diff options
Diffstat (limited to 'network/emailrelay/patches')
3 files changed, 0 insertions, 187 deletions
diff --git a/network/emailrelay/patches/4b0a67b55cec24f99d4842fe8ac980327beed0cb.patch b/network/emailrelay/patches/4b0a67b55cec24f99d4842fe8ac980327beed0cb.patch deleted file mode 100644 index 08cbd27dbe..0000000000 --- a/network/emailrelay/patches/4b0a67b55cec24f99d4842fe8ac980327beed0cb.patch +++ /dev/null @@ -1,130 +0,0 @@ -From 4b0a67b55cec24f99d4842fe8ac980327beed0cb Mon Sep 17 00:00:00 2001 -From: Andrew Clemons <andrew.clemons@gmail.com> -Date: Wed, 2 Aug 2017 21:22:53 +1200 -Subject: [PATCH] Add support for XOAUTH2 auth - -I have thus far only tested this with gmail and using node-xoauth2 for -generating the tokens. - -Emailrelay still requires a client auth configuration file with four -values. The id value here can be anything since it is ignored. - -I am using: - -client XOAUTH2 ignored <generated token> ---- - src/gauth/gsaslclient.h | 5 +++++ - src/gauth/gsaslclient_native.cpp | 32 +++++++++++++++++++++++++++++++- - src/gsmtp/gclientprotocol.cpp | 18 ++++++++++++++++-- - 3 files changed, 52 insertions(+), 3 deletions(-) - -diff --git a/src/gauth/gsaslclient.h b/src/gauth/gsaslclient.h -index ea12e05..d74b56d 100644 ---- a/src/gauth/gsaslclient.h -+++ b/src/gauth/gsaslclient.h -@@ -67,6 +67,11 @@ class GAuth::SaslClient - ///< Returns true if the constructor's secrets object - ///< is valid. - -+ std::string initial_response( const std::string & mechanism , -+ bool & done , bool & error , bool & sensitive ) const ; -+ ///< Returns an initial_response for authentication. -+ ///< Returns various boolean flags by reference. -+ - std::string response( const std::string & mechanism , const std::string & challenge , - bool & done , bool & error , bool & sensitive ) const ; - ///< Returns a response to the given challenge. -diff --git a/src/gauth/gsaslclient_native.cpp b/src/gauth/gsaslclient_native.cpp -index d0bded2..924772a 100644 ---- a/src/gauth/gsaslclient_native.cpp -+++ b/src/gauth/gsaslclient_native.cpp -@@ -101,6 +101,33 @@ bool GAuth::SaslClient::active() const - return m_imp->m_secrets.valid() ; - } - -+std::string GAuth::SaslClient::initial_response( const std::string & mechanism , bool & done , -+ bool & error , bool & sensitive ) const -+{ -+ done = false ; -+ error = false ; -+ sensitive = false ; -+ -+ std::string auth("AUTH") ; -+ std::string sep(" ") ; -+ -+ std::string rsp ; -+ if( mechanism == "XOAUTH2" ) -+ { -+ std::string secret = m_imp->m_secrets.secret(mechanism) ; -+ rsp = auth + sep + mechanism + sep + secret ; -+ error = secret.empty() ; -+ done = true ; -+ sensitive = true ; -+ } -+ else -+ { -+ rsp = auth + sep + mechanism ; -+ } -+ -+ return rsp ; -+} -+ - std::string GAuth::SaslClient::response( const std::string & mechanism , const std::string & challenge , - bool & done , bool & error , bool & sensitive ) const - { -@@ -175,6 +202,7 @@ std::string GAuth::SaslClient::preferred( const G::Strings & mechanism_list ) co - - const std::string login( "LOGIN" ) ; - const std::string plain( "PLAIN" ) ; -+ const std::string xoauth2( "XOAUTH2" ) ; - const std::string cram( "CRAM-MD5" ) ; - - // create a them set -@@ -186,15 +214,17 @@ std::string GAuth::SaslClient::preferred( const G::Strings & mechanism_list ) co - std::set<std::string> us ; - if( !m_imp->m_secrets.id(login).empty() ) us.insert(login) ; - if( !m_imp->m_secrets.id(plain).empty() ) us.insert(plain) ; -+ if( !m_imp->m_secrets.id(xoauth2).empty() ) us.insert(xoauth2) ; - if( !m_imp->m_secrets.id(cram).empty() ) us.insert(cram) ; - - // get the intersection - std::set<std::string> both ; - std::set_intersection( them.begin() , them.end() , us.begin() , us.end() , std::inserter(both,both.end()) ) ; - -- // preferred order: cram, plain, login -+ // preferred order: cram, xoauth2, plain, login - std::string m ; - if( m.empty() && both.find(cram) != both.end() ) m = cram ; -+ if( m.empty() && both.find(xoauth2) != both.end() ) m = xoauth2 ; - if( m.empty() && both.find(plain) != both.end() ) m = plain ; - if( m.empty() && both.find(login) != both.end() ) m = login ; - G_DEBUG( "GAuth::SaslClient::preferred: we prefer \"" << m << "\"" ) ; -diff --git a/src/gsmtp/gclientprotocol.cpp b/src/gsmtp/gclientprotocol.cpp -index 3ebc0c7..bbd8aca 100644 ---- a/src/gsmtp/gclientprotocol.cpp -+++ b/src/gsmtp/gclientprotocol.cpp -@@ -303,8 +303,22 @@ bool GSmtp::ClientProtocol::applyEvent( const Reply & reply , bool is_start_even - } - else if( m_server_has_auth && m_sasl->active() ) - { -- m_state = sAuth1 ; -- send( "AUTH " , m_auth_mechanism ) ; -+ bool done = true ; -+ bool error = false ; -+ bool sensitive = false ; -+ std::string rsp = m_sasl->initial_response( m_auth_mechanism , -+ done , error , sensitive ) ; -+ -+ if( error ) -+ { -+ m_state = sAuth2 ; -+ send( "*" ) ; // ie. cancel authentication -+ } -+ else -+ { -+ m_state = done ? sAuth2 : sAuth1 ; -+ send( rsp , false , sensitive ) ; -+ } - } - else if( !m_server_has_auth && m_sasl->active() && m_must_authenticate ) - { diff --git a/network/emailrelay/patches/a9dcd228875a40ef2b475ff6f328332bd6f6e4f6.patch b/network/emailrelay/patches/a9dcd228875a40ef2b475ff6f328332bd6f6e4f6.patch deleted file mode 100644 index e6e15147f0..0000000000 --- a/network/emailrelay/patches/a9dcd228875a40ef2b475ff6f328332bd6f6e4f6.patch +++ /dev/null @@ -1,31 +0,0 @@ -From a9dcd228875a40ef2b475ff6f328332bd6f6e4f6 Mon Sep 17 00:00:00 2001 -From: Andrew Clemons <andrew.clemons@gmail.com> -Date: Thu, 5 May 2016 12:56:52 +1200 -Subject: [PATCH] --tls-config 3 only enabled SSLv3 - -This flag is meant to enable SSLv3 and any later protocol but actually -only enabled SSLv3. - -https://www.openssl.org/docs/man1.0.1/ssl/SSLv3_method.html ---- - src/gssl/gssl_openssl.cpp | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/gssl/gssl_openssl.cpp b/src/gssl/gssl_openssl.cpp -index f64ad94..f8a225f 100644 ---- a/src/gssl/gssl_openssl.cpp -+++ b/src/gssl/gssl_openssl.cpp -@@ -292,9 +292,10 @@ GSsl::Context::Context( const std::string & pem_file , unsigned int flags ) - { - if( (flags&3U) == 2U ) - m_ssl_ctx = SSL_CTX_new(SSLv23_method()) ; -- else if( (flags&3U) == 3U ) -- m_ssl_ctx = SSL_CTX_new(SSLv3_method()) ; -- else { -+ else if( (flags&3U) == 3U ) { -+ m_ssl_ctx = SSL_CTX_new(SSLv23_method()) ; -+ SSL_CTX_set_options(m_ssl_ctx, SSL_OP_NO_SSLv2) ; -+ } else { - m_ssl_ctx = SSL_CTX_new(SSLv23_method()) ; - SSL_CTX_set_options(m_ssl_ctx, SSL_OP_NO_SSLv2| SSL_OP_NO_SSLv3) ; - } diff --git a/network/emailrelay/patches/b79f2cb7c70d7c311162cb9d38b3921b76ddae3d.patch b/network/emailrelay/patches/b79f2cb7c70d7c311162cb9d38b3921b76ddae3d.patch deleted file mode 100644 index 3e0f6f2115..0000000000 --- a/network/emailrelay/patches/b79f2cb7c70d7c311162cb9d38b3921b76ddae3d.patch +++ /dev/null @@ -1,26 +0,0 @@ -From b79f2cb7c70d7c311162cb9d38b3921b76ddae3d Mon Sep 17 00:00:00 2001 -From: Andrew Clemons <andrew.clemons@gmail.com> -Date: Thu, 5 May 2016 12:55:02 +1200 -Subject: [PATCH] Use TLS1.1 and TLS1.2 if openssl supports it - ---- - src/gssl/gssl_openssl.cpp | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/gssl/gssl_openssl.cpp b/src/gssl/gssl_openssl.cpp -index 34af44f..f64ad94 100644 ---- a/src/gssl/gssl_openssl.cpp -+++ b/src/gssl/gssl_openssl.cpp -@@ -294,8 +294,10 @@ GSsl::Context::Context( const std::string & pem_file , unsigned int flags ) - m_ssl_ctx = SSL_CTX_new(SSLv23_method()) ; - else if( (flags&3U) == 3U ) - m_ssl_ctx = SSL_CTX_new(SSLv3_method()) ; -- else -- m_ssl_ctx = SSL_CTX_new(TLSv1_method()) ; -+ else { -+ m_ssl_ctx = SSL_CTX_new(SSLv23_method()) ; -+ SSL_CTX_set_options(m_ssl_ctx, SSL_OP_NO_SSLv2| SSL_OP_NO_SSLv3) ; -+ } - - if( m_ssl_ctx == NULL ) - throw Error( "SSL_CTX_new" , ERR_get_error() ) ; |