Package: exim4
Tags: patch
Hi!
The patch below links exim4-daemon-heavy to libgsasl to enable the
'gsasl' authenticator support in exim, see:
https://exim.org/exim-html-current/doc/html/spec_html/ch-the_gsasl_authenticator.html
This makes it possible to enable SCRAM-SHA-1 and SCRAM-SHA-256 in Exim
via libgsasl.
Any chance this could make it into bullseye? Thanks :)
I have done some testing using a minimal gsasl driver, and it seems to
work. Configuration on the server side:
root@sid:/etc/exim4# cat conf.d/auth/50-sid
gsasl:
driver = gsasl
public_name = SCRAM-SHA-1
server_password = foo
server_set_id = ${quote:$auth1}
server_condition = yes
root@sid:/etc/exim4#
Client side works:
jas@latte:~$ LANG=C gsasl x.y.z.q 587 --no-starttls --mechanism SCRAM-SHA-1 -a
jas --password foo -d
Trying 'x.y.z.q'...
220 sid ESMTP Exim 4.94 Sat, 23 Jan 2021 22:20:48 +
EHLO [127.0.0.1]
250-sid Hello ...
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-PIPE_CONNECT
250-AUTH SCRAM-SHA-1
250-CHUNKING
250-STARTTLS
250-PRDR
250 HELP
AUTH SCRAM-SHA-1
334
biwsbj1qYXMscj1oOEh0TmFxci9UclA4eDlrbHlOeFhQTWc=
334
cj1oOEh0TmFxci9UclA4eDlrbHlOeFhQTWdPYkNqUnQ2OFU1Y0pJblR5ZWtyam12aVEscz15QnU1N3JNN3RwenFlNUpiLGk9NDA5Ng==
Yz1iaXdzLHI9aDhIdE5hcXIvVHJQOHg5a2x5TnhYUE1nT2JDalJ0NjhVNWNKSW5UeWVrcmptdmlRLHA9V1hVWGliY05tYTVZMk9UVExqQnlmWUNJT1NVPQ==
334 dj1pNkgzeW9IWWhVTXJxdERYd3VPaURYM0t6T2s9
235 Authentication succeeded
Client authentication finished (server trusted)...
Session finished...
QUIT
221 sid closing connection
jas@latte:~$
/Simon
diff --git a/debian/EDITME.exim4-heavy.diff b/debian/EDITME.exim4-heavy.diff
index b95c091d..d9943647 100644
--- a/debian/EDITME.exim4-heavy.diff
+++ b/debian/EDITME.exim4-heavy.diff
@@ -76,7 +76,7 @@
# If you have content scanning you may wish to only include some of the scanner
# interfaces. Uncomment any of these lines to remove that code.
-@@ -757,8 +760,8 @@
+@@ -757,9 +760,9 @@
# configuration to make use of the mechanism(s) selected.
AUTH_CRAM_MD5=yes
@@ -85,8 +85,10 @@
+AUTH_CYRUS_SASL=yes
+AUTH_DOVECOT=yes
# AUTH_EXTERNAL=yes
- # AUTH_GSASL=yes
+-# AUTH_GSASL=yes
++AUTH_GSASL=yes
# AUTH_GSASL_PC=libgsasl
+ # AUTH_HEIMDAL_GSSAPI=yes
@@ -766,8 +769,8 @@
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
@@ -103,7 +105,7 @@
# Ditto for AUTH_HEIMDAL_GSSAPI(_PC).
-# AUTH_LIBS=-lsasl2
-+AUTH_LIBS=-lsasl2
++AUTH_LIBS=-lsasl2 -lgsasl
# AUTH_LIBS=-lgsasl
# AUTH_LIBS=-lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lhcrypto -lasn1 -lwind -lroken -lcrypt
diff --git a/debian/changelog b/debian/changelog
index fa073995..681abcbd 100644
diff --git a/debian/control b/debian/control
index 31390e45..5ef32e4a 100644
--- a/debian/control
+++ b/debian/control
@@ -17,6 +17,7 @@ Build-Depends:
docbook-xsl,
libdb5.3-dev,
libgnutls28-dev (>= 3.5.7),
+ libgsasl7-dev,
libident-dev,
libidn11-dev,
libidn2-dev,
signature.asc
Description: PGP signature