From c3776b59fcd19c3d6b544edbd31386cf66900d31 Mon Sep 17 00:00:00 2001 From: Clinton Ebadi Date: Sun, 4 Oct 2009 17:54:19 -0400 Subject: [PATCH] merge hcoop authentication changes --- conf.d/auth/30_exim4-config_examples | 99 ++++++++++++++++++---------- 1 file changed, 65 insertions(+), 34 deletions(-) diff --git a/conf.d/auth/30_exim4-config_examples b/conf.d/auth/30_exim4-config_examples index 13853da..576d260 100644 --- a/conf.d/auth/30_exim4-config_examples +++ b/conf.d/auth/30_exim4-config_examples @@ -210,6 +210,35 @@ cram_md5: client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}} client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}} +# hcoop-change: Authenticate against either /etc/courier/exim.dat or +# SASL for plain and login authenticators + +hcoop_plain: + driver = plaintext + public_name = PLAIN + server_prompts = : + server_condition = \ + ${if or {{crypteq {$auth3} \ + {${extract{systempw}{${tr{${lookup{$auth2} \ + dbm{/etc/courier/exim.dat} \ + }}{|}{ }}}}}} \ + {saslauthd {{$auth2}{$auth3}{exim4}}}}} + server_set_id = $auth2 + server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} + +hcoop_login: + driver = plaintext + public_name = LOGIN + server_prompts = "Username:: : Password::" + server_condition = \ + ${if or {{crypteq {$auth2} \ + {${extract{systempw}{${tr{${lookup{$auth1} \ + dbm{/etc/courier/exim.dat} \ + }}{|}{ }}}}}} \ + {saslauthd {{$auth1}{$auth2}{exim4}}}}} + server_set_id = $auth1 + server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} + # this returns the matching line from passwd.client and doubles all ^ PASSWDLINE=${sg{\ ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\ @@ -218,37 +247,39 @@ PASSWDLINE=${sg{\ {^^}\ } -plain: - driver = plaintext - public_name = PLAIN -.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS - client_send = "<; ${if !eq{$tls_cipher}{}\ - {^${extract{1}{:}{PASSWDLINE}}\ - ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\ - }fail}" -.else - client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\ - ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}" -.endif - -login: - driver = plaintext - public_name = LOGIN -.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS - # Return empty string if not non-TLS AND looking up $host in passwd-file - # yields a non-empty string; fail otherwise. - client_send = "<; ${if and{\ - {!eq{$tls_cipher}{}}\ - {!eq{PASSWDLINE}{}}\ - }\ - {}fail}\ - ; ${extract{1}{::}{PASSWDLINE}}\ - ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}" -.else - # Return empty string if looking up $host in passwd-file yields a - # non-empty string; fail otherwise. - client_send = "<; ${if !eq{PASSWDLINE}{}\ - {}fail}\ - ; ${extract{1}{::}{PASSWDLINE}}\ - ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}" -.endif +# hcoop-change: Comment out plain and login authenticators + +# plain: +# driver = plaintext +# public_name = PLAIN +# .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS +# client_send = "<; ${if !eq{$tls_cipher}{}\ +# {^${extract{1}{:}{PASSWDLINE}}\ +# ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\ +# }fail}" +# .else +# client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\ +# ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}" +# .endif + +# login: +# driver = plaintext +# public_name = LOGIN +# .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS +# # Return empty string if not non-TLS AND looking up $host in passwd-file +# # yields a non-empty string; fail otherwise. +# client_send = "<; ${if and{\ +# {!eq{$tls_cipher}{}}\ +# {!eq{PASSWDLINE}{}}\ +# }\ +# {}fail}\ +# ; ${extract{1}{::}{PASSWDLINE}}\ +# ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}" +# .else +# # Return empty string if looking up $host in passwd-file yields a +# # non-empty string; fail otherwise. +# client_send = "<; ${if !eq{PASSWDLINE}{}\ +# {}fail}\ +# ; ${extract{1}{::}{PASSWDLINE}}\ +# ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}" +# .endif -- 2.20.1