cram-md5 authentication fails with latest changes

[roundreport]

The current trunk version (1161) no longer works with cram-md5 imap authentication.
Reverting lib/imap.inc to a month ago (before the ssl:// and cs changes) fixes the problem.

[seansan]

review for 0.1 stable - otherwise move to 0.1.1

[sirocco]

Hi,

I configured my server with CRAM-MD5 only.
Since I upgraded from 0.1-rc2 to 0.1-stable I'm unable to login :

Mar 11 00:40:12 [dovecot] auth(default): client in: AUTH_1_CRAM-MD5_service=IMAP_secured_lip=127.0.0.1_rip=127.0.0.1
Mar 11 00:40:12 [dovecot] auth(default): client out: CONT_1_##########=
Mar 11 00:40:12 [dovecot] auth(default): client in: CONT_1_##########=
Mar 11 00:40:12 [dovecot] auth(default): auth(?,127.0.0.1): Invalid username: "test"
Mar 11 00:40:12 [dovecot] auth(default): cram-md5(?,127.0.0.1): Username contains disallowed character: 0x22

I've had to put imap.inc back to rev 992.


I've successfully modified 0.1-stable to be able to connect again by removing a change that was done in rev994. I changed line 272 :
$reply = base64_encode('"' . $user . '" "' . $hash . '"');

Back to :
$reply = base64_encode($user . ' ' . $hash);

[neodude]

I confirmed this in [9814721e]. sirocco's simple change above fixes this bug - if only to get it to work with my server's configuration. I'm running courier-imap, and the log shows that the problem seems to be the extra space and quote marks:

Mar 21 04:04:50 hostname authdaemond: received auth request, service=imap, authtype=cram-md5
Mar 21 04:04:50 hostname authdaemond: authmysql: trying this module
Mar 21 04:04:50 hostname authdaemond: cram: challenge=PEM3MzE0NTY3QzgyNDU2NDYxQkYyN0UxMDk4Q0U3RTcwQHRoZWRhcnRtb3V0aC5jb20+, response=InBob3RvQHRoZWRhcnRtb3V0aC5jb20iICI2OTI3MjVmMzc0NGFjMDQyMjAxNDc3MzczMDNlNDA1ZCI=
Mar 21 04:04:50 hostname authdaemond: cram: decoded challenge/response, username '"username@domain.com"'
Mar 21 04:04:50 hostname authdaemond: SQL query: SELECT id, "", clear, uid, gid, home, concat(home,'/',maildir), "", name, "" FROM users WHERE id = " username@domain.com " AND (enabled=1)
Mar 21 04:04:50 hostname authdaemond: zero rows returned
Mar 21 04:04:50 hostname authdaemond: authmysql: REJECT - try next module
Mar 21 04:04:50 hostname authdaemond: FAIL, all modules rejected
Mar 21 04:04:50 hostname imapd: Connection, ip=[::ffff:127.0.0.1]
Mar 21 04:04:50 hostname imapd: LOGIN FAILED, method=CRAM-MD5, ip=[::ffff:127.0.0.1]
Mar 21 04:04:55 hostname authdaemond: received auth request, service=imap, authtype=login
Mar 21 04:04:55 hostname authdaemond: authmysql: trying this module
Mar 21 04:04:55 hostname authdaemond: SQL query: SELECT id, "", clear, uid, gid, home, concat(home,'/',maildir), "", name, "" FROM users WHERE id = "username@domain.com" AND (enabled=1)
Mar 21 04:04:55 hostname authdaemond: authmysql: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/var/spool/mail/virtual, address=username@domain.com, fullname=photo, maildir=/var/spool/mail/virtual/username/, quota=<null>, options=<null>
Mar 21 04:04:55 hostname authdaemond: authmysql: clearpasswd=password, passwd=<null>
Mar 21 04:04:55 hostname authdaemond: Authenticated: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/var/spool/mail/virtual, address=username@domain.com, fullname=photo, maildir=/var/spool/mail/virtual/username/, quota=<null>, options=<null>
Mar 21 04:04:55 hostname authdaemond: Authenticated: clearpasswd=password, passwd=<null>
Mar 21 04:04:55 hostname imapd: LOGIN, user=username@domain.com, ip=[::ffff:127.0.0.1], protocol=IMAP
Mar 21 04:04:55 hostname imapd: LOGOUT, user=username@domain.com, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=25, sent=180, time=0

The patch above implements the change as suggested by sirocco above.

[neodude]

implements sirocco's change in comment #2

[thomasb]

Fixed in [1fb78c57]