On Thu, Nov 15, 2012 at 07:55:20AM +0100, Alexander Hall wrote:
> On 09/24/12 09:10, Brad Smith wrote:
> > On Fri, Sep 21, 2012 at 03:09:39AM +0200, Alexander Hall wrote:
> >> Hi,
> >>
> >> Currently, dovecot does not supply a type to auth_userokay(), leaving
> >> only the default "auth=..." login capability for configuring access to
> >> its services.
> >>
> >> This is annoying, as it requires you to set auth=... and then explicity
> >> close any services you don't want to expose, like "auth-ssh=" etc.
> >> Obviously, this could very well lead to an incomplete list of disabled
> >> services, causing all sorts of discomfort for the user and/or system
> >> administrator.
> >>
> >> This diff introduces "auth-$service" as type, allowing stuff like this
> >> in login.conf:
> >>
> >> default:\
> >> :auth=passwd,skey:\
> >> :auth-imap=:\
> >> :auth-pop3=:
> >>
> >> mailonly:\
> >> :auth=:\
> >> :auth-smtp:\
> >> :auth-imap:\
> >> :auth-pop3:\
> >> ...
> >>
> >> Again, bumped REVISION, since that seemed like the thing to do.
> >>
> >> OK? Comments? Should go upstream instead?
> >>
> >> /Alexander
> >
> > Send this upstream to Timo first. I just don't want to have a patch
> > in the port that he will not necessarily accept.
> >
>
> The following was suggested by Timo, stating "I was thinking I'd add
> the patch to v2.2", but it does not seem to be there yet.
>
> Is that good enough or do we want to await the exact outcome, in case
> it differs?
I'd prefer to wait a bit until he commits it to the tree. If he doesn't
commit it by the weekend then try e-mailing him as a follow up and CC
me. Depending on when and if he responds I will follow up with him.
> /Alexander
>
>
> Index: Makefile
> ===================================================================
> RCS file: /data/openbsd/cvs/ports/mail/dovecot/Makefile,v
> retrieving revision 1.193
> diff -u -p -r1.193 Makefile
> --- Makefile 25 Sep 2012 20:05:46 -0000 1.193
> +++ Makefile 22 Oct 2012 21:14:10 -0000
> @@ -11,6 +11,8 @@ COMMENT-postgresql= PostgreSQL authentic
> V_MAJOR= 2.1
> V_DOVECOT= 2.1.10
>
> +REVISION= 0
> +
> DISTNAME= dovecot-${V_DOVECOT}
> PKGNAME= dovecot-${V_DOVECOT}
> PKGNAME-server= dovecot-${V_DOVECOT}
> Index: patches/patch-src_auth_passdb-bsdauth_c
> ===================================================================
> RCS file: patches/patch-src_auth_passdb-bsdauth_c
> diff -N patches/patch-src_auth_passdb-bsdauth_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_auth_passdb-bsdauth_c 29 Oct 2012 21:42:46 -0000
> @@ -0,0 +1,21 @@
> +$OpenBSD$
> +--- src/auth/passdb-bsdauth.c.orig Sun Feb 12 17:55:54 2012
> ++++ src/auth/passdb-bsdauth.c Mon Oct 29 22:42:37 2012
> +@@ -18,6 +18,7 @@ bsdauth_verify_plain(struct auth_request *request, con
> + verify_plain_callback_t *callback)
> + {
> + struct passwd pw;
> ++ const char *type;
> + int result;
> +
> + auth_request_log_debug(request, "bsdauth", "lookup");
> +@@ -35,7 +36,8 @@ bsdauth_verify_plain(struct auth_request *request, con
> + }
> +
> + /* check if the password is valid */
> +- result = auth_userokay(request->user, NULL, NULL,
> ++ type = t_strdup_printf("auth-%s", request->service);
> ++ result = auth_userokay(request->user, NULL, t_strdup_noconst(type),
> + t_strdup_noconst(password));
> +
> + /* clear the passwords from memory */
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
