[Dovecot] Tru64 Unix and SIA

older
[Dovecot] dovecot starts and then...

Simon L Jackson

20 Sep 2006 20 Sep '06

4:46 a.m.

I have recently written a (minimal) Tru64 Unix SIA password module for Dovecot as part of testing a Dovecot installation.

Has anyone else written a Tru64 Unix SIA module?

Is anyone else interested in such a module?

If so, how might I/we go about getting this/such a module into the main Dovecot source?

Thanks

-- Simon L Jackson Carringbush.Net

+- Carringbush.Net Hosting * Development * Advice

Web: www.carringbush.net <http://www.carringbush.net/> Email: simon.jackson@carringbush.net <mailto:simon.jackson@carringbush.net>

Office: +61 3 9411 4400 Support: +61 3 9411 4444 Fax: +61 3 9411 4499

Level 1 15 Bedford Street Collingwood VIC 3066 Australia

P.O. Box 1464 Collingwood VIC 3066 Australia +-

Attachments:

attachment.html (text/html — 1.1 KB)

Show replies by date

Charles Marcus

20 Sep 20 Sep

10:23 a.m.

Simon L Jackson wrote:

...

I think Timo will be interested in this, but he is involved with some other things for a little while. Don't take his silence as no interest...

Best regards,

Charles

Timo Sirainen

22 Sep 22 Sep

2:59 p.m.

On Wed, 2006-09-20 at 14:46 +1000, Simon L Jackson wrote:

...

First show me the code, then I'll see how it looks like :) If it's small you might as well post the patch here to the list, for larger either mail me or give some URL.

Simon L Jackson

27 Sep 27 Sep

3:43 a.m.

Timo Sirainen wrote:

...

On Wed, 2006-09-20 at 14:46 +1000, Simon L Jackson wrote:

...
I have recently written a (minimal) Tru64 Unix SIA password module for Dovecot as part of testing a Dovecot installation.

Has anyone else written a Tru64 Unix SIA module?

Is anyone else interested in such a module?

If so, how might I/we go about getting this/such a module into the main Dovecot source?

First show me the code, then I'll see how it looks like :) If it's small you might as well post the patch here to the list, for larger either mail me or give some URL.

I'll try just posting it. There are some diffs and finally that new source. --------------------------------------------------------------------------------- b02> diff /usr/src/dovecot-1.0.rc7/configure.in.orig /usr/src/dovecot-1.0.rc7/configure.in 101a102,110

...

AC_ARG_WITH(sia, [ --with-sia Build with SIA support (default)], if test x$withval = xno; then want_sia=no else want_sia=yes fi, want_sia=yes)

1352a1362,1372

...

]) fi

if test $want_sia = yes; then AC_CHECK_FUNC(sia_validate_user, [ AC_CHECK_HEADERS(sia.h siad.h sys/security.h) need_crypt=yes AC_DEFINE(PASSDB_SIA,, Build with SIA support) passdb="$passdb sia" AC_CHECK_LIB(security, sia_validate_user) LIBS="$LIBS -depth_ring_search"

b02> diff /usr/src/dovecot-1.0.rc7/config.h.in.orig /usr/src/dovecot-1.0.rc7/config.h.in 407a408,410

...

/* Build with sia support */ #undef PASSDB_SIA

b02> diff /usr/src/dovecot-1.0.rc7/src/lib/mountpoint.c.orig /usr/src/dovecot-1.0.rc7/src/lib/mountpoint.c 53c53 < point_r->type = p_strdup(pool, buf.f_fstypename); ---

...

point_r->type = p_strdup(pool, getvfsbynumber(buf.f_type));

b02> diff /usr/src/dovecot-1.0.rc7/src/auth/Makefile.in.orig /usr/src/dovecot-1.0.rc7/src/auth/Makefile.in 84,85c84,88 < passdb-checkpassword.$(OBJEXT) passdb-shadow.$(OBJEXT) \ < passdb-vpopmail.$(OBJEXT) passdb-sql.$(OBJEXT) \ ---

...

passdb-checkpassword.$(OBJEXT) \ passdb-shadow.$(OBJEXT) \ passdb-sia.$(OBJEXT) \ passdb-vpopmail.$(OBJEXT) \ passdb-sql.$(OBJEXT) \

312a316

...

passdb-sia.c \

475a480

...

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/passdb-sia.Po@am__quote@ b02> diff /usr/src/dovecot-1.0.rc7/src/auth/passdb.c.orig /usr/src/dovecot-1.0.rc7/src/auth/passdb.c 13a14 extern struct passdb_module_interface passdb_sia; 38a40,42 #endif #ifdef PASSDB_SIA &passdb_sia, b02> cat /usr/src/dovecot-1.0.rc7/src/auth/passdb-sia.c /* Copyright (C) 2006 Simon L Jackson */

#include "common.h" #ifdef PASSDB_SIA #include "safe-memset.h" #include "passdb.h" #include "mycrypt.h" #include <pwd.h> #include <sia.h> #include <siad.h> #include <sys/security.h> /* #define SIA_CACHE_KEY "%u" */ #define SIA_PASS_SCHEME "CRYPT" static int checkpw_collect ( int timeout, int rendition, uchar_t *title, int nprompts, prompt_t *prompts ) { switch (rendition) { case SIAONELINER: case SIAINFO: case SIAWARNING: return SIACOLSUCCESS; } return SIACOLABORT; /* another else is bogus */ } static void local_sia_verify_plain(struct auth_request *request, const char *password, verify_plain_callback_t *callback) { struct passwd *pw; bool result; pw = getpwnam(request->user); if (pw == NULL) { auth_request_log_info(request, "sia", "unknown user"); callback(PASSDB_RESULT_USER_UNKNOWN, request); return; } /* check if the password is valid */ if (password != NULL) { char *argutility = "dovecot"; result = ( sia_validate_user (checkpw_collect,1,&argutility,NULL, (char *) request->user,NULL,NULL,NULL,(char *) password) == SIASUCCESS ); } if (!result) { auth_request_log_info(request, "sia", "password mismatch"); callback(PASSDB_RESULT_PASSWORD_MISMATCH, request); return; } /* make sure we're using the username exactly as it's in the database */ auth_request_set_field(request, "user", pw->pw_name, NULL); callback(PASSDB_RESULT_OK, request); } static void local_sia_init(struct passdb_module *module, const char *args __attr_unused__) { /* module->cache_key = SIA_CACHE_KEY; */ module->default_pass_scheme = SIA_PASS_SCHEME; } static void local_sia_deinit(struct passdb_module *module __attr_unused__) { } struct passdb_module_interface passdb_sia = { "sia", NULL, local_sia_init, local_sia_deinit, local_sia_verify_plain, NULL }; #endif ----------------------------------------------------------------------------------------- Cheers -- Simon L Jackson Carringbush.Net +- Carringbush.Net Hosting * Development * Advice Web: www.carringbush.net <http://www.carringbush.net/> Email: simon.jackson@carringbush.net <mailto:simon.jackson@carringbush.net> Office: +61 3 9411 4400 Support: +61 3 9411 4444 Fax: +61 3 9411 4499 Level 1 15 Bedford Street Collingwood VIC 3066 Australia P.O. Box 1464 Collingwood VIC 3066 Australia +-

Timo Sirainen

8 Oct 8 Oct

9:10 p.m.

On Wed, 2006-09-27 at 13:43 +1000, Simon L Jackson wrote:

...

    pw = getpwnam(request->user);
    if (pw == NULL) {
            auth_request_log_info(request, "sia", "unknown user");
            callback(PASSDB_RESULT_USER_UNKNOWN, request);
            return;
    }

    /* check if the password is valid */
    if (password != NULL) {
            char *argutility = "dovecot";
            result = ( sia_validate_user

(checkpw_collect,1,&argutility,NULL, (char *) request->user,NULL,NULL,NULL,(char *) password) == SIASUCCESS ); }

Is there a reason why you're doing a getpwnam() lookup, since it looks like sia_validate_user() does all the work?

Timo Sirainen

9:24 p.m.

On Wed, 2006-09-27 at 13:43 +1000, Simon L Jackson wrote:

...

Tru64 doesn't have f_fstypename I guess? What #ifdef I could use here? Is there some __Tru64__?

Otherwise I've now committed this to CVS, with some modifications such as assuming that the removal of getpwnam() was ok. Check if it still works in rc8 :)

...

6786

Age (days ago)

6804

Last active (days ago)

List overview

5 comments

3 participants

participants (3)

Charles Marcus
Simon L Jackson
Timo Sirainen