ports/138300: [PATCH] mail/dovecot 1.2.4 breaks GSSAPI Authentication
John Marshall
john.marshall at riverwillow.com.au
Sat Aug 29 07:50:02 UTC 2009
>Number: 138300
>Category: ports
>Synopsis: [PATCH] mail/dovecot 1.2.4 breaks GSSAPI Authentication
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Aug 29 07:50:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: John Marshall
>Release: FreeBSD 7.2-RELEASE-p2 i386
>Organization:
Riverwillow Pty Ltd
>Environment:
System: FreeBSD rwsrv03.mby.riverwillow.net.au 7.2-RELEASE-p2 FreeBSD 7.2-RELEASE-p2 #0: Thu Jun 25 15:36:52 AEST 2009 root at rwsrv03.mby.riverwillow.net.au:/build/obj/usr/src/sys/RWSRV03 i386
>Description:
Dovecot 1.2.4 introduced some checking for NUL characters in usernames.
The test was picking up the NUL string-terminator on the user principal
name returned by GSSAPI and forcing authentication failure. The Dovecot
author has provided a patch which I have incorporated into the
mail/dovecot port.
http://hg.dovecot.org/dovecot-1.2/rev/a37fa30b0072
I have not incremented PORTREVISION because this will only affect sites
which use GSSAPI authentication.
This was discussed on the Dovecot mailing list:
http://dovecot.org/pipermail/dovecot/2009-August/042468.html
>How-To-Repeat:
- Attempt to authenticate to Dovecot 1.2.4 via GSSAPI
- auth_debug log shows:
auth(default): gssapi(john at EXAMPLE.COM,192.0.2.168): authz_name has NULs
auth(default): client out: FAIL 1 user=john at EXAMPLE.COM
- Mail client reports login failure
>Fix:
--- dovecot_1-2-4_gssapi_patch.diff begins here ---
diff -urN dovecot.orig/files/patch-src-auth-mech-gssapi.c dovecot/files/patch-src-auth-mech-gssapi.c
--- dovecot.orig/files/patch-src-auth-mech-gssapi.c 1970-01-01 10:00:00.000000000 +1000
+++ dovecot/files/patch-src-auth-mech-gssapi.c 2009-08-29 07:05:32.000000000 +1000
@@ -0,0 +1,13 @@
+--- src/auth/mech-gssapi.c.orig 2009-08-15 03:14:11.000000000 +1000
++++ src/auth/mech-gssapi.c 2009-08-29 07:02:43.000000000 +1000
+@@ -218,6 +218,10 @@
+ const unsigned char *c = data;
+ unsigned int i;
+
++ /* apparently all names end with NUL? */
++ if (len > 0 && c[len-1] == '\0')
++ len--;
++
+ for (i = 0; i < len; i++) {
+ if (c[i] == '\0')
+ return TRUE;
--- dovecot_1-2-4_gssapi_patch.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list