]: SELF: "piekjepuk {7}\r\n"
Jul 2 14:33:46 floor perdition[9781]: REAL: "piekjepuk BAD Command not
recognized\r\n"
Jul 2 14:33:46 floor perdition[9781]: imap4_out_response: invalid tag from server 1
Jul 2 14:33:46 floor perdition[9781]: imap4_out_authenticate: imap4_out_response name
Jul 2 14:33:46 floor perdition[9781]: SELF: "6012417\r\n"
Jul 2 14:33:46 floor perdition[9781]: REAL: "* BAD Command not
recognized\r\n"
Jul 2 14:33:46 floor perdition[9781]: SELF: "* BAD Command not
recognized\r\n"
Jul 2 14:34:46 floor perdition[9781]: REAL: "* BYE Connection closed because of
timeout\r\n"
Jul 2 14:34:46 floor perdition[9781]: SELF: "* BYE Connection closed because of
timeout\r\n"
Jul 2 14:34:46 floor perdition[9781]: REAL: ""
Jul 2 14:34:46 floor perdition[9781]: token_read: token_fill_buffer
Jul 2 14:34:46 floor perdition[9781]: read_line: token_read
Jul 2 14:34:46 floor perdition[9781]: imap4_out_response: read_line
Jul 2 14:34:46 floor perdition[9781]: imap4_out_authenticate: imap4_out_response passwd
Jul 2 14:34:46 floor perdition[9781]: main: protocol->out_authenticate -1
Jul 2 14:34:46 floor perdition[9781]: Fatal error authenticating user. Exiting child.
Any ideas? Thank you very much in advance!
Best regards,
--
Xesc
9 Jul
9 Jul
11:48 a.m.
On Thu, Jul 02, 2009 at 03:10:39PM +0200, TOPdesk Systeembeheer (beheer(a)TOPdesk.com)
wrote:
Hi everybody,
Since an upgrade to our backend IMAPS server (Zarafa 6.20.7), we have some trouble
authenticating via our perdition IMAP4S proxy (version 1.17-7etch1). I've enabled
debug and connection logging, and I see that the LOGIN command is splitted in 3 lines
instead of sending the whole command in one. Is that normal? Can I configure it somewhere?
Hi,
Sorry for the delay, I have been away.
its a while since I wrote that section of the code, so forgive me if I am a
little lose with the terminology surrounding it. The IMAP specification
allows for two different login formats. A simple one-line format. And a
slightly more complex multi-line format. The advantage of the latter being
that it can cope with any character in the username and password, as
opposed to the simple format which, for instance, doesn't allow for spaces
in the username.
For this reason perdition always uses the more complex format when talking
to real servers - it saves having to detect if the short format can be used
or not. Unfortunately it seems that your IMAP daemon doesn't support this
format (as indeed early versions of perdition did not).
Are you in a position to modify the perdition code? If so, it would be
good to see if changing to the short-format resolves your problem. The
relevant code is in imap4_out_authenticate() in perdition/imap4_out.c
If that works, I guess it would be good to provide an option to tell
perdition to use the short format - and perhaps return and appropriate
error if the username and login supplied can't use the short format.
Alternatively, if my diagnosis is correct, it might be good
to get this fixed in your IMAP daemon.
10 Jul
10 Jul
9:49 a.m.
On Thu July 9 2009 13:48:37 Simon Horman wrote:
On Thu, Jul 02, 2009 at 03:10:39PM +0200, TOPdesk
Systeembeheer
(beheer(a)TOPdesk.com) wrote:
> Since an upgrade to our backend IMAPS server (Zarafa 6.20.7), we
> have some trouble authenticating via our perdition IMAP4S proxy
> (version 1.17-7etch1). I've enabled debug and connection logging,
> and I see that the LOGIN command is splitted in 3 lines instead of
> sending the whole command in one. Is that normal? Can I configure
> it somewhere?
<.../...>
Are you in a position to modify the perdition code?
If so, it would
be good to see if changing to the short-format resolves your problem.
The relevant code is in imap4_out_authenticate() in
perdition/imap4_out.c
Hi,
Here we just had to do the trick because of a bad IMAP server
implementation too.
For the purpose I modified the imap4_out.c code (diff attached) but as
I'm not a C guru I don't know if it's the best way.
Regards.
2 Apr
2 Apr
10:57 p.m.
Am 09.07.2009 13:48, schrieb Simon Horman:
On Thu, Jul 02, 2009 at 03:10:39PM +0200, TOPdesk
Systeembeheer (beheer(a)TOPdesk.com) wrote:
Dear Simon,
today I crossed the exact same problem using perdition as a DMZ proxy in
front of a Zarafa gateway IMAP server.
Can you tell us to which RFC you are refering? In RFC3501 for IMAP
version 4rev1 I see just the "<prefix> login username password" syntax.
Especially 6.2.3. is about the LOGIN command.
I am willing to make an RFE against Zarafa if I can point to an RFC.
Though I think RFC3501 is still the standard and perdition lacks a
standard IMAP login method from that point of view.
Best regards
Alexander
Hi everybody,
Since an upgrade to our backend IMAPS server (Zarafa 6.20.7), we have some trouble
authenticating via our perdition IMAP4S proxy (version 1.17-7etch1). I've enabled
debug and connection logging, and I see that the LOGIN command is splitted in 3 lines
instead of sending the whole command in one. Is that normal? Can I configure it somewhere?
Hi,
Sorry for the delay, I have been away.
its a while since I wrote that section of the code, so forgive me if I am a
little lose with the terminology surrounding it. The IMAP specification
allows for two different login formats. A simple one-line format. And a
slightly more complex multi-line format. The advantage of the latter being
that it can cope with any character in the username and password, as
opposed to the simple format which, for instance, doesn't allow for spaces
in the username.
For this reason perdition always uses the more complex format when talking
to real servers - it saves having to detect if the short format can be used
or not. Unfortunately it seems that your IMAP daemon doesn't support this
format (as indeed early versions of perdition did not).
Are you in a position to modify the perdition code? If so, it would be
good to see if changing to the short-format resolves your problem. The
relevant code is in imap4_out_authenticate() in perdition/imap4_out.c
If that works, I guess it would be good to provide an option to tell
perdition to use the short format - and perhaps return and appropriate
error if the username and login supplied can't use the short format.
Alternatively, if my diagnosis is correct, it might be good
to get this fixed in your IMAP daemon.
5 Apr
5 Apr
11:52 p.m.
On Sat, Apr 03, 2010 at 12:57:08AM +0200, Alexander Dalloz wrote:
Am 09.07.2009 13:48, schrieb Simon Horman:
> On Thu, Jul 02, 2009 at 03:10:39PM +0200, TOPdesk Systeembeheer (beheer(a)TOPdesk.com)
wrote:
>> Hi everybody,
>>
>> Since an upgrade to our backend IMAPS server (Zarafa 6.20.7), we have some
trouble authenticating via our perdition IMAP4S proxy (version 1.17-7etch1). I've
enabled debug and connection logging, and I see that the LOGIN command is splitted in 3
lines instead of sending the whole command in one. Is that normal? Can I configure it
somewhere?
>
> Hi,
>
> Sorry for the delay, I have been away.
>
> its a while since I wrote that section of the code, so forgive me if I am a
> little lose with the terminology surrounding it. The IMAP specification
> allows for two different login formats. A simple one-line format. And a
> slightly more complex multi-line format. The advantage of the latter being
> that it can cope with any character in the username and password, as
> opposed to the simple format which, for instance, doesn't allow for spaces
> in the username.
>
> For this reason perdition always uses the more complex format when talking
> to real servers - it saves having to detect if the short format can be used
> or not. Unfortunately it seems that your IMAP daemon doesn't support this
> format (as indeed early versions of perdition did not).
>
> Are you in a position to modify the perdition code? If so, it would be
> good to see if changing to the short-format resolves your problem. The
> relevant code is in imap4_out_authenticate() in perdition/imap4_out.c
>
> If that works, I guess it would be good to provide an option to tell
> perdition to use the short format - and perhaps return and appropriate
> error if the username and login supplied can't use the short format.
>
> Alternatively, if my diagnosis is correct, it might be good
> to get this fixed in your IMAP daemon.
Hi Alexander,
Dear Simon,
today I crossed the exact same problem using perdition as a DMZ proxy in
front of a Zarafa gateway IMAP server.
Can you tell us to which RFC you are refering? In RFC3501 for IMAP
version 4rev1 I see just the "<prefix> login username password" syntax.
Especially 6.2.3. is about the LOGIN command.
I was referring to section 4.3 of RFC3501. I believe that
the user name and password arguments to the LOGIN command
(6.2.3) are considered Strings.
I am willing to make an RFE against Zarafa if I can
point to an RFC.
Though I think RFC3501 is still the standard and perdition lacks a
standard IMAP login method from that point of view.
It is certainly true that perdition is not completely RFC compliant.
And that is something that really ought to be fixed.
Perhaps a good solution to this would be to add the PLAIN authentication
mechanism to perdition. I wonder if that would resolve the problem at hand.
5138
days inactive
5415
days old
4 comments
4 participants
participants (4)
-
Alexander Dalloz -
FCa -
Simon Horman -
TOPdesk Systeembeheer (beheer@TOPdesk.com)