[imp] PATCH: IMP_ACL_rfc2086 - things I learnt yesterday!
Jan Schneider
jan at horde.org
Thu Feb 6 01:54:10 PST 2003
Quoting Chris Hastie <lists at oak-wood.co.uk>:
> On Wed, 5 Feb 2003, Jan Schneider <jan at horde.org> wrote
> >
> >Looks much better now. Committed, thanks.
> >
> >Btw, now I always get: "Could not retrieve ACL - Unexpected response
> from
> >server to: login : 0 NO Login failed: authentication failure" if I open
> >acl.php. It worked without problems before.
> >
> Do you have Auth_SASL installed or not? If yes, and the server supports
> either CRAM-MD5 or DIGEST-MD5, sounds like I'm looking for a typo
> because nothing should have changed for those mechanisms.
>
> Otherwise, I guess the
>
> if (preg_match('/\W/', $pass)) {
> $pass = addslashes($pass);
> $pass = '"' . $pass . '"';
> }
>
> has messed things up for some reason. Do your server logs give any
> clues? You don't have the rogue characters the Didi's reported in the
> output of
>
> Secret::read(Secret::getKey('imp'), $_SESSION['imp']['pass']);
>
> do you? I wonder if a bunch of null characters at the end is a no
> problem unless you wrap the password up in quotes?
Yes, it seems so.
The null characters were returned by the mcrypt decrypting method. This
extension is only used if available, that explains why the problem didn't
occur everywhere.
I fixed the Secret::read() method to strip all null characters from the end
of the decrypted data and now everything works fine again.
Jan.
--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft
More information about the imp
mailing list