Hello,
I'm currently writing my own IMAP client and testing it against Dovecot,
and when doing PLAIN AUTH Dovecot sends the "OK Logged in" with an
empty
tag at the start. I tried reproducing the conversation with netcat, but
Dovecot sends a correctly tagged OK at the end of the AUTH so I assume
it's timing related.
I've attached pcap dumps of the TCP conversation in both situations as
well as the output of dovecot -n.
Side Note:
Why does Dovecot send the updated capabilities before OK'ing the
authentication? Seems strange to me as the client can't assume that the
authentication proceeded successfully until it actually receives the OK
so it has to assume that those capabilities are pre login.
--
Simon Thelen
-------------- next part --------------
# 20150721 (32d72cb26f9e+): /home/dovecot/etc/dovecot/dovecot.conf
# OS: Linux 4.1.3-gentoo x86_64 Gentoo Base System release 2.2
auth_debug = yes
auth_verbose = yes
base_dir = /home/dovecot/var/run/dovecot/
mail_debug = yes
mail_location = maildir:~/vmail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = scheme=CRYPT username_format=%u /home/dovecot/etc/dovecot/users
driver = passwd-file
}
protocols = imap
ssl_cert = </home/dovecot/etc/ssl/certs/dovecot.pem
ssl_key = </home/dovecot/etc/ssl/private/dovecot.pem
userdb {
args = username_format=%u /home/dovecot/etc/dovecot/users
driver = passwd-file
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ncat_imap_tcp_correct_tag
Type: application/octet-stream
Size: 2215 bytes
Desc: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20150731/f4440589/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: custom_imap_tcp_empty_tag
Type: application/octet-stream
Size: 1969 bytes
Desc: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20150731/f4440589/attachment-0001.obj>
On 15-07-31 at 22:37, Simon Thelen wrote:> Hello, > > I'm currently writing my own IMAP client and testing it against Dovecot, > and when doing PLAIN AUTH Dovecot sends the "OK Logged in" with an empty > tag at the start. I tried reproducing the conversation with netcat, but > Dovecot sends a correctly tagged OK at the end of the AUTH so I assume > it's timing related.I ended up finding the issue and thought I'd report the fix here. When sending the CAPABILITY command directly after receiving the untagged OK during PREGREET, I sent a trailing '\0' after the '\r\n'. This then presumably messed up the tokenizer in dovecot causing it to think that the tag for the AUTHENTICATE command was "". I can't find a spot in the RFC that states what a server should do if it receives a bad tag, so I don't know if dovecot handles it correctly but in any case this was a bug on my part. Sorry for the noise. -- Simon Thelen