From: Wietse Venema Date: Sat, 26 Nov 2011 05:00:00 +0000 (-0500) Subject: postfix-2.9-20111126 X-Git-Tag: v2.9.0-RC1~20 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cf1b81fbe85c346c76eb505dfe3cc6f4e9f2bd44;p=thirdparty%2Fpostfix.git postfix-2.9-20111126 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index f8523f346..7636fe581 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -17157,3 +17157,12 @@ Apologies for any names omitted. postconf/postconf_node.c, postconf/postconf_other.c, postconf/postconf_service.c postconf/postconf_unused.c, postconf/postconf_user.c, postconf/postconf.h. + +20111126 + + Bitrot: changes in error reporting to the under-documented + OpenLDAP API. Problem reported by Quanah Gibson-Mount. Fix + by Viktor Dukhovni. File: global/dict_ldap.c. + + Cleanup: four-space indentation had become a tab character. + File: postconf/postconf.h. diff --git a/postfix/src/global/dict_ldap.c b/postfix/src/global/dict_ldap.c index 57be7dfec..0a5bb53b9 100644 --- a/postfix/src/global/dict_ldap.c +++ b/postfix/src/global/dict_ldap.c @@ -225,6 +225,7 @@ #include "mail_conf.h" #if defined(USE_LDAP_SASL) && defined(LDAP_API_FEATURE_X_OPENLDAP) + /* * SASL headers, for sasl_interact_t. Either SASL v1 or v2 should be fine. */ @@ -242,13 +243,13 @@ #define DICT_LDAP_DO_SASL(d) ((d)->bind == DICT_LDAP_BIND_SASL) static const NAME_CODE bindopt_table[] = { - CONFIG_BOOL_NO, DICT_LDAP_BIND_NONE, - "none", DICT_LDAP_BIND_NONE, - CONFIG_BOOL_YES, DICT_LDAP_BIND_SIMPLE, - "simple", DICT_LDAP_BIND_SIMPLE, + CONFIG_BOOL_NO, DICT_LDAP_BIND_NONE, + "none", DICT_LDAP_BIND_NONE, + CONFIG_BOOL_YES, DICT_LDAP_BIND_SIMPLE, + "simple", DICT_LDAP_BIND_SIMPLE, #ifdef LDAP_API_FEATURE_X_OPENLDAP #if defined(USE_LDAP_SASL) - "sasl", DICT_LDAP_BIND_SASL, + "sasl", DICT_LDAP_BIND_SASL, #endif #endif 0, -1, @@ -292,9 +293,9 @@ typedef struct { #ifdef LDAP_API_FEATURE_X_OPENLDAP #if defined(USE_LDAP_SASL) int sasl; - char *sasl_mechs; - char *sasl_realm; - char *sasl_authz; + char *sasl_mechs; + char *sasl_realm; + char *sasl_authz; int sasl_minssf; #endif int ldap_ssl; @@ -451,28 +452,26 @@ static int dict_ldap_set_errno(LDAP *ld, int rc) } #if defined(USE_LDAP_SASL) && defined(LDAP_API_FEATURE_X_OPENLDAP) + /* * Context structure for SASL property callback. */ typedef struct bind_props { - char *authcid; - char *passwd; - char *realm; - char *authzid; -} bind_props; - -static int -ldap_b2_interact(LDAP *ld, unsigned flags, void *props, void *inter) + char *authcid; + char *passwd; + char *realm; + char *authzid; +} bind_props; + +static int ldap_b2_interact(LDAP *ld, unsigned flags, void *props, void *inter) { sasl_interact_t *in; - bind_props *ctx = (bind_props *)props; + bind_props *ctx = (bind_props *) props; - for (in = inter; in->id != SASL_CB_LIST_END; in++) - { + for (in = inter; in->id != SASL_CB_LIST_END; in++) { in->result = NULL; - switch(in->id) - { + switch (in->id) { case SASL_CB_GETREALM: in->result = ctx->realm; break; @@ -491,6 +490,7 @@ ldap_b2_interact(LDAP *ld, unsigned flags, void *props, void *inter) } return LDAP_SUCCESS; } + #endif /* dict_ldap_result - Read and parse LDAP result */ @@ -498,6 +498,7 @@ ldap_b2_interact(LDAP *ld, unsigned flags, void *props, void *inter) static int dict_ldap_result(LDAP *ld, int msgid, int timeout, LDAPMessage **res) { struct timeval mytimeval; + int err; mytimeval.tv_sec = timeout; mytimeval.tv_usec = 0; @@ -506,9 +507,12 @@ static int dict_ldap_result(LDAP *ld, int msgid, int timeout, LDAPMessage **res) if (ldap_result(ld, msgid, GET_ALL, &mytimeval, res) == -1) return (dict_ldap_get_errno(ld)); - if (dict_ldap_get_errno(ld) == LDAP_TIMEOUT) { - (void) dict_ldap_abandon(ld, msgid); - return (dict_ldap_set_errno(ld, LDAP_TIMEOUT)); + if ((err = dict_ldap_get_errno(ld)) != LDAP_SUCCESS) { + if (err == LDAP_TIMEOUT) { + (void) dict_ldap_abandon(ld, msgid); + return (dict_ldap_set_errno(ld, LDAP_TIMEOUT)); + } + return err; } return LDAP_SUCCESS; } @@ -529,7 +533,7 @@ static int dict_ldap_bind_sasl(DICT_LDAP *dict_ldap) vstring_sprintf(minssf, "minssf=%d", dict_ldap->sasl_minssf); if ((rc = ldap_set_option(dict_ldap->ld, LDAP_OPT_X_SASL_SECPROPS, - (char *) minssf)) != LDAP_OPT_SUCCESS) + (char *) minssf)) != LDAP_OPT_SUCCESS) return (rc); props.authcid = dict_ldap->bind_dn; @@ -538,13 +542,14 @@ static int dict_ldap_bind_sasl(DICT_LDAP *dict_ldap) props.authzid = dict_ldap->sasl_authz; if ((rc = ldap_sasl_interactive_bind_s(dict_ldap->ld, NULL, - dict_ldap->sasl_mechs, NULL, NULL, - LDAP_SASL_QUIET, ldap_b2_interact, - &props)) != LDAP_SUCCESS) + dict_ldap->sasl_mechs, NULL, NULL, + LDAP_SASL_QUIET, ldap_b2_interact, + &props)) != LDAP_SUCCESS) return (rc); return (LDAP_SUCCESS); } + #endif /* dict_ldap_bind_st - Synchronous simple auth with timeout */ @@ -552,6 +557,7 @@ static int dict_ldap_bind_sasl(DICT_LDAP *dict_ldap) static int dict_ldap_bind_st(DICT_LDAP *dict_ldap) { int rc; + int err = LDAP_SUCCESS; int msgid; LDAPMessage *res; struct berval cred; @@ -567,7 +573,8 @@ static int dict_ldap_bind_st(DICT_LDAP *dict_ldap) return (rc); #define FREE_RESULT 1 - return (ldap_parse_sasl_bind_result(dict_ldap->ld, res, 0, FREE_RESULT)); + rc = ldap_parse_result(dict_ldap->ld, res, &err, 0, 0, 0, 0, FREE_RESULT); + return (rc == LDAP_SUCCESS ? err : rc); } /* search_st - Synchronous search with timeout */ @@ -868,6 +875,7 @@ static int dict_ldap_connect(DICT_LDAP *dict_ldap) #define DN_LOG_VAL(dict_ldap) \ ((dict_ldap)->bind_dn[0] ? (dict_ldap)->bind_dn : "empty or implicit") + /* * If this server requires a bind, do so. Thanks to Sam Tardieu for * noticing that the original bind call was broken. @@ -1873,6 +1881,7 @@ DICT *dict_ldap_open(const char *ldapsource, int dummy, int dict_flags) #ifdef LDAP_API_FEATURE_X_OPENLDAP #if defined(USE_LDAP_SASL) + /* * SASL options */ diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index caa41ebfa..c0c7842b0 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20111125" +#define MAIL_RELEASE_DATE "20111126" #define MAIL_VERSION_NUMBER "2.9" #ifdef SNAPSHOT diff --git a/postfix/src/postconf/postconf.h b/postfix/src/postconf/postconf.h index b5ec355dc..f2003d504 100644 --- a/postfix/src/postconf/postconf.h +++ b/postfix/src/postconf/postconf.h @@ -106,7 +106,7 @@ PC_MASTER_ENT *master_table; #define LINE_LIMIT 80 /* try to fold longer lines */ #define SEPARATORS " \t\r\n" #define INDENT_LEN 4 /* indent long text by 4 */ -#define INDENT_TEXT " " +#define INDENT_TEXT " " /* * XXX Global so that postconf_builtin.c call-backs can see it.