[tpop3d-discuss] Virtual domains using passwd files
Angel Marin
anmar at gmx.net
Sat, 8 Jun 2002 19:30:27 +0200
This is a multi-part message in MIME format.
------=_NextPart_000_0000_01C20F22.F1D77850
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Hi,
I have developed an auth plugin which use passwd style files for virtual
domains.
What it does :
- auths the user against an alternate password file
- sets the uid and gid for r/w the mailbox
How to configure:
I added a couple things in the configuration file, so everything is
customisable:
"auth-virtual-mail-user:" system user that can access the mailboxes
* auth-virtual-mail-user: mail
"auth-virtual-mail-group:" system group that can access the mailboxes
* auth-virtual-mail-group: mail
"auth-virtual-passwd-file:" selects the location of the password file for
the domains you can use the substitution string $(domain)
* auth-virtual-passwd-file: /etc/domains/$(domain)/shadow
How it works:
The driver is initialized with the config params, then when the user logs
in $(domain) is replaced with user domain and try to authenticate against
that password style file.
To do:
Modify configure & makefile
Any suggestion ?
The patch:
Attachment: tpop3d-1.4.1-virtual.patch
------=_NextPart_000_0000_01C20F22.F1D77850
Content-Type: application/octet-stream;
name="tpop3d-1.4.1-virtual.patch"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="tpop3d-1.4.1-virtual.patch"
diff -urN tpop3d-1.4.1-orig/auth_virtual.c =
tpop3d-1.4.1-virtual/auth_virtual.c=0A=
--- tpop3d-1.4.1-orig/auth_virtual.c Thu Jan 1 01:00:00 1970=0A=
+++ tpop3d-1.4.1-virtual/auth_virtual.c Sat Jun 8 19:22:44 2002=0A=
@@ -0,0 +1,133 @@=0A=
+/*=0A=
+ * auth_virtual.c:=0A=
+ * Authenticate users using an alternate passwd file=0A=
+ *=0A=
+ * designed for tpop3d by Angel Marin <anmar@gmx.net>=0A=
+ * Copyright (c) 2002 Angel Marin, Chris Lightfoot. All rights reserved.=0A=
+ */=0A=
+=0A=
+#ifdef HAVE_CONFIG_H=0A=
+#include "configuration.h"=0A=
+#endif /* HAVE_CONFIG_H */=0A=
+=0A=
+#ifdef AUTH_VIRTUAL=0A=
+static const char rcsid[] =3D "$Id: auth_ldap.c,v 1.0 2002/06/08 =
19:25:10 anmar Exp $";=0A=
+=0A=
+#include <sys/types.h>=0A=
+=0A=
+#ifdef HAVE_CRYPT_H /* XXX */=0A=
+#include <crypt.h>=0A=
+#endif=0A=
+=0A=
+#include <unistd.h>=0A=
+#include <grp.h>=0A=
+#include <pwd.h>=0A=
+#include <stdio.h>=0A=
+#include <stdlib.h>=0A=
+#include <string.h>=0A=
+#include <syslog.h>=0A=
+=0A=
+#include "auth_virtual.h"=0A=
+#include "authswitch.h"=0A=
+#include "config.h"=0A=
+#include "util.h"=0A=
+=0A=
+gid_t virtual_gid;=0A=
+uid_t virtual_uid;=0A=
+char *user_passwd_file_template;=0A=
+=0A=
+/* auth_virtual_init:=0A=
+ * Initialise the driver. Reads the config directives.=0A=
+ * */=0A=
+=0A=
+int auth_virtual_init() {=0A=
+ char *s;=0A=
+ int ret =3D 0;=0A=
+=0A=
+ /* Obtain uid to use */=0A=
+ if ((s =3D config_get_string("auth-virtual-mail-user"))) {=0A=
+ if (!parse_uid(s, &virtual_uid)) {=0A=
+ log_print(LOG_ERR, _("auth_virtual_init: =
auth-virtual-mail-user directive `%s' does not make sense"), s);=0A=
+ goto fail;=0A=
+ }=0A=
+ } else {=0A=
+ log_print(LOG_ERR, _("auth_virtual_init: no =
auth-virtual-mail-user directive in config"));=0A=
+ goto fail;=0A=
+ }=0A=
+=0A=
+ /* Obtain gid to use */=0A=
+ if ((s =3D config_get_string("auth-virtual-mail-group"))) {=0A=
+ if (!parse_gid(s, &virtual_gid)) {=0A=
+ log_print(LOG_ERR, _("auth_virtual_init: =
auth-virtual-mail-group directive `%s' does not make sense"), s);=0A=
+ goto fail;=0A=
+ }=0A=
+ } else {=0A=
+ log_print(LOG_ERR, _("auth_virtual_init: no =
auth-virtual-mail-group directive in config"));=0A=
+ goto fail;=0A=
+ }=0A=
+=0A=
+ /* Obtain path template to passwd file */=0A=
+ if ((s =3D config_get_string("auth-virtual-passwd-file"))) {=0A=
+ user_passwd_file_template =3D s;=0A=
+ } else {=0A=
+ log_print(LOG_ERR, _("auth_virtual_init: no =
auth-virtual-passwd-file directive in config"));=0A=
+ goto fail;=0A=
+ }=0A=
+=0A=
+ ret =3D 1;=0A=
+=0A=
+fail:=0A=
+ return ret;=0A=
+}=0A=
+=0A=
+/* auth_virtual_new_user_pass:=0A=
+ * Attempt to authenticate user and pass using an alternate passwd file,=0A=
+ * as configured at compile-time. This is a virtual-domains =
authenticator.=0A=
+ * */=0A=
+authcontext auth_virtual_new_user_pass(const char *user, const char =
*local_part, const char *domain, const char *pass, const char *host /* =
unused */) {=0A=
+ FILE *fd =3D NULL;=0A=
+ char *user_passwd =3D NULL, *passwd_file =3D NULL;=0A=
+ struct passwd *pwent =3D NULL;=0A=
+ authcontext a =3D NULL;=0A=
+ struct sverr err;=0A=
+=0A=
+ /* Authenticate virtual user without local_part is a hard job :) */=0A=
+ if (!local_part)=0A=
+ goto fail;=0A=
+=0A=
+ /* Get password file location for this virtual domain */=0A=
+ if (!(passwd_file=3Dsubstitute_variables(user_passwd_file_template, =
&err, 1, "domain", domain))) {=0A=
+ log_print(LOG_ERR, _("auth_virtual_new_user_pass: %s near =
`%.16s'"), err.msg, user_passwd_file_template + err.offset);=0A=
+ goto fail;=0A=
+ }=0A=
+=0A=
+ /* Try to open the password file */=0A=
+ if ((fd =3D fopen(passwd_file, "r")) =3D=3D (FILE *) NULL) {=0A=
+ log_print(LOG_ERR, _("auth_virtual_new_user_pass: Unable to =
open virtual password file %s"), passwd_file);=0A=
+ goto fail;=0A=
+ }=0A=
+=0A=
+ /* Now we look for the user password */=0A=
+ pwent =3D fgetpwent(fd);=0A=
+ while(pwent) {=0A=
+ if(!strcmp(local_part, pwent->pw_name)) {=0A=
+ user_passwd =3D xstrdup (pwent->pw_passwd);=0A=
+ pwent =3D NULL;=0A=
+ break;=0A=
+ }=0A=
+ pwent =3D fgetpwent(fd);=0A=
+ }=0A=
+=0A=
+ /* Now we need to authenticate the user */=0A=
+ if (user_passwd&&!strcmp(crypt(pass, user_passwd), user_passwd)) {=0A=
+ a =3D authcontext_new(virtual_uid, virtual_gid, NULL, NULL, =
NULL);=0A=
+ }=0A=
+=0A=
+fail:=0A=
+ if (fd) fclose(fd);=0A=
+ if (user_passwd) xfree (user_passwd);=0A=
+ if (passwd_file) xfree (passwd_file);=0A=
+ return a;=0A=
+}=0A=
+=0A=
+#endif /* AUTH_VIRTUAL */=0A=
diff -urN tpop3d-1.4.1-orig/auth_virtual.h =
tpop3d-1.4.1-virtual/auth_virtual.h=0A=
--- tpop3d-1.4.1-orig/auth_virtual.h Thu Jan 1 01:00:00 1970=0A=
+++ tpop3d-1.4.1-virtual/auth_virtual.h Sat Jun 8 19:23:39 2002=0A=
@@ -0,0 +1,26 @@=0A=
+/*=0A=
+ * auth_virtual.h:=0A=
+ * Authenticate users using an alternate passwd file=0A=
+ *=0A=
+ * designed for tpop3d by Angel Marin <anmar@gmx.net> =0A=
+ * Copyright (c) 2002 Angel Marin, Chris Lightfoot. All rights =
reserved. =0A=
+ */=0A=
+=0A=
+#ifndef __AUTH_VIRTUAL_H_ /* include guard */=0A=
+#define __AUTH_VIRTUAL_H_=0A=
+=0A=
+#ifdef HAVE_CONFIG_H=0A=
+#include "configuration.h"=0A=
+#endif /* HAVE_CONFIG_H */=0A=
+=0A=
+#ifdef AUTH_VIRTUAL=0A=
+=0A=
+#include "authswitch.h"=0A=
+=0A=
+/* auth_virtual.c */=0A=
+authcontext auth_virtual_new_user_pass(const char *user, const char =
*local_part, const char *domain, const char *pass, const char *host);=0A=
+int auth_virtual_init(void);=0A=
+=0A=
+#endif /* AUTH_VIRTUAL */=0A=
+=0A=
+#endif /* __AUTH_VIRTUAL_H_ */=0A=
diff -urN tpop3d-1.4.1-orig/authswitch.c =
tpop3d-1.4.1-virtual/authswitch.c=0A=
--- tpop3d-1.4.1-orig/authswitch.c Tue Mar 19 19:38:27 2002=0A=
+++ tpop3d-1.4.1-virtual/authswitch.c Sat Jun 8 19:13:45 2002=0A=
@@ -32,6 +32,10 @@=0A=
#include "auth_other.h"=0A=
#endif /* AUTH_OTHER */=0A=
=0A=
+#ifdef AUTH_VIRTUAL=0A=
+#include "auth_virtual.h"=0A=
+#endif /* AUTH_VIRTUAL */=0A=
+=0A=
#ifdef AUTH_PERL=0A=
#include "auth_perl.h"=0A=
#endif /* AUTH_PERL */=0A=
@@ -96,6 +100,13 @@=0A=
"perl",=0A=
_X("Uses perl code")},=0A=
#endif /* AUTH_PERL */=0A=
+=0A=
+#ifdef AUTH_VIRTUAL=0A=
+ /* This calls into virtual subroutines. */=0A=
+ {auth_virtual_init, NULL, auth_virtual_new_user_pass, NULL, =
NULL, NULL,=0A=
+ "virtual",=0A=
+ _X("Uses a virtual password file")},=0A=
+#endif /* AUTH_VIRTUAL */=0A=
};=0A=
=0A=
int *auth_drivers_running;=0A=
diff -urN tpop3d-1.4.1-orig/cfgdirectives.c =
tpop3d-1.4.1-virtual/cfgdirectives.c=0A=
--- tpop3d-1.4.1-orig/cfgdirectives.c Tue Mar 19 19:38:27 2002=0A=
+++ tpop3d-1.4.1-virtual/cfgdirectives.c Sat Jun 8 19:13:45 2002=0A=
@@ -89,6 +89,13 @@=0A=
"auth-perl-pass",=0A=
"auth-perl-onlogin",=0A=
#endif /* AUTH_PERL */=0A=
+=0A=
+#ifdef AUTH_VIRTUAL=0A=
+ "auth-virtual-enable",=0A=
+ "auth-virtual-mail-user",=0A=
+ "auth-virtual-mail-group",=0A=
+ "auth-virtual-passwd-file",=0A=
+#endif /* AUTH_VIRTUAL */=0A=
=0A=
#if defined(MBOX_BSD) && defined(MBOX_BSD_SAVE_INDICES)=0A=
"mailspool-index",=0A=
------=_NextPart_000_0000_01C20F22.F1D77850--