Hi,
gosh. This bug is so old. It has already a St. Claus beard.
http://www.fehcom.de/qmail/smtpauth.html
Check out any of my Auth patches and go thru the README.
regards.
--eh.
At 21:13 12.12.2006 -0500, John Simpson wrote:
>i'm trying to track down what appears to be a bug in my combined patch.
>
>i've added some code which uses the strerr_warn*() functions to log
>the results of each AUTH command. i've been able to do this in other
>parts of qmail-smtpd.c without any problems, but what i'm seeing is
>if qmail-smtpd calls an external checkpassword program to verify the
>credentials, the messages which should be sent to the log, are
>instead being sent to the SMTP client- which breaks the SMTP protocol
>and causes all kinds of strange results, depending on the client.
>
>i've tracked it down to this line, which my patch inherited from a
>combined AUTH+TLS patch file called "qmail-1.03-starttls-smtp-
>auth.patch"...
>
> if (fd_copy(2,1) == -1) return err_pipe();
>
>which does exactly what i've described- closes the stderr (i.e.
>output to the log) handle and copies the stdout (i.e. output to the
>client) handle into its place, so from that point forward anything
>which should go to the log, is sent to the client instead.
>
>i've tried commenting this line out and everything seems to work as
>expected. my question is, WHY was this line added in the first place?
>
>i downloaded the patch file itself from qmail.org, but the qmail.org
>server seems to be having issues at the moment. however, the fd_copy
>() line is there in krzysztof dabrowski's qmail-smtpd-auth-0.31
>patch, from which the combined patch file claims to be derived... so
>i don't know if this line was added by krzysztof, or eric johnston
>before him, or by "mrs. brisby" (who i guess wrote the original AUTH
>patch.)
>
>for reference, the combined patch file i used is available on my web
>site (direct link, not listed on any pages)...
>
> http://qmail.jms1.net/patches/qmail-1.03-starttls-smtp-auth.patch
>
>and of course the combined patch is available on my site as well.
>this problem is affecting versions 6c6 through 6c9- earlier versions
>didn't have any log messages after the AUTH command so even though
>the fd_copy() has been run, it doesn't affect anything.
>
>can somebody who's familiar with the AUTH code tell me why, or if,
>that line needs to be there? and if so, what function does it serve?
>
>the only thing i can think of is that maybe somebody had the idea
>that if the checkpassword program printed some kind of error message,
>that it would be nice to send that error to the client instead of to
>the log? that's the only reason i can think of for this line to be in
>there.
>
>and if it doesn't belong there, how many other derivatives of this
>patch are out there, which don't need this line?
>
>--------------------------------------------------
>| John M. Simpson - KG4ZOW - Programmer At Large |
>| http://www.jms1.net/ <jms1@jms1.net> |
>--------------------------------------------------
>| Mac OS X proves that it's easier to make UNIX |
>| pretty than it is to make Windows secure. |
>--------------------------------------------------
>
>
>
>Attachment Converted: "G:\Eudora\Attach\PGP136.sig"
>
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de/
Wiener Weg 8, 50858 Cologne | T: +49 221 484 4923 | F: ...24
|