[packages/postfix.git] / postfix-ident.patch

diff -urN -x '*~' postfix-2.2.5/src/global/mail_params.h postfix-2.2.5-ident/src/global/mail_params.h
--- postfix-2.2.5/src/global/mail_params.h	2006-02-22 16:20:15.000000000 +0100
+++ postfix-2.2.5-ident/src/global/mail_params.h	2006-02-22 15:56:31.000000000 +0100
@@ -2346,6 +2346,9 @@
 #define DEF_SMTP_EHLO_DIS_MAPS		""
 extern char *var_smtp_ehlo_dis_maps;
 
+#define VAR_SMTPD_IDENT_LOOKUP		"smtpd_ident_lookup"
+#define DEF_SMTPD_IDENT_LOOKUP		""
+extern char *var_smtpd_ident_lookup;
  /*
   * SMTPD messages
   */
diff -urN -x '*~' postfix-2.2.5/src/smtpd/Makefile.in postfix-2.2.5-ident/src/smtpd/Makefile.in
--- postfix-2.2.5/src/smtpd/Makefile.in	2005-04-29 23:12:28.000000000 +0200
+++ postfix-2.2.5-ident/src/smtpd/Makefile.in	2006-02-22 15:56:31.000000000 +0100
@@ -1,10 +1,10 @@
 SHELL	= /bin/sh
 SRCS	= smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \
 	smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \
-	smtpd_xforward.c
+	smtpd_xforward.c smtpd_ident.c
 OBJS	= smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \
 	smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \
-	smtpd_xforward.o
+	smtpd_xforward.o smtpd_ident.o
 HDRS	= smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \
 	smtpd_sasl_glue.h smtpd_proxy.h
 TESTSRC	= smtpd_token_test.c
diff -urN -x '*~' postfix-2.2.5/src/smtpd/smtpd.c postfix-2.2.5-ident/src/smtpd/smtpd.c
--- postfix-2.2.5/src/smtpd/smtpd.c	2006-02-22 16:20:15.000000000 +0100
+++ postfix-2.2.5-ident/src/smtpd/smtpd.c	2006-02-22 16:17:23.000000000 +0100
@@ -900,6 +900,7 @@
 char   *var_local_rwr_clients;
 char   *var_smtpd_ehlo_dis_words;
 char   *var_smtpd_ehlo_dis_maps;
+char   *var_smtpd_ident_lookup;
 
 bool    var_smtpd_use_tls;
 bool    var_smtpd_enforce_tls;
@@ -961,6 +962,11 @@
 int     smtpd_input_transp_mask;
 
  /*
+  * Hosts that should be ident-queried
+  */
+NAMADR_LIST *smtpd_ident_lookup;
+
+ /*
   * Forward declarations.
   */
 static void helo_reset(SMTPD_STATE *);
@@ -1951,10 +1957,18 @@
      * intermediate proxy.
      */
     if (!state->proxy || state->xforward.flags == 0) {
-	out_fprintf(out_stream, REC_TYPE_NORM,
-		    "Received: from %s (%s [%s])",
-		    state->helo_name ? state->helo_name : state->name,
-		    state->name, state->rfc_addr);
+	if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) {
+		out_fprintf(out_stream, REC_TYPE_NORM,
+			    "Received: from %s (%s [%s] ident=%s)",
+			    state->helo_name ? state->helo_name : state->name,
+			    state->name, state->rfc_addr,
+			    state->ident_user);
+	} else {
+		out_fprintf(out_stream, REC_TYPE_NORM,
+			    "Received: from %s (%s [%s])",
+			    state->helo_name ? state->helo_name : state->name,
+			    state->name, state->rfc_addr);
+	}
 #ifdef USE_TLS
 	if (var_smtpd_tls_received_header && state->tls_context) {
 	    out_fprintf(out_stream, REC_TYPE_NORM,
@@ -3229,6 +3243,9 @@
     xclient_hosts = namadr_list_init(MATCH_FLAG_NONE, var_xclient_hosts);
     xforward_hosts = namadr_list_init(MATCH_FLAG_NONE, var_xforward_hosts);
     hogger_list = namadr_list_init(MATCH_FLAG_NONE, var_smtpd_hoggers);
+    smtpd_ident_lookup =
+	namadr_list_init(match_parent_style(VAR_SMTPD_IDENT_LOOKUP),
+			 var_smtpd_ident_lookup);
     if (getuid() == 0 || getuid() == var_owner_uid)
 	smtpd_check_init();
     debug_peer_init();
@@ -3430,6 +3447,7 @@
 	VAR_SMTPD_SASL_TLS_OPTS, DEF_SMTPD_SASL_TLS_OPTS, &var_smtpd_sasl_tls_opts, 0, 0,
 #endif
  	VAR_REJECT_REPLY_MSG_ACCESS_DENIED, DEF_REJECT_REPLY_MSG_ACCESS_DENIED, &var_reject_reply_msg_access_denied, 1, 0, 
+	VAR_SMTPD_IDENT_LOOKUP, DEF_SMTPD_IDENT_LOOKUP, &var_smtpd_ident_lookup, 0, 0,
 	0,
     };
     static CONFIG_RAW_TABLE raw_table[] = {
diff -urN -x '*~' postfix-2.2.5/src/smtpd/smtpd.h postfix-2.2.5-ident/src/smtpd/smtpd.h
--- postfix-2.2.5/src/smtpd/smtpd.h	2005-01-30 22:45:31.000000000 +0100
+++ postfix-2.2.5-ident/src/smtpd/smtpd.h	2006-02-22 15:56:31.000000000 +0100
@@ -75,6 +75,7 @@
     char   *addr;			/* client host address string */
     char   *namaddr;			/* combined name and address */
     char   *rfc_addr;			/* address for RFC 2821 */
+    char   *ident_user;			/* user name returned by ident RFC 1413 */
     struct sockaddr_storage sockaddr;	/* binary client endpoint */
     int     peer_code;			/* 2=ok, 4=soft, 5=hard */
     int     error_count;		/* reset after DOT */
@@ -232,6 +233,8 @@
 extern void smtpd_peer_init(SMTPD_STATE *state);
 extern void smtpd_peer_reset(SMTPD_STATE *state);
 
+extern char *smtpd_ident(struct sockaddr_in *peer_addr, struct sockaddr_in *smtpd_addr);
+
 #define	SMTPD_PEER_CODE_OK	2
 #define SMTPD_PEER_CODE_TEMP	4
 #define SMTPD_PEER_CODE_PERM	5
diff -urN -x '*~' postfix-2.2.5/src/smtpd/smtpd_ident.c postfix-2.2.5-ident/src/smtpd/smtpd_ident.c
--- postfix-2.2.5/src/smtpd/smtpd_ident.c	1970-01-01 01:00:00.000000000 +0100
+++ postfix-2.2.5-ident/src/smtpd/smtpd_ident.c	2006-02-22 15:56:31.000000000 +0100
@@ -0,0 +1,138 @@
+#include <sys_defs.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <stdio.h>                      /* strerror() */
+#include <errno.h>
+#include <string.h>
+#include <mymalloc.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <unistd.h>
+#include <vstream.h>
+
+#include <iostuff.h>
+#include "smtpd.h"
+
+#define IDENT_MSGSIZE 256 
+#define IDENT_TIMEOUT 10
+
+#define CHOMP(STR) { char *tmp; tmp = STR; while (*tmp) { \
+             if (*tmp == '\n' || *tmp == '\r') *tmp = '\0'; tmp++ ; } }
+
+char *smtpd_ident(struct sockaddr_in *peer_addr, struct sockaddr_in *smtpd_addr)
+{
+    int ident_sock;
+    char ident_msg[IDENT_MSGSIZE + 1], *sp;
+    char ident_user[IDENT_MSGSIZE + 1];
+    struct sockaddr_in local_addr;
+    struct sockaddr_in ident_addr;
+    char *return_val;
+    VSTREAM *ident_stream;
+
+    memset(ident_msg, 0, IDENT_MSGSIZE + 1);
+    memset(ident_user, 0, IDENT_MSGSIZE + 1);
+
+    /*
+     * Bind the local sockaddr to the same interface as smtpd before
+     * connecting back to the auth port on the peer. This helps
+     * with multihomed postfix servers. First, set up the address.
+     */
+
+    /* Local sockname */
+
+    memset((char *) &local_addr, 0, sizeof(local_addr));
+    local_addr.sin_family = AF_INET;
+    memcpy((void *) &local_addr.sin_addr, (void *) &smtpd_addr->sin_addr, sizeof(local_addr.sin_addr));
+
+    /* Remote sockname + port */
+
+    memset((char *) &ident_addr, 0, sizeof(ident_addr));
+    ident_addr.sin_family = AF_INET;
+    memcpy((void *) &ident_addr.sin_addr, (void *) &peer_addr->sin_addr, sizeof(ident_addr.sin_addr));
+    ident_addr.sin_port = htons(113);
+
+    do {
+        /* socket call */
+
+        if ((ident_sock = socket(ident_addr.sin_family, SOCK_STREAM, 0)) < 0) {
+            msg_warn("Can't allocate socket for ident lookup: %s", strerror(errno));
+            break;
+        }
+
+        /* Now bind the local sock to the interface */
+
+        if (bind(ident_sock, (struct sockaddr *)&local_addr, sizeof(local_addr)) < 0) {
+            msg_warn("local bind of ident sock failed: %s", strerror(errno));
+            break;
+         }
+
+        /* connect() back to the smtp client host on port 113 */
+
+         if (connect(ident_sock, (struct sockaddr *) &ident_addr, sizeof(ident_addr )) < 0) {
+            msg_warn( "ident connect to %s: %s", inet_ntoa(peer_addr->sin_addr), 
+                   strerror(errno));
+            break;
+         }
+
+        /* Ok, make this a vstream */
+
+        ident_stream = vstream_fdopen(ident_sock, O_RDWR);
+        ident_stream->timeout = IDENT_TIMEOUT;
+
+        /* Print the ident message to the remote host */
+    
+        vstream_fprintf(ident_stream, "%d, %d\n", ntohs(peer_addr->sin_port), ntohs(smtpd_addr->sin_port));
+        if (vstream_ftimeout(ident_stream)) {
+            msg_warn( "ident write timed out to %s", inet_ntoa(peer_addr->sin_addr));
+            break;
+        }
+
+        /* Read back the result */
+
+        vstream_fread(ident_stream, ident_msg, IDENT_MSGSIZE);
+        if (vstream_ftimeout(ident_stream)) {
+            msg_warn( "ident read timed out to %s", inet_ntoa(peer_addr->sin_addr));
+            break;
+        }
+    
+        /*
+         * Should I even bother with this?
+         *
+         * Even if so, don't worry about this failing, set the timeout low
+         */
+
+        ident_stream->timeout = 2;
+        vstream_fwrite(ident_stream, "quit\n", strlen("quit\n"));
+
+        if (strlen(ident_msg) == 0) {
+            msg_warn( "Failed to get ident string from %s", inet_ntoa(peer_addr->sin_addr));
+            break;
+        }
+    
+        if ((sp = strrchr(ident_msg, ':')) == NULL) {
+            msg_warn( "Invalid ident string from %s", inet_ntoa(peer_addr->sin_addr));
+            break;
+        }
+        sp++;
+        CHOMP(sp);
+        while (*sp && (*sp == ' ' || *sp == '\t')) {
+            sp++;
+        }
+
+        /* If we break before this line, we know we had some sort of bad error */
+
+        strncpy(ident_user, sp, IDENT_MSGSIZE);
+        msg_info( "Received ident string %s from %s", sp, inet_ntoa(peer_addr->sin_addr));
+    
+    } while (0);
+
+    if (strlen(ident_user) == 0) {
+        msg_warn( "Failed to get ident user for %s", inet_ntoa(peer_addr->sin_addr));
+        return NULL;
+    } 
+    
+    vstream_fclose(ident_stream);
+    return_val = mystrdup(ident_user);
+    return return_val;
+}
diff -urN -x '*~' postfix-2.2.5/src/smtpd/smtpd_peer.c postfix-2.2.5-ident/src/smtpd/smtpd_peer.c
--- postfix-2.2.5/src/smtpd/smtpd_peer.c	2005-01-30 22:42:18.000000000 +0100
+++ postfix-2.2.5-ident/src/smtpd/smtpd_peer.c	2006-02-22 16:21:40.000000000 +0100
@@ -56,6 +56,7 @@
 
 #include <sys_defs.h>
 #include <sys/socket.h>
+#include <sys/types.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <stdio.h>			/* strerror() */
@@ -74,13 +75,17 @@
 
 /* Global library. */
 
+#include <namadr_list.h>
 #include <mail_proto.h>
+#include <mail_params.h>
 #include <valid_mailhost_addr.h>
 
 /* Application-specific. */
 
 #include "smtpd.h"
 
+extern NAMADR_LIST *smtpd_ident_lookup;
+
 /* smtpd_peer_init - initialize peer information */
 
 void    smtpd_peer_init(SMTPD_STATE *state)
@@ -88,6 +93,8 @@
     char   *myname = "smtpd_peer_init";
     SOCKADDR_SIZE sa_len;
     struct sockaddr *sa;
+    struct sockaddr_in serv_sin;
+    char *ident_user = NULL;
     INET_PROTO_INFO *proto_info = inet_proto_info();
 
     sa = (struct sockaddr *) & (state->sockaddr);
@@ -108,6 +115,7 @@
 	state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
 	state->rfc_addr = mystrdup(CLIENT_ADDR_UNKNOWN);
 	state->peer_code = SMTPD_PEER_CODE_PERM;
+	state->ident_user = mystrdup("NO-USER");
     }
 
     /*
@@ -218,6 +226,7 @@
 	    if (aierr) {
 		msg_warn("%s: hostname %s verification failed: %s",
 			 state->addr, state->name, MAI_STRERROR(aierr));
+		state->ident_user = mystrdup("NO-USER");
 		REJECT_PEER_NAME(state, (TEMP_AI_ERROR(aierr) ?
 			      SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_PERM));
 	    } else {
@@ -239,6 +248,20 @@
 		freeaddrinfo(res0);
 	    }
 	}
+
+	if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) {
+	    /* If getsockname fails, just forget it */
+	    sa_len = sizeof(serv_sin);
+	    if (getsockname(vstream_fileno(state->client), (struct sockaddr *)&serv_sin, &sa_len) >= 0) {
+		ident_user = smtpd_ident((struct sockaddr_in *)sa, &serv_sin);
+		if (ident_user == NULL)
+		    state->ident_user = mystrdup("NO-USER");
+		else
+		    state->ident_user = ident_user;
+	    } else
+		msg_warn("getsockname failed while doing ident lookup: %s", strerror(errno));
+	} else
+	    state->ident_user = mystrdup("NO-USER");
     }
 
     /*
@@ -250,6 +273,7 @@
 	state->addr = mystrdup("127.0.0.1");	/* XXX bogus. */
 	state->rfc_addr = mystrdup("127.0.0.1");/* XXX bogus. */
 	state->peer_code = SMTPD_PEER_CODE_OK;
+	state->ident_user = mystrdup("NO-USER");
     }
 
     /*
@@ -267,4 +291,5 @@
     myfree(state->addr);
     myfree(state->namaddr);
     myfree(state->rfc_addr);
+    myfree(state->ident_user);
 }
Commit	Line	Data
06a490d4 JR	1	diff -urN -x '*~' postfix-2.2.5/src/global/mail_params.h postfix-2.2.5-ident/src/global/mail_params.h
	2	--- postfix-2.2.5/src/global/mail_params.h 2006-02-22 16:20:15.000000000 +0100
	3	+++ postfix-2.2.5-ident/src/global/mail_params.h 2006-02-22 15:56:31.000000000 +0100
949c99f8 JR	4	@@ -2346,6 +2346,9 @@
	5	#define DEF_SMTP_EHLO_DIS_MAPS ""
	6	extern char *var_smtp_ehlo_dis_maps;
	7
	8	+#define VAR_SMTPD_IDENT_LOOKUP "smtpd_ident_lookup"
06a490d4 JR	9	+#define DEF_SMTPD_IDENT_LOOKUP ""
06a490d4 JR	10	+extern char *var_smtpd_ident_lookup;
949c99f8 JR	11	/*
	12	* SMTPD messages
	13	*/
06a490d4	14	diff -urN -x '*~' postfix-2.2.5/src/smtpd/Makefile.in postfix-2.2.5-ident/src/smtpd/Makefile.in
949c99f8	15	--- postfix-2.2.5/src/smtpd/Makefile.in 2005-04-29 23:12:28.000000000 +0200
06a490d4	16	+++ postfix-2.2.5-ident/src/smtpd/Makefile.in 2006-02-22 15:56:31.000000000 +0100
949c99f8 JR	17	@@ -1,10 +1,10 @@
	18	SHELL = /bin/sh
	19	SRCS = smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \
	20	smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \
	21	- smtpd_xforward.c
	22	+ smtpd_xforward.c smtpd_ident.c
	23	OBJS = smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \
	24	smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \
	25	- smtpd_xforward.o
	26	+ smtpd_xforward.o smtpd_ident.o
	27	HDRS = smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \
	28	smtpd_sasl_glue.h smtpd_proxy.h
	29	TESTSRC = smtpd_token_test.c
06a490d4 JR	30	diff -urN -x '*~' postfix-2.2.5/src/smtpd/smtpd.c postfix-2.2.5-ident/src/smtpd/smtpd.c
	31	--- postfix-2.2.5/src/smtpd/smtpd.c 2006-02-22 16:20:15.000000000 +0100
	32	+++ postfix-2.2.5-ident/src/smtpd/smtpd.c 2006-02-22 16:17:23.000000000 +0100
949c99f8 JR	33	@@ -900,6 +900,7 @@
	34	char *var_local_rwr_clients;
	35	char *var_smtpd_ehlo_dis_words;
	36	char *var_smtpd_ehlo_dis_maps;
06a490d4	37	+char *var_smtpd_ident_lookup;
949c99f8 JR	38
	39	bool var_smtpd_use_tls;
	40	bool var_smtpd_enforce_tls;
06a490d4 JR	41	@@ -961,6 +962,11 @@
	42	int smtpd_input_transp_mask;
	43
	44	/*
	45	+ * Hosts that should be ident-queried
	46	+ */
	47	+NAMADR_LIST *smtpd_ident_lookup;
	48	+
	49	+ /*
	50	* Forward declarations.
	51	*/
	52	static void helo_reset(SMTPD_STATE *);
	53	@@ -1951,10 +1957,18 @@
949c99f8 JR	54	* intermediate proxy.
	55	*/
	56	if (!state->proxy \|\| state->xforward.flags == 0) {
	57	- out_fprintf(out_stream, REC_TYPE_NORM,
	58	- "Received: from %s (%s [%s])",
	59	- state->helo_name ? state->helo_name : state->name,
	60	- state->name, state->rfc_addr);
06a490d4	61	+ if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) {
949c99f8 JR	62	+ out_fprintf(out_stream, REC_TYPE_NORM,
	63	+ "Received: from %s (%s [%s] ident=%s)",
	64	+ state->helo_name ? state->helo_name : state->name,
	65	+ state->name, state->rfc_addr,
	66	+ state->ident_user);
	67	+ } else {
	68	+ out_fprintf(out_stream, REC_TYPE_NORM,
	69	+ "Received: from %s (%s [%s])",
	70	+ state->helo_name ? state->helo_name : state->name,
	71	+ state->name, state->rfc_addr);
	72	+ }
	73	#ifdef USE_TLS
	74	if (var_smtpd_tls_received_header && state->tls_context) {
	75	out_fprintf(out_stream, REC_TYPE_NORM,
06a490d4 JR	76	@@ -3229,6 +3243,9 @@
	77	xclient_hosts = namadr_list_init(MATCH_FLAG_NONE, var_xclient_hosts);
	78	xforward_hosts = namadr_list_init(MATCH_FLAG_NONE, var_xforward_hosts);
	79	hogger_list = namadr_list_init(MATCH_FLAG_NONE, var_smtpd_hoggers);
	80	+ smtpd_ident_lookup =
	81	+ namadr_list_init(match_parent_style(VAR_SMTPD_IDENT_LOOKUP),
	82	+ var_smtpd_ident_lookup);
	83	if (getuid() == 0 \|\| getuid() == var_owner_uid)
	84	smtpd_check_init();
	85	debug_peer_init();
	86	@@ -3430,6 +3447,7 @@
	87	VAR_SMTPD_SASL_TLS_OPTS, DEF_SMTPD_SASL_TLS_OPTS, &var_smtpd_sasl_tls_opts, 0, 0,
	88	#endif
	89	VAR_REJECT_REPLY_MSG_ACCESS_DENIED, DEF_REJECT_REPLY_MSG_ACCESS_DENIED, &var_reject_reply_msg_access_denied, 1, 0,
	90	+ VAR_SMTPD_IDENT_LOOKUP, DEF_SMTPD_IDENT_LOOKUP, &var_smtpd_ident_lookup, 0, 0,
	91	0,
	92	};
	93	static CONFIG_RAW_TABLE raw_table[] = {
	94	diff -urN -x '*~' postfix-2.2.5/src/smtpd/smtpd.h postfix-2.2.5-ident/src/smtpd/smtpd.h
949c99f8	95	--- postfix-2.2.5/src/smtpd/smtpd.h 2005-01-30 22:45:31.000000000 +0100
06a490d4	96	+++ postfix-2.2.5-ident/src/smtpd/smtpd.h 2006-02-22 15:56:31.000000000 +0100
949c99f8 JR	97	@@ -75,6 +75,7 @@
	98	char addr; / client host address string */
	99	char namaddr; / combined name and address */
	100	char rfc_addr; / address for RFC 2821 */
	101	+ char ident_user; / user name returned by ident RFC 1413 */
	102	struct sockaddr_storage sockaddr; /* binary client endpoint */
	103	int peer_code; /* 2=ok, 4=soft, 5=hard */
	104	int error_count; /* reset after DOT */
	105	@@ -232,6 +233,8 @@
	106	extern void smtpd_peer_init(SMTPD_STATE *state);
	107	extern void smtpd_peer_reset(SMTPD_STATE *state);
	108
	109	+extern char smtpd_ident(struct sockaddr_in peer_addr, struct sockaddr_in *smtpd_addr);
	110	+
	111	#define SMTPD_PEER_CODE_OK 2
	112	#define SMTPD_PEER_CODE_TEMP 4
	113	#define SMTPD_PEER_CODE_PERM 5
06a490d4	114	diff -urN -x '*~' postfix-2.2.5/src/smtpd/smtpd_ident.c postfix-2.2.5-ident/src/smtpd/smtpd_ident.c
949c99f8	115	--- postfix-2.2.5/src/smtpd/smtpd_ident.c 1970-01-01 01:00:00.000000000 +0100
06a490d4	116	+++ postfix-2.2.5-ident/src/smtpd/smtpd_ident.c 2006-02-22 15:56:31.000000000 +0100
949c99f8 JR	117	@@ -0,0 +1,138 @@
	118	+#include <sys_defs.h>
	119	+#include <sys/socket.h>
	120	+#include <netinet/in.h>
	121	+#include <arpa/inet.h>
	122	+#include <stdio.h> /* strerror() */
	123	+#include <errno.h>
	124	+#include <string.h>
	125	+#include <mymalloc.h>
	126	+#include <sys/types.h>
	127	+#include <sys/time.h>
	128	+#include <unistd.h>
	129	+#include <vstream.h>
	130	+
	131	+#include <iostuff.h>
	132	+#include "smtpd.h"
	133	+
	134	+#define IDENT_MSGSIZE 256
	135	+#define IDENT_TIMEOUT 10
	136	+
	137	+#define CHOMP(STR) { char tmp; tmp = STR; while (tmp) { \
	138	+ if (tmp == '\n' \|\| tmp == '\r') *tmp = '\0'; tmp++ ; } }
	139	+
	140	+char smtpd_ident(struct sockaddr_in peer_addr, struct sockaddr_in *smtpd_addr)
	141	+{
	142	+ int ident_sock;
	143	+ char ident_msg[IDENT_MSGSIZE + 1], *sp;
	144	+ char ident_user[IDENT_MSGSIZE + 1];
	145	+ struct sockaddr_in local_addr;
	146	+ struct sockaddr_in ident_addr;
	147	+ char *return_val;
	148	+ VSTREAM *ident_stream;
	149	+
	150	+ memset(ident_msg, 0, IDENT_MSGSIZE + 1);
	151	+ memset(ident_user, 0, IDENT_MSGSIZE + 1);
	152	+
	153	+ /*
	154	+ * Bind the local sockaddr to the same interface as smtpd before
	155	+ * connecting back to the auth port on the peer. This helps
	156	+ * with multihomed postfix servers. First, set up the address.
	157	+ */
	158	+
	159	+ /* Local sockname */
	160	+
	161	+ memset((char *) &local_addr, 0, sizeof(local_addr));
	162	+ local_addr.sin_family = AF_INET;
	163	+ memcpy((void ) &local_addr.sin_addr, (void ) &smtpd_addr->sin_addr, sizeof(local_addr.sin_addr));
	164	+
	165	+ /* Remote sockname + port */
	166	+
	167	+ memset((char *) &ident_addr, 0, sizeof(ident_addr));
	168	+ ident_addr.sin_family = AF_INET;
	169	+ memcpy((void ) &ident_addr.sin_addr, (void ) &peer_addr->sin_addr, sizeof(ident_addr.sin_addr));
	170	+ ident_addr.sin_port = htons(113);
	171	+
	172	+ do {
	173	+ /* socket call */
	174	+
	175	+ if ((ident_sock = socket(ident_addr.sin_family, SOCK_STREAM, 0)) < 0) {
	176	+ msg_warn("Can't allocate socket for ident lookup: %s", strerror(errno));
	177	+ break;
	178	+ }
	179	+
	180	+ /* Now bind the local sock to the interface */
181	+
182	+ if (bind(ident_sock, (struct sockaddr *)&local_addr, sizeof(local_addr)) < 0) {
183	+ msg_warn("local bind of ident sock failed: %s", strerror(errno));
184	+ break;
185	+ }
186	+
187	+ /* connect() back to the smtp client host on port 113 */
188	+
189	+ if (connect(ident_sock, (struct sockaddr *) &ident_addr, sizeof(ident_addr )) < 0) {
190	+ msg_warn( "ident connect to %s: %s", inet_ntoa(peer_addr->sin_addr),
191	+ strerror(errno));
192	+ break;
193	+ }
194	+
195	+ /* Ok, make this a vstream */
196	+
197	+ ident_stream = vstream_fdopen(ident_sock, O_RDWR);
198	+ ident_stream->timeout = IDENT_TIMEOUT;
199	+
200	+ /* Print the ident message to the remote host */
201	+
202	+ vstream_fprintf(ident_stream, "%d, %d\n", ntohs(peer_addr->sin_port), ntohs(smtpd_addr->sin_port));
203	+ if (vstream_ftimeout(ident_stream)) {
204	+ msg_warn( "ident write timed out to %s", inet_ntoa(peer_addr->sin_addr));
205	+ break;
206	+ }
207	+
208	+ /* Read back the result */
209	+
210	+ vstream_fread(ident_stream, ident_msg, IDENT_MSGSIZE);
211	+ if (vstream_ftimeout(ident_stream)) {
212	+ msg_warn( "ident read timed out to %s", inet_ntoa(peer_addr->sin_addr));
213	+ break;
214	+ }
215	+
216	+ /*
217	+ * Should I even bother with this?
218	+ *
219	+ * Even if so, don't worry about this failing, set the timeout low
220	+ */
221	+
222	+ ident_stream->timeout = 2;
223	+ vstream_fwrite(ident_stream, "quit\n", strlen("quit\n"));
224	+
225	+ if (strlen(ident_msg) == 0) {
226	+ msg_warn( "Failed to get ident string from %s", inet_ntoa(peer_addr->sin_addr));
227	+ break;
228	+ }
229	+
230	+ if ((sp = strrchr(ident_msg, ':')) == NULL) {
231	+ msg_warn( "Invalid ident string from %s", inet_ntoa(peer_addr->sin_addr));
232	+ break;
233	+ }
234	+ sp++;
235	+ CHOMP(sp);
236	+ while (sp && (sp == ' ' \|\| *sp == '\t')) {
237	+ sp++;
238	+ }
239	+
240	+ /* If we break before this line, we know we had some sort of bad error */
241	+
242	+ strncpy(ident_user, sp, IDENT_MSGSIZE);
243	+ msg_info( "Received ident string %s from %s", sp, inet_ntoa(peer_addr->sin_addr));
244	+
245	+ } while (0);
246	+
247	+ if (strlen(ident_user) == 0) {
248	+ msg_warn( "Failed to get ident user for %s", inet_ntoa(peer_addr->sin_addr));
249	+ return NULL;
250	+ }
251	+
252	+ vstream_fclose(ident_stream);
253	+ return_val = mystrdup(ident_user);
254	+ return return_val;
255	+}
06a490d4	256	diff -urN -x '*~' postfix-2.2.5/src/smtpd/smtpd_peer.c postfix-2.2.5-ident/src/smtpd/smtpd_peer.c
949c99f8	257	--- postfix-2.2.5/src/smtpd/smtpd_peer.c 2005-01-30 22:42:18.000000000 +0100
06a490d4	258	+++ postfix-2.2.5-ident/src/smtpd/smtpd_peer.c 2006-02-22 16:21:40.000000000 +0100
949c99f8 JR	259	@@ -56,6 +56,7 @@
	260
	261	#include <sys_defs.h>
	262	#include <sys/socket.h>
	263	+#include <sys/types.h>
	264	#include <netinet/in.h>
	265	#include <arpa/inet.h>
	266	#include <stdio.h> /* strerror() */
06a490d4 JR	267	@@ -74,13 +75,17 @@
06a490d4 JR	268
949c99f8 JR	269	/* Global library. */
949c99f8 JR	270
06a490d4	271	+#include <namadr_list.h>
949c99f8 JR	272	#include <mail_proto.h>
	273	+#include <mail_params.h>
	274	#include <valid_mailhost_addr.h>
	275
	276	/* Application-specific. */
06a490d4 JR	277
	278	#include "smtpd.h"
	279
	280	+extern NAMADR_LIST *smtpd_ident_lookup;
	281	+
	282	/* smtpd_peer_init - initialize peer information */
	283
	284	void smtpd_peer_init(SMTPD_STATE *state)
	285	@@ -88,6 +93,8 @@
949c99f8 JR	286	char *myname = "smtpd_peer_init";
	287	SOCKADDR_SIZE sa_len;
	288	struct sockaddr *sa;
	289	+ struct sockaddr_in serv_sin;
	290	+ char *ident_user = NULL;
	291	INET_PROTO_INFO *proto_info = inet_proto_info();
	292
	293	sa = (struct sockaddr *) & (state->sockaddr);
06a490d4	294	@@ -108,6 +115,7 @@
949c99f8 JR	295	state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
	296	state->rfc_addr = mystrdup(CLIENT_ADDR_UNKNOWN);
	297	state->peer_code = SMTPD_PEER_CODE_PERM;
06a490d4	298	+ state->ident_user = mystrdup("NO-USER");
949c99f8 JR	299	}
	300
	301	/*
06a490d4	302	@@ -218,6 +226,7 @@
949c99f8 JR	303	if (aierr) {
	304	msg_warn("%s: hostname %s verification failed: %s",
	305	state->addr, state->name, MAI_STRERROR(aierr));
06a490d4	306	+ state->ident_user = mystrdup("NO-USER");
949c99f8 JR	307	REJECT_PEER_NAME(state, (TEMP_AI_ERROR(aierr) ?
	308	SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_PERM));
	309	} else {
06a490d4	310	@@ -239,6 +248,20 @@
949c99f8 JR	311	freeaddrinfo(res0);
	312	}
	313	}
	314	+
06a490d4	315	+ if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) {
949c99f8 JR	316	+ /* If getsockname fails, just forget it */
	317	+ sa_len = sizeof(serv_sin);
	318	+ if (getsockname(vstream_fileno(state->client), (struct sockaddr *)&serv_sin, &sa_len) >= 0) {
	319	+ ident_user = smtpd_ident((struct sockaddr_in *)sa, &serv_sin);
	320	+ if (ident_user == NULL)
	321	+ state->ident_user = mystrdup("NO-USER");
	322	+ else
	323	+ state->ident_user = ident_user;
	324	+ } else
	325	+ msg_warn("getsockname failed while doing ident lookup: %s", strerror(errno));
06a490d4 JR	326	+ } else
06a490d4 JR	327	+ state->ident_user = mystrdup("NO-USER");
949c99f8 JR	328	}
	329
	330	/*
06a490d4	331	@@ -250,6 +273,7 @@
949c99f8 JR	332	state->addr = mystrdup("127.0.0.1"); /* XXX bogus. */
	333	state->rfc_addr = mystrdup("127.0.0.1");/* XXX bogus. */
	334	state->peer_code = SMTPD_PEER_CODE_OK;
06a490d4	335	+ state->ident_user = mystrdup("NO-USER");
949c99f8 JR	336	}
	337
	338	/*
06a490d4	339	@@ -267,4 +291,5 @@
949c99f8 JR	340	myfree(state->addr);
	341	myfree(state->namaddr);
	342	myfree(state->rfc_addr);
06a490d4	343	+ myfree(state->ident_user);
949c99f8	344	}