[Dovecot] [PATCHES] NetBSD support, authentication buffer size
Hi
Here are a few unintegrated patches, just tested against 2.2rc7:
NetBSD's getmntinfo uses struct statvfs while other BSD use struct statfs http://ftp.espci.fr/shadow/manu/patch-ak
NetBSD 5.x net_getunixcred() support. Build on NetBSD, but not tested (I am testing on NetBSD 6.0): http://ftp.espci.fr/shadow/manu/patch-src_lib_net.c
Increase authentication buffer size so that it can cope with unusual authentication scheme. This patch was integrated in dovecot-1.x but did not make its way in dovecot-2.x http://ftp.espci.fr/shadow/manu/patch-src_lib-master_master-auth.h
-- Emmanuel Dreyfus manu@netbsd.org
On 11.4.2013, at 11.41, Emmanuel Dreyfus <manu@netbsd.org> wrote:
Here are a few unintegrated patches, just tested against 2.2rc7:
NetBSD's getmntinfo uses struct statvfs while other BSD use struct statfs http://ftp.espci.fr/shadow/manu/patch-ak
NetBSD 5.x net_getunixcred() support. Build on NetBSD, but not tested (I am testing on NetBSD 6.0): http://ftp.espci.fr/shadow/manu/patch-src_lib_net.c
OK, I'll add these.
- Increase authentication buffer size so that it can cope with unusual authentication scheme. This patch was integrated in dovecot-1.x but did not make its way in dovecot-2.x http://ftp.espci.fr/shadow/manu/patch-src_lib-master_master-auth.h
By this I think you don't mean special authentication mechanisms, or even AUTHENTICATE PLAIN mechanism, but you mean that someone is using LOGIN command in such a kludgy way that the password field is over 1024 bytes long? I'm not very interested in supporting that, at least without a good reason.
Timo Sirainen <tss@iki.fi> wrote:
By this I think you don't mean special authentication mechanisms, or even AUTHENTICATE PLAIN mechanism, but you mean that someone is using LOGIN command in such a kludgy way that the password field is over 1024 bytes long?
This is for pam_saml. The webmail sends a signed SAML assertion as the password, and the PAM module validates it.
You did support in in 1.x and it did not harm anyone...
-- Emmanuel Dreyfus http://hcpnet.free.fr/pubz manu@netbsd.org
On 11.4.2013, at 14.58, manu@netbsd.org (Emmanuel Dreyfus) wrote:
By this I think you don't mean special authentication mechanisms, or even AUTHENTICATE PLAIN mechanism, but you mean that someone is using LOGIN command in such a kludgy way that the password field is over 1024 bytes long?
This is for pam_saml. The webmail sends a signed SAML assertion as the password, and the PAM module validates it.
The pam_saml could easily be changed to use AUTHENTICATE PLAIN instead.
You did support in in 1.x and it did not harm anyone…
It does make it easier to waste the (pre-login!) process memory usage.
On Thu, Apr 11, 2013 at 02:54:01PM +0300, Timo Sirainen wrote:
This is for pam_saml. The webmail sends a signed SAML assertion as the password, and the PAM module validates it. The pam_saml could easily be changed to use AUTHENTICATE PLAIN instead.
pam_saml is not the component that choose the authentication. The webmail does. Squirrelmail does not support PLAIN.
You did support in in 1.x and it did not harm anyone? It does make it easier to waste the (pre-login!) process memory usage.
Perhaps it could be configurable?
-- Emmanuel Dreyfus manu@netbsd.org
On Thu, Apr 11, 2013 at 12:57:45PM +0000, Emmanuel Dreyfus wrote:
Perhaps [MASTER_AUTH_MAX_DATA_SIZE] could be configurable?
I tried to add a configuration option for that, but dovecot design makes a good job at separating master and login structures, hence The Right Way is not obvious. Anu suggestion?
-- Emmanuel Dreyfus manu@netbsd.org
On Thu, 2013-04-11 at 15:41 +0000, Emmanuel Dreyfus wrote:
On Thu, Apr 11, 2013 at 12:57:45PM +0000, Emmanuel Dreyfus wrote:
Perhaps [MASTER_AUTH_MAX_DATA_SIZE] could be configurable?
I tried to add a configuration option for that, but dovecot design makes a good job at separating master and login structures, hence The Right Way is not obvious. Anu suggestion?
I don't want to add configuration options that are going to be used by only a couple of people. Squirrelmail already must have special support for pam_saml to work, I suggest changing Squirrelmail to use AUTHENTICATE PLAIN.
participants (3)
-
Emmanuel Dreyfus
-
manu@netbsd.org
-
Timo Sirainen