FS#59873 - [libsasl] Authentication failure with gdbm-1.17-1
Attached to Project:
Arch Linux
Opened by Gerhard Bogner (slashME) - Thursday, 30 August 2018, 11:40 GMT
Last edited by Jan de Groot (JGC) - Sunday, 03 February 2019, 15:42 GMT
Opened by Gerhard Bogner (slashME) - Thursday, 30 August 2018, 11:40 GMT
Last edited by Jan de Groot (JGC) - Sunday, 03 February 2019, 15:42 GMT
|
Details
Postfix fails to authenticate using sasl (-o
smtpd_sasl_auth_enable=yes) with gdbm-1.17-1. It resumes
working when downgrading to gdbm-1.16-1.
|
This task depends upon
Closed by Jan de Groot (JGC)
Sunday, 03 February 2019, 15:42 GMT
Reason for closing: Fixed
Additional comments about closing: Patch added to 2.1.27
Sunday, 03 February 2019, 15:42 GMT
Reason for closing: Fixed
Additional comments about closing: Patch added to 2.1.27
...
Aug 30 14:03:06 postfix/submission/smtpd[4274]: connect from XXX.wireless.dyn.drei.com[XXX]
Aug 30 14:03:07 postfix/submission/smtpd[4274]: warning: SASL authentication failure: Couldn't fetch entry from /etc/sasldb2: gdbm_errno=0
Aug 30 14:03:07 postfix/submission/smtpd[4274]: warning: SASL authentication failure: Password verification failed
Aug 30 14:03:07 postfix/submission/smtpd[4274]: warning: XXX.wireless.dyn.drei.com[XXX]: SASL PLAIN authentication failed: generic failure
...
libsasl does:
gvalue = gdbm_fetch(db, gkey);
gdbm_close(db);
if (! gvalue.dptr) {
if (gdbm_errno == GDBM_ITEM_NOT_FOUND) {
...
Problem with this is that gdbm_errno is always 0, meaning that libsasl will always report error instead of "user not found".
I guess that other distros mainly use BerkeleyDB and not DBM, which is why this bug wasn't found/fixed before.
The hunk about the more extensive error message can be skipped, of course (but please keep the replacement of gdbm_errno with fetch_errno).
The patch for the PKGBUILD is attached, the fix for the changed errno behavior is in the previous comment.