Re: [binc] Problems enabling IMAPdir

Fri, 14 Jan 2005 18:40:31 -0800 

Kyle Lanclos wrote:

> -- thanks, python!).
too be sure :)

I'm making my first pass at getting bincimap (1.2.11final) set up on a new
mail server, and I've run into a bit of a snag getting it to agree to use
IMAPdir as its depot type.

In the bincimapd man page, the admin is cautioned to make sure that their
checkpassword program does not re-set the environment, as bincimap-up hands
over configuration data in the form of environment variables.

Just too rule this out I've attached my checkpassword script for your reference. It's in python also. I drew from a number of sources putting it together and it works well for me so I've got a fair bit of confidence in it.

Hope this helps,
AndyG.



#!/usr/local/python/bin/python

# http://cr.yp.to/checkpwd/interface.html
# http://www.qmail.org/man/man5/qmail-users.html
# http://qmail.glasswings.com.au/checkpassword.pl
# http://www.ornl.gov/lists/mailing-lists/qmail/2004/02/msg00789.html
# http://www.mail-archive.com/[email protected]/msg01239.html

# Test:
#   printf "%s\0%s\0%s\0" guest secret Y123456 | \
#       /var/qmail/bin/checkcredentials ls -l 3<&0
#

import os
import string
import time
import sys
import crypt

#
# insert your credential checks HERE
#
# on failure, return None
# on success, return ( userid, home, shell, uid, gid )
#
#
def cred_check( userToCheck, passwdToCheck ) :

    lines = [ l[:-1] for l in open( "/var/qmail/users/assign", "r" 
).readlines() ]

    for line in lines:

        if line == ".": return None

        # =local:user:uid:gid:homedir:dash:ext:
        ( local, userid, uid, gid, home, dash, ext, passwd ) = line.split(":")

        if local == "="+userToCheck:
            if crypt.crypt( passwdToCheck, passwd[:2] ) == passwd:
                return ( userid, home, "/bin/false", uid, gid )
            else: 
                return None

    return None

#
# ensure correct usage: checkcredentials prog
if len(sys.argv) < 2: sys.exit(2)

#
# parse credentials from descriptor 3
# The maximum is 512, so we use the double for BASE64
try:
    cred = string.split (os.read (3, 1024), "\0")
except:
    sys.exit( 2 )

check = cred_check( cred[0], cred[1] )

#
# bail if check failed
if not check:
    sys.exit( 1 )

#
# check ok, so run supplied arg
(userid, home, shell, uid, gid) = check

os.environ["USER"]   = userid
os.environ["UID"]    = uid
os.environ["HOME"]   = home
os.environ["SHELL"]  = shell

os.chdir( home )

gid = int(gid)
uid = int(uid)

os.setregid( gid, gid )
os.setreuid( uid, uid )

os.execve( sys.argv[1], sys.argv[1:], os.environ )

Reply via email to