Re: Workaround iCloud IMAP Bug (add CAPABILITY request post-login)

Fri, 20 May 2022 05:17:43 -0700 

On Thu, May 19, 2022 at 11:16:45PM +0100, Sabahattin Gucukoglu wrote:
On 17 May 2022, at 09:56, Oswald Buddenhagen <oswald.buddenha...@gmx.de> wrote: 
does the weirdness persist?


Yes. Sending a single CAPABILITY request immediately after login to iCloud IMAP 
is all that’s required to make their proxy transparent again.


mind giving the attached patche series a shot?

>From c0de90bbec4dcee94b3f3fc48547dcdebc18bee5 Mon Sep 17 00:00:00 2001
From: Oswald Buddenhagen <o...@users.sf.net>
Date: Thu, 9 Dec 2021 11:42:40 +0100
Subject: [PATCH 1/2] re-issue IMAP CAPABILITY after authentication

... if the server didn't include a corresponding response code by
itself. required for the sorry excuse of an imap server that ms
exchange is.
---
 src/drv_imap.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/drv_imap.c b/src/drv_imap.c
index fb8d165..deb20cf 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -1903,6 +1903,7 @@ static void imap_open_store_authenticate_p3( imap_store_t *, imap_cmd_t *, int )
 #endif
 static void imap_open_store_authenticate2( imap_store_t * );
 static void imap_open_store_authenticate2_p2( imap_store_t *, imap_cmd_t *, int );
+static void imap_open_store_authenticate2_p3( imap_store_t *, imap_cmd_t *, int );
 static void imap_open_store_compress( imap_store_t * );
 #ifdef HAVE_LIBZ
 static void imap_open_store_compress_p2( imap_store_t *, imap_cmd_t *, int );
@@ -2469,6 +2470,7 @@ imap_open_store_authenticate2( imap_store_t *ctx )
 
 		cmd = new_imap_cmd( sizeof(*cmd) );
 		cmd->param.cont = do_sasl_auth;
+		ctx->caps = 0;
 		imap_exec( ctx, cmd, done_sasl_auth, enc ? "AUTHENTICATE %s %s" : "AUTHENTICATE %s", gotmech, enc );
 		free( enc );
 		return;
@@ -2491,6 +2493,7 @@ imap_open_store_authenticate2( imap_store_t *ctx )
 		if (!ctx->conn.ssl)
 #endif
 			warn( "*** IMAP Warning *** Password is being sent in the clear\n" );
+		ctx->caps = 0;
 		imap_exec( ctx, NULL, imap_open_store_authenticate2_p2,
 		           "LOGIN \"%\\s\" \"%\\s\"", srvc->user, srvc->pass );
 		return;
@@ -2509,6 +2512,19 @@ imap_open_store_authenticate2( imap_store_t *ctx )
 
 static void
 imap_open_store_authenticate2_p2( imap_store_t *ctx, imap_cmd_t *cmd ATTR_UNUSED, int response )
+{
+	if (response == RESP_NO) {
+		imap_open_store_bail( ctx, FAIL_FINAL );
+	} else if (response == RESP_OK) {
+		if (!ctx->caps)
+			imap_exec( ctx, NULL, imap_open_store_authenticate2_p3, "CAPABILITY" );
+		else
+			imap_open_store_compress( ctx );
+	}
+}
+
+static void
+imap_open_store_authenticate2_p3( imap_store_t *ctx, imap_cmd_t *cmd ATTR_UNUSED, int response )
 {
 	if (response == RESP_NO)
 		imap_open_store_bail( ctx, FAIL_FINAL );
-- 
2.36.1.2.gf906646688


>From bc91b0c221fa5dd4ecb265742a5da78bb1603f3e Mon Sep 17 00:00:00 2001
From: Oswald Buddenhagen <o...@users.sf.net>
Date: Fri, 20 May 2022 09:54:50 +0200
Subject: [PATCH 2/2] workaround iCloud IMAP bug

thanks to Sabahattin Gucukoglu <listse...@me.com> for the thorough
investigation.

REFMAIL: <29c5e84d-5fe7-47bb-9a14-2ec34d392...@me.com>
---
 src/drv_imap.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/drv_imap.c b/src/drv_imap.c
index deb20cf..6a9f488 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -126,6 +126,7 @@ union imap_store {
 		enum { FetchNone, FetchMsgs, FetchUidNext } fetch_sts;
 		uint got_namespace:1;
 		uint has_forwarded:1;
+		uint capability_hack:1;
 		char delimiter[2];  // Hierarchy delimiter
 		char *ns_prefix, ns_delimiter;  // NAMESPACE info
 		string_list_t *boxes;  // _list results
@@ -1311,6 +1312,8 @@ parse_response_code( imap_store_t *ctx, imap_cmd_t *cmd, char *s )
 		}
 		*p = 0;
 		parse_capability( ctx, s );
+		if (strstr( p + 1, "mac.com IMAP4 service (Oracle Communications Messaging Server" ))
+			ctx->capability_hack = 1;
 	} else if (!strcmp( "ALERT]", arg )) {
 		/* RFC2060 says that these messages MUST be displayed
 		 * to the user
@@ -2516,7 +2519,13 @@ imap_open_store_authenticate2_p2( imap_store_t *ctx, imap_cmd_t *cmd ATTR_UNUSED
 	if (response == RESP_NO) {
 		imap_open_store_bail( ctx, FAIL_FINAL );
 	} else if (response == RESP_OK) {
-		if (!ctx->caps)
+		// iCloud (imap.mail.me.com) apparently runs the real server behind a
+		// proxy that injects XAPPLEPUSHSERVICE into (and deletes STARTTLS from)
+		// the server's outgoing data stream following occurrences of CAPABILITY.
+		// This process is rather indiscriminate, so it will mess up IMAP
+		// literals if it is not deactivated in time by issuing a (redundant)
+		// CAPABILITY command after logging in.
+		if (!ctx->caps || ctx->capability_hack)
 			imap_exec( ctx, NULL, imap_open_store_authenticate2_p3, "CAPABILITY" );
 		else
 			imap_open_store_compress( ctx );
-- 
2.36.1.2.gf906646688


_______________________________________________
isync-devel mailing list
isync-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/isync-devel






















					Reply via email to