diff options
| author | Sergey Poznyakoff <gray@gnu.org.ua> | 2002-08-13 13:24:57 +0000 |
|---|---|---|
| committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2002-08-13 13:24:57 +0000 |
| commit | 3373742327451a83f03946e47d0dd512295303f0 (patch) | |
| tree | 469cb5f2d4cb478bc0eacfa17c90108e68cae73c | |
| parent | 257c5cdac7638dc2e7b4d2ada0c4c336fd178ff7 (diff) | |
| download | mailutils-3373742327451a83f03946e47d0dd512295303f0.tar.gz mailutils-3373742327451a83f03946e47d0dd512295303f0.tar.bz2 | |
Switched to the new authentication/authorization functions.
| -rw-r--r-- | comsat/comsat.c | 20 | ||||
| -rw-r--r-- | guimb/scm/sieve-core.scm | 2 | ||||
| -rw-r--r-- | imap4d/authenticate.c | 14 | ||||
| -rw-r--r-- | imap4d/bye.c | 7 | ||||
| -rw-r--r-- | imap4d/imap4d.c | 15 | ||||
| -rw-r--r-- | imap4d/login.c | 125 | ||||
| -rw-r--r-- | imap4d/namespace.c | 20 | ||||
| -rw-r--r-- | imap4d/rename.c | 39 | ||||
| -rw-r--r-- | libmu_scm/mu_util.c | 44 | ||||
| -rw-r--r-- | mail.local/main.c | 34 | ||||
| -rw-r--r-- | mail.local/script.c | 11 | ||||
| -rw-r--r-- | mailbox/mbx_default.c | 52 | ||||
| -rw-r--r-- | mailbox/message.c | 11 | ||||
| -rw-r--r-- | mailbox/wicket.c | 8 | ||||
| -rw-r--r-- | pop3d/pop3d.c | 15 | ||||
| -rw-r--r-- | pop3d/user.c | 253 |
16 files changed, 212 insertions, 458 deletions
diff --git a/comsat/comsat.c b/comsat/comsat.c index b9832adea..f23d22daa 100644 --- a/comsat/comsat.c +++ b/comsat/comsat.c @@ -585,27 +585,19 @@ change_user (const char *user) char * mailbox_path (const char *user) { - struct passwd *pw; + struct mu_auth_data *auth; char *mailbox_name; - pw = mu_getpwnam (user); - if (!pw) + auth = mu_get_auth_by_name (user); + + if (!auth) { syslog (LOG_ALERT, "user nonexistent: %s", user); return NULL; } - if (!mu_virtual_domain) - { - mailbox_name = calloc (strlen (mu_path_maildir) + 1 + - strlen (pw->pw_name) + 1, 1); - sprintf (mailbox_name, "%s%s", mu_path_maildir, pw->pw_name); - } - else - { - mailbox_name = calloc (strlen (pw->pw_dir) + strlen ("/INBOX"), 1); - sprintf (mailbox_name, "%s/INBOX", pw->pw_dir); - } + mailbox_name = strdup (auth->mailbox); + mu_auth_data_free (auth); return mailbox_name; } diff --git a/guimb/scm/sieve-core.scm b/guimb/scm/sieve-core.scm index 193558648..ad3659e83 100644 --- a/guimb/scm/sieve-core.scm +++ b/guimb/scm/sieve-core.scm @@ -65,7 +65,7 @@ (define (sieve-expand-filename filename) (case (string-ref filename 0) ((#\~) - (let ((pw (mu_getpwuid (geteuid)))) + (let ((pw (mu-getpwuid (geteuid)))) (if (and (vector? pw) (let ((dir (vector-ref pw 5))) (and diff --git a/imap4d/authenticate.c b/imap4d/authenticate.c index bdb71c72f..6a3f3f92b 100644 --- a/imap4d/authenticate.c +++ b/imap4d/authenticate.c @@ -29,7 +29,7 @@ struct imap_auth { { NULL, NULL } }; -int +void imap4d_auth_capability () { struct imap_auth *ap; @@ -59,18 +59,18 @@ imap4d_authenticate (struct imap4d_command *command, char *arg) if (username) { - struct passwd *pw = mu_getpwnam (username); - if (pw == NULL) + auth_data = mu_get_auth_by_name (username); + if (auth_data == NULL) return util_finish (command, RESP_NO, "User name or passwd rejected"); - if (pw->pw_uid > 0 && !mu_virtual_domain) - setuid (pw->pw_uid); + if (auth_data->change_uid) + setuid (auth_data->uid); - homedir = mu_normalize_path (strdup (pw->pw_dir), "/"); + homedir = mu_normalize_path (strdup (auth_data->dir), "/"); /* FIXME: Check for errors. */ chdir (homedir); - namespace_init(pw->pw_dir); + namespace_init (homedir); syslog (LOG_INFO, "User '%s' logged in", username); return 0; } diff --git a/imap4d/bye.c b/imap4d/bye.c index bbdeb60a4..34f63816a 100644 --- a/imap4d/bye.c +++ b/imap4d/bye.c @@ -27,10 +27,7 @@ imap4d_bye (int reason) int imap4d_bye0 (int reason, struct imap4d_command *command) { - struct passwd *pw = mu_getpwuid (getuid ()); - const char *username; int status = EXIT_FAILURE; - username = (pw) ? pw->pw_name : "Unknown"; if (mbox) { @@ -57,7 +54,7 @@ imap4d_bye0 (int reason, struct imap4d_command *command) if (state == STATE_NONAUTH) syslog (LOG_INFO, "Session timed out for no user"); else - syslog (LOG_INFO, "Session timed out for user: %s", username); + syslog (LOG_INFO, "Session timed out for user: %s", auth_data->name); break; case ERR_NO_OFILE: @@ -69,7 +66,7 @@ imap4d_bye0 (int reason, struct imap4d_command *command) if (state == STATE_NONAUTH) syslog (LOG_INFO, "Session terminating"); else - syslog (LOG_INFO, "Session terminating for user: %s", username); + syslog (LOG_INFO, "Session terminating for user: %s", auth_data->name); status = EXIT_SUCCESS; break; diff --git a/imap4d/imap4d.c b/imap4d/imap4d.c index e54d9df60..96d913541 100644 --- a/imap4d/imap4d.c +++ b/imap4d/imap4d.c @@ -16,9 +16,6 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "imap4d.h" -#ifdef HAVE_MYSQL -# include "../MySql/MySql.h" -#endif FILE *ifile; FILE *ofile; @@ -26,6 +23,7 @@ mailbox_t mbox; char *homedir; int state = STATE_NONAUTH; int debug_mode = 0; +struct mu_auth_data *auth_data; struct daemon_param daemon_param = { MODE_INTERACTIVE, /* Start in interactive (inetd) mode */ @@ -104,9 +102,10 @@ main (int argc, char **argv) { struct group *gr; int status = EXIT_SUCCESS; - + state = STATE_NONAUTH; /* Starting state in non-auth. */ + MU_AUTH_REGISTER_ALL_MODULES(); mu_argp_parse (&argp, &argc, &argv, 0, imap4d_capa, NULL, &daemon_param); #ifdef USE_LIBPAM @@ -145,14 +144,6 @@ main (int argc, char **argv) list_append (bookie, path_record); } -#ifdef HAVE_MYSQL - mu_register_getpwnam (getMpwnam); - mu_register_getpwuid (getMpwuid); -#endif -#ifdef USE_VIRTUAL_DOMAINS - mu_register_getpwnam (getpwnam_virtual); -#endif - /* Set the signal handlers. */ signal (SIGINT, imap4d_signal); signal (SIGQUIT, imap4d_signal); diff --git a/imap4d/login.c b/imap4d/login.c index 9c15d765b..fa872733d 100644 --- a/imap4d/login.c +++ b/imap4d/login.c @@ -17,73 +17,11 @@ #include "imap4d.h" -#ifdef HAVE_MYSQL -#include "../MySql/MySql.h" -#endif - -#ifdef USE_LIBPAM -#define COPY_STRING(s) (s) ? strdup(s) : NULL - -static char *_pwd; -static char *_user; -static int _perr = 0; - -static int -PAM_gnuimap4d_conv (int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr) -{ - int replies = 0; - struct pam_response *reply = NULL; - - reply = malloc (sizeof (*reply) * num_msg); - if (!reply) - return PAM_CONV_ERR; - for (replies = 0; replies < num_msg; replies++) - { - switch (msg[replies]->msg_style) - { - case PAM_PROMPT_ECHO_ON: - reply[replies].resp_retcode = PAM_SUCCESS; - reply[replies].resp = COPY_STRING (_user); - /* PAM frees resp */ - break; - - case PAM_PROMPT_ECHO_OFF: - reply[replies].resp_retcode = PAM_SUCCESS; - reply[replies].resp = COPY_STRING (_pwd); - /* PAM frees resp */ - break; - - case PAM_TEXT_INFO: - case PAM_ERROR_MSG: - reply[replies].resp_retcode = PAM_SUCCESS; - reply[replies].resp = NULL; - break; - - default: - free (reply); - _perr = 1; - return PAM_CONV_ERR; - } - } - *resp = reply; - return PAM_SUCCESS; -} - -static struct pam_conv PAM_conversation = { &PAM_gnuimap4d_conv, NULL }; -#endif /* USE_LIBPAM */ - -#define PAM_ERROR if (_perr || (pamerror != PAM_SUCCESS)) goto pam_errlab; - int imap4d_login (struct imap4d_command *command, char *arg) { - struct passwd *pw; char *sp = NULL, *username, *pass; -#ifdef USE_LIBPAM - pam_handle_t *pamh; - int pamerror; -#endif /* !USE_LIBPAM */ + int rc; username = util_getword (arg, &sp); pass = util_getword (NULL, &sp); @@ -97,56 +35,29 @@ imap4d_login (struct imap4d_command *command, char *arg) else if (util_getword (NULL, &sp)) return util_finish (command, RESP_NO, "Too many args"); - pw = mu_getpwnam (username); - if (pw == NULL) - return util_finish (command, RESP_NO, "User name or passwd rejected"); + auth_data = mu_get_auth_by_name (username); -#ifndef USE_LIBPAM - if (pw->pw_uid < 1) - return util_finish (command, RESP_NO, "User name or passwd rejected"); - if (strcmp (pw->pw_passwd, (char *)crypt (pass, pw->pw_passwd))) + if (auth_data == NULL) { -#ifdef HAVE_SHADOW_H - struct spwd *spw; - spw = getspnam (username); - if (spw == NULL || strcmp (spw->sp_pwdp, (char *)crypt (pass, spw->sp_pwdp))) -#ifdef HAVE_MYSQL - { - spw = getMspnam (username); - if (spw == NULL || strcmp (spw->sp_pwdp, (char *)crypt (pass, spw->sp_pwdp))) - return util_finish (command, RESP_NO, "User name or passwd rejected"); - } -#else /* HAVE_MYSQL */ -#endif /* HAVE_SHADOW_H */ - return util_finish (command, RESP_NO, "User name or passwd rejected"); -#endif /* HAVE_MYSQL */ + syslog (LOG_INFO, "User '%s': nonexistent", arg); + return util_finish (command, RESP_NO, "User name or passwd rejected"); } -#else /* !USE_LIBPAM */ - _user = (char *) username; - _pwd = pass; - /* libpam doesn't log to LOG_MAIL */ - closelog (); - pamerror = pam_start (pam_service, username, &PAM_conversation, &pamh); - PAM_ERROR; - pamerror = pam_authenticate (pamh, 0); - PAM_ERROR; - pamerror = pam_acct_mgmt (pamh, 0); - PAM_ERROR; - pamerror = pam_setcred (pamh, PAM_ESTABLISH_CRED); - pam_errlab: - pam_end (pamh, PAM_SUCCESS); - openlog ("gnu-imap4d", LOG_PID, log_facility); - if (_perr || (pamerror != PAM_SUCCESS)) - return util_finish (command, RESP_NO, "User name or passwd rejected"); -#endif /* USE_LIBPAM */ - - if (pw->pw_uid > 0 && !mu_virtual_domain) - setuid (pw->pw_uid); + rc = mu_authenticate (auth_data, pass); + openlog ("gnu-imap4d", LOG_PID, log_facility); + if (rc) + { + syslog (LOG_INFO, "Login failed: %s", arg); + return util_finish (command, RESP_NO, "User name or passwd rejected"); + } + + if (auth_data->change_uid) + setuid (auth_data->uid); - homedir = mu_normalize_path (strdup (pw->pw_dir), "/"); + homedir = mu_normalize_path (strdup (auth_data->dir), "/"); chdir (homedir); - namespace_init (pw->pw_dir); + namespace_init (homedir); syslog (LOG_INFO, "User '%s' logged in", username); return util_finish (command, RESP_OK, "Completed"); } + diff --git a/imap4d/namespace.c b/imap4d/namespace.c index 4deefbe6d..a4661a378 100644 --- a/imap4d/namespace.c +++ b/imap4d/namespace.c @@ -197,29 +197,13 @@ namespace_checkfullpath (char *name, const char *pattern, const char *delim) char * namespace_getfullpath (char *name, const char *delim) { - if (strcasecmp (name, "INBOX") == 0 && !mu_virtual_domain) - { - struct passwd *pw = mu_getpwuid (getuid ()); - if (pw) - { - name = malloc (strlen (mu_path_maildir) + - strlen (pw->pw_name) + 1); - if (!name) - { - syslog (LOG_ERR, "Not enough memory"); - return NULL; - } - sprintf (name, "%s%s", mu_path_maildir, pw->pw_name); - } - else - name = strdup ("/dev/null"); - } + if (strcasecmp (name, "INBOX") == 0 && auth_data->change_uid) + name = strdup (auth_data->mailbox); else name = namespace_checkfullpath (name, NULL, delim); return name; } - int namespace_init(char *path) { diff --git a/imap4d/rename.c b/imap4d/rename.c index 263fe7af2..d8561cf9b 100644 --- a/imap4d/rename.c +++ b/imap4d/rename.c @@ -68,8 +68,9 @@ imap4d_rename (struct imap4d_command *command, char *arg) if (strcasecmp (oldname, "INBOX") == 0) { mailbox_t newmbox = NULL; + mailbox_t inbox = NULL; char *name; - struct passwd *pw; + if (S_ISDIR(newst.st_mode)) { free (newname); @@ -86,31 +87,27 @@ imap4d_rename (struct imap4d_command *command, char *arg) } free (name); free (newname); - pw = mu_getpwuid (getuid ()); - if (pw) + + if (mailbox_create_default (&inbox, auth_data->name) == 0 && + mailbox_open (inbox, MU_STREAM_RDWR) == 0) { - mailbox_t inbox = NULL; - if (mailbox_create_default (&inbox, pw->pw_name) == 0 && - mailbox_open (inbox, MU_STREAM_RDWR) == 0) + size_t no; + size_t total = 0; + mailbox_messages_count (inbox, &total); + for (no = 1; no <= total; no++) { - size_t no; - size_t total = 0; - mailbox_messages_count (inbox, &total); - for (no = 1; no <= total; no++) + message_t message; + if (mailbox_get_message (inbox, no, &message) == 0) { - message_t message; - if (mailbox_get_message (inbox, no, &message) == 0) - { - attribute_t attr = NULL; - mailbox_append_message (newmbox, message); - message_get_attribute (message, &attr); - attribute_set_deleted (attr); - } + attribute_t attr = NULL; + mailbox_append_message (newmbox, message); + message_get_attribute (message, &attr); + attribute_set_deleted (attr); } - mailbox_expunge (inbox); - mailbox_close (inbox); - mailbox_destroy (&inbox); } + mailbox_expunge (inbox); + mailbox_close (inbox); + mailbox_destroy (&inbox); } mailbox_close (newmbox); mailbox_destroy (&newmbox); diff --git a/libmu_scm/mu_util.c b/libmu_scm/mu_util.c index 606256c6f..0b973fed4 100644 --- a/libmu_scm/mu_util.c +++ b/libmu_scm/mu_util.c @@ -16,54 +16,52 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "mu_scm.h" -#include <pwd.h> +#include <mailutils/mu_auth.h> -SCM_DEFINE (mu_scm_getpwuid, "mu_getpwuid", 0, 1, 0, +SCM_DEFINE (mu_scm_getpwuid, "mu-getpwuid", 1, 0, 0, (SCM USER), "Look up an entry in the user database. USER can be an integer,\n" - "a string, or omitted, giving the behaviour of mu_getpwuid, mu_getpwnam\n" - "or (system) getpwent respectively.\n" - "Returns a vector with fields corresponding to those of the passwd\n" + "or a string, giving the behaviour of mu_get_auth_by_uid or mu_get_auth_by_name\n" + "respectively.\n" + "Returns a vector with fields corresponding to those of the mu_auth_data\n" "entry in question. If no matching entry was found, returns #f.\n") #define FUNC_NAME s_mu_scm_getpwuid { SCM result; - struct passwd *entry; + struct mu_auth_data *entry; SCM *ve; - result = scm_make_vector (SCM_MAKINUM (7), SCM_UNSPECIFIED); + result = scm_make_vector (SCM_MAKINUM (8), SCM_UNSPECIFIED); ve = SCM_VELTS (result); - if (SCM_UNBNDP (USER) || SCM_FALSEP (USER)) + if (SCM_INUMP (USER)) { - entry = getpwent (); - } - else if (SCM_INUMP (USER)) - { - entry = mu_getpwuid (SCM_INUM (USER)); + entry = mu_get_auth_by_uid (SCM_INUM (USER)); } else { SCM_VALIDATE_ROSTRING (1, USER); if (SCM_SUBSTRP (USER)) USER = scm_makfromstr (SCM_ROCHARS (USER), SCM_ROLENGTH (USER), 0); - entry = mu_getpwnam (SCM_ROCHARS (USER)); + entry = mu_get_auth_by_name (SCM_ROCHARS (USER)); } if (!entry) return SCM_BOOL_F; - ve[0] = scm_makfrom0str (entry->pw_name); - ve[1] = scm_makfrom0str (entry->pw_passwd); - ve[2] = scm_ulong2num ((unsigned long) entry->pw_uid); - ve[3] = scm_ulong2num ((unsigned long) entry->pw_gid); - ve[4] = scm_makfrom0str (entry->pw_gecos); - if (!entry->pw_dir) + ve[0] = scm_makfrom0str (entry->name); + ve[1] = scm_makfrom0str (entry->passwd); + ve[2] = scm_ulong2num ((unsigned long) entry->uid); + ve[3] = scm_ulong2num ((unsigned long) entry->gid); + ve[4] = scm_makfrom0str (entry->gecos); + if (!entry->dir) ve[5] = scm_makfrom0str (""); else - ve[5] = scm_makfrom0str (entry->pw_dir); - if (!entry->pw_shell) + ve[5] = scm_makfrom0str (entry->dir); + if (!entry->shell) ve[6] = scm_makfrom0str (""); else - ve[6] = scm_makfrom0str (entry->pw_shell); + ve[6] = scm_makfrom0str (entry->shell); + ve[7] = scm_makfrom0str (entry->mailbox); + mu_auth_data_free (entry); return result; } #undef FUNC_NAME diff --git a/mail.local/main.c b/mail.local/main.c index b373d3f86..9ec146181 100644 --- a/mail.local/main.c +++ b/mail.local/main.c @@ -176,7 +176,7 @@ main (int argc, char *argv[]) umask (0077); mu_argp_error_code = EX_CONFIG; - + MU_AUTH_REGISTER_ALL_MODULES(); mu_argp_parse (&argp, &argc, &argv, 0, argp_capa, &arg_index, NULL); openlog ("mail.local", LOG_PID, log_facility); @@ -193,16 +193,6 @@ main (int argc, char *argv[]) return EX_USAGE; } -#ifdef HAVE_MYSQL - mu_register_getpwnam (getMpwnam); - mu_register_getpwuid (getMpwuid); -#endif -#ifdef USE_VIRTUAL_DOMAINS - mu_register_getpwnam (getpwnam_virtual); - mu_register_getpwnam (getpwnam_ip_virtual); - mu_register_getpwnam (getpwnam_host_virtual); -#endif - /* Register local mbox formats. */ { list_t bookie; @@ -308,11 +298,12 @@ make_tmp (const char *from, char **tempfile) { if (memcmp (buf, "From ", 5)) { + struct mu_auth_data *auth; if (!from) { - struct passwd *pw = mu_getpwuid (uid); - if (pw) - from = pw->pw_name; + auth = mu_get_auth_by_uid (uid); + if (auth) + from = auth->name; } if (from) { @@ -324,6 +315,8 @@ make_tmp (const char *from, char **tempfile) mailer_err ("Can't determine sender address"); exit (EX_UNAVAILABLE); } + if (auth) + mu_auth_data_free (auth); } } else if (!memcmp (buf, "From ", 5)) @@ -353,7 +346,7 @@ deliver (FILE *fp, char *name) url_t url = NULL; size_t n = 0; locker_t lock; - struct passwd *pw; + struct mu_auth_data *auth; int status; stream_t stream; size_t size; @@ -362,15 +355,15 @@ deliver (FILE *fp, char *name) struct stat sb; #endif - pw = mu_getpwnam (name); - if (!pw) + auth = mu_get_auth_by_name (name); + if (!auth) { mailer_err ("%s: no such user", name); exit_code = EX_UNAVAILABLE; return; } - path = malloc (strlen (mu_path_maildir) + strlen (name) + 1); + path = strdup (auth->mailbox); if (!path) { mailer_err ("Out of memory"); @@ -393,7 +386,7 @@ deliver (FILE *fp, char *name) /* Actually open the mailbox. Switch to the user's euid to make sure the maildrop file will have right privileges, in case it will be created */ - if (switch_user_id (pw->pw_uid)) + if (switch_user_id (auth->uid)) return; status = mailbox_open (mbox, MU_STREAM_RDWR|MU_STREAM_CREAT); if (switch_user_id (0)) @@ -463,7 +456,7 @@ deliver (FILE *fp, char *name) } #endif - if (!failed && switch_user_id (pw->pw_uid) == 0) + if (!failed && switch_user_id (auth->uid) == 0) { off_t off = size; size_t nwr; @@ -490,6 +483,7 @@ deliver (FILE *fp, char *name) locker_unlock (lock); + mu_auth_data_free (auth); mailbox_close (mbox); mailbox_destroy (&mbox); } diff --git a/mail.local/script.c b/mail.local/script.c index 3401d9c01..c69966bea 100644 --- a/mail.local/script.c +++ b/mail.local/script.c @@ -73,15 +73,16 @@ mda_init (void *data) static void mda_switch_to_user (struct mda_data *md) { - struct passwd *pw = NULL; + struct mu_auth_data *auth = NULL; if (md && *md->argv != NULL) - pw = mu_getpwnam (*md->argv); + auth = mu_get_auth_by_name (*md->argv); - if (pw) + if (auth) { - switch_user_id (pw->pw_uid); - chdir (pw->pw_dir); + switch_user_id (auth->uid); + chdir (auth->dir); + mu_auth_data_free (auth); } else { diff --git a/mailbox/mbx_default.c b/mailbox/mbx_default.c index be1e0c7ab..472972e2d 100644 --- a/mailbox/mbx_default.c +++ b/mailbox/mbx_default.c @@ -34,6 +34,7 @@ #include <mailutils/mutil.h> #include <mailutils/error.h> #include <mailutils/errno.h> +#include <mailutils/mu_auth.h> const char *mu_path_maildir = MU_PATH_MAILDIR; @@ -93,12 +94,13 @@ static const char * get_homedir (const char *user) { const char *homedir = NULL; - struct passwd *pw = NULL; + struct mu_auth_data *auth = NULL; + if (user) { - pw = mu_getpwnam (user); - if (pw) - homedir = pw->pw_dir; + auth = mu_get_auth_by_name (user); + if (auth) + homedir = auth->dir; } else { @@ -107,16 +109,20 @@ get_homedir (const char *user) homedir = getenv ("HOME"); if (homedir == NULL) { - pw = mu_getpwuid (getuid ()); - if (pw) - homedir = pw->pw_dir; + auth = mu_get_auth_by_name (user); + if (auth) + homedir = auth->dir; } #else - pw = mu_getpwuid (getuid ()); - if (pw) - homedir = pw->pw_dir; + auth = mu_get_auth_by_name (user); + if (auth) + homedir = auth->dir; #endif } + + if (homedir) + homedir = strdup (homedir); + mu_auth_data_free (auth); return homedir; } @@ -136,22 +142,27 @@ user_mailbox_name (const char *user, char **mailbox_name) if (!user) user = (getenv ("LOGNAME")) ? getenv ("LOGNAME") : getenv ("USER"); #endif - if (user == NULL) + + if (user) { - struct passwd *pw; - pw = mu_getpwuid (getuid ()); - if (pw) - user = pw->pw_name; - else + *mailbox_name = malloc (strlen (user) + strlen (mu_path_maildir) + 2); + if (*mailbox_name == NULL) + return ENOMEM; + sprintf (*mailbox_name, "%s%s", mu_path_maildir, user); + } + else + { + struct mu_auth_data *auth = mu_get_auth_by_uid (getuid ()); + + if (!auth) { mu_error ("Who am I ?\n"); return EINVAL; } + *mailbox_name = strdup (auth->mailbox); + mu_auth_data_free (auth); } - *mailbox_name = malloc (strlen (user) + strlen (mu_path_maildir) + 2); - if (*mailbox_name == NULL) - return ENOMEM; - sprintf (*mailbox_name, "%s%s", mu_path_maildir, user); + return 0; } @@ -188,6 +199,7 @@ plus_expand (const char *file, char **buf) (*buf)[len-1] = 0; free (user); free (path); + free (home); return 0; } diff --git a/mailbox/message.c b/mailbox/message.c index 6f3b44c62..a3e122820 100644 --- a/mailbox/message.c +++ b/mailbox/message.c @@ -47,6 +47,7 @@ #include <mailutils/mutil.h> #include <mailutils/observer.h> #include <mailutils/stream.h> +#include <mailutils/mu_auth.h> #define MESSAGE_MODIFIED 0x10000; @@ -971,18 +972,18 @@ message_sender (envelope_t envelope, char *buf, size_t len, size_t *pnwrite) /* oops! We are still here */ { - struct passwd *pw; - const char *sender; - pw = mu_getpwuid (getuid ()); - sender = (pw) ? pw->pw_name : "unknown"; + struct mu_auth_data *auth = mu_get_auth_by_uid (getuid ()); + const char *sender = auth ? auth->name : "unknown"; n = strlen (sender); if (buf && len > 0) { len--; /* One for the null. */ n = (n < len) ? n : len; - memcpy (buf, pw->pw_name, n); + memcpy (buf, auth->name, n); buf[n] = '\0'; } + if (auth) + mu_auth_data_free (auth); } if (pnwrite) diff --git a/mailbox/wicket.c b/mailbox/wicket.c index 2b0b32d6f..c96493d85 100644 --- a/mailbox/wicket.c +++ b/mailbox/wicket.c @@ -30,6 +30,7 @@ #include <mailutils/errno.h> #include <mailutils/mutil.h> +#include <mailutils/mu_auth.h> #include <auth0.h> #include <url0.h> @@ -399,10 +400,11 @@ get_user (url_t url, const char *filename, char **user) } else { - struct passwd *pw = mu_getpwuid (getuid ()); - if (pw && pw->pw_name) + struct mu_auth_data *auth = mu_get_auth_by_uid (getuid ()); + if (auth) { - u = strdup (pw->pw_name); + u = strdup (auth->name); + mu_auth_data_free (auth); if (!u) return ENOMEM; } diff --git a/pop3d/pop3d.c b/pop3d/pop3d.c index 93640bc80..9de430832 100644 --- a/pop3d/pop3d.c +++ b/pop3d/pop3d.c @@ -17,10 +17,6 @@ #include "pop3d.h" -#ifdef HAVE_MYSQL -# include "../MySql/MySql.h" -#endif - mailbox_t mbox; int state; char *username; @@ -91,6 +87,7 @@ main (int argc, char **argv) struct group *gr; int status = OK; + MU_AUTH_REGISTER_ALL_MODULES(); mu_argp_parse (&argp, &argc, &argv, 0, pop3d_argp_capa, NULL, &daemon_param); #ifdef USE_LIBPAM @@ -127,16 +124,6 @@ main (int argc, char **argv) list_append (bookie, path_record); } -#ifdef HAVE_MYSQL - mu_register_getpwnam (getMpwnam); - mu_register_getpwuid (getMpwuid); -#endif -#ifdef USE_VIRTUAL_DOMAINS - mu_register_getpwnam (getpwnam_virtual); - mu_register_getpwnam (getpwnam_ip_virtual); - mu_register_getpwnam (getpwnam_host_virtual); -#endif - /* Set the signal handlers. */ signal (SIGINT, pop3d_signal); signal (SIGQUIT, pop3d_signal); diff --git a/pop3d/user.c b/pop3d/user.c index 0ff7b54ee..87f86619b 100644 --- a/pop3d/user.c +++ b/pop3d/user.c @@ -17,80 +17,14 @@ #include "pop3d.h" -#ifdef HAVE_MYSQL -# include "../MySql/MySql.h" -#endif - -#ifdef USE_LIBPAM -#define COPY_STRING(s) (s) ? strdup(s) : NULL - -static char *_pwd; -static char *_user; -static int _perr = 0; - -#define PAM_ERROR if (_perr || (pamerror != PAM_SUCCESS)) \ - goto pam_errlab; - -static int -PAM_gnupop3d_conv (int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr) -{ - int replies = 0; - struct pam_response *reply = NULL; - (void)appdata_ptr; - - reply = malloc (sizeof (*reply) * num_msg); - if (!reply) - return PAM_CONV_ERR; - - for (replies = 0; replies < num_msg; replies++) - { - switch (msg[replies]->msg_style) - { - case PAM_PROMPT_ECHO_ON: - reply[replies].resp_retcode = PAM_SUCCESS; - reply[replies].resp = COPY_STRING (_user); - /* PAM frees resp */ - break; - - case PAM_PROMPT_ECHO_OFF: - reply[replies].resp_retcode = PAM_SUCCESS; - reply[replies].resp = COPY_STRING (_pwd); - /* PAM frees resp */ - break; - - case PAM_TEXT_INFO: - case PAM_ERROR_MSG: - reply[replies].resp_retcode = PAM_SUCCESS; - reply[replies].resp = NULL; - break; - - default: - free (reply); - _perr = 1; - return PAM_CONV_ERR; - } - } - *resp = reply; - return PAM_SUCCESS; -} - -static struct pam_conv PAM_conversation = { &PAM_gnupop3d_conv, NULL }; -#endif /* USE_LIBPAM */ - -/* Basic user authentication. This also takes the PASS command and verifies - the user name and password. Calls setuid() upon successful verification, - otherwise it will (likely) return ERR_BAD_LOGIN */ - int pop3d_user (const char *arg) { char *buf, pass[POP_MAXCMDLEN], *tmp, *cmd; - struct passwd *pw; int status; int lockit = 1; - char *mailbox_name = NULL; - + struct mu_auth_data *auth_data; + if (state != AUTHORIZATION) return ERR_WRONG_STATE; @@ -118,14 +52,10 @@ pop3d_user (const char *arg) free (tmp); } - if (strlen (cmd) > 4) + if (strcasecmp (cmd, "PASS") == 0) { - free (cmd); - return ERR_BAD_CMD; - } + int rc; - if ((strcasecmp (cmd, "PASS") == 0)) - { free (cmd); #ifdef _USE_APOP @@ -139,136 +69,93 @@ pop3d_user (const char *arg) } #endif - pw = mu_getpwnam (arg); + auth_data = mu_get_auth_by_name (arg); - if (pw == NULL) + if (auth_data == NULL) { syslog (LOG_INFO, "User '%s': nonexistent", arg); return ERR_BAD_LOGIN; } -#ifndef USE_LIBPAM - if (pw->pw_uid < 1) - return ERR_BAD_LOGIN; - if (strcmp (pw->pw_passwd, (char *) crypt (pass, pw->pw_passwd))) - { -#ifdef HAVE_SHADOW_H - struct spwd *spw; - spw = getspnam ((char *) arg); -#ifdef HAVE_MYSQL - if (spw == NULL) - spw = getMspnam (arg); -#endif /* HAVE_MYSQL */ - if (spw == NULL || strcmp (spw->sp_pwdp, - (char *) crypt (pass, spw->sp_pwdp))) -#endif /* HAVE_SHADOW_H */ - { - syslog (LOG_INFO, "User '%s': authentication failed", arg); - return ERR_BAD_LOGIN; - } - } -#else /* !USE_LIBPAM */ - { - pam_handle_t *pamh; - int pamerror; - _user = (char *) arg; - _pwd = pass; - /* libpam doesn't log to LOG_MAIL */ - closelog (); - pamerror = pam_start (pam_service, arg, &PAM_conversation, &pamh); - PAM_ERROR; - pamerror = pam_authenticate (pamh, 0); - PAM_ERROR; - pamerror = pam_acct_mgmt (pamh, 0); - PAM_ERROR; - pamerror = pam_setcred (pamh, PAM_ESTABLISH_CRED); - pam_errlab: - pam_end (pamh, PAM_SUCCESS); - openlog ("gnu-pop3d", LOG_PID, log_facility); - if (pamerror != PAM_SUCCESS) - { - syslog (LOG_INFO, "User '%s': authentication failed", _user); - return ERR_BAD_LOGIN; - } - } -#endif /* USE_LIBPAM */ + rc = mu_authenticate (auth_data, pass); + openlog ("gnu-pop3d", LOG_PID, log_facility); - if (pw->pw_uid > 0 && !mu_virtual_domain) + if (rc) |