[tpop3d-discuss]Some conditions may lead getpwuid to fail

Giampaolo Tomassoni g.tomassoni at libero.it
Mon, 2 Oct 2006 17:08:53 +0200


No reply to this? Not even a "Blah!". :(

giampaolo


> Dears,
>=20
> I see that in many auth_ modules in tpop3d (at least auth_pgsql)=20
> user authentication involves the invoking of parse_uid() from=20
> util.c, followed by a getpwuid() to obtain the user's struct passwd.
>=20
> The purpose seems to me to obtain the struct passwd by allowing=20
> the user database back-ends to return either a username or a uid.
>=20
> Unfortunately, this causes some troubles to me. When it is=20
> difficult to assign a unique id to each user, mailbox users are=20
> often given a single uid and the user itself is identified only=20
> by its name, not by its uid. So, the chain parse_uid() ->=20
> getpwuid() may give wrong results and should be avoided. Also, it=20
> is inefficient when a username is involved, since basicly=20
> parse_uid() must already obtain the passwd structure in order to=20
> convert the username to its uid.
>=20
> The basic idea for a fix which doesn't impact on other cases,=20
> would be to use getpwuid() only when the user field contains=20
> numbers, while relaying on getpwnam() when a username is instead =
involved.
>=20
> A attach a small patch which fixes this for the auth_pgsql=20
> module, since this is the only one I can actually test. The patch=20
> adds the new function get_pw_by_name_or_uid() to util.c, which=20
> basicly mimes the work of parse_uid(), but gives back a struct=20
> passwd* by mean of getpwuid() or getpwnam(). In auth_pgsql.c, a=20
> call to this function replaces the parse_uid() -> getpwuid() chain.
>=20
> I hope to see it in the main branch soon or later: it really=20
> seems to fix my problem.
>=20
> Regards,
>=20
> -----------------------------------
> Giampaolo Tomassoni - IT Consultant
> Piazza VIII Aprile 1948, 4
> I-53044 Chiusi (SI) - Italy
> Ph: +39-0578-21100
>=20