Bug 138300 - [PATCH] mail/dovecot 1.2.4 breaks GSSAPI Authentication
Summary: [PATCH] mail/dovecot 1.2.4 breaks GSSAPI Authentication
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Wesley Shields
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-29 08:50 UTC by John Marshall
Modified: 2009-09-03 14:50 UTC (History)
0 users

See Also:

Attachments
dovecot_1-2-4_gssapi_patch.diff (664 bytes, patch)
2009-08-29 08:50 UTC, John Marshall 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Marshall 2009-08-29 08:50:01 UTC 
Dovecot 1.2.4 introduced some checking for NUL characters in usernames.
The test was picking up the NUL string-terminator on the user principal
name returned by GSSAPI and forcing authentication failure.  The Dovecot
author has provided a patch which I have incorporated into the
mail/dovecot port.

http://hg.dovecot.org/dovecot-1.2/rev/a37fa30b0072 

I have not incremented PORTREVISION because this will only affect sites
which use GSSAPI authentication.

This was discussed on the Dovecot mailing list:

http://dovecot.org/pipermail/dovecot/2009-August/042468.html

How-To-Repeat: 
 - Attempt to authenticate to Dovecot 1.2.4 via GSSAPI
 - auth_debug log shows:
    auth(default): gssapi(john@EXAMPLE.COM,192.0.2.168): authz_name has NULs
    auth(default): client out: FAIL 1 user=john@EXAMPLE.COM
 - Mail client reports login failure
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2009-08-29 08:50:09 UTC 
Maintainer of mail/dovecot,

Please note that PR ports/138300 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/138300

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2009-08-29 08:50:11 UTC 
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 3 Wesley Shields freebsd_committer freebsd_triage 2009-08-29 19:02:22 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->wxs

I'll take it.
Comment 4 dfilter service freebsd_committer freebsd_triage 2009-09-03 14:42:17 UTC 
wxs         2009-09-03 13:42:09 UTC

  FreeBSD ports repository

  Modified files:
    mail/dovecot         Makefile 
  Added files:
    mail/dovecot/files   patch-src-auth-mech-gssapi.c 
  Log:
  - Fix a bug where GSSAPI authentication was always failing. [1]
  - Flip MANAGESIEVE option to on (this makes the mail/managesieve package
    useful). [2]
  
  PR:             [1]: ports/138300
                  [2]: ports@ list
  Submitted by:   John Marshall <john.marshall@riverwillow.com.au>
  Approved by:    Yarema <yds@CoolRat.org> (maintainer)
  
  Revision  Changes    Path
  1.110     +2 -1      ports/mail/dovecot/Makefile
  1.1       +13 -0     ports/mail/dovecot/files/patch-src-auth-mech-gssapi.c (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 5 Wesley Shields freebsd_committer freebsd_triage 2009-09-03 14:44:26 UTC 
State Changed
From-To: feedback->closed

Committed. Thanks!