[exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim/…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Philip Hazel
Datum:  
To: exim-cvs
Betreff: [exim-cvs] cvs commit: exim/exim-doc/doc-txt ChangeLog exim/exim-src ACKNOWLEDGMENTS exim/exim-src/src/auths cyrus_sasl.c
ph10 2005/04/05 15:33:27 BST

  Modified files:
    exim-doc/doc-txt     ChangeLog 
    exim-src             ACKNOWLEDGMENTS 
    exim-src/src/auths   cyrus_sasl.c 
  Log:
  Patch to fix Cyrus-SASL unavailable mechanisms problem.


  Revision  Changes    Path
  1.110     +25 -0     exim/exim-doc/doc-txt/ChangeLog
  1.20      +1 -0      exim/exim-src/ACKNOWLEDGMENTS
  1.3       +32 -3     exim/exim-src/src/auths/cyrus_sasl.c


  Index: ChangeLog
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
  retrieving revision 1.109
  retrieving revision 1.110
  diff -u -r1.109 -r1.110
  --- ChangeLog    5 Apr 2005 14:02:30 -0000    1.109
  +++ ChangeLog    5 Apr 2005 14:33:27 -0000    1.110
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.109 2005/04/05 14:02:30 ph10 Exp $
  +$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.110 2005/04/05 14:33:27 ph10 Exp $


Change log file for Exim from version 4.21
-------------------------------------------
@@ -124,6 +124,31 @@

   PH/23 The cyrus_sasl authenticator was expanding server_hostname, but then
         forgetting to use the resulting value; it was using the unexpanded value.
  +
  +PH/24 The cyrus_sasl authenticator was advertising mechanisms for which it
  +      hadn't been configured. The fix is from Juergen Kreileder, who
  +      understands it better than I do:
  +
  +      "Here's what I see happening with three configured cyrus_sasl
  +      authenticators configured (plain, login, cram-md5):
  +
  +      On startup auth_cyrus_sasl_init() gets called for each of these.
  +      This means three calls to sasl_listmech() without a specified mech_list.
  +      => SASL tests which mechs of all available mechs actually work
  +      => three warnings about OTP not working
  +      => the returned list contains: plain, login, cram-md5, digest-md5, ...
  +
  +      With the patch, sasl_listmech() also gets called three times.  But now
  +      SASL's mech_list option is set to the server_mech specified in the the
  +      authenticator.  Or in other words, the answer from sasl_listmech()
  +      gets limited to just the mech you're testing for (which is different
  +      for each call.)
  +      => the return list contains just 'plain' or 'login', 'cram-md5' or
  +      nothing depending on the value of ob->server_mech.
  +
  +      I've just tested the patch: Authentication still works fine,
  +      unavailable mechs specified in the exim configuration are still
  +      caught, and the auth.log warnings about OTP are gone."



A note about Exim versions 4.44 and 4.50

  Index: ACKNOWLEDGMENTS
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/ACKNOWLEDGMENTS,v
  retrieving revision 1.19
  retrieving revision 1.20
  diff -u -r1.19 -r1.20
  --- ACKNOWLEDGMENTS    5 Apr 2005 13:58:35 -0000    1.19
  +++ ACKNOWLEDGMENTS    5 Apr 2005 14:33:27 -0000    1.20
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-src/ACKNOWLEDGMENTS,v 1.19 2005/04/05 13:58:35 ph10 Exp $
  +$Cambridge: exim/exim-src/ACKNOWLEDGMENTS,v 1.20 2005/04/05 14:33:27 ph10 Exp $


EXIM ACKNOWLEDGEMENTS

  @@ -159,6 +159,7 @@
   Tom Kistner               SPA server code
                             Writing and maintaining the content scanning
                               extension (exiscan)
  +Jürgen Kreileder          Fix for cyrus_sasl advertisement problem
   Friso Kuipers             Patch for GDBM problem
   Chris Liddiard            Fix for bug in exiqsumm
   Chris Lightfoot           Patch for -restore-times in exim_lock


  Index: cyrus_sasl.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/auths/cyrus_sasl.c,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- cyrus_sasl.c    5 Apr 2005 14:02:30 -0000    1.2
  +++ cyrus_sasl.c    5 Apr 2005 14:33:27 -0000    1.3
  @@ -1,4 +1,4 @@
  -/* $Cambridge: exim/exim-src/src/auths/cyrus_sasl.c,v 1.2 2005/04/05 14:02:30 ph10 Exp $ */
  +/* $Cambridge: exim/exim-src/src/auths/cyrus_sasl.c,v 1.3 2005/04/05 14:33:27 ph10 Exp $ */


   /*************************************************
   *     Exim - an Internet mail transport agent    *
  @@ -7,7 +7,7 @@
   /* Copyright (c) University of Cambridge 1995 - 2003 */
   /* See the file NOTICE for conditions of use and distribution. */


-/* This code was contributed by Matthew Byng-Maddick */
+/* This code was originally contributed by Matthew Byng-Maddick */

/* Copyright (c) A L Digital 2004 */

@@ -71,18 +71,42 @@
enable consistency checks to be done, or anything else that needs
to be set up. */

  +
  +/* Auxiliary function, passed in data to sasl_server_init(). */
  +
  +static int
  +mysasl_config(void *context,
  +              const char *plugin_name,
  +              const char *option,
  +              const char **result,
  +              unsigned int *len)
  +{
  +if (context && !strcmp(option, "mech_list"))
  +  {
  +  *result = context;
  +  if (len != NULL) *len = strlen(*result);
  +  return SASL_OK;
  +  }
  +return SASL_FAIL;
  +}
  +
  +/* Here's the real function */
  +
   void
   auth_cyrus_sasl_init(auth_instance *ablock)
   {
   auth_cyrus_sasl_options_block *ob =
     (auth_cyrus_sasl_options_block *)(ablock->options_block);
  -sasl_callback_t cbs[]={{SASL_CB_LIST_END, NULL, NULL}};
  -sasl_conn_t *conn;
   uschar *list, *listptr, *buffer;
   int rc, i;
   unsigned int len;
   uschar *rs_point;


  +sasl_conn_t *conn;
  +sasl_callback_t cbs[]={
  +  {SASL_CB_GETOPT, NULL, NULL },
  +  {SASL_CB_LIST_END, NULL, NULL}};
  +
   /* default the mechanism to our "public name" */
   if(ob->server_mech == NULL)
     ob->server_mech=string_copy(ablock->public_name);
  @@ -90,7 +114,12 @@
   /* we're going to initialise the library to check that there is an
    * authenticator of type whatever mechanism we're using
    */
  +
  +cbs[0].proc = &mysasl_config;
  +cbs[0].context = ob->server_mech;
  +
   rc=sasl_server_init(cbs, "exim");
  +
   if( rc != SASL_OK )
     log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator:  "
         "couldn't initialise Cyrus SASL library.", ablock->name);