Date: Sat, 29 Aug 2009 17:32:26 +1000 (AEST) From: John Marshall <john.marshall@riverwillow.com.au> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/138300: [PATCH] mail/dovecot 1.2.4 breaks GSSAPI Authentication Message-ID: <200908290732.n7T7WQWM013278@rwsrv03.mby.riverwillow.net.au> Resent-Message-ID: <200908290750.n7T7o1TR028628@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 138300 >Category: ports >Synopsis: [PATCH] mail/dovecot 1.2.4 breaks GSSAPI Authentication >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Aug 29 07:50:01 UTC 2009 >Closed-Date: >Last-Modified: >Originator: John Marshall >Release: FreeBSD 7.2-RELEASE-p2 i386 >Organization: Riverwillow Pty Ltd >Environment: System: FreeBSD rwsrv03.mby.riverwillow.net.au 7.2-RELEASE-p2 FreeBSD 7.2-RELEASE-p2 #0: Thu Jun 25 15:36:52 AEST 2009 root@rwsrv03.mby.riverwillow.net.au:/build/obj/usr/src/sys/RWSRV03 i386 >Description: Dovecot 1.2.4 introduced some checking for NUL characters in usernames. The test was picking up the NUL string-terminator on the user principal name returned by GSSAPI and forcing authentication failure. The Dovecot author has provided a patch which I have incorporated into the mail/dovecot port. http://hg.dovecot.org/dovecot-1.2/rev/a37fa30b0072 I have not incremented PORTREVISION because this will only affect sites which use GSSAPI authentication. This was discussed on the Dovecot mailing list: http://dovecot.org/pipermail/dovecot/2009-August/042468.html >How-To-Repeat: - Attempt to authenticate to Dovecot 1.2.4 via GSSAPI - auth_debug log shows: auth(default): gssapi(john@EXAMPLE.COM,192.0.2.168): authz_name has NULs auth(default): client out: FAIL 1 user=john@EXAMPLE.COM - Mail client reports login failure >Fix: --- dovecot_1-2-4_gssapi_patch.diff begins here --- diff -urN dovecot.orig/files/patch-src-auth-mech-gssapi.c dovecot/files/patch-src-auth-mech-gssapi.c --- dovecot.orig/files/patch-src-auth-mech-gssapi.c 1970-01-01 10:00:00.000000000 +1000 +++ dovecot/files/patch-src-auth-mech-gssapi.c 2009-08-29 07:05:32.000000000 +1000 @@ -0,0 +1,13 @@ +--- src/auth/mech-gssapi.c.orig 2009-08-15 03:14:11.000000000 +1000 ++++ src/auth/mech-gssapi.c 2009-08-29 07:02:43.000000000 +1000 +@@ -218,6 +218,10 @@ + const unsigned char *c = data; + unsigned int i; + ++ /* apparently all names end with NUL? */ ++ if (len > 0 && c[len-1] == '\0') ++ len--; ++ + for (i = 0; i < len; i++) { + if (c[i] == '\0') + return TRUE; --- dovecot_1-2-4_gssapi_patch.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908290732.n7T7WQWM013278>