Package: sendmail
Version: 8.13.4-3sarge3
Severity: important
Tags: patch
If using libnss-ldap, and not using nscd, the libc will invoke
libnss-ldap on every call to getpwnam and such.
libnss-ldap will initialize sasl as a client by calling
sasl_client_init()
On its first invokation, sasl_client_init() stores a list of global
callback functions for later usage. Since libnss-ldap is clever, it
will not provide any global callback functions; instead it provides
them later, on a per-session basis, when sasl_client_new() is called.
Later, sendmail wants to authenticate. It calls sasl_client_init()
itself and tries to register global callback functions. Since
sasl is already initialized, it ignores the callback function list
and returns OK.
When sendmail calls sasl_client_new(), it fails to provide the list
of callback function, assuming sasl will use the global ones.
This makes SMTP AUTH as client fail. Unfortunately the mail.log only
says
Nov 16 00:24:19 localhost sm-mta[9890]: kAEFnQqh004922: AUTH=client,
available mechanisms do not fulfill requirements
which is very confusing.
This can be seen as a sasl bug, but there is a very simple fix for
sendmail: Dont rely on the global callback function list,
provide the list again on session initialization time. However,
there is a ("fixed") bug for libsasl2 where I added a comment on
this, too (#274087).
The simple patch is included. Thanks.
Moritz
diff -u -r -N sendmail-8.13.4.orig/sendmail/usersmtp.c
sendmail-8.13.4/sendmail/usersmtp.c
--- sendmail-8.13.4.orig/sendmail/usersmtp.c 2006-11-16 10:26:06.003494000
+0100
+++ sendmail-8.13.4/sendmail/usersmtp.c 2006-11-16 10:34:24.744797703 +0100
@@ -553,6 +553,9 @@
if (sasl_clt_init)
return SASL_OK;
+ /* Beware, callbacks are ignored if sasl_client_init() has
+ * been called before (by a library such as libnss_ldap)
+ */
result = sasl_client_init(callbacks);
/* should we retry later again or just remember that it failed? */
@@ -1579,9 +1582,13 @@
/* make a new client sasl connection */
# if SASL >= 20000
+ /* We provide the callbacks again because global callbacks in
+ * sasl_client_init() are ignored if sasl has been initialized
+ * before, for example, by a library such as libnss-ldap.
+ */
saslresult = sasl_client_new(bitnset(M_LMTP, m->m_flags) ? "lmtp"
: "smtp",
- CurHostName, NULL, NULL, NULL, 0,
+ CurHostName, NULL, NULL, callbacks, 0,
&mci->mci_conn);
# else /* SASL >= 20000 */
saslresult = sasl_client_new(bitnset(M_LMTP, m->m_flags) ? "lmtp"
-- Package-specific info:
Ouput of /usr/share/bug/sendmail/script:
ls -alR /etc/mail:
/etc/mail:
total 412
drwxr-sr-x 8 smmta smmsp 4096 Nov 16 10:44 .
drwxr-xr-x 118 root root 8192 Nov 16 10:42 ..
-rwxr-xr-- 1 root smmsp 11668 Nov 16 10:42 Makefile
-rw------- 1 root root 4211 Mar 19 2006 access
-rw-r----- 1 smmta smmsp 12288 Nov 16 10:42 access.db
-rw-r--r-- 1 root root 281 Jun 3 2005 address.resolve
lrwxrwxrwx 1 root smmsp 10 Mar 19 2006 aliases -> ../aliases
-rw-r----- 1 smmta smmsp 12288 Nov 16 10:42 aliases.db
drwx------ 2 root smmsp 4096 Nov 16 10:42 auth
-rw-r--r-- 1 root smmsp 34 Oct 16 15:36 blah
-rw-r--r-- 1 root root 3615 Nov 16 10:42 databases
-rw-r----- 1 smmta smmsp 53 Oct 16 23:38 default-auth-info
-rw-r--r-- 1 root smmsp 11153 Oct 17 01:35 found:q
-rw-r--r-- 1 root root 5588 Jun 3 2005 helpfile
-rw-r--r-- 1 root smmsp 40 Nov 15 01:16 local-host-names
drwxr-sr-x 2 smmta smmsp 4096 Mar 19 2006 m4
-rw-r----- 1 root smmsp 37 Nov 16 10:44 mailertable
-rw-r----- 1 root smmsp 12288 Nov 16 10:44 mailertable.db
drwxr-xr-x 2 root root 4096 Nov 16 10:42 peers
-rw-r--r-- 1 root smmsp 0 Oct 16 15:38 relay-domains
drwxr-xr-x 2 root smmsp 4096 Nov 15 01:13 sasl
-rw-r--r-- 1 root smmsp 65976 Nov 16 10:42 sendmail.cf
-rw-r--r-- 1 root root 65979 Nov 16 10:42 sendmail.cf.old
-rw-r--r-- 1 root root 11882 Nov 16 10:42 sendmail.conf
-rw-r--r-- 1 root smmsp 4374 Nov 16 10:42 sendmail.mc
-rw-r--r-- 1 root smmsp 4120 Mar 20 2006 sendmail.mc.old
-rw-r--r-- 1 root root 149 Jun 3 2005 service.switch
-rw-r--r-- 1 root root 180 Jun 3 2005 service.switch-nodns
drwxr-sr-x 2 smmta smmsp 4096 Mar 19 2006 smrsh
-rw-r--r-- 1 root smmsp 43922 Nov 16 10:42 submit.cf
-rw-r--r-- 1 root root 43912 Nov 16 10:42 submit.cf.old
-rw-r--r-- 1 root smmsp 2321 Nov 16 10:42 submit.mc
drwxr-xr-x 2 root smmsp 4096 Nov 14 17:55 tls
-rw-r--r-- 1 root smmsp 10 Oct 31 23:28 trusted-users
/etc/mail/m4:
total 8
drwxr-sr-x 2 smmta smmsp 4096 Mar 19 2006 .
drwxr-sr-x 8 smmta smmsp 4096 Nov 16 10:44 ..
-rw-r----- 1 root smmsp 0 Mar 19 2006 dialup.m4
-rw-r----- 1 root smmsp 0 Mar 19 2006 provider.m4
/etc/mail/peers:
total 12
drwxr-xr-x 2 root root 4096 Nov 16 10:42 .
drwxr-sr-x 8 smmta smmsp 4096 Nov 16 10:44 ..
-rw-r--r-- 1 root root 328 Jun 3 2005 provider
/etc/mail/sasl:
total 16
drwxr-xr-x 2 root smmsp 4096 Nov 15 01:13 .
drwxr-sr-x 8 smmta smmsp 4096 Nov 16 10:44 ..
-rw-r----- 1 smmta smmsp 749 Nov 14 18:09 Sendmail.conf.2
-rwxr--r-- 1 root root 3677 Oct 31 21:46 sasl.m4
/etc/mail/smrsh:
total 8
drwxr-sr-x 2 smmta smmsp 4096 Mar 19 2006 .
drwxr-sr-x 8 smmta smmsp 4096 Nov 16 10:44 ..
lrwxrwxrwx 1 root smmsp 26 Mar 19 2006 mail.local ->
/usr/lib/sm.bin/mail.local
lrwxrwxrwx 1 root smmsp 17 Mar 19 2006 procmail -> /usr/bin/procmail
/etc/mail/tls:
total 44
drwxr-xr-x 2 root smmsp 4096 Nov 14 17:55 .
drwxr-sr-x 8 smmta smmsp 4096 Nov 16 10:44 ..
-rw-r--r-- 1 root root 7 Mar 19 2006 no_prompt
-rw------- 1 root root 0 Oct 17 00:42 revocation.list
-rw------- 1 root root 1191 Mar 19 2006 sendmail-client.cfg
-rw-r--r-- 1 root smmsp 1229 Oct 16 16:33 sendmail-client.crt
-rw------- 1 root root 1013 Oct 16 16:33 sendmail-client.csr
-rw-r----- 1 root smmsp 1675 Oct 16 16:33 sendmail-common.key
-rw------- 1 root root 0 Oct 16 16:33 sendmail-common.prm
-rw------- 1 root root 1191 Mar 19 2006 sendmail-server.cfg
-rw-r--r-- 1 root smmsp 1229 Oct 16 16:33 sendmail-server.crt
-rw------- 1 root root 1013 Oct 16 16:33 sendmail-server.csr
-rwxr--r-- 1 root root 3099 Oct 31 21:46 starttls.m4
sendmail.conf:
DAEMON_NETMODE="Static";
DAEMON_NETIF="lo";
DAEMON_MODE="Daemon";
DAEMON_PARMS="";
DAEMON_HOSTSTATS="No";
DAEMON_MAILSTATS="No";
QUEUE_MODE="${DAEMON_MODE}";
QUEUE_INTERVAL="10m";
QUEUE_PARMS="";
MSP_MODE="Cron";
MSP_INTERVAL="20m";
MSP_PARMS="";
MSP_MAILSTATS="${DAEMON_MAILSTATS}";
MISC_PARMS="";
CRON_MAILTO="root";
CRON_PARMS="";
LOG_CMDS="No";
HANDS_OFF="No";
AGE_DATA="";
DAEMON_RUNASUSER="No";
DAEMON_STATS="${DAEMON_MAILSTATS}";
MSP_STATS="${MSP_MAILSTATS}";
sendmail.mc:
divert(-1)dnl
divert(0)dnl
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail.mc, v 8.13.4-3 2005-06-03 16:49:22 cowboy Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS=
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl
DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, Addr=127.0.0.1')dnl
define(`confPRIVACY_FLAGS',dnl
`needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl
define(`confCONNECTION_RATE_THROTTLE', `15')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
FEATURE(`access_db', , `skip')dnl
FEATURE(`greet_pause', `1000')dnl 1 seconds
FEATURE(`delay_checks', `friend', `n')dnl
define(`confBAD_RCPT_THROTTLE',`3')dnl
FEATURE(`conncontrol', `nodelay', `terminate')dnl
FEATURE(`ratecontrol', `nodelay', `terminate')dnl
LOCAL_CONFIG
MASQUERADE_AS(`aldebaran.de')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`smrsh')dnl
FEATURE(`authinfo',`hash /etc/mail/auth/authinfo')dnl
FEATURE(`mailertable')dnl
include(`/etc/mail/m4/dialup.m4')dnl
include(`/etc/mail/m4/provider.m4')dnl
MAILER_DEFINITIONS
MAILER(local)dnl
MAILER(smtp)dnl
LOCAL_CONFIG
include(`/etc/mail/sasl/sasl.m4')dnl
submit.mc...
divert(-1)dnl
divert(0)dnl
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: submit.mc, v 8.13.4-3 2005-06-03 16:49:22 cowboy Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-msp')dnl
FEATURE(`msp', `[127.0.0.1]', `MSA')dnl
include(`/etc/mail/sasl/sasl.m4')dnl
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-k7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages sendmail depends on:
ii rmail 8.13.4-3sarge3 MTA->UUCP remote mail handler
ii sendmail-base 8.13.4-3sarge3 powerful, efficient, and scalable
ii sendmail-bin 8.13.4-3sarge3 powerful, efficient, and scalable
ii sendmail-cf 8.13.4-3sarge3 powerful, efficient, and scalable
ii sensible-mda 8.13.4-3sarge3 Mail Delivery Agent wrapper
Versions of packages sensible-mda depends on:
ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an
ii procmail 3.22-11 Versatile e-mail processor
ii sendmail-bin [mail-tr 8.13.4-3sarge3 powerful, efficient, and scalable
Versions of packages rmail depends on:
ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an
ii libldap2 2.1.30-8 OpenLDAP libraries
ii sendmail-bin [mail-tr 8.13.4-3sarge3 powerful, efficient, and scalable
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
