[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [mpop-users] POP3 Authorization using SCRAM-SHA-1 fails

To: Martin Lambers <marlam@...1...>
Subject: Re: [mpop-users] POP3 Authorization using SCRAM-SHA-1 fails
From: Simon Josefsson <simon@...37...>
Date: Tue, 11 Jan 2011 22:36:13 +0100
Cc: mpop-users@lists.sourceforge.net
In-reply-to: <4D2CCC54.9040003@...1...> (Martin Lambers's message of "Tue, 11 Jan 2011 22:32:04 +0100")
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=mpop-users>
List-help: <mailto:mpop-users-request@lists.sourceforge.net?subject=help>
List-id: "General discussion." <mpop-users.lists.sourceforge.net>
List-post: <mailto:mpop-users@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/mpop-users>, <mailto:mpop-users-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/mpop-users>, <mailto:mpop-users-request@lists.sourceforge.net?subject=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <loom.20110111T114126-818@...35...> <4D2CCC54.9040003@...1...>
Resent-date: Tue, 11 Jan 2011 22:53:47 +0100
Resent-from: Simon Josefsson <simon@...37...>
Resent-message-id: <87mxn73y50.fsf@...38...>
Resent-to: mpop-users@lists.sourceforge.net
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.2 (gnu/linux)

Martin Lambers <marlam@...1...> writes:

>>From your analysis, it seems that SCRAM-SHA-1 needs the same exception
> rule that DIGEST-MD5 needs, so the attached patch might fix the problem.
> Would you please test it?
...
> -    /* For DIGEST-MD5, we need to send an empty answer to the last 334
> -     * response before we get 235. */
> -    if (strcmp(auth_mech, "DIGEST-MD5") == 0)
> +    /* For DIGEST-MD5 and SCRAM-SHA-1, we need to send an empty answer to the
> +     * last response before we get an OK. */
> +    if (strcmp(auth_mech, "DIGEST-MD5") == 0
> +            || strcmp(auth_mech, "SCRAM-SHA-1") == 0)

This looks a bit strange -- it shouldn't special-case SASL mechanisms,
but just use the normal SASL state machine.  You can use the return
value from gsasl_step function to guide you when to quit the loop,
although you need to observe that each challenge has a response.

This is just an initial reaction, I haven't studied the code in more
detail.

/Simon

Follow-Ups:
- Re: [mpop-users] POP3 Authorization using SCRAM-SHA-1 fails
  - From: Martin Lambers <marlam@...1...>

References:
- [mpop-users] POP3 Authorization using SCRAM-SHA-1 fails
  - From: Steffen Lehmann <mpop@...34... >
- Re: [mpop-users] POP3 Authorization using SCRAM-SHA-1 fails
  - From: Martin Lambers <marlam@...1...>

Prev by Date: Re: [mpop-users] POP3 Authorization using SCRAM-SHA-1 fails
Next by Date: Re: [mpop-users] POP3 Authorization using SCRAM-SHA-1 fails
Previous by thread: Re: [mpop-users] POP3 Authorization using SCRAM-SHA-1 fails
Next by thread: Re: [mpop-users] POP3 Authorization using SCRAM-SHA-1 fails
Index(es):
- Date
- Thread