Re: Sasl: No worthy mechs found
* Oswald Buddenhagen [2016-12-03 18:03]: > On Sat, Dec 03, 2016 at 05:37:47PM +0100, Oswald Buddenhagen wrote: > > peter's oringinal problem is probably actually expected behavior: > > > when the connection is not encrypted, > > > actually, nonsense, the -V log says it is encrypted. > then the next guess would be that libsasl2-modules is not installed. At least, on my system, libsasl2-modules is installed. cheers, thanks! P -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel
[commit] 1.2: fix LOGIN in SASL builds
commit 2f91e22371fb2b7054e1576f6f85bde429cefec5
Author: Oswald Buddenhagen
Date: Sat Dec 3 20:58:16 2016 +0100
fix LOGIN in SASL builds
if AuthMechs includes more than just LOGIN and the server announces any
AUTH= mechanism, we try SASL. but that can still fail to find any
suitable authentication mechanism, and we must not error out in that
case if we are supposed to fall back to LOGIN.
src/drv_imap.c |6 ++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/src/drv_imap.c b/src/drv_imap.c
index 4bc2fcc..5d77f08 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -1992,6 +1992,8 @@ imap_open_store_authenticate2( imap_store_t *ctx )
rc = sasl_client_new( "imap", srvc->sconf.host, NULL, NULL,
NULL, 0, &ctx->sasl );
if (rc != SASL_OK) {
+ if (rc == SASL_NOMECH)
+ goto notsasl;
if (!ctx->sasl)
goto saslbail;
error( "Error: %s\n", sasl_errdetail( ctx->sasl ) );
@@ -1999,6 +2001,8 @@ imap_open_store_authenticate2( imap_store_t *ctx )
}
rc = sasl_client_start( ctx->sasl, saslmechs + 1, &interact,
CAP(SASLIR) ? &out : NULL, &out_len, &gotmech );
+ if (rc == SASL_NOMECH)
+ goto notsasl;
if (gotmech)
info( "Authenticating with SASL mechanism %s...\n",
gotmech );
/* Technically, we are supposed to loop over
sasl_client_start(),
@@ -2017,6 +2021,8 @@ imap_open_store_authenticate2( imap_store_t *ctx )
imap_exec( ctx, cmd, done_sasl_auth, enc ? "AUTHENTICATE %s %s"
: "AUTHENTICATE %s", gotmech, enc );
free( enc );
return;
+ notsasl:
+ sasl_dispose( &ctx->sasl );
}
#endif
if (auth_login) {
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
isync-devel mailing list
isync-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/isync-devel
[commit] 1.2: make * not match LOGIN even in non-SSL builds
commit 1b235d3d466afea7d41d60d12fb96c4a83b2671e
Author: Oswald Buddenhagen
Date: Sat Dec 3 20:00:38 2016 +0100
make * not match LOGIN even in non-SSL builds
this is consistent with the plain text transmission warning below.
src/drv_imap.c |2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/drv_imap.c b/src/drv_imap.c
index 9d7c824..e91ca36 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -1956,6 +1956,8 @@ imap_open_store_authenticate2( imap_store_t *ctx )
if (!strcasecmp( cmech->string, "LOGIN" )) {
#ifdef HAVE_LIBSSL
if (ctx->conn.ssl || !any)
+#else
+ if (!any)
#endif
auth_login = 1;
#ifdef HAVE_LIBSASL
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
isync-devel mailing list
isync-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/isync-devel
[commit] 1.2: inform user if LOGIN was skipped because of missing SSL
commit 1a707ab1563c8651e5ced0babf344baab6dad039
Author: Oswald Buddenhagen
Date: Sat Dec 3 19:18:12 2016 +0100
inform user if LOGIN was skipped because of missing SSL
'AuthMechs *' technically includes LOGIN, so it is a bit unintuitive
when it's still not used.
src/drv_imap.c | 11 ++-
1 files changed, 10 insertions(+), 1 deletions(-)
diff --git a/src/drv_imap.c b/src/drv_imap.c
index e91ca36..686faef 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -1943,6 +1943,7 @@ imap_open_store_authenticate2( imap_store_t *ctx )
imap_server_conf_t *srvc = cfg->server;
string_list_t *mech, *cmech;
int auth_login = 0;
+ int skipped_login = 0;
#ifdef HAVE_LIBSASL
const char *saslavail;
char saslmechs[1024], *saslend = saslmechs;
@@ -1960,6 +1961,8 @@ imap_open_store_authenticate2( imap_store_t *ctx )
if (!any)
#endif
auth_login = 1;
+ else
+ skipped_login = 1;
#ifdef HAVE_LIBSASL
} else {
int len = strlen( cmech->string );
@@ -2030,7 +2033,7 @@ imap_open_store_authenticate2( imap_store_t *ctx )
if (!auth_login) {
error( "IMAP error: selected SASL mechanism(s) not
available;\n"
" selected:%s\n available: %s\n", saslmechs,
saslavail );
- goto bail;
+ goto skipnote;
}
info( "NOT using available SASL mechanism(s): %s\n", saslavail
);
sasl_dispose( &ctx->sasl );
@@ -2048,6 +2051,12 @@ imap_open_store_authenticate2( imap_store_t *ctx )
return;
}
error( "IMAP error: server supports no acceptable authentication
mechanism\n" );
+#ifdef HAVE_LIBSASL
+ skipnote:
+#endif
+ if (skipped_login)
+ error( "Note: not using LOGIN because connection is not
encrypted;\n"
+ " use 'AuthMechs LOGIN' explicitly to force it.\n"
);
bail:
imap_open_store_bail( ctx, FAIL_FINAL );
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
isync-devel mailing list
isync-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/isync-devel
[commit] 1.2: be more helpful when no SASL mechanisms are available
commit fdb03b91f2471ebc1ee715c78911c8a1085791d1
Author: Oswald Buddenhagen
Date: Sat Dec 3 20:58:23 2016 +0100
be more helpful when no SASL mechanisms are available
src/drv_imap.c |9 +
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/src/drv_imap.c b/src/drv_imap.c
index 5d77f08..9d7c824 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -1944,6 +1944,7 @@ imap_open_store_authenticate2( imap_store_t *ctx )
string_list_t *mech, *cmech;
int auth_login = 0;
#ifdef HAVE_LIBSASL
+ const char *saslavail;
char saslmechs[1024], *saslend = saslmechs;
#endif
@@ -2022,6 +2023,14 @@ imap_open_store_authenticate2( imap_store_t *ctx )
free( enc );
return;
notsasl:
+ if (!ctx->sasl || sasl_listmech( ctx->sasl, NULL, "", "", "",
&saslavail, NULL, NULL ) != SASL_OK)
+ saslavail = "(none)"; /* EXTERNAL is always there
anyway. */
+ if (!auth_login) {
+ error( "IMAP error: selected SASL mechanism(s) not
available;\n"
+ " selected:%s\n available: %s\n", saslmechs,
saslavail );
+ goto bail;
+ }
+ info( "NOT using available SASL mechanism(s): %s\n", saslavail
);
sasl_dispose( &ctx->sasl );
}
#endif
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
isync-devel mailing list
isync-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/isync-devel
Re: Sasl: No worthy mechs found
On Sat, Dec 03, 2016 at 05:37:47PM +0100, Oswald Buddenhagen wrote: > peter's oringinal problem is probably actually expected behavior: > when the connection is not encrypted, > actually, nonsense, the -V log says it is encrypted. then the next guess would be that libsasl2-modules is not installed. ... and i notice that the LOGIN fallback in the case of a build with SASL is even more spectacularly botched. :} -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel
Re: Sasl: No worthy mechs found
* Oswald Buddenhagen [2016-12-03 17:38]: > On Fri, Dec 02, 2016 at 12:40:34PM +, david wen riccardi-zhu wrote: > > Connection is now encrypted > > * OK IMAP4 ready > > >>> 1 CAPABILITY > > * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS IDLE AUTH=PLAIN > > 1 OK completed > > Logging in... > > IMAP error: authentication mechanism PLAIN is not supported > > > i fixed this in the 1.2 branch. > > peter's oringinal problem is probably actually expected behavior: when > the connection is not encrypted, LOGIN will be used only when explicitly > specified, not via *. i suppose i could make the messages more explicit ... Again thank you! That could be a good idea. cheers, P -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel
Re: Sasl: No worthy mechs found
On Fri, Dec 02, 2016 at 12:40:34PM +, david wen riccardi-zhu wrote: > Connection is now encrypted > * OK IMAP4 ready > >>> 1 CAPABILITY > * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS IDLE AUTH=PLAIN > 1 OK completed > Logging in... > IMAP error: authentication mechanism PLAIN is not supported > i fixed this in the 1.2 branch. peter's oringinal problem is probably actually expected behavior: when the connection is not encrypted, LOGIN will be used only when explicitly specified, not via *. i suppose i could make the messages more explicit ... -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel
[commit] branch '1.2' fast-forwarded
The branch '1.2', previously at 41308e4, has been fast-forwarded by 2 revision(s) to bc51d02. -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel
Re: different behavior between 1.2.1 and 1.1.2
Hi Oswald, * Oswald Buddenhagen [2016-12-02 10:30]: > On Thu, Dec 01, 2016 at 12:14:21PM +0100, Peter P. wrote: > > I assume that the way the config options have changed, > > > yes, there is this item in the NEWS file: > > > > An IMAP Path/NAMESPACE rooted in INBOX won't be handled specially > > > any more. This means that some Patterns may need adjustment. Thank you! I should have had checked that in /usr/share/doc please excuse me. > from the first look it seems that this is exactly what is hitting you. > > > IMAPStore box-remote > > Account box > > > Path INBOX > > > an entirely wild guess is that you just need to remove this. running > with -l will tell you. > if it doesn't help, try adding 'UseNamespace no' as well. both, removing "Path INBOX" and setting "UseNamespace no" were required to fix my problem. As well as getting me the correct output from -l as described in my other email with subject "empty line in output of -l". Thank you for your quick response, and, as always, for mbsync. cheers, P -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel
