On 09/24/12 09:10, Brad Smith wrote:
> On Fri, Sep 21, 2012 at 03:09:39AM +0200, Alexander Hall wrote:
>> Hi,
>>
>> Currently, dovecot does not supply a type to auth_userokay(), leaving
>> only the default "auth=..." login capability for configuring access to
>> its services.
>>
>> This is annoying, as it requires you to set auth=... and then explicity
>> close any services you don't want to expose, like "auth-ssh=" etc.
>> Obviously, this could very well lead to an incomplete list of disabled
>> services, causing all sorts of discomfort for the user and/or system
>> administrator.
>>
>> This diff introduces "auth-$service" as type, allowing stuff like this
>> in login.conf:
>>
>> default:\
>> :auth=passwd,skey:\
>> :auth-imap=:\
>> :auth-pop3=:
>>
>> mailonly:\
>> :auth=:\
>> :auth-smtp:\
>> :auth-imap:\
>> :auth-pop3:\
>> ...
>>
>> Again, bumped REVISION, since that seemed like the thing to do.
>>
>> OK? Comments? Should go upstream instead?
>>
>> /Alexander
>
> Send this upstream to Timo first. I just don't want to have a patch
> in the port that he will not necessarily accept.
>
The following was suggested by Timo, stating "I was thinking I'd add
the patch to v2.2", but it does not seem to be there yet.
Is that good enough or do we want to await the exact outcome, in case
it differs?
/Alexander
Index: Makefile
===================================================================
RCS file: /data/openbsd/cvs/ports/mail/dovecot/Makefile,v
retrieving revision 1.193
diff -u -p -r1.193 Makefile
--- Makefile 25 Sep 2012 20:05:46 -0000 1.193
+++ Makefile 22 Oct 2012 21:14:10 -0000
@@ -11,6 +11,8 @@ COMMENT-postgresql= PostgreSQL authentic
V_MAJOR= 2.1
V_DOVECOT= 2.1.10
+REVISION= 0
+
DISTNAME= dovecot-${V_DOVECOT}
PKGNAME= dovecot-${V_DOVECOT}
PKGNAME-server= dovecot-${V_DOVECOT}
Index: patches/patch-src_auth_passdb-bsdauth_c
===================================================================
RCS file: patches/patch-src_auth_passdb-bsdauth_c
diff -N patches/patch-src_auth_passdb-bsdauth_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_auth_passdb-bsdauth_c 29 Oct 2012 21:42:46 -0000
@@ -0,0 +1,21 @@
+$OpenBSD$
+--- src/auth/passdb-bsdauth.c.orig Sun Feb 12 17:55:54 2012
++++ src/auth/passdb-bsdauth.c Mon Oct 29 22:42:37 2012
+@@ -18,6 +18,7 @@ bsdauth_verify_plain(struct auth_request *request, con
+ verify_plain_callback_t *callback)
+ {
+ struct passwd pw;
++ const char *type;
+ int result;
+
+ auth_request_log_debug(request, "bsdauth", "lookup");
+@@ -35,7 +36,8 @@ bsdauth_verify_plain(struct auth_request *request, con
+ }
+
+ /* check if the password is valid */
+- result = auth_userokay(request->user, NULL, NULL,
++ type = t_strdup_printf("auth-%s", request->service);
++ result = auth_userokay(request->user, NULL, t_strdup_noconst(type),
+ t_strdup_noconst(password));
+
+ /* clear the passwords from memory */
