Re: [Dovecot] Auth worker max line size
Timo Sirainen wrote: > Couldn't you change the client to use AUTHENTICATE PLAIN command instead? > The buffer wouldn't be a problem then.. Sorry for the delay, I missed the reply. That is not an option, as the client is not SASL capable. --- src/lib-master/master-auth.h.orig +++ src/lib-master/master-auth.h @@ -13,9 +13,9 @@ /* Authentication client process's cookie size */ #define MASTER_AUTH_COOKIE_SIZE (128/8) /* LOGIN_MAX_INBUF_SIZE should be based on this.*/ -#define MASTER_AUTH_MAX_DATA_SIZE 1024 +#define MASTER_AUTH_MAX_DATA_SIZE 4096 #define MASTER_AUTH_ERRMSG_INTERNAL_FAILURE \ "Internal error occurred. Refer to server log for more information." -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz m...@netbsd.org
Re: [Dovecot] Auth worker max line size
On 16.8.2012, at 4.07, Emmanuel Dreyfus wrote: > 38 month ago, I submitted a patch to increase > AUTH_WORKER_MAX_LINE_LENGTH to use exotic authentication scheme (see > message below). The patch was accepted, but now I upgrade to dovecot > 2.1.7, I face the same problem with MASTER_AUTH_MAX_DATA_SIZE. I had to > increase it from 1024 to 4096. > > Is it safe to do so? Would such a change be accepted upstream? The patch > is below. Couldn't you change the client to use AUTHENTICATE PLAIN command instead? The buffer wouldn't be a problem then..
Re: [Dovecot] Auth worker max line size
Hi 38 month ago, I submitted a patch to increase AUTH_WORKER_MAX_LINE_LENGTH to use exotic authentication scheme (see message below). The patch was accepted, but now I upgrade to dovecot 2.1.7, I face the same problem with MASTER_AUTH_MAX_DATA_SIZE. I had to increase it from 1024 to 4096. Is it safe to do so? Would such a change be accepted upstream? The patch is below. (please Cc: me, I'm not subscribed ot the list) --- src/lib-master/master-auth.h.orig +++ src/lib-master/master-auth.h @@ -13,9 +13,9 @@ /* Authentication client process's cookie size */ #define MASTER_AUTH_COOKIE_SIZE (128/8) /* LOGIN_MAX_INBUF_SIZE should be based on this.*/ -#define MASTER_AUTH_MAX_DATA_SIZE 1024 +#define MASTER_AUTH_MAX_DATA_SIZE 4096 #define MASTER_AUTH_ERRMSG_INTERNAL_FAILURE \ "Internal error occurred. Refer to server log for more information." Emmanuel Dreyfus wrote: > Hello > > I have been playing with some exotic authentication scheme with Dovecot > and PAM. That involves sending really large base64 encoded data as > the IMAP password, and I have hit a line limit in Dovecot, with > AUTH_WORKER_MAX_LINE_LENGTH set to 1024. > > This limit is especially frustrating since other parts of the software > use much larger limits: > MAX_INBUF_SIZE 4096 > MAX_IMAP_LINE 8192 > AUTH_CLIENT_MAX_LINE_LENGTH 8192 > > I had to make the patch attached below to get my authentication working. > I can live with this local patch, but given the much more liberal limits > of MAX_INBUF_SIZE at 4096 makes we wonder if this 1024 limit on > AUTH_WORKER_MAX_LINE_LENGTH could not be a bug. Or is there a security > concern at using more than 1kB? > > Opinions? (please Cc: me, I'm not subscribed ot the list) > > --- src/auth/auth-worker-client.h.orig 2009-06-23 18:32:15.0 +0200 > +++ src/auth/auth-worker-client.h 2009-06-23 18:32:33.0 +0200 > @@ -1,8 +1,8 @@ > #ifndef AUTH_WORKER_CLIENT_H > #define AUTH_WORKER_CLIENT_H > > -#define AUTH_WORKER_MAX_LINE_LENGTH 1024 > +#define AUTH_WORKER_MAX_LINE_LENGTH 4096 > > struct auth_worker_client *auth_worker_client_create(struct auth *auth, int fd); > void auth_worker_client_destroy(struct auth_worker_client **client); > void auth_worker_client_unref(struct auth_worker_client **client); -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz m...@netbsd.org
Re: [Dovecot] Auth worker max line size
On Wed, Jun 24, 2009 at 02:21:50PM -0400, Timo Sirainen wrote: > There's no real reason to keep it at 1 kB. I probably didn't even think > about it much when I added it. I increased it to 8192 now. Thanks a lot! -- Emmanuel Dreyfus m...@netbsd.org
Re: [Dovecot] Auth worker max line size
On Wed, 2009-06-24 at 14:45 +, Emmanuel Dreyfus wrote: > I have been playing with some exotic authentication scheme with Dovecot > and PAM. That involves sending really large base64 encoded data as > the IMAP password, and I have hit a line limit in Dovecot, with > AUTH_WORKER_MAX_LINE_LENGTH set to 1024. .. > I had to make the patch attached below to get my authentication working. > I can live with this local patch, but given the much more liberal limits > of MAX_INBUF_SIZE at 4096 makes we wonder if this 1024 limit on > AUTH_WORKER_MAX_LINE_LENGTH could not be a bug. Or is there a security > concern at using more than 1kB? There's no real reason to keep it at 1 kB. I probably didn't even think about it much when I added it. I increased it to 8192 now. signature.asc Description: This is a digitally signed message part
