mirror of
https://github.com/cypht-org/cypht.git
synced 2026-04-25 04:56:03 +03:00
[GH-ISSUE #472] Cypht only checks/acknowledges the first-offered SMTP authentication method #380
Labels
No labels
2fa
I18N
PGP
Security
Security
account
advanced_search
advanced_search
announcement
api_login
authentication
awaiting feedback
blocker
bug
bug
bug
calendar
config
contacts
core
core
devops
docker
docs
duplicate
dynamic_login
enhancement
epic
feature
feeds
framework
github
github
gmail_contacts
good first issue
help wanted
history
history
imap
imap_folders
inline_message
installation
keyboard_shortcuts
keyboard_shortcuts
ldap_contacts
mobile
need-ssh-access
new module set
nux
pop3
profiles
pull-request
question
refactor
release
research
saved_searches
smtp
strategic
tags
tests
themes
website
wordpress
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/cypht#380
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @rawhide-kobayashi on GitHub (Apr 29, 2021).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/472
Originally assigned to: @jasonmunro on GitHub.
Maybe a bit less of a bug, more of a design oversight, but anyway.
Cypht will fail to authenticate, despite valid authentication methods being available, if the first one listed is not supported by Cypht. For example, this authentication message works with Thunderbird and Roundcube, but not with Cypht.
Does not work:
250-AUTH GSSAPI PLAIN
Works:
250-AUTH PLAIN GSSAPI
Receiving the first string causes Cypht to immediately drop the connection with no further information provided to the SMTP server. Receiving the second causes it to proceed with PLAIN auth, as would normally be expected in both cases.
Steps to reproduce
For me, this is "solved" by changing the order of authentication methods in saslauthd's smtp mech_list config line from "GSSAPI PLAIN to "PLAIN GSSAPI". However, the way AUTH is parsed appears to be fundamentally flawed. I'm no PHP wiz, but I believe the problem area is likely here: https://github.com/jasonmunro/cypht/blob/master/modules/smtp/hm-smtp.php#L316
@jasonmunro commented on GitHub (Jun 8, 2021):
I cannot reproduce this yet. Seems to be doing the right thing in selecting only the first supported mech in my tests. Thanks for the report and I will try to reproduce again and let you know!
@marclaporte commented on GitHub (Jul 31, 2022):
@rawhide-kobayashi Any chance you could join us on https://gitter.im/cypht-org/community to help reproduce this?
Thanks!
@marclaporte commented on GitHub (May 7, 2024):
@rawhide-kobayashi
Please retest, as a lot has changed since you reported this issue. Notably, we now have 3 active branches and recently released Cypht 2.0.0
@marclaporte commented on GitHub (Sep 28, 2024):
@rawhide-kobayashi Last call :-)
Please test latest stable:
https://github.com/cypht-org/cypht/releases/