Hello community, here is the log from the commit of package cyrus-imapd for openSUSE:Factory checked in at 2014-03-09 18:21:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cyrus-imapd (Old) and /work/SRC/openSUSE:Factory/.cyrus-imapd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cyrus-imapd" Changes: -------- --- /work/SRC/openSUSE:Factory/cyrus-imapd/cyrus-imapd.changes 2013-06-17 10:03:31.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.cyrus-imapd.new/cyrus-imapd.changes 2014-03-09 18:21:58.000000000 +0100 @@ -1,0 +2,104 @@ +Wed Jan 29 11:14:13 UTC 2014 - [email protected] + +- Added -snmp and -snmp-mibs sub-packages +- Added README.SNMP to cyrus-imapd-rc-2.tar.gz +- Added sysconfig option to use SNMP + * TODO: convert to a yesno option + +------------------------------------------------------------------- +Fri Jan 24 13:45:42 UTC 2014 - [email protected] + +- Updated to upstream release 2.4.17 (fate#311137) + Changes to the Cyrus IMAP Server since 2.3.x: + * All databases are now default skiplist, and ctl_cyrusdb will automatically convert database type on startup. + * make_sha1 and make_md5 are removed (replaced by GUID and reconstruct changes) + * Charset subsystem rewritten - Unicode 5.2 rather than Unicode 2, and UTF-8 support in sieve. + * Core mailbox handling code largely rewritten with new APIs, CRC checksums, new locking mechanisms, merging of cyrus.index and cyrus.expunge, inclusion of user \Seen flag, and much more. + * Replication code largely rewritten to provide better performance, consistency checking, and recovery from "split-brain" scenarios. + * Added support for LIST-EXTENDED IMAP extension. Removed support for deprecated (compile-time) LISTEXT IMAP extension. Based on work by Martin Konold <[email protected]> + * Added support for ESEARCH IMAP extension. + * Added support for WITHIN extension to IMAP SEARCH. + * Added support for ENABLE IMAP extension. + * Added support for QRESYNC IMAP extension. + * Added support for URLAUTH=BINARY IMAP extension. + * Removed legacy IMAP[2|3|4] cruft. We now only support IMAPrev1 + extensions. + * Added support for marking QoS on traffic. (courtesy of Philip Prindeville <[email protected]>) + * Modified user_deny.db code to open database once at service startup time. + * ... and hundreds of tiny things too numerous to mention in a short change log ... + +- Added the following patches: + - cyrus-imapd-2.4.17_drac_auth.patch -- this is a rebased version of contrib/drac_auth.patch + - cyrus-imapd-2.4.17_ptloader-ldap_user_attribute.patch -- Allow a result attribute to be specified with ptclient/ldap.c + * Supersedes KOLAB_cyrus-imapd-2.3.18_UID.patch + +- Renamed the following patches: + - syslog-facility-doc.patch to cyrus-imapd-2.3.16_syslog-facility-doc.patch + +- Rebased the following patches for cyrus-imapd-2.4.17: + - cyrus-imapd-db6.diff as cyrus-imapd-2.4.17_db6.patch + - cyrus-imapd-openslp.patch as cyrus-imapd-2.4.17_openslp.patch + - luser_relay.patch as cyrus-imapd-2.4.17_lmtp_catchall_mailbox.patch + * Option 'lmtp_luser_relay' was renamed to 'lmtp_catchall_mailbox' + * https://bugzilla.cyrusimap.org/show_bug.cgi?id=2360 + - cyrus-imapd_tls-session-leak.dif as cyrus-imapd-2.4.17_tls-session-leak.patch + * https://bugzilla.cyrusimap.org/show_bug.cgi?id=3252 + - cyrus-imapd-2.3.16-autocreate-0.10-0.drac.diff as cyrus-imapd-2.4.17_autocreate-0.10-0.patch + - pie.patch as cyrus-imapd-2.4.17_pie.patch + +- Removed the following patches (unknown upstream status): + - KOLAB_cyrus-imapd-2.3.18_Folder-names.patch + * There is no need for us to extend the mailbox name restrictions + * https://bugzilla.cyrusimap.org/show_bug.cgi?id=2633 + - KOLAB_cyrus-imapd-2.3.18_Groups2.patch + * optional/not needed + * https://bugzilla.cyrusimap.org/show_bug.cgi?id=2632 + * https://bugzilla.cyrusimap.org/show_bug.cgi?id=3282 + - KOLAB_cyrus-imapd-2.3.18_timsieved_starttls-sendcaps.patch + * Workaround for an issue with kontact/kio ~ KDE 3.5.9 + - KOLAB_cyrus-imapd-2.3.18_UID.patch + * Superseded by cyrus-imapd-2.4.17_ptloader-ldap_user_attribute.patch + +- Removed the following patches (upstream inclusion): + - charset.patch + - cyrus-imapd-perl-5.14.patch + - cyrus-imapd-perl-path.patch + - cyrus-imapd_references_header-dos.dif + - KOLAB_cyrus-imapd-2.3.18_Cyradm_Annotations.patch + * http://git.cyrusimap.org/cyrus-imapd/commit/?h=cyrus-imapd-2.4&id=98dd7a9130653ac848c0782a7688d26a090b494b + - KOLAB_cyrus-imapd-2.3.18_Logging.patch + * Use 'auditlog: 1' in imapd.conf + * https://bugzilla.cyrusimap.org/show_bug.cgi?id=2964 + - user_deny_db-once.patch + +- Changed cyrus-imapd-rc.tar.gz contents, now having cyrus-imapd-rc-2.tar.gz: + - dir name now is SUSE (was: SuSE) + - renamed README.SuSE -> README.SUSE + - added annotation definitions for groupware folders + - imapd.conf: added annotaion definitions and lmtp_fuzzy_mailbox_match + - imapd.conf: changed path to TLS certs form /usr/ssl/ to /etc/SSL_accept + - imapd.conf: set default 'delete_mode' and 'expunge_mode' to 'delayed' + - cyrus.conf: added more services, added deleteprune and expungeprune + - moved DB_CONFIG into cyrus-imapd-rc.tar.gz + +- Spec file cleanup + +- Prepared systemd support + * with systemd, we use cyrus-imapd as service name + * we have a symlink 'rccyrus-imapd' to '/usr/sbin/service' + * for compatibility, we have an alias 'rccyrus' = 'rccyrus-imapd' + +- New package: cyrus-imapd-utils, which now contains tools to test mail servers +- New package: cyrus-imapd-cyradm, which now contains the cyradm tool + +- TODO: + - Check KOLAB_cyrus-imapd-2.3.18_cross-domain-acls.patch + * Patch is optional + * https://roundup.kolab.org/issue1141 + - systemd service not yet working as expected, so we disabled it atm + +------------------------------------------------------------------- +Thu Jun 20 09:29:07 UTC 2013 - [email protected] + +- Move kolab tag from package name to version field + +------------------------------------------------------------------- Old: ---- DB_CONFIG KOLAB_cyrus-imapd-2.3.18_Cyradm_Annotations.patch KOLAB_cyrus-imapd-2.3.18_Folder-names.patch KOLAB_cyrus-imapd-2.3.18_Groups2.patch KOLAB_cyrus-imapd-2.3.18_Logging.patch KOLAB_cyrus-imapd-2.3.18_UID.patch KOLAB_cyrus-imapd-2.3.18_timsieved_starttls-sendcaps.patch charset.patch cyrus-imapd-2.3.16-autocreate-0.10-0.drac.diff cyrus-imapd-2.3.18.tar.gz cyrus-imapd-db6.diff cyrus-imapd-openslp.patch cyrus-imapd-perl-5.14.patch cyrus-imapd-perl-path.patch cyrus-imapd-rc.tar.gz cyrus-imapd_references_header-dos.dif cyrus-imapd_tls-session-leak.dif luser_relay.patch pie.patch syslog-facility-doc.patch user_deny_db-once.patch New: ---- cmu.mib cyrus-imapd-2.3.16_syslog-facility-doc.patch cyrus-imapd-2.4.17.tar.gz cyrus-imapd-2.4.17_autocreate-0.10-0.patch cyrus-imapd-2.4.17_db6.patch cyrus-imapd-2.4.17_drac_auth.patch cyrus-imapd-2.4.17_lmtp_catchall_mailbox.patch cyrus-imapd-2.4.17_openslp.patch cyrus-imapd-2.4.17_pie.patch cyrus-imapd-2.4.17_ptloader-ldap_user_attribute.patch cyrus-imapd-2.4.17_tls-session-leak.patch cyrus-imapd-rc-2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cyrus-imapd.spec ++++++ ++++ 785 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/cyrus-imapd/cyrus-imapd.spec ++++ and /work/SRC/openSUSE:Factory/.cyrus-imapd.new/cyrus-imapd.spec ++++++ cmu.mib ++++++ CMU-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, enterprises FROM SNMPv2-SMI; cmuMIB MODULE-IDENTITY LAST-UPDATED "9701220000Z" ORGANIZATION "Carnegie Mellon" CONTACT-INFO " Email: [email protected] Network Development Computing Services Carnegie Mellon University Pittsburgh PA. 15213 " DESCRIPTION "The MIB module for CMU SNMP entities." REVISION "9701220000Z" DESCRIPTION "The initial revision of this MIB" REVISION "9706031200Z" DESCRIPTION "Expanded MIB, incorporated old CMU information. Updated contact information. " REVISION "0312112000Z" DESCRIPTION "Added cmuLDAP" ::= { enterprises 3 } -- CMU Systems cmuSystems OBJECT IDENTIFIER ::= { cmuMIB 1 } -- Other MIBs cmuMIBs OBJECT IDENTIFIER ::= { cmuMIB 2 } -- Not Used -- cmuSimpleSecurity ::= { cmuMIB 3 } -- Monitored: Names of monitored entities cmuMonitored OBJECT IDENTIFIER ::= { cmuMIB 4 } cmuLDAPResources OBJECT IDENTIFIER ::= { cmuMIB 5 } -- software that's distributed under Project Cyrus cmuCyrus OBJECT IDENTIFIER ::= { cmuMIB 6 } -- application statistics cmuAppStats OBJECT IDENTIFIER ::= { cmuMIB 7 } -- CMU LDAP OIDs ldapResources OBJECT IDENTIFIER ::= { cmuMIB 8 } -- ********** System Monitoring ********** -- These aren't used anymore. -- cmuOldSNMPD OBJECT IDENTIFIER ::= { cmuSystems 1 } -- cmuKip OBJECT IDENTIFIER ::= { cmuSystems 2 } -- cmuRouter OBJECT IDENTIFIER ::= { cmuSystems 3 } -- cmuBridge OBJECT IDENTIFIER ::= { cmuSystems 4 } -- cmuDelni OBJECT IDENTIFIER ::= { cmuSystems 5 } -- Bind patch, http://www.net.cmu.edu/projects/snmp/dns cmuDNS OBJECT IDENTIFIER ::= { cmuSystems 6 } -- CMU-DNS-MIB -- Not used anymore -- cmuUNIX OBJECT IDENTIFIER ::= { cmuSystems 7 } -- CMU SNMPD cmuSNMPD OBJECT IDENTIFIER ::= { cmuSystems 8 } -- CMU-SNMPD-MIB -- libevent specific information cmuNADINE OBJECT IDENTIFIER ::= { cmuSystems 9 } -- CMU-NADINE-MIB -- CMU DHCP -- cmuDHCP OBJECT IDENTIFIER ::= { cmuSystems 10 } -- CMU-DHCP-MIB -- ********** Other MIBs ********** -- cmuRouterMIB OBJECT IDENTIFIER ::= { cmuMIBs 1 } Defined in ROUTER-MIB -- cmuUnixMIB OBJECT IDENTIFIER ::= { cmuMIBs 2 } Defined in CMU-UNIX-MIB -- cmuFaultMIB OBJECT IDENTIFIER ::= { cmuMIBs 3 } Defined in CMU-FAULT-MIB -- Not used anymore (if ever) -- cmuProcwatch OBJECT IDENTIFIER ::= { cmuMIBs 4 } -- cmuPing OBJECT IDENTIFIER ::= { cmuMIBs 5 } -- *********** application statistics ([email protected]) ********** cmuSendmailStats OBJECT IDENTIFIER ::= { cmuAppStats 1 } cmuApacheModStatus OBJECT IDENTIFIER ::= { cmuAppStats 2 } END ++++++ cyrus-imapd-2.3.16_syslog-facility-doc.patch ++++++ >From 52753d22537cc8af9dbed6a6acc5c32c78e272b0 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp <[email protected]> Date: Fri, 9 Apr 2010 11:49:37 +0200 Subject: [PATCH] syslog facility doc We build with "--with-syslogfacility=DAEMON" since quite some time --- doc/install-configure.html | 4 ++-- doc/overview.html | 2 +- doc/text/install-configure | 4 ++-- doc/text/overview | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/install-configure.html b/doc/install-configure.html index 2b4b567..9b0a408 100644 --- a/doc/install-configure.html +++ b/doc/install-configure.html @@ -44,10 +44,10 @@ it does not, replace the system "<tt>syslogd</tt>" and If you do not copy the "<tt>syslog/syslog.conf</tt>" file to the "<tt>/etc</tt>" directory, be sure to add support for -"<tt>local6.debug</tt>". The file should include a line like: +"<tt>daemon.debug</tt>". The file should include a line like: <pre> - local6.debug /var/log/imapd.log + daemon.debug /var/log/imapd.log </pre> You probably also want to log SASL messages with a line like: diff --git a/doc/overview.html b/doc/overview.html index 15c351c..a63b3fd 100644 --- a/doc/overview.html +++ b/doc/overview.html @@ -622,7 +622,7 @@ server exports MIT's KPOP protocol instead of generic POP3. <h3><a name="syslog">The <TT>syslog</TT> facility</a></h3> -The Cyrus IMAP server software sends log messages to the "<TT>local6</TT>" +The Cyrus IMAP server software sends log messages to the "<TT>daemon</TT>" syslog facility. The severity levels used are: <UL> diff --git a/doc/text/install-configure b/doc/text/install-configure index f0b88b2..0fcb597 100644 --- a/doc/text/install-configure +++ b/doc/text/install-configure @@ -28,10 +28,10 @@ Installing and configuring the IMAP Server mv syslog.conf /etc/syslog.conf If you do not copy the "syslog/syslog.conf" file to the "/etc" - directory, be sure to add support for "local6.debug". The file + directory, be sure to add support for "daemon.debug". The file should include a line like: - local6.debug /var/log/imapd.log + daemon.debug /var/log/imapd.log You probably also want to log SASL messages with a line like: diff --git a/doc/text/overview b/doc/text/overview index 91aa4b5..5a8c552 100644 --- a/doc/text/overview +++ b/doc/text/overview @@ -545,7 +545,7 @@ POP3 Server The syslog facility - The Cyrus IMAP server software sends log messages to the "local6" + The Cyrus IMAP server software sends log messages to the "daemon" syslog facility. The severity levels used are: * CRIT - Critical errors which probably require prompt administrator -- 1.7.0.2 ++++++ cyrus-imapd-2.3.18.tar.gz -> cyrus-imapd-2.4.17.tar.gz ++++++ ++++ 129720 lines of diff (skipped) ++++++ cyrus-imapd-2.4.17_autocreate-0.10-0.patch ++++++ ++++ 2164 lines (skipped) ++++++ cyrus-imapd-2.4.17_db6.patch ++++++ From: Jan Engelhardt <[email protected]> Date: 2013-06-14 02:52:48.129456384 +0200 src: make compilation with libdb-6.0 succeed db-6.0 has hit the scene. The changes for ->set_bt_compare (mbox_compar) are not yet present in cyrus-imapd-2.4.17. --- lib/cyrusdb_berkeley.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) Index: cyrus-imapd-2.3.18/lib/cyrusdb_berkeley.c =================================================================== --- cyrus-imapd-2.3.18.orig/lib/cyrusdb_berkeley.c +++ cyrus-imapd-2.3.18/lib/cyrusdb_berkeley.c @@ -386,8 +386,13 @@ return 0; } +#if DB_VERSION_MAJOR >= 6 +static int mbox_compar(DB *db __attribute__((unused)), + const DBT *a, const DBT *b, size_t *locp) +#else static int mbox_compar(DB *db __attribute__((unused)), const DBT *a, const DBT *b) +#endif { return bsearch_ncompare((const char *) a->data, a->size, (const char *) b->data, b->size); ++++++ cyrus-imapd-2.4.17_drac_auth.patch ++++++ diff -Ppru cyrus-imapd-2.4.17.orig/configure.in cyrus-imapd-2.4.17/configure.in --- cyrus-imapd-2.4.17.orig/configure.in 2012-12-01 20:57:54.000000000 +0100 +++ cyrus-imapd-2.4.17/configure.in 2014-01-27 14:26:18.500280589 +0100 @@ -1229,6 +1229,19 @@ dnl (agentx was depricated, but SNMP_SUB SNMP_SUBDIRS="" AC_SUBST(SNMP_SUBDIRS) +dnl +dnl Test for DRAC +dnl +DRACLIBS= +AC_ARG_WITH(drac, [ --with-drac=DIR use DRAC library in <DIR> [no] ], + if test -d "$withval"; then + LDFLAGS="$LDFLAGS -L${withval}" + AC_CHECK_LIB(drac, dracauth, + AC_DEFINE(DRAC_AUTH,[],[Build DRAC support?]) + DRACLIBS="-ldrac") + fi) +AC_SUBST(DRACLIBS) + CMU_LIBWRAP CMU_UCDSNMP Only in cyrus-imapd-2.4.17.orig/contrib: .drac_auth.patch.kate-swp diff -Ppru cyrus-imapd-2.4.17.orig/imap/imapd.c cyrus-imapd-2.4.17/imap/imapd.c --- cyrus-imapd-2.4.17.orig/imap/imapd.c 2012-12-01 20:57:54.000000000 +0100 +++ cyrus-imapd-2.4.17/imap/imapd.c 2014-01-27 14:39:35.999446812 +0100 @@ -193,6 +193,18 @@ static struct proxy_context imapd_proxyc 1, 1, &imapd_authstate, &imapd_userisadmin, &imapd_userisproxyadmin }; +#ifdef DRAC_AUTH +static struct { + int interval; /* dracd "ping" interval; 0 = disabled */ + unsigned long clientaddr; + struct prot_waitevent *event; +} drac; + +extern int dracconn(char *server, char **errmsg); +extern int dracsend(unsigned long userip, char **errmsg); +extern int dracdisc(char **errmsg); +#endif /* DRAC_AUTH */ + /* current sub-user state */ struct index_state *imapd_index; @@ -795,6 +807,23 @@ int service_init(int argc, char **argv, /* setup for sending IMAP IDLE notifications */ idle_enabled(); +#ifdef DRAC_AUTH + /* setup for sending DRAC "pings" */ + drac.event = NULL; + drac.interval = config_getint(IMAPOPT_DRACINTERVAL); + if (drac.interval < 0) drac.interval = 0; + if (drac.interval) { + char *err; + + if (dracconn((char*) config_getstring(IMAPOPT_DRACHOST), &err) != 0) { + /* disable DRAC */ + drac.interval = 0; + syslog(LOG_ERR, "dracconn: %s", err); + syslog(LOG_ERR, "DRAC notifications disabled"); + } + } +#endif /* DRAC_AUTH */ + /* create connection to the SNMP listener, if available. */ snmp_connect(); /* ignore return code */ snmp_set_str(SERVER_NAME_VERSION,cyrus_version()); @@ -905,6 +934,14 @@ int service_main(int argc __attribute__( imapd_haveaddr = 1; } } +#ifdef DRAC_AUTH + if (((struct sockaddr *)&imapd_remoteaddr)->sa_family == AF_INET) + drac.clientaddr = ((struct sockaddr_in *)&imapd_remoteaddr)->sin_addr.s_addr; + else + drac.clientaddr = 0; + } else { + drac.clientaddr = 0; +#endif /* DRAC_AUTH */ } /* create the SASL connection */ @@ -949,6 +986,11 @@ int service_main(int argc __attribute__( prot_flush(imapd_out); snmp_increment(ACTIVE_CONNECTIONS, -1); +#ifdef DRAC_AUTH + if (drac.event) prot_removewaitevent(imapd_in, drac.event); + drac.event = NULL; +#endif /* DRAC_AUTH */ + /* cleanup */ imapd_reset(); @@ -1061,6 +1103,10 @@ void shut_down(int code) cyrus_done(); +#ifdef DRAC_AUTH + if (drac.interval) (void) dracdisc((char **)NULL); +#endif /* DRAC_AUTH */ + exit(code); } @@ -1121,6 +1167,36 @@ static void imapd_check(struct backend * } } +#ifdef DRAC_AUTH +/* + * Ping dracd every 'drac.interval' minutes + * to let it know that we are still connected + */ +struct prot_waitevent *drac_ping(struct protstream *s, + struct prot_waitevent *ev, + void *rock __attribute__((unused))) +{ + char *err; + static int nfailure = 0; + + if (dracsend(drac.clientaddr, &err) != 0) { + syslog(LOG_ERR, "dracsend: %s", err); + if (++nfailure >= 3) { + /* can't contact dracd for 3 consecutive tries - disable DRAC */ + prot_removewaitevent(s, ev); + drac.event = NULL; + syslog(LOG_ERR, "DRAC notifications disabled"); + return NULL; + } + } + else + nfailure = 0; + + ev->mark = time(NULL) + (drac.interval * 60); + return ev; +} +#endif /* DRAC_AUTH */ + /* * Top-level command loop parsing */ @@ -2335,6 +2411,11 @@ void cmd_login(char *tag, char *user) capa_response(CAPA_PREAUTH|CAPA_POSTAUTH); prot_printf(imapd_out, "] %s\r\n", reply); +#ifdef DRAC_AUTH + if (!imapd_userisproxyadmin && drac.interval && drac.clientaddr) + drac.event = prot_addwaitevent(imapd_in, 0 /* now */, drac_ping, NULL); +#endif /* DRAC_AUTH */ + authentication_success(); } @@ -2483,6 +2564,11 @@ void cmd_authenticate(char *tag, char *a prot_setsasl(imapd_in, imapd_saslconn); prot_setsasl(imapd_out, imapd_saslconn); +#ifdef DRAC_AUTH + if (!imapd_userisproxyadmin && drac.interval && drac.clientaddr) + drac.event = prot_addwaitevent(imapd_in, 0 /* now */, drac_ping, NULL); +#endif /* DRAC_AUTH */ + authentication_success(); } diff -Ppru cyrus-imapd-2.4.17.orig/imap/Makefile.in cyrus-imapd-2.4.17/imap/Makefile.in --- cyrus-imapd-2.4.17.orig/imap/Makefile.in 2012-12-01 20:57:54.000000000 +0100 +++ cyrus-imapd-2.4.17/imap/Makefile.in 2014-01-27 14:28:18.393629551 +0100 @@ -65,6 +65,7 @@ SIEVE_OBJS = @SIEVE_OBJS@ SIEVE_LIBS = @SIEVE_LIBS@ IMAP_COM_ERR_LIBS = @IMAP_COM_ERR_LIBS@ LIB_WRAP = @LIB_WRAP@ +DRAC_LIBS = @DRACLIBS@ LIBS = $(IMAP_LIBS) $(IMAP_COM_ERR_LIBS) DEPLIBS = ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@ @@ -199,17 +200,17 @@ lmtpd.pure: lmtpd.o proxy.o $(LMTPOBJS) imapd: $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE) $(CC) $(LDFLAGS) -o imapd \ $(SERVICE) $(IMAPDOBJS) mutex_fake.o \ - libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP) + libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS) imapd.pure: $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE) $(PURIFY) $(PUREOPT) $(CC) $(LDFLAGS) -o imapd.pure \ $(SERVICE) $(IMAPDOBJS) mutex_fake.o libimap.a \ - $(DEPLIBS) $(LIBS) $(LIB_WRAP) + $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS) imapd.quant: $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE) $(QUANTIFY) $(QUANTOPT) $(CC) $(LDFLAGS) -o imapd.quant \ $(SERVICE) $(IMAPDOBJS) mutex_fake.o libimap.a \ - $(DEPLIBS) $(LIBS) $(LIB_WRAP) + $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS) mupdate: mupdate.o mupdate-slave.o mupdate-client.o mutex_pthread.o tls.o \ libimap.a $(DEPLIBS) @@ -227,7 +228,7 @@ mupdate.pure: mupdate.o mupdate-slave.o pop3d: pop3d.o proxy.o backend.o tls.o mutex_fake.o libimap.a \ $(DEPLIBS) $(SERVICE) $(CC) $(LDFLAGS) -o pop3d pop3d.o proxy.o backend.o tls.o $(SERVICE) \ - mutex_fake.o libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP) + mutex_fake.o libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS) nntpd: nntpd.o proxy.o backend.o index.o smtpclient.o spool.o tls.o \ mutex_fake.o nntp_err.o libimap.a $(DEPLIBS) $(SERVICE) diff -Ppru cyrus-imapd-2.4.17.orig/imap/pop3d.c cyrus-imapd-2.4.17/imap/pop3d.c --- cyrus-imapd-2.4.17.orig/imap/pop3d.c 2012-12-01 20:57:54.000000000 +0100 +++ cyrus-imapd-2.4.17/imap/pop3d.c 2014-01-27 14:42:59.437592923 +0100 @@ -109,7 +109,10 @@ extern int optind; extern char *optarg; extern int opterr; - +#ifdef DRAC_AUTH +static int drac_enabled; +extern int dracauth(char *server, unsigned long userip, char **errmsg); +#endif /* DRAC_AUTH */ #ifdef HAVE_SSL static SSL *tls_conn; @@ -121,6 +124,7 @@ int popd_timeout; char *popd_userid = 0, *popd_subfolder = 0; struct mailbox *popd_mailbox = NULL; struct auth_state *popd_authstate = 0; +static int popd_userisproxyadmin = 0; int config_popuseacl, config_popuseimapflags; struct sockaddr_storage popd_localaddr, popd_remoteaddr; int popd_haveaddr = 0; @@ -149,7 +153,7 @@ static int popd_myrights; /* the sasl proxy policy context */ static struct proxy_context popd_proxyctx = { - 0, 1, &popd_authstate, NULL, NULL + 0, 1, &popd_authstate, NULL, &popd_userisproxyadmin }; /* signal to config.c */ @@ -573,6 +577,10 @@ int service_main(int argc __attribute__( prot_settimeout(popd_in, popd_timeout); prot_setflushonread(popd_in, popd_out); +#ifdef DRAC_AUTH + drac_enabled = (config_getint(IMAPOPT_DRACINTERVAL) > 0); +#endif /* DRAC_AUTH */ + if (kflag) kpop(); /* we were connected on pop3s port so we should do @@ -1780,6 +1788,21 @@ int openinbox(void) goto fail; } +#ifdef DRAC_AUTH + if (!popd_userisproxyadmin && drac_enabled && + ((struct sockaddr *)&popd_remoteaddr)->sa_family == AF_INET) { + char *err; + + if (dracauth((char*) config_getstring(IMAPOPT_DRACHOST), + ((struct sockaddr_in *)&popd_remoteaddr)->sin_addr.s_addr, &err) != 0) { + /* disable DRAC */ + drac_enabled = 0; + syslog(LOG_ERR, "dracauth: %s", err); + syslog(LOG_ERR, "DRAC notifications disabled"); + } + } +#endif /* DRAC_AUTH */ + if (mbentry.mbtype & MBTYPE_REMOTE) { /* remote mailbox */ char *server = mbentry.partition; diff -Ppru cyrus-imapd-2.4.17.orig/imap/version.c cyrus-imapd-2.4.17/imap/version.c --- cyrus-imapd-2.4.17.orig/imap/version.c 2012-12-01 20:57:54.000000000 +0100 +++ cyrus-imapd-2.4.17/imap/version.c 2014-01-27 14:43:43.310898321 +0100 @@ -175,6 +175,10 @@ void id_response(struct protstream *pout snprintf(env_buf + strlen(env_buf), MAXIDVALUELEN - strlen(env_buf), "; %s", SIEVE_VERSION); #endif +#ifdef DRAC_AUTH + snprintf(env_buf + strlen(env_buf), MAXIDVALUELEN - strlen(env_buf), + "; DRAC"); +#endif #ifdef HAVE_LIBWRAP snprintf(env_buf + strlen(env_buf), MAXIDVALUELEN - strlen(env_buf), "; TCP Wrappers"); diff -Ppru cyrus-imapd-2.4.17.orig/lib/imapoptions cyrus-imapd-2.4.17/lib/imapoptions --- cyrus-imapd-2.4.17.orig/lib/imapoptions 2012-12-01 20:57:54.000000000 +0100 +++ cyrus-imapd-2.4.17/lib/imapoptions 2014-01-27 14:44:48.881365112 +0100 @@ -315,6 +315,14 @@ Blank lines and lines beginning with ``# server if the currently selected mailbox is (re)moved by another session. Otherwise, the missing mailbox is treated as empty while in use by the client.*/ + +{ "dracinterval", 5, INT } +/* If nonzero, enables the use of DRAC (Dynamic Relay Authorization + Control) by the pop3d and imapd daemons. Also sets the interval + (in minutes) between re-authorization requests made by imapd. */ + +{ "drachost", "localhost", STRING } +/* Hostname of the RPC dracd server. */ { "duplicate_db", "skiplist", STRINGLIST("berkeley", "berkeley-nosync", "berkeley-hash", "berkeley-hash-nosync", "skiplist", "sql")} /* The cyrusdb backend to use for the duplicate delivery suppression ++++++ cyrus-imapd-2.4.17_lmtp_catchall_mailbox.patch ++++++ >From b805f266514035b6e8d63eda4ec4bf44065485cd Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp <[email protected]> Date: Wed, 12 Jan 2011 10:28:51 +0100 Subject: [PATCH] New option "lmtp_catchall_mailbox" This patch introduces the new option "lmtp_catchall_mailbox". Lmtpd will drop mail to non-existing mailboxes into this mailbox. NOTE: This must be an existing local mailbox name. NOT an email address! (Bug#2360) diff -Ppru cyrus-imapd-2.4.17.orig/imap/lmtpengine.c cyrus-imapd-2.4.17/imap/lmtpengine.c --- cyrus-imapd-2.4.17.orig/imap/lmtpengine.c 2012-12-01 20:57:54.000000000 +0100 +++ cyrus-imapd-2.4.17/imap/lmtpengine.c 2014-01-27 14:05:38.800788668 +0100 @@ -912,11 +912,27 @@ static int process_recipient(char *addr, r = verify_user(ret->user, ret->domain, ret->mailbox, (quota_t) (ignorequota ? -1 : msg->size), msg->authstate); if (r) { - /* we lost */ - free(ret->all); - free(ret->rcpt); - free(ret); - return r; + char *catchall = NULL; + if (r == IMAP_MAILBOX_NONEXISTENT) { + catchall = config_getstring(IMAPOPT_LMTP_CATCHALL_MAILBOX); + if (catchall) { + if (!verify_user(catchall, NULL, NULL, + ignorequota ? -1 : msg->size, + msg->authstate)) { + ret->user = xstrdup(catchall); + } else { + catchall = NULL; + } + } + } + + if (catchall == NULL ) { + /* we lost */ + free(ret->all); + free(ret->rcpt); + free(ret); + return r; + } } ret->ignorequota = ignorequota; diff -Ppru cyrus-imapd-2.4.17.orig/lib/imapoptions cyrus-imapd-2.4.17/lib/imapoptions --- cyrus-imapd-2.4.17.orig/lib/imapoptions 2012-12-01 20:57:54.000000000 +0100 +++ cyrus-imapd-2.4.17/lib/imapoptions 2014-01-27 14:04:11.256217363 +0100 @@ -604,6 +604,10 @@ Blank lines and lines beginning with ``# ldap_use_sasl are enabled, ldap_version will be automatically set to 3. */ +{ "lmtp_catchall_mailbox", NULL, STRING } +/* Send mail to mailboxes, which do not exists, to this user. NOTE: This must + be an existing local mailbox name. NOT an email address! */ + { "lmtp_downcase_rcpt", 0, SWITCH } /* If enabled, lmtpd will convert the recipient addresses to lowercase (up to a '+' character, if present). */ ++++++ cyrus-imapd-2.4.17_openslp.patch ++++++ diff -Ppru cyrus-imapd-2.4.17.orig/configure.in cyrus-imapd-2.4.17/configure.in --- cyrus-imapd-2.4.17.orig/configure.in 2012-12-01 20:57:54.000000000 +0100 +++ cyrus-imapd-2.4.17/configure.in 2014-01-25 13:35:37.326786213 +0100 @@ -1242,6 +1242,19 @@ DRACLIBS="-ldrac") fi) AC_SUBST(DRACLIBS) +dnl +dnl Test for OpenSLP +dnl +SLPLIBS= +AC_ARG_WITH(openslp, [ --with-openslp=DIR use OpenSLP library in <DIR> [no] ], + if test -d "$withval"; then + LDFLAGS="$LDFLAGS -L${withval}" + AC_CHECK_LIB(slp, SLPOpen, + AC_DEFINE(USE_SLP,[],[Compile with OpenSLP?]) + SLPLIBS="-lslp") + fi) +AC_SUBST(SLPLIBS) + CMU_LIBWRAP CMU_UCDSNMP diff -Ppru cyrus-imapd-2.4.17.orig/master/Makefile.in cyrus-imapd-2.4.17/master/Makefile.in --- cyrus-imapd-2.4.17.orig/master/Makefile.in 2012-12-01 20:57:54.000000000 +0100 +++ cyrus-imapd-2.4.17/master/Makefile.in 2014-01-25 13:36:16.326368670 +0100 @@ -58,7 +58,7 @@ DEPLIBS = @DEPLIBS@ CFLAGS = @CFLAGS@ LDFLAGS = @LDFLAGS@ @COM_ERR_LDFLAGS@ -LIBS = ../lib/libcyrus_min.a @LIB_UCDSNMP@ @LIBS@ @COM_ERR_LIBS@ +LIBS = ../lib/libcyrus_min.a @LIB_UCDSNMP@ @LIBS@ @COM_ERR_LIBS@ @SLPLIBS@ SHELL = /bin/sh MAKEDEPEND = @MAKEDEPEND@ diff -Ppru cyrus-imapd-2.4.17.orig/master/master.c cyrus-imapd-2.4.17/master/master.c --- cyrus-imapd-2.4.17.orig/master/master.c 2012-12-01 20:57:54.000000000 +0100 +++ cyrus-imapd-2.4.17/master/master.c 2014-01-25 14:35:29.896103172 +0100 @@ -110,6 +110,10 @@ int deny_severity = LOG_ERR; #endif +#ifdef USE_SLP +#include <slp.h> +#endif + #include "masterconf.h" #include "master.h" @@ -119,6 +123,16 @@ #include "util.h" #include "xmalloc.h" +#ifdef USE_SLP +#define URL_MAX 1024 +SLPHandle phslp; +struct slpurl { + char srvurl[URL_MAX]; + struct slpurl *next; +}; +struct slpurl *start = NULL; +#endif + enum { become_cyrus_early = 1, child_table_size = 10000, @@ -183,10 +197,41 @@ static struct timeval janitor_mark; /* L void limit_fds(rlim_t); void schedule_event(struct event *a); +#ifdef USE_SLP +void SLPRegReportCB(SLPHandle hslp, SLPError errcode, void* cookie) +{ + /* return the error code in the cookie */ + *(SLPError*)cookie = errcode; + + /* You could do something else here like print out */ + /* the errcode, etc. Remember, as a general rule, */ + /* do not try to do too much in a callback because */ + /* it is being executed by the same thread that is */ + /* reading slp packets from the wire. */ +} + +void SLPshutdown(void) +{ + struct slpurl *ttmp,*tmp = start; + SLPError callbackerr; + while( tmp ) { + syslog(LOG_INFO,"SLPderegister [%s]",tmp->srvurl); + SLPDereg(phslp, tmp->srvurl, SLPRegReportCB, &callbackerr); + ttmp = tmp; + tmp = tmp->next; + free(ttmp); + } + SLPClose(&phslp); +} +#endif + void fatal(const char *msg, int code) { syslog(LOG_CRIT, "%s", msg); syslog(LOG_NOTICE, "exiting"); +#ifdef USE_SLP + SLPshutdown(); +#endif exit(code); } @@ -477,7 +522,89 @@ void service_create(struct service *s) s->socket = 0; continue; } - + +#ifdef USE_SLP + if ((!strcmp(s->proto, "tcp")) && s->listen[0] != '/' ) { + SLPError err; + SLPError callbackerr; + char *listen, *service; + char *listen_addr; + int port; + char hname[URL_MAX]; + char dname[URL_MAX]; + char turl[URL_MAX]; + struct slpurl *u; + char registered = 0; + + /* parse_listen() and resolve_host() are destructive, + * so make a work copy of s->listen + */ + listen = xstrdup(s->listen); + + if ((service = parse_listen(listen)) == NULL) { + /* listen IS the port */ + service = listen; + listen_addr = NULL; + } else { + /* s->listen is now just the address */ + listen_addr = parse_host(listen); + if (*listen_addr == '\0') + listen_addr = NULL; + } + port = ntohs(((struct sockaddr_in *)(res)->ai_addr)->sin_port); + gethostname(hname,URL_MAX); + getdomainname(dname,URL_MAX); + + snprintf(turl,URL_MAX,"service:%s://%s.%s:%d", + service, + hname, dname, + port); + + /* check, whether we already registered the service */ + u = start; + while( u ) { + if( ! strcmp(u->srvurl,turl) ) registered = 1; + u = u->next; + } + + if( ! registered ) { + u = (struct slpurl *)calloc(1,sizeof(struct slpurl)); + if( ! u ) + fatal("out of memory", EX_UNAVAILABLE); + + strncpy(u->srvurl,turl,URL_MAX); + + if( start == NULL ) { + start = u; + } else { + struct slpurl *tmp = start; + while( tmp->next ) tmp = tmp->next; + tmp->next = u; + } + syslog(LOG_INFO,"SLPRegister [%s]",u->srvurl); + + err = SLPReg(phslp, + u->srvurl, + SLP_LIFETIME_MAXIMUM, + 0, + "", + SLP_TRUE, + SLPRegReportCB, + &callbackerr ); + + if(( err != SLP_OK) || (callbackerr != SLP_OK)) + { + syslog(LOG_ERR,"Error registering service with slp %i",err); + } + + if( callbackerr != SLP_OK) + { + syslog(LOG_ERR,"Error registering service with slp %i",callbackerr); + } + } + } +#endif + s->ready_workers = 0; s->associate = nsocket; s->family = res->ai_family; @@ -1051,7 +1178,9 @@ void sigterm_handler(int sig __attribute /* tell master agent we're exiting */ snmp_shutdown("cyrusMaster"); #endif - +#ifdef USE_SLP + SLPshutdown(); +#endif syslog(LOG_INFO, "exiting on SIGTERM/SIGINT"); exit(0); } @@ -1986,6 +2115,15 @@ int main(int argc, char **argv) syslog(LOG_NOTICE, "process started"); +#ifdef USE_SLP + { + int slperr; + if ( (slperr = SLPOpen(NULL, SLP_FALSE, &phslp)) != SLP_OK ) { + syslog(LOG_ERR, "SLPOpen() failed, return code: %d", slperr); + } + } +#endif + #if defined(HAVE_UCDSNMP) || defined(HAVE_NETSNMP) /* initialize SNMP agent */ ++++++ cyrus-imapd-2.4.17_pie.patch ++++++ Index: cyrus-imapd-2.3.17/configure.in =================================================================== --- cyrus-imapd-2.3.17.orig/configure.in +++ cyrus-imapd-2.3.17/configure.in @@ -1257,6 +1257,27 @@ AC_SUBST(PERL_SUBDIRS) AC_SUBST(PERL_DEPSUBDIRS) AC_SUBST(PERL) +AC_CACHE_CHECK(for -fpie, libc_cv_fpie, [dnl + cat > conftest.c <<EOF +int foo; +main () { return 0;} +EOF + if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -pie -fpie + -o conftest conftest.c 1>&AS_MESSAGE_LOG_FD]) + then + libc_cv_fpie=yes + PIE_CFLAGS="-fPIE" + PIE_LDFLAGS="-pie" + else + libc_cv_fpie=no + PIE_CFLAGS="" + PIE_LDFLAGS="" + fi + rm -f conftest*]) +AC_SUBST(libc_cv_fpie) +AC_SUBST(PIE_CFLAGS) +AC_SUBST(PIE_LDFLAGS) + AH_TOP([ /* * Copyright (c) 1994-2008 Carnegie Mellon University. All rights reserved. Index: cyrus-imapd-2.3.17/imap/Makefile.in =================================================================== --- cyrus-imapd-2.3.17.orig/imap/Makefile.in +++ cyrus-imapd-2.3.17/imap/Makefile.in @@ -70,8 +70,8 @@ DRAC_LIBS = @DRACLIBS@ LIBS = $(IMAP_LIBS) $(IMAP_COM_ERR_LIBS) DEPLIBS = $(SIEVE_LIBS) ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@ -CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ @COM_ERR_LDFLAGS@ +CFLAGS = @CFLAGS@ @PIE_CFLAGS@ +LDFLAGS = @LDFLAGS@ @COM_ERR_LDFLAGS@ @PIE_LDFLAGS@ SHELL = /bin/sh MAKEDEPEND = @MAKEDEPEND@ Index: cyrus-imapd-2.3.17/lib/Makefile.in =================================================================== --- cyrus-imapd-2.3.17.orig/lib/Makefile.in +++ cyrus-imapd-2.3.17/lib/Makefile.in @@ -63,8 +63,8 @@ CPPFLAGS = -I.. @CPPFLAGS@ @COM_ERR_CPPF LIBS = @LIBS@ MAKEDEPEND_CFLAGS = @CFLAGS@ -CFLAGS = @CFLAGS@ @PERL_CCCDLFLAGS@ -LDFLAGS = @LDFLAGS@ +CFLAGS = @CFLAGS@ @PERL_CCCDLFLAGS@ -fPIC +LDFLAGS = @LDFLAGS@ @PIE_LDFLAGS@ SHELL = /bin/sh MAKEDEPEND = @MAKEDEPEND@ Index: cyrus-imapd-2.3.17/master/Makefile.in =================================================================== --- cyrus-imapd-2.3.17.orig/master/Makefile.in +++ cyrus-imapd-2.3.17/master/Makefile.in @@ -56,8 +56,8 @@ DEFS = @DEFS@ @LOCALDEFS@ CPPFLAGS = -I.. -I$(srcdir)/../lib -I$(srcdir)/../imap @CPPFLAGS@ @COM_ERR_CPPFLAGS@ DEPLIBS = @DEPLIBS@ -CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ @COM_ERR_LDFLAGS@ +CFLAGS = @CFLAGS@ @PIE_CFLAGS@ +LDFLAGS = @LDFLAGS@ @COM_ERR_LDFLAGS@ @PIE_LDFLAGS@ LIBS = ../lib/libcyrus_min.a @LIB_UCDSNMP@ @LIBS@ @COM_ERR_LIBS@ @SLPLIBS@ SHELL = /bin/sh Index: cyrus-imapd-2.3.17/netnews/Makefile.in =================================================================== --- cyrus-imapd-2.3.17.orig/netnews/Makefile.in +++ cyrus-imapd-2.3.17/netnews/Makefile.in @@ -55,8 +55,8 @@ CPPFLAGS = -I.. -I$(srcdir) -I$(srcdir)/ LIBS = @IMAP_LIBS@ @LIB_RT@ DEPLIBS = ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@ -CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ +CFLAGS = @CFLAGS@ @PIE_CFLAGS@ +LDFLAGS = @LDFLAGS@ @PIE_LDFLAGS@ SHELL = /bin/sh MAKEDEPEND = @MAKEDEPEND@ Index: cyrus-imapd-2.3.17/notifyd/Makefile.in =================================================================== --- cyrus-imapd-2.3.17.orig/notifyd/Makefile.in +++ cyrus-imapd-2.3.17/notifyd/Makefile.in @@ -56,8 +56,8 @@ CYRUS_GROUP=@cyrus_group@ DEFS = @DEFS@ @LOCALDEFS@ CPPFLAGS = -I.. -I$(srcdir)/../sieve -I$(srcdir)/../imap -I$(srcdir)/../lib @COM_ERR_CPPFLAGS@ @CPPFLAGS@ @SASLFLAGS@ -CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ +CFLAGS = @CFLAGS@ @PIE_CFLAGS@ +LDFLAGS = @LDFLAGS@ @PIE_LDFLAGS@ prefix = @prefix@ exec_prefix = @exec_prefix@ Index: cyrus-imapd-2.3.17/perl/sieve/lib/Makefile.in =================================================================== --- cyrus-imapd-2.3.17.orig/perl/sieve/lib/Makefile.in +++ cyrus-imapd-2.3.17/perl/sieve/lib/Makefile.in @@ -58,7 +58,7 @@ IMAP_LIBS = @IMAP_LIBS@ DEPLIBS = ../../../lib/libcyrus.a ../../../lib/libcyrus_min.a @DEPLIBS@ MAKEDEPEND_CFLAGS = @CFLAGS@ -CFLAGS = @CFLAGS@ @PERL_CCCDLFLAGS@ +CFLAGS = @CFLAGS@ @PERL_CCCDLFLAGS@ -fPIC LDFLAGS = @LDFLAGS@ SHELL = /bin/sh Index: cyrus-imapd-2.3.17/sieve/Makefile.in =================================================================== --- cyrus-imapd-2.3.17.orig/sieve/Makefile.in +++ cyrus-imapd-2.3.17/sieve/Makefile.in @@ -60,8 +60,8 @@ COMPILE_ET = @COMPILE_ET@ DEFS = @DEFS@ @LOCALDEFS@ CPPFLAGS = -I.. -I$(srcdir)/../lib @COM_ERR_CPPFLAGS@ @CPPFLAGS@ @SASLFLAGS@ MAKEDEPEND_CFLAGS = @CFLAGS@ -CFLAGS = @CFLAGS@ @PERL_CCCDLFLAGS@ -LDFLAGS = @LDFLAGS@ +CFLAGS = @CFLAGS@ @PERL_CCCDLFLAGS@ @PIE_CFLAGS@ +LDFLAGS = @LDFLAGS@ @PIE_LDFLAGS@ MAKEDEPEND = @MAKEDEPEND@ Index: cyrus-imapd-2.3.17/syslog/Makefile.in =================================================================== --- cyrus-imapd-2.3.17.orig/syslog/Makefile.in +++ cyrus-imapd-2.3.17/syslog/Makefile.in @@ -55,8 +55,8 @@ DEFS = @DEFS@ CPPFLAGS = @CPPFLAGS@ LIBS = @LIBS@ -CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ +CFLAGS = @CFLAGS@ @PIE_CFLAGS@ +LDFLAGS = @LDFLAGS@ @PIE_LDFLAGS@ SHELL = /bin/sh MAKEDEPEND = @MAKEDEPEND@ Index: cyrus-imapd-2.3.17/timsieved/Makefile.in =================================================================== --- cyrus-imapd-2.3.17.orig/timsieved/Makefile.in +++ cyrus-imapd-2.3.17/timsieved/Makefile.in @@ -56,8 +56,8 @@ CYRUS_GROUP=@cyrus_group@ DEFS = @DEFS@ @LOCALDEFS@ CPPFLAGS = -I.. -I$(srcdir)/../sieve -I$(srcdir)/../imap -I$(srcdir)/../lib @COM_ERR_CPPFLAGS@ @CPPFLAGS@ @SASLFLAGS@ -CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ +CFLAGS = @CFLAGS@ @PIE_CFLAGS@ +LDFLAGS = @LDFLAGS@ @PIE_LDFLAGS@ prefix = @prefix@ exec_prefix = @exec_prefix@ Index: cyrus-imapd-2.3.17/com_err/et/Makefile.in =================================================================== --- cyrus-imapd-2.3.17.orig/com_err/et/Makefile.in +++ cyrus-imapd-2.3.17/com_err/et/Makefile.in @@ -58,8 +58,8 @@ DEFS = @DEFS@ CPPFLAGS = @CPPFLAGS@ LIBS = @LIBS@ -CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ +CFLAGS = @CFLAGS@ @PIE_CFLAGS@ +LDFLAGS = @LDFLAGS@ @PIE_LDFLAGS@ SHELL = /bin/sh ++++++ cyrus-imapd-2.4.17_ptloader-ldap_user_attribute.patch ++++++ diff --git a/lib/imapoptions b/lib/imapoptions index 464de37..98e0341 100644 --- a/lib/imapoptions +++ b/lib/imapoptions @@ -483,6 +483,9 @@ Blank lines and lines beginning with ``#'' are ignored. { "ldap_mech", NULL, STRING } /* SASL mechanism for LDAP authentication */ +{ "ldap_user_attribute", NULL, STRING } +/* Specify LDAP attribute to use as canonical user id */ + { "ldap_member_attribute", NULL, STRING } /* See ldap_member_method. */ diff --git a/ptclient/ldap.c b/ptclient/ldap.c index 7bd8664..b3507d1 100644 --- a/ptclient/ldap.c +++ b/ptclient/ldap.c @@ -158,6 +158,7 @@ typedef struct _ptsm { const char *tls_cert; const char *tls_key; int member_method; + const char *user_attribute; const char *member_attribute; const char *member_filter; const char *member_base; @@ -508,6 +509,8 @@ static void myinit(void) ptsm->member_base = config_getstring(IMAPOPT_LDAP_MEMBER_BASE); ptsm->member_attribute = (config_getstring(IMAPOPT_LDAP_MEMBER_ATTRIBUTE) ? config_getstring(IMAPOPT_LDAP_MEMBER_ATTRIBUTE) : config_getstring(IMAPOPT_LDAP_MEMBER_ATTRIBUTE)); + ptsm->user_attribute = (config_getstring(IMAPOPT_LDAP_USER_ATTRIBUTE) ? + config_getstring(IMAPOPT_LDAP_USER_ATTRIBUTE) : config_getstring(IMAPOPT_LDAP_USER_ATTRIBUTE)); p = config_getstring(IMAPOPT_LDAP_GROUP_SCOPE); if (!strcasecmp(p, "one")) { ptsm->group_scope = LDAP_SCOPE_ONELEVEL; @@ -790,7 +793,7 @@ static int ptsmodule_get_dn( char *authzid; #endif char *base = NULL, *filter = NULL; - char *attrs[] = {NULL}; + char *attrs[] = {LDAP_NO_ATTRS,NULL}; //do not return all attrs! LDAPMessage *res; LDAPMessage *entry; char *attr, **vals; @@ -887,8 +890,9 @@ static int ptsmodule_make_authstate_attribute( LDAPMessage *res = NULL; LDAPMessage *entry = NULL; char **vals = NULL; + char **rdn = NULL; int rc; - char *attrs[] = {(char *)ptsm->member_attribute,NULL}; + char *attrs[] = {(char *)ptsm->member_attribute,(char *)ptsm->user_attribute,NULL}; rc = ptsmodule_connect(); if (rc != PTSM_OK) { @@ -915,37 +919,69 @@ static int ptsmodule_make_authstate_attribute( } if ((entry = ldap_first_entry(ptsm->ld, res)) != NULL) { - int i, numvals; - - vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->member_attribute); - if (vals != NULL) { - numvals = ldap_count_values( vals ); - - *dsize = sizeof(struct auth_state) + - (numvals * sizeof(struct auth_ident)); - *newstate = xmalloc(*dsize); - if (*newstate == NULL) { - *reply = "no memory"; - rc = PTSM_FAIL; - goto done; - } - (*newstate)->ngroups = numvals; - - for (i = 0; i < numvals; i++) { - int j; - strcpy((*newstate)->groups[i].id, "group:"); - for(j =0; j < strlen(vals[i]); j++) { - if(Uisupper(vals[i][j])) - vals[i][j]=tolower(vals[i][j]); - } - strlcat((*newstate)->groups[i].id, vals[i], - sizeof((*newstate)->groups[i].id)); - (*newstate)->groups[i].hash = strhash((*newstate)->groups[i].id); - } - - ldap_value_free(vals); - vals = NULL; - } + int i, numvals; + + vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->member_attribute); + if (vals != NULL) { + numvals = ldap_count_values( vals ); + + *dsize = sizeof(struct auth_state) + + (numvals * sizeof(struct auth_ident)); + *newstate = xmalloc(*dsize); + if (*newstate == NULL) { + *reply = "no memory"; + rc = PTSM_FAIL; + goto done; + } + + (*newstate)->ngroups = numvals; + (*newstate)->userid.id[0] = '\0'; + for (i = 0; i < numvals; i++) { + int j; + strcpy((*newstate)->groups[i].id, "group:"); + rdn = ldap_explode_rdn(vals[i],1); + for (j = 0; j < strlen(rdn[0]); j++) { + if (Uisupper(rdn[0][j])) + rdn[0][j]=tolower(rdn[0][j]); + } + strlcat((*newstate)->groups[i].id, rdn[0], + sizeof((*newstate)->groups[i].id)); + (*newstate)->groups[i].hash = strhash((*newstate)->groups[i].id); + } + + ldap_value_free(rdn); + ldap_value_free(vals); + vals = NULL; + } + + if ((char *)ptsm->user_attribute) { + vals = ldap_get_values(ptsm->ld, entry, (char *)ptsm->user_attribute); + if (vals != NULL) { + numvals = ldap_count_values( vals ); + + if (numvals==1) { + if(!*newstate) { + *dsize = sizeof(struct auth_state); + *newstate = xmalloc(*dsize); + + if (*newstate == NULL) { + *reply = "no memory"; + rc = PTSM_FAIL; + goto done; + } + + (*newstate)->ngroups = 0; + } + + size=strlen(vals[0]); + strcpy((*newstate)->userid.id, ptsmodule_canonifyid(vals[0],size)); + (*newstate)->userid.hash = strhash((*newstate)->userid.id); + } + + ldap_value_free(vals); + vals = NULL; + } + } } if(!*newstate) { @@ -957,11 +993,14 @@ static int ptsmodule_make_authstate_attribute( goto done; } (*newstate)->ngroups = 0; + (*newstate)->userid.id[0] = '\0'; } - + /* fill in the rest of our new state structure */ - strcpy((*newstate)->userid.id, canon_id); - (*newstate)->userid.hash = strhash(canon_id); + if ((*newstate)->userid.id[0]=='\0') { + strcpy((*newstate)->userid.id, canon_id); + (*newstate)->userid.hash = strhash(canon_id); + } (*newstate)->mark = time(0); rc = PTSM_OK; ++++++ cyrus-imapd-2.4.17_tls-session-leak.patch ++++++ >From 2e106f14d21d19241830a881f888732d7d417ca9 Mon Sep 17 00:00:00 2001 From: Ken Murchison <[email protected]> Date: Mon, 27 Jan 2014 23:24:34 +0000 Subject: tls.c: don't setup external session cache until all other config/init is done on server context --- diff --git a/imap/tls.c b/imap/tls.c index 15ee656..6db4a2f 100644 --- a/imap/tls.c +++ b/imap/tls.c @@ -669,53 +669,6 @@ int tls_init_serverengine(const char *ident, SSL_CTX_set_options(s_ctx, off); SSL_CTX_set_info_callback(s_ctx, (void (*)()) apps_ssl_info_callback); - /* Don't use an internal session cache */ - SSL_CTX_sess_set_cache_size(s_ctx, 1); /* 0 is unlimited, so use 1 */ - SSL_CTX_set_session_cache_mode(s_ctx, SSL_SESS_CACHE_SERVER | - SSL_SESS_CACHE_NO_AUTO_CLEAR | - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP); - - /* Get the session timeout from the config file (in minutes) */ - timeout = config_getint(IMAPOPT_TLS_SESSION_TIMEOUT); - if (timeout < 0) timeout = 0; - if (timeout > 1440) timeout = 1440; /* 24 hours max */ - - /* A timeout of zero disables session caching */ - if (timeout) { - const char *fname = NULL; - char *tofree = NULL; - int r; - - /* Set the context for session reuse -- use the service ident */ - SSL_CTX_set_session_id_context(s_ctx, (void*) ident, strlen(ident)); - - /* Set the timeout for the internal/external cache (in seconds) */ - SSL_CTX_set_timeout(s_ctx, timeout*60); - - /* Set the callback functions for the external session cache */ - SSL_CTX_sess_set_new_cb(s_ctx, new_session_cb); - SSL_CTX_sess_set_remove_cb(s_ctx, remove_session_cb); - SSL_CTX_sess_set_get_cb(s_ctx, get_session_cb); - - fname = config_getstring(IMAPOPT_TLSCACHE_DB_PATH); - - /* create the name of the db file */ - if (!fname) { - tofree = strconcat(config_dir, FNAME_TLSSESSIONS, (char *)NULL); - fname = tofree; - } - - r = (DB->open)(fname, CYRUSDB_CREATE, &sessdb); - if (r != 0) { - syslog(LOG_ERR, "DBERROR: opening %s: %s", - fname, cyrusdb_strerror(ret)); - } - else - sess_dbopen = 1; - - free(tofree); - } - cipher_list = config_getstring(IMAPOPT_TLS_CIPHER_LIST); if (!SSL_CTX_set_cipher_list(s_ctx, cipher_list)) { syslog(LOG_ERR,"TLS server engine: cannot load cipher list '%s'", @@ -767,6 +720,53 @@ int tls_init_serverengine(const char *ident, } } + /* Don't use an internal session cache */ + SSL_CTX_sess_set_cache_size(s_ctx, 1); /* 0 is unlimited, so use 1 */ + SSL_CTX_set_session_cache_mode(s_ctx, SSL_SESS_CACHE_SERVER | + SSL_SESS_CACHE_NO_AUTO_CLEAR | + SSL_SESS_CACHE_NO_INTERNAL_LOOKUP); + + /* Get the session timeout from the config file (in minutes) */ + timeout = config_getint(IMAPOPT_TLS_SESSION_TIMEOUT); + if (timeout < 0) timeout = 0; + if (timeout > 1440) timeout = 1440; /* 24 hours max */ + + /* A timeout of zero disables session caching */ + if (timeout) { + const char *fname = NULL; + char *tofree = NULL; + int r; + + /* Set the context for session reuse -- use the service ident */ + SSL_CTX_set_session_id_context(s_ctx, (void*) ident, strlen(ident)); + + /* Set the timeout for the internal/external cache (in seconds) */ + SSL_CTX_set_timeout(s_ctx, timeout*60); + + /* Set the callback functions for the external session cache */ + SSL_CTX_sess_set_new_cb(s_ctx, new_session_cb); + SSL_CTX_sess_set_remove_cb(s_ctx, remove_session_cb); + SSL_CTX_sess_set_get_cb(s_ctx, get_session_cb); + + fname = config_getstring(IMAPOPT_TLSCACHE_DB_PATH); + + /* create the name of the db file */ + if (!fname) { + tofree = strconcat(config_dir, FNAME_TLSSESSIONS, (char *)NULL); + fname = tofree; + } + + r = (DB->open)(fname, CYRUSDB_CREATE, &sessdb); + if (r != 0) { + syslog(LOG_ERR, "DBERROR: opening %s: %s", + fname, cyrusdb_strerror(ret)); + } + else + sess_dbopen = 1; + + free(tofree); + } + tls_serverengine = 1; return (0); } -- cgit v0.9.2 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
