Package: sasl2-bin
Version: 2.1.25.dfsg1-6
Severity: normal
Tags: patch
Hi,
I use auth_rimap with Perdition and Dovecot.
When auth_rimap close the connection with the IMAP server, no
LOGOUT are sent.
In Dovecot, you can specify a maximum number of IMAP
connections allowed for a user from each IP address.
Without LOGOUT, auth_rimap is easily blacklisted by Dovecot,
and the user can't authenticate anymore.
This patch make auth_rimap send a LOGOUT before closing
the connection.
-- System Information:
Debian Release: 7.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages sasl2-bin depends on:
ii db-util 5.1.6
ii debconf [debconf-2.0] 1.5.49
ii libc6 2.13-38
ii libcomerr2 1.42.5-1.1
ii libdb5.1 5.1.29-5
ii libgssapi-krb5-2 1.10.1+dfsg-5
ii libk5crypto3 1.10.1+dfsg-5
ii libkrb5-3 1.10.1+dfsg-5
ii libldap-2.4-2 2.4.31-1+nmu2
ii libpam0g 1.1.3-7.1
ii libsasl2-2 2.1.25.dfsg1-6
ii libssl1.0.0 1.0.1e-2
ii lsb-base 4.1+Debian8
sasl2-bin recommends no packages.
sasl2-bin suggests no packages.
-- Configuration Files:
/etc/default/saslauthd changed [not included]
--- cyrus-sasl2-2.1.25.dfsg1.orig/saslauthd/auth_rimap.c
+++ cyrus-sasl2-2.1.25.dfsg1/saslauthd/auth_rimap.c
@@ -90,6 +90,7 @@ static struct addrinfo *ai = NULL; /* re
service we connect to. */
#define TAG "saslauthd" /* IMAP command tag */
#define LOGIN_CMD (TAG " LOGIN ") /* IMAP login command (with tag) */
+#define LOGOUT_CMD (TAG " LOGOUT ") /* IMAP logout command (with tag)*/
#define NETWORK_IO_TIMEOUT 30 /* network I/O timeout (seconds) */
#define RESP_LEN 1000 /* size of read response buffer */
@@ -307,10 +308,12 @@ auth_rimap (
int s=-1; /* socket to remote auth host */
struct addrinfo *r; /* remote socket address info */
struct iovec iov[5]; /* for sending LOGIN command */
+ struct iovec iov2[1]; /* for sending LOGOUT command */
char *qlogin; /* pointer to "quoted" login */
char *qpass; /* pointer to "quoted" password */
char *c; /* scratch pointer */
int rc; /* return code scratch area */
+ int rcl; /* return code scratch area */
char rbuf[RESP_LEN]; /* response read buffer */
char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
int saved_errno;
@@ -505,6 +508,24 @@ auth_rimap (
}
}
}
+
+ /* close remote imap */
+ iov2[0].iov_base = LOGOUT_CMD;
+ iov2[0].iov_len = sizeof(LOGOUT_CMD) - 1;
+ iov2[1].iov_base = "\r\n";
+ iov2[1].iov_len = sizeof("\r\n") - 1;
+
+ if (flags & VERBOSE) {
+ syslog(LOG_DEBUG, "auth_rimap: sending %s%s %s",
+ LOGOUT_CMD, qlogin, qpass);
+ }
+ alarm(NETWORK_IO_TIMEOUT);
+ rcl = retry_writev(s, iov2, 2);
+ alarm(0);
+ if (rcl == -1) {
+ syslog(LOG_WARNING, "auth_rimap: writev logout: %m");
+ }
+
(void) close(s); /* we're done with the remote */
if (rc == -1) {
syslog(LOG_WARNING, "auth_rimap: read (response): %m");
