Can someone have a look at this patch for Postfix >= 2.5? The patch for Postfix 2.3 does not work because I had to add a "SASL mechanism filter" feature.
Wietse *** xsasl_dovecot_server.c.orig Sun Mar 16 19:09:04 2008 --- xsasl_dovecot_server.c Wed Feb 11 10:26:37 2009 *************** *** 65,70 **** --- 65,71 ---- #include <vstring_vstream.h> #include <name_mask.h> #include <argv.h> + #include <myaddrinfo.h> /* Global library. */ *************** *** 162,167 **** --- 163,170 ---- unsigned int sec_props; /* Postfix mechanism filter */ char *mechanism_list; /* filtered mechanism list */ ARGV *mechanism_argv; /* ditto */ + MAI_HOSTADDR_STR server_addr; /* local IP address */ + MAI_HOSTADDR_STR client_addr; /* remote IP address */ } XSASL_DOVECOT_SERVER; /* *************** *** 379,391 **** /* xsasl_dovecot_server_create - create server instance */ static XSASL_SERVER *xsasl_dovecot_server_create(XSASL_SERVER_IMPL *impl, ! VSTREAM *unused_stream, const char *service, const char *realm, const char *sec_props) { const char *myname = "xsasl_dovecot_server_create"; XSASL_DOVECOT_SERVER *server; if (msg_verbose) msg_info("%s: SASL service=%s, realm=%s", --- 382,397 ---- /* xsasl_dovecot_server_create - create server instance */ static XSASL_SERVER *xsasl_dovecot_server_create(XSASL_SERVER_IMPL *impl, ! VSTREAM *stream, const char *service, const char *realm, const char *sec_props) { const char *myname = "xsasl_dovecot_server_create"; XSASL_DOVECOT_SERVER *server; + struct sockaddr_storage ss; + struct sockaddr *sa = (struct sockaddr *) & ss; + SOCKADDR_SIZE salen = sizeof(ss); if (msg_verbose) msg_info("%s: SASL service=%s, realm=%s", *************** *** 413,418 **** --- 419,435 ---- name_mask_opt(myname, xsasl_dovecot_conf_sec_props, sec_props, NAME_MASK_ANY_CASE | NAME_MASK_FATAL); + /* + * XXX This is not the right place: it ignores client overrides with the + * XCLIENT command. + */ + if (getpeername(vstream_fileno(stream), sa, &salen) < 0 + || sockaddr_to_hostaddr(sa, salen, &server->client_addr, 0, 0) != 0) + server->client_addr.buf[0] = 0; + if (getsockname(vstream_fileno(stream), sa, &salen) < 0 + || sockaddr_to_hostaddr(sa, salen, &server->server_addr, 0, 0) != 0) + server->server_addr.buf[0] = 0; + return (&server->xsasl); } *************** *** 605,613 **** /* send the request */ server->last_request_id = ++server->impl->request_id_counter; vstream_fprintf(server->impl->sasl_stream, ! "AUTH\t%u\t%s\tservice=%s\tnologin", server->last_request_id, sasl_method, ! server->service); if (init_response) { /* --- 622,631 ---- /* send the request */ server->last_request_id = ++server->impl->request_id_counter; vstream_fprintf(server->impl->sasl_stream, ! "AUTH\t%u\t%s\tservice=%s\tlip=%s\trip=%s", server->last_request_id, sasl_method, ! server->service, server->client_addr.buf, ! server->server_addr.buf); if (init_response) { /*