On Wed, Jul 29, 2009 at 11:03 AM, Kevin Horn <kevin.h...@gmail.com> wrote:
> On Wed, Jul 29, 2009 at 10:51 AM, Kevin Horn <kevin.h...@gmail.com> wrote: > >> On Wed, Jul 29, 2009 at 6:29 AM, Jean-Paul Calderone >> <exar...@divmod.com>wrote: >> >>> On Wed, 29 Jul 2009 00:54:20 -0500, Kevin Horn <kevin.h...@gmail.com> >>> wrote: >>> >I was digging through the Twisted IMAP code tonight and I noticed >>> something >>> >puzzling... >>> > >>> >PLAINAuthenticator.challengeResponse() uses the following statement to >>> send >>> >auth credentials to the server >>> > >>> > return '%s\0%s\0' % (self.user, secret) >>> > >>> >which would give auth credentials of the form: >>> > >>> > authid<NUL>password<NUL> >>> > >>> > (where <NUL> is the NUL character) >>> > >>> >However, both RFC2595 and RFC4616 (both define the PLAIN SASL >>> mechanism), >>> >say that credentials should be passed this way: >>> > >>> > [authzid]<NUL>authnid<NUL>password >>> > >>> > (where <NUL> is the NUL character and [authzid] is optional) >>> > >>> >Now even if one was to leave the authzid out of the equation, you would >>> end >>> >up with something like this: >>> > >>> > <NUL>authnid<NUL>password >>> > >>> >and the version Twisted's IMAP code uses appears to be invalid. >>> > >>> >Am I crazy? >>> >Am I missing something? >>> >Is it just way too late and I should put the RFCs down and back away >>> slowly? >>> >>> My early morning reading of the RFC agrees with yours. Someone else >>> brought >>> this up a long time ago, I think, but never pointed out the RFC. >>> >>> Can you file a ticket? >>> >>> Jean-Paul >>> >>> >> >> At least I'm not crazy... :) >> >> Ticket #3939 filed: http://twistedmatrix.com/trac/ticket/3939 >> >> also added a note in the ticket that PLAINCredentials may need to be >> modified to match >> >> Kevin Horn >> >> >> > FYI, attached a patch to the ticket. I haven't really tested it, but if > someone could take a look and let me know what they think I'd appreciate it. > > Kevin Horn > Can anyone tell me what the recommended way to run the twisted test suite against my trunk checkout is (on Win32)? I can't seem to make it work. I just get a bunch of DeprecationWarnings and then a stack trace complaining about not being able to remove my _trial_temp directory... Kevin Horn
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python