From owner-freebsd-ports-bugs@FreeBSD.ORG Sat Aug 29 07:50:01 2009 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D0CD81065673 for ; Sat, 29 Aug 2009 07:50:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id ACA1B8FC08 for ; Sat, 29 Aug 2009 07:50:01 +0000 (UTC) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n7T7o1hq028629 for ; Sat, 29 Aug 2009 07:50:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n7T7o1TR028628; Sat, 29 Aug 2009 07:50:01 GMT (envelope-from gnats) Resent-Date: Sat, 29 Aug 2009 07:50:01 GMT Resent-Message-Id: <200908290750.n7T7o1TR028628@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, John Marshall Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 18E91106566B for ; Sat, 29 Aug 2009 07:47:39 +0000 (UTC) (envelope-from john@rwsrv03.mby.riverwillow.net.au) Received: from mail1.riverwillow.net.au (mail1.riverwillow.net.au [203.58.93.36]) by mx1.freebsd.org (Postfix) with ESMTP id 8277B8FC0A for ; Sat, 29 Aug 2009 07:47:38 +0000 (UTC) Received: from rwsrv03.mby.riverwillow.net.au (localhost [127.0.0.1]) by mail1.riverwillow.net.au (8.14.3/8.14.3) with ESMTP id n7T7WQfF013279 for ; Sat, 29 Aug 2009 17:32:26 +1000 (AEST) Received: (from john@localhost) by rwsrv03.mby.riverwillow.net.au (8.14.3/8.14.3/Submit) id n7T7WQWM013278; Sat, 29 Aug 2009 17:32:26 +1000 (AEST) Message-Id: <200908290732.n7T7WQWM013278@rwsrv03.mby.riverwillow.net.au> Date: Sat, 29 Aug 2009 17:32:26 +1000 (AEST) From: John Marshall To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/138300: [PATCH] mail/dovecot 1.2.4 breaks GSSAPI Authentication X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: John Marshall List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Aug 2009 07:50:02 -0000 >Number: 138300 >Category: ports >Synopsis: [PATCH] mail/dovecot 1.2.4 breaks GSSAPI Authentication >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Aug 29 07:50:01 UTC 2009 >Closed-Date: >Last-Modified: >Originator: John Marshall >Release: FreeBSD 7.2-RELEASE-p2 i386 >Organization: Riverwillow Pty Ltd >Environment: System: FreeBSD rwsrv03.mby.riverwillow.net.au 7.2-RELEASE-p2 FreeBSD 7.2-RELEASE-p2 #0: Thu Jun 25 15:36:52 AEST 2009 root@rwsrv03.mby.riverwillow.net.au:/build/obj/usr/src/sys/RWSRV03 i386 >Description: Dovecot 1.2.4 introduced some checking for NUL characters in usernames. The test was picking up the NUL string-terminator on the user principal name returned by GSSAPI and forcing authentication failure. The Dovecot author has provided a patch which I have incorporated into the mail/dovecot port. http://hg.dovecot.org/dovecot-1.2/rev/a37fa30b0072 I have not incremented PORTREVISION because this will only affect sites which use GSSAPI authentication. This was discussed on the Dovecot mailing list: http://dovecot.org/pipermail/dovecot/2009-August/042468.html >How-To-Repeat: - Attempt to authenticate to Dovecot 1.2.4 via GSSAPI - auth_debug log shows: auth(default): gssapi(john@EXAMPLE.COM,192.0.2.168): authz_name has NULs auth(default): client out: FAIL 1 user=john@EXAMPLE.COM - Mail client reports login failure >Fix: --- dovecot_1-2-4_gssapi_patch.diff begins here --- diff -urN dovecot.orig/files/patch-src-auth-mech-gssapi.c dovecot/files/patch-src-auth-mech-gssapi.c --- dovecot.orig/files/patch-src-auth-mech-gssapi.c 1970-01-01 10:00:00.000000000 +1000 +++ dovecot/files/patch-src-auth-mech-gssapi.c 2009-08-29 07:05:32.000000000 +1000 @@ -0,0 +1,13 @@ +--- src/auth/mech-gssapi.c.orig 2009-08-15 03:14:11.000000000 +1000 ++++ src/auth/mech-gssapi.c 2009-08-29 07:02:43.000000000 +1000 +@@ -218,6 +218,10 @@ + const unsigned char *c = data; + unsigned int i; + ++ /* apparently all names end with NUL? */ ++ if (len > 0 && c[len-1] == '\0') ++ len--; ++ + for (i = 0; i < len; i++) { + if (c[i] == '\0') + return TRUE; --- dovecot_1-2-4_gssapi_patch.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: