On 04/07/14 7:39 AM, Otto Moerbeek wrote:
On Sun, Jun 22, 2014 at 05:39:34AM -0400, Brad Smith wrote:
On Sun, Jun 22, 2014 at 05:01:38AM +0200, J??r??mie Courr??ges-Anglas wrote:
(Redirecting this to ports@)
Could you folks test this patch against dovecot from -stable? I only
did compile testing on -current. I don't know how the allocator(s)
handle failures nor how would i_realloc handle pwbuf_size ==
old_pwbuf_size, but this looks safe.
$OpenBSD$
Hack: we avoid the actual ERANGE error case by always providing a large
enough buffer.
I'd prefer to use the diff I had commited when this issue first came
up although back then local auth didn't work at all without the hack
that was added. I don't have a 5.5 system around at the moment so
please check this builds first and then test as appropriate.
What I see with this diff (thanks to sthen for the package) is no more
auto-of-mem errors. So that is good. But I see this instead:
Jul 4 13:19:17 mx1 dovecot: auth-worker(14261): Error:
bsdauth(ottox,2001:981:aaf3:1:224:1dff:fede:e939): getpwnam() failed:
Operation not permitted
The error code from getpwnam_r for a non-existent user is 1, which is
now interpreted as an errno (EPERM), it seems.
On the client side I see:
xx NO [UNAVAILABLE] Temporary authentication failure
instead of the
xx NO [AUTHENTICATIONFAILED] Authentication failed.
So it can be seen which usernames are valid.
-Otto
So you're essentially screwed either way depending on which
issue you consider more important. So the only option is to
patch the broken libc with 5.5 if you want it fully working
properly.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
