From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Sun Dec 02 2007 - 13:58:06 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Dec 02, 2007 at 08:43:16AM +0000, Keean Schupke wrote:

> --- postfix-2.4.5.orig/conf/master.cf 2007-11-22 09:25:13.000000000 +0000
> +++ postfix-2.4.5/conf/master.cf 2007-12-01 21:00:11.000000000 +0000
> -24,10 +24,12
> rewrite unix - - - - - trivial-rewrite
> bounce unix - - - - 0 bounce
> defer unix - - - - 0 bounce
> trace unix - - - - 0 bounce
> verify unix - - - - 1 verify
> +auth_cache unix - - - - 1 cache
> + -o cache_map = $smtp_sasl_auth_cache_map

You don't need to resubmit the patch just for this, but master.cf does not
support whitespace in "-o" arguments. Should be:

    + -o cache_map=$smtp_sasl_auth_cache_map

> +++ postfix-2.4.5/src/cache/cache.c 2007-12-01 21:43:07.000000000 +0000
> -0,0 +1,237
> +/* System library. */

Someone needs to write a manpage for the cache(8) service. This is built
from comments at the top of the cache.c file. We probably also need new
%PARAM doc bits for proto/postconf.proto.

> +#define CACHE_DICT_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE)
> +
> + if (*var_cache_map) {
> + saved_mask = umask(022);
> + cache_map = dict_open(var_cache_map,
> + O_CREAT | O_RDWR,
> + CACHE_DICT_OPEN_FLAGS);
> + (void) umask(saved_mask);

Despite the SHA-1 hash (which is important, but not sufficient) the table
keys enable off-line dictionary attacks on the password (if one knows the
nexthop and username). So the table file "mode" should be 0600, not 0644.
So the appropriate umask is 077, not 022.

> + cache_map = dict_ht_open("verify", htable_create(0), myfree);

Should this say "cache" rather than "verify"?

> +static void smtp_sasl_make_cache_key(VSTRING *buf,const char *host,
> + const char *user,const char *pass)
> +{
> + VSTRING *tmp = vstring_alloc(10);
> +
> + vstring_sprintf(tmp,"%s;%s;%s",host,user,pass);
> + base64_encode(buf,(const char*)SHA1((unsigned char*)STR(tmp),
> + (unsigned long)VSTRING_LEN(tmp),0),SHA_DIGEST_LENGTH);
> + vstring_free(tmp);
> +}

So this feature depends on OpenSSL's libcrypto. How should that be
handled in makedefs? (Question for Wietse I think).

Anyway, this is probably enough for now in terms of patches, the key
question at this point is whether this should be adopted. Wietse?

Is this the right problem and the right solution? Once that's settled,
you can post the final patch (combining both the soft_bounce and the
auth_cache features) to postfix-devel (this one still has a few bits
of soft_bounce in it).

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]