src/auth/passdb-vpopmail.c

	passdb-vpopmail.c revision d1ea0d2a39dbfde5a61b59c38fd0414b9a56f1f9
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen/* Copyright (C) 2002-2003 Timo Sirainen */
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen/* Thanks to Courier-IMAP for showing how the vpopmail API should be used */
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen#include "config.h"
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen#undef HAVE_CONFIG_H
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen#ifdef PASSDB_VPOPMAIL
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen#include "common.h"
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen#include "safe-memset.h"
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen#include "passdb.h"
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen#include "password-scheme.h"
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen#include "userdb-vpopmail.h"
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen#include <stdlib.h>
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainenextern struct passdb_module passdb_vpopmail;
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainenstatic void
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainenvpopmail_verify_plain(struct auth_request *request, const char *password,
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen              verify_plain_callback_t *callback)
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen{
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    char vpop_user[VPOPMAIL_LIMIT], vpop_domain[VPOPMAIL_LIMIT];
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    struct vqpasswd *vpw;
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    const char *crypted_pass;
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    const char *scheme;
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    int ret;
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    vpw = vpopmail_lookup_vqp(request, vpop_user, vpop_domain);
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    if (vpw == NULL) {
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen        callback(PASSDB_RESULT_USER_UNKNOWN, request);
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen        return;
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    }
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    if (((vpw->pw_gid & NO_IMAP) != 0 &&
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen         strcmp(request->service, "IMAP") == 0) ||
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen        ((vpw->pw_gid & NO_POP) != 0 &&
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen         strcmp(request->service, "POP3") == 0)) {
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen        auth_request_log_info(request, "vpopmail",
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen                      "%s disabled", request->service);
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen        callback(PASSDB_RESULT_USER_DISABLED, request);
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen        return;
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    }
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    auth_request_log_debug(request, "vpopmail",
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen                   "crypted password=%s", vpw->pw_passwd);
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    crypted_pass = vpw->pw_passwd;
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    scheme = password_get_scheme(&crypted_pass);
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    if (scheme == NULL) scheme = passdb_vpopmail.default_pass_scheme;
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    ret = password_verify(password, crypted_pass, scheme, request->user);
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    safe_memset(vpw->pw_passwd, 0, strlen(vpw->pw_passwd));
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    if (vpw->pw_clear_passwd != NULL) {
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen        safe_memset(vpw->pw_clear_passwd, 0,
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen                strlen(vpw->pw_clear_passwd));
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    }
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    if (ret <= 0) {
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen        if (ret < 0) {
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen            auth_request_log_error(request, "vpopmail",
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen                "Unknown password scheme %s", scheme);
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen        } else {
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen            auth_request_log_info(request, "vpopmail",
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen                          "password mismatch");
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen        }
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen        callback(PASSDB_RESULT_PASSWORD_MISMATCH, request);
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen        return;
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    }
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen#ifdef HAVE_VPOPMAIL_OPEN_SMTP_RELAY
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    if (strcmp(request->service, "POP3") == 0 ||
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen        strcmp(request->service, "IMAP") == 0) {
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen        const char *host = net_ip2addr(&request->remote_ip);
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen        if (host != NULL) {
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen            /* use putenv() directly rather than env_put() which
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen               would leak memory every time we got here. use a
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen               static buffer for putenv() as SUSv2 requirements
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen               would otherwise corrupt our environment later. */
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen            static char ip_env[256];
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen            i_snprintf(ip_env, sizeof(ip_env),
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen                   "TCPREMOTEIP=%s", host);
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen            putenv(ip_env);
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen            open_smtp_relay();
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen        }
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    }
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen#endif
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    callback(PASSDB_RESULT_OK, request);
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen}
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainenstatic void vpopmail_deinit(void)
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen{
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    vclose();
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen}
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainenstruct passdb_module passdb_vpopmail = {
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    "vpopmail",
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    "%u", "CRYPT", FALSE,
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    NULL, NULL,
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    vpopmail_deinit,
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen
9294b9ad2eb112258c247906b53010664f84e57bTimo Sirainen    vpopmail_verify_plain,
    NULL
};

#endif