[exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim…

Página Inicial
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
Para: exim-cvs
Assunto: [exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim/exim-src/src deliver.c exim/exim-test-orig/AutoTest/confs 605 exim/exim-test-orig/AutoTest/log 605 exim/exim-test-orig/AutoTest/mail 605.
ph10 2005/03/22 14:50:10 GMT

  Modified files:
    exim-doc/doc-txt     ChangeLog 
    exim-src/src         deliver.c 
    exim-test-orig/AutoTest/stderr 458 
  Added files:
    exim-test-orig/AutoTest/confs 605 
    exim-test-orig/AutoTest/log 605 
    exim-test-orig/AutoTest/mail 605.ph10 
    exim-test-orig/AutoTest/scripts 605 
  Log:
  Attempt to flatten LDAP passwords in address' error messages (after
  expansion failure) so they don't get published.


  Revision  Changes    Path
  1.95      +5 -0      exim/exim-doc/doc-txt/ChangeLog
  1.9       +20 -2     exim/exim-src/src/deliver.c
  1.1       +39 -0     exim/exim-test-orig/AutoTest/confs/605 (new)
  1.1       +7 -0      exim/exim-test-orig/AutoTest/log/605 (new)
  1.1       +32 -0     exim/exim-test-orig/AutoTest/mail/605.ph10 (new)
  1.1       +3 -0      exim/exim-test-orig/AutoTest/scripts/605 (new)
  1.3       +1 -1      exim/exim-test-orig/AutoTest/stderr/458


  Index: ChangeLog
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
  retrieving revision 1.94
  retrieving revision 1.95
  diff -u -r1.94 -r1.95
  --- ChangeLog    22 Mar 2005 14:11:54 -0000    1.94
  +++ ChangeLog    22 Mar 2005 14:50:10 -0000    1.95
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.94 2005/03/22 14:11:54 ph10 Exp $
  +$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.95 2005/03/22 14:50:10 ph10 Exp $


Change log file for Exim from version 4.21
-------------------------------------------
@@ -60,6 +60,11 @@

   PH/09 Previously, an attempt to use ${perl when it wasn't compiled gave an
         "unknown" error; now it says that the functionality isn't in the binary.
  +
  +PH/10 Added a nasty fudge to try to recognize and flatten LDAP passwords in
  +      an address' error message when a string expansion fails (syntax or
  +      whatever). Otherwise not only does the password appear in the log, it may
  +      also be put in a bounce message.



A note about Exim versions 4.44 and 4.50

  Index: deliver.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/deliver.c,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- deliver.c    15 Mar 2005 12:27:54 -0000    1.8
  +++ deliver.c    22 Mar 2005 14:50:10 -0000    1.9
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/deliver.c,v 1.8 2005/03/15 12:27:54 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/deliver.c,v 1.9 2005/03/22 14:50:10 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -729,9 +729,27 @@


   /* If there's an error message set, ensure that it contains only printing
   characters - it should, but occasionally things slip in and this at least
  -stops the log format from getting wrecked. */
  -
  -if (addr->message != NULL) addr->message = string_printing(addr->message);
  +stops the log format from getting wrecked. We also scan the message for an LDAP
  +expansion item that has a password setting, and flatten the password. This is a
  +fudge, but I don't know a cleaner way of doing this. (If the item is badly
  +malformed, it won't ever have gone near LDAP.) */
  +
  +if (addr->message != NULL)
  +  {
  +  addr->message = string_printing(addr->message);
  +  if (Ustrstr(addr->message, "failed to expand") != NULL &&
  +      (Ustrstr(addr->message, "ldap:") != NULL ||
  +       Ustrstr(addr->message, "ldapdn:") != NULL ||
  +       Ustrstr(addr->message, "ldapm:") != NULL))
  +    {
  +    uschar *p = Ustrstr(addr->message, "pass=");
  +    if (p != NULL)
  +      {
  +      p += 5;
  +      while (*p != 0 && !isspace(*p)) *p++ = 'x';
  +      }
  +    }
  +  }


/* If we used a transport that has one of the "return_output" options set, and
if it did in fact generate some output, then for return_output we treat the

Index: 605
====================================================================
# Exim test configuration 605

# Macros are set externally in order to get the path
# of the Exim that is being tested, and the directory
# in which the test data lives.

exim_path = EXIM_PATH
primary_hostname = myhost.test.ex
spool_directory = DIR/spool

# ----- Main settings -----


# ----- Routers -----

begin routers

  r0:
    driver = accept
    senders = :
    transport = t1  


  r1: 
    driver = redirect
    data = ${lookup ldap user="cn=xxx,o=yyy,c=UK" pass="secret" \
           ldap:///o=zzz,c=UK,?sn?sub?(cn=foo)}} 



# ----- Transports -----

begin transports

  t1:
    driver = appendfile
    file = DIR/test-mail/$local_part
    user = CALLER



# End

Index: 605
====================================================================
1999-03-02 09:44:33 10HmaX-0005vi-00 <= ph10@??? U=ph10 P=local S=267
1999-03-02 09:44:33 10HmaX-0005vi-00 == ph10@??? R=r1 defer (-1): failed to expand "${lookup ldap user="cn=xxx,o=yyy,c=UK" pass=xxxxxxxx ldap:///o=zzz,c=UK,?sn?sub?(cn=foo)}}": missing or misplaced { or }
1999-03-02 09:44:33 10HmaX-0005vi-00 ** ph10@???: retry timeout exceeded
1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=exim P=local S=1218
1999-03-02 09:44:33 10HmaY-0005vi-00 => ph10 <ph10@???> R=r0 T=t1
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed

  Index: 605.ph10
  ====================================================================
  From MAILER-DAEMON Tue Mar 02 09:44:33 1999
  Received: from exim by myhost.test.ex with local (Exim x.yz)
      id 10HmaY-0005vi-00
      for ph10@???; Tue, 2 Mar 1999 09:44:33 +0000
  X-Failed-Recipients: ph10@???
  Auto-Submitted: auto-generated
  From: Mail Delivery System <Mailer-Daemon@???>
  To: ph10@???
  Subject: Mail delivery failed: returning message to sender
  Message-Id: <E10HmaY-0005vi-00@???>
  Date: Tue, 2 Mar 1999 09:44:33 +0000


This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

    ph10@???
      failed to expand "${lookup ldap user="cn=xxx,o=yyy,c=UK" pass=xxxxxxxx ldap:///o=zzz,c=UK,?sn?sub?(cn=foo)}}":
      missing or misplaced { or }: retry timeout exceeded


------ This is a copy of the message, including all the headers. ------

  Return-path: <ph10@???>
  Received: from ph10 by myhost.test.ex with local (Exim x.yz)
      id 10HmaX-0005vi-00
      for ph10@???; Tue, 2 Mar 1999 09:44:33 +0000
  Message-Id: <E10HmaX-0005vi-00@???>
  From: Philip Hazel <ph10@???>
  Date: Tue, 2 Mar 1999 09:44:33 +0000




Index: 605
====================================================================
0 hide LDAP password in bounce message after expansion failure
exim -odi ph10
****

  Index: 458
  ===================================================================
  RCS file: /home/cvs/exim/exim-test-orig/AutoTest/stderr/458,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- 458    15 Oct 2004 13:38:05 -0000    1.2
  +++ 458    22 Mar 2005 14:50:10 -0000    1.3
  @@ -92,7 +92,7 @@
   waiting for writing process
   end of filtering transport writing: yield=0
   errno=-24 more_errno=127
  -appendfile yields 9 with errno=-24 more_errno=127
  +appendfile yields 10 with errno=-24 more_errno=127
   t1 transport returned PANIC for ph10@???
   LOG: MAIN PANIC
     == ph10@??? R=r1 T=t1 defer (-24): transport filter process failed (127) while writing to /source/exim4/AutoTest/test-mail/ph10: unable to execute command