Hello community, here is the log from the commit of package dovecot22 for openSUSE:Factory checked in at 2016-10-13 11:32:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dovecot22 (Old) and /work/SRC/openSUSE:Factory/.dovecot22.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dovecot22" Changes: -------- --- /work/SRC/openSUSE:Factory/dovecot22/dovecot22.changes 2016-07-12 23:52:22.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.dovecot22.new/dovecot22.changes 2016-10-13 11:32:41.000000000 +0200 @@ -1,0 +2,6 @@ +Wed Oct 12 10:04:04 UTC 2016 - mrueck...@suse.de + +- backport the diff bfef689..144e0b5 to fix the ldap bind issue + (bnc#1003952). adds dovecot-2.2.25_ldap_bind.patch + +------------------------------------------------------------------- New: ---- dovecot-2.2.25_ldap_bind.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dovecot22.spec ++++++ --- /var/tmp/diff_new_pack.Sf5QcI/_old 2016-10-13 11:32:43.000000000 +0200 +++ /var/tmp/diff_new_pack.Sf5QcI/_new 2016-10-13 11:32:43.000000000 +0200 @@ -126,6 +126,7 @@ Source7: dovecot-2.2-pigeonhole.configfiles Patch: dovecot-2.2.18-dont_use_etc_ssl_certs.patch Patch1: dovecot-2.2.18-better_ssl_defaults.patch +Patch2: dovecot-2.2.25_ldap_bind.patch Summary: IMAP and POP3 Server Written Primarily with Security in Mind License: BSD-3-Clause and LGPL-2.1+ and MIT Group: Productivity/Networking/Email/Servers @@ -305,6 +306,7 @@ %setup -q -n %{pkg_name}-%{dovecot_version} -a 1 %patch -p1 %patch1 -p1 +%patch2 -p1 %{__gzip} -9v ChangeLog # Fix plugins dir. %{__sed} -i 's|#mail_plugin_dir = /usr/lib/dovecot|mail_plugin_dir = %{_libdir}/dovecot/modules|' doc/example-config/conf.d/10-mail.conf ++++++ dovecot-2.2.25_ldap_bind.patch ++++++ diff --git a/src/auth/db-ldap.c b/src/auth/db-ldap.c index be61e04..6a09809 100644 --- a/src/auth/db-ldap.c +++ b/src/auth/db-ldap.c @@ -993,7 +993,41 @@ static void ldap_connection_timeout(struct ldap_connection *conn) db_ldap_conn_close(conn); } -static int db_ldap_bind(struct ldap_connection *conn) +#ifdef HAVE_LDAP_SASL +static int db_ldap_bind_sasl(struct ldap_connection *conn) +{ + struct db_ldap_sasl_bind_context context; + int ret; + + memset(&context, 0, sizeof(context)); + context.authcid = conn->set.dn; + context.passwd = conn->set.dnpass; + context.realm = conn->set.sasl_realm; + context.authzid = conn->set.sasl_authz_id; + + /* There doesn't seem to be a way to do SASL binding + asynchronously.. */ + ret = ldap_sasl_interactive_bind_s(conn->ld, NULL, + conn->set.sasl_mech, + NULL, NULL, LDAP_SASL_QUIET, + sasl_interact, &context); + if (db_ldap_connect_finish(conn, ret) < 0) + return -1; + + conn->conn_state = LDAP_CONN_STATE_BOUND_DEFAULT; + + return 0; +} +#else +static int db_ldap_bind_sasl(struct ldap_connection *conn ATTR_UNUSED) +{ + i_unreached(); /* already checked at init */ + + return -1; +} +#endif + +static int db_ldap_bind_simple(struct ldap_connection *conn) { int msgid; @@ -1022,6 +1056,19 @@ static int db_ldap_bind(struct ldap_connection *conn) return 0; } +static int db_ldap_bind(struct ldap_connection *conn) +{ + if (conn->set.sasl_bind) { + if (db_ldap_bind_sasl(conn) < 0) + return -1; + } else { + if (db_ldap_bind_simple(conn) < 0) + return -1; + } + + return 0; +} + static void db_ldap_get_fd(struct ldap_connection *conn) { int ret; @@ -1194,32 +1241,9 @@ int db_ldap_connect(struct ldap_connection *conn) #endif } - if (conn->set.sasl_bind) { -#ifdef HAVE_LDAP_SASL - struct db_ldap_sasl_bind_context context; - - memset(&context, 0, sizeof(context)); - context.authcid = conn->set.dn; - context.passwd = conn->set.dnpass; - context.realm = conn->set.sasl_realm; - context.authzid = conn->set.sasl_authz_id; - - /* There doesn't seem to be a way to do SASL binding - asynchronously.. */ - ret = ldap_sasl_interactive_bind_s(conn->ld, NULL, - conn->set.sasl_mech, - NULL, NULL, LDAP_SASL_QUIET, - sasl_interact, &context); - if (db_ldap_connect_finish(conn, ret) < 0) - return -1; -#else - i_unreached(); /* already checked at init */ -#endif - conn->conn_state = LDAP_CONN_STATE_BOUND_DEFAULT; - } else { - if (db_ldap_bind(conn) < 0) - return -1; - } + if (db_ldap_bind(conn) < 0) + return -1; + if (debug) { if (gettimeofday(&end, NULL) == 0) { int msecs = timeval_diff_msecs(&end, &start);