- Update popa3d-0.5

- Cleanup POP_AFTERR_SMTP patches
- honor CFLAGS

- claim maintainership
 no response from previous maintainer since August 2001

5 files changed, 313 insertions, 50 deletions

diff --git a/mail/popa3d/files/POPAUTH b/mail/popa3d/files/POPAUTH
new file mode 100644
index 000000000000..abb368505724
--- /dev/null
+++ b/mail/popa3d/files/POPAUTH
@@ -0,0 +1,49 @@
+	  popa3d patch for POP-before-SMTP and SMTP-after-POP
+
+		    Garry Glendown / Dec. 12th 2000
+
+On the 'net there are a couple of solutions to allow for POP-before-SMTP
+authentication in order to allow for relaying of mails. Anyway, the 
+solutions I found didn't really apeal to me, so I hacked popa3d a bit,
+which we already used on one of our machines to serve mail to dialup
+customers.
+
+			     Prerequisites
+
+This patch supplies data to sendmail to allow for certain IPs to use it
+as a relaying host. In order to use with your sendmail installation, get
+the popauth-hack (http://www.sendmail.org/~ca/email/rules/popauth.m4)
+and install it by adding "HACK(`popauth')" to you .mc-file.
+
+			       Installing
+
+The patch - enabled through the POPB4SMTP-define in the Makefile -
+accesses the file "/etc/mail/popauth.db" (create with "makemap hash
+/etc/mail/popauth </dev/null") and adds the IP of the sucessfully
+authenticated POP-user to it. Once the IP appears in the .db-file,
+sendmail will allow the IP to relay mail from it.
+
+Apart from the IP, which is added as LHS in the database, the patch adds
+the timestamp of the authentication as RHS (which the sendmail-hack
+ignores). This timestamp is then used to remove old IPs which are older
+than VALIDTIME seconds (defined in the Makefile).
+
+			       Disclaimer
+
+This hack has been in production use for a week on our server and though
+there are in average 30-60 POP3 logins per minute (going up to 2-3
+requests per seconds during daytime), we have not had any problems.
+Please note that I'm no expert at the Berkeley db library - I just
+hacked up a version using the old db1 functions and it worked out.
+There may be things to do better, but it seems to work fine for me. If
+you have any suggestions, let me know ... I've tried to play it safe and
+wrapped all db-access into a semaphore-protected block, hopefully
+allowing for safe multiple execution ... also, I tried to make sure that
+the string functions all check for the available array length.
+
+If you have any suggestions, questions or feedback of any other kind
+concerning this hack, don't bug the author of popa3d, but drop me a mail
+at garry@glendown.de
+
+G.Glendown / Dec 15th 2000
+
diff --git a/mail/popa3d/files/patch-aa b/mail/popa3d/files/patch-aa
index b873e9ac3561..7d0d1221a136 100644
--- a/mail/popa3d/files/patch-aa
+++ b/mail/popa3d/files/patch-aa
@@ -1,37 +1,22 @@
---- params.h.orig	Tue Feb  1 09:16:24 2000
-+++ params.h	Sat Mar  4 16:12:48 2000
-@@ -33,7 +33,7 @@
-  * An unprivileged dummy user to run as before authentication. The user
-  * and its UID must not be used for any other purpose.
+--- params.h.orig	Tue Oct 16 06:10:34 2001
++++ params.h	Sat Dec 22 11:57:52 2001
+@@ -99,7 +99,7 @@
+  * A pseudo-user to run as before authentication. The user and its UID
+  * must not be used for any other purpose.
   */
--#define POP_USER			"popa3d"
+-#define POP_USER			POP_SERVER
 +#define POP_USER			"pop"
  
  /*
-  * Sessions will be closed if idle for longer than POP_TIMEOUT seconds.
-@@ -62,7 +62,7 @@
-  * Do we have shadow passwords? (Not for *BSD.)
-  * Note: password aging is not supported.
+  * An empty directory to chroot to before authentication. The directory
+@@ -142,8 +142,8 @@
+  *
+  * Note that there's no built-in password aging support.
   */
+-#define AUTH_PASSWD			0
 -#define AUTH_SHADOW			1
++#define AUTH_PASSWD			1
 +#define AUTH_SHADOW			0
+ #define AUTH_PAM			0
+ #define AUTH_PAM_USERPASS		0
  
- /*
-  * A salt used to waste some CPU time on dummy crypt(3) calls and make
-@@ -81,14 +81,14 @@
-  * Your mail spool directory. Note: only local (non-NFS) mode 775 mail
-  * spools are currently supported.
-  */
--#define MAIL_SPOOL_PATH			"/var/spool/mail"
-+#define MAIL_SPOOL_PATH			"/var/mail"
- 
- /*
-  * How do we talk to syslogd? These should be fine for most systems.
-  */
- #define SYSLOG_IDENT			"popa3d"
- #define SYSLOG_OPTIONS			LOG_PID
--#define SYSLOG_FACILITY			LOG_DAEMON
-+#define SYSLOG_FACILITY			LOG_MAIL
- #define SYSLOG_PRIORITY			LOG_NOTICE
- 
- /*
diff --git a/mail/popa3d/files/patch-ab b/mail/popa3d/files/patch-ab
index b08ab0b7125b..122542270080 100644
--- a/mail/popa3d/files/patch-ab
+++ b/mail/popa3d/files/patch-ab
@@ -1,24 +1,22 @@
---- Makefile.orig	Tue Feb  1 06:56:46 2000
-+++ Makefile	Sat Mar  4 18:34:28 2000
-@@ -1,9 +1,8 @@
+--- Makefile.orig	Sun Oct 28 02:10:49 2001
++++ Makefile	Sat Dec 22 11:59:22 2001
+@@ -1,15 +1,15 @@
 -CC = gcc
 -LD = gcc
-+CC?= gcc
++CC? = gcc
++LD = ${CC}
  RM = rm -f
- CFLAGS = -c -Wall -O2 -fomit-frame-pointer
--LDFLAGS = -s
--#LDFLAGS = -s -lcrypt
-+#LDFLAGS = -s
-+LDFLAGS = -s -lcrypt
- 
- PROJ = popa3d
- OBJS = md5/md5.o \
-@@ -13,7 +12,7 @@
- 	misc.o
- 
- popa3d: $(OBJS)
--	$(LD) $(LDFLAGS) $(OBJS) -o popa3d
-+	$(CC) $(LDFLAGS) $(OBJS) -o popa3d
- 
- md5/md5.o: md5/md5.c md5/md5.h
- 	$(CC) $(CFLAGS) -D_LIBC md5/md5.c -o md5/md5.o
+ MKDIR = mkdir -p
+ INSTALL = install
+-CFLAGS = -c -Wall -O2 -fomit-frame-pointer
++CFLAGS += -c -Wall -O2 -fomit-frame-pointer
+ # You may use OpenSSL's MD5 routines instead of the ones supplied here
+ #CFLAGS += -DHAVE_OPENSSL
+ LDFLAGS = -s
+ LIBS =
+ # Linux with glibc, FreeBSD, NetBSD
+-#LIBS += -lcrypt
++LIBS += -lcrypt
+ # HP-UX trusted system
+ #LIBS += -lsec
+ # Solaris (POP_STANDALONE, POP_VIRTUAL)
diff --git a/mail/popa3d/files/pop-before-sendmail.patch b/mail/popa3d/files/pop-before-sendmail.patch
new file mode 100644
index 000000000000..b50e65f37847
--- /dev/null
+++ b/mail/popa3d/files/pop-before-sendmail.patch
@@ -0,0 +1,184 @@
+--- Makefile.orig	Sat Dec 22 12:00:30 2001
++++ Makefile	Sat Dec 22 12:20:30 2001
+@@ -39,6 +39,9 @@
+ 	misc.o \
+ 	md5/md5.o
+ 
++OBJS += pop_db.o
++CFLAGS += -DPOPB4SMTP -DVALIDTIME=600
++
+ all: $(PROJ)
+ 
+ popa3d: $(OBJS)
+--- pop_auth.c.orig	Thu Sep  6 01:52:35 2001
++++ pop_auth.c	Sat Dec 22 17:41:02 2001
+@@ -14,6 +14,7 @@
+ #if POP_VIRTUAL
+ #include "virtual.h"
+ #endif
++#include "pop_db.h"
+ 
+ static char *pop_user, *pop_pass;
+ 
+@@ -75,15 +76,17 @@
+ #if POP_VIRTUAL
+ 	if (virtual_domain) {
+ 		syslog(result == AUTH_OK ? SYSLOG_PRI_LO : SYSLOG_PRI_HI,
+-			"Authentication %s for %s@%s",
++			"Authentication %s for %s@%s from %s",
+ 			result == AUTH_OK ? "passed" : "failed",
+ 			user ? user : "UNKNOWN USER",
+-			virtual_domain);
++			virtual_domain,
++			client_addr(1) );
+ 		return;
+ 	}
+ #endif
+ 	syslog(result == AUTH_OK ? SYSLOG_PRI_LO : SYSLOG_PRI_HI,
+-		"Authentication %s for %s",
++		"Authentication %s for %s from %s",
+ 		result == AUTH_OK ? "passed" : "failed",
+-		user ? user : "UNKNOWN USER");
++		user ? user : "UNKNOWN USER",
++		client_addr(1));
+ }
+--- pop_db.c.orig	Sat Dec 22 15:55:37 2001
++++ pop_db.c	Sat Dec 22 17:41:50 2001
+@@ -0,0 +1,107 @@
++
++#include <sys/types.h>
++#include <sys/socket.h>
++#include <netinet/in.h>
++#include <arpa/inet.h>
++#include <sys/stat.h>
++
++#ifdef POPB4SMTP
++#include <fcntl.h>
++#include <db.h>
++#include <time.h>
++#include <stdio.h>
++#include <string.h>
++#include <stdlib.h>
++#endif
++
++#include "pop_db.h"
++
++int log_error(char *s);
++
++
++/* Function from G.Glendown Dec 2000 */
++
++char addr_buf[256];
++
++char *client_addr(int fd)
++{
++	struct sockaddr sa;
++	struct sockaddr_in *sockin = (struct sockaddr_in *) (&sa);
++	int length = sizeof(sa);
++
++	strcpy(addr_buf,"0.0.0.0");
++
++	if (fd == -1) {
++		return addr_buf;
++	}
++
++	if (getpeername(fd, &sa, &length) < 0) {
++		return addr_buf;
++	}
++
++	strcpy(addr_buf, (char *)inet_ntoa(sockin->sin_addr));
++	return addr_buf;
++}
++
++#ifdef POPB4SMTP
++
++/* Function written by Dirk Meyer */
++
++void write_db_entry(void)
++{
++	DB *db;
++	DBT key, data;
++	char ts[16];
++	int ret, fd, st;
++	time_t tv;
++
++	/* create is not set, this is intended, 
++           function will be ignored, if database was not created */
++	db = dbopen("/etc/mail/popauth.db", O_RDWR, 0644, DB_HASH, NULL);
++	if ( db == NULL )
++		return;
++
++	/* lock all changes */
++	fd = db->fd(db);
++	if ( fd == -1 ) {
++		st = -1;
++		log_error( "db->fd() failed" );
++	} else {
++		st = flock(fd, LOCK_EX);
++	}
++
++	if (st == 0) {
++		/* generate entry */
++		key.data = client_addr(1);
++		key.size = strlen(key.data);
++		sprintf(ts, "%lu", (long)time(NULL));
++		data.data = ts;
++		data.size = strlen(ts);
++		db->put(db, &key, &data, 0);
++		db->sync(db,0);
++
++		/* cleanup old entrys */
++		ret = db->seq(db, &key, &data, R_FIRST);
++		while (!ret) {
++			data.size = data.size < 16 ? data.size : 15;
++			strncpy(ts,data.data, data.size);
++			ts[data.size] = 0;
++			tv = atol(ts);
++			if ((tv+VALIDTIME) < time(NULL)) {
++				db->del(db, &key, 0);
++				db->sync(db, 0);
++				/* start over */
++				ret = db->seq(db, &key, &data, R_FIRST);
++				continue;
++			}
++			ret = db->seq(db, &key, &data, R_NEXT);
++		}
++		st = flock(fd, LOCK_UN);
++	} else {
++		log_error( "lock() failed" );
++	}
++	db->close(db);
++}
++
++#endif
++
+--- pop_db.h.orig	Sat Dec 22 15:55:37 2001
++++ pop_db.h	Sat Dec 22 15:55:37 2001
+@@ -0,0 +1,4 @@
++
++char *client_addr(int fd);
++void write_db_entry(void);
++
+--- pop_root.c.orig	Sat Sep  8 14:58:32 2001
++++ pop_root.c	Sat Dec 22 17:27:37 2001
+@@ -32,6 +32,9 @@
+ #if POP_VIRTUAL
+ #include "virtual.h"
+ #endif
++#ifdef POPB4SMTP
++#include "pop_db.h"
++#endif
+ 
+ #if !VIRTUAL_ONLY
+ extern struct passwd *auth_userpass(char *user, char *pass, int *known);
+@@ -151,6 +154,10 @@
+ 	if (!*pass) return AUTH_FAILED;
+ 	memset(pass, 0, strlen(pass));
+ 	if (!*user) return AUTH_FAILED;
++
++#ifdef POPB4SMTP
++	write_db_entry();
++#endif
+ 
+ 	if (set_user(pw)) return AUTH_FAILED;
+ 
diff --git a/mail/popa3d/files/popauth.m4 b/mail/popa3d/files/popauth.m4
new file mode 100644
index 000000000000..2520978ad904
--- /dev/null
+++ b/mail/popa3d/files/popauth.m4
@@ -0,0 +1,47 @@
+divert(-1)
+#
+# Copyright (c) 2000 Claus Assmann <ca+popauth@mine.informatik.uni-kiel.de>
+#
+# In short: you can do whatever you want with this, but don't blame me!
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# <URL: http://www.sendmail.org/~ca/email/chk-89n.html >
+#
+VERSIONID(`$Id: popauth.m4,v 1.5 2000/10/19 17:47:53 ca Exp $')
+
+LOCAL_CONFIG
+ifdef(`DATABASE_MAP_TYPE', `', `define(`DATABASE_MAP_TYPE', `hash')')
+Kpopauth ifelse(defn(`_ARG_'), `',
+		`DATABASE_MAP_TYPE -a<OK> /etc/mail/popauth',
+		`_ARG_')
+ifdef(`CF_LEVEL', `dnl has been introduced in 8.10
+dnl this can be used to add a tag to entries in the map
+dnl to restrict the access
+ifdef(`POP_B4_SMTP_TAG',, `define(`POP_B4_SMTP_TAG', `POP:')')dnl
+ifdef(`POP_TO', `dnl
+ifdef(`_ARITH_MAP_', `', `dnl
+define(`_ARITH_MAP_', `1')dnl
+Karith arith')
+')', `dnl
+define(`POP_B4_SMTP_TAG', `')dnl
+')dnl
+LOCAL_RULESETS
+SLocal_check_rcpt
+R$*		$: $(popauth `'$&{client_addr} $: <?> $)
+R<?>		$@ NoPopAuth
+ifdef(`POP_TO', `dnl
+R$+		$: $(arith - $@ $1 $@ $&t $)
+R$+		$: $(arith l $@ $1 $@ POP_TO $)
+RTRUE		$# OK', `
+R$*<OK>		$# OK')