merge hcoop authentication changes

diff --git a/conf.d/auth/30_exim4-config_examples b/conf.d/auth/30_exim4-config_examples
index 13853da..576d260 100644 (file)
--- a/conf.d/auth/30_exim4-config_examples
+++ b/conf.d/auth/30_exim4-config_examples
@@ -210,6 +210,35 @@ cram_md5:
   client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
   client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
 
   client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
   client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
 

+# hcoop-change: Authenticate against either /etc/courier/exim.dat or
+# SASL for plain and login authenticators
+
+hcoop_plain:
+  driver = plaintext
+  public_name = PLAIN
+  server_prompts = :
+  server_condition = \
+    ${if or {{crypteq {$auth3} \
+                      {${extract{systempw}{${tr{${lookup{$auth2} \
+                                 dbm{/etc/courier/exim.dat} \
+                           }}{|}{ }}}}}} \
+             {saslauthd {{$auth2}{$auth3}{exim4}}}}}
+  server_set_id = $auth2
+  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
+
+hcoop_login:
+  driver = plaintext
+  public_name = LOGIN
+  server_prompts = "Username:: : Password::"
+  server_condition = \
+    ${if or {{crypteq {$auth2} \
+                      {${extract{systempw}{${tr{${lookup{$auth1} \
+                                 dbm{/etc/courier/exim.dat} \
+                           }}{|}{ }}}}}} \
+             {saslauthd {{$auth1}{$auth2}{exim4}}}}}
+  server_set_id = $auth1
+  server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
+

 # this returns the matching line from passwd.client and doubles all ^
 PASSWDLINE=${sg{\
                 ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
 # this returns the matching line from passwd.client and doubles all ^
 PASSWDLINE=${sg{\
                 ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\


@@ -218,37 +247,39 @@ PASSWDLINE=${sg{\
                {^^}\
            }
 
                {^^}\
            }
 

-plain:
-  driver = plaintext
-  public_name = PLAIN
-.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
-  client_send = "<; ${if !eq{$tls_cipher}{}\
-                    {^${extract{1}{:}{PASSWDLINE}}\
-                    ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
-                  }fail}"
-.else
-  client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
-                   ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
-.endif
-
-login:
-  driver = plaintext
-  public_name = LOGIN
-.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
-  # Return empty string if not non-TLS AND looking up $host in passwd-file
-  # yields a non-empty string; fail otherwise.
-  client_send = "<; ${if and{\
-                          {!eq{$tls_cipher}{}}\
-                          {!eq{PASSWDLINE}{}}\
-                         }\
-                      {}fail}\
-                 ; ${extract{1}{::}{PASSWDLINE}}\
-                ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
-.else
-  # Return empty string if looking up $host in passwd-file yields a
-  # non-empty string; fail otherwise.
-  client_send = "<; ${if !eq{PASSWDLINE}{}\
-                      {}fail}\
-                 ; ${extract{1}{::}{PASSWDLINE}}\
-                ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
-.endif
+# hcoop-change: Comment out plain and login authenticators
+
+# plain:
+#   driver = plaintext
+#   public_name = PLAIN
+# .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
+#   client_send = "<; ${if !eq{$tls_cipher}{}\
+#                     {^${extract{1}{:}{PASSWDLINE}}\
+#                   ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
+#                 }fail}"
+# .else
+#   client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
+#                  ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
+# .endif
+
+# login:
+#   driver = plaintext
+#   public_name = LOGIN
+# .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
+#   # Return empty string if not non-TLS AND looking up $host in passwd-file
+#   # yields a non-empty string; fail otherwise.
+#   client_send = "<; ${if and{\
+#                           {!eq{$tls_cipher}{}}\
+#                           {!eq{PASSWDLINE}{}}\
+#                          }\
+#                       {}fail}\
+#                  ; ${extract{1}{::}{PASSWDLINE}}\
+#               ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
+# .else
+#   # Return empty string if looking up $host in passwd-file yields a
+#   # non-empty string; fail otherwise.
+#   client_send = "<; ${if !eq{PASSWDLINE}{}\
+#                       {}fail}\
+#                  ; ${extract{1}{::}{PASSWDLINE}}\
+#               ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
+# .endif