Package: dovecot-common
Version: 1:1.2.11-1
Severity: wishlist
Tags: upstream patch
The patch is created by Martin F. Foster , I took it from
http://www.mail-archive.com/[email protected]/msg26781.html
and tested it against 1.2.11-1 . This functionality requires
login_chroot = no, anyway with proxying mode I bet it's acceptable.
Regards,
DT
--- dovecot-1.2.11/src/login-common/login-proxy.c.orig 2010-05-09
23:07:09.000000000 +0200
+++ dovecot-1.2.11/src/login-common/login-proxy.c 2010-05-09
23:10:24.000000000 +0200
@@ -194,18 +194,36 @@
{
struct login_proxy *proxy;
struct login_proxy_record *rec;
- struct ip_addr ip;
- int fd;
+ struct ip_addr ip, *ip_list;
+ char *host_ip;
+ int fd, ret;
+ unsigned int ip_count;
if (host == NULL) {
i_error("proxy(%s): host not given", client->virtual_user);
return NULL;
}
- if (net_addr2ip(host, &ip) < 0) {
- i_error("proxy(%s): %s is not a valid IP",
+ host_ip = t_strdup(host);
+ ret = net_gethostbyname(host, &ip_list, &ip_count);
+ if (ret != 0) {
+ i_error("proxy(%s): cannot resolve %s. "
+ "If name resolution is working outside dovecot, it may be a
chroot issue. "
+ "See LoginProcess on wiki, and login_dir & login_chroot in
config.",
+ client->virtual_user, host);
+ return NULL;
+ } else if (ip_count < 1) {
+ i_error("proxy(%s): succesfully resolved host %s, got no IPs.",
client->virtual_user, host);
return NULL;
+ } else {
+ host_ip = t_strdup(net_ip2addr(&ip_list[0]));
+ }
+
+ if (net_addr2ip(host_ip, &ip) < 0) {
+ i_error("proxy(%s): %s is not a valid IP",
+ client->virtual_user, host_ip);
+ return NULL;
}
rec = login_proxy_state_get(proxy_state, &ip, port);
@@ -218,13 +236,13 @@
fd = net_connect_ip(&ip, port, NULL);
if (fd < 0) {
i_error("proxy(%s): connect(%s, %u) failed: %m",
- client->virtual_user, host, port);
+ client->virtual_user, host_ip, port);
return NULL;
}
proxy = i_new(struct login_proxy, 1);
proxy->created = ioloop_timeval;
- proxy->host = i_strdup(host);
+ proxy->host = i_strdup(host_ip);
proxy->user = i_strdup(client->virtual_user);
proxy->port = port;
proxy->ssl_flags = ssl_flags;
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.33-2-686 (SMP w/2 CPU cores)
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) (ignored: LC_ALL set to
pl_PL)
Shell: /bin/sh linked to /bin/bash
Versions of packages dovecot-common depends on:
ii adduser 3.112 add and remove users and groups
ii libbz2-1.0 1.0.5-4 high-quality block-sorting file co
ii libc6 2.11-0exp4 Embedded GNU C Library: Shared lib
ii libcomerr2 1.41.11-1 common error description library
ii libdb4.8 4.8.26-3 Berkeley v4.8 Database Libraries [
ii libgssapi-krb5-2 1.8.1+dfsg-2 MIT Kerberos runtime libraries - k
ii libk5crypto3 1.8.1+dfsg-2 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.8.1+dfsg-2 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.21-pw2 OpenLDAP libraries
ii libmysqlclient16 5.1.45-3 MySQL database client library
ii libpam-runtime 1.1.1-3 Runtime support for the PAM librar
ii libpam0g 1.1.1-3 Pluggable Authentication Modules l
ii libpq5 8.4.3-1 PostgreSQL C client library
ii libsqlite3-0 3.6.23.1-2 SQLite 3 shared library
ii libssl0.9.8 0.9.8n-1 SSL shared libraries
ii openssl 0.9.8n-1 Secure Socket Layer (SSL) binary a
ii ucf 3.0025 Update Configuration File: preserv
ii zlib1g 1:1.2.3.5.dfsg-1 compression library - runtime
dovecot-common recommends no packages.
Versions of packages dovecot-common suggests:
ii ntp 1:4.2.6+dfsg-1 Network Time Protocol daemon and u
-- Configuration Files:
/etc/pam.d/dovecot changed [not included]
-- no debconf information
--- dovecot-1.2.11/src/login-common/login-proxy.c.orig 2010-05-09 23:07:09.000000000 +0200
+++ dovecot-1.2.11/src/login-common/login-proxy.c 2010-05-09 23:10:24.000000000 +0200
@@ -194,18 +194,36 @@
{
struct login_proxy *proxy;
struct login_proxy_record *rec;
- struct ip_addr ip;
- int fd;
+ struct ip_addr ip, *ip_list;
+ char *host_ip;
+ int fd, ret;
+ unsigned int ip_count;
if (host == NULL) {
i_error("proxy(%s): host not given", client->virtual_user);
return NULL;
}
- if (net_addr2ip(host, &ip) < 0) {
- i_error("proxy(%s): %s is not a valid IP",
+ host_ip = t_strdup(host);
+ ret = net_gethostbyname(host, &ip_list, &ip_count);
+ if (ret != 0) {
+ i_error("proxy(%s): cannot resolve %s. "
+ "If name resolution is working outside dovecot, it may be a chroot issue. "
+ "See LoginProcess on wiki, and login_dir & login_chroot in config.",
+ client->virtual_user, host);
+ return NULL;
+ } else if (ip_count < 1) {
+ i_error("proxy(%s): succesfully resolved host %s, got no IPs.",
client->virtual_user, host);
return NULL;
+ } else {
+ host_ip = t_strdup(net_ip2addr(&ip_list[0]));
+ }
+
+ if (net_addr2ip(host_ip, &ip) < 0) {
+ i_error("proxy(%s): %s is not a valid IP",
+ client->virtual_user, host_ip);
+ return NULL;
}
rec = login_proxy_state_get(proxy_state, &ip, port);
@@ -218,13 +236,13 @@
fd = net_connect_ip(&ip, port, NULL);
if (fd < 0) {
i_error("proxy(%s): connect(%s, %u) failed: %m",
- client->virtual_user, host, port);
+ client->virtual_user, host_ip, port);
return NULL;
}
proxy = i_new(struct login_proxy, 1);
proxy->created = ioloop_timeval;
- proxy->host = i_strdup(host);
+ proxy->host = i_strdup(host_ip);
proxy->user = i_strdup(client->virtual_user);
proxy->port = port;
proxy->ssl_flags = ssl_flags;
