[Dovecot] [PATCH, RFC] add APOP authentication mechanism
Timo Sirainen
tss at iki.fi
Tue Jul 6 09:25:30 EEST 2004
On 6.7.2004, at 08:28, Andrey Panin wrote:
> Problem found: client->auth_id structure passed to
> auth_client_request_new() isn't
> filled anywhere. Attached patch fixes it, it also fixes dovecot-auth
> crash when
> username is not found in userdb.
>
> Please consider applying.
Thanks. One thing though:
+ safe_memset((void *) credentials, 0, strlen(credentials));
credentials parameter is a pointer given by passdb. It's const because
it's not supposed to be modified as it could be a pointer to permanent
location of the password, as it is with eg. passwd-file. If it's wanted
to be cleared after use, it's passdb's job. The reason why eg.
mech-plain does a safe_memset() is because it does a temporary copy of
the password given by user.
I don't think all passdbs clear the passwords as much as they could,
maybe I'll look one day and try to get them all cleared. Anyway,
there's two reasons why the passwords are cleared:
More importantly, the plaintext passwords (and equilevants) sent by
user should be cleared. The server contains only crypted versions of
the password, so it's better to avoid leaking the plaintext password as
much as possible. So if someone cracks the dovecot-auth, the attacker
don't find lots of plaintext passwords lying around in process memory.
The other reason is just that it's better to avoid storing passwords
into swap if possible. Although we could do better here too by using
mlock(). Probably not worth the trouble.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040706/b8726e18/attachment-0001.bin>
More information about the dovecot
mailing list