Thanks! That is indeed the matter :) Since DJB clearly defined the checkpassword interface at http://cr.yp.to/checkpwd/interface.html ("If the password is unacceptable, checkpassword exits 1. If checkpassword is misused, it may instead exit 2. If there is a temporary problem checking the password, checkpassword exits 111."), I believe that we really should be fixing the broken checkpassword clones and not the innocent, perhaps na�ve Binc server (although a default like yours in that switch statement logging a warning would've been nice). I simply edited the exit code in vchkpw.c (I'm using vpopmail), and now it's working really well.
Thanks for the input! That made my day! :) Anders -----Original Message----- From: Jason Parsons [mailto:[EMAIL PROTECTED] Sent: Monday, January 05, 2004 04:31 To: Anders la Cour Bentzon Cc: [EMAIL PROTECTED] Subject: Re: [binc] Connection dropped after unsuccessful LOGIN > My Binc IMAP server is running like a charm -- almost. It seems to be > working perfectly fine, however, if one issues a LOGIN command with a > bad user name or password, Binc simply drops the connection. The problem seems to be that Binc::authenticate doesn't trap all of the possible return codes from the checkpassword stub. Specifically, only return codes 0, 1, 2, 111, and 113 are caught. Any other return falls back through with a return 0, which isn't handled. My checkpassword implementation (auth_pop from qmail-ldap), for example, returns 3 on a failed auth. Perhaps yours does something similar. The below patch works for me. Not sure if this is the right thing to do or not, but seems to do the trick. - Jason Parsons --- bincimap-1.2.3/src/authenticate.cc 2003-09-13 14:54:15.000000000 -0400 +++ bincimap-1.2.3-jp/src/authenticate.cc 2004-01-04 21:30:16.802149000 -0 500 @@ -400,6 +400,7 @@ switch (WEXITSTATUS(result)) { case 0: break; case 1: + case 3: // authentication failed - sleep logger << "Authentication failed for <" << username << ">, wrong userid or password" << endl; @@ -411,6 +412,7 @@ return 3; case 111: case 2: + default: // internal error logger << (authenticated ? "Authenticator " : "Server ") << "broke for <" << username << ">, " @@ -418,8 +420,6 @@ << " returned " << WEXITSTATUS(result) << " (internal error)" << endl; return -1; - default: - break; } return 0; -- Saffron Solutions, LLC <http://www.saffron.net> System, Network, and Security Consulting E-Commerce, Web Site, and E-Mail Hosting
