[imp] IMAP login code
Stephen A. Cochran Lists
stephen.a.cochran.lists at cahir.net
Mon Apr 17 00:13:29 PDT 2006
In IMP-4.1.1 lib/IMAP/Client.php on line 561, the generic IMAP login
is handled with the following code:
case 'login':
$tag = $this->_generateSid();
$query = $tag . " LOGIN $username {" . strlen
($password) . "}\r\n";
fwrite($this->_stream, $query);
$read = $this->_fgets();
if (substr($read, 0, 1) == '+') {
fwrite($this->_stream, "$password\r\n");
$read = $this->_fgets();
} else {
return PEAR::raiseError(_("Unexpected response from
server to LOGIN command."), 'horde.error');
}
break;
But this is failing against our IMAP server because of the check for
the '+' as the first character in the response, and I believe it's
incorrect according to the RFC:
<http://www.ietf.org/rfc/rfc3501.txt>
6.2.3. LOGIN Command
Arguments: user name
password
Responses: no specific responses for this command
Result: OK - login completed, now in authenticated state
NO - login failure: user name or password rejected
BAD - command unknown or arguments invalid
The LOGIN command identifies the client to the server and carries
the plaintext password authenticating this user.
An example given in section 6.2.1 also clearly demonstrates no plus
sign returned in response to the LOGIN command:
Example: C: a001 CAPABILITY
S: * CAPABILITY IMAP4rev1 STARTTLS LOGINDISABLED
S: a001 OK CAPABILITY completed
C: a002 STARTTLS
S: a002 OK Begin TLS negotiation now
<TLS negotiation, further commands are under [TLS]
layer>
C: a003 CAPABILITY
S: * CAPABILITY IMAP4rev1 AUTH=PLAIN
S: a003 OK CAPABILITY completed
C: a004 LOGIN joe password
S: a004 OK LOGIN completed
Steve Cochran
More information about the imp
mailing list