Re: [Exim] [PATCH] passwd lookup method

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Colm MacCarthaigh
CC: exim-users, colmmacc
Subject: Re: [Exim] [PATCH] passwd lookup method
On Thu, 1 Aug 2002, Colm MacCarthaigh wrote:

> I didnt really want the overhead of
> check_local_user (at this stage, we do need it later) or an lsearch
> on /etc/passwd either, since the mail was just about to be fired off
> to amavis pretty much none of what it does matters to me.


Hmm. I think I must be missing something here. You say you don't want
that overhead, and yet you've gone and implemented a lookup that does

if ((p = getpwnam(username)) != NULL)

That is *exactly* what check_local_user does. (And it caches the result
so that it doesn't repeat the lookup later.) Also, depending on your
operating system, getpwnam() may indeed do a linear search of
/etc/passwd.

So, what have I missed?

> So instead I've added a lookup method "passwd",


Full marks for figuring out how to add a lookup. The code looks
absolutely fine.

> amavis:
> driver = manualroute
> condition = "${if eq {$interface_port}{10025} {0}{1}}"
> # if scanning incoming mails, uncomment the following line and
> # change local_domains accordingly
> local_parts = dbm;/etc/aliases.db : passwd;$local_part
> domains = +local_domains
> transport = amavis
> route_list = * localhost
> self = send


Ah. I think I see why you've done that. You want to be able to say "if a
local user OR one of these users", and you can't do that with
check_local_user. You would have to use two separate routers.

OK, this seems reasonable, but I think two changes should be made:

    1. Why force lower casing? Exim will lowercase $local_part anyway,
    unless you have set caseful_local_part, and even then you could
    force it with ${lc.


    2. There's a function called route_finduser() that does getpwnam()
    lookup in a slightly more sophisticated way, including caching the
    result of the last lookup. From its heading comment: "Try several times
    (if configured) to find a local user, in case delays in NIS or NFS
    whatever cause an incorrect refusal. It's a pity that getpwnam()
    doesn't have some kind of indication as to why it has failed."


    3. Why return the user name? Surely it would be more useful (in
    general) to return the password data as a sequence of name=value
    fields? In your usage above, it wouldn't make any difference.


I'll put this on the Wish List.

Philip

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.