<<< Date Index >>>     <<< Thread Index >>>

Re: Bug in PLAIN auth over SSL with sasl

* Brendan Cully <brendan@xxxxxxxxxx> [Jan 11. 2005 19:19]:
> > > > It happens with cyrus-sasl 2.1.19 and 1.5.6 and was reported when
> > > > connecting to Domino 6.5.3 HF 218 and Domino 6.5.1 HF 561 imap servers.
> > > 
> > > I also remeber that there were some SASL patches *after* mutt-1.5.6
> > > commitet to the CVS.
> > 
> > Might be.
> 
> In fact it appears to have been fixed post 1.5.6 (auth_sasl.c:3.4,
> 2004/04/12). Please try CVS HEAD and let us know whether the problem
> is indeed solved.

This patch fixed it. Thanks.

--- mutt-1.5.6/imap/imap.c      2004-02-01 18:10:58.000000000 +0100
+++ mutt/imap/imap.c    2005-01-11 19:39:53.823436663 +0100
@@ -426,7 +426,7 @@
          {
            mutt_error (_("Could not negotiate TLS connection"));
            mutt_sleep (1);
-           goto bail;
+           goto err_close_conn;
          }
          else
          {
@@ -456,6 +456,7 @@
 
  err_close_conn:
   mutt_socket_close (idata->conn);
+  idata->state = IMAP_DISCONNECTED;
  bail:
   FREE (&idata->capstr);
   return -1;
@@ -778,22 +779,9 @@
   imap_cmd_start (idata, "LOGOUT");
   while (imap_cmd_step (idata) == IMAP_CMD_CONTINUE)
     ;
-}
 
-int imap_close_connection (CONTEXT *ctx)
-{
-  dprint (1, (debugfile, "imap_close_connection(): closing connection\n"));
-  /* if the server didn't shut down on us, close the connection gracefully */
-  if (CTX_DATA->status != IMAP_BYE)
-  {
-    mutt_message _("Closing connection to IMAP server...");
-    imap_logout (CTX_DATA);
-    mutt_clear_error ();
-  }
-  mutt_socket_close (CTX_DATA->conn);
-  CTX_DATA->state = IMAP_DISCONNECTED;
-  CTX_DATA->conn->data = NULL;
-  return 0;
+  FREE(& idata->cmd.buf);
+  FREE(& idata);
 }
 
 /* imap_set_flag: append str to flags if we currently have permission
--- mutt-1.5.6/imap/auth_sasl.c 2003-11-05 10:41:36.000000000 +0100
+++ mutt/imap/auth_sasl.c       2005-01-11 19:39:53.740451221 +0100
@@ -116,12 +116,19 @@
   irc = IMAP_CMD_CONTINUE;
 
   /* looping protocol */
-  while (rc == SASL_CONTINUE)
+  while (rc == SASL_CONTINUE || olen > 0)
   {
     do
       irc = imap_cmd_step (idata);
     while (irc == IMAP_CMD_CONTINUE);
 
+    if (method && irc == IMAP_CMD_NO)
+    {
+      dprint (2, (debugfile, "imap_auth_sasl: %s failed\n", method));
+      sasl_dispose (&saslconn);
+      return IMAP_AUTH_UNAVAIL;
+    }
+
     if (irc == IMAP_CMD_BAD || irc == IMAP_CMD_NO)
       goto bail;
 
@@ -180,6 +187,8 @@
       mutt_socket_write (idata->conn, "*\r\n");
       dprint (1, (debugfile, "imap_auth_sasl: sasl_client_step error 
%d\n",rc));
     }
+         
+    olen = 0;
   }
 
   while (irc != IMAP_CMD_OK)

-- 
Mads Martin Joergensen, http://mmj.dk
"Why make things difficult, when it is possible to make them cryptic
 and totally illogical, with just a little bit more effort?"
                                -- A. P. J.