[courier-users] PATCH: authmysql restrict service by user

Roland Schneider Wed, 29 May 2002 15:22:50 -0700

I had a look at the sources, and it was really easy to extend
the select_clause from [EMAIL PROTECTED] with the type of service.
Unfortunately this value is not passed in the durrent authmysqlllib
and two functions needed a new argument.


The patch currently works only with the MYSQL_SELECT_CLAUSE, but
could be extended if necessary.


1) Add the field 'service' to your mysql-table:

service set('courier','esmtp','pop3','imap','webmail') NOT NULL default
'courier,pop3',

Courier-users should take care to enable the service 'courier'.


2) update the select_clause to use the new variable and field:

MYSQL_SELECT_CLAUSE     SELECT local,'',clear,7780,7780,'/relay/home/$(local_par
t)','.',quota,name \
  FROM passwd WHERE local='$(local_part)' \
  AND (domain='$(local_part)' OR domain='$(domain)') \
  AND FIND_IN_SET('$(service)',service)>0


3) the sql-query now looks like this:

                   1224 Query       SELECT local,'',clear,7780,7780,'/relay/home
/user','.',quota,name     FROM passwd WHERE local='user'     AND (domain='
user' OR domain='example.com')     AND FIND_IN_SET('pop3',service)>0
                   1224 Quit

and another one, watch the service-attribute:

1402 Query       SELECT local,'',clear,7780,7780,'/relay/home
/user','.',quota,name     FROM passwd WHERE local='user'     AND (domain='us
er' OR domain='example.com')     AND FIND_IN_SET('webmail',service)>0
                   1402 Quit


This works quiet well, but I tested only for a few minutes,
and without authdaemon, thats enough for today ;)

Roland

PS: I removed the bits used for pop3-apop, but left the changes
for variable separators. Hope this did not brake anything.
Be careful to preserve the tabs in the patch.


# pass the 'service' to authmysql
# use @, % and ! as separator with authmysql
# for use with MYSQL_SELECT_CLAUSE and separate local/domain
--- ../courier-0.38.1.orig/authlib/authmysql.h  Thu Aug  2 00:18:58 2001
+++ authlib/authmysql.h Wed May 29 22:26:34 2002
@@ -20,7 +20,8 @@
        gid_t gid;
        } ;
 
-extern struct authmysqluserinfo *auth_mysql_getuserinfo(const char *);
+// PATCH: add service to authmysql
+extern struct authmysqluserinfo *auth_mysql_getuserinfo(const char *, const
char *);
 extern void auth_mysql_cleanup();
 
 extern int auth_mysql_setpass(const char *, const char *);
--- ../courier-0.38.1.orig/authlib/authmysql.c  Thu Jun 21 03:44:30 2001
+++ authlib/authmysql.c Wed May 29 22:48:38 2002
@@ -35,7 +35,8 @@
                return (0);
        }
 
-       authinfo=auth_mysql_getuserinfo(user);
+       // PATCH: add service to authmysql
+       authinfo=auth_mysql_getuserinfo(user, service);
 
        if (!callback_func)
                auth_mysql_cleanup();
@@ -141,7 +155,8 @@
 {
 struct authmysqluserinfo *authinfo;
 
-       authinfo=auth_mysql_getuserinfo(user);
+       // PATCH: add service to authmysql
+       authinfo=auth_mysql_getuserinfo(user, service);
 
        if (!authinfo)
        {
--- ../courier-0.38.1.orig/authlib/authmysqllib.c       Mon Apr  1 21:56:18 2002
+++ authlib/authmysqllib.c      Wed May 29 23:30:22 2002
@@ -221,7 +221,9 @@
                if (*p == '"' || *p == '\\' ||
                    (int)(unsigned char)*p < ' ')
                        *p=' '; /* No funny business */
-       if (strchr(username, '@') == 0 && defdomain && *defdomain)
+       // PATCH: variable separator
+       // if (strchr(username, '@') == 0 && defdomain && *defdomain)
+       if (strpbrk(username, "@%!") == 0 && defdomain && *defdomain)
                strcat(strcpy(p, "@"), defdomain);
 }
 
@@ -439,8 +441,9 @@
 static char    localpart_buf[130];
        
        if (!username || *username == '\0')     return NULL;
-       
-       p = strchr(username,'@');
+       // PATCH: variable separator
+       // p = strchr(username,'@');
+       p = strpbrk(username,"@%!");
        if (p)
        {
                if ((p-username) > 128)
@@ -476,14 +479,17 @@
 char           *q;
        
        if (!username || *username == '\0')     return NULL;
-       p = strchr(username,'@');
-       
+       // PATCH: variable separator
+       // p = strchr(username,'@');
+       p = strpbrk(username,"@%!");
        if (!p || *(p+1) == '\0')
        {
                if (defdomain && *defdomain)
                        return defdomain;
                else
-                       return NULL;
+                       // PATCH: allow empty DEFAUTL_DOMAIN
+                       // return NULL;
+                       return "";
        }
 
        p++;
@@ -530,12 +536,14 @@
 
 
 /* [EMAIL PROTECTED] */
+// PATCH: add service to authmysql
 static char *parse_select_clause (const char *clause, const char *username,
-                                 const char *defdomain)
+                                 const char *defdomain, const char *service)
 {
 static struct var_data vd[]={
            {"local_part",      NULL,   sizeof("local_part"),   0},
            {"domain",          NULL,   sizeof("domain"),       0},
+           {"service",         NULL,   sizeof("service"),      0},
            {NULL,              NULL,   0,                      0}};
 
        if (clause == NULL || *clause == '\0' ||
@@ -546,6 +554,8 @@
        vd[1].value     = get_domain (username, defdomain);
        if (!vd[0].value || !vd[1].value)
                return NULL;
+       if(service != NULL && *service != '\0')
+               vd[2].value = service;
        
        return (parse_string (clause, vd));
 }
@@ -578,7 +588,8 @@
        return (parse_string (clause, vd));
 }
 
-struct authmysqluserinfo *auth_mysql_getuserinfo(const char *username)
+// PATCH: add service to authmysql
+struct authmysqluserinfo *auth_mysql_getuserinfo(const char *username, const
char *service)
 {
 const char *user_table =NULL;
 const char *defdomain  =NULL;
@@ -595,6 +606,8 @@
            *uid_field          =NULL,
            *gid_field          =NULL,
            *quota_field        =NULL,
+           // PATCH: add service to authmysql (not done yet)
+           // *service_field   =NULL;
            *where_clause       =NULL,
            *select_clause      =NULL; /* [EMAIL PROTECTED] */
 
@@ -665,6 +678,10 @@
 
                quota_field=read_env("MYSQL_QUOTA_FIELD");
                if (!quota_field) quota_field="\"\""; 
+               
+               // PATCH: add service to authmysql (not done)
+               // service_field=read_env("MYSQL_SERVICE_FIELD");
+               // if (!service_field) service_field="\"\"";
 
                where_clause=read_env("MYSQL_WHERE_CLAUSE");
                if (!where_clause) where_clause = "";
@@ -704,7 +721,8 @@
        else
        {
                /* [EMAIL PROTECTED] */
-               querybuf=parse_select_clause (select_clause, username, defdomain);
+               // PATCH: add service to authmysql
+               querybuf=parse_select_clause (select_clause, username, defdomain, 
+service);
                if (!querybuf) return 0;
        }
 
--- ../courier-0.38.1.orig/authlib/preauthmysql.c       Thu Jun 21 03:44:30 2001
+++ authlib/preauthmysql.c      Wed May 29 22:28:15 2002
@@ -29,7 +29,7 @@
 struct authmysqluserinfo *authinfo;
 struct authinfo        aa;
 
-       authinfo=auth_mysql_getuserinfo(user);
+       authinfo=auth_mysql_getuserinfo(user, service);
 
        if (!authinfo)          /* Fatal error - such as MySQL being down */
                return (1);





_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] PATCH: authmysql restrict service by user

Reply via email to