Bug#471563: cyrus-imapd-2.2: After the first 'id' command is issues Cyrus IMAPD always returns an error

Daniel Pittman daniel at rimspace.net
Tue Mar 18 23:22:21 UTC 2008 

Package: cyrus-imapd-2.2
Version: 2.2.13-10
Severity: important

I was testing the Zimbra Desktop IMAP client against my Cyrus server and
found what I thought to be a bug in that client.  On further
investigation I believe this is a bug in the Cyrus IMAPD component; the
following is from the original bug:

] nc rimspace.net 143
* OK anu Cyrus IMAP4 v2.2.13-Debian-2.2.13-10 server ready
a0 capability
* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE 
UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS
a0 OK Completed
a1 id ("vendor" "Zimbra" "os" "Linux" "os-version" "12")
* ID ("name" "Cyrus IMAPD" "version" "v2.2.13-Debian-2.2.13-10 2006/11/13 
16:17:53" "vendor" "Project Cyrus" "support-url" "http://asg.web.cmu.edu/cyrus" 
"os" "Linux" "os-version" "2.6.18-ovz-028stab051.1" "environment" "Built w/
Cyrus SASL 2.1.22; Running w/Cyrus SASL 2.1.22; Built w/Sleepycat Software: 
Berkeley DB 4.2.52: (December  3, 2003); Running w/Sleepycat Software: Berkeley 
DB 4.2.52: (December  3, 2003); Built w/OpenSSL 0.9.8c 05 Sep 2006; Running w/
OpenSSL 0.9.8c 05 Sep 2006; CMU Sieve 2.2; TCP Wrappers; NET-SNMP; mmap = 
shared; lock = fcntl; nonblock = fcntl; idle = poll")
a1 OK Completed
a2 id ("vendor" "zimbra")
a2 NO Only one Id allowed in non-authenticated state
a3 logout
* BYE LOGOUT received
a3 OK Completed
] nc rimspace.net 143
* OK anu Cyrus IMAP4 v2.2.13-Debian-2.2.13-10 server ready
a4 id ("vendor" "zimbra")
a4 NO Only one Id allowed in non-authenticated state
a5 logout
* BYE LOGOUT received
a5 OK Completed

So, it looks like /any/ id command after the first returns the same state.

How about this...

] nc rimspace.net 143
* OK anu Cyrus IMAP4 v2.2.13-Debian-2.2.13-10 server ready
a0 login daniel "XXXXXXXXXX"
a0 OK User logged in
a1 logout
* BYE LOGOUT received
a1 OK Completed
] nc rimspace.net 143
* OK anu Cyrus IMAP4 v2.2.13-Debian-2.2.13-10 server ready
a0 id ("vendor" "Zimbra")
a0 NO Only one Id allowed in non-authenticated state
a1 logout
* BYE LOGOUT received
a1 OK Completed

...which makes it look like an upstream bug in Cyrus IMAP where any ID command 
will result in that error to any subsequent ID command or, at least, where that 
happens iff you don't authenticate correctly the first time.

While the Zimbra client should probably cope with the failure of the id
command it is not reasonable, I think, that any user can cause ID
commands to fail globally for all other users.

Regards,
       Daniel


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-ovz-028stab051.1
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)

Versions of packages cyrus-imapd-2.2 depends on:
ii  cyrus-common-2.2       2.2.13-10         Cyrus mail system (common files)
ii  libc6                  2.3.6.ds1-13etch5 GNU C Library: Shared libraries
ii  libdb4.2               4.2.52+dfsg-2     Berkeley v4.2 Database Libraries [
ii  libsasl2-2             2.1.22.dfsg1-8    Authentication abstraction library
ii  libssl0.9.8            0.9.8c-4etch1     SSL shared libraries
ii  libwrap0               7.6.dbs-13        Wietse Venema's TCP wrappers libra

cyrus-imapd-2.2 recommends no packages.

-- no debconf information

More information about the Pkg-Cyrus-imapd-Debian-devel mailing list