[Dovecot] Ignored proxy_maybe var and no local login when "host = Proxy FQDN"

Olaf Reitmaier Veracierta olafrv at gmail.com
Sat Mar 26 00:26:57 EET 2011 

Hi help is preciated,

PROBLEM

The dovecot-ldap.conf of "proxy server A" is working when the "host"
attribute is the FQDN of other server:

pass_attrs = uid=user,userPassword={SSHA}password,\
    =proxy_maybe=,maildrop=host,=port=143,=destuser=%u,=starttls=any-cert
pass_filter = (&(objectClass=posixAccount)(uid=%u))

CASES

When the "host" attribute is the "FQDN of server A" dovecot imap-login start
and infinite loop which swallow all RAM, and process are showing many
connections although is just 1 test user connected. It seems that
connections are infinitely proxified to it self.

When the "host" attribute is the "IP of server A" dovecot imap-login works
OK, login the user locally in the server A.

I include debug message int the source of
"dovecot-2.0.11/src/auth/auth-request.c" which appears:

Mar 25 14:10:49 debian dovecot: auth: Debug: ldap(steran,172.26.98.85):
result: uid(user)=steran maildrop(host)=smtp2.tsj-dem.gob.ve
Mar 25 14:10:49 debian dovecot: auth: Debug: BROKEN SETUP

The modifications appears here and reveals problems with the call to
net_addr2ip(host, &ip) in auth_request_proxy_is_self:

static bool auth_request_proxy_is_self(struct auth_request *request)
{
        const char *const *tmp, *host = NULL, *port = NULL, *destuser =
NULL;
        struct ip_addr ip;

        tmp = auth_stream_split(request->extra_fields);
        for (; *tmp != NULL; tmp++) {
                if (strncmp(*tmp, "host=", 5) == 0)
                        host = *tmp + 5;
                else if (strncmp(*tmp, "port=", 5) == 0)
                        port = *tmp + 5;
                if (strncmp(*tmp, "destuser=", 9) == 0)
                        destuser = *tmp + 9;
        }

        if (host == NULL || net_addr2ip(host, &ip) < 0) {
                /* broken setup */
                T_BEGIN {
                   i_debug("BROKEN SETUP %s", host);
                } T_END;
                return FALSE;
        }
        if (!net_ip_compare(&ip, &request->local_ip)){
                T_BEGIN {
                        i_debug("%s", "IPS NOT EQUAL");
                }T_END;
                return FALSE;
        }

        if (port != NULL && !str_uint_equals(port, request->local_port)){
                T_BEGIN {
                   i_debug("%s", "PORTS DIFFERENT");
                } T_END;
                return FALSE;
        }
        return destuser == NULL ||
                strcmp(destuser, request->original_username) == 0;
}


-- 
   "You don't know where your shadow will fall",
        Somebody.-
----------------------------------------------------------------
  Olaf Reitmaier Veracierta <olafrv at gmail.com>
----------------------------------------------------------------
            http://www.olafrv.com
----------------------------------------------------------------

More information about the dovecot mailing list