dovecot - Dec 2016 - SAML | Input buffer full (no auth attempts in 0 secs)

Hi,

In my journey to enable SAML auth for our webmail (sogo.nu) I have
created a password-less dovecot imap listener on 127.0.0.1/32, so that
once a user is SAML authenticated for the SOGo webmail, SOGo can connect 
to dovecot on 127.0.0.1:143 with something like "01 LOGIN username 
randompassword".

Watching this (tcpflow) as it happens,i can see the following auth 
attempt coming from sogo:
> 1 login "username"
"eF7VVm1vmzAQ/iuI77wY8kJQEy1t2inSukpJVU37UhlzJN7AjmyzZPv1Owfgkdjfkgkfldlkfjg9jQNMvaNZMm7RvifC/Pc/ecfaFpkcdTrUEZLoW1K3Kh4+rn2C6ViCXVXMeCFqBjw+Ll9PZDHLh+TFsPu3ERmozttTGb2PO22627DV2pVl7g+8T7dPthydZQUIcLbahgYFsPoDQmHNsYzbbms7E9nz32B8kIEuY7oxFETi8bpE6U9MAZjiiLUiABzdB1rnUJ8zqSQX+fDBwSOH54T6I49GPiu2Q4+GxPLmps9Wk1qUrTWBtP3QIUN24pShfS0qOlWXsKaF5or7ZceId++yDLMvkCzDQhPyId85l1I1VBsYLf8URcUjPHUyerj8al0BtgPOOQ2pM1lBsuvjbp9jGbBE26KykyXjlWnbkFs5bpy11hRZwAVaBa8CcCzaih1kdp7sSdmmYG1C8U9mM/2lNoLbDaDYeK55ZALVcyPOJwefde1qwFjuYrIYWzkdpgp8QC9EYKDfdybD/eDC9JQAbX08tr0huSYBDOZv3+VUD6/evQJ4HtTRo2TtR9ZGqYQopSXvGjK0yXgETDiZnoAL0InHTAm+jTMkXwDBCFUZxVeY4s9VzhWL3CSgGGpkh8A6+N22I6mWc/hk8Au8xmLZaGGiiwL9YUx1e8LgZrCbrS21yksBvbgzDssWGUOQFLe04vooDwoscmtAwGpIBBEHYzlCdAcswsGsFcPjrKsddsIBs8uK6YDGrzuEWOdBAx8ZTgi7aCdsTW4cMtLQY7FBSGuioOTZYlcRQPzy16X5FuvOYxaSbgTsOK2daNwKNL8+z4edokyJkthqoMdaW05DzQvwcLtGJvvGzy+w+"
Note, the actual 'password' is even longer.

This connection attempt is causing dovecot to throw the
following error:

 > Dec 02 22:34:33 imap-login: Info: Disconnected: Input buffer full (no
 > auth attempts in 0 secs): user=<>, rip=x.y.z.32, lip=x.y.z.68,
 > session=<d+o3tLNCaOvAV48g>
and
> BYE Input buffer full, aborting
So this doesn't work. :-(

The question: is there a way to make this work? (make the input buffer 
larger, for example..?)

Or any other ideas to make this work?

Thanks in advance,

MJ

On 3 Dec 2016, at 20.47, mj <lists at merit.unu.edu>
wrote:
> 
> Hi,
> 
> In my journey to enable SAML auth for our webmail (sogo.nu) I have
> created a password-less dovecot imap listener on 127.0.0.1/32, so that
> once a user is SAML authenticated for the SOGo webmail, SOGo can connect to
dovecot on 127.0.0.1:143 with something like "01 LOGIN username
randompassword".
> 
> Watching this (tcpflow) as it happens,i can see the following auth attempt
coming from sogo:
..
> > Dec 02 22:34:33 imap-login: Info: Disconnected: Input buffer full (no
> > auth attempts in 0 secs): user=<>, rip=x.y.z.32, lip=x.y.z.68,
> > session=<d+o3tLNCaOvAV48g>
If SOGo used AUTHENTICATE PLAIN instead of LOGIN, it should work. The SASL
authentication buffer is larger (8 kB) than regular commands' buffer (~1
kB).
> The question: is there a way to make this work? (make the input buffer
larger, for example..?)
You could also increase this:

src/lib-master/master-auth.h:#define MASTER_AUTH_MAX_DATA_SIZE (1024 + 128 + 64
+ 2)

On 12/03/2016 08:04 PM, Timo Sirainen wrote:
>
> If SOGo used AUTHENTICATE PLAIN instead of LOGIN, it should work. The
> SASL authentication buffer is larger (8 kB) than regular commands'
> buffer (~1 kB).
Thanks Timo, that worked! :-)

MJ