diff -crN postfix-2.0.18-20040122~/conf/sample-auth.cf postfix-2.0.18-20040122/conf/sample-auth.cf *** postfix-2.0.18-20040122~/conf/sample-auth.cf 2004-01-04 18:50:35.000000000 +0100 --- postfix-2.0.18-20040122/conf/sample-auth.cf 2004-02-04 23:35:29.000000000 +0100 *************** *** 75,80 **** --- 75,89 ---- # smtpd_sasl_application_name = smtpd + # The path where SASL will look for plugins. This is a colon separated + # list of directories where the SASL plugins shared objects are located. + # The first component of the path will also be the location of the SASL + # configuration file. The default value is the null string, which will + # use the path defined in the SASL library. + # + #smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2 + smtpd_sasl_path = + # The smtpd_sasl_local_domain parameter specifies the name of the # local authentication realm. # diff -crN postfix-2.0.18-20040122~/README_FILES/SASL_README postfix-2.0.18-20040122/README_FILES/SASL_README *** postfix-2.0.18-20040122~/README_FILES/SASL_README 2003-11-10 21:12:14.000000000 +0100 --- postfix-2.0.18-20040122/README_FILES/SASL_README 2004-02-04 23:34:37.000000000 +0100 *************** *** 69,75 **** IMPORTANT: if you install the Cyrus SASL libraries as per the default, you will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl for version 1.5.5 or /usr/lib/sasl2 -> /usr/local/lib/sasl2 for ! version 2.1.1. Reportedly, Microsoft Internet Explorer version 5 requires the non-standard SASL LOGIN authentication method. To enable this --- 69,76 ---- IMPORTANT: if you install the Cyrus SASL libraries as per the default, you will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl for version 1.5.5 or /usr/lib/sasl2 -> /usr/local/lib/sasl2 for ! version 2.1.1 or use the (smtpd|smtp|lmtp)_sasl_path parameter in ! main.cf. Reportedly, Microsoft Internet Explorer version 5 requires the non-standard SASL LOGIN authentication method. To enable this *************** *** 127,132 **** --- 128,142 ---- /usr/local/lib/sasl2/smtpd.conf (SASL version 2.1.1) you need to specify how the server should validate client passwords. + IMPORTANT: If you want to change the location of the sasl configuration file + or the path to the plugins you can use: + + /etc/postfix/main.cf: + smtpd_sasl_path = + + there are different parameters for smtpd, smtp and lmtp, for smtpd the first path + element also indicate the location for the configuration file. + IMPORTANT: If you configure SASL to use PAM (pluggable authentication modules) authentication, the Postfix SMTP server will abort because the SASL password file does not exist (default: /etc/sasldb in diff -crN postfix-2.0.18-20040122~/src/global/mail_params.h postfix-2.0.18-20040122/src/global/mail_params.h *** postfix-2.0.18-20040122~/src/global/mail_params.h 2004-01-17 16:04:00.000000000 +0100 --- postfix-2.0.18-20040122/src/global/mail_params.h 2004-02-04 23:36:27.000000000 +0100 *************** *** 912,917 **** --- 912,921 ---- #define DEF_SMTPD_SASL_APPNAME "smtpd" extern char *var_smtpd_sasl_appname; + #define VAR_SMTPD_SASL_PATH "smtpd_sasl_path" + #define DEF_SMTPD_SASL_PATH "" + extern char *var_smtpd_sasl_path; + #define VAR_SMTPD_SASL_REALM "smtpd_sasl_local_domain" #define DEF_SMTPD_SASL_REALM "" extern char *var_smtpd_sasl_realm; *************** *** 941,946 **** --- 945,954 ---- #define DEF_SMTP_SASL_OPTS "noplaintext, noanonymous" extern char *var_smtp_sasl_opts; + #define VAR_SMTP_SASL_PATH "smtp_sasl_path" + #define DEF_SMTP_SASL_PATH "" + extern char *var_smtp_sasl_path; + /* * LMTP server. The soft error limit determines how many errors an LMTP * client may make before we start to slow down; the hard error limit *************** *** 993,998 **** --- 1001,1010 ---- #define DEF_LMTPD_SASL_REALM "$myhostname" extern char *var_lmtpd_sasl_realm; + #define VAR_LMTPD_SASL_PATH "lmtpd_sasl_path" + #define DEF_LMTPD_SASL_PATH "" + extern char *var_lmtpd_sasl_path; + /* * SASL authentication support, LMTP client side. */ *************** *** 1008,1013 **** --- 1020,1029 ---- #define DEF_LMTP_SASL_OPTS "noplaintext, noanonymous" extern char *var_lmtp_sasl_opts; + #define VAR_LMTP_SASL_PATH "lmtp_sasl_path" + #define DEF_LMTP_SASL_PATH "" + extern char *var_lmtp_sasl_path; + /* * SASL-based relay etc. control. */ diff -crN postfix-2.0.18-20040122~/src/lmtp/lmtp.c postfix-2.0.18-20040122/src/lmtp/lmtp.c *** postfix-2.0.18-20040122~/src/lmtp/lmtp.c 2004-01-06 01:28:47.000000000 +0100 --- postfix-2.0.18-20040122/src/lmtp/lmtp.c 2004-02-04 23:34:37.000000000 +0100 *************** *** 117,122 **** --- 117,127 ---- /* .SH "Resource controls" /* .ad /* .fi + /* .IP \fBlmtp_sasl_path\fR + /* The path where SASL will look for plugins. This is a colon separated + /* list of directories where the SASL plugins shared objects are located. + /* The default value is the null string, which will use the path defined + /* in the SASL library. /* .IP \fBlmtp_cache_connection\fR /* Should we cache the connection to the LMTP server? The effectiveness /* of cached connections will be determined by the number of LMTP servers *************** *** 284,289 **** --- 289,295 ---- char *var_notify_classes; char *var_error_rcpt; char *var_lmtp_sasl_opts; + char *var_lmtp_sasl_path; char *var_lmtp_sasl_passwd; bool var_lmtp_sasl_enable; bool var_lmtp_send_xforward; *************** *** 544,549 **** --- 550,556 ---- VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0, VAR_LMTP_SASL_PASSWD, DEF_LMTP_SASL_PASSWD, &var_lmtp_sasl_passwd, 0, 0, VAR_LMTP_SASL_OPTS, DEF_LMTP_SASL_OPTS, &var_lmtp_sasl_opts, 0, 0, + VAR_LMTP_SASL_PATH, DEF_LMTP_SASL_PATH, &var_lmtp_sasl_path, 0, 0, 0, }; static CONFIG_INT_TABLE int_table[] = { diff -crN postfix-2.0.18-20040122~/src/lmtp/lmtp_sasl_glue.c postfix-2.0.18-20040122/src/lmtp/lmtp_sasl_glue.c *** postfix-2.0.18-20040122~/src/lmtp/lmtp_sasl_glue.c 2003-09-12 20:46:58.000000000 +0200 --- postfix-2.0.18-20040122/src/lmtp/lmtp_sasl_glue.c 2004-02-04 23:34:37.000000000 +0100 *************** *** 197,202 **** --- 197,208 ---- return (SASL_OK); } + static int lmtp_sasl_getpath(void * context, char ** path) + { + *path = strdup(var_lmtp_sasl_path); + return SASL_OK; + } + /* lmtp_sasl_get_user - username lookup call-back routine */ static int lmtp_sasl_get_user(void *context, int unused_id, const char **result, *************** *** 298,306 **** --- 304,318 ---- */ static sasl_callback_t callbacks[] = { {SASL_CB_LOG, &lmtp_sasl_log, 0}, + {SASL_CB_LIST_END, 0, 0} /* placeholder for SASL_CB_GETPATH */ {SASL_CB_LIST_END, 0, 0} }; + if ( *var_lmtp_sasl_path != 0 ) { + callbacks[sizeof(callbacks)/sizeof(sasl_callback_t) - 2].id = SASL_CB_GETPATH; + callbacks[sizeof(callbacks)/sizeof(sasl_callback_t) - 2].proc = &lmtp_sasl_getpath; + } + /* * Sanity check. */ diff -crN postfix-2.0.18-20040122~/src/smtp/smtp.c postfix-2.0.18-20040122/src/smtp/smtp.c *** postfix-2.0.18-20040122~/src/smtp/smtp.c 2004-01-20 18:52:16.000000000 +0100 --- postfix-2.0.18-20040122/src/smtp/smtp.c 2004-02-04 23:36:51.000000000 +0100 *************** *** 177,182 **** --- 177,187 ---- /* .SH "Resource controls" /* .ad /* .fi + /* .IP \fBsmtp_sasl_path\fR + /* The path where SASL will look for plugins. This is a colon separated + /* list of directories where the SASL plugins shared objects are located. + /* The default value is the null string, which will use the path defined + /* in the SASL library. /* .IP \fBsmtp_destination_concurrency_limit\fR /* Limit the number of parallel deliveries to the same destination. /* The default limit is taken from the *************** *** 319,324 **** --- 324,330 ---- int var_smtp_always_ehlo; int var_smtp_never_ehlo; char *var_smtp_sasl_opts; + char *var_smtp_sasl_path; char *var_smtp_sasl_passwd; bool var_smtp_sasl_enable; char *var_smtp_bind_addr; *************** *** 493,498 **** --- 499,505 ---- VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0, VAR_SMTP_SASL_PASSWD, DEF_SMTP_SASL_PASSWD, &var_smtp_sasl_passwd, 0, 0, VAR_SMTP_SASL_OPTS, DEF_SMTP_SASL_OPTS, &var_smtp_sasl_opts, 0, 0, + VAR_SMTP_SASL_PATH, DEF_SMTP_SASL_PATH, &var_smtp_sasl_path, 0, 0, VAR_SMTP_BIND_ADDR, DEF_SMTP_BIND_ADDR, &var_smtp_bind_addr, 0, 0, VAR_SMTP_HELO_NAME, DEF_SMTP_HELO_NAME, &var_smtp_helo_name, 1, 0, VAR_SMTP_HOST_LOOKUP, DEF_SMTP_HOST_LOOKUP, &var_smtp_host_lookup, 1, 0, diff -crN postfix-2.0.18-20040122~/src/smtp/smtp_sasl_glue.c postfix-2.0.18-20040122/src/smtp/smtp_sasl_glue.c *** postfix-2.0.18-20040122~/src/smtp/smtp_sasl_glue.c 2003-07-14 20:03:20.000000000 +0200 --- postfix-2.0.18-20040122/src/smtp/smtp_sasl_glue.c 2004-02-04 23:34:37.000000000 +0100 *************** *** 197,202 **** --- 197,208 ---- return (SASL_OK); } + static int smtp_sasl_getpath(void * context, char ** path) + { + *path = strdup(var_smtp_sasl_path); + return SASL_OK; + } + /* smtp_sasl_get_user - username lookup call-back routine */ static int smtp_sasl_get_user(void *context, int unused_id, const char **result, *************** *** 298,306 **** --- 304,318 ---- */ static sasl_callback_t callbacks[] = { {SASL_CB_LOG, &smtp_sasl_log, 0}, + {SASL_CB_LIST_END, 0, 0} /* placeholder for SASL_CB_GETPATH */ {SASL_CB_LIST_END, 0, 0} }; + if ( *var_smtp_sasl_path != 0 ) { + callbacks[sizeof(callbacks)/sizeof(sasl_callback_t) - 2].id = SASL_CB_GETPATH; + callbacks[sizeof(callbacks)/sizeof(sasl_callback_t) - 2].proc = &smtp_sasl_getpath; + } + /* * Sanity check. */ diff -crN postfix-2.0.18-20040122~/src/smtpd/smtpd.c postfix-2.0.18-20040122/src/smtpd/smtpd.c *** postfix-2.0.18-20040122~/src/smtpd/smtpd.c 2004-01-22 03:19:39.000000000 +0100 --- postfix-2.0.18-20040122/src/smtpd/smtpd.c 2004-02-04 23:34:37.000000000 +0100 *************** *** 122,127 **** --- 122,133 ---- /* controls the name of the SASL configuration file. The default /* value is \fIsmtpd\fR, corresponding to a SASL configuration file /* named \fIsmtpd.conf\fR. + /* .IP \fBsmtpd_sasl_path\fR + /* The path where SASL will look for plugins. This is a colon separated + /* list of directories where the SASL plugins shared objects are located. + /* The first component of the path will also be the location of the SASL + /* configuration file. The default value is the null string, which will + /* use the path defined in the SASL library. /* .IP \fBsmtpd_sasl_local_domain\fR /* The name of the local authentication realm. /* .IP \fBsmtpd_sasl_security_options\fR *************** *** 539,544 **** --- 545,551 ---- bool var_smtpd_sasl_enable; char *var_smtpd_sasl_opts; char *var_smtpd_sasl_appname; + char *var_smtpd_sasl_path; char *var_smtpd_sasl_realm; char *var_smtpd_sasl_exceptions_networks; char *var_filter_xport; *************** *** 2545,2550 **** --- 2552,2558 ---- VAR_LOCAL_RCPT_MAPS, DEF_LOCAL_RCPT_MAPS, &var_local_rcpt_maps, 0, 0, VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts, 0, 0, VAR_SMTPD_SASL_APPNAME, DEF_SMTPD_SASL_APPNAME, &var_smtpd_sasl_appname, 1, 0, + VAR_SMTPD_SASL_PATH, DEF_SMTPD_SASL_PATH, &var_smtpd_sasl_path, 0, 0, VAR_SMTPD_SASL_REALM, DEF_SMTPD_SASL_REALM, &var_smtpd_sasl_realm, 0, 0, VAR_SMTPD_SASL_EXCEPTIONS_NETWORKS, DEF_SMTPD_SASL_EXCEPTIONS_NETWORKS, &var_smtpd_sasl_exceptions_networks, 0, 0, VAR_FILTER_XPORT, DEF_FILTER_XPORT, &var_filter_xport, 0, 0, diff -crN postfix-2.0.18-20040122~/src/smtpd/smtpd_sasl_glue.c postfix-2.0.18-20040122/src/smtpd/smtpd_sasl_glue.c *** postfix-2.0.18-20040122~/src/smtpd/smtpd_sasl_glue.c 2004-01-04 18:52:42.000000000 +0100 --- postfix-2.0.18-20040122/src/smtpd/smtpd_sasl_glue.c 2004-02-04 23:34:37.000000000 +0100 *************** *** 181,186 **** --- 181,192 ---- return SASL_OK; } + static int smtpd_sasl_getpath(void * context, char ** path) + { + *path = strdup(var_smtpd_sasl_path); + return SASL_OK; + } + /* * SASL callback interface structure. These call-backs have no per-session * context. *************** *** 189,194 **** --- 195,201 ---- static sasl_callback_t callbacks[] = { {SASL_CB_LOG, &smtpd_sasl_log, NO_CALLBACK_CONTEXT}, + {SASL_CB_LIST_END, 0, NO_CALLBACK_CONTEXT} /* placeholder for SASL_CB_GETPATH */ {SASL_CB_LIST_END, 0, 0} }; *************** *** 208,213 **** --- 215,225 ---- void smtpd_sasl_initialize(void) { + if ( *var_smtpd_sasl_path != 0 ) { + callbacks[sizeof(callbacks)/sizeof(sasl_callback_t) - 2].id = SASL_CB_GETPATH; + callbacks[sizeof(callbacks)/sizeof(sasl_callback_t) - 2].proc = &smtpd_sasl_getpath; + } + /* * Initialize the library: load SASL plug-in routines, etc. */