[Dovecot] Patch for Dovecot 1.0.1 to support cross realm GSSAPI authentication

Timo Sirainen tss at iki.fi
Mon Jul 2 20:10:33 EEST 2007


On Mon, 2007-07-02 at 18:08 +0200, Peter Eriksson wrote:
> 
> +                               AC_CHECK_LIB(gss, __gss_userok, [
> +                                       AC_DEFINE(HAVE___GSS_USEROK,,
> +                                               Define if you have __gss_userok())
> +                               ]) 

Instead of changing $LIBS, I think you can use:

AC_CHECK_LIB(gss, __gss_userok, [ ...
],, `krb5-config --libs gssapi`)

> +#if 0 /* Added 070702 Peter Eriksson <peter at ifm.liu.se> - ref cyrus-sasl Solaris 8/9 has problems with NO_OID */
> +                                      GSS_C_NT_USER_NAME,
> +#else
>                                        GSS_C_NO_OID,
> +#endif

Is this a common problem? Should it be a setting? Although with your
change this code is never even executed, right?

> +       name = p_strndup(request->auth_request.pool,
> +                        (unsigned char *)outbuf.value + 4,
> +                        outbuf.length - 4);
> +
> +       if (!name) {
> +               auth_request_log_error(&request->auth_request,
> "gssapi",
> +                                      "Invalid response size");
> +               auth_request_fail(&request->auth_request);
> +               return;
> +       }           

name is never NULL.

> +               free(name);

And you shouldn't free() it either.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070702/a19e4f07/attachment.bin 


More information about the dovecot mailing list