Your message dated Tue, 6 Mar 2007 18:11:28 +0100 with message-id <[EMAIL PROTECTED]> and subject line Bug#362238: mutt: fails to NTLM-authenticate vs. M$ Exchange IMAP server has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: mutt Version: 1.5.11+cvs20060403-1 Severity: normal Tags: patch Hi! When using NTLM(SASL) for authenticating against M$ Exchange Server (its IMAP), mutt fails to auth ("SASL authentication failed.") and then hangs when "closing connection to" the server. Debuglog says: > imap_auth_sasl: IMAP caps=IMAP4 IMAP4rev1 IDLE LOGIN-REFERRALS > MAILBOX-REFERRALS NAMESPACE LITERAL+ UIDPLUS CHILDREN AUTH=NTLM > > a0003 AUTHENTICATE NTLM^M > < + > imap_auth_sasl: error base64-decoding server response. > SASL authentication failed. ... > > a0004 LOGOUT^M > < a0003 NO Logon failure: unknown user name or bad password. You can see that mutt misinterpretes "+\r\n" reply from server, but server still expects client to send smth. before beginning challenge. See e.g.: http://www.irbs.net/internet/cyrus-sasl/0409/0076.html http://www.irbs.net/internet/cyrus-sasl/0409/0075.html Both mutt/testing and mutt/unstable are prone to the bug. Similar problem is described in: http://groups.yahoo.com/group/mutt-dev/message/24295 but there reporter claims that mutt hanged _during_ authentication. In my case mutt hangs when exiting (closing connection). I've made a patch, built mutt with it and tested against M$ Exchange -- it works OK. P.S. Technically, it's illegal to decode at offset +2 of buffer without checking how much data is there. There can be 0, or 1 byte... // I mean sasl_decode64 (idata->buf+2, ...) -- WBR, xrgtn -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'oldstable'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i586) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.32-grsec Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages mutt depends on: ii libc6 2.3.6-3 GNU C Library: Shared libraries an ii libdb4.4 4.4.20-3 Berkeley v4.4 Database Libraries [ ii libgnutls12 1.2.9-2 the GNU TLS library - runtime libr ii libidn11 0.5.18-2 GNU libidn library, implementation ii libncursesw5 5.5-1 Shared libraries for terminal hand ii libsasl2 2.1.19-1.9 Authentication abstraction library ii postfix [mail-transport-agent 2.2.9-1 A high-performance mail transport Versions of packages mutt recommends: ii locales 2.3.6-3 GNU C Library: National Language ( ii mime-support 3.36-1 MIME files 'mime.types' & 'mailcap -- no debconf informationIndex: imap/auth_sasl.c =================================================================== RCS file: /var/lib/cvs/deb/mutt/imap/auth_sasl.c,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 auth_sasl.c --- imap/auth_sasl.c 11 Apr 2006 15:04:25 -0000 1.1.1.1 +++ imap/auth_sasl.c 12 Apr 2006 20:10:43 -0000 @@ -130,7 +130,21 @@ imap_auth_res_t imap_auth_sasl (IMAP_DAT if (irc == IMAP_CMD_RESPOND) { - if (sasl_decode64 (idata->buf+2, strlen (idata->buf+2), buf, LONG_STRING-1, &len) != SASL_OK) + size_t ilen = strlen(idata->buf); + dprint (3, (debugfile, "imap_auth_sasl: decoding idata->buf[%i]=%s\n", + ilen, idata->buf)); + if (ilen == 1 && idata->buf[0] == '+') + { + /* decode lone "+" on a line as "+" followed by empty base64 value */ + buf[0] = '\0'; + len = 0; + } + else if (ilen < 2) + { + dprint (1, (debugfile, "imap_auth_sasl: too short server response.\n")); + goto bail; + } + else if (sasl_decode64 (idata->buf+2, ilen-2, buf, LONG_STRING-1, &len) != SASL_OK) { dprint (1, (debugfile, "imap_auth_sasl: error base64-decoding server response.\n")); goto bail;
--- End Message ---
--- Begin Message ---Version: 1.5.13-1 Re: Alexander Gattin 2006-04-12 <[EMAIL PROTECTED]> > When using NTLM(SASL) for authenticating against M$ > Exchange Server (its IMAP), mutt fails to auth ("SASL > authentication failed.") and then hangs when "closing > connection to" the server. > You can see that mutt misinterpretes "+\r\n" reply from > server, but server still expects client to send smth. > before beginning challenge. See e.g.: Hi, this should be fixed in the latest versions. Thanks for reporting. Christoph -- [EMAIL PROTECTED] | http://www.df7cb.de/
signature.asc
Description: Digital signature
--- End Message ---

