Greetings,
My question is regarding *modified* UW IMAP code, so I understand that it might
be beyond the scope of this list. However, I did not come across any rules
explicitly barring such queries, so here goes:
I'm working with Rich Graves' SRPM, which is here:
http://web.brandeis.edu/pub/Network/EmailArchitecture/imap-2002c1-1brandeis.src.rpm
Therein exist a number of straightforward patches, most of which I've left
unchanged. I slightly modified the brandeis-cleartextok.patch, and that seems
to be working just fine. Since I'm hardly proficient in C, I'm running into
difficulty understanding the two following sections in brandeis-paths.patch.
(the following modifies /src/imapd/imapd.c)
+ snprintf(tmp,6,getenv(REMOTE_UID));
+ if (strlen(tmp) 3) {
+uid = atol(tmp);
+i = ident_setuid_hack(uid);
+switch (i) {
+case 1:
+ syslog (LOG_INFO,Bad ident (setuid failed) REMOTE_UID uid=%d
+ host=%.80s,uid,tcp_clienthost ());
+ break;
+default:
+ break; /* Fall through as root, requiring login */
+}
+ }
Does the above just get the client's UID and then pass it as parameter to
ident_setuid_hack()? The latter function, which is patched into
/src/osdep/unix/env_unix.c, is:
+
+unsigned long ident_setuid_hack (long uid)
+{
+ long ret = 0; /* Return value */
+ struct passwd *pw;
+ if ((uid 500) || (uid 65533)) {
+syslog (LOG_INFO,Bad ident (uid out of range) REMOTE_UID uid=%d
+host=%.80s,uid,tcp_clienthost ());
+return 3;
+ }
+ pw = getpwuid (uid);
+ if (pw == NULL) {
+syslog (LOG_INFO,Bad ident (no such uid) REMOTE_UID uid=%d host=%.80s,
+ uid,tcp_clienthost ());
+return 2;
+ }
+ ret = (setgid (pw-pw_gid) || initgroups (pw-pw_name,pw-pw_gid) ||
+setuid (uid));
+ return ret;
+}
+
Here I understand the function checks to make sure the UID is between a certain
range, confirms there isn't a null pw associated with it, and eventually gets
to the section were ret is set. That's where I'm lost. What exactly is going
on here? I suspect these two sections of code are responsible for changing the
UID of the daemon so that it preauthenticates the user, but after building and
installing this RPM on my server, the preauth does not work. Perhaps if I
understood what's going on in ret, I could troubleshoot more effectively.
Also, I'm aware of other preauth methods (i.e. via /etc/rimapd + ssh), but I'd
like to get this implementation working instead.
I decided to post to this list (before USENET) because my question is
UW-specific, but let me know if I should take it elsewhere.
Thanks,
Sahil
--
--
For information about this mailing list, and its archives, see:
http://www.washington.edu/imap/c-client-list.html
--
