Closed Bug 1798161 Opened 1 year ago Closed 1 year ago

Imap login without a password via PREAUTH causes messages to not appear

Categories

(MailNews Core :: Networking: IMAP, defect)

Thunderbird 102
defect

Tracking

(thunderbird_esr102+ fixed, thunderbird107 fixed)

RESOLVED FIXED
108 Branch
Tracking Status
thunderbird_esr102 + fixed
thunderbird107 --- fixed

People

(Reporter: gds, Assigned: gds)

References

(Regression)

Details

(Keywords: regression)

Attachments

(2 files)

Attached patch preauth-fix.diffSplinter Review

Re: https://support.mozilla.org/en-US/questions/1393193

With an IMAP server configured to produce the PREAUTH greeting, indicating no password verfication is required, TB 102 just hangs with a "spinner" and no messages appear when folders are selected.

This is (again) caused by recent changes I made in this area:
https://searchfox.org/comm-central/rev/bfdcf7bf413356c4a07782914753bfbd6b58c12e/mailnews/imap/src/nsImapIncomingServer.cpp#685

A possible fix is shown in the attached diff. It just marks the server as authenticated since there is no password anyhow and now the checks for authentication at the above linked code indicate authenticated and don't stop everything. The location where the change is needed is here: https://searchfox.org/comm-central/rev/bfdcf7bf413356c4a07782914753bfbd6b58c12e/mailnews/imap/src/nsImapProtocol.cpp#1614

I need to check again that there is no issue with a client certificate, which also doesn't use the usual password authentication code paths. I checked this before and it looked OK but I'll check it again to be sure before submitting a formal patch.

Keywords: regression
Regressed by: 1795173

Our last big discussion on PREAUTH was here: bug 1613623. It's a security related bug so probably only people currently CC'd on it can read it.

If the original reporter, mrmacross, over at https://support.mozilla.org/en-US/questions/1393193 is reading this, I'm curious if he is using any security settings, i.e., SSL/TLS or STARTTLS? Or is Connection Security just set to "None"? Also, how is "Authentication Method" set? I just set it to "Password transmitted insecurely" with my test setup (there are no better choices and no actual password is ever sent).

For reference, here's how I'm now running ncat and dovecot's imap on my dovecot server box to allow connection to TB at port 14343:

nc -k -l 14343 -e /usr/libexec/dovecot/imap

Then on server box's firewall, I open up port 14343 so I can connect with TB running on laptop.

FWIW, when testing bug 1613623 a couple years ago, I ran ncat like this and connected to port 1300:

ncat -l -k -p 1300 -c "/usr/libexec/dovecot/imap -c /etc/dovecot/dovecot.conf"

I need to check again that there is no issue with a client certificate

Tested again with client cert to dovecot with TLS security. Using "authenticate EXTERNAL" it still sends a pseudo-password as the username mUTF-7 encoded. So the normal code path is taken and there is no problem as is seen with PREAUTH.

Wayne, I referenced the bug that causes this regression. The bug number you entered seemed to having nothing to do this, that I could tell.

Regressed by: 1768121
No longer regressed by: 1795173
Summary: Imap login without a password (PREAUTH and possibly others) causes messages to not appear → Imap login without a password via PREAUTH causes messages to not appear
Component: Untriaged → Networking: IMAP
Product: Thunderbird → MailNews Core

mrmacross, If you are reading this and if you are willing to test a "try" build with my proposed patch here are the direct links to the win64 and linux results that you can install and run. It is basically a "daily" version with just my ".diff" applied:

Linux64: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/ecdp5Z46SgOtKIIdBjhlqw/runs/0/artifacts/public/build/target.tar.bz2
You just unzip this and run the "thunderbird" executable however you want. You don't have to "install" it anywhere.
Win64: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/IfdVmjnxQU2yUw5wAF2TBA/runs/0/artifacts/public/build/install/sea/target.installer.exe
This is is a standard windows installer and you can install it along side an exiting TB and use the same profile.

If you are interested, the link to the "try" results are here: https://treeherder.mozilla.org/jobs?repo=try-comm-central&revision=96cc4154da4c2d1975031c6740cfe78004acc4dd
The Linux64 and Win64 and other archs links are also available there by clicking on the green "B" and looking under "Artifacts and Debugging" for the appropriate item. (For unknown reason, the win32 build failed, (shows a red "B") don't know why. So let me know if you really need the 32 bit windows version and I'll try again.)

I'm going ahead and submitting the (one line) patch for review even though I haven't yet heard from the original reporter at the support site.

Still haven't heard anything from the original reporter at https://support.mozilla.org/en-US/questions/1393193.
But will go ahead and set the check-in flag since Ben reviewed the patch and I've tested it and it works with the (probably very rare) imap server using PREAUTH.

Status: NEW → ASSIGNED
Target Milestone: --- → 108 Branch

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/11d94177cff3
Fix for imap PREAUTH causing hang at startup. r=BenC

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED

Comment on attachment 9301262 [details]
Bug 1798161 - Fix for imap PREAUTH causing hang at startup. r=BenC

[Triage Comment]
Approved for beta

[Approval Request Comment]
Regression caused by (bug #): 1768121
User impact if declined: IMAP login hang with some servers that use PREAUTH
Testing completed (on c-c, etc.): By author
Risk to taking this patch (and alternatives if risky): Small change should be low risk

Attachment #9301262 - Flags: approval-comm-esr102?
Attachment #9301262 - Flags: approval-comm-beta+

Comment on attachment 9301262 [details]
Bug 1798161 - Fix for imap PREAUTH causing hang at startup. r=BenC

[Triage Comment]
Approved for esr102

Attachment #9301262 - Flags: approval-comm-esr102? → approval-comm-esr102+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: