On 08/07/14 4:14 AM, Otto Moerbeek wrote:
On Tue, Jul 08, 2014 at 07:49:48AM +0200, Otto Moerbeek wrote:
On Mon, Jul 07, 2014 at 08:09:31PM -0400, Brad Smith wrote:
On 04/07/14 7:39 AM, Otto Moerbeek wrote:
On Sun, Jun 22, 2014 at 05:39:34AM -0400, Brad Smith wrote:
On Sun, Jun 22, 2014 at 05:01:38AM +0200, J??r??mie Courr??ges-Anglas wrote:
(Redirecting this to ports@)
Could you folks test this patch against dovecot from -stable? I only
did compile testing on -current. I don't know how the allocator(s)
handle failures nor how would i_realloc handle pwbuf_size ==
old_pwbuf_size, but this looks safe.
$OpenBSD$
Hack: we avoid the actual ERANGE error case by always providing a large
enough buffer.
I'd prefer to use the diff I had commited when this issue first came
up although back then local auth didn't work at all without the hack
that was added. I don't have a 5.5 system around at the moment so
please check this builds first and then test as appropriate.
What I see with this diff (thanks to sthen for the package) is no more
auto-of-mem errors. So that is good. But I see this instead:
Jul 4 13:19:17 mx1 dovecot: auth-worker(14261): Error:
bsdauth(ottox,2001:981:aaf3:1:224:1dff:fede:e939): getpwnam() failed:
Operation not permitted
The error code from getpwnam_r for a non-existent user is 1, which is
now interpreted as an errno (EPERM), it seems.
On the client side I see:
xx NO [UNAVAILABLE] Temporary authentication failure
instead of the
xx NO [AUTHENTICATIONFAILED] Authentication failed.
So it can be seen which usernames are valid.
-Otto
So you're essentially screwed either way depending on which
issue you consider more important. So the only option is to
patch the broken libc with 5.5 if you want it fully working
properly.
Well, it might be possible to rewrite the diff to return the right
error status en not clobber errno.... I'll see if I can get around to
doing that, but don't count on it.
-Otto
OK, applied the "any arror maps to user unknown" hammer.
I now always get auth failed on wrong pw or user unknown.
I'm running this now on 5.5 and it works as expected.
-Otto
REVISION should be changed back to 1.
Any other 5.5 users to help test this?
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
