+++ /dev/null
-diff -urN -x '*~' postfix-2.2.5/src/global/mail_params.h postfix-2.2.5-ident/src/global/mail_params.h
---- postfix-2.2.5/src/global/mail_params.h 2006-02-22 16:20:15.000000000 +0100
-+++ postfix-2.2.5-ident/src/global/mail_params.h 2006-02-22 15:56:31.000000000 +0100
-@@ -2346,6 +2346,9 @@
- #define DEF_SMTP_EHLO_DIS_MAPS ""
- extern char *var_smtp_ehlo_dis_maps;
-
-+#define VAR_SMTPD_IDENT_LOOKUP "smtpd_ident_lookup"
-+#define DEF_SMTPD_IDENT_LOOKUP ""
-+extern char *var_smtpd_ident_lookup;
- /*
- * SMTPD messages
- */
-diff -urN -x '*~' postfix-2.2.5/src/smtpd/smtpd_ident.c postfix-2.2.5-ident/src/smtpd/smtpd_ident.c
---- postfix-2.2.5/src/smtpd/smtpd_ident.c 1970-01-01 01:00:00.000000000 +0100
-+++ postfix-2.2.5-ident/src/smtpd/smtpd_ident.c 2006-02-22 15:56:31.000000000 +0100
-@@ -0,0 +1,138 @@
-+#include <sys_defs.h>
-+#include <sys/socket.h>
-+#include <netinet/in.h>
-+#include <arpa/inet.h>
-+#include <stdio.h> /* strerror() */
-+#include <errno.h>
-+#include <string.h>
-+#include <mymalloc.h>
-+#include <sys/types.h>
-+#include <sys/time.h>
-+#include <unistd.h>
-+#include <vstream.h>
-+
-+#include <iostuff.h>
-+#include "smtpd.h"
-+
-+#define IDENT_MSGSIZE 256
-+#define IDENT_TIMEOUT 10
-+
-+#define CHOMP(STR) { char *tmp; tmp = STR; while (*tmp) { \
-+ if (*tmp == '\n' || *tmp == '\r') *tmp = '\0'; tmp++ ; } }
-+
-+char *smtpd_ident(struct sockaddr_in *peer_addr, struct sockaddr_in *smtpd_addr)
-+{
-+ int ident_sock;
-+ char ident_msg[IDENT_MSGSIZE + 1], *sp;
-+ char ident_user[IDENT_MSGSIZE + 1];
-+ struct sockaddr_in local_addr;
-+ struct sockaddr_in ident_addr;
-+ char *return_val;
-+ VSTREAM *ident_stream;
-+
-+ memset(ident_msg, 0, IDENT_MSGSIZE + 1);
-+ memset(ident_user, 0, IDENT_MSGSIZE + 1);
-+
-+ /*
-+ * Bind the local sockaddr to the same interface as smtpd before
-+ * connecting back to the auth port on the peer. This helps
-+ * with multihomed postfix servers. First, set up the address.
-+ */
-+
-+ /* Local sockname */
-+
-+ memset((char *) &local_addr, 0, sizeof(local_addr));
-+ local_addr.sin_family = AF_INET;
-+ memcpy((void *) &local_addr.sin_addr, (void *) &smtpd_addr->sin_addr, sizeof(local_addr.sin_addr));
-+
-+ /* Remote sockname + port */
-+
-+ memset((char *) &ident_addr, 0, sizeof(ident_addr));
-+ ident_addr.sin_family = AF_INET;
-+ memcpy((void *) &ident_addr.sin_addr, (void *) &peer_addr->sin_addr, sizeof(ident_addr.sin_addr));
-+ ident_addr.sin_port = htons(113);
-+
-+ do {
-+ /* socket call */
-+
-+ if ((ident_sock = socket(ident_addr.sin_family, SOCK_STREAM, 0)) < 0) {
-+ msg_warn("Can't allocate socket for ident lookup: %s", strerror(errno));
-+ break;
-+ }
-+
-+ /* Now bind the local sock to the interface */
-+
-+ if (bind(ident_sock, (struct sockaddr *)&local_addr, sizeof(local_addr)) < 0) {
-+ msg_warn("local bind of ident sock failed: %s", strerror(errno));
-+ break;
-+ }
-+
-+ /* connect() back to the smtp client host on port 113 */
-+
-+ if (connect(ident_sock, (struct sockaddr *) &ident_addr, sizeof(ident_addr )) < 0) {
-+ msg_warn( "ident connect to %s: %s", inet_ntoa(peer_addr->sin_addr),
-+ strerror(errno));
-+ break;
-+ }
-+
-+ /* Ok, make this a vstream */
-+
-+ ident_stream = vstream_fdopen(ident_sock, O_RDWR);
-+ ident_stream->timeout = IDENT_TIMEOUT;
-+
-+ /* Print the ident message to the remote host */
-+
-+ vstream_fprintf(ident_stream, "%d, %d\n", ntohs(peer_addr->sin_port), ntohs(smtpd_addr->sin_port));
-+ if (vstream_ftimeout(ident_stream)) {
-+ msg_warn( "ident write timed out to %s", inet_ntoa(peer_addr->sin_addr));
-+ break;
-+ }
-+
-+ /* Read back the result */
-+
-+ vstream_fread(ident_stream, ident_msg, IDENT_MSGSIZE);
-+ if (vstream_ftimeout(ident_stream)) {
-+ msg_warn( "ident read timed out to %s", inet_ntoa(peer_addr->sin_addr));
-+ break;
-+ }
-+
-+ /*
-+ * Should I even bother with this?
-+ *
-+ * Even if so, don't worry about this failing, set the timeout low
-+ */
-+
-+ ident_stream->timeout = 2;
-+ vstream_fwrite(ident_stream, "quit\n", strlen("quit\n"));
-+
-+ if (strlen(ident_msg) == 0) {
-+ msg_warn( "Failed to get ident string from %s", inet_ntoa(peer_addr->sin_addr));
-+ break;
-+ }
-+
-+ if ((sp = strrchr(ident_msg, ':')) == NULL) {
-+ msg_warn( "Invalid ident string from %s", inet_ntoa(peer_addr->sin_addr));
-+ break;
-+ }
-+ sp++;
-+ CHOMP(sp);
-+ while (*sp && (*sp == ' ' || *sp == '\t')) {
-+ sp++;
-+ }
-+
-+ /* If we break before this line, we know we had some sort of bad error */
-+
-+ strncpy(ident_user, sp, IDENT_MSGSIZE);
-+ msg_info( "Received ident string %s from %s", sp, inet_ntoa(peer_addr->sin_addr));
-+
-+ } while (0);
-+
-+ if (strlen(ident_user) == 0) {
-+ msg_warn( "Failed to get ident user for %s", inet_ntoa(peer_addr->sin_addr));
-+ return NULL;
-+ }
-+
-+ vstream_fclose(ident_stream);
-+ return_val = mystrdup(ident_user);
-+ return return_val;
-+}
---- postfix-2.3-RC9/src/smtpd/smtpd.h.orig 2006-07-09 21:49:21.000000000 +0200
-+++ postfix-2.3-RC9/src/smtpd/smtpd.h 2006-07-11 20:30:43.993322048 +0200
-@@ -77,6 +77,7 @@
- char *addr; /* client host address string */
- char *namaddr; /* combined name and address */
- char *rfc_addr; /* address for RFC 2821 */
-+ char *ident_user; /* user name returned by ident RFC 1413 */
- int addr_family; /* address family */
- struct sockaddr_storage sockaddr; /* binary client endpoint */
- int name_status; /* 2=ok 4=soft 5=hard 6=forged */
-@@ -266,6 +267,8 @@
- extern void smtpd_peer_init(SMTPD_STATE *state);
- extern void smtpd_peer_reset(SMTPD_STATE *state);
-
-+extern char *smtpd_ident(struct sockaddr_in *peer_addr, struct sockaddr_in *smtpd_addr);
-+
- #define SMTPD_PEER_CODE_OK 2
- #define SMTPD_PEER_CODE_TEMP 4
- #define SMTPD_PEER_CODE_PERM 5
---- postfix-2.9.0/src/smtpd/smtpd.c.orig 2012-02-04 19:34:17.737149536 +0100
-+++ postfix-2.9.0/src/smtpd/smtpd.c 2012-02-04 19:36:43.414073592 +0100
-@@ -1208,6 +1208,7 @@
- char *var_local_rwr_clients;
- char *var_smtpd_ehlo_dis_words;
- char *var_smtpd_ehlo_dis_maps;
-+char *var_smtpd_ident_lookup;
-
- char *var_smtpd_tls_level;
- bool var_smtpd_use_tls;
-@@ -1329,6 +1330,11 @@
- int smtpd_input_transp_mask;
-
- /*
-+ * Hosts that should be ident-queried
-+ */
-+NAMADR_LIST *smtpd_ident_lookup;
-+
-+ /*
- * Forward declarations.
- */
- static void helo_reset(SMTPD_STATE *);
-@@ -2950,10 +2956,18 @@
- * intermediate proxy.
- */
- if (!proxy || state->xforward.flags == 0) {
-- out_fprintf(out_stream, REC_TYPE_NORM,
-- "Received: from %s (%s [%s])",
-- state->helo_name ? state->helo_name : state->name,
-- state->name, state->rfc_addr);
-+ if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) {
-+ out_fprintf(out_stream, REC_TYPE_NORM,
-+ "Received: from %s (%s [%s] ident=%s)",
-+ state->helo_name ? state->helo_name : state->name,
-+ state->name, state->rfc_addr,
-+ state->ident_user);
-+ } else {
-+ out_fprintf(out_stream, REC_TYPE_NORM,
-+ "Received: from %s (%s [%s])",
-+ state->helo_name ? state->helo_name : state->name,
-+ state->name, state->rfc_addr);
-+ }
-
- #define VSTRING_STRDUP(s) vstring_strcpy(vstring_alloc(strlen(s) + 1), (s))
-
-@@ -4954,6 +4968,9 @@
- xclient_hosts = namadr_list_init(MATCH_FLAG_RETURN, var_xclient_hosts);
- xforward_hosts = namadr_list_init(MATCH_FLAG_RETURN, var_xforward_hosts);
- hogger_list = namadr_list_init(MATCH_FLAG_RETURN, var_smtpd_hoggers);
-+ smtpd_ident_lookup =
-+ namadr_list_init(match_parent_style(VAR_SMTPD_IDENT_LOOKUP),
-+ var_smtpd_ident_lookup);
-
- /*
- * Open maps before dropping privileges so we can read passwords etc.
-@@ -5382,6 +5399,7 @@
- VAR_MILT_V, DEF_MILT_V, &var_milt_v, 1, 0,
- VAR_STRESS, DEF_STRESS, &var_stress, 0, 0,
- VAR_REJECT_REPLY_MSG_ACCESS_DENIED, DEF_REJECT_REPLY_MSG_ACCESS_DENIED, &var_reject_reply_msg_access_denied, 1, 0,
-+ VAR_SMTPD_IDENT_LOOKUP, DEF_SMTPD_IDENT_LOOKUP, &var_smtpd_ident_lookup, 0, 0,
- VAR_UNV_FROM_WHY, DEF_UNV_FROM_WHY, &var_unv_from_why, 0, 0,
- VAR_UNV_RCPT_WHY, DEF_UNV_RCPT_WHY, &var_unv_rcpt_why, 0, 0,
- VAR_REJECT_TMPF_ACT, DEF_REJECT_TMPF_ACT, &var_reject_tmpf_act, 1, 0,
---- postfix-2.10.0/src/smtpd/Makefile.in.orig 2013-03-12 18:39:01.000000000 +0100
-+++ postfix-2.10.0/src/smtpd/Makefile.in 2013-03-12 18:44:40.190592153 +0100
-@@ -2,11 +2,11 @@
- SRCS = smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \
- smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \
- smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c smtpd_resolve.c \
-- smtpd_expand.c smtpd_haproxy.c
-+ smtpd_expand.c smtpd_haproxy.c smtpd_ident.c
- OBJS = smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \
- smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \
- smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o smtpd_resolve.o \
-- smtpd_expand.o smtpd_haproxy.o
-+ smtpd_expand.o smtpd_haproxy.o smtpd_ident.o
- HDRS = smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \
- smtpd_sasl_glue.h smtpd_proxy.h smtpd_dsn_fix.h smtpd_milter.h \
- smtpd_resolve.h smtpd_expand.h
---- postfix-2.10.0/src/smtpd/smtpd_peer.c.orig 2013-03-12 19:14:53.347495658 +0100
-+++ postfix-2.10.0/src/smtpd/smtpd_peer.c 2013-03-12 22:24:19.932605940 +0100
-@@ -103,6 +103,7 @@
-
- #include <sys_defs.h>
- #include <sys/socket.h>
-+#include <sys/types.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
- #include <stdio.h> /* strerror() */
-@@ -123,6 +124,7 @@
-
- /* Global library. */
-
-+#include <namadr_list.h>
- #include <mail_proto.h>
- #include <valid_mailhost_addr.h>
- #include <mail_params.h>
-@@ -133,6 +135,7 @@
- #include "smtpd.h"
-
- static INET_PROTO_INFO *proto_info;
-+extern NAMADR_LIST *smtpd_ident_lookup;
-
- /*
- * XXX If we make local endpoint (getsockname) information available to
-@@ -295,6 +293,8 @@
- static void smtpd_peer_sockaddr_to_hostname(SMTPD_STATE *state)
- {
- struct sockaddr *sa = (struct sockaddr *) & (state->sockaddr);
-+ struct sockaddr_in serv_sin;
-+ char *ident_user = NULL;
- SOCKADDR_SIZE sa_length = state->sockaddr_len;
- MAI_HOSTNAME_STR client_name;
- int aierr;
-@@ -345,6 +350,7 @@
- if (aierr) {
- msg_warn("hostname %s does not resolve to address %s: %s",
- state->name, state->addr, MAI_STRERROR(aierr));
-+ state->ident_user = mystrdup("NO-USER");
- REJECT_PEER_NAME(state, (TEMP_AI_ERROR(aierr) ?
- SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_FORGED));
- } else {
-@@ -366,6 +372,19 @@
- freeaddrinfo(res0);
- }
- }
-+ if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) {
-+ /* If getsockname fails, just forget it */
-+ sa_length = sizeof(serv_sin);
-+ if (getsockname(vstream_fileno(state->client), (struct sockaddr *)&serv_sin, &sa_length) >= 0) {
-+ ident_user = smtpd_ident((struct sockaddr_in *)sa, &serv_sin);
-+ if (ident_user == NULL)
-+ state->ident_user = mystrdup("NO-USER");
-+ else
-+ state->ident_user = ident_user;
-+ } else
-+ msg_warn("getsockname failed while doing ident lookup: %s", strerror(errno));
-+ } else
-+ state->ident_user = mystrdup("NO-USER");
- }
-
- /* smtpd_peer_hostaddr_to_sockaddr - convert numeric string to binary */
-@@ -412,6 +431,7 @@
- state->name_status = SMTPD_PEER_CODE_OK;
- state->reverse_name_status = SMTPD_PEER_CODE_OK;
- state->port = mystrdup("0"); /* XXX bogus. */
-+ state->ident_user = mystrdup("NO-USER");
- }
-
- /* smtpd_peer_no_client - peer went away, or peer info unavailable */
-@@ -426,6 +446,7 @@
- state->addr_family = AF_UNSPEC;
- state->name_status = SMTPD_PEER_CODE_PERM;
- state->reverse_name_status = SMTPD_PEER_CODE_PERM;
-+ state->ident_user = mystrdup("NO-USER");
- state->port = mystrdup(CLIENT_PORT_UNKNOWN);
- }
-
-@@ -533,6 +554,7 @@
- }
- }
-
-+
- /* smtpd_peer_init - initialize peer information */
-
- void smtpd_peer_init(SMTPD_STATE *state)
-@@ -604,6 +626,8 @@
- myfree(state->namaddr);
- if (state->rfc_addr)
- myfree(state->rfc_addr);
-+ if (state->ident_user)
-+ myfree(state->ident_user);
- if (state->port)
- myfree(state->port);
- if (state->dest_addr)
TLD / packages / postfix.git / commitdiff