Closed Bug 556491 Opened 10 years ago Closed 10 years ago

[autoconfig] guessConfig() only finds first AUTH method for SMTP

Categories

(Thunderbird :: Account Manager, defect, major)

defect
Not set
major

Tracking

(thunderbird3.1 beta2-fixed, thunderbird3.0 .5-fixed)

RESOLVED FIXED
Thunderbird 3.1b2
Tracking Status
thunderbird3.1 --- beta2-fixed
thunderbird3.0 --- .5-fixed

People

(Reporter: BenB, Assigned: BenB)

Details

Attachments

(2 files)

Reproduction:
1. Start account creation wizard
2. Enter "foo@fastwebnet.it" as email address, and [Continue]
3. Click on [Manual Setup]
4. in Account Manager, to to Outgoing SMTP servers and check the new server.
   Check which SMTP server and specifically which password authentication is
   used.

Actual result:
Unencrypted password is used

Expected result:
Encrypted password is used

Server:
netcat smtp.fastwebnet.it 25, and entering "EHLO foo" gives:
...
250-AUTH=LOGIN                                                                  
250-AUTH LOGIN CRAM-MD5 DIGEST-MD5 PLAIN
...

Implementation:
From the code, I think that the first AUTH= line is irrelevant.
We used regexp e.g.
"AUTH CRAM-MD5"
so we wouldn't match the first line anyways (to my knowledge "AUTH " is correct, and IMAP used "AUTH=").
However, we wouldn't match the second line either, because it starts with "AUTH LOGIN". IMAP repeats the "AUTH" and uses "AUTH=LOGIN AUTH=CRAM-MD5", but not so SMTP. So, we need to relax the regexp.
Attached patch Fix, v1Splinter Review
This fixes the problem.

From what I understand, this problem existed in 3.0, too.
Please give this bug precedence in review, as it's needlessly using an insecure setup.
Assignee: nobody → ben.bucksch
Status: NEW → ASSIGNED
Attachment #436451 - Flags: review?(bwinton)
Comment on attachment 436451 [details] [diff] [review]
Fix, v1

Yeah, it could be better, but that's a followup bug.

r=me.
Attachment #436451 - Flags: review?(bwinton) → review+
Commited as <http://hg.mozilla.org/comm-central/rev/0d37fec98367>.

FIXED

I will file a followup bug for making the regexps match more precisely (less wildly), or feel free to file it.
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Followup bug filed as Bug 556531.
blocking-thunderbird3.0: --- → ?
Target Milestone: --- → Thunderbird 3.1b2
Attachment #436451 - Flags: approval-thunderbird3.0.5+
Comment on attachment 436451 [details] [diff] [review]
Fix, v1

This looks like a good fix to get into 3.0.5. a=Standard8.
Attached patch Fix, 3.0 branchSplinter Review
The code changed in 3.1, so this is the corresponding 3.0 version of the patch.
blocking-thunderbird3.0: ? → ---
You need to log in before you can comment on or make changes to this bug.