]>
Commit | Line | Data |
---|---|---|
06a490d4 JR |
1 | diff -urN -x '*~' postfix-2.2.5/src/global/mail_params.h postfix-2.2.5-ident/src/global/mail_params.h |
2 | --- postfix-2.2.5/src/global/mail_params.h 2006-02-22 16:20:15.000000000 +0100 | |
3 | +++ postfix-2.2.5-ident/src/global/mail_params.h 2006-02-22 15:56:31.000000000 +0100 | |
949c99f8 JR |
4 | @@ -2346,6 +2346,9 @@ |
5 | #define DEF_SMTP_EHLO_DIS_MAPS "" | |
6 | extern char *var_smtp_ehlo_dis_maps; | |
7 | ||
8 | +#define VAR_SMTPD_IDENT_LOOKUP "smtpd_ident_lookup" | |
06a490d4 JR |
9 | +#define DEF_SMTPD_IDENT_LOOKUP "" |
10 | +extern char *var_smtpd_ident_lookup; | |
949c99f8 JR |
11 | /* |
12 | * SMTPD messages | |
13 | */ | |
06a490d4 | 14 | diff -urN -x '*~' postfix-2.2.5/src/smtpd/smtpd_ident.c postfix-2.2.5-ident/src/smtpd/smtpd_ident.c |
949c99f8 | 15 | --- postfix-2.2.5/src/smtpd/smtpd_ident.c 1970-01-01 01:00:00.000000000 +0100 |
06a490d4 | 16 | +++ postfix-2.2.5-ident/src/smtpd/smtpd_ident.c 2006-02-22 15:56:31.000000000 +0100 |
949c99f8 JR |
17 | @@ -0,0 +1,138 @@ |
18 | +#include <sys_defs.h> | |
19 | +#include <sys/socket.h> | |
20 | +#include <netinet/in.h> | |
21 | +#include <arpa/inet.h> | |
22 | +#include <stdio.h> /* strerror() */ | |
23 | +#include <errno.h> | |
24 | +#include <string.h> | |
25 | +#include <mymalloc.h> | |
26 | +#include <sys/types.h> | |
27 | +#include <sys/time.h> | |
28 | +#include <unistd.h> | |
29 | +#include <vstream.h> | |
30 | + | |
31 | +#include <iostuff.h> | |
32 | +#include "smtpd.h" | |
33 | + | |
34 | +#define IDENT_MSGSIZE 256 | |
35 | +#define IDENT_TIMEOUT 10 | |
36 | + | |
37 | +#define CHOMP(STR) { char *tmp; tmp = STR; while (*tmp) { \ | |
38 | + if (*tmp == '\n' || *tmp == '\r') *tmp = '\0'; tmp++ ; } } | |
39 | + | |
40 | +char *smtpd_ident(struct sockaddr_in *peer_addr, struct sockaddr_in *smtpd_addr) | |
41 | +{ | |
42 | + int ident_sock; | |
43 | + char ident_msg[IDENT_MSGSIZE + 1], *sp; | |
44 | + char ident_user[IDENT_MSGSIZE + 1]; | |
45 | + struct sockaddr_in local_addr; | |
46 | + struct sockaddr_in ident_addr; | |
47 | + char *return_val; | |
48 | + VSTREAM *ident_stream; | |
49 | + | |
50 | + memset(ident_msg, 0, IDENT_MSGSIZE + 1); | |
51 | + memset(ident_user, 0, IDENT_MSGSIZE + 1); | |
52 | + | |
53 | + /* | |
54 | + * Bind the local sockaddr to the same interface as smtpd before | |
55 | + * connecting back to the auth port on the peer. This helps | |
56 | + * with multihomed postfix servers. First, set up the address. | |
57 | + */ | |
58 | + | |
59 | + /* Local sockname */ | |
60 | + | |
61 | + memset((char *) &local_addr, 0, sizeof(local_addr)); | |
62 | + local_addr.sin_family = AF_INET; | |
63 | + memcpy((void *) &local_addr.sin_addr, (void *) &smtpd_addr->sin_addr, sizeof(local_addr.sin_addr)); | |
64 | + | |
65 | + /* Remote sockname + port */ | |
66 | + | |
67 | + memset((char *) &ident_addr, 0, sizeof(ident_addr)); | |
68 | + ident_addr.sin_family = AF_INET; | |
69 | + memcpy((void *) &ident_addr.sin_addr, (void *) &peer_addr->sin_addr, sizeof(ident_addr.sin_addr)); | |
70 | + ident_addr.sin_port = htons(113); | |
71 | + | |
72 | + do { | |
73 | + /* socket call */ | |
74 | + | |
75 | + if ((ident_sock = socket(ident_addr.sin_family, SOCK_STREAM, 0)) < 0) { | |
76 | + msg_warn("Can't allocate socket for ident lookup: %s", strerror(errno)); | |
77 | + break; | |
78 | + } | |
79 | + | |
80 | + /* Now bind the local sock to the interface */ | |
81 | + | |
82 | + if (bind(ident_sock, (struct sockaddr *)&local_addr, sizeof(local_addr)) < 0) { | |
83 | + msg_warn("local bind of ident sock failed: %s", strerror(errno)); | |
84 | + break; | |
85 | + } | |
86 | + | |
87 | + /* connect() back to the smtp client host on port 113 */ | |
88 | + | |
89 | + if (connect(ident_sock, (struct sockaddr *) &ident_addr, sizeof(ident_addr )) < 0) { | |
90 | + msg_warn( "ident connect to %s: %s", inet_ntoa(peer_addr->sin_addr), | |
91 | + strerror(errno)); | |
92 | + break; | |
93 | + } | |
94 | + | |
95 | + /* Ok, make this a vstream */ | |
96 | + | |
97 | + ident_stream = vstream_fdopen(ident_sock, O_RDWR); | |
98 | + ident_stream->timeout = IDENT_TIMEOUT; | |
99 | + | |
100 | + /* Print the ident message to the remote host */ | |
101 | + | |
102 | + vstream_fprintf(ident_stream, "%d, %d\n", ntohs(peer_addr->sin_port), ntohs(smtpd_addr->sin_port)); | |
103 | + if (vstream_ftimeout(ident_stream)) { | |
104 | + msg_warn( "ident write timed out to %s", inet_ntoa(peer_addr->sin_addr)); | |
105 | + break; | |
106 | + } | |
107 | + | |
108 | + /* Read back the result */ | |
109 | + | |
110 | + vstream_fread(ident_stream, ident_msg, IDENT_MSGSIZE); | |
111 | + if (vstream_ftimeout(ident_stream)) { | |
112 | + msg_warn( "ident read timed out to %s", inet_ntoa(peer_addr->sin_addr)); | |
113 | + break; | |
114 | + } | |
115 | + | |
116 | + /* | |
117 | + * Should I even bother with this? | |
118 | + * | |
119 | + * Even if so, don't worry about this failing, set the timeout low | |
120 | + */ | |
121 | + | |
122 | + ident_stream->timeout = 2; | |
123 | + vstream_fwrite(ident_stream, "quit\n", strlen("quit\n")); | |
124 | + | |
125 | + if (strlen(ident_msg) == 0) { | |
126 | + msg_warn( "Failed to get ident string from %s", inet_ntoa(peer_addr->sin_addr)); | |
127 | + break; | |
128 | + } | |
129 | + | |
130 | + if ((sp = strrchr(ident_msg, ':')) == NULL) { | |
131 | + msg_warn( "Invalid ident string from %s", inet_ntoa(peer_addr->sin_addr)); | |
132 | + break; | |
133 | + } | |
134 | + sp++; | |
135 | + CHOMP(sp); | |
136 | + while (*sp && (*sp == ' ' || *sp == '\t')) { | |
137 | + sp++; | |
138 | + } | |
139 | + | |
140 | + /* If we break before this line, we know we had some sort of bad error */ | |
141 | + | |
142 | + strncpy(ident_user, sp, IDENT_MSGSIZE); | |
143 | + msg_info( "Received ident string %s from %s", sp, inet_ntoa(peer_addr->sin_addr)); | |
144 | + | |
145 | + } while (0); | |
146 | + | |
147 | + if (strlen(ident_user) == 0) { | |
148 | + msg_warn( "Failed to get ident user for %s", inet_ntoa(peer_addr->sin_addr)); | |
149 | + return NULL; | |
150 | + } | |
151 | + | |
152 | + vstream_fclose(ident_stream); | |
153 | + return_val = mystrdup(ident_user); | |
154 | + return return_val; | |
155 | +} | |
5a9aead1 AG |
156 | --- postfix-2.3-RC9/src/smtpd/smtpd.h.orig 2006-07-09 21:49:21.000000000 +0200 |
157 | +++ postfix-2.3-RC9/src/smtpd/smtpd.h 2006-07-11 20:30:43.993322048 +0200 | |
158 | @@ -77,6 +77,7 @@ | |
159 | char *addr; /* client host address string */ | |
160 | char *namaddr; /* combined name and address */ | |
161 | char *rfc_addr; /* address for RFC 2821 */ | |
162 | + char *ident_user; /* user name returned by ident RFC 1413 */ | |
163 | int addr_family; /* address family */ | |
164 | struct sockaddr_storage sockaddr; /* binary client endpoint */ | |
165 | int name_status; /* 2=ok 4=soft 5=hard 6=forged */ | |
166 | @@ -266,6 +267,8 @@ | |
167 | extern void smtpd_peer_init(SMTPD_STATE *state); | |
168 | extern void smtpd_peer_reset(SMTPD_STATE *state); | |
169 | ||
170 | +extern char *smtpd_ident(struct sockaddr_in *peer_addr, struct sockaddr_in *smtpd_addr); | |
171 | + | |
172 | #define SMTPD_PEER_CODE_OK 2 | |
173 | #define SMTPD_PEER_CODE_TEMP 4 | |
174 | #define SMTPD_PEER_CODE_PERM 5 | |
175 | --- postfix-2.8.3/src/smtpd/Makefile.in~ 2011-05-17 14:28:28.406666872 +0200 | |
176 | +++ postfix-2.8.3/src/smtpd/Makefile.in 2011-05-17 14:31:06.946666872 +0200 | |
177 | @@ -2,11 +2,11 @@ | |
178 | SRCS = smtpd.c smtpd_token.c smtpd_check.c smtpd_chat.c smtpd_state.c \ | |
179 | smtpd_peer.c smtpd_sasl_proto.c smtpd_sasl_glue.c smtpd_proxy.c \ | |
180 | smtpd_xforward.c smtpd_dsn_fix.c smtpd_milter.c smtpd_resolve.c \ | |
9f3d4e6e JR |
181 | - smtpd_expand.c smtpd_haproxy.c |
182 | + smtpd_expand.c smtpd_haproxy.c smtpd_ident.c | |
5a9aead1 AG |
183 | OBJS = smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o \ |
184 | smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o \ | |
185 | smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o smtpd_resolve.o \ | |
9f3d4e6e JR |
186 | - smtpd_expand.o smtpd_haproxy.o |
187 | + smtpd_expand.o smtpd_haproxy.o smtpd_ident.o | |
5a9aead1 AG |
188 | HDRS = smtpd_token.h smtpd_check.h smtpd_chat.h smtpd_sasl_proto.h \ |
189 | smtpd_sasl_glue.h smtpd_proxy.h smtpd_dsn_fix.h smtpd_milter.h \ | |
190 | smtpd_resolve.h smtpd_expand.h | |
191 | --- postfix-2.9.0/src/smtpd/smtpd.c.orig 2012-02-04 19:34:17.737149536 +0100 | |
192 | +++ postfix-2.9.0/src/smtpd/smtpd.c 2012-02-04 19:36:43.414073592 +0100 | |
193 | @@ -1208,6 +1208,7 @@ | |
e6742683 | 194 | char *var_local_rwr_clients; |
195 | char *var_smtpd_ehlo_dis_words; | |
196 | char *var_smtpd_ehlo_dis_maps; | |
197 | +char *var_smtpd_ident_lookup; | |
198 | ||
199 | char *var_smtpd_tls_level; | |
200 | bool var_smtpd_use_tls; | |
5a9aead1 | 201 | @@ -1329,6 +1330,11 @@ |
e6742683 | 202 | int smtpd_input_transp_mask; |
203 | ||
204 | /* | |
205 | + * Hosts that should be ident-queried | |
206 | + */ | |
207 | +NAMADR_LIST *smtpd_ident_lookup; | |
208 | + | |
209 | + /* | |
210 | * Forward declarations. | |
211 | */ | |
212 | static void helo_reset(SMTPD_STATE *); | |
5a9aead1 | 213 | @@ -2950,10 +2956,18 @@ |
e6742683 | 214 | * intermediate proxy. |
215 | */ | |
a9621843 | 216 | if (!proxy || state->xforward.flags == 0) { |
e6742683 | 217 | - out_fprintf(out_stream, REC_TYPE_NORM, |
218 | - "Received: from %s (%s [%s])", | |
219 | - state->helo_name ? state->helo_name : state->name, | |
220 | - state->name, state->rfc_addr); | |
221 | + if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) { | |
222 | + out_fprintf(out_stream, REC_TYPE_NORM, | |
223 | + "Received: from %s (%s [%s] ident=%s)", | |
224 | + state->helo_name ? state->helo_name : state->name, | |
225 | + state->name, state->rfc_addr, | |
226 | + state->ident_user); | |
227 | + } else { | |
228 | + out_fprintf(out_stream, REC_TYPE_NORM, | |
229 | + "Received: from %s (%s [%s])", | |
230 | + state->helo_name ? state->helo_name : state->name, | |
231 | + state->name, state->rfc_addr); | |
232 | + } | |
233 | ||
234 | #define VSTRING_STRDUP(s) vstring_strcpy(vstring_alloc(strlen(s) + 1), (s)) | |
235 | ||
5a9aead1 AG |
236 | @@ -4954,6 +4968,9 @@ |
237 | xclient_hosts = namadr_list_init(MATCH_FLAG_RETURN, var_xclient_hosts); | |
238 | xforward_hosts = namadr_list_init(MATCH_FLAG_RETURN, var_xforward_hosts); | |
239 | hogger_list = namadr_list_init(MATCH_FLAG_RETURN, var_smtpd_hoggers); | |
e6742683 | 240 | + smtpd_ident_lookup = |
ce5d3fb8 ER |
241 | + namadr_list_init(match_parent_style(VAR_SMTPD_IDENT_LOOKUP), |
242 | + var_smtpd_ident_lookup); | |
243 | ||
244 | /* | |
245 | * Open maps before dropping privileges so we can read passwords etc. | |
5a9aead1 | 246 | @@ -5382,6 +5399,7 @@ |
e6742683 | 247 | VAR_MILT_V, DEF_MILT_V, &var_milt_v, 1, 0, |
0a41a8cf | 248 | VAR_STRESS, DEF_STRESS, &var_stress, 0, 0, |
e6742683 | 249 | VAR_REJECT_REPLY_MSG_ACCESS_DENIED, DEF_REJECT_REPLY_MSG_ACCESS_DENIED, &var_reject_reply_msg_access_denied, 1, 0, |
250 | + VAR_SMTPD_IDENT_LOOKUP, DEF_SMTPD_IDENT_LOOKUP, &var_smtpd_ident_lookup, 0, 0, | |
0a41a8cf | 251 | VAR_UNV_FROM_WHY, DEF_UNV_FROM_WHY, &var_unv_from_why, 0, 0, |
252 | VAR_UNV_RCPT_WHY, DEF_UNV_RCPT_WHY, &var_unv_rcpt_why, 0, 0, | |
253 | VAR_REJECT_TMPF_ACT, DEF_REJECT_TMPF_ACT, &var_reject_tmpf_act, 1, 0, | |
5a9aead1 AG |
254 | --- postfix-2.9.0/src/smtpd/smtpd_peer.c.orig 2012-02-04 19:34:17.294233547 +0100 |
255 | +++ postfix-2.9.0/src/smtpd/smtpd_peer.c 2012-02-04 19:40:48.203777370 +0100 | |
8dedada0 | 256 | @@ -103,6 +103,7 @@ |
949c99f8 JR |
257 | |
258 | #include <sys_defs.h> | |
259 | #include <sys/socket.h> | |
260 | +#include <sys/types.h> | |
261 | #include <netinet/in.h> | |
262 | #include <arpa/inet.h> | |
263 | #include <stdio.h> /* strerror() */ | |
8dedada0 | 264 | @@ -123,6 +124,7 @@ |
06a490d4 | 265 | |
949c99f8 JR |
266 | /* Global library. */ |
267 | ||
06a490d4 | 268 | +#include <namadr_list.h> |
949c99f8 | 269 | #include <mail_proto.h> |
949c99f8 | 270 | #include <valid_mailhost_addr.h> |
e6742683 | 271 | #include <mail_params.h> |
8dedada0 JR |
272 | @@ -132,6 +134,8 @@ |
273 | ||
274 | #include "smtpd.h" | |
06a490d4 JR |
275 | |
276 | +extern NAMADR_LIST *smtpd_ident_lookup; | |
277 | + | |
8dedada0 | 278 | static INET_PROTO_INFO *proto_info; |
5a9aead1 | 279 | |
8dedada0 JR |
280 | /* |
281 | @@ -345,6 +352,7 @@ | |
282 | if (aierr) { | |
283 | msg_warn("hostname %s does not resolve to address %s: %s", | |
284 | state->name, state->addr, MAI_STRERROR(aierr)); | |
285 | + state->ident_user = mystrdup("NO-USER"); | |
286 | REJECT_PEER_NAME(state, (TEMP_AI_ERROR(aierr) ? | |
e6742683 | 287 | SMTPD_PEER_CODE_TEMP : SMTPD_PEER_CODE_FORGED)); |
8dedada0 JR |
288 | } else { |
289 | @@ -352,6 +360,7 @@ | |
290 | if (res == 0) { | |
291 | msg_warn("hostname %s does not resolve to address %s", | |
292 | state->name, state->addr); | |
293 | + state->ident_user = mystrdup("NO-USER"); | |
294 | REJECT_PEER_NAME(state, SMTPD_PEER_CODE_FORGED); | |
295 | break; | |
296 | } | |
297 | @@ -366,6 +375,22 @@ | |
298 | freeaddrinfo(res0); | |
949c99f8 | 299 | } |
8dedada0 JR |
300 | } |
301 | + if (namadr_list_match(smtpd_ident_lookup, state->name, state->addr)) { | |
302 | + struct sockaddr_in serv_sin; | |
303 | + char *ident_user = NULL; | |
949c99f8 | 304 | + |
8dedada0 JR |
305 | + /* If getsockname fails, just forget it */ |
306 | + sa_length = sizeof(serv_sin); | |
307 | + if (getsockname(vstream_fileno(state->client), (struct sockaddr *)&serv_sin, &sa_length) >= 0) { | |
308 | + ident_user = smtpd_ident((struct sockaddr_in *)sa, &serv_sin); | |
309 | + if (ident_user == NULL) | |
310 | + state->ident_user = mystrdup("NO-USER"); | |
311 | + else | |
312 | + state->ident_user = ident_user; | |
06a490d4 | 313 | + } else |
8dedada0 JR |
314 | + msg_warn("getsockname failed while doing ident lookup: %s", strerror(errno)); |
315 | + } else | |
06a490d4 | 316 | + state->ident_user = mystrdup("NO-USER"); |
8dedada0 | 317 | } |
949c99f8 | 318 | |
8dedada0 JR |
319 | /* smtpd_peer_hostaddr_to_sockaddr - convert numeric string to binary */ |
320 | @@ -411,6 +433,7 @@ | |
321 | state->addr_family = AF_UNSPEC; | |
322 | state->name_status = SMTPD_PEER_CODE_OK; | |
323 | state->reverse_name_status = SMTPD_PEER_CODE_OK; | |
324 | + state->ident_user = mystrdup("NO-USER"); | |
325 | state->port = mystrdup("0"); /* XXX bogus. */ | |
326 | } | |
949c99f8 | 327 | |
8dedada0 JR |
328 | @@ -426,6 +449,7 @@ |
329 | state->addr_family = AF_UNSPEC; | |
330 | state->name_status = SMTPD_PEER_CODE_PERM; | |
331 | state->reverse_name_status = SMTPD_PEER_CODE_PERM; | |
332 | + state->ident_user = mystrdup("NO-USER"); | |
333 | state->port = mystrdup(CLIENT_PORT_UNKNOWN); | |
334 | } | |
335 | ||
336 | @@ -554,6 +578,7 @@ | |
337 | state->addr = 0; | |
338 | state->namaddr = 0; | |
339 | state->rfc_addr = 0; | |
340 | + state->ident_user = 0; | |
341 | state->port = 0; | |
342 | state->dest_addr = 0; | |
343 | ||
344 | @@ -604,6 +629,8 @@ | |
9f3d4e6e JR |
345 | myfree(state->namaddr); |
346 | if (state->rfc_addr) | |
347 | myfree(state->rfc_addr); | |
348 | + if (state->ident_user) | |
349 | + myfree(state->ident_user); | |
350 | if (state->port) | |
351 | myfree(state->port); | |
352 | if (state->dest_addr) |