#ifdef CYRUS_SASL
#include <sasl/sasl.h>
#include <sasl/saslutil.h>
+# if SASL_VERSION_FULL < 0x020125
+ /* Cyrus SASL 2.1.25 introduced the sasl_callback_ft prototype,
+ which has an explicit void parameter list, according to best
+ practice. So we need to cast to avoid compile warnings.
+ Provide this prototype for earlier versions. */
+ typedef int (*sasl_callback_ft)();
+# endif /* SASL_VERSION_FULL < 0x020125 */
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
static int sm_get_pass(sasl_conn_t *, void *, int, sasl_secret_t **);
static sasl_callback_t callbacks[] = {
- { SASL_CB_USER, sm_get_user, NULL },
+ { SASL_CB_USER, (sasl_callback_ft) sm_get_user, NULL },
#define SM_SASL_N_CB_USER 0
- { SASL_CB_PASS, sm_get_pass, NULL },
+ { SASL_CB_PASS, (sasl_callback_ft) sm_get_pass, NULL },
#define SM_SASL_N_CB_PASS 1
- { SASL_CB_AUTHNAME, sm_get_user, NULL },
+ { SASL_CB_AUTHNAME, (sasl_callback_ft) sm_get_user, NULL },
#define SM_SASL_N_CB_AUTHNAME 2
{ SASL_CB_LIST_END, NULL, NULL },
};
* Function prototypes needed for SASL
*/
-static int sm_auth_sasl(char *, char *, char *);
+static int sm_auth_sasl(char *, int, char *, char *);
#endif /* CYRUS_SASL */
int
sm_init (char *client, char *server, char *port, int watch, int verbose,
- int debug, int onex, int queued, int sasl, char *saslmech,
- char *user, int tls)
+ int debug, int queued, int sasl, int saslssf,
+ char *saslmech, char *user, int tls)
{
if (sm_mts == MTS_SMTP)
return smtp_init (client, server, port, watch, verbose,
- debug, onex, queued, sasl, saslmech, user, tls);
+ debug, queued, sasl, saslssf, saslmech,
+ user, tls);
else
return sendmail_init (client, server, watch, verbose,
- debug, onex, queued, sasl, saslmech, user);
+ debug, queued, sasl, saslssf, saslmech,
+ user);
}
static int
smtp_init (char *client, char *server, char *port, int watch, int verbose,
- int debug, int onex, int queued,
- int sasl, char *saslmech, char *user, int tls)
+ int debug, int queued,
+ int sasl, int saslssf, char *saslmech, char *user, int tls)
{
+ int result, sd1, sd2;
#ifdef CYRUS_SASL
char *server_mechs;
#else /* CYRUS_SASL */
NMH_UNUSED (sasl);
+ NMH_UNUSED (saslssf);
NMH_UNUSED (saslmech);
NMH_UNUSED (user);
#endif /* CYRUS_SASL */
- int result, sd1, sd2;
if (watch)
verbose = TRUE;
*/
if (! sslctx) {
- SSL_METHOD *method;
+ const SSL_METHOD *method;
SSL_library_init();
SSL_load_error_strings();
}
if (sm_debug) {
- SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
+ const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
printf("SSL negotiation successful: %s(%d) %s\n",
SSL_CIPHER_get_name(cipher),
SSL_CIPHER_get_bits(cipher, NULL),
saslmech, server_mechs);
}
- if (sm_auth_sasl(user, saslmech ? saslmech : server_mechs,
+ if (sm_auth_sasl(user, saslssf, saslmech ? saslmech : server_mechs,
server) != RP_OK) {
sm_end(NOTOK);
return NOTOK;
send_options: ;
if (watch && EHLOset ("XVRB"))
smtalk (SM_HELO, "VERB on");
- if (onex && EHLOset ("XONE"))
- smtalk (SM_HELO, "ONEX");
if (queued && EHLOset ("XQUE"))
smtalk (SM_HELO, "QUED");
int
sendmail_init (char *client, char *server, int watch, int verbose,
- int debug, int onex, int queued,
- int sasl, char *saslmech, char *user)
+ int debug, int queued,
+ int sasl, int saslssf, char *saslmech, char *user)
{
+ unsigned int i, result, vecp;
+ int pdi[2], pdo[2];
+ char *vec[15];
#ifdef CYRUS_SASL
char *server_mechs;
#else /* CYRUS_SASL */
NMH_UNUSED (server);
NMH_UNUSED (sasl);
+ NMH_UNUSED (saslssf);
NMH_UNUSED (saslmech);
NMH_UNUSED (user);
#endif /* CYRUS_SASL */
- unsigned int i, result, vecp;
- int pdi[2], pdo[2];
- char *vec[15];
if (watch)
verbose = TRUE;
vec[vecp++] = watch ? "-odi" : queued ? "-odq" : "-odb";
vec[vecp++] = "-oem";
vec[vecp++] = "-om";
-# ifndef RAND
if (verbose)
vec[vecp++] = "-ov";
-# endif /* not RAND */
vec[vecp++] = NULL;
setgid (getegid ());
saslmech, server_mechs);
}
- if (sm_auth_sasl(user, saslmech ? saslmech : server_mechs,
+ if (sm_auth_sasl(user, saslssf, saslmech ? saslmech : server_mechs,
server) != RP_OK) {
sm_end(NOTOK);
return NOTOK;
}
#endif /* CYRUS_SASL */
- if (onex)
- smtalk (SM_HELO, "ONEX");
if (watch)
smtalk (SM_HELO, "VERB on");
}
int
-sm_winit (int mode, char *from)
+sm_winit (char *from)
{
- char *smtpcom = NULL;
-
- switch (mode) {
- case S_MAIL:
- smtpcom = "MAIL";
- break;
-
- case S_SEND:
- smtpcom = "SEND";
- break;
-
- case S_SOML:
- smtpcom = "SOML";
- break;
-
- case S_SAML:
- smtpcom = "SAML";
- break;
-
- default:
- /* Hopefully, we do not get here. */
- break;
- }
-
- switch (smtalk (SM_MAIL, "%s FROM:<%s>", smtpcom, from)) {
+ switch (smtalk (SM_MAIL, "MAIL FROM:<%s>", from)) {
case 250:
sm_addrs = 0;
return RP_OK;
int status;
struct smtp sm_note;
- if (sm_mts == MTS_SENDMAIL) {
+ if (sm_mts == MTS_SENDMAIL_SMTP) {
switch (sm_child) {
case NOTOK:
case OK:
* (optionally) negotiated a security layer.
*/
static int
-sm_auth_sasl(char *user, char *mechlist, char *inhost)
+sm_auth_sasl(char *user, int saslssf, char *mechlist, char *inhost)
{
int result, status;
unsigned int buflen, outlen;
memset(&secprops, 0, sizeof(secprops));
secprops.maxbufsize = SASL_MAXRECVBUF;
- secprops.max_ssf = tls_active ? 0 : UINT_MAX;
+ secprops.max_ssf =
+ tls_active ? 0 : (saslssf != -1 ? (unsigned int) saslssf : UINT_MAX);
result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops);
sm_get_pass(sasl_conn_t *conn, void *context, int id,
sasl_secret_t **psecret)
{
- NMH_UNUSED (conn);
-
char **pw_context = (char **) context;
char *pass = NULL;
int len;
+ NMH_UNUSED (conn);
+
if (! psecret || id != SASL_CB_PASS)
return SASL_BADPARAM;
buffer[*len = 0] = 0;
if ((retval = sm_fgets (buffer, BUFSIZ, sm_rfp)) != RP_OK)
- return retval;
+ return sm_rerror (retval);
*len = strlen (buffer);
/* *len should be >0 except on EOF, but check for safety's sake */
if (*len == 0)
projects / mmh / blobdiff