Phil Pennock [Sat, 31 Mar 2012 10:10:54 +0000 (03:10 -0700)]
fix gsasl / cyrus claims
Point 1 for 4.78 said gsasl could *not* be used to replace cyrus.
This was obsoleted by point 5.
Remove claim from point 1, add additional note to point 5.
Phil Pennock [Fri, 30 Mar 2012 20:52:17 +0000 (13:52 -0700)]
Handle alternate access method flag in ls.
Jeremy Harris found ls output not parsing on SELinux systems. I
identified this as SUSv3's "optional alternate access method flag".
Jeremy wrote the patch, I adjusted a little.
Phil Pennock [Fri, 17 Feb 2012 13:01:10 +0000 (08:01 -0500)]
Use gsskrb5_register_acceptor_identity
Drop the OID and pseudo-standard GSSAPI extension mechanism.
Found Heimdal-specific API call I needed, works great.
gsskrb5_register_acceptor_identity(filename)
Phil Pennock [Mon, 6 Feb 2012 01:36:51 +0000 (20:36 -0500)]
More bug-fixes, GSASL DIGEST-MD5 now works.
Defined helper streqic() since I seem tired enough to be forgetting ==0 checks.
Deal with left-over-data-to-send correctly.
Now tested with PLAIN, CRAM-MD5, DIGEST-MD5.
For DIGEST-MD5, check for server_realm, since GSASL doesn't error out without it.
Phil Pennock [Sat, 4 Feb 2012 07:26:27 +0000 (02:26 -0500)]
Various SASL fixes.
Export $tls_bits new expansion variable (not yet documented).
Fix tls-gnu.c so that ciphername string construction uses bit-count, not byte-count.
Avoid hard-coding primary_hostname in first call to init Cyrus SASL.
Cast fix for function pointer (Cyrus-SASL uses void params in struct entry funcptr, so need to cast).
Many more debug statements in cyrus_sasl.c
Pass external SSF from TLS cipher into Cyrus SASL initialisation.
Detect when we can't get an identity from SASL properties (error out correctly).
Detect when SASL negotiated a protection layer and error out, since we do not support those.
Phil Pennock [Mon, 3 Oct 2011 23:16:36 +0000 (19:16 -0400)]
source referenced version.sh file always
Tested for version.sh in cwd, but used . to source, assuming that
would pull in file from cwd. True on BSD (checked after $PATH) but
not part of POSIX and not true for bash when in POSIX mode.
Phil Pennock [Mon, 5 Sep 2011 20:08:19 +0000 (16:08 -0400)]
ssize_t for mime.c
mime_decode_*() functions can return -1 for error, which would be lost when assigning to unsigned int.
Sprinkled ssize_t across function return types and result variables.
Phil Pennock [Sat, 27 Aug 2011 18:58:44 +0000 (11:58 -0700)]
Raise smtp_cmd_buffer_size to 16384.
Needed to interoperate with SASL commands containing a large
initial-response; in practice, GSSAPI with authorisation data, such as
in a Windows domain.
Tony Finch [Tue, 7 Jun 2011 15:48:44 +0000 (16:48 +0100)]
exiwhat: Ensure the SIGUSR1 signal handler is safe.
exiwhat sends a SIGUSR1 to all exim processes to make them write
their status to the process log. This is all done in the signal
handler, but the logging code makes a number of calls that are not
signal safe. These can all cause crashes or recursive locking in
libc.
Firstly, obtaining and formatting the timestamp is not safe.
Doing so is unnecessary since exiwhat strips off the timestamp.
This change removes timestamps from the process log.
Secondly, exim closes all the logs after writing the process
log. Closing syslog is not signal safe, and isn't necessary.
We now only close the process log after writing to it.
Thirdly, exim may calculate the process_log_path inside the signal
handler which involves some possibly-unsafe string handling code.
This change calculates the path when reading the configuration.
Fourthly, when exim creates the process log file it might have to
call the unsafe directory_create() though this is unlikely in
practice. After this change exim only calls log_create() in a
subprocess which is safe - it sometimes needs to do so anyway, if
it is running as root and needs to drop privileges.
The new code has no process log handling in log.c which eliminates
some awkward special cases. It uses very simple code to write to
the file in the signal handler, so it is obviously safe by inspection.
Phil Pennock [Thu, 5 May 2011 01:41:58 +0000 (21:41 -0400)]
Fix compile of exim_monitor
The "Compiler masochism compliance" patch changed the log_write()
prototype to use "const char *" instead of "char *"; I don't have X11 on
my main box, so neglected to handle exim_monitor's duplicate definition
of log_write().