i'm trying to track down what appears to be a bug in my combined patch.
i've added some code which uses the strerr_warn*() functions to log
the results of each AUTH command. i've been able to do this in other
parts of qmail-smtpd.c without any problems, but what i'm seeing is
if qmail-smtpd calls an external checkpassword program to verify the
credentials, the messages which should be sent to the log, are
instead being sent to the SMTP client- which breaks the SMTP protocol
and causes all kinds of strange results, depending on the client.
i've tracked it down to this line, which my patch inherited from a
combined AUTH+TLS patch file called "qmail-1.03-starttls-smtp-
auth.patch"...
if (fd_copy(2,1) == -1) return err_pipe();
which does exactly what i've described- closes the stderr (i.e.
output to the log) handle and copies the stdout (i.e. output to the
client) handle into its place, so from that point forward anything
which should go to the log, is sent to the client instead.
i've tried commenting this line out and everything seems to work as
expected. my question is, WHY was this line added in the first place?
i downloaded the patch file itself from qmail.org, but the qmail.org
server seems to be having issues at the moment. however, the fd_copy
() line is there in krzysztof dabrowski's qmail-smtpd-auth-0.31
patch, from which the combined patch file claims to be derived... so
i don't know if this line was added by krzysztof, or eric johnston
before him, or by "mrs. brisby" (who i guess wrote the original AUTH
patch.)
for reference, the combined patch file i used is available on my web
site (direct link, not listed on any pages)...
http://qmail.jms1.net/patches/qmail-1.03-starttls-smtp-auth.patch
and of course the combined patch is available on my site as well.
this problem is affecting versions 6c6 through 6c9- earlier versions
didn't have any log messages after the AUTH command so even though
the fd_copy() has been run, it doesn't affect anything.
can somebody who's familiar with the AUTH code tell me why, or if,
that line needs to be there? and if so, what function does it serve?
the only thing i can think of is that maybe somebody had the idea
that if the checkpassword program printed some kind of error message,
that it would be nice to send that error to the client instead of to
the log? that's the only reason i can think of for this line to be in
there.
and if it doesn't belong there, how many other derivatives of this
patch are out there, which don't need this line?
--------------------------------------------------
| John M. Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/ <jms1@jms1.net> |
--------------------------------------------------
| Mac OS X proves that it's easier to make UNIX |
| pretty than it is to make Windows secure. |
--------------------------------------------------
PGP.sig
Description: This is a digitally signed message part
|