Compare commits
35 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
92e5ee1d37 | ||
|
|
23861b3929 | ||
|
|
9d5bfd100c | ||
|
|
a410538c46 | ||
|
23bb7279ff | ||
|
|
46c0ff966f | ||
|
ce9db32f70 | ||
|
|
1b30785ce5 | ||
|
|
c7cc256e1a | ||
|
|
4c4f414ae9 | ||
|
|
dc0e5473d5 | ||
|
|
307379e463 | ||
|
185ca6506a | ||
|
|
3addd9914f | ||
|
|
87cbd4abfc | ||
|
|
b2ca856c57 | ||
|
|
4c53342947 | ||
|
|
3df7c90635 | ||
|
|
209b81316b | ||
|
5d20de636b | ||
|
|
6f7ee4008d | ||
|
5abbf370d5 | ||
|
|
fa1cc5039f | ||
|
341d1956fc | ||
|
|
e757cf8512 | ||
|
|
8262f7803f | ||
|
|
363bc31d1b | ||
|
|
f3cea215ee | ||
|
|
cf9c7c9c6b | ||
|
|
cd7e39531b | ||
|
79a5cb2d9f | ||
|
|
010a512bd0 | ||
|
|
3d400774ff | ||
|
|
87aba78b82 | ||
|
be6ae59ea8 |
23 changed files with 1205 additions and 2902 deletions
1
.fmf/version
Normal file
1
.fmf/version
Normal file
|
|
@ -0,0 +1 @@
|
|||
1
|
||||
|
|
@ -1,33 +1,97 @@
|
|||
diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf
|
||||
--- dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf.default-settings 2018-02-28 15:28:57.000000000 +0100
|
||||
+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-mail.conf 2018-03-01 10:29:38.208368555 +0100
|
||||
@@ -322,6 +322,7 @@ protocol !indexer-worker {
|
||||
# them simultaneously.
|
||||
#mbox_read_locks = fcntl
|
||||
#mbox_write_locks = dotlock fcntl
|
||||
+mbox_write_locks = fcntl
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in.default-settings dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in.default-settings 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/doc/dovecot.conf.in 2025-11-30 09:24:17.130246956 +0100
|
||||
@@ -16,24 +16,19 @@ dovecot_storage_version = @DOVECOT_CONFI
|
||||
# The configuration below is a minimal configuration file using system user authentication.
|
||||
# See https://@DOVECOT_ASSET_URL@/latest/core/config/quick.html
|
||||
|
||||
# Maximum time to wait for lock (all of them) before aborting.
|
||||
#mbox_lock_timeout = 5 mins
|
||||
diff -up dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf
|
||||
--- dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf.default-settings 2018-02-28 15:28:57.000000000 +0100
|
||||
+++ dovecot-2.3.0.1/doc/example-config/conf.d/10-ssl.conf 2018-03-01 10:33:54.779499044 +0100
|
||||
@@ -3,7 +3,9 @@
|
||||
##
|
||||
-!include_try conf.d/*.conf
|
||||
-
|
||||
# Enable wanted protocols:
|
||||
protocols {
|
||||
imap = yes
|
||||
lmtp = yes
|
||||
}
|
||||
|
||||
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
|
||||
-#ssl = yes
|
||||
+# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
|
||||
+# plain imap and pop3 are still allowed for local connections
|
||||
-mail_home = /srv/mail/%{user}
|
||||
-mail_driver = sdbox
|
||||
+mail_home = /home/%{user}
|
||||
+mail_driver = maildir
|
||||
mail_path = ~/mail
|
||||
|
||||
-mail_uid = vmail
|
||||
-mail_gid = vmail
|
||||
-
|
||||
-# By default first_valid_uid is 500. If your vmail user's UID is smaller,
|
||||
+# By default first_valid_uid is 1000. If your vmail user's UID is smaller,
|
||||
# you need to modify this:
|
||||
-#first_valid_uid = uid-number-of-vmail-user
|
||||
+first_valid_uid = 1000
|
||||
|
||||
namespace inbox {
|
||||
inbox = yes
|
||||
@@ -44,7 +39,15 @@ namespace inbox {
|
||||
passdb pam {
|
||||
}
|
||||
|
||||
+userdb passwd {
|
||||
+}
|
||||
+
|
||||
+ssl = required
|
||||
|
||||
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
|
||||
# dropping root privileges, so keep the key file unreadable by anyone but
|
||||
@@ -57,6 +59,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
|
||||
#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
||||
# To disable non-EC DH, use:
|
||||
#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
||||
+ssl_cipher_list = PROFILE=SYSTEM
|
||||
+
|
||||
ssl_server {
|
||||
- cert_file = /etc/dovecot/ssl-cert.pem
|
||||
- key_file = /etc/dovecot/ssl-key.pem
|
||||
+ cert_file = /etc/pki/dovecot/certs/dovecot.pem
|
||||
+ key_file = /etc/pki/dovecot/private/dovecot.pem
|
||||
}
|
||||
+
|
||||
+!include_try conf.d/*.conf
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf.default-settings 2025-10-29 08:00:30.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve.conf 2025-11-30 09:18:17.667869864 +0100
|
||||
@@ -21,7 +21,6 @@
|
||||
# file or directory. Refer to Pigeonhole wiki or INSTALL file for more
|
||||
# information.
|
||||
|
||||
# Colon separated list of elliptic curves to use. Empty value (the default)
|
||||
# means use the defaults from the SSL library. P-521:P-384:P-256 would be an
|
||||
-plugin {
|
||||
# The location of the user's main Sieve script or script storage. The LDA
|
||||
# Sieve plugin uses this to find the active script for Sieve filtering at
|
||||
# delivery. The "include" extension uses this location for retrieving
|
||||
@@ -36,7 +35,10 @@ plugin {
|
||||
# active script symlink is located.
|
||||
# For other types: use the ';name=' parameter to specify the name of the
|
||||
# default/active script.
|
||||
- sieve = file:~/sieve;active=~/.dovecot.sieve
|
||||
+sieve_script personal {
|
||||
+ path = ~/sieve
|
||||
+ active_path = ~/.dovecot.sieve
|
||||
+}
|
||||
|
||||
# The default Sieve script when the user has none. This is the location of a
|
||||
# global sieve script file, which gets executed ONLY if user's personal Sieve
|
||||
@@ -202,4 +204,3 @@ plugin {
|
||||
# Enables showing byte code addresses in the trace output, rather than only
|
||||
# the source line numbers.
|
||||
#sieve_trace_addresses = no
|
||||
-}
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf.default-settings 2025-10-29 08:00:30.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/dovecot-pigeonhole/doc/example-config/conf.d/90-sieve-extprograms.conf 2025-11-30 09:18:17.668131795 +0100
|
||||
@@ -6,7 +6,6 @@
|
||||
# sieve_extensions or sieve_global_extensions settings. Restricting these
|
||||
# extensions to a global context using sieve_global_extensions is recommended.
|
||||
|
||||
-plugin {
|
||||
|
||||
# The directory where the program sockets are located for the
|
||||
# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
|
||||
@@ -23,7 +22,6 @@ plugin {
|
||||
#sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
|
||||
#sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
|
||||
#sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
|
||||
-}
|
||||
|
||||
# An example program service called 'do-something' to pipe messages to
|
||||
#service do-something {
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
diff -up dovecot-2.3.19.1/dovecot.service.in.waitonline dovecot-2.3.19.1/dovecot.service.in
|
||||
--- dovecot-2.3.19.1/dovecot.service.in.waitonline 2022-06-14 08:55:03.000000000 +0200
|
||||
+++ dovecot-2.3.19.1/dovecot.service.in 2022-11-08 20:28:37.550081709 +0100
|
||||
diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.waitonline dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in
|
||||
--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.waitonline 2025-06-02 23:29:29.141111228 +0200
|
||||
+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in 2025-06-02 23:31:27.124155453 +0200
|
||||
@@ -12,6 +12,7 @@ Description=Dovecot IMAP/POP3 email serv
|
||||
Documentation=man:dovecot(1)
|
||||
Documentation=https://doc.dovecot.org/
|
||||
After=local-fs.target network-online.target
|
||||
After=local-fs.target network-online.target remote-fs.target time-sync.target
|
||||
+Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
diff -up dovecot-2.3.15/dovecot-init.service.initbysystemd dovecot-2.3.15/dovecot-init.service
|
||||
--- dovecot-2.3.15/dovecot-init.service.initbysystemd 2021-06-21 20:21:49.250680889 +0200
|
||||
+++ dovecot-2.3.15/dovecot-init.service 2021-06-21 20:21:49.250680889 +0200
|
||||
diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service
|
||||
--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service.initbysystemd 2025-06-02 23:32:10.685053915 +0200
|
||||
+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-init.service 2025-06-02 23:32:10.685053915 +0200
|
||||
@@ -0,0 +1,13 @@
|
||||
+[Unit]
|
||||
+Description=One-time Dovecot init service
|
||||
|
|
@ -15,31 +15,31 @@ diff -up dovecot-2.3.15/dovecot-init.service.initbysystemd dovecot-2.3.15/doveco
|
|||
+ SSLDIR=/etc/pki/dovecot/ OPENSSLCONFIG=/etc/pki/dovecot/dovecot-openssl.cnf /usr/libexec/dovecot/mkcert.sh /dev/null 2>&1;\
|
||||
+fi'
|
||||
+
|
||||
diff -up dovecot-2.3.15/dovecot.service.in.initbysystemd dovecot-2.3.15/dovecot.service.in
|
||||
--- dovecot-2.3.15/dovecot.service.in.initbysystemd 2021-06-21 20:21:49.250680889 +0200
|
||||
+++ dovecot-2.3.15/dovecot.service.in 2021-06-21 20:22:46.935981920 +0200
|
||||
diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in
|
||||
--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in.initbysystemd 2025-06-02 23:32:10.685195261 +0200
|
||||
+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot.service.in 2025-06-02 23:34:03.123174934 +0200
|
||||
@@ -11,7 +11,8 @@
|
||||
Description=Dovecot IMAP/POP3 email server
|
||||
Documentation=man:dovecot(1)
|
||||
Documentation=https://doc.dovecot.org/
|
||||
-After=local-fs.target network-online.target
|
||||
+After=local-fs.target network-online.target dovecot-init.service
|
||||
-After=local-fs.target network-online.target remote-fs.target time-sync.target
|
||||
+After=local-fs.target network-online.target remote-fs.target time-sync.target dovecot-init.service
|
||||
+Requires=dovecot-init.service
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
diff -up dovecot-2.3.15/Makefile.am.initbysystemd dovecot-2.3.15/Makefile.am
|
||||
--- dovecot-2.3.15/Makefile.am.initbysystemd 2021-06-21 20:21:49.250680889 +0200
|
||||
+++ dovecot-2.3.15/Makefile.am 2021-06-21 20:24:26.676765849 +0200
|
||||
@@ -21,6 +21,7 @@ EXTRA_DIST = \
|
||||
diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am.initbysystemd dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am
|
||||
--- dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am.initbysystemd 2025-03-28 12:32:27.000000000 +0100
|
||||
+++ dovecot-2.4.1-build/dovecot-2.4.1-4/Makefile.am 2025-06-02 23:33:22.221675050 +0200
|
||||
@@ -19,6 +19,7 @@ EXTRA_DIST = \
|
||||
update-version.sh \
|
||||
run-test-valgrind.supp \
|
||||
dovecot.service.in \
|
||||
dovecot.socket \
|
||||
+ dovecot-init.service \
|
||||
$(conf_DATA)
|
||||
|
||||
noinst_DATA = dovecot-config
|
||||
@@ -69,7 +70,8 @@ dovecot-config: dovecot-config.in Makefi
|
||||
dovecot.socket \
|
||||
version \
|
||||
build-aux/git-abi-version-gen \
|
||||
@@ -67,7 +68,8 @@ dovecot-config: dovecot-config.in Makefi
|
||||
if WANT_SYSTEMD
|
||||
systemdsystemunit_DATA = \
|
||||
dovecot.socket \
|
||||
|
|
|
|||
|
|
@ -1,11 +0,0 @@
|
|||
diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt dovecot-2.3.0.1/src/auth/mycrypt.c
|
||||
--- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt 2018-02-28 15:28:58.000000000 +0100
|
||||
+++ dovecot-2.3.0.1/src/auth/mycrypt.c 2018-03-27 10:57:38.447769201 +0200
|
||||
@@ -14,6 +14,7 @@
|
||||
# define _XPG6 /* Some Solaris versions require this, some break with this */
|
||||
#endif
|
||||
#include <unistd.h>
|
||||
+#include <crypt.h>
|
||||
|
||||
#include "mycrypt.h"
|
||||
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
diff -up dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c
|
||||
--- dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c.opensslv3 2021-06-03 18:56:52.573174433 +0200
|
||||
+++ dovecot-2.3.14/src/lib-dcrypt/dcrypt-openssl.c 2021-06-03 18:56:52.585174274 +0200
|
||||
@@ -73,10 +73,30 @@
|
||||
2<tab>key algo oid<tab>1<tab>symmetric algo name<tab>salt<tab>hash algo<tab>rounds<tab>E(RSA = i2d_PrivateKey, EC=Private Point)<tab>key id
|
||||
**/
|
||||
|
||||
+#if OPENSSL_VERSION_MAJOR == 3
|
||||
+static EC_KEY *EVP_PKEY_get0_EC_KEYv3(EVP_PKEY *key)
|
||||
+{
|
||||
+ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);
|
||||
+ EVP_PKEY_set1_EC_KEY(key, eck);
|
||||
+ EC_KEY_free(eck);
|
||||
+ return eck;
|
||||
+}
|
||||
+
|
||||
+static EC_KEY *EVP_PKEY_get1_EC_KEYv3(EVP_PKEY *key)
|
||||
+{
|
||||
+ EC_KEY *eck = EVP_PKEY_get1_EC_KEY(key);
|
||||
+ EVP_PKEY_set1_EC_KEY(key, eck);
|
||||
+ return eck;
|
||||
+}
|
||||
+
|
||||
+#define EVP_PKEY_get0_EC_KEY EVP_PKEY_get0_EC_KEYv3
|
||||
+#define EVP_PKEY_get1_EC_KEY EVP_PKEY_get1_EC_KEYv3
|
||||
+#else
|
||||
#ifndef HAVE_EVP_PKEY_get0
|
||||
#define EVP_PKEY_get0_EC_KEY(x) x->pkey.ec
|
||||
#define EVP_PKEY_get0_RSA(x) x->pkey.rsa
|
||||
#endif
|
||||
+#endif
|
||||
|
||||
#ifndef HAVE_OBJ_LENGTH
|
||||
#define OBJ_length(o) ((o)->length)
|
||||
|
|
@ -1,19 +1,19 @@
|
|||
diff -up dovecot-2.3.17/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.3.17/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c
|
||||
--- dovecot-2.3.17/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2021-11-02 21:51:36.109032050 +0100
|
||||
+++ dovecot-2.3.17/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c 2021-11-02 21:52:28.409344118 +0100
|
||||
@@ -114,7 +114,7 @@ static int sieve_dict_script_get_stream
|
||||
(struct sieve_dict_script *)script;
|
||||
diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c
|
||||
--- dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c.fixvalcond 2025-06-02 23:36:21.897399891 +0200
|
||||
+++ dovecot-2.4.1-build/dovecot-2.4.1-4/dovecot-pigeonhole/src/lib-sieve/storage/dict/sieve-dict-script.c 2025-06-02 23:38:13.748569461 +0200
|
||||
@@ -102,7 +102,7 @@ sieve_dict_script_get_stream(struct siev
|
||||
container_of(script, struct sieve_dict_script, script);
|
||||
struct sieve_dict_storage *dstorage =
|
||||
(struct sieve_dict_storage *)script->storage;
|
||||
container_of(storage, struct sieve_dict_storage, storage);
|
||||
- const char *path, *name = script->name, *data, *error;
|
||||
+ const char *path, *name = script->name, *data, *error = NULL;
|
||||
int ret;
|
||||
|
||||
dscript->data_pool =
|
||||
diff -up dovecot-2.3.17/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.3.17/src/lib-storage/index/index-attribute.c
|
||||
--- dovecot-2.3.17/src/lib-storage/index/index-attribute.c.fixvalcond 2021-10-27 13:09:04.000000000 +0200
|
||||
+++ dovecot-2.3.17/src/lib-storage/index/index-attribute.c 2021-11-02 21:51:36.109032050 +0100
|
||||
@@ -248,7 +248,7 @@ int index_storage_attribute_get(struct m
|
||||
diff -up dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c.fixvalcond dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c
|
||||
--- dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c.fixvalcond 2025-03-28 12:32:27.000000000 +0100
|
||||
+++ dovecot-2.4.1-build/dovecot-2.4.1-4/src/lib-storage/index/index-attribute.c 2025-06-02 23:36:21.897571934 +0200
|
||||
@@ -250,7 +250,7 @@ int index_storage_attribute_get(struct m
|
||||
struct mail_attribute_value *value_r)
|
||||
{
|
||||
struct dict *dict;
|
||||
|
|
|
|||
|
|
@ -1,131 +0,0 @@
|
|||
From 7bad6a24160e34bce8f10e73dbbf9e5fbbcd1904 Mon Sep 17 00:00:00 2001
|
||||
From: Timo Sirainen <timo.sirainen@open-xchange.com>
|
||||
Date: Mon, 9 May 2022 15:23:33 +0300
|
||||
Subject: [PATCH] auth: Fix handling passdbs with identical driver/args but
|
||||
different mechanisms/username_filter
|
||||
|
||||
The passdb was wrongly deduplicated in this situation, causing wrong
|
||||
mechanisms or username_filter setting to be used. This would be a rather
|
||||
unlikely configuration though.
|
||||
|
||||
Fixed by moving mechanisms and username_filter from struct passdb_module
|
||||
to struct auth_passdb, which is where they should have been in the first
|
||||
place.
|
||||
---
|
||||
src/auth/auth-request.c | 6 +++---
|
||||
src/auth/auth.c | 18 ++++++++++++++++++
|
||||
src/auth/auth.h | 5 +++++
|
||||
src/auth/passdb.c | 15 ++-------------
|
||||
src/auth/passdb.h | 4 ----
|
||||
5 files changed, 28 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
|
||||
index cd08b1fa02..0ca29f3674 100644
|
||||
--- a/src/auth/auth-request.c
|
||||
+++ b/src/auth/auth-request.c
|
||||
@@ -534,8 +534,8 @@ auth_request_want_skip_passdb(struct auth_request *request,
|
||||
struct auth_passdb *passdb)
|
||||
{
|
||||
/* if mechanism is not supported, skip */
|
||||
- const char *const *mechs = passdb->passdb->mechanisms;
|
||||
- const char *const *username_filter = passdb->passdb->username_filter;
|
||||
+ const char *const *mechs = passdb->mechanisms;
|
||||
+ const char *const *username_filter = passdb->username_filter;
|
||||
const char *username;
|
||||
|
||||
username = request->fields.user;
|
||||
@@ -548,7 +548,7 @@ auth_request_want_skip_passdb(struct auth_request *request,
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
- if (passdb->passdb->username_filter != NULL &&
|
||||
+ if (passdb->username_filter != NULL &&
|
||||
!auth_request_username_accepted(username_filter, username)) {
|
||||
auth_request_log_debug(request,
|
||||
request->mech != NULL ? AUTH_SUBSYS_MECH
|
||||
diff --git a/src/auth/auth.c b/src/auth/auth.c
|
||||
index f2f3fda20c..9f6c4ba60c 100644
|
||||
--- a/src/auth/auth.c
|
||||
+++ b/src/auth/auth.c
|
||||
@@ -99,6 +99,24 @@ auth_passdb_preinit(struct auth *auth, const struct auth_passdb_settings *set,
|
||||
auth_passdb->override_fields_tmpl =
|
||||
passdb_template_build(auth->pool, set->override_fields);
|
||||
|
||||
+ if (*set->mechanisms == '\0') {
|
||||
+ auth_passdb->mechanisms = NULL;
|
||||
+ } else if (strcasecmp(set->mechanisms, "none") == 0) {
|
||||
+ auth_passdb->mechanisms = (const char *const[]){ NULL };
|
||||
+ } else {
|
||||
+ auth_passdb->mechanisms =
|
||||
+ (const char *const *)p_strsplit_spaces(auth->pool,
|
||||
+ set->mechanisms, " ,");
|
||||
+ }
|
||||
+
|
||||
+ if (*set->username_filter == '\0') {
|
||||
+ auth_passdb->username_filter = NULL;
|
||||
+ } else {
|
||||
+ auth_passdb->username_filter =
|
||||
+ (const char *const *)p_strsplit_spaces(auth->pool,
|
||||
+ set->username_filter, " ,");
|
||||
+ }
|
||||
+
|
||||
/* for backwards compatibility: */
|
||||
if (set->pass)
|
||||
auth_passdb->result_success = AUTH_DB_RULE_CONTINUE;
|
||||
diff --git a/src/auth/auth.h b/src/auth/auth.h
|
||||
index f700e29d5c..460a179765 100644
|
||||
--- a/src/auth/auth.h
|
||||
+++ b/src/auth/auth.h
|
||||
@@ -41,6 +41,11 @@ struct auth_passdb {
|
||||
struct passdb_template *default_fields_tmpl;
|
||||
struct passdb_template *override_fields_tmpl;
|
||||
|
||||
+ /* Supported authentication mechanisms, NULL is all, {NULL} is none */
|
||||
+ const char *const *mechanisms;
|
||||
+ /* Username filter, NULL is no filter */
|
||||
+ const char *const *username_filter;
|
||||
+
|
||||
enum auth_passdb_skip skip;
|
||||
enum auth_db_rule result_success;
|
||||
enum auth_db_rule result_failure;
|
||||
diff --git a/src/auth/passdb.c b/src/auth/passdb.c
|
||||
index eb4ac8ae82..f5eed1af4f 100644
|
||||
--- a/src/auth/passdb.c
|
||||
+++ b/src/auth/passdb.c
|
||||
@@ -224,19 +224,8 @@ passdb_preinit(pool_t pool, const struct auth_passdb_settings *set)
|
||||
passdb->id = ++auth_passdb_id;
|
||||
passdb->iface = *iface;
|
||||
passdb->args = p_strdup(pool, set->args);
|
||||
- if (*set->mechanisms == '\0') {
|
||||
- passdb->mechanisms = NULL;
|
||||
- } else if (strcasecmp(set->mechanisms, "none") == 0) {
|
||||
- passdb->mechanisms = (const char *const[]){NULL};
|
||||
- } else {
|
||||
- passdb->mechanisms = (const char* const*)p_strsplit_spaces(pool, set->mechanisms, " ,");
|
||||
- }
|
||||
-
|
||||
- if (*set->username_filter == '\0') {
|
||||
- passdb->username_filter = NULL;
|
||||
- } else {
|
||||
- passdb->username_filter = (const char* const*)p_strsplit_spaces(pool, set->username_filter, " ,");
|
||||
- }
|
||||
+ /* NOTE: if anything else than driver & args are added here,
|
||||
+ passdb_find() also needs to be updated. */
|
||||
array_push_back(&passdb_modules, &passdb);
|
||||
return passdb;
|
||||
}
|
||||
diff --git a/src/auth/passdb.h b/src/auth/passdb.h
|
||||
index 2e95328e5c..e466a9fdb6 100644
|
||||
--- a/src/auth/passdb.h
|
||||
+++ b/src/auth/passdb.h
|
||||
@@ -63,10 +63,6 @@ struct passdb_module {
|
||||
/* Default password scheme for this module.
|
||||
If default_cache_key is set, must not be NULL. */
|
||||
const char *default_pass_scheme;
|
||||
- /* Supported authentication mechanisms, NULL is all, [NULL] is none*/
|
||||
- const char *const *mechanisms;
|
||||
- /* Username filter, NULL is no filter */
|
||||
- const char *const *username_filter;
|
||||
|
||||
/* If blocking is set to TRUE, use child processes to access
|
||||
this passdb. */
|
||||
|
|
@ -1,295 +0,0 @@
|
|||
diff -up dovecot-2.3.20/configure.ac.nolibotp dovecot-2.3.20/configure.ac
|
||||
--- dovecot-2.3.20/configure.ac.nolibotp 2022-12-21 09:49:12.000000000 +0100
|
||||
+++ dovecot-2.3.20/configure.ac 2023-02-14 16:54:02.118531016 +0100
|
||||
@@ -854,7 +854,6 @@ src/lib-lua/Makefile
|
||||
src/lib-mail/Makefile
|
||||
src/lib-master/Makefile
|
||||
src/lib-program-client/Makefile
|
||||
-src/lib-otp/Makefile
|
||||
src/lib-dovecot/Makefile
|
||||
src/lib-sasl/Makefile
|
||||
src/lib-settings/Makefile
|
||||
diff -up dovecot-2.3.20/src/auth/main.c.nolibotp dovecot-2.3.20/src/auth/main.c
|
||||
--- dovecot-2.3.20/src/auth/main.c.nolibotp 2022-12-21 09:49:12.000000000 +0100
|
||||
+++ dovecot-2.3.20/src/auth/main.c 2023-02-14 16:54:02.118531016 +0100
|
||||
@@ -19,8 +19,6 @@
|
||||
#include "password-scheme.h"
|
||||
#include "passdb-cache.h"
|
||||
#include "mech.h"
|
||||
-#include "otp.h"
|
||||
-#include "mech-otp-common.h"
|
||||
#include "auth.h"
|
||||
#include "auth-penalty.h"
|
||||
#include "auth-token.h"
|
||||
@@ -283,7 +281,6 @@ static void main_deinit(void)
|
||||
|
||||
auth_policy_deinit();
|
||||
mech_register_deinit(&mech_reg);
|
||||
- mech_otp_deinit();
|
||||
mech_deinit(global_auth_settings);
|
||||
|
||||
/* allow modules to unregister their dbs/drivers/etc. before freeing
|
||||
diff -up dovecot-2.3.20/src/auth/Makefile.am.nolibotp dovecot-2.3.20/src/auth/Makefile.am
|
||||
--- dovecot-2.3.20/src/auth/Makefile.am.nolibotp 2022-12-21 09:49:12.000000000 +0100
|
||||
+++ dovecot-2.3.20/src/auth/Makefile.am 2023-02-14 16:54:02.118531016 +0100
|
||||
@@ -45,7 +45,6 @@ AM_CPPFLAGS = \
|
||||
-I$(top_srcdir)/src/lib-sql \
|
||||
-I$(top_srcdir)/src/lib-settings \
|
||||
-I$(top_srcdir)/src/lib-old-stats \
|
||||
- -I$(top_srcdir)/src/lib-otp \
|
||||
-I$(top_srcdir)/src/lib-master \
|
||||
-I$(top_srcdir)/src/lib-oauth2 \
|
||||
-I$(top_srcdir)/src/lib-ssl-iostream \
|
||||
@@ -67,7 +66,6 @@ libpassword_la_SOURCES = \
|
||||
password-scheme-crypt.c \
|
||||
password-scheme-md5crypt.c \
|
||||
password-scheme-scram.c \
|
||||
- password-scheme-otp.c \
|
||||
password-scheme-pbkdf2.c \
|
||||
password-scheme-sodium.c
|
||||
libpassword_la_CFLAGS = $(AM_CPPFLAGS) $(LIBSODIUM_CFLAGS)
|
||||
@@ -76,7 +74,6 @@ auth_libs = \
|
||||
libauth.la \
|
||||
libstats_auth.la \
|
||||
libpassword.la \
|
||||
- ../lib-otp/libotp.la \
|
||||
$(AUTH_LUA_LIBS) \
|
||||
$(LIBDOVECOT_SQL)
|
||||
|
||||
@@ -95,7 +92,6 @@ libauth_la_SOURCES = \
|
||||
auth-client-connection.c \
|
||||
auth-master-connection.c \
|
||||
auth-policy.c \
|
||||
- mech-otp-common.c \
|
||||
mech-plain-common.c \
|
||||
auth-penalty.c \
|
||||
auth-request.c \
|
||||
@@ -122,7 +118,6 @@ libauth_la_SOURCES = \
|
||||
mech-digest-md5.c \
|
||||
mech-external.c \
|
||||
mech-gssapi.c \
|
||||
- mech-otp.c \
|
||||
mech-scram.c \
|
||||
mech-apop.c \
|
||||
mech-winbind.c \
|
||||
@@ -161,7 +156,6 @@ headers = \
|
||||
auth-client-connection.h \
|
||||
auth-common.h \
|
||||
auth-master-connection.h \
|
||||
- mech-otp-common.h \
|
||||
mech-plain-common.h \
|
||||
mech-digest-md5-private.h \
|
||||
mech-scram.h \
|
||||
@@ -260,7 +254,6 @@ test_libs = \
|
||||
test_libpassword_SOURCES = test-libpassword.c
|
||||
test_libpassword_LDADD = \
|
||||
libpassword.la \
|
||||
- ../lib-otp/libotp.la \
|
||||
$(CRYPT_LIBS) \
|
||||
$(LIBDOVECOT_SQL) \
|
||||
$(LIBSODIUM_LIBS) \
|
||||
diff -up dovecot-2.3.20/src/auth/mech.c.nolibotp dovecot-2.3.20/src/auth/mech.c
|
||||
--- dovecot-2.3.20/src/auth/mech.c.nolibotp 2023-02-14 16:55:38.421231797 +0100
|
||||
+++ dovecot-2.3.20/src/auth/mech.c 2023-02-14 16:55:38.434231892 +0100
|
||||
@@ -71,7 +71,6 @@ extern const struct mech_module mech_apo
|
||||
extern const struct mech_module mech_cram_md5;
|
||||
extern const struct mech_module mech_digest_md5;
|
||||
extern const struct mech_module mech_external;
|
||||
-extern const struct mech_module mech_otp;
|
||||
extern const struct mech_module mech_scram_sha1;
|
||||
extern const struct mech_module mech_scram_sha256;
|
||||
extern const struct mech_module mech_anonymous;
|
||||
@@ -206,7 +205,6 @@ void mech_init(const struct auth_setting
|
||||
mech_register_module(&mech_gssapi_spnego);
|
||||
#endif
|
||||
}
|
||||
- mech_register_module(&mech_otp);
|
||||
mech_register_module(&mech_scram_sha1);
|
||||
mech_register_module(&mech_scram_sha256);
|
||||
mech_register_module(&mech_anonymous);
|
||||
@@ -233,7 +231,6 @@ void mech_deinit(const struct auth_setti
|
||||
mech_unregister_module(&mech_gssapi_spnego);
|
||||
#endif
|
||||
}
|
||||
- mech_unregister_module(&mech_otp);
|
||||
mech_unregister_module(&mech_scram_sha1);
|
||||
mech_unregister_module(&mech_scram_sha256);
|
||||
mech_unregister_module(&mech_anonymous);
|
||||
diff -up dovecot-2.3.20/src/auth/password-scheme.c.nolibotp dovecot-2.3.20/src/auth/password-scheme.c
|
||||
--- dovecot-2.3.20/src/auth/password-scheme.c.nolibotp 2023-02-14 16:54:02.109530950 +0100
|
||||
+++ dovecot-2.3.20/src/auth/password-scheme.c 2023-02-14 16:54:02.119531023 +0100
|
||||
@@ -13,7 +13,6 @@
|
||||
#include "randgen.h"
|
||||
#include "sha1.h"
|
||||
#include "sha2.h"
|
||||
-#include "otp.h"
|
||||
#include "str.h"
|
||||
#include "password-scheme.h"
|
||||
|
||||
@@ -709,32 +708,6 @@ plain_md5_generate(const char *plaintext
|
||||
*size_r = MD5_RESULTLEN;
|
||||
}
|
||||
|
||||
-static int otp_verify(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
||||
- const unsigned char *raw_password, size_t size,
|
||||
- const char **error_r)
|
||||
-{
|
||||
- const char *password, *generated;
|
||||
-
|
||||
- password = t_strndup(raw_password, size);
|
||||
- if (password_generate_otp(plaintext, password, UINT_MAX, &generated) < 0) {
|
||||
- *error_r = "Invalid OTP data in passdb";
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- return strcasecmp(password, generated) == 0 ? 1 : 0;
|
||||
-}
|
||||
-
|
||||
-static void
|
||||
-otp_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
||||
- const unsigned char **raw_password_r, size_t *size_r)
|
||||
-{
|
||||
- const char *password;
|
||||
-
|
||||
- if (password_generate_otp(plaintext, NULL, OTP_HASH_SHA1, &password) < 0)
|
||||
- i_unreached();
|
||||
- *raw_password_r = (const unsigned char *)password;
|
||||
- *size_r = strlen(password);
|
||||
-}
|
||||
|
||||
static const struct password_scheme builtin_schemes[] = {
|
||||
{ "MD5", PW_ENCODING_NONE, 0, md5_verify, md5_crypt_generate },
|
||||
@@ -770,7 +743,6 @@ static const struct password_scheme buil
|
||||
NULL, plain_md5_generate },
|
||||
{ "LDAP-MD5", PW_ENCODING_BASE64, MD5_RESULTLEN,
|
||||
NULL, plain_md5_generate },
|
||||
- { "OTP", PW_ENCODING_NONE, 0, otp_verify, otp_generate },
|
||||
{ "PBKDF2", PW_ENCODING_NONE, 0, pbkdf2_verify, pbkdf2_generate },
|
||||
};
|
||||
|
||||
diff -up dovecot-2.3.20/src/auth/password-scheme.h.nolibotp dovecot-2.3.20/src/auth/password-scheme.h
|
||||
--- dovecot-2.3.20/src/auth/password-scheme.h.nolibotp 2023-02-14 16:56:50.929759540 +0100
|
||||
+++ dovecot-2.3.20/src/auth/password-scheme.h 2023-02-14 16:56:50.947759671 +0100
|
||||
@@ -92,9 +92,6 @@ void password_set_encryption_rounds(unsi
|
||||
/* INTERNAL: */
|
||||
const char *password_generate_salt(size_t len);
|
||||
const char *password_generate_md5_crypt(const char *pw, const char *salt);
|
||||
-int password_generate_otp(const char *pw, const char *state_data,
|
||||
- unsigned int algo, const char **result_r)
|
||||
- ATTR_NULL(2);
|
||||
|
||||
int crypt_verify(const char *plaintext,
|
||||
const struct password_generate_params *params,
|
||||
diff -up dovecot-2.3.20/src/auth/test-libpassword.c.nolibotp dovecot-2.3.20/src/auth/test-libpassword.c
|
||||
--- dovecot-2.3.20/src/auth/test-libpassword.c.nolibotp 2023-02-14 16:54:55.880922175 +0100
|
||||
+++ dovecot-2.3.20/src/auth/test-libpassword.c 2023-02-14 16:54:55.896922291 +0100
|
||||
@@ -106,7 +106,6 @@ static void test_password_schemes(void)
|
||||
test_password_scheme("SHA512", "{SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUNzLDBMxfqa2Ob1f1ACio/w==", "test");
|
||||
test_password_scheme("SSHA", "{SSHA}H/zrDv8FXUu1JmwvVYijfrYEF34jVZcO", "test");
|
||||
test_password_scheme("MD5-CRYPT", "{MD5-CRYPT}$1$GgvxyNz8$OjZhLh4P.gF1lxYEbLZ3e/", "test");
|
||||
- test_password_scheme("OTP", "{OTP}sha1 1024 ae6b49aa481f7233 f69fc7f98b8fbf54", "test");
|
||||
test_password_scheme("PBKDF2", "{PBKDF2}$1$bUnT4Pl7yFtYX0KU$5000$50a83cafdc517b9f46519415e53c6a858908680a", "test");
|
||||
test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test");
|
||||
test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test");
|
||||
diff -up dovecot-2.3.20/src/auth/test-mech.c.nolibotp dovecot-2.3.20/src/auth/test-mech.c
|
||||
--- dovecot-2.3.20/src/auth/test-mech.c.nolibotp 2022-12-21 09:49:12.000000000 +0100
|
||||
+++ dovecot-2.3.20/src/auth/test-mech.c 2023-02-14 16:54:02.119531023 +0100
|
||||
@@ -8,8 +8,6 @@
|
||||
#include "auth-request-handler-private.h"
|
||||
#include "auth-settings.h"
|
||||
#include "mech-digest-md5-private.h"
|
||||
-#include "otp.h"
|
||||
-#include "mech-otp-common.h"
|
||||
#include "settings-parser.h"
|
||||
#include "password-scheme.h"
|
||||
#include "auth-token.h"
|
||||
@@ -27,7 +25,6 @@ extern const struct mech_module mech_dov
|
||||
extern const struct mech_module mech_external;
|
||||
extern const struct mech_module mech_login;
|
||||
extern const struct mech_module mech_oauthbearer;
|
||||
-extern const struct mech_module mech_otp;
|
||||
extern const struct mech_module mech_plain;
|
||||
extern const struct mech_module mech_scram_sha1;
|
||||
extern const struct mech_module mech_scram_sha256;
|
||||
@@ -65,10 +62,7 @@ request_handler_reply_mock_callback(stru
|
||||
|
||||
if (request->passdb_result == PASSDB_RESULT_OK)
|
||||
request->failed = FALSE;
|
||||
- else if (request->mech == &mech_otp) {
|
||||
- if (null_strcmp(request->fields.user, "otp_phase_2") == 0)
|
||||
- request->failed = FALSE;
|
||||
- } else if (request->mech == &mech_oauthbearer) {
|
||||
+ else if (request->mech == &mech_oauthbearer) {
|
||||
}
|
||||
};
|
||||
|
||||
@@ -224,10 +218,6 @@ static void test_mechs(void)
|
||||
{&mech_plain, UCHAR_LEN("\0testuser\0testpass"), "testuser", NULL, TRUE, FALSE, FALSE},
|
||||
{&mech_plain, UCHAR_LEN("normaluser\0masteruser\0masterpass"), "masteruser", NULL, TRUE, FALSE, FALSE},
|
||||
{&mech_plain, UCHAR_LEN("normaluser\0normaluser\0masterpass"), "normaluser", NULL, TRUE, FALSE, FALSE},
|
||||
- {&mech_otp, UCHAR_LEN("hex:5Bf0 75d9 959d 036f"), "otp_phase_2", NULL, TRUE, TRUE, FALSE},
|
||||
- {&mech_otp, UCHAR_LEN("word:BOND FOGY DRAB NE RISE MART"), "otp_phase_2", NULL, TRUE, TRUE, FALSE},
|
||||
- {&mech_otp, UCHAR_LEN("init-hex:f6bd 6b33 89b8 7203:md5 499 ke6118:23d1 b253 5ae0 2b7e"), "otp_phase_2", NULL, TRUE, TRUE, FALSE},
|
||||
- {&mech_otp, UCHAR_LEN("init-word:END KERN BALM NICK EROS WAVY:md5 499 ke1235:BABY FAIN OILY NIL TIDY DADE"), "otp_phase_2", NULL , TRUE, TRUE, FALSE},
|
||||
{&mech_oauthbearer, UCHAR_LEN("n,a=testuser,p=cHJvb2Y=,f=nonstandart\x01host=server\x01port=143\x01""auth=Bearer vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==\x01\x01"), "testuser", NULL, FALSE, TRUE, FALSE},
|
||||
{&mech_scram_sha1, UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", NULL, TRUE, FALSE, FALSE},
|
||||
{&mech_scram_sha256, UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", NULL, TRUE, FALSE, FALSE},
|
||||
@@ -242,8 +232,6 @@ static void test_mechs(void)
|
||||
{&mech_external, UCHAR_LEN(""), "testuser", NULL, FALSE, TRUE, FALSE},
|
||||
{&mech_external, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_login, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
- {&mech_otp, UCHAR_LEN(""), NULL, "invalid input", FALSE, FALSE, FALSE},
|
||||
- {&mech_otp, UCHAR_LEN(""), "testuser", "invalid input", FALSE, FALSE, FALSE},
|
||||
{&mech_plain, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_oauthbearer, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_xoauth2, UCHAR_LEN(""), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
@@ -255,7 +243,6 @@ static void test_mechs(void)
|
||||
{&mech_apop, UCHAR_LEN("1.1.1\0testuser\0tooshort"), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_apop, UCHAR_LEN("1.1.1\0testuser\0responseoflen16-"), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_apop, UCHAR_LEN("1.1.1"), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
- {&mech_otp, UCHAR_LEN("somebody\0testuser"), "testuser", "otp(testuser): unsupported response type", FALSE, TRUE, FALSE},
|
||||
{&mech_cram_md5, UCHAR_LEN("testuser\0response"), "testuser", NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_plain, UCHAR_LEN("testuser\0"), "testuser", NULL, FALSE, FALSE, FALSE},
|
||||
|
||||
@@ -297,9 +284,7 @@ static void test_mechs(void)
|
||||
{&mech_plain, UCHAR_LEN("\0fa\0il\0ing\0withthis"), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_plain, UCHAR_LEN("failingwiththis"), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_plain, UCHAR_LEN("failing\0withthis"), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
- {&mech_otp, UCHAR_LEN("someb\0ody\0testuser"), NULL, "invalid input", FALSE, FALSE, FALSE},
|
||||
/* phase 2 */
|
||||
- {&mech_otp, UCHAR_LEN("someb\0ody\0testuser"), "testuser", "otp(testuser): unsupported response type", FALSE, TRUE, FALSE},
|
||||
{&mech_scram_sha1, UCHAR_LEN("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts="), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_scram_sha1, UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
{&mech_scram_sha1, UCHAR_LEN("n,a=masteruser,,"), NULL, NULL, FALSE, FALSE, FALSE},
|
||||
@@ -387,7 +372,6 @@ static void test_mechs(void)
|
||||
|
||||
test_end();
|
||||
} T_END;
|
||||
- mech_otp_deinit();
|
||||
auths_deinit();
|
||||
auth_token_deinit();
|
||||
password_schemes_deinit();
|
||||
diff -up dovecot-2.3.20/src/doveadm/Makefile.am.nolibotp dovecot-2.3.20/src/doveadm/Makefile.am
|
||||
--- dovecot-2.3.20/src/doveadm/Makefile.am.nolibotp 2022-12-21 09:49:12.000000000 +0100
|
||||
+++ dovecot-2.3.20/src/doveadm/Makefile.am 2023-02-14 16:54:02.119531023 +0100
|
||||
@@ -36,8 +36,7 @@ AM_CPPFLAGS = \
|
||||
$(BINARY_CFLAGS)
|
||||
|
||||
cmd_pw_libs = \
|
||||
- ../auth/libpassword.la \
|
||||
- ../lib-otp/libotp.la
|
||||
+ ../auth/libpassword.la
|
||||
|
||||
libs = \
|
||||
dsync/libdsync.la \
|
||||
diff -up dovecot-2.3.20/src/Makefile.am.nolibotp dovecot-2.3.20/src/Makefile.am
|
||||
--- dovecot-2.3.20/src/Makefile.am.nolibotp 2022-12-21 09:49:12.000000000 +0100
|
||||
+++ dovecot-2.3.20/src/Makefile.am 2023-02-14 16:54:02.119531023 +0100
|
||||
@@ -40,7 +40,6 @@ SUBDIRS = \
|
||||
lib-index \
|
||||
lib-storage \
|
||||
lib-sql \
|
||||
- lib-otp \
|
||||
lib-lda \
|
||||
lib-dict-backend \
|
||||
anvil \
|
||||
13
dovecot-2.3.21.1-fixicu.patch
Normal file
13
dovecot-2.3.21.1-fixicu.patch
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
diff -up dovecot-2.3.20/m4/want_icu.m4.fixicu dovecot-2.3.20/m4/want_icu.m4
|
||||
--- dovecot-2.3.20/m4/want_icu.m4.fixicu 2022-12-21 09:49:12.000000000 +0100
|
||||
+++ dovecot-2.3.20/m4/want_icu.m4 2025-01-29 10:47:25.765768562 +0100
|
||||
@@ -1,7 +1,7 @@
|
||||
AC_DEFUN([DOVECOT_WANT_ICU], [
|
||||
if test "$want_icu" != "no"; then
|
||||
- if test "$PKG_CONFIG" != "" && $PKG_CONFIG --exists icu-i18n 2>/dev/null; then
|
||||
- PKG_CHECK_MODULES(LIBICU, icu-i18n)
|
||||
+ if test "$PKG_CONFIG" != "" && $PKG_CONFIG --exists icu-i18n icu-uc 2>/dev/null; then
|
||||
+ PKG_CHECK_MODULES(LIBICU, icu-i18n icu-uc)
|
||||
have_icu=yes
|
||||
AC_DEFINE(HAVE_LIBICU,, [Define if you want ICU normalization support for FTS])
|
||||
elif test "$want_icu" = "yes"; then
|
||||
285
dovecot-2.4.1-nolibotp.patch
Normal file
285
dovecot-2.4.1-nolibotp.patch
Normal file
|
|
@ -0,0 +1,285 @@
|
|||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c.nolibotp 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-auth.c 2025-11-30 13:38:50.100927373 +0100
|
||||
@@ -16,7 +16,7 @@
|
||||
static const char *const settings[] = {
|
||||
"base_dir", ".",
|
||||
"auth_mechanisms",
|
||||
- "ANONYMOUS APOP CRAM-MD5 DIGEST-MD5 EXTERNAL LOGIN PLAIN OTP "
|
||||
+ "ANONYMOUS APOP CRAM-MD5 DIGEST-MD5 EXTERNAL LOGIN PLAIN "
|
||||
"OAUTHBEARER SCRAM-SHA-1 SCRAM-SHA-256 XOAUTH2",
|
||||
"auth_username_chars", "",
|
||||
"auth_username_format", "",
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c.nolibotp 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/test-mech.c 2025-11-30 13:38:50.101130654 +0100
|
||||
@@ -46,10 +46,7 @@ request_handler_reply_mock_callback(stru
|
||||
|
||||
if (request->passdb_result == PASSDB_RESULT_OK)
|
||||
request->failed = FALSE;
|
||||
- else if (strcmp(request->fields.mech_name, SASL_MECH_NAME_OTP) == 0) {
|
||||
- if (null_strcmp(request->fields.user, "otp_phase_2") == 0)
|
||||
- request->failed = FALSE;
|
||||
- } else if (strcmp(request->fields.mech_name,
|
||||
+ else if (strcmp(request->fields.mech_name,
|
||||
SASL_MECH_NAME_OAUTHBEARER) == 0) {
|
||||
}
|
||||
};
|
||||
@@ -190,10 +187,6 @@ static void test_mechs(void)
|
||||
{"PLAIN", UCHAR_LEN("\0testuser\0testpass"), "testuser", TRUE, FALSE, FALSE},
|
||||
{"PLAIN", UCHAR_LEN("normaluser\0masteruser\0masterpass"), "masteruser", TRUE, FALSE, FALSE},
|
||||
{"PLAIN", UCHAR_LEN("normaluser\0normaluser\0masterpass"), "normaluser", TRUE, FALSE, FALSE},
|
||||
- {"OTP", UCHAR_LEN("hex:5Bf0 75d9 959d 036f"), "otp_phase_2", TRUE, TRUE, FALSE},
|
||||
- {"OTP", UCHAR_LEN("word:BOND FOGY DRAB NE RISE MART"), "otp_phase_2", TRUE, TRUE, FALSE},
|
||||
- {"OTP", UCHAR_LEN("init-hex:f6bd 6b33 89b8 7203:md5 499 ke6118:23d1 b253 5ae0 2b7e"), "otp_phase_2", TRUE, TRUE, FALSE},
|
||||
- {"OTP", UCHAR_LEN("init-word:END KERN BALM NICK EROS WAVY:md5 499 ke1235:BABY FAIN OILY NIL TIDY DADE"), "otp_phase_2", TRUE, TRUE, FALSE},
|
||||
{"OAUTHBEARER", UCHAR_LEN("n,a=testuser,p=cHJvb2Y=,f=nonstandart\x01host=server\x01port=143\x01""auth=Bearer vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==\x01\x01"), "testuser", FALSE, TRUE, FALSE},
|
||||
{"SCRAM-SHA-1", UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", TRUE, FALSE, FALSE},
|
||||
{"SCRAM-SHA-256", UCHAR_LEN("n,,n=testuser,r=rOprNGfwEbeRWgbNEkqO"), "testuser", TRUE, FALSE, FALSE},
|
||||
@@ -208,8 +201,6 @@ static void test_mechs(void)
|
||||
{"EXTERNAL", UCHAR_LEN(""), "testuser", FALSE, TRUE, FALSE},
|
||||
{"EXTERNAL", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
|
||||
{"LOGIN", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
|
||||
- {"OTP", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
|
||||
- {"OTP", UCHAR_LEN(""), "testuser", FALSE, FALSE, FALSE},
|
||||
{"PLAIN", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
|
||||
{"OAUTHBEARER", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
|
||||
{"XOAUTH2", UCHAR_LEN(""), NULL, FALSE, FALSE, FALSE},
|
||||
@@ -221,7 +212,6 @@ static void test_mechs(void)
|
||||
{"APOP", UCHAR_LEN("1.1.1\0testuser\0tooshort"), NULL, FALSE, FALSE, FALSE},
|
||||
{"APOP", UCHAR_LEN("1.1.1\0testuser\0responseoflen16-"), NULL, FALSE, FALSE, FALSE},
|
||||
{"APOP", UCHAR_LEN("1.1.1"), NULL, FALSE, FALSE, FALSE},
|
||||
- {"OTP", UCHAR_LEN("somebody\0testuser"), "testuser", FALSE, TRUE, FALSE},
|
||||
{"CRAM-MD5", UCHAR_LEN("testuser\0response"), "testuser", FALSE, FALSE, FALSE},
|
||||
{"PLAIN", UCHAR_LEN("testuser\0"), "testuser", FALSE, FALSE, FALSE},
|
||||
|
||||
@@ -264,9 +254,7 @@ static void test_mechs(void)
|
||||
{"PLAIN", UCHAR_LEN("\0fa\0il\0ing\0withthis"), NULL, FALSE, FALSE, FALSE},
|
||||
{"PLAIN", UCHAR_LEN("failingwiththis"), NULL, FALSE, FALSE, FALSE},
|
||||
{"PLAIN", UCHAR_LEN("failing\0withthis"), NULL, FALSE, FALSE, FALSE},
|
||||
- {"OTP", UCHAR_LEN("someb\0ody\0testuser"), NULL, FALSE, FALSE, FALSE},
|
||||
/* phase 2 */
|
||||
- {"OTP", UCHAR_LEN("someb\0ody\0testuser"), "testuser", FALSE, TRUE, FALSE},
|
||||
{"SCRAM-SHA-1", UCHAR_LEN("c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts="), NULL, FALSE, FALSE, FALSE},
|
||||
{"SCRAM-SHA-1", UCHAR_LEN("iws0X8v3Bz2T0CJGbJQyF0X+HI4Ts=,,,,"), NULL, FALSE, FALSE, FALSE},
|
||||
{"SCRAM-SHA-1", UCHAR_LEN("n,a=masteruser,,"), NULL, FALSE, FALSE, FALSE},
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.nolibotp 2025-11-30 13:38:50.093609901 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c 2025-11-30 13:38:50.101359374 +0100
|
||||
@@ -13,7 +13,6 @@
|
||||
#include "randgen.h"
|
||||
#include "sha1.h"
|
||||
#include "sha2.h"
|
||||
-#include "otp.h"
|
||||
#include "str.h"
|
||||
#include "auth-digest.h"
|
||||
#include "password-scheme.h"
|
||||
@@ -704,33 +703,6 @@ plain_md5_generate(const char *plaintext
|
||||
*size_r = MD5_RESULTLEN;
|
||||
}
|
||||
|
||||
-static int otp_verify(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
||||
- const unsigned char *raw_password, size_t size,
|
||||
- const char **error_r)
|
||||
-{
|
||||
- const char *password, *generated;
|
||||
-
|
||||
- password = t_strndup(raw_password, size);
|
||||
- if (password_generate_otp(plaintext, password, UINT_MAX, &generated) < 0) {
|
||||
- *error_r = "Invalid OTP data in passdb";
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- return strcasecmp(password, generated) == 0 ? 1 : 0;
|
||||
-}
|
||||
-
|
||||
-static void
|
||||
-otp_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
||||
- const unsigned char **raw_password_r, size_t *size_r)
|
||||
-{
|
||||
- const char *password;
|
||||
-
|
||||
- if (password_generate_otp(plaintext, NULL, OTP_HASH_SHA1, &password) < 0)
|
||||
- i_unreached();
|
||||
- *raw_password_r = (const unsigned char *)password;
|
||||
- *size_r = strlen(password);
|
||||
-}
|
||||
-
|
||||
static const struct password_scheme builtin_schemes[] = {
|
||||
{
|
||||
.name = "MD5",
|
||||
@@ -894,13 +866,6 @@ static const struct password_scheme buil
|
||||
.password_generate = plain_md5_generate,
|
||||
},
|
||||
{
|
||||
- .name = "OTP",
|
||||
- .default_encoding = PW_ENCODING_NONE,
|
||||
- .raw_password_len = 0,
|
||||
- .password_verify = otp_verify,
|
||||
- .password_generate = otp_generate,
|
||||
- },
|
||||
- {
|
||||
.name = "PBKDF2",
|
||||
.default_encoding = PW_ENCODING_NONE,
|
||||
.raw_password_len = 0,
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h.nolibotp 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.h 2025-11-30 13:38:50.101549260 +0100
|
||||
@@ -98,9 +98,6 @@ void password_set_encryption_rounds(unsi
|
||||
/* INTERNAL: */
|
||||
const char *password_generate_salt(size_t len);
|
||||
const char *password_generate_md5_crypt(const char *pw, const char *salt);
|
||||
-int password_generate_otp(const char *pw, const char *state_data,
|
||||
- unsigned int algo, const char **result_r)
|
||||
- ATTR_NULL(2);
|
||||
|
||||
int scram_verify(const struct hash_method *hmethod, const char *scheme_name,
|
||||
const char *plaintext, const unsigned char *raw_password,
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c.nolibotp 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/test-password-scheme.c 2025-11-30 13:38:50.101711124 +0100
|
||||
@@ -107,7 +107,6 @@ static void test_password_schemes(void)
|
||||
test_password_scheme("SHA512", "{SHA512}7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc/iBml1JQODbJ6wYX4oOHV+E+IvIh/1nsUNzLDBMxfqa2Ob1f1ACio/w==", "test");
|
||||
test_password_scheme("SSHA", "{SSHA}H/zrDv8FXUu1JmwvVYijfrYEF34jVZcO", "test");
|
||||
test_password_scheme("MD5-CRYPT", "{MD5-CRYPT}$1$GgvxyNz8$OjZhLh4P.gF1lxYEbLZ3e/", "test");
|
||||
- test_password_scheme("OTP", "{OTP}sha1 1024 ae6b49aa481f7233 f69fc7f98b8fbf54", "test");
|
||||
test_password_scheme("PBKDF2", "{PBKDF2}$1$bUnT4Pl7yFtYX0KU$5000$50a83cafdc517b9f46519415e53c6a858908680a", "test");
|
||||
test_password_scheme("CRAM-MD5", "{CRAM-MD5}e02d374fde0dc75a17a557039a3a5338c7743304777dccd376f332bee68d2cf6", "test");
|
||||
test_password_scheme("DIGEST-MD5", "{DIGEST-MD5}77c1a8c437c9b08ba2f460fe5d58db5d", "test");
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c.nolibotp 2025-11-30 13:39:54.210043386 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client.c 2025-11-30 13:39:54.217205256 +0100
|
||||
@@ -175,7 +175,6 @@ void dsasl_clients_init(void)
|
||||
dsasl_client_mech_register(&dsasl_client_mech_digest_md5);
|
||||
dsasl_client_mech_register(&dsasl_client_mech_cram_md5);
|
||||
dsasl_client_mech_register(&dsasl_client_mech_oauthbearer);
|
||||
- dsasl_client_mech_register(&dsasl_client_mech_otp);
|
||||
dsasl_client_mech_register(&dsasl_client_mech_xoauth2);
|
||||
dsasl_client_mech_register(&dsasl_client_mech_scram_sha_1);
|
||||
dsasl_client_mech_register(&dsasl_client_mech_scram_sha_1_plus);
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h.nolibotp 2025-11-30 13:40:22.269119732 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-private.h 2025-11-30 13:40:22.275363043 +0100
|
||||
@@ -50,7 +50,6 @@ extern const struct dsasl_client_mech ds
|
||||
extern const struct dsasl_client_mech dsasl_client_mech_external;
|
||||
extern const struct dsasl_client_mech dsasl_client_mech_login;
|
||||
extern const struct dsasl_client_mech dsasl_client_mech_oauthbearer;
|
||||
-extern const struct dsasl_client_mech dsasl_client_mech_otp;
|
||||
extern const struct dsasl_client_mech dsasl_client_mech_xoauth2;
|
||||
extern const struct dsasl_client_mech dsasl_client_mech_scram_sha_1;
|
||||
extern const struct dsasl_client_mech dsasl_client_mech_scram_sha_1_plus;
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c.nolibotp 2025-11-30 13:40:56.823727053 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/fuzz-sasl-authentication.c 2025-11-30 13:40:56.837864792 +0100
|
||||
@@ -635,7 +635,6 @@ static void fuzz_sasl_run(struct istream
|
||||
sasl_server_mech_register_cram_md5(server_inst);
|
||||
sasl_server_mech_register_digest_md5(server_inst);
|
||||
sasl_server_mech_register_login(server_inst);
|
||||
- sasl_server_mech_register_otp(server_inst);
|
||||
sasl_server_mech_register_plain(server_inst);
|
||||
sasl_server_mech_register_scram_sha1(server_inst);
|
||||
sasl_server_mech_register_scram_sha1_plus(server_inst);
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h.nolibotp 2025-11-30 13:41:24.035316421 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server.h 2025-11-30 13:41:24.050796571 +0100
|
||||
@@ -193,8 +193,6 @@ void sasl_server_mech_register_scram_sha
|
||||
void sasl_server_mech_register_scram_sha256_plus(
|
||||
struct sasl_server_instance *sinst);
|
||||
|
||||
-void sasl_server_mech_register_otp(struct sasl_server_instance *sinst);
|
||||
-
|
||||
/* Winbind */
|
||||
|
||||
struct sasl_server_winbind_settings {
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c.nolibotp dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c.nolibotp 2025-11-30 13:42:08.741524883 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/test-sasl-authentication.c 2025-11-30 13:42:08.757334395 +0100
|
||||
@@ -507,7 +507,6 @@ test_sasl_run(const struct test_sasl *te
|
||||
sasl_server_mech_register_digest_md5(server_inst);
|
||||
sasl_server_mech_register_external(server_inst);
|
||||
sasl_server_mech_register_login(server_inst);
|
||||
- sasl_server_mech_register_otp(server_inst);
|
||||
sasl_server_mech_register_plain(server_inst);
|
||||
sasl_server_mech_register_scram_sha1(server_inst);
|
||||
sasl_server_mech_register_scram_sha1_plus(server_inst);
|
||||
@@ -722,16 +721,6 @@ static const struct test_sasl success_te
|
||||
.password = "tokentokentoken",
|
||||
},
|
||||
},
|
||||
- /* OTP */
|
||||
- {
|
||||
- .mech = "OTP",
|
||||
- .authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
|
||||
- .server = {
|
||||
- .authid = "user",
|
||||
- .password = "pass",
|
||||
- },
|
||||
- .repeat = 1050,
|
||||
- },
|
||||
/* EXTERNAL */
|
||||
{
|
||||
.mech = "EXTERNAL",
|
||||
@@ -1457,31 +1446,6 @@ static const struct test_sasl bad_creds_
|
||||
},
|
||||
.failure = TRUE,
|
||||
},
|
||||
- /* OTP */
|
||||
- {
|
||||
- .mech = "OTP",
|
||||
- .authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
|
||||
- .server = {
|
||||
- .authid = "user",
|
||||
- .password = "pass",
|
||||
- },
|
||||
- .client = {
|
||||
- .authid = "userb",
|
||||
- },
|
||||
- .failure = TRUE,
|
||||
- },
|
||||
- {
|
||||
- .mech = "OTP",
|
||||
- .authid_type = SASL_SERVER_AUTHID_TYPE_USERNAME,
|
||||
- .server = {
|
||||
- .authid = "user",
|
||||
- .password = "pass",
|
||||
- },
|
||||
- .client = {
|
||||
- .password = "florp",
|
||||
- },
|
||||
- .failure = TRUE,
|
||||
- },
|
||||
/* EXTERNAL */
|
||||
{
|
||||
.mech = "EXTERNAL",
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c.nolibotp2 dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c.nolibotp2 2025-11-30 13:56:23.124460140 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-sasl.c 2025-11-30 13:56:39.521935947 +0100
|
||||
@@ -472,7 +472,6 @@ MECH_SIMPLE_REGISTER__TEMPLATE(cram_md5)
|
||||
MECH_SIMPLE_REGISTER__TEMPLATE(digest_md5)
|
||||
MECH_SIMPLE_REGISTER__TEMPLATE(external)
|
||||
MECH_SIMPLE_REGISTER__TEMPLATE(login)
|
||||
-MECH_SIMPLE_REGISTER__TEMPLATE(otp)
|
||||
MECH_SIMPLE_REGISTER__TEMPLATE(plain)
|
||||
MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha1)
|
||||
MECH_SIMPLE_REGISTER__TEMPLATE(scram_sha1_plus)
|
||||
@@ -539,12 +538,6 @@ static const struct auth_sasl_mech_modul
|
||||
.mech_register = mech_login_register,
|
||||
};
|
||||
|
||||
-static const struct auth_sasl_mech_module mech_otp = {
|
||||
- .mech_name = SASL_MECH_NAME_OTP,
|
||||
-
|
||||
- .mech_register = mech_otp_register,
|
||||
-};
|
||||
-
|
||||
static const struct auth_sasl_mech_module mech_plain = {
|
||||
.mech_name = SASL_MECH_NAME_PLAIN,
|
||||
|
||||
@@ -612,7 +605,6 @@ static void auth_sasl_mechs_init(const s
|
||||
if (set->use_winbind)
|
||||
auth_sasl_mech_register_module(&mech_winbind_ntlm);
|
||||
auth_sasl_mech_oauth2_register();
|
||||
- auth_sasl_mech_register_module(&mech_otp);
|
||||
auth_sasl_mech_register_module(&mech_plain);
|
||||
auth_sasl_mech_register_module(&mech_scram_sha1);
|
||||
auth_sasl_mech_register_module(&mech_scram_sha1_plus);
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
diff -up dovecot-2.3.18/src/auth/auth-token.c.opensslhmac dovecot-2.3.18/src/auth/auth-token.c
|
||||
--- dovecot-2.3.18/src/auth/auth-token.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/auth/auth-token.c 2022-02-09 09:27:15.887883359 +0100
|
||||
@@ -161,17 +161,17 @@ void auth_token_deinit(void)
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/auth-token.c 2025-11-30 09:57:55.178213106 +0100
|
||||
@@ -162,17 +162,17 @@ void auth_token_deinit(void)
|
||||
const char *auth_token_get(const char *service, const char *session_pid,
|
||||
const char *username, const char *session_id)
|
||||
{
|
||||
|
|
@ -26,108 +26,130 @@ diff -up dovecot-2.3.18/src/auth/auth-token.c.opensslhmac dovecot-2.3.18/src/aut
|
|||
|
||||
return binary_to_hex(result, sizeof(result));
|
||||
}
|
||||
diff -up dovecot-2.3.18/src/auth/mech-cram-md5.c.opensslhmac dovecot-2.3.18/src/auth/mech-cram-md5.c
|
||||
--- dovecot-2.3.18/src/auth/mech-cram-md5.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/auth/mech-cram-md5.c 2022-02-09 09:27:15.887883359 +0100
|
||||
@@ -51,7 +51,7 @@ static bool verify_credentials(struct cr
|
||||
{
|
||||
|
||||
unsigned char digest[MD5_RESULTLEN];
|
||||
- struct hmac_context ctx;
|
||||
+ struct orig_hmac_context ctx;
|
||||
const char *response_hex;
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/auth/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/auth/Makefile.am
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/auth/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/auth/Makefile.am 2025-11-30 09:57:55.178490134 +0100
|
||||
@@ -71,6 +71,7 @@ auth_LDFLAGS = -export-dynamic
|
||||
auth_libs = \
|
||||
../lib-auth/libauth-crypt.la \
|
||||
$(AUTH_LUA_LIBS) \
|
||||
+ $(SSL_LIBS) \
|
||||
$(LIBDOVECOT_SQL)
|
||||
|
||||
if (size != CRAM_MD5_CONTEXTLEN) {
|
||||
@@ -60,10 +60,10 @@ static bool verify_credentials(struct cr
|
||||
return FALSE;
|
||||
}
|
||||
auth_CPPFLAGS = $(AM_CPPFLAGS) $(BINARY_CFLAGS)
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/imap/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/imap/Makefile.am
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/imap/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/imap/Makefile.am 2025-11-30 09:57:55.179136544 +0100
|
||||
@@ -21,11 +21,13 @@ AM_CPPFLAGS = \
|
||||
$(BINARY_CFLAGS)
|
||||
|
||||
- hmac_init(&ctx, NULL, 0, &hash_method_md5);
|
||||
+ orig_hmac_init(&ctx, NULL, 0, &hash_method_md5);
|
||||
hmac_md5_set_cram_context(&ctx, credentials);
|
||||
- hmac_update(&ctx, request->challenge, strlen(request->challenge));
|
||||
- hmac_final(&ctx, digest);
|
||||
+ orig_hmac_update(&ctx, request->challenge, strlen(request->challenge));
|
||||
+ orig_hmac_final(&ctx, digest);
|
||||
imap_LDFLAGS = -export-dynamic \
|
||||
+ $(SSL_LIBS) \
|
||||
$(BINARY_LDFLAGS)
|
||||
|
||||
response_hex = binary_to_hex(digest, sizeof(digest));
|
||||
imap_LDADD = \
|
||||
../lib-imap-urlauth/libimap-urlauth.la \
|
||||
../lib-compression/libcompression.la \
|
||||
+ $(SSL_LIBS) \
|
||||
$(LIBDOVECOT_STORAGE) \
|
||||
$(LIBDOVECOT)
|
||||
imap_DEPENDENCIES = \
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/imap-urlauth/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/imap-urlauth/Makefile.am
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/imap-urlauth/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/imap-urlauth/Makefile.am 2025-11-30 09:57:55.179268682 +0100
|
||||
@@ -23,6 +23,7 @@ imap_urlauth_CPPFLAGS = \
|
||||
imap_urlauth_LDFLAGS = -export-dynamic
|
||||
|
||||
diff -up dovecot-2.3.18/src/auth/mech-scram.c.opensslhmac dovecot-2.3.18/src/auth/mech-scram.c
|
||||
--- dovecot-2.3.18/src/auth/mech-scram.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/auth/mech-scram.c 2022-02-09 09:31:50.927146858 +0100
|
||||
@@ -93,7 +93,7 @@ get_scram_server_first(struct scram_auth
|
||||
static const char *get_scram_server_final(struct scram_auth_request *request)
|
||||
{
|
||||
const struct hash_method *hmethod = request->hash_method;
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
const char *auth_message;
|
||||
unsigned char server_signature[hmethod->digest_size];
|
||||
string_t *str;
|
||||
@@ -109,9 +109,9 @@ static const char *get_scram_server_fina
|
||||
request->server_first_message, ",",
|
||||
request->client_final_message_without_proof, NULL);
|
||||
imap_urlauth_LDADD = $(LIBDOVECOT) \
|
||||
+ $(SSL_LIBS)
|
||||
$(BINARY_LDFLAGS)
|
||||
|
||||
- hmac_init(&ctx, request->server_key, hmethod->digest_size, hmethod);
|
||||
- hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
- hmac_final(&ctx, server_signature);
|
||||
+ openssl_hmac_init(&ctx, request->server_key, hmethod->digest_size, hmethod);
|
||||
+ openssl_hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
+ openssl_hmac_final(&ctx, server_signature);
|
||||
imap_urlauth_DEPENDENCIES = $(LIBDOVECOT_DEPS)
|
||||
@@ -53,7 +54,7 @@ imap_urlauth_worker_LDFLAGS = -export-dy
|
||||
urlauth_libs = \
|
||||
$(top_builddir)/src/lib-imap-urlauth/libimap-urlauth.la
|
||||
|
||||
/* RFC 5802, Section 7:
|
||||
-imap_urlauth_worker_LDADD = $(urlauth_libs) $(LIBDOVECOT_STORAGE) $(LIBDOVECOT)
|
||||
+imap_urlauth_worker_LDADD = $(urlauth_libs) $(SSL_LIBS) $(LIBDOVECOT_STORAGE) $(LIBDOVECOT)
|
||||
imap_urlauth_worker_DEPENDENCIES = $(urlauth_libs) $(LIBDOVECOT_STORAGE_DEPS) $(LIBDOVECOT_DEPS)
|
||||
|
||||
@@ -292,7 +292,7 @@ parse_scram_client_first(struct scram_au
|
||||
static bool verify_credentials(struct scram_auth_request *request)
|
||||
{
|
||||
const struct hash_method *hmethod = request->hash_method;
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
const char *auth_message;
|
||||
unsigned char client_key[hmethod->digest_size];
|
||||
imap_urlauth_worker_SOURCES = \
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-client.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-client.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-client.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-client.c 2025-11-30 09:57:55.179413002 +0100
|
||||
@@ -222,7 +222,7 @@ static string_t *auth_scram_get_client_f
|
||||
unsigned char client_signature[hmethod->digest_size];
|
||||
@@ -310,9 +310,9 @@ static bool verify_credentials(struct sc
|
||||
request->server_first_message, ",",
|
||||
request->client_final_message_without_proof, NULL);
|
||||
unsigned char client_proof[hmethod->digest_size];
|
||||
unsigned char server_key[hmethod->digest_size];
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
const void *cbind_input;
|
||||
size_t cbind_input_size;
|
||||
string_t *auth_message, *str;
|
||||
@@ -281,9 +281,9 @@ static string_t *auth_scram_get_client_f
|
||||
client->iter, salted_password);
|
||||
|
||||
- hmac_init(&ctx, request->stored_key, hmethod->digest_size, hmethod);
|
||||
- hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
/* ClientKey := HMAC(SaltedPassword, "Client Key") */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
- hmac_update(&ctx, "Client Key", 10);
|
||||
- hmac_final(&ctx, client_key);
|
||||
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
+ openssl_hmac_update(&ctx, "Client Key", 10);
|
||||
+ openssl_hmac_final(&ctx, client_key);
|
||||
|
||||
/* StoredKey := H(ClientKey) */
|
||||
hash_method_get_digest(hmethod, client_key, sizeof(client_key),
|
||||
@@ -301,9 +301,9 @@ static string_t *auth_scram_get_client_f
|
||||
str_append_str(auth_message, str);
|
||||
|
||||
/* ClientSignature := HMAC(StoredKey, AuthMessage) */
|
||||
- hmac_init(&ctx, stored_key, sizeof(stored_key), hmethod);
|
||||
- hmac_update(&ctx, str_data(auth_message), str_len(auth_message));
|
||||
- hmac_final(&ctx, client_signature);
|
||||
+ openssl_hmac_init(&ctx, request->stored_key, hmethod->digest_size, hmethod);
|
||||
+ openssl_hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
+ openssl_hmac_init(&ctx, stored_key, sizeof(stored_key), hmethod);
|
||||
+ openssl_hmac_update(&ctx, str_data(auth_message), str_len(auth_message));
|
||||
+ openssl_hmac_final(&ctx, client_signature);
|
||||
|
||||
/* ClientProof := ClientKey XOR ClientSignature */
|
||||
const unsigned char *proof_data = request->proof->data;
|
||||
diff -up dovecot-2.3.18/src/auth/password-scheme.c.opensslhmac dovecot-2.3.18/src/auth/password-scheme.c
|
||||
--- dovecot-2.3.18/src/auth/password-scheme.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/auth/password-scheme.c 2022-02-09 09:27:15.888883345 +0100
|
||||
@@ -639,11 +639,11 @@ static void
|
||||
cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
||||
const unsigned char **raw_password_r, size_t *size_r)
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct orig_hmac_context ctx;
|
||||
unsigned char *context_digest;
|
||||
for (k = 0; k < hmethod->digest_size; k++)
|
||||
@@ -314,16 +314,16 @@ static string_t *auth_scram_get_client_f
|
||||
safe_memset(client_signature, 0, sizeof(client_signature));
|
||||
|
||||
context_digest = t_malloc_no0(CRAM_MD5_CONTEXTLEN);
|
||||
- hmac_init(&ctx, (const unsigned char *)plaintext,
|
||||
+ orig_hmac_init(&ctx, (const unsigned char *)plaintext,
|
||||
strlen(plaintext), &hash_method_md5);
|
||||
hmac_md5_get_cram_context(&ctx, context_digest);
|
||||
/* ServerKey := HMAC(SaltedPassword, "Server Key") */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
- hmac_update(&ctx, "Server Key", 10);
|
||||
- hmac_final(&ctx, server_key);
|
||||
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
+ openssl_hmac_update(&ctx, "Server Key", 10);
|
||||
+ openssl_hmac_final(&ctx, server_key);
|
||||
|
||||
diff -up dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3.18/src/auth/password-scheme-scram.c
|
||||
--- dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/auth/password-scheme-scram.c 2022-02-09 09:27:15.888883345 +0100
|
||||
@@ -30,23 +30,23 @@ Hi(const struct hash_method *hmethod, co
|
||||
const unsigned char *salt, size_t salt_size, unsigned int i,
|
||||
unsigned char *result)
|
||||
/* ServerSignature := HMAC(ServerKey, AuthMessage) */
|
||||
client->server_signature =
|
||||
p_malloc(client->pool, hmethod->digest_size);
|
||||
- hmac_init(&ctx, server_key, sizeof(server_key), hmethod);
|
||||
- hmac_update(&ctx, str_data(auth_message), str_len(auth_message));
|
||||
- hmac_final(&ctx, client->server_signature);
|
||||
+ openssl_hmac_init(&ctx, server_key, sizeof(server_key), hmethod);
|
||||
+ openssl_hmac_update(&ctx, str_data(auth_message), str_len(auth_message));
|
||||
+ openssl_hmac_final(&ctx, client->server_signature);
|
||||
|
||||
safe_memset(salted_password, 0, sizeof(salted_password));
|
||||
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram.c 2025-11-30 09:57:55.179729815 +0100
|
||||
@@ -31,7 +31,7 @@ void auth_scram_hi(const struct hash_met
|
||||
const unsigned char *salt, size_t salt_size, unsigned int i,
|
||||
unsigned char *result)
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
unsigned char U[hmethod->digest_size];
|
||||
unsigned int j, k;
|
||||
|
||||
@@ -51,18 +51,18 @@ void auth_scram_hi(const struct hash_met
|
||||
*/
|
||||
|
||||
/* Calculate U1 */
|
||||
- hmac_init(&ctx, str, str_size, hmethod);
|
||||
- hmac_update(&ctx, salt, salt_size);
|
||||
|
|
@ -151,7 +173,108 @@ diff -up dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3
|
|||
for (k = 0; k < hmethod->digest_size; k++)
|
||||
result[k] ^= U[k];
|
||||
}
|
||||
@@ -102,7 +102,7 @@ int scram_verify(const struct hash_metho
|
||||
@@ -75,7 +75,7 @@ void auth_scram_generate_key_data(const
|
||||
unsigned char stored_key_r[],
|
||||
unsigned char server_key_r[])
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
unsigned char salt[16];
|
||||
unsigned char salted_password[hmethod->digest_size];
|
||||
unsigned char client_key[hmethod->digest_size];
|
||||
@@ -97,18 +97,18 @@ void auth_scram_generate_key_data(const
|
||||
salt, sizeof(salt), rounds, salted_password);
|
||||
|
||||
/* Calculate ClientKey */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
- hmac_update(&ctx, "Client Key", 10);
|
||||
- hmac_final(&ctx, client_key);
|
||||
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
+ openssl_hmac_update(&ctx, "Client Key", 10);
|
||||
+ openssl_hmac_final(&ctx, client_key);
|
||||
|
||||
/* Calculate StoredKey */
|
||||
hash_method_get_digest(hmethod, client_key, sizeof(client_key),
|
||||
stored_key_r);
|
||||
|
||||
/* Calculate ServerKey */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
- hmac_update(&ctx, "Server Key", 10);
|
||||
- hmac_final(&ctx, server_key_r);
|
||||
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
+ openssl_hmac_update(&ctx, "Server Key", 10);
|
||||
+ openssl_hmac_final(&ctx, server_key_r);
|
||||
|
||||
safe_memset(salted_password, 0, sizeof(salted_password));
|
||||
safe_memset(client_key, 0, sizeof(client_key));
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-server.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-server.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-server.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/auth-scram-server.c 2025-11-30 09:57:55.179862473 +0100
|
||||
@@ -288,7 +288,7 @@ auth_scram_server_verify_credentials(str
|
||||
{
|
||||
const struct hash_method *hmethod = server->set.hash_method;
|
||||
struct auth_scram_key_data *kdata = &server->key_data;
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
const char *auth_message;
|
||||
unsigned char client_key[hmethod->digest_size];
|
||||
unsigned char client_signature[hmethod->digest_size];
|
||||
@@ -309,9 +309,9 @@ auth_scram_server_verify_credentials(str
|
||||
server->server_first_message, ",",
|
||||
server->client_final_message_without_proof, NULL);
|
||||
|
||||
- hmac_init(&ctx, kdata->stored_key, hmethod->digest_size, hmethod);
|
||||
- hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
- hmac_final(&ctx, client_signature);
|
||||
+ openssl_hmac_init(&ctx, kdata->stored_key, hmethod->digest_size, hmethod);
|
||||
+ openssl_hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
+ openssl_hmac_final(&ctx, client_signature);
|
||||
|
||||
/* ClientProof := ClientKey XOR ClientSignature */
|
||||
const unsigned char *proof_data = server->proof->data;
|
||||
@@ -440,7 +440,7 @@ auth_scram_get_server_final(struct auth_
|
||||
{
|
||||
const struct hash_method *hmethod = server->set.hash_method;
|
||||
struct auth_scram_key_data *kdata = &server->key_data;
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
const char *auth_message;
|
||||
unsigned char server_signature[hmethod->digest_size];
|
||||
string_t *str;
|
||||
@@ -456,9 +456,9 @@ auth_scram_get_server_final(struct auth_
|
||||
server->server_first_message, ",",
|
||||
server->client_final_message_without_proof, NULL);
|
||||
|
||||
- hmac_init(&ctx, kdata->server_key, hmethod->digest_size, hmethod);
|
||||
- hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
- hmac_final(&ctx, server_signature);
|
||||
+ openssl_hmac_init(&ctx, kdata->server_key, hmethod->digest_size, hmethod);
|
||||
+ openssl_hmac_update(&ctx, auth_message, strlen(auth_message));
|
||||
+ openssl_hmac_final(&ctx, server_signature);
|
||||
|
||||
/* RFC 5802, Section 7:
|
||||
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme.c 2025-11-30 09:57:55.180035106 +0100
|
||||
@@ -633,11 +633,11 @@ static void
|
||||
cram_md5_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
|
||||
const unsigned char **raw_password_r, size_t *size_r)
|
||||
{
|
||||
- struct hmac_context ctx;
|
||||
+ struct orig_hmac_context ctx;
|
||||
unsigned char *context_digest;
|
||||
|
||||
context_digest = t_malloc_no0(CRAM_MD5_CONTEXTLEN);
|
||||
- hmac_init(&ctx, (const unsigned char *)plaintext,
|
||||
+ orig_hmac_init(&ctx, (const unsigned char *)plaintext,
|
||||
strlen(plaintext), &hash_method_md5);
|
||||
hmac_md5_get_cram_context(&ctx, context_digest);
|
||||
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-auth/password-scheme-scram.c 2025-11-30 09:57:55.180182392 +0100
|
||||
@@ -23,7 +23,7 @@ int scram_verify(const struct hash_metho
|
||||
const char *plaintext, const unsigned char *raw_password,
|
||||
size_t size, const char **error_r)
|
||||
{
|
||||
|
|
@ -160,8 +283,8 @@ diff -up dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3
|
|||
const char *salt_base64;
|
||||
unsigned int iter_count;
|
||||
const unsigned char *salt;
|
||||
@@ -126,9 +126,9 @@ int scram_verify(const struct hash_metho
|
||||
salt, salt_len, iter_count, salted_password);
|
||||
@@ -49,9 +49,9 @@ int scram_verify(const struct hash_metho
|
||||
salt, salt_len, iter_count, salted_password);
|
||||
|
||||
/* Calculate ClientKey */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
|
|
@ -173,44 +296,9 @@ diff -up dovecot-2.3.18/src/auth/password-scheme-scram.c.opensslhmac dovecot-2.3
|
|||
|
||||
/* Calculate StoredKey */
|
||||
hash_method_get_digest(hmethod, client_key, sizeof(client_key),
|
||||
@@ -147,7 +147,7 @@ void scram_generate(const struct hash_me
|
||||
const unsigned char **raw_password_r, size_t *size_r)
|
||||
{
|
||||
string_t *str;
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
unsigned char salt[16];
|
||||
unsigned char salted_password[hmethod->digest_size];
|
||||
unsigned char client_key[hmethod->digest_size];
|
||||
@@ -165,9 +165,9 @@ void scram_generate(const struct hash_me
|
||||
sizeof(salt), SCRAM_DEFAULT_ITERATE_COUNT, salted_password);
|
||||
|
||||
/* Calculate ClientKey */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
- hmac_update(&ctx, "Client Key", 10);
|
||||
- hmac_final(&ctx, client_key);
|
||||
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
+ openssl_hmac_update(&ctx, "Client Key", 10);
|
||||
+ openssl_hmac_final(&ctx, client_key);
|
||||
|
||||
/* Calculate StoredKey */
|
||||
hash_method_get_digest(hmethod, client_key, sizeof(client_key),
|
||||
@@ -176,9 +176,9 @@ void scram_generate(const struct hash_me
|
||||
base64_encode(stored_key, sizeof(stored_key), str);
|
||||
|
||||
/* Calculate ServerKey */
|
||||
- hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
- hmac_update(&ctx, "Server Key", 10);
|
||||
- hmac_final(&ctx, server_key);
|
||||
+ openssl_hmac_init(&ctx, salted_password, sizeof(salted_password), hmethod);
|
||||
+ openssl_hmac_update(&ctx, "Server Key", 10);
|
||||
+ openssl_hmac_final(&ctx, server_key);
|
||||
str_append_c(str, ',');
|
||||
base64_encode(server_key, sizeof(server_key), str);
|
||||
|
||||
diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c
|
||||
--- dovecot-2.3.18/src/lib/hmac.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib/hmac.c 2022-02-09 09:27:15.888883345 +0100
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.c 2025-11-30 09:57:55.180318937 +0100
|
||||
@@ -7,6 +7,10 @@
|
||||
* This software is released under the MIT license.
|
||||
*/
|
||||
|
|
@ -222,7 +310,7 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c
|
|||
#include "lib.h"
|
||||
#include "hmac.h"
|
||||
#include "safe-memset.h"
|
||||
@@ -14,10 +18,65 @@
|
||||
@@ -14,10 +18,103 @@
|
||||
|
||||
#include "hex-binary.h"
|
||||
|
||||
|
|
@ -239,11 +327,47 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c
|
|||
+#endif
|
||||
+
|
||||
+
|
||||
+void openssl_hmac_init(struct openssl_hmac_context *_ctx, const unsigned char *key,
|
||||
size_t key_len, const struct hash_method *meth)
|
||||
{
|
||||
- struct hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+void openssl_hmac_init(struct openssl_hmac_context *_ctx, const unsigned char *key, //DONE
|
||||
+ size_t key_len, const struct hash_method *meth)
|
||||
+{
|
||||
+#ifdef USE_OPENSSL3_METHODS
|
||||
+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+
|
||||
+
|
||||
+ const EVP_MD *md;
|
||||
+ const char *ebuf = NULL;
|
||||
+ const char **error_r = &ebuf;
|
||||
+ OSSL_PARAM params[2];
|
||||
+
|
||||
+ md = EVP_get_digestbyname(meth->name);
|
||||
+ if(md == NULL) {
|
||||
+ if (error_r != NULL) {
|
||||
+ *error_r = t_strdup_printf("Invalid digest %s",
|
||||
+ meth->name);
|
||||
+ }
|
||||
+ //return FALSE;
|
||||
+ }
|
||||
+
|
||||
+ ctx->mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
|
||||
+
|
||||
+ ctx->ctx = EVP_MAC_CTX_new(ctx->mac);
|
||||
+ if (ctx->ctx == NULL) {
|
||||
+ EVP_MAC_free(ctx->mac);
|
||||
+ }
|
||||
+
|
||||
+ params[0] = OSSL_PARAM_construct_utf8_string("digest", (char *)meth->name, 0);
|
||||
+ params[1] = OSSL_PARAM_construct_end();
|
||||
+
|
||||
+ if (EVP_MAC_init(ctx->ctx, key, key_len,
|
||||
+ params) == 0) {
|
||||
+ if (error_r != NULL) {
|
||||
+ *error_r = t_strdup_printf("Invalid digest %s",
|
||||
+ meth->name);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+#else
|
||||
+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+
|
||||
+ const EVP_MD *md;
|
||||
+ const char *ebuf = NULL;
|
||||
|
|
@ -267,11 +391,13 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c
|
|||
+ dcrypt_openssl_error(error_r);*/
|
||||
+#endif
|
||||
+ /*ec = */HMAC_Init_ex(ctx->ctx, key, key_len, md, NULL);
|
||||
+#endif
|
||||
+}
|
||||
+
|
||||
+void orig_hmac_init(struct orig_hmac_context *_ctx, const unsigned char *key,
|
||||
+ size_t key_len, const struct hash_method *meth)
|
||||
+{
|
||||
+void orig_hmac_init(struct orig_hmac_context *_ctx, const unsigned char *key, //DONE
|
||||
size_t key_len, const struct hash_method *meth)
|
||||
{
|
||||
- struct hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+ static int no_fips = -1;
|
||||
+ if (no_fips == -1) {
|
||||
+ int fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY);
|
||||
|
|
@ -290,22 +416,29 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c
|
|||
unsigned int i;
|
||||
unsigned char k_ipad[meth->block_size];
|
||||
unsigned char k_opad[meth->block_size];
|
||||
@@ -53,9 +112,27 @@ void hmac_init(struct hmac_context *_ctx
|
||||
@@ -54,9 +151,33 @@ void hmac_init(struct hmac_context *_ctx
|
||||
safe_memset(k_opad, 0, meth->block_size);
|
||||
}
|
||||
|
||||
-void hmac_final(struct hmac_context *_ctx, unsigned char *digest)
|
||||
+void openssl_hmac_final(struct openssl_hmac_context *_ctx, unsigned char *digest)
|
||||
+{
|
||||
+void openssl_hmac_final(struct openssl_hmac_context *_ctx, unsigned char *digest) //FIXME
|
||||
{
|
||||
- struct hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+ int ec;
|
||||
+ unsigned char buf[HMAC_MAX_MD_CBLOCK];
|
||||
+ unsigned int outl;
|
||||
+ unsigned char buf[EVP_MAX_MD_SIZE];
|
||||
+ size_t outl;
|
||||
+// const char *ebuf = NULL;
|
||||
+// const char **error_r = &ebuf;
|
||||
+
|
||||
+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+#ifdef USE_OPENSSL3_METHODS
|
||||
+ ec = EVP_MAC_final(ctx->ctx, buf, &outl, sizeof buf);
|
||||
+ EVP_MAC_CTX_free(ctx->ctx);
|
||||
+ EVP_MAC_free(ctx->mac);
|
||||
+#else
|
||||
+ ec = HMAC_Final(ctx->ctx, buf, &outl);
|
||||
+ HMAC_CTX_free(ctx->ctx);
|
||||
+#endif
|
||||
+ if (ec == 1)
|
||||
+ memcpy(digest, buf, outl);
|
||||
+// else
|
||||
|
|
@ -313,19 +446,18 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c
|
|||
+
|
||||
+}
|
||||
+
|
||||
+void orig_hmac_final(struct orig_hmac_context *_ctx, unsigned char *digest)
|
||||
{
|
||||
- struct hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+void orig_hmac_final(struct orig_hmac_context *_ctx, unsigned char *digest) //DONE
|
||||
+{
|
||||
+ struct orig_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
|
||||
ctx->hash->result(ctx->ctx, digest);
|
||||
|
||||
@@ -63,53 +140,50 @@ void hmac_final(struct hmac_context *_ct
|
||||
@@ -64,53 +185,50 @@ void hmac_final(struct hmac_context *_ct
|
||||
ctx->hash->result(ctx->ctxo, digest);
|
||||
}
|
||||
|
||||
-buffer_t *t_hmac_data(const struct hash_method *meth,
|
||||
+buffer_t *openssl_t_hmac_data(const struct hash_method *meth,
|
||||
+buffer_t *openssl_t_hmac_data(const struct hash_method *meth, //FIXME
|
||||
const unsigned char *key, size_t key_len,
|
||||
const void *data, size_t data_len)
|
||||
{
|
||||
|
|
@ -348,7 +480,7 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c
|
|||
}
|
||||
|
||||
-buffer_t *t_hmac_buffer(const struct hash_method *meth,
|
||||
+buffer_t *openssl_t_hmac_buffer(const struct hash_method *meth,
|
||||
+buffer_t *openssl_t_hmac_buffer(const struct hash_method *meth, //DONE
|
||||
const unsigned char *key, size_t key_len,
|
||||
const buffer_t *data)
|
||||
{
|
||||
|
|
@ -357,7 +489,7 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c
|
|||
}
|
||||
|
||||
-buffer_t *t_hmac_str(const struct hash_method *meth,
|
||||
+buffer_t *openssl_t_hmac_str(const struct hash_method *meth,
|
||||
+buffer_t *openssl_t_hmac_str(const struct hash_method *meth, //DONE
|
||||
const unsigned char *key, size_t key_len,
|
||||
const char *data)
|
||||
{
|
||||
|
|
@ -366,7 +498,7 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c
|
|||
}
|
||||
|
||||
-void hmac_hkdf(const struct hash_method *method,
|
||||
+void openssl_hmac_hkdf(const struct hash_method *method,
|
||||
+void openssl_hmac_hkdf(const struct hash_method *method, //FIXME
|
||||
const unsigned char *salt, size_t salt_len,
|
||||
const unsigned char *ikm, size_t ikm_len,
|
||||
const unsigned char *info, size_t info_len,
|
||||
|
|
@ -388,17 +520,10 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c
|
|||
|
||||
/* salt and info can be NULL */
|
||||
i_assert(salt != NULL || salt_len == 0);
|
||||
@@ -118,35 +192,30 @@ void hmac_hkdf(const struct hash_method
|
||||
i_assert(ikm != NULL && ikm_len > 0);
|
||||
i_assert(okm_r != NULL && okm_len > 0);
|
||||
@@ -126,28 +244,29 @@ void hmac_hkdf(const struct hash_method
|
||||
if (info == NULL)
|
||||
info = &uchar_nul;
|
||||
|
||||
- /* but they still need valid pointer, reduces
|
||||
- complains from static analysers */
|
||||
- if (salt == NULL)
|
||||
- salt = &uchar_nul;
|
||||
- if (info == NULL)
|
||||
- info = &uchar_nul;
|
||||
-
|
||||
- /* extract */
|
||||
- hmac_init(&key_mac, salt, salt_len, method);
|
||||
- hmac_update(&key_mac, ikm, ikm_len);
|
||||
|
|
@ -419,7 +544,6 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c
|
|||
- hmac_final(&info_mac, okm);
|
||||
- buffer_append(okm_r, okm, amt);
|
||||
- remain -= amt;
|
||||
+
|
||||
+ md = EVP_get_digestbyname(method->name);
|
||||
+ pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
|
||||
+ unsigned char *okm_buf = buffer_get_space_unsafe(okm_r, 0, okm_len);
|
||||
|
|
@ -448,9 +572,9 @@ diff -up dovecot-2.3.18/src/lib/hmac.c.opensslhmac dovecot-2.3.18/src/lib/hmac.c
|
|||
- safe_memset(prk, 0, sizeof(prk));
|
||||
- safe_memset(okm, 0, sizeof(okm));
|
||||
}
|
||||
diff -up dovecot-2.3.18/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.18/src/lib/hmac-cram-md5.c
|
||||
--- dovecot-2.3.18/src/lib/hmac-cram-md5.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib/hmac-cram-md5.c 2022-02-09 09:27:15.888883345 +0100
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.c 2025-11-30 09:57:55.180461985 +0100
|
||||
@@ -9,10 +9,10 @@
|
||||
#include "md5.h"
|
||||
#include "hmac-cram-md5.h"
|
||||
|
|
@ -477,9 +601,9 @@ diff -up dovecot-2.3.18/src/lib/hmac-cram-md5.c.opensslhmac dovecot-2.3.18/src/l
|
|||
const unsigned char *cdp;
|
||||
|
||||
struct md5_context *ctx = (void*)hmac_ctx->ctx;
|
||||
diff -up dovecot-2.3.18/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.18/src/lib/hmac-cram-md5.h
|
||||
--- dovecot-2.3.18/src/lib/hmac-cram-md5.h.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib/hmac-cram-md5.h 2022-02-09 09:27:15.888883345 +0100
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac-cram-md5.h 2025-11-30 09:57:55.180563796 +0100
|
||||
@@ -5,9 +5,9 @@
|
||||
|
||||
#define CRAM_MD5_CONTEXTLEN 32
|
||||
|
|
@ -492,10 +616,10 @@ diff -up dovecot-2.3.18/src/lib/hmac-cram-md5.h.opensslhmac dovecot-2.3.18/src/l
|
|||
const unsigned char context_digest[CRAM_MD5_CONTEXTLEN]);
|
||||
|
||||
|
||||
diff -up dovecot-2.3.18/src/lib/hmac.h.opensslhmac dovecot-2.3.18/src/lib/hmac.h
|
||||
--- dovecot-2.3.18/src/lib/hmac.h.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib/hmac.h 2022-02-09 09:27:15.888883345 +0100
|
||||
@@ -4,60 +4,97 @@
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/hmac.h 2025-11-30 09:57:55.180723505 +0100
|
||||
@@ -4,60 +4,108 @@
|
||||
#include "hash-method.h"
|
||||
#include "sha1.h"
|
||||
#include "sha2.h"
|
||||
|
|
@ -504,18 +628,25 @@ diff -up dovecot-2.3.18/src/lib/hmac.h.opensslhmac dovecot-2.3.18/src/lib/hmac.h
|
|||
+#include <openssl/kdf.h>
|
||||
+#include <openssl/err.h>
|
||||
|
||||
#define HMAC_MAX_CONTEXT_SIZE sizeof(struct sha512_ctx)
|
||||
#define HMAC_MAX_CONTEXT_SIZE HASH_METHOD_MAX_CONTEXT_SIZE
|
||||
|
||||
-struct hmac_context_priv {
|
||||
+
|
||||
+#define USE_OPENSSL3_METHODS 1
|
||||
+
|
||||
+struct openssl_hmac_context_priv {
|
||||
+#ifdef USE_OPENSSL3_METHODS
|
||||
+ EVP_MAC *mac;
|
||||
+ EVP_MAC_CTX *ctx;
|
||||
+#else
|
||||
+#ifdef HAVE_HMAC_CTX_NEW
|
||||
+ HMAC_CTX *ctx;
|
||||
+#else
|
||||
+ HMAC_CTX ctx;
|
||||
+#endif
|
||||
+#endif
|
||||
+ const struct hash_method *hash;
|
||||
+};
|
||||
+
|
||||
+struct orig_hmac_context_priv {
|
||||
char ctx[HMAC_MAX_CONTEXT_SIZE];
|
||||
char ctxo[HMAC_MAX_CONTEXT_SIZE];
|
||||
|
|
@ -524,21 +655,21 @@ diff -up dovecot-2.3.18/src/lib/hmac.h.opensslhmac dovecot-2.3.18/src/lib/hmac.h
|
|||
|
||||
-struct hmac_context {
|
||||
+struct openssl_hmac_context {
|
||||
+ union {
|
||||
+ struct openssl_hmac_context_priv priv;
|
||||
+ uint64_t padding_requirement;
|
||||
+ } u;
|
||||
+};
|
||||
+
|
||||
+struct orig_hmac_context {
|
||||
union {
|
||||
- struct hmac_context_priv priv;
|
||||
+ struct orig_hmac_context_priv priv;
|
||||
+ struct openssl_hmac_context_priv priv;
|
||||
uint64_t padding_requirement;
|
||||
} u;
|
||||
};
|
||||
|
||||
-void hmac_init(struct hmac_context *ctx, const unsigned char *key,
|
||||
+struct orig_hmac_context {
|
||||
+ union {
|
||||
+ struct orig_hmac_context_priv priv;
|
||||
+ uint64_t padding_requirement;
|
||||
+ } u;
|
||||
+};
|
||||
+
|
||||
+void openssl_hmac_init(struct openssl_hmac_context *ctx, const unsigned char *key,
|
||||
+ size_t key_len, const struct hash_method *meth);
|
||||
+void openssl_hmac_final(struct openssl_hmac_context *ctx, unsigned char *digest);
|
||||
|
|
@ -547,7 +678,11 @@ diff -up dovecot-2.3.18/src/lib/hmac.h.opensslhmac dovecot-2.3.18/src/lib/hmac.h
|
|||
+openssl_hmac_update(struct openssl_hmac_context *_ctx, const void *data, size_t size)
|
||||
+{
|
||||
+ struct openssl_hmac_context_priv *ctx = &_ctx->u.priv;
|
||||
+#ifdef USE_OPENSSL3_METHODS
|
||||
+ EVP_MAC_update(ctx->ctx, data, size);
|
||||
+#else
|
||||
+ HMAC_Update(ctx->ctx, data, size);
|
||||
+#endif
|
||||
+/* if (ec != 1)
|
||||
+ {
|
||||
+ const char *ebuf = NULL;
|
||||
|
|
@ -606,12 +741,12 @@ diff -up dovecot-2.3.18/src/lib/hmac.h.opensslhmac dovecot-2.3.18/src/lib/hmac.h
|
|||
okm_buffer, okm_len);
|
||||
return okm_buffer;
|
||||
}
|
||||
diff -up dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c
|
||||
--- dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c 2022-02-09 09:27:15.888883345 +0100
|
||||
@@ -85,15 +85,15 @@ imap_urlauth_internal_generate(const cha
|
||||
const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN],
|
||||
size_t *token_len_r)
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-imap-urlauth/imap-urlauth.c 2025-11-30 09:57:55.180863807 +0100
|
||||
@@ -87,15 +87,15 @@ imap_urlauth_internal_generate(
|
||||
const unsigned char mailbox_key[IMAP_URLAUTH_KEY_LEN],
|
||||
size_t *token_len_r)
|
||||
{
|
||||
- struct hmac_context hmac;
|
||||
+ struct openssl_hmac_context hmac;
|
||||
|
|
@ -629,10 +764,10 @@ diff -up dovecot-2.3.18/src/lib-imap-urlauth/imap-urlauth.c.opensslhmac dovecot-
|
|||
|
||||
*token_len_r = SHA1_RESULTLEN + 1;
|
||||
return token;
|
||||
diff -up dovecot-2.3.18/src/lib/Makefile.am.opensslhmac dovecot-2.3.18/src/lib/Makefile.am
|
||||
--- dovecot-2.3.18/src/lib/Makefile.am.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib/Makefile.am 2022-02-09 09:27:15.889883331 +0100
|
||||
@@ -354,6 +354,9 @@ headers = \
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/Makefile.am 2025-11-30 09:57:55.180990124 +0100
|
||||
@@ -414,6 +414,9 @@ headers = \
|
||||
wildcard-match.h \
|
||||
write-full.h
|
||||
|
||||
|
|
@ -642,34 +777,34 @@ diff -up dovecot-2.3.18/src/lib/Makefile.am.opensslhmac dovecot-2.3.18/src/lib/M
|
|||
test_programs = test-lib
|
||||
noinst_PROGRAMS = $(test_programs)
|
||||
|
||||
diff -up dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c.opensslhmac dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c
|
||||
--- dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib-oauth2/oauth2-jwt.c 2022-02-09 09:27:15.889883331 +0100
|
||||
@@ -144,14 +144,14 @@ oauth2_validate_hmac(const struct oauth2
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/oauth2-jwt.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/oauth2-jwt.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/oauth2-jwt.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/oauth2-jwt.c 2025-11-30 09:57:55.181135306 +0100
|
||||
@@ -210,14 +210,14 @@ oauth2_validate_hmac(const struct oauth2
|
||||
if (oauth2_lookup_hmac_key(set, azp, alg, key_id, &key, error_r) < 0)
|
||||
return -1;
|
||||
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
unsigned char digest[method->digest_size];
|
||||
|
||||
- hmac_init(&ctx, key->data, key->used, method);
|
||||
- hmac_update(&ctx, blobs[0], strlen(blobs[0]));
|
||||
- hmac_update(&ctx, ".", 1);
|
||||
- hmac_update(&ctx, blobs[1], strlen(blobs[1]));
|
||||
+ struct openssl_hmac_context ctx;
|
||||
- hmac_final(&ctx, digest);
|
||||
+ openssl_hmac_init(&ctx, key->data, key->used, method);
|
||||
+ openssl_hmac_update(&ctx, blobs[0], strlen(blobs[0]));
|
||||
+ openssl_hmac_update(&ctx, ".", 1);
|
||||
+ openssl_hmac_update(&ctx, blobs[1], strlen(blobs[1]));
|
||||
unsigned char digest[method->digest_size];
|
||||
|
||||
- hmac_final(&ctx, digest);
|
||||
+ openssl_hmac_final(&ctx, digest);
|
||||
|
||||
buffer_t *their_digest =
|
||||
t_base64url_decode_str(BASE64_DECODE_FLAG_NO_PADDING, blobs[2]);
|
||||
diff -up dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c
|
||||
--- dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c 2022-02-09 09:27:15.889883331 +0100
|
||||
@@ -248,7 +248,7 @@ static void save_key_azp_to(const char *
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-oauth2/test-oauth2-jwt.c 2025-11-30 09:57:55.181290025 +0100
|
||||
@@ -250,7 +250,7 @@ static void save_key_azp_to(const char *
|
||||
static void sign_jwt_token_hs256(buffer_t *tokenbuf, buffer_t *key)
|
||||
{
|
||||
i_assert(key != NULL);
|
||||
|
|
@ -678,7 +813,7 @@ diff -up dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3
|
|||
tokenbuf);
|
||||
buffer_append(tokenbuf, ".", 1);
|
||||
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
|
||||
@@ -258,7 +258,7 @@ static void sign_jwt_token_hs256(buffer_
|
||||
@@ -260,7 +260,7 @@ static void sign_jwt_token_hs256(buffer_
|
||||
static void sign_jwt_token_hs384(buffer_t *tokenbuf, buffer_t *key)
|
||||
{
|
||||
i_assert(key != NULL);
|
||||
|
|
@ -687,7 +822,7 @@ diff -up dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3
|
|||
tokenbuf);
|
||||
buffer_append(tokenbuf, ".", 1);
|
||||
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
|
||||
@@ -268,7 +268,7 @@ static void sign_jwt_token_hs384(buffer_
|
||||
@@ -270,7 +270,7 @@ static void sign_jwt_token_hs384(buffer_
|
||||
static void sign_jwt_token_hs512(buffer_t *tokenbuf, buffer_t *key)
|
||||
{
|
||||
i_assert(key != NULL);
|
||||
|
|
@ -696,9 +831,9 @@ diff -up dovecot-2.3.18/src/lib-oauth2/test-oauth2-jwt.c.opensslhmac dovecot-2.3
|
|||
tokenbuf);
|
||||
buffer_append(tokenbuf, ".", 1);
|
||||
base64url_encode(BASE64_ENCODE_FLAG_NO_PADDING, SIZE_MAX,
|
||||
diff -up dovecot-2.3.18/src/lib/pkcs5.c.opensslhmac dovecot-2.3.18/src/lib/pkcs5.c
|
||||
--- dovecot-2.3.18/src/lib/pkcs5.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib/pkcs5.c 2022-02-09 09:27:15.889883331 +0100
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/pkcs5.c 2025-11-30 09:57:55.181492013 +0100
|
||||
@@ -52,7 +52,7 @@ int pkcs5_pbkdf2(const struct hash_metho
|
||||
size_t l = (length + hash->digest_size - 1)/hash->digest_size; /* same as ceil(length/hash->digest_size) */
|
||||
unsigned char dk[l * hash->digest_size];
|
||||
|
|
@ -733,9 +868,35 @@ diff -up dovecot-2.3.18/src/lib/pkcs5.c.opensslhmac dovecot-2.3.18/src/lib/pkcs5
|
|||
for(i = 0; i < hash->digest_size; i++)
|
||||
block[i] ^= U_c[i];
|
||||
}
|
||||
diff -up dovecot-2.3.18/src/lib/test-hmac.c.opensslhmac dovecot-2.3.18/src/lib/test-hmac.c
|
||||
--- dovecot-2.3.18/src/lib/test-hmac.c.opensslhmac 2022-02-02 12:42:23.000000000 +0100
|
||||
+++ dovecot-2.3.18/src/lib/test-hmac.c 2022-02-09 09:27:15.889883331 +0100
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server-mech-cram-md5.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server-mech-cram-md5.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server-mech-cram-md5.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/sasl-server-mech-cram-md5.c 2025-11-30 10:00:28.967795725 +0100
|
||||
@@ -53,7 +53,7 @@ verify_credentials(struct sasl_server_me
|
||||
container_of(auth_request, struct cram_auth_request,
|
||||
auth_request);
|
||||
unsigned char digest[MD5_RESULTLEN];
|
||||
- struct hmac_context ctx;
|
||||
+ struct orig_hmac_context ctx;
|
||||
const char *response_hex;
|
||||
|
||||
if (size != CRAM_MD5_CONTEXTLEN) {
|
||||
@@ -62,10 +62,10 @@ verify_credentials(struct sasl_server_me
|
||||
return;
|
||||
}
|
||||
|
||||
- hmac_init(&ctx, NULL, 0, &hash_method_md5);
|
||||
+ orig_hmac_init(&ctx, NULL, 0, &hash_method_md5);
|
||||
hmac_md5_set_cram_context(&ctx, credentials);
|
||||
- hmac_update(&ctx, request->challenge, strlen(request->challenge));
|
||||
- hmac_final(&ctx, digest);
|
||||
+ orig_hmac_update(&ctx, request->challenge, strlen(request->challenge));
|
||||
+ orig_hmac_final(&ctx, digest);
|
||||
|
||||
response_hex = binary_to_hex(digest, sizeof(digest));
|
||||
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib/test-hmac.c 2025-11-30 09:57:55.181656401 +0100
|
||||
@@ -206,11 +206,11 @@ static void test_hmac_rfc(void)
|
||||
test_begin("hmac sha256 rfc4231 vectors");
|
||||
for(size_t i = 0; i < N_ELEMENTS(test_vectors); i++) {
|
||||
|
|
@ -811,3 +972,54 @@ diff -up dovecot-2.3.18/src/lib/test-hmac.c.opensslhmac dovecot-2.3.18/src/lib/t
|
|||
vec->ikm_len, vec->info, vec->info_len,
|
||||
vec->okm_len);
|
||||
test_assert(tmp->used == vec->okm_len &&
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-var-expand-crypt/Makefile.am
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-var-expand-crypt/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-var-expand-crypt/Makefile.am 2025-11-30 09:58:11.669117030 +0100
|
||||
@@ -34,13 +34,13 @@ test_libs = \
|
||||
$(DLLIB)
|
||||
|
||||
test_var_expand_crypt_SOURCES = test-var-expand-crypt.c
|
||||
-test_var_expand_crypt_LDADD = $(test_libs)
|
||||
+test_var_expand_crypt_LDADD = $(test_libs) $(SSL_LIBS)
|
||||
test_var_expand_crypt_DEPENDENCIES = $(module_LTLIBRARIES)
|
||||
if HAVE_WHOLE_ARCHIVE
|
||||
test_var_expand_crypt_LDFLAGS = -export-dynamic -Wl,$(LD_WHOLE_ARCHIVE),../lib/.libs/liblib.a,../lib-json/.libs/libjson.a,../lib-ssl-iostream/.libs/libssl_iostream.a,$(LD_NO_WHOLE_ARCHIVE)
|
||||
endif
|
||||
|
||||
-test_var_expand_crypt_CFLAGS = $(AM_CFLAGS) \
|
||||
+test_var_expand_crypt_CFLAGS = $(AM_CFLAGS) $(SSL_CFLAGS) \
|
||||
-DDCRYPT_BUILD_DIR=\"$(top_builddir)/src/lib-dcrypt\"
|
||||
|
||||
check-local:
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/submission/Makefile.am.opensslhmac3 dovecot-2.4.2-build/dovecot-2.4.2/src/submission/Makefile.am
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/submission/Makefile.am.opensslhmac3 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/submission/Makefile.am 2025-11-30 09:57:55.182137562 +0100
|
||||
@@ -29,6 +29,7 @@ submission_LDADD = \
|
||||
$(urlauth_libs) \
|
||||
$(LIBDOVECOT_STORAGE) \
|
||||
$(LIBDOVECOT) \
|
||||
+ $(SSL_LIBS) \
|
||||
$(MODULE_LIBS)
|
||||
submission_DEPENDENCIES = \
|
||||
$(urlauth_libs) \
|
||||
diff -up dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-mech-cram-md5.c.fixbuild2 dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-mech-cram-md5.c
|
||||
--- dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-mech-cram-md5.c.fixbuild2 2025-11-30 13:11:06.583413762 +0100
|
||||
+++ dovecot-2.4.2-build/dovecot-2.4.2/src/lib-sasl/dsasl-client-mech-cram-md5.c 2025-11-30 13:22:04.883307427 +0100
|
||||
@@ -81,13 +81,13 @@ mech_cram_md5_output(struct dsasl_client
|
||||
return DSASL_CLIENT_RESULT_OK;
|
||||
}
|
||||
|
||||
- struct hmac_context ctx;
|
||||
+ struct openssl_hmac_context ctx;
|
||||
unsigned char digest[MD5_RESULTLEN];
|
||||
|
||||
- hmac_init(&ctx, (const unsigned char *)client->password,
|
||||
+ openssl_hmac_init(&ctx, (const unsigned char *)client->password,
|
||||
strlen(client->password), &hash_method_md5);
|
||||
- hmac_update(&ctx, cclient->challenge, strlen(cclient->challenge));
|
||||
- hmac_final(&ctx, digest);
|
||||
+ openssl_hmac_update(&ctx, cclient->challenge, strlen(cclient->challenge));
|
||||
+ openssl_hmac_final(&ctx, digest);
|
||||
|
||||
str = str_new(client->pool, 256);
|
||||
str_append(str, client->set.authid);
|
||||
135
dovecot-2.4.2-fixbuild.patch
Normal file
135
dovecot-2.4.2-fixbuild.patch
Normal file
|
|
@ -0,0 +1,135 @@
|
|||
diff -up dovecot-2.4.2/src/lib/istream.c.fixbuild dovecot-2.4.2/src/lib/istream.c
|
||||
--- dovecot-2.4.2/src/lib/istream.c.fixbuild 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2/src/lib/istream.c 2025-11-30 11:40:37.739536137 +0100
|
||||
@@ -85,7 +85,7 @@ void i_stream_add_destroy_callback(struc
|
||||
}
|
||||
|
||||
void i_stream_remove_destroy_callback(struct istream *stream,
|
||||
- void (*callback)())
|
||||
+ istream_callback_t *callback)
|
||||
{
|
||||
io_stream_remove_destroy_callback(&stream->real_stream->iostream,
|
||||
callback);
|
||||
diff -up dovecot-2.4.2/src/lib/istream.h.fixbuild dovecot-2.4.2/src/lib/istream.h
|
||||
--- dovecot-2.4.2/src/lib/istream.h.fixbuild 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2/src/lib/istream.h 2025-11-30 11:40:37.739798710 +0100
|
||||
@@ -100,7 +100,7 @@ void i_stream_add_destroy_callback(struc
|
||||
(istream_callback_t *)callback, context)
|
||||
/* Remove the destroy callback. */
|
||||
void i_stream_remove_destroy_callback(struct istream *stream,
|
||||
- void (*callback)());
|
||||
+ istream_callback_t *callback);
|
||||
|
||||
/* Return file descriptor for stream, or -1 if none is available. */
|
||||
int i_stream_get_fd(struct istream *stream);
|
||||
diff -up dovecot-2.4.2/src/lib/ostream.c.fixbuild dovecot-2.4.2/src/lib/ostream.c
|
||||
--- dovecot-2.4.2/src/lib/ostream.c.fixbuild 2025-11-30 11:42:21.434063550 +0100
|
||||
+++ dovecot-2.4.2/src/lib/ostream.c 2025-11-30 11:42:55.814100259 +0100
|
||||
@@ -127,7 +127,7 @@ void o_stream_add_destroy_callback(struc
|
||||
}
|
||||
|
||||
void o_stream_remove_destroy_callback(struct ostream *stream,
|
||||
- void (*callback)())
|
||||
+ ostream_callback_t *callback)
|
||||
{
|
||||
io_stream_remove_destroy_callback(&stream->real_stream->iostream,
|
||||
callback);
|
||||
diff -up dovecot-2.4.2/src/lib/ostream.h.fixbuild dovecot-2.4.2/src/lib/ostream.h
|
||||
--- dovecot-2.4.2/src/lib/ostream.h.fixbuild 2025-11-30 11:42:29.639009602 +0100
|
||||
+++ dovecot-2.4.2/src/lib/ostream.h 2025-11-30 11:43:20.101652841 +0100
|
||||
@@ -127,7 +127,7 @@ void o_stream_add_destroy_callback(struc
|
||||
(ostream_callback_t *)callback, context)
|
||||
/* Remove the destroy callback. */
|
||||
void o_stream_remove_destroy_callback(struct ostream *stream,
|
||||
- void (*callback)());
|
||||
+ ostream_callback_t *callback);
|
||||
|
||||
/* Mark the stream and all of its parent streams closed. Nothing will be
|
||||
sent after this call. When using ostreams that require writing a trailer,
|
||||
diff -up dovecot-2.4.2/src/lib-json/json-istream.c.fixbuild dovecot-2.4.2/src/lib-json/json-istream.c
|
||||
--- dovecot-2.4.2/src/lib-json/json-istream.c.fixbuild 2025-10-29 07:58:41.000000000 +0100
|
||||
+++ dovecot-2.4.2/src/lib-json/json-istream.c 2025-11-30 12:52:15.970430672 +0100
|
||||
@@ -706,7 +706,7 @@ static void json_istream_drop_value_stre
|
||||
if (stream->seekable_stream != NULL) {
|
||||
i_stream_remove_destroy_callback(
|
||||
stream->seekable_stream,
|
||||
- json_istream_drop_seekable_stream);
|
||||
+ (istream_callback_t *)json_istream_drop_seekable_stream);
|
||||
i_stream_unref(&stream->seekable_stream);
|
||||
}
|
||||
}
|
||||
@@ -720,12 +720,12 @@ static void json_istream_consumed_value_
|
||||
if (stream->seekable_stream != NULL) {
|
||||
i_stream_remove_destroy_callback(
|
||||
stream->seekable_stream,
|
||||
- json_istream_drop_seekable_stream);
|
||||
+ (istream_callback_t *)json_istream_drop_seekable_stream);
|
||||
}
|
||||
if (stream->value_stream != NULL) {
|
||||
i_stream_remove_destroy_callback(
|
||||
stream->value_stream,
|
||||
- json_istream_drop_value_stream);
|
||||
+ (istream_callback_t *)json_istream_drop_value_stream);
|
||||
}
|
||||
stream->value_stream = NULL;
|
||||
stream->seekable_stream = NULL;
|
||||
i_stream_remove_destroy_callback(conn->incoming_payload,
|
||||
- http_client_payload_destroyed);
|
||||
+ (istream_callback_t *)http_client_payload_destroyed);
|
||||
conn->incoming_payload = NULL;
|
||||
}
|
||||
|
||||
diff -up dovecot-2.4.2/src/lib-http/http-server-connection.c.fixbuild dovecot-2.4.2/src/lib-http/http-server-connection.c
|
||||
--- dovecot-2.4.2/src/lib-http/http-server-connection.c.fixbuild 2025-11-30 13:02:24.337384848 +0100
|
||||
+++ dovecot-2.4.2/src/lib-http/http-server-connection.c 2025-11-30 13:03:14.477064608 +0100
|
||||
@@ -1066,7 +1066,7 @@ http_server_connection_disconnect(struct
|
||||
if (conn->incoming_payload != NULL) {
|
||||
/* The stream is still accessed by lib-http caller. */
|
||||
i_stream_remove_destroy_callback(conn->incoming_payload,
|
||||
- http_server_payload_destroyed);
|
||||
+ (istream_callback_t *)http_server_payload_destroyed);
|
||||
conn->incoming_payload = NULL;
|
||||
}
|
||||
if (conn->payload_handler != NULL)
|
||||
diff -up dovecot-2.4.2/src/lib-http/http-client-connection.c.fixbuild dovecot-2.4.2/src/lib-http/http-client-connection.c
|
||||
--- dovecot-2.4.2/src/lib-http/http-client-connection.c.fixbuild 2025-11-30 12:57:42.670247695 +0100
|
||||
+++ dovecot-2.4.2/src/lib-http/http-client-connection.c 2025-11-30 13:00:54.862436490 +0100
|
||||
@@ -832,7 +832,7 @@ void http_client_connection_request_dest
|
||||
is closed and we don't care about it anymore, so act as though it is
|
||||
destroyed. */
|
||||
i_stream_remove_destroy_callback(payload,
|
||||
- http_client_payload_destroyed);
|
||||
+ (istream_callback_t *)http_client_payload_destroyed);
|
||||
http_client_payload_destroyed(req);
|
||||
}
|
||||
|
||||
@@ -888,7 +888,7 @@ http_client_connection_return_response(s
|
||||
if (response->payload != NULL) {
|
||||
i_stream_remove_destroy_callback(
|
||||
conn->incoming_payload,
|
||||
- http_client_payload_destroyed);
|
||||
+ (istream_callback_t *)http_client_payload_destroyed);
|
||||
i_stream_unref(&conn->incoming_payload);
|
||||
connection_input_resume(&conn->conn);
|
||||
}
|
||||
@@ -1731,7 +1731,7 @@ http_client_connection_disconnect(struct
|
||||
if (conn->incoming_payload != NULL) {
|
||||
/* The stream is still accessed by lib-http caller. */
|
||||
i_stream_remove_destroy_callback(conn->incoming_payload,
|
||||
- http_client_payload_destroyed);
|
||||
+ (istream_callback_t *)http_client_payload_destroyed);
|
||||
conn->incoming_payload = NULL;
|
||||
}
|
||||
|
||||
diff -up dovecot-2.4.2/src/lib-storage/index/index-mail.c.fixbuild2 dovecot-2.4.2/src/lib-storage/index/index-mail.c
|
||||
--- dovecot-2.4.2/src/lib-storage/index/index-mail.c.fixbuild2 2025-11-30 13:48:46.658539149 +0100
|
||||
+++ dovecot-2.4.2/src/lib-storage/index/index-mail.c 2025-11-30 13:49:47.178158024 +0100
|
||||
@@ -1840,7 +1840,7 @@ static void index_mail_close_streams_ful
|
||||
allowed to have references until the mail is closed
|
||||
(but we can't really check that) */
|
||||
i_stream_remove_destroy_callback(data->stream,
|
||||
- index_mail_stream_destroy_callback);
|
||||
+ (istream_callback_t *)index_mail_stream_destroy_callback);
|
||||
}
|
||||
i_stream_unref(&data->stream);
|
||||
/* there must be no references to the mail when the
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
m4: crypt_xxpg6.m4: Define _DEFAULT_SOURCE for current glibc
|
||||
|
||||
Current glibc no longer implements the CRYPT extension, so it does not
|
||||
declare crypt in <unistd.h> in strict standard modes. The check
|
||||
defines _XOPEN_SOURCE, which enables one of these modes. Defining
|
||||
_DEFAULT_SOURCE as well again makes available the crypt function
|
||||
prototype.
|
||||
|
||||
This avoids a configure check result change with compilers which do
|
||||
not support implicit function declarations.
|
||||
|
||||
Submitted upstream: <https://github.com/dovecot/core/pull/193>
|
||||
|
||||
diff --git a/m4/crypt_xpg6.m4 b/m4/crypt_xpg6.m4
|
||||
index 0085b2ac76..3a288a3713 100644
|
||||
--- a/m4/crypt_xpg6.m4
|
||||
+++ b/m4/crypt_xpg6.m4
|
||||
@@ -6,6 +6,7 @@ AC_DEFUN([DOVECOT_CRYPT_XPG6], [
|
||||
#define _XOPEN_SOURCE 4
|
||||
#define _XOPEN_SOURCE_EXTENDED 1
|
||||
#define _XOPEN_VERSION 4
|
||||
+ #define _DEFAULT_SOURCE
|
||||
#define _XPG4_2
|
||||
#define _XPG6
|
||||
#include <unistd.h>
|
||||
2284
dovecot.spec
2284
dovecot.spec
File diff suppressed because it is too large
Load diff
9
dovecot.sysusers
Normal file
9
dovecot.sysusers
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
#Type Name ID GECOS Home directory Shell
|
||||
g dovecot 97
|
||||
u dovecot 97 "Dovecot IMAP server" /usr/libexec/dovecot /sbin/nologin
|
||||
m dovecot dovecot
|
||||
|
||||
g dovenull -
|
||||
u dovenull - "Dovecot - unauthorized user" /usr/libexec/dovecot /sbin/nologin
|
||||
m dovenull dovenull
|
||||
|
||||
6
plans/main.fmf
Normal file
6
plans/main.fmf
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
summary: Run all tests
|
||||
execute:
|
||||
how: tmt
|
||||
discover:
|
||||
how: fmf
|
||||
|
||||
7
rpminspect.yaml
Normal file
7
rpminspect.yaml
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
runpath:
|
||||
allowed_paths:
|
||||
# dovecot only plugins
|
||||
- /usr/lib/dovecot/old-stats
|
||||
- /usr/lib64/dovecot/old-stats
|
||||
|
||||
4
sources
4
sources
|
|
@ -1,2 +1,2 @@
|
|||
SHA512 (dovecot-2.3.21.tar.gz) = 2d463c38639c3fd3d617ee5b1a4e4d0c11362339c4d4d62a5a90164a8b10bc58919545679bbf379139bdb743fdb013033abfddc1fc6401eb8099463cdc2401ca
|
||||
SHA512 (dovecot-2.3-pigeonhole-0.5.21.tar.gz) = 5537444025a474ee1b79919a424e24530695aec639361c531257f25fac286673719d476906d99d47e348deb57baa75419bff7dd284c82d2b751334dedec96314
|
||||
SHA512 (dovecot-2.4.2.tar.gz) = 0524695341abe711d3a811c56156889d6fef7a09becc684c6f1dc1e5add605969ca8794eb7d44bfbc49f70515f22e8640b5828443addecfe4798fb8b174670ae
|
||||
SHA512 (dovecot-pigeonhole-2.4.2.tar.gz) = 82c46c7ac2792aa5c211c8b66309f9f21c05ecd2fa8ab3abf98fb4e05831fd37aaa3edffcfbe1b3defbb9ac8ef9df1c33ece83cf7524e8b226c4deab8c250134
|
||||
|
|
|
|||
2
tests/got-audit/got-audit.gdb
Normal file
2
tests/got-audit/got-audit.gdb
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
gef config gef.disable_color True
|
||||
got-audit --all
|
||||
10
tests/got-audit/main.fmf
Normal file
10
tests/got-audit/main.fmf
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
summary: Audit the GOT for signs of tampering
|
||||
description: |
|
||||
Pointers in the server process GOT will be checked to ensure that
|
||||
each function pointer's value is within a shared object file
|
||||
that exports a symbol of that name, and that no shared object
|
||||
files export conflicting symbols.
|
||||
contact: Gordon Messmer <gordon.messmer@gmail.com>
|
||||
require+:
|
||||
- gdb-gef # needed to test got-audit
|
||||
|
||||
41
tests/got-audit/runtest.sh
Executable file
41
tests/got-audit/runtest.sh
Executable file
|
|
@ -0,0 +1,41 @@
|
|||
#!/bin/bash
|
||||
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
#
|
||||
# runtest.sh of /CoreOS/dovecot/Sanity/got-audit
|
||||
# Description: Check pointers in the server process GOT for signs of tampering
|
||||
# Author: Gordon Messmer <gordon.messmer@gmail.com>
|
||||
#
|
||||
|
||||
# Include Beaker environment
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
rlJournalStart
|
||||
rlPhaseStartSetup
|
||||
rlServiceStart dovecot
|
||||
rlRun "TestDir=\$(pwd)"
|
||||
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
|
||||
rlRun "pushd $TmpDir"
|
||||
rlRun "auditfile=\$(mktemp --tmpdir=${TmpDir})"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartTest "Run GEF got-audit"
|
||||
rlRun "SERVICE_PID=\$( systemctl show --property=MainPID dovecot.service | cut -f2 -d= )"
|
||||
rlRun "echo SERVICE_PID is '$SERVICE_PID'"
|
||||
[ -n "$SERVICE_PID" ] || rlFail "No service pid was found"
|
||||
rlRun "gdb-gef --pid '$SERVICE_PID' --command='$TestDir'/got-audit.gdb --batch > '$auditfile'"
|
||||
# Basic test: ensure that at least one symbol is found in libc.so,
|
||||
# to verify that the report looks plausible.
|
||||
rlAssertGrep " : /.*/libc.so" "$auditfile"
|
||||
# Ensure the got-audit did not report any errors
|
||||
rlAssertNotGrep " :: ERROR" "$auditfile"
|
||||
rlRun "cp '$auditfile' '$TMT_TEST_DATA'/got-audit.txt"
|
||||
rlPhaseEnd
|
||||
|
||||
rlPhaseStartCleanup
|
||||
rlServiceRestore dovecot
|
||||
rlRun "popd"
|
||||
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
|
||||
rlPhaseEnd
|
||||
rlJournalPrintText
|
||||
rlJournalEnd
|
||||
2
tests/main.fmf
Normal file
2
tests/main.fmf
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
test: ./runtest.sh
|
||||
framework: beakerlib
|
||||
Loading…
Add table
Add a link
Reference in a new issue