Re: smtpd xclient and sasl

Wed, 28 Jan 2015 12:08:59 -0800 

Matthew Via:
> We use postfix with dovecot as a sasl backend, and have run into a small
> issue with the XCLIENT extension and SASL.  smtpd_sasl_activate is
> called only upon the initial connection to smtpd, and that sets the sasl
> structure to using the socket's remote ip address.  When XCLIENT is
> used, a new ip address is specified but the sasl structure is not
> updated.  The logic appears to be correct with the STARTTLS command, so
> I applied similar logic to the XCLIENT command in postfix 2.6.6, since 
> that is what we're using currently.

You need to guard the smtpd_sasl_activate() calls with 
"if (smtpd_sasl_enable)".

        Wietse

> --- postfix-2.6.6-orig/src/smtpd/smtpd.c  2015-01-28 12:24:49.000000000 -0500
> +++ postfix-2.6.6/src/smtpd/smtpd.c 2015-01-28 12:30:30.000000000 -0500
> @@ -3592,8 +3592,18 @@ static int xclient_cmd(SMTPD_STATE *stat
>   state->protocol = mystrdup(MAIL_PROTO_SMTP);
>      }
>  #ifdef USE_SASL_AUTH
> -    if (smtpd_sasl_is_active(state))
> +    if (smtpd_sasl_is_active(state)) {
>   smtpd_sasl_auth_reset(state);
> +    smtpd_sasl_deactivate(state);
> +    }
> +    if (smtpd_sasl_is_active(state) == 0) { 
> +        if (state->tls_context == 0)
> +            smtpd_sasl_activate(state, VAR_SMTPD_SASL_OPTS, 
> +                                var_smtpd_sasl_opts);
> +        else
> +            smtpd_sasl_activate(state, VAR_SMTPD_SASL_TLS_OPTS, 
> +                                var_smtpd_sasl_tls_opts);
> +    }
>  #endif
>      chat_reset(state, 0);
>      mail_reset(state);
> 
> 
> Does this look like the correct way to handle it? It does fix the issue
> and dovecot logs the correct XCLIENT-provided address, for both TLS
> and plain.
> 
> I moved this to the latest 2.11.3 for submission, but this probably 
> needs to be fixed, I'm not 100% sure about the got_login logic, so 
> I left it alone.
> 
> --- postfix-2.11.3-orig/src/smtpd/smtpd.c 2015-01-28 13:02:48.494510734 -0500
> +++ postfix-2.11.3/src/smtpd/smtpd.c  2015-01-28 13:48:32.050175395 -0500
> @@ -3851,7 +3851,19 @@ static int xclient_cmd(SMTPD_STATE *stat
>      }
>  #ifdef USE_SASL_AUTH
>      if (got_login == 0)
> - smtpd_sasl_auth_reset(state);
> +        smtpd_sasl_auth_reset(state);
> +    if (smtpd_sasl_is_active(state)) {
> +        smtpd_sasl_auth_reset(state);
> +        smtpd_sasl_deactivate(state);
> +    }
> +    if (smtpd_sasl_is_active(state) == 0) {
> +        if (state->tls_context == 0)
> +            smtpd_sasl_activate(state, VAR_SMTPD_SASL_OPTS,
> +                                var_smtpd_sasl_opts);
> +        else
> +            smtpd_sasl_activate(state, VAR_SMTPD_SASL_TLS_OPTS,
> +                                var_smtpd_sasl_tls_opts);
> +    }
>  #endif
>      chat_reset(state, 0);
>      mail_reset(state);
> 
> 
> Thank you,
> Matthew
-- End of PGP section, PGP failed!

Reply via email to