From 6f497438f4e7b736861fa52eef36926b6b5a7c20 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Sun, 26 Jul 2015 12:59:57 +0000 Subject: [PATCH] - ident is dead for years --- postfix-ident.patch | 349 -------------------------------------------- 1 file changed, 349 deletions(-) delete mode 100644 postfix-ident.patch diff --git a/postfix-ident.patch b/postfix-ident.patch deleted file mode 100644 index 21ad123..0000000 --- a/postfix-ident.patch +++ /dev/null @@ -1,349 +0,0 @@ -diff -urN -x '*~' postfix-2.2.5/src/global/mail_params.h postfix-2.2.5-ident/src/global/mail_params.h ---- postfix-2.2.5/src/global/mail_params.h 2006-02-22 16:20:15.000000000 +0100 -+++ postfix-2.2.5-ident/src/global/mail_params.h 2006-02-22 15:56:31.000000000 +0100 -@@ -2346,6 +2346,9 @@ - #define DEF_SMTP_EHLO_DIS_MAPS "" - extern char *var_smtp_ehlo_dis_maps; - -+#define VAR_SMTPD_IDENT_LOOKUP "smtpd_ident_lookup" -+#define DEF_SMTPD_IDENT_LOOKUP "" -+extern char *var_smtpd_ident_lookup; - /* - * SMTPD messages - */ -diff -urN -x '*~' postfix-2.2.5/src/smtpd/smtpd_ident.c postfix-2.2.5-ident/src/smtpd/smtpd_ident.c ---- postfix-2.2.5/src/smtpd/smtpd_ident.c 1970-01-01 01:00:00.000000000 +0100 -+++ postfix-2.2.5-ident/src/smtpd/smtpd_ident.c 2006-02-22 15:56:31.000000000 +0100 -@@ -0,0 +1,138 @@ -+#include -+#include -+#include -+#include -+#include /* strerror() */ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+#include "smtpd.h" -+ -+#define IDENT_MSGSIZE 256 -+#define IDENT_TIMEOUT 10 -+ -+#define CHOMP(STR) { char *tmp; tmp = STR; while (*tmp) { \ -+ if (*tmp == '\n' || *tmp == '\r') *tmp = '\0'; tmp++ ; } } -+ -+char *smtpd_ident(struct sockaddr_in *peer_addr, struct sockaddr_in *smtpd_addr) -+{ -+ int ident_sock; -+ char ident_msg[IDENT_MSGSIZE + 1], *sp; -+ char ident_user[IDENT_MSGSIZE + 1]; -+ struct sockaddr_in local_addr; -+ struct sockaddr_in ident_addr; -+ char *return_val; -+ VSTREAM *ident_stream; -+ -+ memset(ident_msg, 0, IDENT_MSGSIZE + 1); -+ memset(ident_user, 0, IDENT_MSGSIZE + 1); -+ -+ /* -+ * Bind the local sockaddr to the same interface as smtpd before -+ * connecting back to the auth port on the peer. This helps -+ * with multihomed postfix servers. First, set up the address. -+ */ -+ -+ /* Local sockname */ -+ -+ memset((char *) &local_addr, 0, sizeof(local_addr)); -+ local_addr.sin_family = AF_INET; -+ memcpy((void *) &local_addr.sin_addr, (void *) &smtpd_addr->sin_addr, sizeof(local_addr.sin_addr)); -+ -+ /* Remote sockname + port */ -+ -+ memset((char *) &ident_addr, 0, sizeof(ident_addr)); -+ ident_addr.sin_family = AF_INET; -+ memcpy((void *) &ident_addr.sin_addr, (void *) &peer_addr->sin_addr, sizeof(ident_addr.sin_addr)); -+ ident_addr.sin_port = htons(113); -+ -+ do { -+ /* socket call */ -+ -+ if ((ident_sock = socket(ident_addr.sin_family, SOCK_STREAM, 0)) < 0) { -+ msg_warn("Can't allocate socket for ident lookup: %s", strerror(errno)); -+ break; -+ } -+ -+ /* Now bind the local sock to the interface */ -+ -+ if (bind(ident_sock, (struct sockaddr *)&local_addr, sizeof(local_addr)) < 0) { -+ msg_warn("local bind of ident sock failed: %s", strerror(errno)); -+ break; -+ } -+ -+ /* connect() back to the smtp client host on port 113 */ -+ -+ if (connect(ident_sock, (struct sockaddr *) &ident_addr, sizeof(ident_addr )) < 0) { -+ msg_warn( "ident connect to %s: %s", inet_ntoa(peer_addr->sin_addr), -+ strerror(errno)); -+ break; -+ } -+ -+ /* Ok, make this a vstream */ -+ -+ ident_stream = vstream_fdopen(ident_sock, O_RDWR); -+ ident_stream->timeout = IDENT_TIMEOUT; -+ -+ /* Print the ident message to the remote host */ -+ -+ vstream_fprintf(ident_stream, "%d, %d\n", ntohs(peer_addr->sin_port), ntohs(smtpd_addr->sin_port)); -+ if (vstream_ftimeout(ident_stream)) { -+ msg_warn( "ident write timed out to %s", inet_ntoa(peer_addr->sin_addr)); -+ break; -+ } -+ -+ /* Read back the result */ -+ -+ vstream_fread(ident_stream, ident_msg, IDENT_MSGSIZE); -+ if (vstream_ftimeout(ident_stream)) { -+ msg_warn( "ident read timed out to %s", inet_ntoa(peer_addr->sin_addr)); -+ break; -+ } -+ -+ /* -+ * Should I even bother with this? -+ * -+ * Even if so, don't worry about this failing, set the timeout low -+ */ -+ -+ ident_stream->timeout = 2; -+ vstream_fwrite(ident_stream, "quit\n", strlen("quit\n")); -+ -+ if (strlen(ident_msg) == 0) { -+ msg_warn( "Failed to get ident string from %s", inet_ntoa(peer_addr->sin_addr)); -+ break; -+ } -+ -+ if ((sp = strrchr(ident_msg, ':')) == NULL) { -+ msg_warn( "Invalid ident string from %s", inet_ntoa(peer_addr->sin_addr)); -+ break; -+ } -+ sp++; -+ CHOMP(sp); -+ while (*sp && (*sp == ' ' || *sp == '\t')) { -+ sp++; -+ } -+ -+ /* If we break before this line, we know we had some sort of bad error */ -+ -+ strncpy(ident_user, sp, IDENT_MSGSIZE); -+ msg_info( "Received ident string %s from %s", sp, inet_ntoa(peer_addr->sin_addr)); -+ -+ } while (0); -+ -+ if (strlen(ident_user) == 0) { -+ msg_warn( "Failed to get ident user for %s", inet_ntoa(peer_addr->sin_addr)); -+ return NULL; -+ } -+ -+ vstream_fclose(ident_stream); -+ return_val = mystrdup(ident_user); -+ return return_val; -+} ---- postfix-2.3-RC9/src/smtpd/smtpd.h.orig 2006-07-09 21:49:21.000000000 +0200 -+++ postfix-2.3-RC9/src/smtpd/smtpd.h 2006-07-11 20:30:43.993322048 +0200 -@@ -77,6 +77,7 @@ - char *addr; /* client host address string */ - char *namaddr; /* combined name and address */ - char *rfc_addr; /* address for RFC 2821 */ -+ char *ident_user; /* user name returned by ident RFC 1413 */ - int addr_family; /* address family */ - struct sockaddr_storage sockaddr; /* binary client endpoint */ - int name_status; /* 2=ok 4=soft 5=hard 6=forged */ -@@ -266,6 +267,8 @@ - extern void smtpd_peer_init(SMTPD_STATE *state); - extern void smtpd_peer_reset(SMTPD_STATE *state); - -+extern char *smtpd_ident(struct sockaddr_in *peer_addr, struct sockaddr_in *smtpd_addr); -+ - #define SMTPD_PEER_CODE_OK 2 - #define SMTPD_PEER_CODE_TEMP 4 - #define SMTPD_PEER_CODE_PERM 5 ---- postfix-2.9.0/src/smtpd/smtpd.c.orig 2012-02-04 19:34:17.737149536 +0100 -+++ postfix-2.9.0/src/smtpd/smtpd.c 2012-02-04 19:36:43.414073592 +0100 -@@ -1208,6 +1208,7 @@ - char *var_local_rwr_clients; - char *var_smtpd_ehlo_dis_words; - char *var_smtpd_ehlo_dis_maps; -+char *var_smtpd_ident_lookup; - - char *var_smtpd_tls_level; - bool var_smtpd_use_tls; -@@ -1329,6 +1330,11 @@ - int smtpd_input_transp_mask; - - /* -+ * Hosts that should be ident-queried -+ */ -+NAMADR_LIST *smtpd_ident_lookup; -+ -+ /* - * Forward declarations. - */ - static void helo_reset(SMTPD_STATE *); -@@ -2950,10 +2956,18 @@ - * intermediate proxy. - */ - if (!proxy || state->xforward.flags == 0) { -- out_fprintf(out_stream, REC_TYPE_NORM, -- "Received: from %s (%s [%s])", -- state->helo_name ? state->helo_name : state->name, -- state->name, state->rfc_addr); -+ if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) { -+ out_fprintf(out_stream, REC_TYPE_NORM, -+ "Received: from %s (%s [%s] ident=%s)", -+ state->helo_name ? state->helo_name : state->name, -+ state->name, state->rfc_addr, -+ state->ident_user); -+ } else { -+ out_fprintf(out_stream, REC_TYPE_NORM, -+ "Received: from %s (%s [%s])", -+ state->helo_name ? state->helo_name : state->name, -+ state->name, state->rfc_addr); -+ } - - #define VSTRING_STRDUP(s) vstring_strcpy(vstring_alloc(strlen(s) + 1), (s)) - -@@ -4954,6 +4968,9 @@ - xclient_hosts = namadr_list_init(MATCH_FLAG_RETURN, var_xclient_hosts); - xforward_hosts = namadr_list_init(MATCH_FLAG_RETURN, var_xforward_hosts); - hogger_list = namadr_list_init(MATCH_FLAG_RETURN, var_smtpd_hoggers); -+ smtpd_ident_lookup = -+ namadr_list_init(match_parent_style(VAR_SMTPD_IDENT_LOOKUP), -+ var_smtpd_ident_lookup); - - /* - * Open maps before dropping privileges so we can read passwords etc. -@@ -5382,6 +5399,7 @@ - VAR_MILT_V, DEF_MILT_V, &var_milt_v, 1, 0, - VAR_STRESS, DEF_STRESS, &var_stress, 0, 0, - VAR_REJECT_REPLY_MSG_ACCESS_DENIED, DEF_REJECT_REPLY_MSG_ACCESS_DENIED, &var_reject_reply_msg_access_denied, 1, 0, -+ VAR_SMTPD_IDENT_LOOKUP, DEF_SMTPD_IDENT_LOOKUP, &var_smtpd_ident_lookup, 0, 0, - VAR_UNV_FROM_WHY, DEF_UNV_FROM_WHY, &var_unv_from_why, 0, 0, - VAR_UNV_RCPT_WHY, DEF_UNV_RCPT_WHY, &var_unv_rcpt_why, 0, 0, - VAR_REJECT_TMPF_ACT, DEF_REJECT_TMPF_ACT, &var_reject_tmpf_act, 1, 0, ---- postfix-2.10.0/src/smtpd/Makefile.in.orig 2013-03-12 18:39:01.000000000 +0100 -+++ postfix-2.10.0/src/smtpd/Makefile.in 2013-03-12 18:44:40.190592153 +0100 -@@ -2,11 +2,11 @@ - SRCS = smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \ - smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \ - smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c smtpd_resolve.c \ -- smtpd_expand.c smtpd_haproxy.c -+ smtpd_expand.c smtpd_haproxy.c smtpd_ident.c - OBJS = smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \ - smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \ - smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o smtpd_resolve.o \ -- smtpd_expand.o smtpd_haproxy.o -+ smtpd_expand.o smtpd_haproxy.o smtpd_ident.o - HDRS = smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \ - smtpd_sasl_glue.h smtpd_proxy.h smtpd_dsn_fix.h smtpd_milter.h \ - smtpd_resolve.h smtpd_expand.h ---- postfix-2.10.0/src/smtpd/smtpd_peer.c.orig 2013-03-12 19:14:53.347495658 +0100 -+++ postfix-2.10.0/src/smtpd/smtpd_peer.c 2013-03-12 22:24:19.932605940 +0100 -@@ -103,6 +103,7 @@ - - #include - #include -+#include - #include - #include - #include /* strerror() */ -@@ -123,6 +124,7 @@ - - /* Global library. */ - -+#include - #include - #include - #include -@@ -133,6 +135,7 @@ - #include "smtpd.h" - - static INET_PROTO_INFO *proto_info; -+extern NAMADR_LIST *smtpd_ident_lookup; - - /* - * XXX If we make local endpoint (getsockname) information available to -@@ -295,6 +293,8 @@ - static void smtpd_peer_sockaddr_to_hostname(SMTPD_STATE *state) - { - struct sockaddr *sa = (struct sockaddr *) & (state->sockaddr); -+ struct sockaddr_in serv_sin; -+ char *ident_user = NULL; - SOCKADDR_SIZE sa_length = state->sockaddr_len; - MAI_HOSTNAME_STR client_name; - int aierr; -@@ -345,6 +350,7 @@ - if (aierr) { - msg_warn("hostname %s does not resolve to address %s: %s", - state->name, state->addr, MAI_STRERROR(aierr)); -+ state->ident_user = mystrdup("NO-USER"); - REJECT_PEER_NAME(state, (TEMP_AI_ERROR(aierr) ? - SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_FORGED)); - } else { -@@ -366,6 +372,19 @@ - freeaddrinfo(res0); - } - } -+ if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) { -+ /* If getsockname fails, just forget it */ -+ sa_length = sizeof(serv_sin); -+ if (getsockname(vstream_fileno(state->client), (struct sockaddr *)&serv_sin, &sa_length) >= 0) { -+ ident_user = smtpd_ident((struct sockaddr_in *)sa, &serv_sin); -+ if (ident_user == NULL) -+ state->ident_user = mystrdup("NO-USER"); -+ else -+ state->ident_user = ident_user; -+ } else -+ msg_warn("getsockname failed while doing ident lookup: %s", strerror(errno)); -+ } else -+ state->ident_user = mystrdup("NO-USER"); - } - - /* smtpd_peer_hostaddr_to_sockaddr - convert numeric string to binary */ -@@ -412,6 +431,7 @@ - state->name_status = SMTPD_PEER_CODE_OK; - state->reverse_name_status = SMTPD_PEER_CODE_OK; - state->port = mystrdup("0"); /* XXX bogus. */ -+ state->ident_user = mystrdup("NO-USER"); - } - - /* smtpd_peer_no_client - peer went away, or peer info unavailable */ -@@ -426,6 +446,7 @@ - state->addr_family = AF_UNSPEC; - state->name_status = SMTPD_PEER_CODE_PERM; - state->reverse_name_status = SMTPD_PEER_CODE_PERM; -+ state->ident_user = mystrdup("NO-USER"); - state->port = mystrdup(CLIENT_PORT_UNKNOWN); - } - -@@ -533,6 +554,7 @@ - } - } - -+ - /* smtpd_peer_init - initialize peer information */ - - void smtpd_peer_init(SMTPD_STATE *state) -@@ -604,6 +626,8 @@ - myfree(state->namaddr); - if (state->rfc_addr) - myfree(state->rfc_addr); -+ if (state->ident_user) -+ myfree(state->ident_user); - if (state->port) - myfree(state->port); - if (state->dest_addr) -- 2.37.3