[Dovecot] Small LOGIN_MAX_INBUF_SIZE for GSSAPI with samba4 (AD)

Tue, 03 Jan 2012 02:27:05 -0800 

Hello,

  I faced the problem with samba (AD) + mutt (gssapi) + dovecot (imap). From 
dovecot log:

Jan  2 17:58:42 server dovecot: imap-login: Disconnected: Input buffer full (no 
auth attempts): rip=192.167.14.16, lip=192.167.14.16, secured

My situation:
CentOS 6.2
IMAP: dovecot --version: 2.0.9 (CentOS 6.2)
MUA: mutt 1.5.20 (CentOS 6.2)
Kerberos: samba4 4.0.0alpha17 as AD PDC

$ klist -e
Ticket cache: FILE:/tmp/krb5cc_1002_Mmg2Rc
Default principal: luf@TEST

Valid starting     Expires            Service principal
01/02/12 15:56:16  01/03/12 01:56:16  krbtgt/TEST@TEST
        renew until 01/03/12 01:56:16, Etype (skey, tkt): arcfour-hmac, 
arcfour-hmac 
01/02/12 16:33:19  01/03/12 01:56:16  imap/server.test@TEST
        Etype (skey, tkt): arcfour-hmac, arcfour-hmac

I fixed this problem with enlarging LOGIN_MAX_INBUF_SIZE. I also red about 
wrong lower/uppercase
but it's not definitely my problem (I tried all possibilities of lower/uppercas 
in login).

I sniffed the plain communication and the "a0000 AUTHENTICATE GSSAPI" line has 
around 1873 chars.
When I enlarged the LOGIN_MAX_INBUF_SIZE to 2048 the problem disappeared and 
I'm now able to login
to dovecot using gssapi in mutt client.

I use also thunderbird (on windows with sspi) and it works ok with 
LOGIN_MAX_INBUF_SIZE = 1024.

Does anybody have any idea why it's so large or how to fix it another way? It's 
terrible to
patch each version of dovecot rpm package. Or is there any possibility to 
change constant?
I have no idea how much this should affect memory usage.

The simple patch I have to use is attached.

Please cc: to me (luf at pzkagis dot cz) as I'm not member of the this list.

Best regards,

Ludek Finstrle

diff -cr dovecot-2.0.9.orig/src/login-common/client-common.h 
dovecot-2.0.9/src/login-common/client-common.h
*** dovecot-2.0.9.orig/src/login-common/client-common.h 2012-01-02 
18:09:53.371909782 +0100
--- dovecot-2.0.9/src/login-common/client-common.h      2012-01-02 
18:30:58.057787619 +0100
***************
*** 10,16 ****
     IMAP: Max. length of a single parameter
     POP3: Max. length of a command line (spec says 512 would be enough)
  */
! #define LOGIN_MAX_INBUF_SIZE 1024
  /* max. size of output buffer. if it gets full, the client is disconnected.
     SASL authentication gives the largest output. */
  #define LOGIN_MAX_OUTBUF_SIZE 4096
--- 10,16 ----
     IMAP: Max. length of a single parameter
     POP3: Max. length of a command line (spec says 512 would be enough)
  */
! #define LOGIN_MAX_INBUF_SIZE 2048
  /* max. size of output buffer. if it gets full, the client is disconnected.
     SASL authentication gives the largest output. */
  #define LOGIN_MAX_OUTBUF_SIZE 4096

Reply via email to