Fix authorized connections rejection (#175898). Actually use queueID patch committed earlier.

Package-Manager: portage-2.1.3.9
author: Alin Năstac <mrness@gentoo.org> 2007-10-12 22:30:05 +0000
committer: Alin Năstac <mrness@gentoo.org> 2007-10-12 22:30:05 +0000
commit: c0f58d50e0677b150e9d7d6d8cc0fcc24f3a9dea (patch)
tree: 84a813d375503df57584bf4ca920be4dc0b2c7fb /mail-filter
parent: version bump (diff)
download: historical-c0f58d50e0677b150e9d7d6d8cc0fcc24f3a9dea.tar.gz
historical-c0f58d50e0677b150e9d7d6d8cc0fcc24f3a9dea.tar.bz2
historical-c0f58d50e0677b150e9d7d6d8cc0fcc24f3a9dea.zip
4 files changed, 199 insertions, 14 deletions
diff --git a/mail-filter/sid-milter/ChangeLog b/mail-filter/sid-milter/ChangeLog
index 2d5cfd60251d..dee2df268dac 100644
--- a/mail-filter/sid-milter/ChangeLog
+++ b/mail-filter/sid-milter/ChangeLog
@@ -1,15 +1,16 @@
 # ChangeLog for mail-filter/sid-milter
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/mail-filter/sid-milter/ChangeLog,v 1.4 2007/10/12 22:04:46 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-filter/sid-milter/ChangeLog,v 1.5 2007/10/12 22:30:04 mrness Exp $
 
 *sid-milter-0.2.14 (12 Oct 2007)
 
   12 Oct 2007; Alin Năstac <mrness@gentoo.org>
-  -files/sid-milter-0.2.13-queueID.patch,
+  -files/sid-milter-0.2.13-queueID.patch, +files/sid-milter-0.2.14-auth.patch,
   +files/sid-milter-0.2.14-postfix-queueID.patch, +files/gentoo.config.m4,
   -files/site.config.m4, -sid-milter-0.2.13.ebuild,
   +sid-milter-0.2.14.ebuild:
   Version bump, thanks to Jan Oravec <jan dot oravec at 6com dot sk> (#178501).
+  Fix authorized connections rejection (#175898).
 
   19 Jul 2006; Tuấn Văn <langthang@gentoo.org>
   files/sid-milter-0.2.13-queueID.patch:
diff --git a/mail-filter/sid-milter/Manifest b/mail-filter/sid-milter/Manifest
index 7374dac926ec..ee573d390354 100644
--- a/mail-filter/sid-milter/Manifest
+++ b/mail-filter/sid-milter/Manifest
@@ -13,19 +13,23 @@ AUX sid-filter.init 561 RMD160 4985cd7b429af32795bb8f36bcdbeca248f33882 SHA1 81c
 MD5 ec943bd2f46564faa563a4ca75f859e5 files/sid-filter.init 561
 RMD160 4985cd7b429af32795bb8f36bcdbeca248f33882 files/sid-filter.init 561
 SHA256 dbdcd808d4c1e486fb314c36142392c54ebe094a6504e452bd7227d47b8c875f files/sid-filter.init 561
+AUX sid-milter-0.2.14-auth.patch 4871 RMD160 a12bec83c53e1fd5955ebe12999ac78ac997442b SHA1 dd4b0babad87bdf2601858c03f92c2182bb0225b SHA256 eb02d7f6211ed923ba5ac445674d02a87ba63148045e09437eea83f3494e5f0a
+MD5 1bc154f8acdf71491c3526c404ebf9b8 files/sid-milter-0.2.14-auth.patch 4871
+RMD160 a12bec83c53e1fd5955ebe12999ac78ac997442b files/sid-milter-0.2.14-auth.patch 4871
+SHA256 eb02d7f6211ed923ba5ac445674d02a87ba63148045e09437eea83f3494e5f0a files/sid-milter-0.2.14-auth.patch 4871
 AUX sid-milter-0.2.14-postfix-queueID.patch 652 RMD160 59898e1fd420e9d6cbe11e8b0ea6f36e20cecaa8 SHA1 91ce8b3fb2b62018d4110f1623832445429583b6 SHA256 9179a2044d75be31ae3e809d24f7d910944102cde1a82fd189982595a96c513e
 MD5 db751c89719d35bbc5268a86c17158ae files/sid-milter-0.2.14-postfix-queueID.patch 652
 RMD160 59898e1fd420e9d6cbe11e8b0ea6f36e20cecaa8 files/sid-milter-0.2.14-postfix-queueID.patch 652
 SHA256 9179a2044d75be31ae3e809d24f7d910944102cde1a82fd189982595a96c513e files/sid-milter-0.2.14-postfix-queueID.patch 652
 DIST sid-milter-0.2.14.tar.gz 341800 RMD160 9ec66020cea15d7f3c2148e8965a2d4b07f233db SHA1 99c13d05599c4abeb54f26db2d03e2e83505f5b7 SHA256 018ccf8276245e1311f91d305c563cec6c40430430376b8151bb6a473d8cd90e
-EBUILD sid-milter-0.2.14.ebuild 1464 RMD160 edbc4ab059e42c0f68cd8821d89cce4d5aafc5c7 SHA1 e66e8d04f4b3a9f52b7566b1cc986c40cf549232 SHA256 9159a35ac88cfbe1bbea0a7aff1b698df0de45d4ad6f3bdf097866410f23db97
-MD5 8c43095b1e39347bd14d248637e15608 sid-milter-0.2.14.ebuild 1464
-RMD160 edbc4ab059e42c0f68cd8821d89cce4d5aafc5c7 sid-milter-0.2.14.ebuild 1464
-SHA256 9159a35ac88cfbe1bbea0a7aff1b698df0de45d4ad6f3bdf097866410f23db97 sid-milter-0.2.14.ebuild 1464
-MISC ChangeLog 951 RMD160 3ac98693ce8d2c92ef1c4d6ea4f1167a9ee1ece0 SHA1 f7b123db3a42b1ea9995774bb3a8153d7b2e673e SHA256 765486256ddfee28ae35ac92d2600aaa511ca2cf6f87317ae3293b71183acbfb
-MD5 c3f3a63b7214e710eefb1cbff392332e ChangeLog 951
-RMD160 3ac98693ce8d2c92ef1c4d6ea4f1167a9ee1ece0 ChangeLog 951
-SHA256 765486256ddfee28ae35ac92d2600aaa511ca2cf6f87317ae3293b71183acbfb ChangeLog 951
+EBUILD sid-milter-0.2.14.ebuild 1657 RMD160 225ea5286cce5e1e54351ca6f76b006ae8295cfd SHA1 42821cdd0466d8ecfb11e02983457ed83a9b846a SHA256 a52b58d79d8d5f944dc438c253c248d50df4733171007a53a94188c84d6c3e15
+MD5 18df06ea8e8927afb94a6c0285931eb3 sid-milter-0.2.14.ebuild 1657
+RMD160 225ea5286cce5e1e54351ca6f76b006ae8295cfd sid-milter-0.2.14.ebuild 1657
+SHA256 a52b58d79d8d5f944dc438c253c248d50df4733171007a53a94188c84d6c3e15 sid-milter-0.2.14.ebuild 1657
+MISC ChangeLog 1038 RMD160 90b8f6a8d428dde612623a4c27393fdcea0c0707 SHA1 82ac4e2ede362912db20cd13fa7b74857cf9044a SHA256 f62b0cc22f888869bcda25e7a8097525c14fa0986d348ee82223b03be4d91cb2
+MD5 20871c7d7340199209ecc69c0e2b5b80 ChangeLog 1038
+RMD160 90b8f6a8d428dde612623a4c27393fdcea0c0707 ChangeLog 1038
+SHA256 f62b0cc22f888869bcda25e7a8097525c14fa0986d348ee82223b03be4d91cb2 ChangeLog 1038
 MISC metadata.xml 221 RMD160 3f13d342b35e471ab3bc6d5b6a491918688ea452 SHA1 1e4ce4ec962e1bae402fdce6f17a1729e1efb4e2 SHA256 9d7907404731a8635f1fb42c8901da3d996aa936fd23e67159a38cf48bb90e0f
 MD5 f1c604a8eaa7929364a593541a1d0efe metadata.xml 221
 RMD160 3f13d342b35e471ab3bc6d5b6a491918688ea452 metadata.xml 221
@@ -36,7 +40,7 @@ SHA256 f89c8286e398e45e83336a6fb077d10b4e7778425ea13bb70b63a1b47398be08 files/di
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.7 (GNU/Linux)
 
-iD8DBQFHD++IVSA5X31g7/gRAkH1AJ0UZLUlg17NF1ZcGa5pW5n+xQ+F6wCbBacq
-d8Vx4ES1aYYWrbixLidqHRE=
-=bafi
+iD8DBQFHD/V3VSA5X31g7/gRAmcDAJ47eVfJDp8ShYXI6AHFvRAE2xHKygCZAdst
+G4VVF75vhd9Fs3nyCUut+ug=
+=BSQX
 -----END PGP SIGNATURE-----
diff --git a/mail-filter/sid-milter/files/sid-milter-0.2.14-auth.patch b/mail-filter/sid-milter/files/sid-milter-0.2.14-auth.patch
new file mode 100644
index 000000000000..fd016df60215
--- /dev/null
+++ b/mail-filter/sid-milter/files/sid-milter-0.2.14-auth.patch
@@ -0,0 +1,173 @@
+# HG changeset patch
+# User root@sodarock.com
+# Date Sun Dec 03 22:38:00 2006 -0800
+# Node ID 5edf430464ebbfd54c1985feca5020983635a365
+# parent: eb44f95bb7cd44e331a3c76bee43474533643f15
+Imported the auth patch from Adrian Havill <havill@redhat.com>
+
+
+--- a/sid-filter/sid-filter.c	Sun Dec 03 22:35:00 2006 -0800
++++ b/sid-filter/sid-filter.c	Sun Dec 03 22:38:00 2006 -0800
+@@ -1928,11 +1928,11 @@ mlfi_eom(SMFICTX *ctx)
+ {
+ 	sfsistat ret;
+ 	int status;
+-	int sid_result;
+-	int spf_result;
++	int sid_result, spf_result, auth_result;
+ 	int reason;
+ 	Context sic;
+ 	const char *hostname;
++        char *auth_type, *auth_author, *auth_ssf, *auth_authen;
+ 	const char *expl;
+ 	char *badaddr;
+ 	char *which;
+@@ -1964,6 +1964,13 @@ mlfi_eom(SMFICTX *ctx)
+ 	if (hostname == NULL)
+ 		hostname = HOSTUNKNOWN;
+ 
++	auth_authen = smfi_getsymval(ctx, "{auth_authen}");
++	auth_type = smfi_getsymval(ctx, "{auth_type}");
++	auth_ssf = smfi_getsymval(ctx, "{auth_ssf}");
++	auth_author = smfi_getsymval(ctx, "{auth_author}");
++
++        auth_result = auth_authen != NULL && strlen(auth_authen) != 0;
++
+ 	/* assume we're accepting */
+ 	ret = SMFIS_ACCEPT;
+ 
+@@ -1986,7 +1993,7 @@ mlfi_eom(SMFICTX *ctx)
+ 	snprintf(pra, sizeof pra, "%s@%s", sic->ctx_local, sic->ctx_domain);
+ 	status = sid_marid_check(sic, SM_SCOPE_PRA, ip, pra, &sid_result,
+ 	                         &reason, &expl);
+-	if (status != 0)
++	if (!auth_result && status != 0)
+ 	{
+ 		if (dolog)
+ 		{
+@@ -2020,20 +2027,64 @@ mlfi_eom(SMFICTX *ctx)
+ 	/* construct the status header's content */
+ 	sm_strlcpy(prahdr, sic->ctx_pra->hdr_hdr, sizeof prahdr);
+ 	sid_lowercase(prahdr);
+-	snprintf(stathdr, sizeof stathdr, "%s %s=%s; sender-id=", hostname,
++	snprintf(stathdr, sizeof stathdr, "%s header.%s=%s; sender-id=", hostname,
+ 	         prahdr, pra);
+ 	sid_stat_header(sid_result, reason, expl, stathdr, sizeof stathdr);
+ 
+ 	/* save error message for use in SMTP reply*/
+ 	sid_stat_header(sid_result, reason, expl, sid_errmsg,
+ 	                sizeof sid_errmsg);
++
++        /*
++        **  Put the status header in place.
++        */
++ 
++        if (!auth_result && stathdr[0] != '\0' &&
++            smfi_insheader(ctx, 1, AUTHRESULTSHDR, stathdr) != MI_SUCCESS)
++        {
++                if (dolog)
++                {
++                        syslog(LOG_ERR, "%s smfi_insheader() failed",
++                               sic->ctx_jobid);
++                }
++ 
++                sid_msgcleanup(ctx);
++                return SMFIS_TEMPFAIL;
++        }
++ 
++        snprintf(stathdr, sizeof stathdr, "%s smtp.mail=%s", hostname, sic->ctx_sender != NULL && strlen(sic->ctx_sender) != 0 ? sic->ctx_sender : pra /*FIXME*/);
++ 
++        /*
++        **  Run the SMTP authentication test
++        */
++ 
++        if (auth_result) {
++            sm_strlcat(stathdr, "; auth=", sizeof stathdr);
++ 
++            /* positive = pass, 0 = neutral, negative = fail (not used) */
++ 
++            sm_strlcat(stathdr, auth_result > 0 ? "pass" : "fail", sizeof stathdr);
++ 
++            /* plain, cram-md5, etc... */
++ 
++            if (auth_type != NULL && strlen(auth_type) != 0) {
++                sm_strlcat(stathdr, " (", sizeof stathdr);
++                sm_strlcat(stathdr, auth_type, sizeof stathdr);
++                if (auth_ssf != NULL && atoi(auth_ssf) > 1) {
++                    sm_strlcat(stathdr, " ", sizeof stathdr);
++                    sm_strlcat(stathdr, auth_ssf, sizeof stathdr);
++                    sm_strlcat(stathdr, " bits", sizeof stathdr);
++                }
++                sm_strlcat(stathdr, ")", sizeof stathdr);
++            }
++        }
+ 
+ 	/*
+ 	**  Run the "SPF classic" query if the envelope sender wasn't
+ 	**  empty.
+ 	*/
+ 
+-	if (sic->ctx_sender[0] != '\0')
++        if (!auth_result && sic->ctx_sender[0] != '\0')
+ 	{
+ 		expl = NULL;
+ 		status = sid_marid_check(sic, SM_SCOPE_SPF, ip,
+@@ -2083,6 +2134,23 @@ mlfi_eom(SMFICTX *ctx)
+ 	}
+ 
+ 	/*
++	**  Put the status header in place.
++	*/
++
++	if (stathdr[0] != '\0' &&
++	    smfi_insheader(ctx, 1, AUTHRESULTSHDR, stathdr) != MI_SUCCESS)
++	{
++		if (dolog)
++		{
++			syslog(LOG_ERR, "%s smfi_insheader() failed",
++			       sic->ctx_jobid);
++		}
++
++		sid_msgcleanup(ctx);
++		return SMFIS_TEMPFAIL;
++	}
++
++	/*
+ 	**  Identify the filter, if requested.
+ 	*/
+ 
+@@ -2109,24 +2177,6 @@ mlfi_eom(SMFICTX *ctx)
+ 			return SMFIS_TEMPFAIL;
+ 		}
+ 	}
+-
+-	/*
+-	**  Put the status header in place.
+-	*/
+-
+-	if (stathdr[0] != '\0' &&
+-	    smfi_insheader(ctx, 1, AUTHRESULTSHDR, stathdr) != MI_SUCCESS)
+-	{
+-		if (dolog)
+-		{
+-			syslog(LOG_ERR, "%s %s() failed",
+-			       sic->ctx_jobid, ADDHEADERFUNCNAME);
+-		}
+-
+-		sid_msgcleanup(ctx);
+-		return SMFIS_TEMPFAIL;
+-	}
+-
+ 
+ 	sid_msgcleanup(ctx);
+ 
+@@ -2216,6 +2266,8 @@ mlfi_eom(SMFICTX *ctx)
+ 		}
+ 		break;
+ 	}
++        if (auth_result > 0)
++            ret = SMFIS_ACCEPT;
+ 
+ 	if (ret == SMFIS_REJECT && !testmode)
+ 	{
+
diff --git a/mail-filter/sid-milter/sid-milter-0.2.14.ebuild b/mail-filter/sid-milter/sid-milter-0.2.14.ebuild
index 85be509c33d0..c93c3741d668 100644
--- a/mail-filter/sid-milter/sid-milter-0.2.14.ebuild
+++ b/mail-filter/sid-milter/sid-milter-0.2.14.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/mail-filter/sid-milter/sid-milter-0.2.14.ebuild,v 1.1 2007/10/12 22:04:46 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/mail-filter/sid-milter/sid-milter-0.2.14.ebuild,v 1.2 2007/10/12 22:30:04 mrness Exp $
 
 inherit eutils toolchain-funcs
 
@@ -26,6 +26,13 @@ pkg_setup() {
 src_unpack() {
 	unpack "${A}"
 
+	cd "${S}" || die "source dir not found"
+
+	# Postfix queue ID patch. See MILTER_README.html#workarounds
+	epatch "${FILESDIR}/${P}-postfix-queueID.patch"
+
+	epatch "${FILESDIR}/${P}-auth.patch"
+
 	sed -e "s:@@CFLAGS@@:${CFLAGS}:" \
 		"${FILESDIR}/gentoo.config.m4" > "${S}/devtools/Site/site.config.m4" \
 		|| die "failed to generate site.config.m4"
author	Alin Năstac <mrness@gentoo.org>	2007-10-12 22:30:05 +0000
committer	Alin Năstac <mrness@gentoo.org>	2007-10-12 22:30:05 +0000
commit	c0f58d50e0677b150e9d7d6d8cc0fcc24f3a9dea (patch)
tree	84a813d375503df57584bf4ca920be4dc0b2c7fb /mail-filter
parent	version bump (diff)
download	historical-c0f58d50e0677b150e9d7d6d8cc0fcc24f3a9dea.tar.gz historical-c0f58d50e0677b150e9d7d6d8cc0fcc24f3a9dea.tar.bz2 historical-c0f58d50e0677b150e9d7d6d8cc0fcc24f3a9dea.zip