diff options
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 43 | ||||
-rw-r--r-- | doc/doc-txt/ChangeLog | 4 | ||||
-rw-r--r-- | doc/doc-txt/NewStuff | 4 | ||||
-rw-r--r-- | src/src/exim.c | 2 | ||||
-rw-r--r-- | src/src/lookups/dbmdb.c | 96 |
5 files changed, 143 insertions, 6 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index c13b8358d..ed9b0d710 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -6223,13 +6223,26 @@ using Berkeley DB versions 3 or 4, it opens existing databases for reading with the DB_UNKNOWN option. This enables it to handle any of the types of database that the library supports, and can be useful for accessing DBM files created by other applications. (For earlier DB versions, DB_HASH is always used.) +.new +.next +.cindex "lookup" "dbmjz" +.cindex "lookup" "dbm &-- embedded NULs" +.cindex "sasldb2" +.cindex "dbmjz lookup type" +&(dbmjz)&: This is the same as &(dbm)&, except that the lookup key is +interpreted as an Exim list; the elements of the list are joined together with +ASCII NUL characters to form the lookup key. An example usage would be to +authenticate incoming SMTP calls using the passwords from Cyrus SASL's +&_/etc/sasldb2_& file with the &(gsasl)& authenticator or Exim's own +&(cram_md5)& authenticator. +.wen .next .cindex "lookup" "dbmnz" .cindex "lookup" "dbm &-- terminating zero" .cindex "binary zero" "in lookup key" .cindex "Courier" .cindex "&_/etc/userdbshadow.dat_&" -.cindex "dmbnz lookup type" +.cindex "dbmnz lookup type" &(dbmnz)&: This is the same as &(dbm)&, except that a terminating binary zero is not included in the key that is passed to the DBM library. You may need this if you want to look up data in files that are created by or shared with some @@ -24179,6 +24192,20 @@ lookup_cram: Note that this expansion explicitly forces failure if the lookup fails because &$auth1$& contains an unknown user name. +.new +As another example, if you wish to re-use a Cyrus SASL sasldb2 file without +using the relevant libraries, you need to know the realm to specify in the +lookup and then ask for the &"userPassword"& attribute for that user in that +realm, with: +.code +cyrusless_crammd5: + driver = cram_md5 + public_name = CRAM-MD5 + server_secret = ${lookup{$auth1:mail.example.org:userPassword}\ + dbmjz{/etc/sasldb2}} + server_set_id = $auth1 +.endd +.wen .section "Using cram_md5 as a client" "SECID177" .cindex "options" "&(cram_md5)& authenticator (client)" @@ -24510,6 +24537,20 @@ An &'anonymous token'& is something passed along as an unauthenticated identifier; this is analogous to FTP anonymous authentication passing an email address, or software-identifier@, as the "password". + +An example showing the password having the realm specified in the callback +and demonstrating a Cyrus SASL to GSASL migration approach is: +.code +gsasl_cyrusless_crammd5: + driver = gsasl + public_name = CRAM-MD5 + server_realm = imap.example.org + server_password = ${lookup{$auth1:$auth3:userPassword}\ + dbmjz{/etc/sasldb2}{$value}fail} + server_set_id = ${quote:$auth1} + server_condition = yes +.endd + .wen . //////////////////////////////////////////////////////////////////////////// diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 1cd08bf70..f24e1a8f9 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -37,7 +37,9 @@ PP/08 cyrus_sasl server now expands the server_realm option. PP/09 Bugzilla 1214 - Log authentication information in reject log. Patch by Jeremy Harris. -PP/10 Let heimdal_gssapi authenticator take a SASL message without an authzid. +PP/10 Added dbmjz lookup type. + +PP/11 Let heimdal_gssapi authenticator take a SASL message without an authzid. Exim version 4.77 diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 057656c24..c25e51ba0 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -31,6 +31,10 @@ Version 4.78 4. New expansion variable $tls_bits. + 5. New lookup type, "dbmjz". Key is an Exim list, the elements of which will + be joined together with ASCII NUL characters to construct the key to pass + into the DBM library. + Version 4.77 ------------ diff --git a/src/src/exim.c b/src/src/exim.c index 4a690a783..8df6aed54 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -816,7 +816,7 @@ fprintf(f, "Lookups (built-in):"); fprintf(f, " cdb"); #endif #if defined(LOOKUP_DBM) && LOOKUP_DBM!=2 - fprintf(f, " dbm dbmnz"); + fprintf(f, " dbm dbmjz dbmnz"); #endif #if defined(LOOKUP_DNSDB) && LOOKUP_DNSDB!=2 fprintf(f, " dnsdb"); diff --git a/src/src/lookups/dbmdb.c b/src/src/lookups/dbmdb.c index de4ec0047..b4d6821ca 100644 --- a/src/src/lookups/dbmdb.c +++ b/src/src/lookups/dbmdb.c @@ -18,7 +18,7 @@ static void * dbmdb_open(uschar *filename, uschar **errmsg) { -EXIM_DB *yield; +EXIM_DB *yield = NULL; EXIM_DBOPEN(filename, O_RDONLY, 0, &yield); if (yield == NULL) { @@ -129,6 +129,84 @@ return dbmdb_find(handle, filename, keystring, length-1, result, errmsg, /************************************************* +* Find entry point - zero-joined list key * +*************************************************/ + +/* + * The parameter passed as a key is a list in normal Exim list syntax. + * The elements of that list are joined together on NUL, with no trailing + * NUL, to form the key. + */ + +static int +dbmjz_find(void *handle, uschar *filename, uschar *keystring, int length, + uschar **result, uschar **errmsg, BOOL *do_cache) +{ +uschar *key_item, *key_buffer, *key_p; +uschar *key_elems = keystring; +int buflen, bufleft, key_item_len, sep = 0; + +/* To a first approximation, the size of the lookup key needs to be about, +or less than, the length of the delimited list passed in + 1. */ + +buflen = length + 3; +key_buffer = store_get(buflen); + +key_buffer[0] = '\0'; + +key_p = key_buffer; +bufleft = buflen; + +/* In all cases of an empty list item, we can set 1 and advance by 1 and then +pick up the trailing NUL from the previous list item, EXCEPT when at the +beginning of the output string, in which case we need to supply that NUL +ourselves. */ +while ((key_item = string_nextinlist(&key_elems, &sep, key_p, bufleft)) != NULL) + { + key_item_len = Ustrlen(key_item) + 1; + if (key_item_len == 1) + { + key_p[0] = '\0'; + if (key_p == key_buffer) + { + key_p[1] = '\0'; + key_item_len += 1; + } + } + + bufleft -= key_item_len; + if (bufleft <= 0) + { + /* The string_nextinlist() will stop at buffer size, but we should always + have at least 1 character extra, so some assumption has failed. */ + *errmsg = string_copy(US"Ran out of buffer space for joining elements"); + return DEFER; + } + key_p += key_item_len; + } + +if (key_p == key_buffer) + { + *errmsg = string_copy(US"empty list key"); + return FAIL; + } + +/* We do not pass in the final NULL; if needed, the list should include an +empty element to put one in. Boundary: key length 1, is a NULL */ +key_item_len = key_p - key_buffer - 1; + +DEBUG(D_lookup) debug_printf("NUL-joined key length: %d\n", key_item_len); + +/* beware that dbmdb_find() adds 1 to length to get back terminating NUL, so +because we've calculated the real length, we need to subtract one more here */ +return dbmdb_find(handle, filename, + key_buffer, key_item_len - 1, + result, errmsg, do_cache); +} + + + +/************************************************* * Close entry point * *************************************************/ @@ -183,11 +261,23 @@ lookup_info dbmz_lookup_info = { NULL /* no version reporting (redundant) */ }; +lookup_info dbmjz_lookup_info = { + US"dbmjz", /* lookup name */ + lookup_absfile, /* uses absolute file name */ + dbmdb_open, /* sic */ /* open function */ + dbmdb_check, /* sic */ /* check function */ + dbmjz_find, /* find function */ + dbmdb_close, /* sic */ /* close function */ + NULL, /* no tidy function */ + NULL, /* no quoting function */ + NULL /* no version reporting (redundant) */ +}; + #ifdef DYNLOOKUP #define dbmdb_lookup_module_info _lookup_module_info #endif -static lookup_info *_lookup_list[] = { &dbm_lookup_info, &dbmz_lookup_info }; -lookup_module_info dbmdb_lookup_module_info = { LOOKUP_MODULE_INFO_MAGIC, _lookup_list, 2 }; +static lookup_info *_lookup_list[] = { &dbm_lookup_info, &dbmz_lookup_info, &dbmjz_lookup_info }; +lookup_module_info dbmdb_lookup_module_info = { LOOKUP_MODULE_INFO_MAGIC, _lookup_list, 3 }; /* End of lookups/dbmdb.c */ |