Bug 249992 - Can't log in to IMAP server using non plain text auth mechanism
Summary: Can't log in to IMAP server using non plain text auth mechanism
Status: RESOLVED FIXED
Alias: None
Product: Akonadi
Classification: Frameworks and Libraries
Component: IMAP resource (show other bugs)
Version: 1.4.0
Platform: Compiled Sources Linux
: NOR normal
Target Milestone: ---
Assignee: Kevin Ottens
URL:
Keywords:
: 270635 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-09-03 12:28 UTC by Bernhard Rosenkraenzer
Modified: 2012-02-15 16:23 UTC (History)
14 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments
Another variant of the fix (1.26 KB, patch)
2011-11-07 23:22 UTC, Bernhard Rosenkraenzer
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Bernhard Rosenkraenzer 2010-09-03 12:28:46 UTC
Version:           1.4.0 (using KDE 4.5.0) 
OS:                Linux

When trying to set up an account on a IMAP server running dovecot 2.0.1, akonadi (run from kmail) complains

The server refused the supplied username and password. Do you want to go to settings, have another attempt at logging in, or do nothing?
SASL(0): successful result:

The login actually succeeded (if I type the password again in the dialog, I get "IMAP session in the wrong state for authentication" because I'm already logged in), but kmail/akonadi thinks it didn't.

The SASL version in use is cyrus-sasl 2.1.24-rc1.

Reproducible: Always

Steps to Reproduce:
Try to configure an IMAP account on a dovecot 2.0.1 server with kmail from the 4.5 branch in SVN

Actual Results:  
Fails with
SASL(0): successful result:

Expected Results:  
Succeeds
Comment 1 Bernhard Rosenkraenzer 2010-12-17 11:00:23 UTC
I can't reproduce this anymore with 4.6.0-beta2, assuming it's fixed
Comment 2 Alexey Shvetsov 2011-02-20 16:19:35 UTC
this bug seems still valid
at least with dovecot-2.0.9
and kdepim buld from git master or with latest kdepim-4.6.x beta
Comment 3 Christophe Marin 2011-04-11 15:15:55 UTC
*** Bug 270635 has been marked as a duplicate of this bug. ***
Comment 4 ancow 2011-04-30 12:52:34 UTC
I've just experienced this bug and it doesn't seem to occur with the cleartext login method (it does with both CRAM-MD5 and PLAIN).
Comment 5 Klaus Weidenbach 2011-06-27 20:04:56 UTC
The problem still exists with dovecot-2.0.13 and KDE 4.6.4. The autocheck function selects SSL/TLS and PLAIN, but it is not working. If I select cleartext I can access the IMAP account.
Comment 6 Martin Samek 2011-07-13 21:47:36 UTC
Yes, bug is still valid. I can confirm it witch kontakt 4.6.0  and dovecot 2.0.13. This issue is caused by this change in dovecot:

http://dovecot.org/list/dovecot/2010-April/048147.html

Other clients works like a charm, but kmail fails.
Comment 7 Rob Wouters 2011-08-22 18:41:14 UTC
Patch against kdepimlibs that fixes this bug for me:

--- kimap/loginjob.cpp.orig     2011-08-22 20:27:30.526267893 +0200
+++ kimap/loginjob.cpp  2011-08-22 20:38:11.555674184 +0200
@@ -324,7 +324,9 @@
     }
   } else if ( response.content.size() >= 2 ) {
     if ( d->authState == LoginJobPrivate::Authenticate ) {
-      if (!d->answerChallenge(QByteArray::fromBase64(response.content[1].toString()))) {
+      //if we're receiving post-login capabilities, ignore them here
+      //capabilities are being set by capabilitiesjob after
+      if (response.content[1].toString()!="CAPABILITY" && !d->answerChallenge(QByteArray::fromBase64(response.content[1].toString()))) {
         emitResult(); //error, we're done
       }
     } else if ( response.content[1].toString()=="CAPABILITY" ) {

Please test and let me know if it works and doesn't cause regressions.
Comment 8 Harm 2011-08-26 00:08:19 UTC
Patch works for me using kmail-4.7.0 and dovecot-2.0.13 with sasl.
Comment 9 Christophe Marin 2011-08-28 21:12:17 UTC
Rob, can you submit your patch to https://git.reviewboard.kde.org please (group 'kdepimlibs').

A small unit test would also help
Comment 10 Sam 2011-11-07 23:12:05 UTC
Patch works for me as well. Using kmail 4.7.3 and dovecot-2.0.15. It would have been nice if this patch submitted in Aug. made it to at least 4.7.3.
Comment 11 Bernhard Rosenkraenzer 2011-11-07 23:22:24 UTC
Created attachment 65371 [details]
Another variant of the fix

The patch works for me too - but I wonder if just switching the if() statements wouldn't be a better fix (patch attached).
Comment 12 Allen Winter 2011-11-08 18:00:12 UTC
ervin, I would like to see this fix in the next bugfix release of KDE 4.7.x

could you give the thumbs-up or down on this patch?
Comment 13 Peter Mühlenpfordt 2012-01-16 18:34:49 UTC
Bug still exists in Kontact/Kmail 4.8 rc2 (Kubuntu testing, 12.04/precise).
Tested with latest auto built package of dovecot (2.0.17) running on debian.
Comment 14 Oleg Girko 2012-02-02 22:03:54 UTC
The patch provided in comment #11 fixes the problem only partially.

Reordering if branches makes LOGIN authentication work, but other authentication methods get refused when SSL connection is used because the unsolicited untagged CAPABILITY response to AUTHENTICATE command does not contain "AUTH=" capabilities.

It's interesting to note that everything works fine if unencrypted connection is used, because KIMAP::LoginJob does not send CAPABILITY command when connection is not encrypted, so Dovecot IMAP server does not send unsolicited untagged CAPABILITY response to AUTHENTICATE command later. Not sending CAPABILITY command when unencrypted connection is used can be considered as a separate bug.

The logic in KIMAP::LoginJob::handleResponse() method is difficult to understand, do I've refactored it and made it more correct.

Please take a look at the following review request:
https://git.reviewboard.kde.org/r/103854/
The patch in this review request fixes this bug.
Comment 15 Kevin Ottens 2012-02-12 11:17:43 UTC
*** Bug 267884 has been marked as a duplicate of this bug. ***
Comment 16 Kevin Ottens 2012-02-12 11:19:58 UTC
Rewording the title a bit, it's more widespread than just dovecot, it's about
AUTHENTICATE command.
Comment 17 Oleg Girko 2012-02-14 22:03:50 UTC
Git commit 07e337d8965fe5aa334bd60a5141031168b1ac62 by Oleg Girko.
Committed on 14/02/2012 at 22:51.
Pushed by girko into branch 'master'.

Refactoring KIMAP::LoginJob::handleResponse() method for better correctness.

Besides better readability, this makes handleResponse() method
handle not only untagged response caused by CAPABILITY command,
but also unsolicited untagged CAPABILITY response caused by AUTHENTICATE
command which is returned by Dovecot IMAP server for compatibility with
MS Outlook.
This fixes bug #249992.
REVIEW: 103854

M  +136  -82   kimap/loginjob.cpp

http://commits.kde.org/kdepimlibs/07e337d8965fe5aa334bd60a5141031168b1ac62
Comment 18 Oleg Girko 2012-02-14 22:43:18 UTC
Git commit b4809337d8bd1de9274f5aa7f9284f22c579fdcd by Oleg Girko.
Committed on 14/02/2012 at 22:51.
Pushed by girko into branch 'KDE/4.8'.

Refactoring KIMAP::LoginJob::handleResponse() method for better correctness.

Besides better readability, this makes handleResponse() method
handle not only untagged response caused by CAPABILITY command,
but also unsolicited untagged CAPABILITY response caused by AUTHENTICATE
command which is returned by Dovecot IMAP server for compatibility with
MS Outlook.
This fixes bug #249992.
REVIEW: 103854

M  +136  -82   kimap/loginjob.cpp

http://commits.kde.org/kdepimlibs/b4809337d8bd1de9274f5aa7f9284f22c579fdcd
Comment 19 Oleg Girko 2012-02-15 16:23:12 UTC
Git commit 454bc5fe8603f358c414720d128c79dcd33c9776 by Oleg Girko.
Committed on 14/02/2012 at 22:51.
Pushed by girko into branch 'KDE/4.7'.

Refactoring KIMAP::LoginJob::handleResponse() method for better correctness.

Besides better readability, this makes handleResponse() method
handle not only untagged response caused by CAPABILITY command,
but also unsolicited untagged CAPABILITY response caused by AUTHENTICATE
command which is returned by Dovecot IMAP server for compatibility with
MS Outlook.
This fixes bug #249992.
REVIEW: 103854

M  +136  -82   kimap/loginjob.cpp

http://commits.kde.org/kdepimlibs/454bc5fe8603f358c414720d128c79dcd33c9776