<div class="gmail_quote">On Wed, Jul 29, 2009 at 10:51 AM, Kevin Horn <span dir="ltr"><<a href="mailto:kevin.horn@gmail.com">kevin.horn@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="gmail_quote"><div><div></div><div class="h5">On Wed, Jul 29, 2009 at 6:29 AM, Jean-Paul Calderone <span dir="ltr"><<a href="mailto:exarkun@divmod.com" target="_blank">exarkun@divmod.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div></div><div>On Wed, 29 Jul 2009 00:54:20 -0500, Kevin Horn <<a href="mailto:kevin.horn@gmail.com" target="_blank">kevin.horn@gmail.com</a>> wrote:<br>
>I was digging through the Twisted IMAP code tonight and I noticed something<br>
>puzzling...<br>
><br>
>PLAINAuthenticator.challengeResponse() uses the following statement to send<br>
>auth credentials to the server<br>
><br>
> return '%s\0%s\0' % (self.user, secret)<br>
><br>
>which would give auth credentials of the form:<br>
><br>
> authid<NUL>password<NUL><br>
><br>
> (where <NUL> is the NUL character)<br>
><br>
>However, both RFC2595 and RFC4616 (both define the PLAIN SASL mechanism),<br>
>say that credentials should be passed this way:<br>
><br>
> [authzid]<NUL>authnid<NUL>password<br>
><br>
> (where <NUL> is the NUL character and [authzid] is optional)<br>
><br>
>Now even if one was to leave the authzid out of the equation, you would end<br>
>up with something like this:<br>
><br>
> <NUL>authnid<NUL>password<br>
><br>
>and the version Twisted's IMAP code uses appears to be invalid.<br>
><br>
>Am I crazy?<br>
>Am I missing something?<br>
>Is it just way too late and I should put the RFCs down and back away slowly?<br>
<br>
</div></div>My early morning reading of the RFC agrees with yours. Someone else brought<br>
this up a long time ago, I think, but never pointed out the RFC.<br>
<br>
Can you file a ticket?<br>
<br>
Jean-Paul<br>
<br>
</blockquote></div></div><div><br><br>At least I'm not crazy... :)<br>
<br>
Ticket #3939 filed: <a href="http://twistedmatrix.com/trac/ticket/3939" target="_blank">http://twistedmatrix.com/trac/ticket/3939</a><br><br>also added a note in the ticket that PLAINCredentials may need to be modified to match<br>
<br>
Kevin Horn<br> </div></div><br>
</blockquote></div><br>FYI, attached a patch to the ticket. I haven't really tested it, but if someone could take a look and let me know what they think I'd appreciate it.<br><br>Kevin Horn<br>