diff options
author | Dirk Meyer <dinoex@FreeBSD.org> | 2002-01-12 13:04:42 +0000 |
---|---|---|
committer | Dirk Meyer <dinoex@FreeBSD.org> | 2002-01-12 13:04:42 +0000 |
commit | 12423e6cf01721c16a92705333211fcf7461f570 (patch) | |
tree | 908bd5ac5d3b0b6047a906848f3ae7bf7dfae584 /mail/popa3d/files | |
parent | Upgrade to 1.2.0-3. Minor improvements. One of our patches got (diff) |
- Update popa3d-0.5
- Cleanup POP_AFTERR_SMTP patches
- honor CFLAGS
- claim maintainership
no response from previous maintainer since August 2001
Notes
Notes:
svn path=/head/; revision=52969
Diffstat (limited to 'mail/popa3d/files')
-rw-r--r-- | mail/popa3d/files/POPAUTH | 49 | ||||
-rw-r--r-- | mail/popa3d/files/patch-aa | 43 | ||||
-rw-r--r-- | mail/popa3d/files/patch-ab | 40 | ||||
-rw-r--r-- | mail/popa3d/files/pop-before-sendmail.patch | 184 | ||||
-rw-r--r-- | mail/popa3d/files/popauth.m4 | 47 |
5 files changed, 313 insertions, 50 deletions
diff --git a/mail/popa3d/files/POPAUTH b/mail/popa3d/files/POPAUTH new file mode 100644 index 000000000000..abb368505724 --- /dev/null +++ b/mail/popa3d/files/POPAUTH @@ -0,0 +1,49 @@ + popa3d patch for POP-before-SMTP and SMTP-after-POP + + Garry Glendown / Dec. 12th 2000 + +On the 'net there are a couple of solutions to allow for POP-before-SMTP +authentication in order to allow for relaying of mails. Anyway, the +solutions I found didn't really apeal to me, so I hacked popa3d a bit, +which we already used on one of our machines to serve mail to dialup +customers. + + Prerequisites + +This patch supplies data to sendmail to allow for certain IPs to use it +as a relaying host. In order to use with your sendmail installation, get +the popauth-hack (http://www.sendmail.org/~ca/email/rules/popauth.m4) +and install it by adding "HACK(`popauth')" to you .mc-file. + + Installing + +The patch - enabled through the POPB4SMTP-define in the Makefile - +accesses the file "/etc/mail/popauth.db" (create with "makemap hash +/etc/mail/popauth </dev/null") and adds the IP of the sucessfully +authenticated POP-user to it. Once the IP appears in the .db-file, +sendmail will allow the IP to relay mail from it. + +Apart from the IP, which is added as LHS in the database, the patch adds +the timestamp of the authentication as RHS (which the sendmail-hack +ignores). This timestamp is then used to remove old IPs which are older +than VALIDTIME seconds (defined in the Makefile). + + Disclaimer + +This hack has been in production use for a week on our server and though +there are in average 30-60 POP3 logins per minute (going up to 2-3 +requests per seconds during daytime), we have not had any problems. +Please note that I'm no expert at the Berkeley db library - I just +hacked up a version using the old db1 functions and it worked out. +There may be things to do better, but it seems to work fine for me. If +you have any suggestions, let me know ... I've tried to play it safe and +wrapped all db-access into a semaphore-protected block, hopefully +allowing for safe multiple execution ... also, I tried to make sure that +the string functions all check for the available array length. + +If you have any suggestions, questions or feedback of any other kind +concerning this hack, don't bug the author of popa3d, but drop me a mail +at garry@glendown.de + +G.Glendown / Dec 15th 2000 + diff --git a/mail/popa3d/files/patch-aa b/mail/popa3d/files/patch-aa index b873e9ac3561..7d0d1221a136 100644 --- a/mail/popa3d/files/patch-aa +++ b/mail/popa3d/files/patch-aa @@ -1,37 +1,22 @@ ---- params.h.orig Tue Feb 1 09:16:24 2000 -+++ params.h Sat Mar 4 16:12:48 2000 -@@ -33,7 +33,7 @@ - * An unprivileged dummy user to run as before authentication. The user - * and its UID must not be used for any other purpose. +--- params.h.orig Tue Oct 16 06:10:34 2001 ++++ params.h Sat Dec 22 11:57:52 2001 +@@ -99,7 +99,7 @@ + * A pseudo-user to run as before authentication. The user and its UID + * must not be used for any other purpose. */ --#define POP_USER "popa3d" +-#define POP_USER POP_SERVER +#define POP_USER "pop" /* - * Sessions will be closed if idle for longer than POP_TIMEOUT seconds. -@@ -62,7 +62,7 @@ - * Do we have shadow passwords? (Not for *BSD.) - * Note: password aging is not supported. + * An empty directory to chroot to before authentication. The directory +@@ -142,8 +142,8 @@ + * + * Note that there's no built-in password aging support. */ +-#define AUTH_PASSWD 0 -#define AUTH_SHADOW 1 ++#define AUTH_PASSWD 1 +#define AUTH_SHADOW 0 + #define AUTH_PAM 0 + #define AUTH_PAM_USERPASS 0 - /* - * A salt used to waste some CPU time on dummy crypt(3) calls and make -@@ -81,14 +81,14 @@ - * Your mail spool directory. Note: only local (non-NFS) mode 775 mail - * spools are currently supported. - */ --#define MAIL_SPOOL_PATH "/var/spool/mail" -+#define MAIL_SPOOL_PATH "/var/mail" - - /* - * How do we talk to syslogd? These should be fine for most systems. - */ - #define SYSLOG_IDENT "popa3d" - #define SYSLOG_OPTIONS LOG_PID --#define SYSLOG_FACILITY LOG_DAEMON -+#define SYSLOG_FACILITY LOG_MAIL - #define SYSLOG_PRIORITY LOG_NOTICE - - /* diff --git a/mail/popa3d/files/patch-ab b/mail/popa3d/files/patch-ab index b08ab0b7125b..122542270080 100644 --- a/mail/popa3d/files/patch-ab +++ b/mail/popa3d/files/patch-ab @@ -1,24 +1,22 @@ ---- Makefile.orig Tue Feb 1 06:56:46 2000 -+++ Makefile Sat Mar 4 18:34:28 2000 -@@ -1,9 +1,8 @@ +--- Makefile.orig Sun Oct 28 02:10:49 2001 ++++ Makefile Sat Dec 22 11:59:22 2001 +@@ -1,15 +1,15 @@ -CC = gcc -LD = gcc -+CC?= gcc ++CC? = gcc ++LD = ${CC} RM = rm -f - CFLAGS = -c -Wall -O2 -fomit-frame-pointer --LDFLAGS = -s --#LDFLAGS = -s -lcrypt -+#LDFLAGS = -s -+LDFLAGS = -s -lcrypt - - PROJ = popa3d - OBJS = md5/md5.o \ -@@ -13,7 +12,7 @@ - misc.o - - popa3d: $(OBJS) -- $(LD) $(LDFLAGS) $(OBJS) -o popa3d -+ $(CC) $(LDFLAGS) $(OBJS) -o popa3d - - md5/md5.o: md5/md5.c md5/md5.h - $(CC) $(CFLAGS) -D_LIBC md5/md5.c -o md5/md5.o + MKDIR = mkdir -p + INSTALL = install +-CFLAGS = -c -Wall -O2 -fomit-frame-pointer ++CFLAGS += -c -Wall -O2 -fomit-frame-pointer + # You may use OpenSSL's MD5 routines instead of the ones supplied here + #CFLAGS += -DHAVE_OPENSSL + LDFLAGS = -s + LIBS = + # Linux with glibc, FreeBSD, NetBSD +-#LIBS += -lcrypt ++LIBS += -lcrypt + # HP-UX trusted system + #LIBS += -lsec + # Solaris (POP_STANDALONE, POP_VIRTUAL) diff --git a/mail/popa3d/files/pop-before-sendmail.patch b/mail/popa3d/files/pop-before-sendmail.patch new file mode 100644 index 000000000000..b50e65f37847 --- /dev/null +++ b/mail/popa3d/files/pop-before-sendmail.patch @@ -0,0 +1,184 @@ +--- Makefile.orig Sat Dec 22 12:00:30 2001 ++++ Makefile Sat Dec 22 12:20:30 2001 +@@ -39,6 +39,9 @@ + misc.o \ + md5/md5.o + ++OBJS += pop_db.o ++CFLAGS += -DPOPB4SMTP -DVALIDTIME=600 ++ + all: $(PROJ) + + popa3d: $(OBJS) +--- pop_auth.c.orig Thu Sep 6 01:52:35 2001 ++++ pop_auth.c Sat Dec 22 17:41:02 2001 +@@ -14,6 +14,7 @@ + #if POP_VIRTUAL + #include "virtual.h" + #endif ++#include "pop_db.h" + + static char *pop_user, *pop_pass; + +@@ -75,15 +76,17 @@ + #if POP_VIRTUAL + if (virtual_domain) { + syslog(result == AUTH_OK ? SYSLOG_PRI_LO : SYSLOG_PRI_HI, +- "Authentication %s for %s@%s", ++ "Authentication %s for %s@%s from %s", + result == AUTH_OK ? "passed" : "failed", + user ? user : "UNKNOWN USER", +- virtual_domain); ++ virtual_domain, ++ client_addr(1) ); + return; + } + #endif + syslog(result == AUTH_OK ? SYSLOG_PRI_LO : SYSLOG_PRI_HI, +- "Authentication %s for %s", ++ "Authentication %s for %s from %s", + result == AUTH_OK ? "passed" : "failed", +- user ? user : "UNKNOWN USER"); ++ user ? user : "UNKNOWN USER", ++ client_addr(1)); + } +--- pop_db.c.orig Sat Dec 22 15:55:37 2001 ++++ pop_db.c Sat Dec 22 17:41:50 2001 +@@ -0,0 +1,107 @@ ++ ++#include <sys/types.h> ++#include <sys/socket.h> ++#include <netinet/in.h> ++#include <arpa/inet.h> ++#include <sys/stat.h> ++ ++#ifdef POPB4SMTP ++#include <fcntl.h> ++#include <db.h> ++#include <time.h> ++#include <stdio.h> ++#include <string.h> ++#include <stdlib.h> ++#endif ++ ++#include "pop_db.h" ++ ++int log_error(char *s); ++ ++ ++/* Function from G.Glendown Dec 2000 */ ++ ++char addr_buf[256]; ++ ++char *client_addr(int fd) ++{ ++ struct sockaddr sa; ++ struct sockaddr_in *sockin = (struct sockaddr_in *) (&sa); ++ int length = sizeof(sa); ++ ++ strcpy(addr_buf,"0.0.0.0"); ++ ++ if (fd == -1) { ++ return addr_buf; ++ } ++ ++ if (getpeername(fd, &sa, &length) < 0) { ++ return addr_buf; ++ } ++ ++ strcpy(addr_buf, (char *)inet_ntoa(sockin->sin_addr)); ++ return addr_buf; ++} ++ ++#ifdef POPB4SMTP ++ ++/* Function written by Dirk Meyer */ ++ ++void write_db_entry(void) ++{ ++ DB *db; ++ DBT key, data; ++ char ts[16]; ++ int ret, fd, st; ++ time_t tv; ++ ++ /* create is not set, this is intended, ++ function will be ignored, if database was not created */ ++ db = dbopen("/etc/mail/popauth.db", O_RDWR, 0644, DB_HASH, NULL); ++ if ( db == NULL ) ++ return; ++ ++ /* lock all changes */ ++ fd = db->fd(db); ++ if ( fd == -1 ) { ++ st = -1; ++ log_error( "db->fd() failed" ); ++ } else { ++ st = flock(fd, LOCK_EX); ++ } ++ ++ if (st == 0) { ++ /* generate entry */ ++ key.data = client_addr(1); ++ key.size = strlen(key.data); ++ sprintf(ts, "%lu", (long)time(NULL)); ++ data.data = ts; ++ data.size = strlen(ts); ++ db->put(db, &key, &data, 0); ++ db->sync(db,0); ++ ++ /* cleanup old entrys */ ++ ret = db->seq(db, &key, &data, R_FIRST); ++ while (!ret) { ++ data.size = data.size < 16 ? data.size : 15; ++ strncpy(ts,data.data, data.size); ++ ts[data.size] = 0; ++ tv = atol(ts); ++ if ((tv+VALIDTIME) < time(NULL)) { ++ db->del(db, &key, 0); ++ db->sync(db, 0); ++ /* start over */ ++ ret = db->seq(db, &key, &data, R_FIRST); ++ continue; ++ } ++ ret = db->seq(db, &key, &data, R_NEXT); ++ } ++ st = flock(fd, LOCK_UN); ++ } else { ++ log_error( "lock() failed" ); ++ } ++ db->close(db); ++} ++ ++#endif ++ +--- pop_db.h.orig Sat Dec 22 15:55:37 2001 ++++ pop_db.h Sat Dec 22 15:55:37 2001 +@@ -0,0 +1,4 @@ ++ ++char *client_addr(int fd); ++void write_db_entry(void); ++ +--- pop_root.c.orig Sat Sep 8 14:58:32 2001 ++++ pop_root.c Sat Dec 22 17:27:37 2001 +@@ -32,6 +32,9 @@ + #if POP_VIRTUAL + #include "virtual.h" + #endif ++#ifdef POPB4SMTP ++#include "pop_db.h" ++#endif + + #if !VIRTUAL_ONLY + extern struct passwd *auth_userpass(char *user, char *pass, int *known); +@@ -151,6 +154,10 @@ + if (!*pass) return AUTH_FAILED; + memset(pass, 0, strlen(pass)); + if (!*user) return AUTH_FAILED; ++ ++#ifdef POPB4SMTP ++ write_db_entry(); ++#endif + + if (set_user(pw)) return AUTH_FAILED; + diff --git a/mail/popa3d/files/popauth.m4 b/mail/popa3d/files/popauth.m4 new file mode 100644 index 000000000000..2520978ad904 --- /dev/null +++ b/mail/popa3d/files/popauth.m4 @@ -0,0 +1,47 @@ +divert(-1) +# +# Copyright (c) 2000 Claus Assmann <ca+popauth@mine.informatik.uni-kiel.de> +# +# In short: you can do whatever you want with this, but don't blame me! +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# <URL: http://www.sendmail.org/~ca/email/chk-89n.html > +# +VERSIONID(`$Id: popauth.m4,v 1.5 2000/10/19 17:47:53 ca Exp $') + +LOCAL_CONFIG +ifdef(`DATABASE_MAP_TYPE', `', `define(`DATABASE_MAP_TYPE', `hash')') +Kpopauth ifelse(defn(`_ARG_'), `', + `DATABASE_MAP_TYPE -a<OK> /etc/mail/popauth', + `_ARG_') +ifdef(`CF_LEVEL', `dnl has been introduced in 8.10 +dnl this can be used to add a tag to entries in the map +dnl to restrict the access +ifdef(`POP_B4_SMTP_TAG',, `define(`POP_B4_SMTP_TAG', `POP:')')dnl +ifdef(`POP_TO', `dnl +ifdef(`_ARITH_MAP_', `', `dnl +define(`_ARITH_MAP_', `1')dnl +Karith arith') +')', `dnl +define(`POP_B4_SMTP_TAG', `')dnl +')dnl +LOCAL_RULESETS +SLocal_check_rcpt +R$* $: $(popauth `'$&{client_addr} $: <?> $) +R<?> $@ NoPopAuth +ifdef(`POP_TO', `dnl +R$+ $: $(arith - $@ $1 $@ $&t $) +R$+ $: $(arith l $@ $1 $@ POP_TO $) +RTRUE $# OK', ` +R$*<OK> $# OK') |