[Dovecot] [PATCH] Fix on Cyrus SASL support for Rel 0.99.11
Code which supports cyrus SASL library (src/auth/mech-cyrus-sasl2.c) is broken. Following is the workaround patch for Dovecot Rel 0.99.11, and it worked fine on FreeBSD 4.10 BOX. It will not work with current development version. Application for that version might not be so difficult. Recently I found the CVS log which appeals that cyrus SASL support is discontinued. It's very sad. Regards Nobuaki ITO : banb@j-link.ne.jp --- src/auth/mech-cyrus-sasl2.c.orig Wed Jun 25 08:26:43 2003 +++ src/auth/mech-cyrus-sasl2.c Tue Oct 19 21:07:03 2004 @@ -39,6 +39,7 @@ struct auth_login_reply reply; const char *serverout; unsigned int serveroutlen; + const char *authenid, *default_realm; int ret; ret = sasl_server_step(cyrus_request->conn, data, request->data_size, @@ -55,6 +56,12 @@ reply.result = AUTH_LOGIN_RESULT_SUCCESS; cyrus_request->success = TRUE; + ret = sasl_getprop(cyrus_request->conn, SASL_USERNAME, (const void **) &authenid); + if (ret != SASL_OK || ! authenid) { + i_warning("sasl_getprop() failed: %s", sasl_errstring(ret, NULL, NULL)); + return FALSE; + } + serverout = mech_auth_success(&reply, auth_request, serverout, serveroutlen); } else { @@ -200,6 +217,8 @@ cyrus_sasl_auth_continue; cyrus_request->auth_request.auth_free = cyrus_sasl_auth_free; + + cyrus_request->conn = sasl_conn; reply.result = AUTH_LOGIN_RESULT_CONTINUE;
On 20.10.2004, at 03:29, ITO Nobuaki wrote:
Recently I found the CVS log which appeals that cyrus SASL support is discontinued. It's very sad.
What reasons are there for keeping Cyrus SASL support? Personally I'd like to get it replaced with dovecot-auth for my Postfix installations.
Berkeley DB support is one which isn't yet supported by Dovecot. And I should look again into applying the Kerberos 5 support patch. No-one probably cares about Kerberos 4 anymore. Are there others?
Timo Sirainen wrote:
On 20.10.2004, at 03:29, ITO Nobuaki wrote:
Recently I found the CVS log which appeals that cyrus SASL support is discontinued. It's very sad.
What reasons are there for keeping Cyrus SASL support? Personally I'd like to get it replaced with dovecot-auth for my Postfix installations.
Well, I just had to install a combination that supports SASL because I'm using sendmail with SMTP AUTH, and I don't know anything about installing LDAP (and failed trying, this time around) and I'm under time constraints in order to migrate our office away from Exchange to our new mail server.
So, my requirements are that sendmail and the IMAP/POP processes share the same password database, that it have support for secure/encrypted password, that the users can change their password through an easy-to-use GUI.
I was able to achieve this with sendmail, cyrus-imap, squirrelmail & a change_sasl_password plugin to squirrelmail.
cyrus-imap is a royal pain to deal with if you're used to using something as easy to install/configure as dovecot. I would have rather used dovecot. with the release of the patch for 0.9.11, i might give it a try, but I was really hoping 1.0 would have been released or much closer to release so that I could use some of its features in production.
anyways, that's my opinion.
alan
participants (3)
-
alan premselaar
-
ITO Nobuaki
-
Timo Sirainen