[Dovecot] plain auth problem with beta4

[Mark Davies]

On Tuesday 04 April 2006 12:50, Mark Davies wrote:
> Using kmail with PLAIN authentication worked fine with beta3 but trying it
> with beta4 authentication fails.
>
> This is because kmail sends  "username \0 username \0 password" in the
> authorization token and the new code to call
> auth_request_set_login_username() when supplied an authid must be returning
> failure (certainly commenting this code out returns to the beta3 behaviour
> of successfully authenticating).  I had a quick look at the routine to see
> why it might be failing but didn't really work out what its supposed to do.

On re-reading the beta4 release announcement, kmail's usage is presumably 
conflicting with this new feature:

        + Added support for "master users" who can log in as other people.
          The master username can be given either in authorization ID
          string with SASL PLAIN mechanism or by setting
          auth_master_user_separator and giving it within the normal username
          string.


Since that is dealing with logging in as someone else and for kmail the 
authorization ID and authentication ID are the same should be able to treat 
this case equivalently to if no authorization ID was given shouldn't we?

--- mech-plain.c.orig	2006-04-05 15:01:25.000000000 +1200
+++ mech-plain.c	2006-04-05 15:04:16.000000000 +1200
@@ -58,7 +58,7 @@
                 /* invalid username */
                 auth_request_log_info(request, "plain", "%s", error);
                 auth_request_fail(request);
-        } else if (*authid != '\0' &&
+        } else if (*authid != '\0' && strcmp(authid, authenid) != 0 &&
                    !auth_request_set_login_username(request, authid, &error)) 
{
                 /* invalid login username */
                 auth_request_log_info(request, "plain",


cheers
mark