--- postfix-2.1.5/README_FILES/SASL_README.saslpath 2004-04-22 02:13:12.000000000 +0200 +++ postfix-2.1.5/README_FILES/SASL_README 2004-11-28 18:46:27.272948860 +0100 @@ -69,7 +69,8 @@ IMPORTANT: if you install the Cyrus SASL libraries as per the default, you will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl for version 1.5.5 or /usr/ -lib/sasl2 -> /usr/local/lib/sasl2 for version 2.1.1. +lib/sasl2 -> /usr/local/lib/sasl2 for version 2.1.1. or use the +(smtpd|smtp|lmtp)_sasl_path parameter in main.cf. Reportedly, Microsoft Internet Explorer version 5 requires the non-standard SASL LOGIN authentication method. To enable this authentication method, specify @@ -123,8 +124,24 @@ smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated ... -In /usr/local/lib/sasl/smtpd.conf (SASL version 1.5.5) or /usr/local/lib/sasl2/ -smtpd.conf (SASL version 2.1.1) you need to specify how the server should +If you want to change the location of the sasl configuration file or the path +to the plugins you can use: + + /etc/postfix/main.cf: + smtpd_sasl_path = <colon separated list of directories> + +There are different parameters for smtpd, smtp and lmtp. For smtpd the first +path element also indicate the location for the configuration file. The default +value is hardcoded in the sasl library, usually /usr/local/lib/sasl for SASL +version 1.5.5 or /usr/local/lib/sasl2 for SASL version 2.1.1 + +The name of the file used by the SASL library for configuration can be set +with: + + /etc/postfix/main.cf: + smtpd_sasl_application_name = smtpd + +In $smtpd_sasl_path/smtpd.conf you need to specify how the server should validate client passwords. In order to authenticate against the UNIX password database, try: @@ -139,13 +156,6 @@ /usr/local/lib/sasl2/smtpd.conf: pwcheck_method: pwcheck -The name of the file in /usr/local/lib/sasl (SASL version 1.5.5) or /usr/local/ -lib/sasl2 (SASL version 2.1.1) used by the SASL library for configuration can -be set with: - - /etc/postfix/main.cf: - smtpd_sasl_application_name = smtpd - The pwcheck daemon is contained in the cyrus-sasl source tarball. IMPORTANT: postfix processes need to have group read+execute permission for the --- postfix-2.1.5/proto/SASL_README.html.saslpath 2004-04-22 02:10:36.000000000 +0200 +++ postfix-2.1.5/proto/SASL_README.html 2004-11-28 18:46:28.137805381 +0100 @@ -110,7 +110,8 @@ <p> IMPORTANT: if you install the Cyrus SASL libraries as per the default, you will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl for version 1.5.5 or /usr/lib/sasl2 -> /usr/local/lib/sasl2 for -version 2.1.1. </p> +version 2.1.1. or use the (smtpd|smtp|lmtp)_sasl_path parameter in +main.cf. </p> <p> Reportedly, Microsoft Internet Explorer version 5 requires the non-standard SASL LOGIN authentication method. To enable this @@ -191,9 +192,33 @@ </pre> </blockquote> -<p> In /usr/local/lib/sasl/smtpd.conf (SASL version 1.5.5) or -/usr/local/lib/sasl2/smtpd.conf (SASL version 2.1.1) you need to -specify how the server should validate client passwords. </p> +<p> If you want to change the location of the sasl configuration file +or the path to the plugins you can use: </p> + +<blockquote> +<pre> +/etc/postfix/main.cf: + smtpd_sasl_path = <colon separated list of directories> +</pre> +</blockquote> + +<p> There are different parameters for smtpd, smtp and lmtp. For smtpd the +first path element also indicate the location for the configuration file. The +default value is hardcoded in the sasl library, usually /usr/local/lib/sasl for +SASL version 1.5.5 or /usr/local/lib/sasl2 for SASL version 2.1.1 </p> + +<p> The name of the file used by the SASL library for configuration can be set +with: </p> + +<blockquote> +<pre> +/etc/postfix/main.cf: + smtpd_sasl_application_name = smtpd +</pre> +</blockquote> + +<p> In $smtpd_sasl_path/smtpd.conf you need to specify how the server should +validate client passwords. </p> <p> In order to authenticate against the UNIX password database, try: </p> @@ -215,17 +240,6 @@ </dl> -<p> The name of the file in /usr/local/lib/sasl (SASL version 1.5.5) -or /usr/local/lib/sasl2 (SASL version 2.1.1) used by the SASL -library for configuration can be set with: </p> - -<blockquote> -<pre> -/etc/postfix/main.cf: - smtpd_sasl_application_name = smtpd -</pre> -</blockquote> - <p> The pwcheck daemon is contained in the cyrus-sasl source tarball. </p> <p> IMPORTANT: postfix processes need to have group read+execute --- postfix-2.1.5/src/global/mail_params.h.saslpath 2004-11-28 18:46:25.520239634 +0100 +++ postfix-2.1.5/src/global/mail_params.h 2004-11-28 18:46:27.781864431 +0100 @@ -1100,6 +1100,10 @@ #define DEF_SMTPD_SASL_TLS_OPTS "$smtpd_sasl_security_options" extern char *var_smtpd_sasl_opts; +#define VAR_SMTPD_SASL_PATH "smtpd_sasl_path" +#define DEF_SMTPD_SASL_PATH "" +extern char *var_smtpd_sasl_path; + #define VAR_SMTPD_SASL_REALM "smtpd_sasl_local_domain" #define DEF_SMTPD_SASL_REALM "" extern char *var_smtpd_sasl_realm; @@ -1137,6 +1141,10 @@ #define DEF_SMTP_SASL_TLSV_OPTS "$var_smtp_sasl_tls_opts" extern char *var_smtp_sasl_tls_verified_opts; +#define VAR_SMTP_SASL_PATH "smtp_sasl_path" +#define DEF_SMTP_SASL_PATH "" +extern char *var_smtp_sasl_path; + /* * LMTP server. The soft error limit determines how many errors an LMTP * client may make before we start to slow down; the hard error limit @@ -1189,6 +1197,10 @@ #define DEF_LMTPD_SASL_REALM "$myhostname" extern char *var_lmtpd_sasl_realm; +#define VAR_LMTPD_SASL_PATH "lmtpd_sasl_path" +#define DEF_LMTPD_SASL_PATH "" +extern char *var_lmtpd_sasl_path; + /* * SASL authentication support, LMTP client side. */ @@ -1204,6 +1216,10 @@ #define DEF_LMTP_SASL_OPTS "noplaintext, noanonymous" extern char *var_lmtp_sasl_opts; +#define VAR_LMTP_SASL_PATH "lmtp_sasl_path" +#define DEF_LMTP_SASL_PATH "" +extern char *var_lmtp_sasl_path; + /* * SASL-based relay etc. control. */ --- postfix-2.2.4/src/lmtp/lmtp.c.saslpath 2005-02-04 18:41:40.000000000 -0200 +++ postfix-2.2.4/src/lmtp/lmtp.c 2005-06-30 17:53:06.000000000 -0300 @@ -109,6 +109,11 @@ /* .IP "\fBlmtp_sasl_security_options (noplaintext, noanonymous)\fR" /* What authentication mechanisms the Postfix LMTP client is allowed /* to use. +/* .IP \fBlmtp_sasl_path (empty)\fR +/* The path where SASL will look for plugins. This is a colon separated +/* list of directories where the SASL plugins shared objects are located. +/* The default value is the null string, which will use the path defined +/* in the SASL library. /* RESOURCE AND RATE CONTROLS /* .ad /* .fi @@ -291,6 +296,7 @@ char *var_notify_classes; char *var_error_rcpt; char *var_lmtp_sasl_opts; +char *var_lmtp_sasl_path; char *var_lmtp_sasl_passwd; bool var_lmtp_sasl_enable; bool var_lmtp_send_xforward; @@ -555,6 +561,7 @@ VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0, VAR_LMTP_SASL_PASSWD, DEF_LMTP_SASL_PASSWD, &var_lmtp_sasl_passwd, 0, 0, VAR_LMTP_SASL_OPTS, DEF_LMTP_SASL_OPTS, &var_lmtp_sasl_opts, 0, 0, + VAR_LMTP_SASL_PATH, DEF_LMTP_SASL_PATH, &var_lmtp_sasl_path, 0, 0, 0, }; static CONFIG_INT_TABLE int_table[] = { --- postfix-2.1.5/src/lmtp/lmtp_sasl_glue.c.saslpath 2003-09-12 20:46:58.000000000 +0200 +++ postfix-2.1.5/src/lmtp/lmtp_sasl_glue.c 2004-11-28 18:46:27.680881184 +0100 @@ -197,6 +197,12 @@ return (SASL_OK); } +static int lmtp_sasl_getpath(void * context, char ** path) +{ + *path = strdup(var_lmtp_sasl_path); + return SASL_OK; +} + /* lmtp_sasl_get_user - username lookup call-back routine */ static int lmtp_sasl_get_user(void *context, int unused_id, const char **result, @@ -298,9 +304,15 @@ */ static sasl_callback_t callbacks[] = { {SASL_CB_LOG, &lmtp_sasl_log, 0}, + {SASL_CB_LIST_END, 0, 0}, /* placeholder for SASL_CB_GETPATH */ {SASL_CB_LIST_END, 0, 0} }; + if ( *var_lmtp_sasl_path != 0 ) { + callbacks[sizeof(callbacks)/sizeof(sasl_callback_t) - 2].id = SASL_CB_GETPATH; + callbacks[sizeof(callbacks)/sizeof(sasl_callback_t) - 2].proc = &lmtp_sasl_getpath; + } + /* * Sanity check. */ --- postfix-2.2.4/src/smtp/smtp.c.saslpath 2005-02-11 21:57:29.000000000 -0200 +++ postfix-2.2.4/src/smtp/smtp.c 2005-06-30 17:56:41.000000000 -0300 @@ -154,6 +154,11 @@ /* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR" /* What authentication mechanisms the Postfix SMTP client is allowed /* to use. +/* .IP \fBsmtp_sasl_path (empty)\fR +/* The path where SASL will look for plugins. This is a colon separated +/* list of directories where the SASL plugins shared objects are located. +/* The default value is the null string, which will use the path defined +/* in the SASL library. /* .PP /* Available in Postfix version 2.2 and later: /* .IP "\fBsmtp_sasl_mechanism_filter (empty)\fR" @@ -460,6 +465,7 @@ int var_smtp_always_ehlo; int var_smtp_never_ehlo; char *var_smtp_sasl_opts; +char *var_smtp_sasl_path; char *var_smtp_sasl_passwd; bool var_smtp_sasl_enable; char *var_smtp_sasl_mechs; @@ -726,6 +732,7 @@ VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0, VAR_SMTP_SASL_PASSWD, DEF_SMTP_SASL_PASSWD, &var_smtp_sasl_passwd, 0, 0, VAR_SMTP_SASL_OPTS, DEF_SMTP_SASL_OPTS, &var_smtp_sasl_opts, 0, 0, + VAR_SMTP_SASL_PATH, DEF_SMTP_SASL_PATH, &var_smtp_sasl_path, 0, 0, #ifdef USE_TLS VAR_SMTP_SASL_TLS_OPTS, DEF_SMTP_SASL_TLS_OPTS, &var_smtp_sasl_tls_opts, 0, 0, #endif --- postfix-2.1.5/src/smtp/smtp_sasl_glue.c.saslpath 2003-07-14 20:03:20.000000000 +0200 +++ postfix-2.1.5/src/smtp/smtp_sasl_glue.c 2004-11-28 18:46:27.432922321 +0100 @@ -197,6 +197,12 @@ return (SASL_OK); } +static int smtp_sasl_getpath(void * context, char ** path) +{ + *path = strdup(var_smtp_sasl_path); + return SASL_OK; +} + /* smtp_sasl_get_user - username lookup call-back routine */ static int smtp_sasl_get_user(void *context, int unused_id, const char **result, @@ -298,9 +304,15 @@ */ static sasl_callback_t callbacks[] = { {SASL_CB_LOG, &smtp_sasl_log, 0}, + {SASL_CB_LIST_END, 0, 0}, /* placeholder for SASL_CB_GETPATH */ {SASL_CB_LIST_END, 0, 0} }; + if ( *var_smtp_sasl_path != 0 ) { + callbacks[sizeof(callbacks)/sizeof(sasl_callback_t) - 2].id = SASL_CB_GETPATH; + callbacks[sizeof(callbacks)/sizeof(sasl_callback_t) - 2].proc = &smtp_sasl_getpath; + } + /* * Sanity check. */ --- postfix-2.1.5/src/smtpd/smtpd.c.saslpath 2004-11-28 18:46:20.181125394 +0100 +++ postfix-2.1.5/src/smtpd/smtpd.c 2004-11-28 18:46:27.942837726 +0100 @@ -152,6 +152,12 @@ /* .IP "\fBsmtpd_sender_login_maps (empty)\fR" /* Optional lookup table with the SASL login names that own sender /* (MAIL FROM) addresses. +/* .IP \fBsmtpd_sasl_path (empty)\fR +/* The path where SASL will look for plugins. This is a colon separated +/* list of directories where the SASL plugins shared objects are located. +/* The first component of the path will also be the location of the SASL +/* configuration file. The default value is the null string, which will +/* use the path defined in the SASL library. /* .PP /* Available in Postfix version 2.1 and later: /* .IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR" @@ -721,6 +727,7 @@ bool var_smtpd_sasl_enable; char *var_smtpd_sasl_opts; char *var_smtpd_sasl_appname; +char *var_smtpd_sasl_path; char *var_smtpd_sasl_realm; char *var_smtpd_sasl_exceptions_networks; char *var_filter_xport; @@ -3069,6 +3076,7 @@ VAR_LOCAL_RCPT_MAPS, DEF_LOCAL_RCPT_MAPS, &var_local_rcpt_maps, 0, 0, VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts, 0, 0, VAR_SMTPD_SASL_APPNAME, DEF_SMTPD_SASL_APPNAME, &var_smtpd_sasl_appname, 1, 0, + VAR_SMTPD_SASL_PATH, DEF_SMTPD_SASL_PATH, &var_smtpd_sasl_path, 0, 0, VAR_SMTPD_SASL_REALM, DEF_SMTPD_SASL_REALM, &var_smtpd_sasl_realm, 0, 0, VAR_SMTPD_SASL_EXCEPTIONS_NETWORKS, DEF_SMTPD_SASL_EXCEPTIONS_NETWORKS, &var_smtpd_sasl_exceptions_networks, 0, 0, VAR_FILTER_XPORT, DEF_FILTER_XPORT, &var_filter_xport, 0, 0, --- postfix-2.1.5/src/smtpd/smtpd_sasl_glue.c.saslpath 2004-02-01 19:44:55.000000000 +0100 +++ postfix-2.1.5/src/smtpd/smtpd_sasl_glue.c 2004-11-28 18:46:28.070816494 +0100 @@ -181,6 +181,12 @@ return SASL_OK; } +static int smtpd_sasl_getpath(void * context, char ** path) +{ + *path = strdup(var_smtpd_sasl_path); + return SASL_OK; +} + /* * SASL callback interface structure. These call-backs have no per-session * context. @@ -189,6 +195,7 @@ static sasl_callback_t callbacks[] = { {SASL_CB_LOG, &smtpd_sasl_log, NO_CALLBACK_CONTEXT}, + {SASL_CB_LIST_END, 0, 0}, /* placeholder for SASL_CB_GETPATH */ {SASL_CB_LIST_END, 0, 0} }; @@ -208,6 +215,11 @@ void smtpd_sasl_initialize(void) { + if ( *var_smtpd_sasl_path != 0 ) { + callbacks[sizeof(callbacks)/sizeof(sasl_callback_t) - 2].id = SASL_CB_GETPATH; + callbacks[sizeof(callbacks)/sizeof(sasl_callback_t) - 2].proc = &smtpd_sasl_getpath; + } + /* * Initialize the library: load SASL plug-in routines, etc. */