Hi
38 month ago, I submitted a patch to increase
AUTH_WORKER_MAX_LINE_LENGTH to use exotic authentication scheme (see
message below). The patch was accepted, but now I upgrade to dovecot
2.1.7, I face the same problem with MASTER_AUTH_MAX_DATA_SIZE. I had to
increase it from 1024 to 4096.
Is it safe to do so? Would such a change be accepted upstream? The patch
is below.
(please Cc: me, I'm not subscribed ot the list)
--- src/lib-master/master-auth.h.orig
+++ src/lib-master/master-auth.h
@@ -13,9 +13,9 @@
/* Authentication client process's cookie size */
#define MASTER_AUTH_COOKIE_SIZE (128/8)
/* LOGIN_MAX_INBUF_SIZE should be based on this.*/
-#define MASTER_AUTH_MAX_DATA_SIZE 1024
+#define MASTER_AUTH_MAX_DATA_SIZE 4096
#define MASTER_AUTH_ERRMSG_INTERNAL_FAILURE \
"Internal error occurred. Refer to server log for more
information."
Emmanuel Dreyfus
Hello
I have been playing with some exotic authentication scheme with Dovecot and PAM. That involves sending really large base64 encoded data as the IMAP password, and I have hit a line limit in Dovecot, with AUTH_WORKER_MAX_LINE_LENGTH set to 1024.
This limit is especially frustrating since other parts of the software use much larger limits: MAX_INBUF_SIZE 4096 MAX_IMAP_LINE 8192 AUTH_CLIENT_MAX_LINE_LENGTH 8192
I had to make the patch attached below to get my authentication working. I can live with this local patch, but given the much more liberal limits of MAX_INBUF_SIZE at 4096 makes we wonder if this 1024 limit on AUTH_WORKER_MAX_LINE_LENGTH could not be a bug. Or is there a security concern at using more than 1kB?
Opinions? (please Cc: me, I'm not subscribed ot the list)
--- src/auth/auth-worker-client.h.orig 2009-06-23 18:32:15.000000000 +0200 +++ src/auth/auth-worker-client.h 2009-06-23 18:32:33.000000000 +0200 @@ -1,8 +1,8 @@ #ifndef AUTH_WORKER_CLIENT_H #define AUTH_WORKER_CLIENT_H
-#define AUTH_WORKER_MAX_LINE_LENGTH 1024 +#define AUTH_WORKER_MAX_LINE_LENGTH 4096
struct auth_worker_client *auth_worker_client_create(struct auth *auth, int fd); void auth_worker_client_destroy(struct auth_worker_client **client); void auth_worker_client_unref(struct auth_worker_client **client);
-- Emmanuel Dreyfus http://hcpnet.free.fr/pubz manu@netbsd.org