[exim-dev] FW: Legacy EHLO AUTH responses (patch) 4.52

Pàgina inicial
Delete this message
Reply to this message
Autor: Andrew Johnson
Data:  
A: exim-dev
Assumpte: [exim-dev] FW: Legacy EHLO AUTH responses (patch) 4.52
This is probably the more appropriate place for this email...

-----Original Message-----
From: Andrew Johnson [mailto:andrew.johnson@sappsys.co.uk]
Sent: 05 December 2005 18:46
To: 'exim-users@???'
Subject: Legacy EHLO AUTH responses (patch) 4.52

Having spent the last week dealing with lots of old broken servers
connecting to my relay, I have discovered that in the main, our issues
related to the AUTH= line (which seems to be deprecated now ?!). With help
from this list last week, I managed to fix most of my broken users by adding
a bogus authenticator to do the AUTH=LOGIN line I needed. This broke some
other servers. It seems I need to put the AUTH=LOGIN line BEFORE my AUTH
PLAIN LOGIN line - harder to do with the bogus authenticator because the
source code inserts a " " before each authenticator so I couldn't get the
"=" in there..

hmm... I thought...

this is now what I've managed to do :-

[root@linuxbuild exim-4.52-test]# telnet localhost 25 Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 relay.mydomain.uk (0) ESMTP (Inbound)
ehlo me
250-relay.mydomain.uk Hello me [127.0.0.1]
250-SIZE 140247040
250-8BITMIME
250-PIPELINING
250-AUTH=LOGIN
250-AUTH LOGIN PLAIN
250 HELP

I added a couple of new exim config keywords :-
auth_legacy_position     (before/after/none)
auth_legacy_detail     (can be auto to replicate the list of authenticators
or any other string - such as just login)


position defaults to none
detail defaults to auto.

The code is only active when the normal auth conditions are met.

Here is the patch incase anyone is interested :-

diff -urN exim-4.52-orig/src/globals.c exim-4.52-orig-auth/src/globals.c
--- exim-4.52-orig/src/globals.c        2005-07-01 12:09:15.000000000 +0100
+++ exim-4.52-orig-auth/src/globals.c   2005-12-05 18:28:33.000000000 +0000
@@ -305,6 +305,8 @@
 BOOL    authentication_failed  = FALSE;
 auth_instance  *auths          = NULL;
 uschar *auth_advertise_hosts   = US"*";
+uschar *auth_legacy_position   = US"none";
+uschar *auth_legacy_detail     = US"auto";
 auth_instance auth_defaults    = {
     NULL,                      /* chain pointer */
     NULL,                      /* name */
diff -urN exim-4.52-orig/src/globals.h exim-4.52-orig-auth/src/globals.h
--- exim-4.52-orig/src/globals.h        2005-07-01 12:09:15.000000000 +0100
+++ exim-4.52-orig-auth/src/globals.h   2005-12-05 18:48:02.000000000 +0000
@@ -148,6 +148,8 @@
 extern uschar *authenticated_sender;   /* From AUTH on MAIL */
 extern BOOL    authentication_failed;  /* TRUE if AUTH was tried and failed
*/
 extern uschar *auth_advertise_hosts;   /* Only advertise to these */
+extern uschar *auth_legacy_position;   /* Advertise AUTH=
(BEFORE_AFTER_NONE) */
+extern uschar *auth_legacy_detail;     /* Advertise AUTH= (AUTO_STRING) */
 extern auth_info auths_available[];    /* Vector of available auth
mechanisms */
 extern auth_instance *auths;           /* Chain of instantiated auths */
 extern auth_instance auth_defaults;    /* Default values */
diff -urN exim-4.52-orig/src/readconf.c exim-4.52-orig-auth/src/readconf.c
--- exim-4.52-orig/src/readconf.c       2005-07-01 12:09:15.000000000 +0100
+++ exim-4.52-orig-auth/src/readconf.c  2005-12-05 18:28:33.000000000 
+++ +0000
@@ -161,6 +161,8 @@
   { "allow_mx_to_ip",           opt_bool,        &allow_mx_to_ip },
   { "allow_utf8_domains",       opt_bool,        &allow_utf8_domains },
   { "auth_advertise_hosts",     opt_stringptr,   &auth_advertise_hosts },
+  { "auth_legacy_detail",       opt_stringptr,   &auth_legacy_detail },
+  { "auth_legacy_position",     opt_stringptr,   &auth_legacy_position },
   { "auto_thaw",                opt_time,        &auto_thaw },
 #ifdef WITH_CONTENT_SCAN
   { "av_scanner",               opt_stringptr,   &av_scanner },
@@ -3005,6 +3007,15 @@
       "errors_reply_to (%s) does not contain a domain", errors_reply_to);
   }


+/* Make sure legacy definition is ok
+*/
+  if (Ustrcmp(auth_legacy_position,"before")!=0 &&
Ustrcmp(auth_legacy_position,"after")!=0 &&
+      Ustrcmp(auth_legacy_position,"none")!=0)
+    {
+    log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
+      "error in auth_legacy_position (before/after/none): %s",
auth_legacy_position);
+    }
+
 /* If smtp_accept_queue or smtp_accept_max_per_host is set, then
smtp_accept_max must also be set. */


diff -urN exim-4.52-orig/src/smtp_in.c exim-4.52-orig-auth/src/smtp_in.c
--- exim-4.52-orig/src/smtp_in.c        2005-07-01 12:09:15.000000000 +0100
+++ exim-4.52-orig-auth/src/smtp_in.c   2005-12-05 18:28:33.000000000 +0000
@@ -2539,6 +2539,50 @@
           {
           auth_instance *au;
           BOOL first = TRUE;
+          DEBUG(D_receive) debug_printf("Legacy Auth :%s-%s:\n",
auth_legacy_position, auth_legacy_detail);
+          if (Ustrcmp(auth_legacy_position,"before")==0)
+            {
+            if (Ustrcmp(auth_legacy_detail,"auto")==0)
+              {
+              for (au = auths; au != NULL; au = au->next)
+                {
+                if (au->server && (au->advertise_condition == NULL ||
+                    expand_check_condition(au->advertise_condition,
au->name,
+                    US"authenticator")))
+                  {
+                  int saveptr;
+                  if (first)
+                    {
+                    s = string_cat(s, &size, &ptr, US"250-AUTH=", 9);
+                    auth_advertised = TRUE;
+                    }
+                  saveptr = ptr;
+                  if (!first)
+                    {
+                    s = string_cat(s, &size, &ptr, US" ", 1);
+                    }
+                  first = FALSE;
+                  s = string_cat(s, &size, &ptr, au->public_name,
+                    Ustrlen(au->public_name));
+                  while (++saveptr < ptr) s[saveptr] = toupper(s[saveptr]);
+                  au->advertised = TRUE;
+                  }
+                else au->advertised = FALSE;
+                }
+              if (!first) s = string_cat(s, &size, &ptr, US"\r\n", 2);
+              }
+            else
+              {
+              int saveptr;
+              s = string_cat(s, &size, &ptr, US"250-AUTH=", 9);
+              saveptr = ptr;
+              saveptr--;
+              s = string_cat(s, &size, &ptr, auth_legacy_detail,
Ustrlen(auth_legacy_detail));
+              while (++saveptr < ptr) s[saveptr] = toupper(s[saveptr]);
+              s = string_cat(s, &size, &ptr, US"\r\n", 2);
+              }
+            }
+          first = TRUE;
           for (au = auths; au != NULL; au = au->next)
             {
             if (au->server && (au->advertise_condition == NULL || @@
-2562,6 +2606,49 @@
             else au->advertised = FALSE;
             }
           if (!first) s = string_cat(s, &size, &ptr, US"\r\n", 2);
+          first = TRUE;
+          if (Ustrcmp(auth_legacy_position,"after")==0)
+            {
+            if (Ustrcmp(auth_legacy_detail,"auto")==0)
+              {
+              for (au = auths; au != NULL; au = au->next)
+                {
+                if (au->server && (au->advertise_condition == NULL ||
+                    expand_check_condition(au->advertise_condition,
au->name,
+                    US"authenticator")))
+                  {
+                  int saveptr;
+                  if (first)
+                    {
+                    s = string_cat(s, &size, &ptr, US"250-AUTH=", 9);
+                    auth_advertised = TRUE;
+                    }
+                  saveptr = ptr;
+                  if (!first)
+                    {
+                    s = string_cat(s, &size, &ptr, US" ", 1);
+                    }
+                  first = FALSE;
+                  s = string_cat(s, &size, &ptr, au->public_name,
+                    Ustrlen(au->public_name));
+                  while (++saveptr < ptr) s[saveptr] = toupper(s[saveptr]);
+                  au->advertised = TRUE;
+                  }
+                else au->advertised = FALSE;
+                }
+              if (!first) s = string_cat(s, &size, &ptr, US"\r\n", 2);
+              }
+            else
+              {
+              int saveptr;
+              s = string_cat(s, &size, &ptr, US"250-AUTH=", 9);
+              saveptr = ptr;
+              saveptr--;
+              s = string_cat(s, &size, &ptr, auth_legacy_detail,
Ustrlen(auth_legacy_detail));
+              while (++saveptr < ptr) s[saveptr] = toupper(s[saveptr]);
+              s = string_cat(s, &size, &ptr, US"\r\n", 2);
+              }
+            }
           }
         }




-Andy-