On Wed, 2010-08-04 at 11:49 -0500, C. Bensend wrote:
username NUL username NUL password
It's username then password.
What about the NUL characters in the middle? Those are important.
Ummmm... I wrote a quick perl script to decrypt the string and print it out... I'll have to look at how to tell if there are NUL chars in there.
less would show them as ^@ in reverse, or hexdump would work too.
That code is OpenBSD's auth_userokay() call in libc. I don't know if its behavior is correct or not.
Ugh, crap, I meant to include more of the output, I'm sorry. Immediately following the above: ..
Still the important code that appears to fail is in OpenBSD. I don't know what it does or how it does it..
24165 dovecot-auth RET write 1 24165 dovecot-auth CALL sigreturn(0xcfbbfa9c) 24165 dovecot-auth RET sigreturn JUSTRETURN 24165 dovecot-auth CALL close(0xb) 24165 dovecot-auth RET close 0 24165 dovecot-auth CALL wait4(0x5d89,0xcfbbfef4,0,0) 24165 dovecot-auth RET wait4 23945/0x5d89
dovecot-auth code doesn't call wait*(), so up to here it's executing in libc.
24165 dovecot-auth CALL write(0x2,0x80d53468,0x2e) 24165 dovecot-auth GIO fd 2 wrote 46 bytes "\^AIbsdauth(benny,127.0.0.1): password mismatch "
Then the first thing dovecot-auth itself does it just log this error message.
24165 dovecot-auth RET write 46/0x2e 24165 dovecot-auth CALL gettimeofday(0x860dc648,0) 24165 dovecot-auth RET gettimeofday 0 24165 dovecot-auth CALL gettimeofday(0xcfbc0674,0) 24165 dovecot-auth RET gettimeofday 0 24165 dovecot-auth CALL kevent(0x6,0,0,0x8bc58600,0x8,0xcfbc066c) 24165 dovecot-auth RET kevent 1 24165 dovecot-auth CALL gettimeofday(0x3c016f5c,0x3c016f64) 24165 dovecot-auth RET gettimeofday 0 24165 dovecot-auth CALL sigprocmask(0x1,0xffffffff) 24165 dovecot-auth RET sigprocmask 0 24165 dovecot-auth CALL read(0x7,0xcfbc05e8,0x40) 24165 dovecot-auth GIO fd 7 read 1 bytes "\0" 24165 dovecot-auth RET read 1 24165 dovecot-auth CALL sigprocmask(0x3,0) 24165 dovecot-auth RET sigprocmask -65793/0xfffefeff 24165 dovecot-auth CALL wait4(0xffffffff,0xcfbbf5b8,0x1,0) 24165 dovecot-auth RET wait4 -1 errno 10 No child processes 24165 dovecot-auth CALL gettimeofday(0xcfbc0674,0) 24165 dovecot-auth RET gettimeofday 0 24165 dovecot-auth CALL kevent(0x6,0,0,0x8bc58600,0x8,0xcfbc066c) 23502 dovecot RET kevent 1 23502 dovecot CALL gettimeofday(0x3c00bd04,0x3c00bd0c) 23502 dovecot RET gettimeofday 0 23502 dovecot CALL read(0x11,0x86d50901,0x2ff) 23502 dovecot GIO fd 17 read 46 bytes "\^AIbsdauth(benny,127.0.0.1): password mismatch "
Above it's no longer fork()ing, but it still tries to wait for some child process. That's a possible bug I guess.
Gut instinct - do you think this might be a problem with OpenBSD's lib, or Dovecot, or .. ? I think my configuration is OK, I have tried with both the previous version (that was running under the older Dovecot) as well as migrating my settings to the new Dovecot's version of the configuration.
My guess is that OpenBSD's auth code somehow doesn't like running inside dovecot-auth. But the specifics can be tricky to figure out.