]>
Commit | Line | Data |
---|---|---|
06a490d4 JR |
1 | diff -urN -x '*~' postfix-2.2.5/src/global/mail_params.h postfix-2.2.5-ident/src/global/mail_params.h |
2 | --- postfix-2.2.5/src/global/mail_params.h 2006-02-22 16:20:15.000000000 +0100 | |
3 | +++ postfix-2.2.5-ident/src/global/mail_params.h 2006-02-22 15:56:31.000000000 +0100 | |
949c99f8 JR |
4 | @@ -2346,6 +2346,9 @@ |
5 | #define DEF_SMTP_EHLO_DIS_MAPS "" | |
6 | extern char *var_smtp_ehlo_dis_maps; | |
7 | ||
8 | +#define VAR_SMTPD_IDENT_LOOKUP "smtpd_ident_lookup" | |
06a490d4 JR |
9 | +#define DEF_SMTPD_IDENT_LOOKUP "" |
10 | +extern char *var_smtpd_ident_lookup; | |
949c99f8 JR |
11 | /* |
12 | * SMTPD messages | |
13 | */ | |
06a490d4 | 14 | diff -urN -x '*~' postfix-2.2.5/src/smtpd/smtpd_ident.c postfix-2.2.5-ident/src/smtpd/smtpd_ident.c |
949c99f8 | 15 | --- postfix-2.2.5/src/smtpd/smtpd_ident.c 1970-01-01 01:00:00.000000000 +0100 |
06a490d4 | 16 | +++ postfix-2.2.5-ident/src/smtpd/smtpd_ident.c 2006-02-22 15:56:31.000000000 +0100 |
949c99f8 JR |
17 | @@ -0,0 +1,138 @@ |
18 | +#include <sys_defs.h> | |
19 | +#include <sys/socket.h> | |
20 | +#include <netinet/in.h> | |
21 | +#include <arpa/inet.h> | |
22 | +#include <stdio.h> /* strerror() */ | |
23 | +#include <errno.h> | |
24 | +#include <string.h> | |
25 | +#include <mymalloc.h> | |
26 | +#include <sys/types.h> | |
27 | +#include <sys/time.h> | |
28 | +#include <unistd.h> | |
29 | +#include <vstream.h> | |
30 | + | |
31 | +#include <iostuff.h> | |
32 | +#include "smtpd.h" | |
33 | + | |
34 | +#define IDENT_MSGSIZE 256 | |
35 | +#define IDENT_TIMEOUT 10 | |
36 | + | |
37 | +#define CHOMP(STR) { char *tmp; tmp = STR; while (*tmp) { \ | |
38 | + if (*tmp == '\n' || *tmp == '\r') *tmp = '\0'; tmp++ ; } } | |
39 | + | |
40 | +char *smtpd_ident(struct sockaddr_in *peer_addr, struct sockaddr_in *smtpd_addr) | |
41 | +{ | |
42 | + int ident_sock; | |
43 | + char ident_msg[IDENT_MSGSIZE + 1], *sp; | |
44 | + char ident_user[IDENT_MSGSIZE + 1]; | |
45 | + struct sockaddr_in local_addr; | |
46 | + struct sockaddr_in ident_addr; | |
47 | + char *return_val; | |
48 | + VSTREAM *ident_stream; | |
49 | + | |
50 | + memset(ident_msg, 0, IDENT_MSGSIZE + 1); | |
51 | + memset(ident_user, 0, IDENT_MSGSIZE + 1); | |
52 | + | |
53 | + /* | |
54 | + * Bind the local sockaddr to the same interface as smtpd before | |
55 | + * connecting back to the auth port on the peer. This helps | |
56 | + * with multihomed postfix servers. First, set up the address. | |
57 | + */ | |
58 | + | |
59 | + /* Local sockname */ | |
60 | + | |
61 | + memset((char *) &local_addr, 0, sizeof(local_addr)); | |
62 | + local_addr.sin_family = AF_INET; | |
63 | + memcpy((void *) &local_addr.sin_addr, (void *) &smtpd_addr->sin_addr, sizeof(local_addr.sin_addr)); | |
64 | + | |
65 | + /* Remote sockname + port */ | |
66 | + | |
67 | + memset((char *) &ident_addr, 0, sizeof(ident_addr)); | |
68 | + ident_addr.sin_family = AF_INET; | |
69 | + memcpy((void *) &ident_addr.sin_addr, (void *) &peer_addr->sin_addr, sizeof(ident_addr.sin_addr)); | |
70 | + ident_addr.sin_port = htons(113); | |
71 | + | |
72 | + do { | |
73 | + /* socket call */ | |
74 | + | |
75 | + if ((ident_sock = socket(ident_addr.sin_family, SOCK_STREAM, 0)) < 0) { | |
76 | + msg_warn("Can't allocate socket for ident lookup: %s", strerror(errno)); | |
77 | + break; | |
78 | + } | |
79 | + | |
80 | + /* Now bind the local sock to the interface */ | |
81 | + | |
82 | + if (bind(ident_sock, (struct sockaddr *)&local_addr, sizeof(local_addr)) < 0) { | |
83 | + msg_warn("local bind of ident sock failed: %s", strerror(errno)); | |
84 | + break; | |
85 | + } | |
86 | + | |
87 | + /* connect() back to the smtp client host on port 113 */ | |
88 | + | |
89 | + if (connect(ident_sock, (struct sockaddr *) &ident_addr, sizeof(ident_addr )) < 0) { | |
90 | + msg_warn( "ident connect to %s: %s", inet_ntoa(peer_addr->sin_addr), | |
91 | + strerror(errno)); | |
92 | + break; | |
93 | + } | |
94 | + | |
95 | + /* Ok, make this a vstream */ | |
96 | + | |
97 | + ident_stream = vstream_fdopen(ident_sock, O_RDWR); | |
98 | + ident_stream->timeout = IDENT_TIMEOUT; | |
99 | + | |
100 | + /* Print the ident message to the remote host */ | |
101 | + | |
102 | + vstream_fprintf(ident_stream, "%d, %d\n", ntohs(peer_addr->sin_port), ntohs(smtpd_addr->sin_port)); | |
103 | + if (vstream_ftimeout(ident_stream)) { | |
104 | + msg_warn( "ident write timed out to %s", inet_ntoa(peer_addr->sin_addr)); | |
105 | + break; | |
106 | + } | |
107 | + | |
108 | + /* Read back the result */ | |
109 | + | |
110 | + vstream_fread(ident_stream, ident_msg, IDENT_MSGSIZE); | |
111 | + if (vstream_ftimeout(ident_stream)) { | |
112 | + msg_warn( "ident read timed out to %s", inet_ntoa(peer_addr->sin_addr)); | |
113 | + break; | |
114 | + } | |
115 | + | |
116 | + /* | |
117 | + * Should I even bother with this? | |
118 | + * | |
119 | + * Even if so, don't worry about this failing, set the timeout low | |
120 | + */ | |
121 | + | |
122 | + ident_stream->timeout = 2; | |
123 | + vstream_fwrite(ident_stream, "quit\n", strlen("quit\n")); | |
124 | + | |
125 | + if (strlen(ident_msg) == 0) { | |
126 | + msg_warn( "Failed to get ident string from %s", inet_ntoa(peer_addr->sin_addr)); | |
127 | + break; | |
128 | + } | |
129 | + | |
130 | + if ((sp = strrchr(ident_msg, ':')) == NULL) { | |
131 | + msg_warn( "Invalid ident string from %s", inet_ntoa(peer_addr->sin_addr)); | |
132 | + break; | |
133 | + } | |
134 | + sp++; | |
135 | + CHOMP(sp); | |
136 | + while (*sp && (*sp == ' ' || *sp == '\t')) { | |
137 | + sp++; | |
138 | + } | |
139 | + | |
140 | + /* If we break before this line, we know we had some sort of bad error */ | |
141 | + | |
142 | + strncpy(ident_user, sp, IDENT_MSGSIZE); | |
143 | + msg_info( "Received ident string %s from %s", sp, inet_ntoa(peer_addr->sin_addr)); | |
144 | + | |
145 | + } while (0); | |
146 | + | |
147 | + if (strlen(ident_user) == 0) { | |
148 | + msg_warn( "Failed to get ident user for %s", inet_ntoa(peer_addr->sin_addr)); | |
149 | + return NULL; | |
150 | + } | |
151 | + | |
152 | + vstream_fclose(ident_stream); | |
153 | + return_val = mystrdup(ident_user); | |
154 | + return return_val; | |
155 | +} | |
e6742683 | 156 | --- postfix-2.3-RC9/src/smtpd/Makefile.in.orig 2006-07-09 19:45:31.000000000 +0200 |
157 | +++ postfix-2.3-RC9/src/smtpd/Makefile.in 2006-07-11 20:17:09.605127872 +0200 | |
158 | @@ -1,10 +1,10 @@ | |
159 | SHELL = /bin/sh | |
160 | SRCS = smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \ | |
161 | smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \ | |
162 | - smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c | |
163 | + smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c smtpd_ident.c | |
164 | OBJS = smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \ | |
165 | smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \ | |
166 | - smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o | |
167 | + smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o smtpd_ident.o | |
168 | HDRS = smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \ | |
169 | smtpd_sasl_glue.h smtpd_proxy.h smtpd_dsn_fix.h smtpd_milter.h | |
170 | TESTSRC = smtpd_token_test.c | |
171 | --- postfix-2.3-RC9/src/smtpd/smtpd.c.orig 2006-07-11 20:13:27.780850288 +0200 | |
172 | +++ postfix-2.3-RC9/src/smtpd/smtpd.c 2006-07-11 20:27:06.515383720 +0200 | |
173 | @@ -1024,6 +1024,7 @@ | |
174 | char *var_local_rwr_clients; | |
175 | char *var_smtpd_ehlo_dis_words; | |
176 | char *var_smtpd_ehlo_dis_maps; | |
177 | +char *var_smtpd_ident_lookup; | |
178 | ||
179 | char *var_smtpd_tls_level; | |
180 | bool var_smtpd_use_tls; | |
181 | @@ -1119,6 +1120,11 @@ | |
182 | int smtpd_input_transp_mask; | |
183 | ||
184 | /* | |
185 | + * Hosts that should be ident-queried | |
186 | + */ | |
187 | +NAMADR_LIST *smtpd_ident_lookup; | |
188 | + | |
189 | + /* | |
190 | * Forward declarations. | |
191 | */ | |
192 | static void helo_reset(SMTPD_STATE *); | |
193 | @@ -2503,10 +2509,18 @@ | |
194 | * intermediate proxy. | |
195 | */ | |
196 | if (!state->proxy || state->xforward.flags == 0) { | |
197 | - out_fprintf(out_stream, REC_TYPE_NORM, | |
198 | - "Received: from %s (%s [%s])", | |
199 | - state->helo_name ? state->helo_name : state->name, | |
200 | - state->name, state->rfc_addr); | |
201 | + if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) { | |
202 | + out_fprintf(out_stream, REC_TYPE_NORM, | |
203 | + "Received: from %s (%s [%s] ident=%s)", | |
204 | + state->helo_name ? state->helo_name : state->name, | |
205 | + state->name, state->rfc_addr, | |
206 | + state->ident_user); | |
207 | + } else { | |
208 | + out_fprintf(out_stream, REC_TYPE_NORM, | |
209 | + "Received: from %s (%s [%s])", | |
210 | + state->helo_name ? state->helo_name : state->name, | |
211 | + state->name, state->rfc_addr); | |
212 | + } | |
213 | ||
214 | #define VSTRING_STRDUP(s) vstring_strcpy(vstring_alloc(strlen(s) + 1), (s)) | |
215 | ||
216 | @@ -4129,6 +4143,9 @@ | |
217 | xclient_hosts = namadr_list_init(MATCH_FLAG_NONE, var_xclient_hosts); | |
218 | xforward_hosts = namadr_list_init(MATCH_FLAG_NONE, var_xforward_hosts); | |
219 | hogger_list = namadr_list_init(MATCH_FLAG_NONE, var_smtpd_hoggers); | |
220 | + smtpd_ident_lookup = | |
221 | + namadr_list_init(match_parent_style(VAR_SMTPD_IDENT_LOOKUP), | |
222 | + var_smtpd_ident_lookup); | |
223 | if (getuid() == 0 || getuid() == var_owner_uid) | |
224 | smtpd_check_init(); | |
225 | debug_peer_init(); | |
226 | @@ -4513,6 +4513,7 @@ | |
227 | VAR_MILT_DAEMON_NAME, DEF_MILT_DAEMON_NAME, &var_milt_daemon_name, 1, 0, | |
228 | VAR_MILT_V, DEF_MILT_V, &var_milt_v, 1, 0, | |
229 | VAR_REJECT_REPLY_MSG_ACCESS_DENIED, DEF_REJECT_REPLY_MSG_ACCESS_DENIED, &var_reject_reply_msg_access_denied, 1, 0, | |
230 | + VAR_SMTPD_IDENT_LOOKUP, DEF_SMTPD_IDENT_LOOKUP, &var_smtpd_ident_lookup, 0, 0, | |
231 | 0, | |
232 | }; | |
233 | static CONFIG_RAW_TABLE raw_table[] = { | |
234 | --- postfix-2.3-RC9/src/smtpd/smtpd.h.orig 2006-07-09 21:49:21.000000000 +0200 | |
235 | +++ postfix-2.3-RC9/src/smtpd/smtpd.h 2006-07-11 20:30:43.993322048 +0200 | |
236 | @@ -77,6 +77,7 @@ | |
237 | char *addr; /* client host address string */ | |
238 | char *namaddr; /* combined name and address */ | |
239 | char *rfc_addr; /* address for RFC 2821 */ | |
240 | + char *ident_user; /* user name returned by ident RFC 1413 */ | |
241 | int addr_family; /* address family */ | |
242 | struct sockaddr_storage sockaddr; /* binary client endpoint */ | |
243 | int name_status; /* 2=ok 4=soft 5=hard 6=forged */ | |
244 | @@ -266,6 +267,8 @@ | |
245 | extern void smtpd_peer_init(SMTPD_STATE *state); | |
246 | extern void smtpd_peer_reset(SMTPD_STATE *state); | |
247 | ||
248 | +extern char *smtpd_ident(struct sockaddr_in *peer_addr, struct sockaddr_in *smtpd_addr); | |
249 | + | |
250 | #define SMTPD_PEER_CODE_OK 2 | |
251 | #define SMTPD_PEER_CODE_TEMP 4 | |
252 | #define SMTPD_PEER_CODE_PERM 5 | |
253 | --- postfix-2.3-RC9/src/smtpd/smtpd_peer.c.orig 2006-07-08 02:51:33.000000000 +0200 | |
254 | +++ postfix-2.3-RC9/src/smtpd/smtpd_peer.c 2006-07-11 20:41:04.935924424 +0200 | |
255 | @@ -98,6 +98,7 @@ | |
949c99f8 JR |
256 | |
257 | #include <sys_defs.h> | |
258 | #include <sys/socket.h> | |
259 | +#include <sys/types.h> | |
260 | #include <netinet/in.h> | |
261 | #include <arpa/inet.h> | |
262 | #include <stdio.h> /* strerror() */ | |
e6742683 | 263 | @@ -116,6 +117,7 @@ |
06a490d4 | 264 | |
949c99f8 JR |
265 | /* Global library. */ |
266 | ||
06a490d4 | 267 | +#include <namadr_list.h> |
949c99f8 | 268 | #include <mail_proto.h> |
949c99f8 | 269 | #include <valid_mailhost_addr.h> |
e6742683 | 270 | #include <mail_params.h> |
271 | @@ -124,6 +126,8 @@ | |
06a490d4 JR |
272 | |
273 | #include "smtpd.h" | |
274 | ||
275 | +extern NAMADR_LIST *smtpd_ident_lookup; | |
276 | + | |
277 | /* smtpd_peer_init - initialize peer information */ | |
278 | ||
279 | void smtpd_peer_init(SMTPD_STATE *state) | |
e6742683 | 280 | @@ -131,6 +135,9 @@ |
281 | const char *myname = "smtpd_peer_init"; | |
282 | SOCKADDR_SIZE sa_length; | |
949c99f8 JR |
283 | struct sockaddr *sa; |
284 | + struct sockaddr_in serv_sin; | |
285 | + char *ident_user = NULL; | |
e6742683 | 286 | + size_t sa_len; |
949c99f8 JR |
287 | INET_PROTO_INFO *proto_info = inet_proto_info(); |
288 | ||
289 | sa = (struct sockaddr *) & (state->sockaddr); | |
e6742683 | 290 | @@ -163,6 +170,7 @@ |
291 | state->addr_family = AF_UNSPEC; | |
292 | state->name_status = SMTPD_PEER_CODE_PERM; | |
293 | state->reverse_name_status = SMTPD_PEER_CODE_PERM; | |
06a490d4 | 294 | + state->ident_user = mystrdup("NO-USER"); |
949c99f8 JR |
295 | } |
296 | ||
297 | /* | |
e6742683 | 298 | @@ -302,6 +310,7 @@ |
949c99f8 JR |
299 | if (aierr) { |
300 | msg_warn("%s: hostname %s verification failed: %s", | |
301 | state->addr, state->name, MAI_STRERROR(aierr)); | |
06a490d4 | 302 | + state->ident_user = mystrdup("NO-USER"); |
949c99f8 | 303 | REJECT_PEER_NAME(state, (TEMP_AI_ERROR(aierr) ? |
e6742683 | 304 | SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_FORGED)); |
949c99f8 | 305 | } else { |
e6742683 | 306 | @@ -323,6 +332,20 @@ |
949c99f8 JR |
307 | freeaddrinfo(res0); |
308 | } | |
309 | } | |
310 | + | |
06a490d4 | 311 | + if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) { |
949c99f8 JR |
312 | + /* If getsockname fails, just forget it */ |
313 | + sa_len = sizeof(serv_sin); | |
314 | + if (getsockname(vstream_fileno(state->client), (struct sockaddr *)&serv_sin, &sa_len) >= 0) { | |
315 | + ident_user = smtpd_ident((struct sockaddr_in *)sa, &serv_sin); | |
316 | + if (ident_user == NULL) | |
317 | + state->ident_user = mystrdup("NO-USER"); | |
318 | + else | |
319 | + state->ident_user = ident_user; | |
320 | + } else | |
321 | + msg_warn("getsockname failed while doing ident lookup: %s", strerror(errno)); | |
06a490d4 JR |
322 | + } else |
323 | + state->ident_user = mystrdup("NO-USER"); | |
949c99f8 JR |
324 | } |
325 | ||
326 | /* | |
e6742683 | 327 | @@ -337,6 +360,7 @@ |
328 | state->addr_family = AF_UNSPEC; | |
329 | state->name_status = SMTPD_PEER_CODE_OK; | |
330 | state->reverse_name_status = SMTPD_PEER_CODE_OK; | |
06a490d4 | 331 | + state->ident_user = mystrdup("NO-USER"); |
949c99f8 JR |
332 | } |
333 | ||
334 | /* | |
e6742683 | 335 | @@ -355,4 +379,5 @@ |
949c99f8 JR |
336 | myfree(state->addr); |
337 | myfree(state->namaddr); | |
338 | myfree(state->rfc_addr); | |
06a490d4 | 339 | + myfree(state->ident_user); |
949c99f8 | 340 | } |