SOGo | BTS

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002230SOGoSOPEpublic2013-02-05 14:042013-02-06 17:04
Reporterbofhus 
Assigned Tojraby 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionno change required 
PlatformOSOS Version
Product Version2.0.4b 
Target VersionFixed in Version 
Summary0002230: Managesieve dialog troubles
DescriptionI have found an issue in SOPE, while it talks witch managesieve daemon. In the fact, it is a managesieve daemon issue, but it could be easy workarrounded in SOPE.

SOPE uses two lines construction for autenticate:

AUTHENTICATE "PLAIN" {80+}
[BASE64:<login>\0<login>\0<pass>]

Some managesieve daemons (for example the one shipped with dovecot) expect only one line, and send answer like that:

OK "Logged in."
NO "Error in MANAGESIEVE command [repeated login BASE64 string]: Unknown command."

It's quite well - we are logged, but we got extra line with error.
Unfortunately SOPE expects only one answer and regards second line (with "NO")
as the answer for a next (future) command. It is repeated for all commands in dialog, and it makes trouble later:

SETACTIVE ""
DELETESCRIPT "sogo"

OK "No scripts currently active."
NO (NONEXISTENT) "Script does not exist."

Setactive disables any script, and ends with OK. SOPE takes previous NO, but
it's no problem,

Deletescript doesn't find any script, and returns NO (it should be logged by SOGo), but SOPE takes prevoius "OK" and nothing appears in log.

PUTSCRIPT "sogo" {31+}
redirect "bogdan@xxx.xxx.pl";

OK "PUTSCRIPT completed."

SOPE sends script, and got answer OK. But it takes previous "NO" and return error. This error is logged by SOGo: Could not upload Sieve script: {RawResponse
 = "{ok = 0; }"; result = 0; }
    
SOGo closes interaction, without script activation....


Could you change authenticate command to one line version?
It will be much more compatible with some broken managesieve daemons.


TagsNo tags attached.
Attached Filespatch file icon 0001-Add-quoted-string-support-in-sieve-authenticate.patch [^] (3,035 bytes) 2013-02-06 10:08 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0005347)
jraby (viewer)
2013-02-05 16:48

what version of dovecot are you using?
I'm testing with 2.0.19 and it seems to work fine as is.
(0005348)
bofhus (reporter)
2013-02-05 16:59

dovecot 2.1.8
pigeonhole-0.3.1
(0005349)
jraby (viewer)
2013-02-05 17:26

Can you manually reproduce the problem by connecting on the managesieve port and sending the AUTHENTICATE command in both forms?

AUTHENTICATE "PLAIN" "base64(user\0user\0passwd)"

and 

AUTHENTICATE "PLAIN" {dataLength+}
base64(user\0user\0passwd)


If the second form fails, a bug should be reported to the dovecot pigeonhole team as this is a regression.

Also, can you post the capability list of the managesieve server? (initial data sent by the server)
(0005350)
bofhus (reporter)
2013-02-06 00:02

It was hard to reproduce, but finaly I got success.

Client and server are run on different hosts (not localhost) - it's important.

First I try "telnet imap 4190" and send commands via cut and paste.
With two lines auth I was logged without any error, but with one line version I could not login.

Then I checked SOGo tcpdump session and notice, there are two packets - first with

AUTHENTICATE "PLAIN" {dataLength+}\r\n
base64(user\0user\0passwd)

and second with \r\n only.

So I create test code:
....
write(sockfd,"AUTHENTICATE \"PLAIN\" {80+}\r\n*BASE64STRING*\r\n",110);
....

It worked right without any error, so I change it:
....
write(sockfd,"AUTHENTICATE \"PLAIN\" {80+}\r\n*BASE64STRING*\r\n",108);
write(sockfd,"\r\n",2);
....

And managesieve returns:
OK "Logged in."
NO "Error in MANAGESIEVE command *BASE64STRING* : Unknown command."



Initial data sent by the server:
"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i
"NOTIFY" "mailto"
"SASL" "PLAIN LOGIN"
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."
(0005351)
bofhus (reporter)
2013-02-06 00:07

> First I try "telnet imap 4190" and send commands via cut and paste.
> With two lines auth I was logged without any error, but with
> one line version I could not login.

I tried with telnet and one line auth again and it worked too.
(0005357)
jraby (viewer)
2013-02-06 10:05
edited on: 2013-02-06 10:09

Unfortunately, I think this is a bug in recent versions of pigeonhole (post 0.3).

SOPE sends all its commands in the same way:
write(command); /* command does _NOT_ end with CRLF */
write("\r\n");


From your observations, it looks like pigeon hole processes the commands before having reached the CRLF, which seems wrong to me.

Can you report that to the pigeonhole devs?

Meanwhile I'll attach a patch that you could use to enable single line AUTHENTICATE (by enabling SieveQuotedAuth in your config)
If pigeonhole has a consistent behavior, it might fail in the same way since the command will be sent in 2 writes. (command + CRLF)

(0005359)
bofhus (reporter)
2013-02-06 10:29

Single line auth have the same issue. If "\r\n" string is in separate write,
error looks smilar:

OK "Logged in."
NO "Error in MANAGESIEVE command : Unknown command."

I will report it to pigeonhole developers, but I'll upgrade it to the latest version first.

Is it very problematic to send auth string with "/r/n" at the end in single write?
(0005360)
jraby (viewer)
2013-02-06 10:43

To send *only* the AUTHENTICATE command with the CRLF in a single write would not be pretty since all the sieve commands use the same path to actually 'send' to the server.

It would be easier to do it for all commands, but I'd rather not change that since it works (almost) everywhere...
(0005362)
bofhus (reporter)
2013-02-06 13:54

Latest version of pigeonhole still got this issue. I'll report it to pigeonhole developers.
(0005365)
bofhus (reporter)
2013-02-06 16:32

Pigeonhole developer (Stephan) is the fast one :) New patch was created and the issue has gone.

http://hg.rename-it.nl/dovecot-2.1-pigeonhole/rev/32d178f5e1a2 [^]
(0005366)
jraby (viewer)
2013-02-06 17:04

nice!

Thanks for taking the time to debug this.
(0005367)
jraby (viewer)
2013-02-06 17:04

behavior fixed in pigeonhole

- Issue History
Date Modified Username Field Change
2013-02-05 14:04 bofhus New Issue
2013-02-05 16:48 jraby Note Added: 0005347
2013-02-05 16:48 jraby Status new => assigned
2013-02-05 16:48 jraby Assigned To => jraby
2013-02-05 16:59 bofhus Note Added: 0005348
2013-02-05 17:26 jraby Note Added: 0005349
2013-02-06 00:02 bofhus Note Added: 0005350
2013-02-06 00:07 bofhus Note Added: 0005351
2013-02-06 10:05 jraby Note Added: 0005357
2013-02-06 10:08 jraby File Added: 0001-Add-quoted-string-support-in-sieve-authenticate.patch
2013-02-06 10:09 jraby Note Edited: 0005357
2013-02-06 10:29 bofhus Note Added: 0005359
2013-02-06 10:43 jraby Note Added: 0005360
2013-02-06 13:54 bofhus Note Added: 0005362
2013-02-06 16:32 bofhus Note Added: 0005365
2013-02-06 17:04 jraby Note Added: 0005366
2013-02-06 17:04 jraby Note Added: 0005367
2013-02-06 17:04 jraby Status assigned => resolved
2013-02-06 17:04 jraby Resolution open => no change required


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker