diff options
author | Phil Pennock <pdp@exim.org> | 2014-04-16 09:36:00 -0700 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2014-04-16 09:36:00 -0700 |
commit | 789010e35c84b44cd338d7f8433b1eeacdffa9e0 (patch) | |
tree | cb6928ed2f48f4df0c4213ae30d7af47f72f8511 | |
parent | 14ea0bea67dc606a55b1a7c29ce7e8595bd86f64 (diff) | |
download | exim4-789010e35c84b44cd338d7f8433b1eeacdffa9e0.tar.gz |
Add new ALLOW_SYSTEM_CRYPT_BRACES build optiondubious
FreeBSD now defaults to a {sha512} hash prefix. Rather than continue
adding more types to crypteq{}{}, to have the same options available
everywhere, we allow this build option to cause the comparison to fall
through to the system crypt() for unrecognised {...} prefices -- the
same logic that happens if the crypt doesn't have a {...} prefix.
Set ALLOW_SYSTEM_CRYPT_BRACES in FreeBSD's OS Makefile.
The `expand.c` change was tested in a `#if 0` variant by Randy Bush, who
confirms that this works. The rest is Exim build tuning and
documentation thereof, "too simple to go wrong". *cough*
-rw-r--r-- | doc/doc-txt/ChangeLog | 5 | ||||
-rw-r--r-- | doc/doc-txt/NewStuff | 7 | ||||
-rw-r--r-- | doc/doc-txt/OptionLists.txt | 1 | ||||
-rw-r--r-- | src/OS/Makefile-FreeBSD | 3 | ||||
-rw-r--r-- | src/src/config.h.defaults | 2 | ||||
-rw-r--r-- | src/src/expand.c | 2 |
6 files changed, 20 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index e41dc3e02..8a2773759 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -82,6 +82,11 @@ TL/07 Add new dmarc expansion variable $dmarc_domain_policy to directly is a combined value of both the record presence and the result of the analysis. +PP/02 Add new ALLOW_SYSTEM_CRYPT_BRACES option, enable by default for FreeBSD, + letting crypteq comparisons pass unrecognised {..} prefices through to + system crypt. + + Exim version 4.82 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index c168cf2a7..07c8c3285 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -32,6 +32,13 @@ Version 4.83 is split from the encryption operation. The default remains that a failed verification cancels the encryption. + 6. If your system's crypt() supports {hashtype} prefices unknown to Exim, + ensure that the compile-time "ALLOW_SYSTEM_CRYPT_BRACES" is defined (it + might be by default for your OS). Without this, Exim rejects unrecognised + hashtypes, as it always has. With this, the default handling passes the + value onto the system crypt(). This is necessary for FreeBSD {sha512} + support. + Version 4.82 ------------ diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt index 4ad112180..e8215d14d 100644 --- a/doc/doc-txt/OptionLists.txt +++ b/doc/doc-txt/OptionLists.txt @@ -815,6 +815,7 @@ only listed below for the TLS implementation cases. Option Type Description ------------------------------------------------------------------------------ +ALLOW_SYSTEM_CRYPT_BRACES system** system crypt() can handle {hashtype} ALT_CONFIG_PREFIX optional restricts location of -C files APPENDFILE_MODE optional* APPENDFILE_DIRECTORY_MODE optional* diff --git a/src/OS/Makefile-FreeBSD b/src/OS/Makefile-FreeBSD index ebb116bf2..ab0918366 100644 --- a/src/OS/Makefile-FreeBSD +++ b/src/OS/Makefile-FreeBSD @@ -8,6 +8,9 @@ CHMOD_COMMAND=/bin/chmod HAVE_SA_LEN=YES +# FreeBSD has switched to {sha512} as the default hash-type. +ALLOW_SYSTEM_CRYPT_BRACES=YES + # crypt() is in a separate library LIBS=-lcrypt -lm -lutil diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults index 962b90d68..6b2bec047 100644 --- a/src/src/config.h.defaults +++ b/src/src/config.h.defaults @@ -13,6 +13,8 @@ it's a default value. */ #define ALT_CONFIG_PREFIX #define TRUSTED_CONFIG_LIST +#define ALLOW_SYSTEM_CRYPT_BRACES + #define APPENDFILE_MODE 0600 #define APPENDFILE_DIRECTORY_MODE 0700 #define APPENDFILE_LOCKFILE_MODE 0600 diff --git a/src/src/expand.c b/src/src/expand.c index d2ac8ca79..afe60efc3 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -2616,12 +2616,14 @@ switch(cond_type) sub[1] += 9; which = 2; } +#ifndef ALLOW_SYSTEM_CRYPT_BRACES else if (sub[1][0] == '{') /* }-for-text-editors */ { expand_string_message = string_sprintf("unknown encryption mechanism " "in \"%s\"", sub[1]); return NULL; } +#endif switch(which) { |