diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2009-11-09 23:58:15 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2009-11-10 11:46:37 +0200 |
commit | 3cbab410e7a5a51345130c11b55f3d1e06768f34 (patch) | |
tree | 58b82aaffaf582cf203216cee68927025fa35761 | |
parent | 3a8c88c419010f977ec932a9059000b7f35bdd4e (diff) | |
download | anubis-3cbab410e7a5a51345130c11b55f3d1e06768f34.tar.gz anubis-3cbab410e7a5a51345130c11b55f3d1e06768f34.tar.bz2 |
Proxy mode.
* src/headers.h (enum anubis_mode): New mode anubis_proxy.
(anubis_proxy_mode): New proto.
* src/rcfile.c (parse_log_facility): Bugfix.
(control_parser): Always handle the mode statement.
* src/transmode.c (anubis_proxy_mode): New function.
* src/daemon.c (anubis_child_main): Handle proxy mode.
* src/env.opt (anubis_set_mode): Likewise.
* doc/anubis.texi: Initial documentation of proxy mode.
-rw-r--r-- | doc/anubis.texi | 8 | ||||
-rw-r--r-- | src/daemon.c | 11 | ||||
-rw-r--r-- | src/env.opt | 9 | ||||
-rw-r--r-- | src/headers.h | 4 | ||||
-rw-r--r-- | src/rcfile.c | 4 | ||||
-rw-r--r-- | src/transmode.c | 18 |
6 files changed, 42 insertions, 12 deletions
diff --git a/doc/anubis.texi b/doc/anubis.texi index 212917d..a149a83 100644 --- a/doc/anubis.texi +++ b/doc/anubis.texi @@ -234,9 +234,14 @@ the remote party, i.e. determine whether it has the right to use Anubis resources and, if so, what configuration settings should be used during the session. We call this process @dfn{authentication}. The exact method of authentication depends on Anubis @dfn{operation -mode}. Currently there are two modes: +mode}. Currently there are three modes: @table @asis +@item proxy +No authentication is performed. Anubis switches to the unprivileged +user (@pxref{Security Settings,,user-unprivileged}) and acts as an +@dfn{@acronym{SMTP} proxy}. + @item transparent This is the default mode. It is compatible with versions of GNU Anubis up to 3.6.2. In this mode, Anubis relies on AUTH service (@command{identd}) @@ -1169,6 +1174,7 @@ Selects Anubis operation mode. Allowed values for @var{mode-name} are: @table @asis +@item proxy @item transparent @item auth @end table diff --git a/src/daemon.c b/src/daemon.c index 8a18978..de30f64 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -180,22 +180,25 @@ anubis_child_main (struct sockaddr_in *addr) int rc; proclist_init (); -#ifdef WITH_GSASL switch (anubis_mode) { case anubis_transparent: rc = anubis_transparent_mode (addr); break; +#ifdef WITH_GSASL case anubis_authenticate: rc = anubis_authenticate_mode (addr); + break; +#endif /* WITH_GSASL */ + case anubis_proxy: + rc = anubis_proxy_mode (addr); + break; + default: abort(); } -#else - rc = anubis_transparent_mode (addr); -#endif /* WITH_GSASL */ proclist_cleanup (subprocess_report_status); net_close_stream (&remote_client); return rc; diff --git a/src/env.opt b/src/env.opt index 83c25d7..7b52f86 100644 --- a/src/env.opt +++ b/src/env.opt @@ -1,8 +1,7 @@ /* -*- c -*- - env.c - This file is part of GNU Anubis. - Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, 2008 The Anubis Team. + Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, 2008, + 2009 The Anubis Team. GNU Anubis is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -475,8 +474,12 @@ anubis_set_mode (char *modename) { if (strcmp (modename, "transparent") == 0) anubis_mode = anubis_transparent; + else if (strcmp (modename, "proxy") == 0) + anubis_mode = anubis_proxy; +#if WITH_GSASL else if (strcmp (modename, "auth") == 0) anubis_mode = anubis_authenticate; +#endif else if (strcmp (modename, "mda") == 0) anubis_mode = anubis_mda; else diff --git a/src/headers.h b/src/headers.h index 6ca6bcc..c83c556 100644 --- a/src/headers.h +++ b/src/headers.h @@ -205,7 +205,8 @@ typedef enum anubis_mode { anubis_transparent, anubis_authenticate, - anubis_mda + anubis_mda, + anubis_proxy } ANUBIS_MODE; @@ -569,6 +570,7 @@ void pgsql_db_init (void); /* transmode.c */ int anubis_transparent_mode (struct sockaddr_in *addr); +int anubis_proxy_mode (struct sockaddr_in *addr); void session_prologue (); /* authmode.c */ diff --git a/src/rcfile.c b/src/rcfile.c index 46f1e41..a6d36e1 100644 --- a/src/rcfile.c +++ b/src/rcfile.c @@ -309,7 +309,7 @@ parse_log_facility (const char *arg) p = anubis_keyword_lookup_ci (kw, arg); if (p) log_facility = p->tok; - else if (((n = strtoul (kw, &endp, 0)), *endp == 0) + else if (((n = strtoul (arg, &endp, 0)), *endp == 0) && (log_facility = n) == n) /* nothing */; else @@ -565,7 +565,6 @@ control_parser (int method, int key, ANUBIS_LIST * arglist, setbool (arg, topt, T_DROP_UNKNOWN_USER); break; -#ifdef WITH_GSASL case KW_MODE: if (anubis_mode != anubis_mda) /* Special case. See comment to KW_LOCAL_MAILER directive, though */ @@ -576,7 +575,6 @@ control_parser (int method, int key, ANUBIS_LIST * arglist, return RC_KW_ERROR; } break; -#endif /* WITH_GSASL */ case KW_INCOMING_MAIL_RULE: incoming_mail_rule = strdup (arg); diff --git a/src/transmode.c b/src/transmode.c index 0f596f8..ab3627f 100644 --- a/src/transmode.c +++ b/src/transmode.c @@ -148,4 +148,22 @@ anubis_transparent_mode (struct sockaddr_in *addr) return 0; } +int +anubis_proxy_mode (struct sockaddr_in *addr) +{ + set_unprivileged_user (); + + info (NORMAL, _("Initiated proxy mode.")); + + session_prologue (); + smtp_session_transparent (); + alarm (0); + + net_close_stream (&remote_server); + net_close_stream (&remote_client); + + info (NORMAL, _("Connection closed successfully.")); + return 0; +} + /* EOF */ |