Closed
Bug 321005
Opened 19 years ago
Closed 18 years ago
Enable AUTH=PLAIN and AUTH=LOGIN authentications in IMAP
Categories
(Thunderbird :: General, defect)
Thunderbird
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: wa1ter, Assigned: engel)
Details
(Keywords: fixed1.8.1)
Attachments
(1 file)
1.47 KB,
patch
|
Bienvenu
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20051220 Firefox/1.6a1 Build Identifier: thunderbird and seamonkey trunk When logging in to an IMAP server without SSL/TLS, thunderbird will give up too soon if it sees the keyword 'LOGINDISABLED' from the server. The mail client should also look at the 'AUTH=' keyword before giving up. For example, if the server says AUTH=LOGIN then TB should respond with the 'AUTHENTICATE LOGIN' request (per RFC 3501) instead of just logging out. Reproducible: Always I discovered this by accident when my IMAP server stopped accepting SSL connections temporarily. I saw that pine and evolution would log in to the IMAP account if I disabled TLS/SSL, but TB would quit with an error message telling me that the server had 'disabled logins'. This difference in behavior occurs because TB will not proceed to send the AUTHENTICATE LOGIN command after it sees the LOGINDISABLED keyword from the IMAP server. I've discussed this by private email with Hans-Andreas Engel and thus I am filing this more as a 'requested feature' than a bug.
Assignee | ||
Updated•19 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Updated•19 years ago
|
Assignee: mscott → engel
Comment 1•19 years ago
|
||
have you tried a trunk build?
Comment 2•19 years ago
|
||
and have you checked the "use secure auth" checkbox?
Assignee | ||
Comment 3•19 years ago
|
||
The problematic code is here, http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/mailnews/imap/src/nsImapProtocol.cpp&rev=1.618&root=/cvsroot&mark=7530-7536#7516 A quick fix would be to check for the |kHasAuthLoginCapability| flag as well (and only execute the conditional if it is not set).
Assignee | ||
Comment 4•19 years ago
|
||
... and for |kHasAuthPlainCapability| as well.
(In reply to comment #2) > and have you checked the "use secure auth" checkbox? No. And I did try a nightly build from two days ago it behaves the same as my own build from CVS.
Assignee | ||
Updated•19 years ago
|
Status: NEW → ASSIGNED
Summary: IMAP implementation is incomplete in thunderbird (and seamonkey) → Enable AUTH=PLAIN and AUTH=LOGIN authentications in IMAP
Assignee | ||
Comment 6•19 years ago
|
||
Assignee | ||
Updated•19 years ago
|
Attachment #206659 -
Flags: review?(bienvenu)
(In reply to comment #6) > Created an attachment (id=206659) [edit] > Enable AUTH=PLAIN and AUTH=LOGIN authentications Yes! Your patch works for me, thanks.
Updated•18 years ago
|
Attachment #206659 -
Flags: review?(bienvenu) → review+
Comment 8•18 years ago
|
||
fixed on trunk, thanks, Hans-Andreas!
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Comment 10•18 years ago
|
||
This is a problem on 1.5.0.x versions also. Maybe you want to check in there also? Kevin
Flags: blocking1.8.0.10?
Comment 11•18 years ago
|
||
Not a blocking security issue for 1.5, already fixed in 2.0 (try the public beta)
Flags: blocking1.8.0.10? → blocking1.8.0.10-
You need to log in
before you can comment on or make changes to this bug.
Description
•