6.0.0-beta1
7/6/25

[#7229] Login will fail if using a password with } character
Summary Login will fail if using a password with } character
Queue IMP
Queue Version 4.2
Type Bug
State Not A Bug
Priority 2. Medium
Owners
Requester reg-jya-horde (at) hydrix (dot) com
Created 08/23/2008 (6161 days ago)
Due
Updated 08/27/2008 (6157 days ago)
Assigned 08/25/2008 (6159 days ago)
Resolved 08/25/2008 (6159 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
08/27/2008 07:26:41 AM Matt Selsky Comment #16 Reply to this comment
I was able to reproduce this using PHP 4.4.8.  PHP 5.2.6 with the same 
c-client shows no problems.  I would recommend upgrading to PHP 5.



See also:



http://bugs.php.net/bug.php?id=23005

http://bugs.php.net/bug.php?id=27031
08/26/2008 01:26:23 AM Michael Slusarz Comment #15 Reply to this comment
So it works with all email clients I can think of , but not with IMP...

So the issue must be with courier-imap...
The problem is likely not with courier-imap but with c-client (the PHP 
module we use to interface with the IMAP server).



Trying protocol imap/ssl/novalidate-cert, Port 993:

ERROR - The server returned the following error message:

Error in IMAP command received by server.Error in IMAP command

received by server.Error in IMAP command received by server.Too many

login failures



This error message would be thrown by imap_open().  Since imap_open() 
is not controlled by IMP, there is nothing we can do if it is broken 
(thus, IMP isn't broken).  That being said, I don't see the same 
behavior meaning that this bug would most likely be fixed by upgrading 
your c-client library and rebuilding PHP.
08/25/2008 10:45:41 PM reg-jya-horde (at) hydrix (dot) com Comment #14 Reply to this comment
No it doesn't.  We send login information differently than other
MUA's (using the {} notatic).  However, different does not mean
broken.  See RFC 3501 [4.3].  So, unless you can show otherwise, the
assumption is that *your* IMAP server is broken since nobody else can
reproduce this issue.
humm.... okay then...



So it works with all email clients I can think of , but not with IMP...



So the issue must be with courier-imap...



Nothing can be wrong with your baby obviously don't know why I'm 
wasting my time trying to help here...
08/25/2008 10:42:28 PM reg-jya-horde (at) hydrix (dot) com Comment #13 Reply to this comment
More trace:

change username's password to Voelc7Ods}



go to horde ; imp/test.php:

enter mail server username and password

PHP Mail Server Support Test



Attempting to automatically determine the correct connection 
parameters for your server:

Trying protocol imap/notls, Port 143:

ERROR - The server returned the following error message:

Server disables LOGIN, no recognized SASL authenticator

Trying protocol imap/ssl, Port 993:

ERROR - The server returned the following error message:

Certificate failure for mail.hydrix.com: unable to get local issuer

certificate: /C=AU/O=*.hydrix.com/OU=GT81237634/OU=See

www.rapidssl.com/resources/cps (c)08/OU=Domain Control Validated -

RapidSSL(R)/CN=*.hydrix.com

Trying protocol imap/ssl/novalidate-cert, Port 993:

ERROR - The server returned the following error message:

Error in IMAP command received by server.Error in IMAP command 
received by server.Error in IMAP command received by server.Too many 
login failures

Trying protocol imap/tls/novalidate-cert, Port 143:

ERROR - The server returned the following error message:

Error in IMAP command received by server.Error in IMAP command 
received by server.Error in IMAP command received by server.Too many 
login failures

Could not determine a successful connection protocol. Make sure your 
mail server is running and you have specified the correct port.
openssl s_client -connect mail.hydrix.com:993
---

* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN ACL 
ACL2=UNION XMAGICTRASH] Courier-IMAP ready. Copyright 1998-2008 Double 
Precision, Inc.  See COPYING for distribution information.





----

No change password to foofoo:

go into imp/test.php again:

PHP Mail Server Support Test



Attempting to automatically determine the correct connection 
parameters for your server:

Trying protocol imap/notls, Port 143:

ERROR - The server returned the following error message:

Server disables LOGIN, no recognized SASL authenticator

Trying protocol imap/ssl, Port 993:

ERROR - The server returned the following error message:

Certificate failure for mail.hydrix.com: unable to get local issuer

certificate: /C=AU/O=*.hydrix.com/OU=GT81237634/OU=See

www.rapidssl.com/resources/cps (c)08/OU=Domain Control Validated -

RapidSSL(R)/CN=*.hydrix.com

Trying protocol imap/ssl/novalidate-cert, Port 993:

SUCCESS - INBOX has 33 messages (0 new 0 recent)

Trying protocol imap/tls/novalidate-cert, Port 143:

SUCCESS - INBOX has 33 messages (0 new 0 recent)

The following configurations were successful and may be used in your 
imp/config/servers.php file:

Configuration 1

'server' => 'mail.hydrix.com'

'protocol' => 'imap/ssl/novalidate-cert'

'port' => '993'

Configuration 2

'server' => 'mail.hydrix.com'

'protocol' => 'imap/tls/novalidate-cert'

'port' => '143'

The following IMAP server information was discovered from the remote server:

Namespace Information

NAMESPACE: "INBOX."

DELIMITER: .

TYPE: personal



NAMESPACE: "#shared."

DELIMITER: .

TYPE: shared



NAMESPACE: "shared."

DELIMITER: .

TYPE: shared



IMAP server capabilities:

Array

(

     [UIDPLUS] => 1

     [CHILDREN] => 1

     [NAMESPACE] => 1

     [THREAD] => Array

         (

             [0] => ORDEREDSUBJECT

             [1] => REFERENCES

         )



     [SORT] => 1

     [QUOTA] => 1

     [IDLE] => 1

     [AUTH] => Array

         (

             [0] => PLAIN

         )



     [ACL] => 1

     [ACL2] => Array

         (

             [0] => UNION

         )



     [XMAGICTRASH] => 1

)

IMAP CHILDREN support:

SUPPORTED

IMAP Charset Search Support:

Server supports searching with the UTF-8 character set.

----




08/25/2008 10:39:07 PM Michael Slusarz Comment #12 Reply to this comment
For easy reference:



    A string is in one of two forms: either literal or quoted

    string.  The literal form is the general form of string.  The

    quoted string form is an alternative that avoids the overhead of

    processing a literal at the cost of limitations of characters

    which may be used.



    A literal is a sequence of zero or more octets (including CR and

    LF), prefix-quoted with an octet count in the form of an open

    brace ("{"), the number of octets, close brace ("}"), and CRLF.

    In the case of literals transmitted from server to client, the

    CRLF is immediately followed by the octet data.  In the case of

    literals transmitted from client to server, the client MUST wait

    to receive a command continuation request (described later in

    this document) before sending the octet data (and the remainder

    of the command).
08/25/2008 10:37:26 PM Michael Slusarz Comment #11
State ⇒ Not A Bug
Reply to this comment
So what?  What does this prove?
that the issue only happens with IMP obviously
No it doesn't.  We send login information differently than other MUA's 
(using the {} notatic).  However, different does not mean broken.  See 
RFC 3501 [4.3].  So, unless you can show otherwise, the assumption is 
that *your* IMAP server is broken since nobody else can reproduce this 
issue.
08/25/2008 10:13:13 PM reg-jya-horde (at) hydrix (dot) com Comment #10 Reply to this comment
So what?  What does this prove?
that the issue only happens with IMP obviously


08/25/2008 10:00:51 PM Michael Slusarz Comment #9 Reply to this comment
This only happens with IMP all other clients work fine
So what?  What does this prove?
08/25/2008 09:31:49 PM reg-jya-horde (at) hydrix (dot) com Comment #8 Reply to this comment
Yes.  Most likely your IMAP server is broken unless someone else can
reproduce this.
This only happens with IMP all other clients work fine
08/25/2008 04:52:03 PM Michael Slusarz Comment #7 Reply to this comment
Did you try with the password I provided ?
Voelc7Ods}
Yes.  Most likely your IMAP server is broken unless someone else can 
reproduce this.
08/25/2008 06:30:31 AM reg-jya-horde (at) hydrix (dot) com Comment #6 Reply to this comment
Works fine for me - having a '}' in the password.  Note that '{' is
an invalid character for an IMAP password.
Did you try with the password I provided ?

Voelc7Ods}
08/25/2008 05:56:13 AM Michael Slusarz Comment #5 Reply to this comment
Works fine for me - having a '}' in the password.  Note that '{' is an 
invalid character for an IMAP password.
08/25/2008 01:51:26 AM reg-jya-horde (at) hydrix (dot) com Comment #4 Reply to this comment
Seems that the issue doesn't occur of the '{' isn't located at the end 
of the password.
08/25/2008 12:42:04 AM reg-jya-horde (at) hydrix (dot) com Comment #3 Reply to this comment
IMP is an IMAP client - what do you mean you're using it against an
LDAP server?
My mistake...

It's currently set-up as:

IMP -> courier-imap (IMAPS/993) -> LDAP (for authentication).



Other clients have no problem authenticating with IMAP (outlook, 
thunderbird, apple mail)..



Just IMP will fail when the password contains a } character


08/25/2008 12:01:52 AM Chuck Hagenbuch Comment #2
State ⇒ Feedback
Reply to this comment
IMP is an IMAP client - what do you mean you're using it against an 
LDAP server?
08/23/2008 07:14:25 AM reg-jya-horde (at) hydrix (dot) com Comment #1
Priority ⇒ 2. Medium
State ⇒ Unconfirmed
Patch ⇒ No
Milestone ⇒
Summary ⇒ Login will fail if using a password with } character
Type ⇒ Bug
Queue ⇒ IMP
Reply to this comment
Currently authenticating with IMP against an LDAP server



For some reasons ; one user could never log in... I had no idea why as 
all users are connecting fine ; it only fails with that account.



After experimenting ; I found out that the issue only occurs if the 
password contains the } character.



The password was: Voelc7Ods}



If you remove the } in the password ; then you can log in okay



When running imp/test.php it shows the error:

Attempting to automatically determine the correct connection 
parameters for your server:



     * Trying protocol imap/notls, Port 143:



           ERROR - The server returned the following error message:



           Server disables LOGIN, no recognized SASL authenticator



     * Trying protocol imap/ssl, Port 993:



           ERROR - The server returned the following error message:



           Certificate failure for mail.hydrix.com: unable to get local issuer

           certificate: /C=AU/O=*.hydrix.com/OU=GT81237634/OU=See

           www.rapidssl.com/resources/cps (c)08/OU=Domain Control Validated -

           RapidSSL(R)/CN=*.hydrix.com



     * Trying protocol imap/ssl/novalidate-cert, Port 993:



           ERROR - The server returned the following error message:



           Error in IMAP command received by server.Error in IMAP 
command received by server.Error in IMAP command received by 
server.Too many login failures



     * Trying protocol imap/tls/novalidate-cert, Port 143:



           ERROR - The server returned the following error message:



           Error in IMAP command received by server.Error in IMAP 
command received by server.Error in IMAP command received by 
server.Too many login failures



Could not determine a successful connection protocol. Make sure your 
mail server is running and you have specified the correct port.

Saved Queries