| Summary: | Refuse to LOGIN when hasCapability("LOGINDISABLED") | ||
|---|---|---|---|
| Product: | [Unmaintained] kio | Reporter: | Magnus Holmgren <holmgren> |
| Component: | imap | Assignee: | kdepim bugs <pim-bugs-null> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | jkt |
| Priority: | NOR | ||
| Version First Reported In: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Debian testing | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
| Attachments: |
Abort login if disabled
Abort login if disabled |
||
|
Description
Magnus Holmgren
2006-05-08 19:08:48 UTC
In addition, RFC 3501 section 7.2.1 states: An IMAP client MUST NOT issue the LOGIN command if the server advertises the LOGINDISABLED capability. Created attachment 15983 [details]
Abort login if disabled
And here is my proposed, but yet-to-be-tested solution.
Good idea but this can only be included in kde 4 as it introduces a new string. Just one more reminder and request for a core developer to check this bug and patch out (and in) before the string unfreeze ends today, please. SVN commit 586077 by winterz:
Fix for "Refuse to LOGIN when hasCapability("LOGINDISABLED")"
Patch provided by Magnus, and approved by Carsten.
And also Till says it looks ok too.
BUGS: 126975
M +33 -25 imap4.cc
--- branches/KDE/3.5/kdepim/kioslaves/imap4/imap4.cc #586076:586077
@@ -152,7 +152,7 @@
#ifdef HAVE_LIBSASL2
sasl_done();
#endif
-
+
return 0;
}
@@ -747,7 +747,7 @@
}
readBufferLen -= copyLen;
- if (readBufferLen)
+ if (readBufferLen)
memmove(readBuffer, &readBuffer[copyLen], readBufferLen);
if (buffer[buffer.size() - 1] == '\n') return TRUE;
}
@@ -945,10 +945,10 @@
if (type == ITYPE_BOX)
{
bool ask = ( aInfo.find( "ASKUSER" ) != -1 );
- if ( ask &&
+ if ( ask &&
messageBox(QuestionYesNo,
i18n("The following folder will be created on the server: %1 "
- "What do you want to store in this folder?").arg( aBox ),
+ "What do you want to store in this folder?").arg( aBox ),
i18n("Create Folder"),
i18n("&Messages"), i18n("&Subfolders")) == KMessageBox::No )
{
@@ -1212,7 +1212,7 @@
* No-op: data = 'N'
* Namespace: data = 'n'. Result shipped in infoMessage() signal
* The format is: section=namespace=delimiter
- * Note that the namespace can be empty
+ * Note that the namespace can be empty
* Unsubscribe: data = 'U' + URL (KURL)
* Subscribe: data = 'u' + URL (KURL)
* Change the status: data = 'S' + URL (KURL) + Flags (QCString)
@@ -1264,7 +1264,7 @@
break;
}
case 'n':
- {
+ {
// namespace in the form "section=namespace=delimiter"
// entries are separated by ,
infoMessage( imapNamespaces.join(",") );
@@ -1313,7 +1313,7 @@
finished();
break;
}
- case 'A':
+ case 'A':
{
// acl
int cmd;
@@ -1325,7 +1325,7 @@
}
break;
}
- case 'M':
+ case 'M':
{
// annotatemore
int cmd;
@@ -1337,7 +1337,7 @@
}
break;
}
- case 'S':
+ case 'S':
{
// status
KURL _url;
@@ -1374,7 +1374,7 @@
finished();
break;
}
- case 'E':
+ case 'E':
{
// search
specialSearchCommand( stream );
@@ -1665,7 +1665,7 @@
QString aBox, aSequence, aLType, aSection, aValidity, aDelimiter, aInfo;
// parseURL with caching
enum IMAP_TYPE aType =
- parseURL (_url, aBox, aSection, aLType, aSequence, aValidity, aDelimiter,
+ parseURL (_url, aBox, aSection, aLType, aSequence, aValidity, aDelimiter,
aInfo, true);
UDSEntry entry;
@@ -1924,16 +1924,24 @@
} else completeQueue.removeRef(cmd);
}
- if (!myAuth.isEmpty () && myAuth != "*"
- && !hasCapability (QString ("AUTH=") + myAuth))
- {
- error (ERR_COULD_NOT_LOGIN, i18n("The authentication method %1 is not "
- "supported by the server.").arg(myAuth));
- closeConnection();
- return false;
+ if ( myAuth.isEmpty () || myAuth == "*" ) {
+ if ( hasCapability( QString( "LOGINDISABLED" ) ) ) {
+ error( ERR_COULD_NOT_LOGIN, i18n("LOGIN is disabled by the server.") );
+ closeConnection();
+ return false;
+ }
+ else {
+ if ( !hasCapability( QString( "AUTH=" ) + myAuth ) ) {
+ error( ERR_COULD_NOT_LOGIN,
+ i18n("The authentication method %1 is not "
+ "supported by the server.").arg( myAuth ) );
+ closeConnection();
+ return false;
+ }
+ }
}
- if ( greeting.contains( QRegExp( "Cyrus IMAP4 v2.1" ) ) ) {
+ if ( greeting.contains( QRegExp( "Cyrus IMAP4 v2.1" ) ) ) {
removeCapability( "ANNOTATEMORE" );
}
@@ -1961,7 +1969,7 @@
}
else
{
-#ifdef HAVE_LIBSASL2
+#ifdef HAVE_LIBSASL2
if (!clientAuthenticate (this, authInfo, myHost, myAuth, mySSL, resultInfo))
error(KIO::ERR_COULD_NOT_LOGIN, i18n("Unable to authenticate via %1.\n"
"The server %2 replied:\n%3").arg(myAuth).arg(myHost).arg(resultInfo));
@@ -2002,12 +2010,12 @@
if ( it != listResponses.end() )
{
namespaceToDelimiter[QString::null] = (*it).hierarchyDelimiter();
- kdDebug(7116) << "makeLogin - delimiter for empty ns='" <<
+ kdDebug(7116) << "makeLogin - delimiter for empty ns='" <<
(*it).hierarchyDelimiter() << "'" << endl;
if ( !hasCapability("NAMESPACE") )
{
// server does not support namespaces
- QString nsentry = QString::number( 0 ) + "=="
+ QString nsentry = QString::number( 0 ) + "=="
+ (*it).hierarchyDelimiter();
imapNamespaces.append( nsentry );
}
@@ -2336,7 +2344,7 @@
}
}
// if we got no list response for the box see if it's a prefix
- if ( retVal == ITYPE_UNKNOWN &&
+ if ( retVal == ITYPE_UNKNOWN &&
namespaceToDelimiter.contains(_box) ) {
retVal = ITYPE_DIR;
}
@@ -2354,7 +2362,7 @@
else
kdDebug(7116) << "IMAP4::parseURL: no login!" << endl;
- }
+ }
else // empty box
{
// the root is just a dir
@@ -2383,7 +2391,7 @@
if ( _hierarchyDelimiter.isEmpty() &&
(_type == "LIST" || _type == "LSUB" || _type == "LSUBNOCHECK") )
{
- // this shouldn't happen but when the delimiter is really empty
+ // this shouldn't happen but when the delimiter is really empty
// we try to reconstruct it from the URL
if (!_box.isEmpty())
{
Magnus, I will need to revert this patch unless you can give me a fix for your fix very quickly (today). During my testing I am unable to access a Kolab server. I continually get the message "The authentication method * is not supported by the server." And then I am prompted for a username and password. But access fails anyway. The patch as you applied it differs from my patch which in turn differs from the changes I actually made to that file (and nobody spotted the unbalanced braces?).
The relevant block should of course read
if (myAuth.isEmpty () || myAuth == "*") {
if (hasCapability (QString ("LOGINDISABLED"))) {
error (ERR_COULD_NOT_LOGIN, i18n("LOGIN is disabled by the server."));
closeConnection();
return false;
}
}
else {
if (!hasCapability (QString ("AUTH=") + myAuth)) {
error (ERR_COULD_NOT_LOGIN, i18n("The authentication method %1 is not "
"supported by the server.").arg(myAuth));
closeConnection();
return false;
}
}
Created attachment 17852 [details]
Abort login if disabled
SVN commit 586730 by winterz:
fix my silly typos to Magnus' patch. Lucky I tested.
BUGS: 126975
M +10 -11 imap4.cc
--- branches/KDE/3.5/kdepim/kioslaves/imap4/imap4.cc #586729:586730
@@ -1924,20 +1924,19 @@
} else completeQueue.removeRef(cmd);
}
- if ( myAuth.isEmpty () || myAuth == "*" ) {
- if ( hasCapability( QString( "LOGINDISABLED" ) ) ) {
- error( ERR_COULD_NOT_LOGIN, i18n("LOGIN is disabled by the server.") );
+ if (myAuth.isEmpty () || myAuth == "*") {
+ if (hasCapability (QString ("LOGINDISABLED"))) {
+ error (ERR_COULD_NOT_LOGIN, i18n("LOGIN is disabled by the server."));
closeConnection();
return false;
}
- else {
- if ( !hasCapability( QString( "AUTH=" ) + myAuth ) ) {
- error( ERR_COULD_NOT_LOGIN,
- i18n("The authentication method %1 is not "
- "supported by the server.").arg( myAuth ) );
- closeConnection();
- return false;
- }
+ }
+ else {
+ if (!hasCapability (QString ("AUTH=") + myAuth)) {
+ error (ERR_COULD_NOT_LOGIN, i18n("The authentication method %1 is not "
+ "supported by the server.").arg(myAuth));
+ closeConnection();
+ return false;
}
}
|