[Dbmail] Webmail Patch #2

John Hansen Thu, 21 Oct 2004 06:08:55 +0200 (CEST)

Hi again,...

I seem to have forgotten to actually attach the patch,


so here it is.

... John

diff -ruN dbmail-2.0.0.orig/auth/authldap.c dbmail-2.0.0/auth/authldap.c
--- dbmail-2.0.0.orig/auth/authldap.c	2004-08-18 19:48:23.000000000 +1000
+++ dbmail-2.0.0/auth/authldap.c	2004-10-21 10:30:29.000000000 +1000
@@ -1896,7 +1896,7 @@
  *
  * returns useridnr on OK, 0 on validation failed, -1 on error 
  */
-int auth_validate(char *username, char *password, u64_t * user_idnr)
+int auth_validate(char *username, char *password, u64_t * user_idnr, char * client_ip)
 {
 	timestring_t timestring;
 
@@ -1965,7 +1965,8 @@
 /* returns useridnr on OK, 0 on validation failed, -1 on error */
 u64_t auth_md5_validate(char *username UNUSED,
 			unsigned char *md5_apop_he UNUSED,
-			char *apop_stamp UNUSED)
+			char *apop_stamp UNUSED,
+			char *client_ip UNUSED)
 {
 
 	return 0;
diff -ruN dbmail-2.0.0.orig/auth/authsql.c dbmail-2.0.0/auth/authsql.c
--- dbmail-2.0.0.orig/auth/authsql.c	2004-09-19 20:34:21.000000000 +1000
+++ dbmail-2.0.0/auth/authsql.c		2004-10-21 10:57:13.000000000 +1000
@@ -588,7 +588,7 @@
 	return 0;
 }
 
-int auth_validate(char *username, char *password, u64_t * user_idnr)
+int auth_validate(char *username, char *password, u64_t * user_idnr, char * client_ip)
 {
 	const char *query_result;
 	int is_validated = 0;
@@ -622,7 +622,7 @@
 	db_escape_string(escuser, username, strlen(username));
 
 	snprintf(__auth_query_data, AUTH_QUERY_SIZE,
-		 "SELECT user_idnr, passwd, encryption_type FROM dbmail_users "
+		 "SELECT user_idnr, passwd, encryption_type, webenabled, popenabled FROM dbmail_users "
 		 "WHERE userid = '%s'", escuser);
 
 	if (__auth_query(__auth_query_data) == -1) {
@@ -698,6 +698,16 @@
 	}
 
 	if (is_validated) {
+	    query_result = db_get_result(0, 3);
+	    is_validated = (strncmp("t", query_result, 1) == 0) ? 1 : 0;
+	    if(is_validated) {
+		// is the mailbox enabled for non-localhost access ?
+		query_result - db_get_result(0, 4);
+		is_validated = ( (strncmp("t", query_result, 1) == 0) || (strncml("127.0.0.1", client_ip, 9) == 0) ) ? 1 : 0;
+	    }
+	}
+
+	if (is_validated) {
 		query_result = db_get_result(0, 0);
 		*user_idnr =
 		    (query_result) ? strtoull(query_result, NULL, 10) : 0;
@@ -721,7 +731,7 @@
 }
 
 u64_t auth_md5_validate(char *username, unsigned char *md5_apop_he,
-			char *apop_stamp)
+			char *apop_stamp, char * client_ip)
 {
 	/* returns useridnr on OK, 0 on validation failed, -1 on error */
 	char *checkstring;
@@ -730,6 +740,7 @@
 	const char *query_result;
 	timestring_t timestring;
 	char *escaped_username;
+	int is_validated = 0;
 
 	create_current_timestring(&timestring);
 
@@ -739,7 +750,7 @@
 		return -1;
 	}
 	snprintf(__auth_query_data, AUTH_QUERY_SIZE,
-		 "SELECT passwd,user_idnr FROM dbmail_users WHERE "
+		 "SELECT passwd,user_idnr,webenabled,popenabled FROM dbmail_users WHERE "
 		 "userid = '%s'", escaped_username);
 	free(escaped_username);
 
@@ -788,6 +799,15 @@
 		query_result = db_get_result(0, 1);
 		user_idnr =
 		    (query_result) ? strtoull(query_result, NULL, 10) : 0;
+		// is the mailbox enabled ?
+		query_result = db_get_result(0,2);
+		is_validated = (strncmp("t", query_result, 1) == 0) ? 1 : 0;
+		if(is_validated) {
+		    // is the mailbox enabled for non-localhost access ?
+		    query_result = db_get_result(0,3);
+		    is_validated = ( (strncmp("t", query_result, 1) == 0) || (strncmp("127.0.0.1", client_ip, 0) == 0) ) ? 1 : 0;
+		}
+
 		db_free_result();
 		my_free(checkstring);
 
@@ -802,7 +822,8 @@
 			      "%s,%s: could not update user login time",
 			      __FILE__, __func__);
 
-		return user_idnr;
+		if(is_validated)
+		    return user_idnr;
 	}
 
 	trace(TRACE_MESSAGE, "%s,%s: user [%s] could not be validated",
diff -ruN dbmail-2.0.0.orig/auth.h dbmail-2.0.0/auth.h
--- dbmail-2.0.0.orig/auth.h	2004-08-18 19:48:22.000000000 +1000
+++ dbmail-2.0.0/auth.h		2004-10-21 10:58:31.000000000 +1000
@@ -214,7 +214,7 @@
  *     -  0 if not validated
  *     -  1 if OK
  */
-int auth_validate(char *username, char *password, u64_t * user_idnr);
+int auth_validate(char *username, char *password, u64_t * user_idnr, char * client_ip);
 
 /** 
  * \brief try tp validate a user using md5 hash
@@ -227,7 +227,7 @@
  *      -  user_idrn if OK
  */
 u64_t auth_md5_validate(char *username, unsigned char *md5_apop_he,
-			char *apop_stamp);
+			char *apop_stamp, char *client_ip);
 
 /**
  * \brief get username for a user_idnr
diff -ruN dbmail-2.0.0.orig/imapcommands.c dbmail-2.0.0/imapcommands.c
--- dbmail-2.0.0.orig/imapcommands.c	2004-10-09 06:35:50.000000000 +1000
+++ dbmail-2.0.0/imapcommands.c		2004-10-21 11:00:03.000000000 +1000
@@ -179,7 +179,7 @@
 		return 1;	/* error, return */
 
 	trace(TRACE_DEBUG, "_ic_login(): trying to validate user");
-	validate_result = auth_validate(args[0], args[1], &userid);
+	validate_result = auth_validate(args[0], args[1], &userid, ci->ip);
 	trace(TRACE_MESSAGE,
 	      "_ic_login(): user (id:%llu, name %s) tries login",
 	      userid, args[0]);
@@ -290,7 +290,7 @@
 
 
 	/* try to validate user */
-	validate_result = auth_validate(username, pass, &userid);
+	validate_result = auth_validate(username, pass, &userid, ci->ip);
 
 	if (validate_result == -1) {
 		/* a db-error occurred */
diff -ruN dbmail-2.0.0.orig/pop3.c dbmail-2.0.0/pop3.c
--- dbmail-2.0.0.orig/pop3.c	2004-09-19 20:34:21.000000000 +1000
+++ dbmail-2.0.0/pop3.c		2004-10-21 11:01:53.000000000 +1000
@@ -438,7 +438,7 @@
 			/* check in authorization layer if these credentials are correct */
 			validate_result = auth_validate(session->username,
 							session->password,
-							&result);
+							&result, client_ip);
 			switch (validate_result) {
 			case -1:
 				session->SessionResult = 3;
@@ -863,7 +863,7 @@
 			result =
 			    auth_md5_validate(session->username,
 					      md5_apop_he,
-					      session->apop_stamp);
+					      session->apop_stamp, client_ip);
 
 			my_free(md5_apop_he);
 			md5_apop_he = 0;
diff -ruN dbmail-2.0.0.orig/sql/mysql/create_tables.mysql dbmail-2.0.0/sql/mysql/create_tables.mysql
--- dbmail-2.0.0.orig/sql/mysql/create_tables.mysql	2004-09-07 03:34:00.000000000 +1000
+++ dbmail-2.0.0/sql/mysql/create_tables.mysql		2004-10-21 10:22:29.000000000 +1000
@@ -37,6 +37,8 @@
    curmail_size bigint(21) DEFAULT '0' NOT NULL,
    encryption_type varchar(20) DEFAULT '' NOT NULL,
    last_login DATETIME DEFAULT '1979-11-03 22:05:58' NOT NULL,
+   popenabled tinyint(1) default '0' not null,
+   webenabled tinyint(1) default '0' not null,
    PRIMARY KEY (user_idnr),
    UNIQUE INDEX userid_index (userid)
 );
diff -ruN dbmail-2.0.0.orig/sql/postgresql/create_tables.pgsql dbmail-2.0.0/sql/postgresql/create_tables.pgsql
--- dbmail-2.0.0.orig/sql/postgresql/create_tables.pgsql	2004-09-07 03:34:00.000000000 +1000
+++ dbmail-2.0.0/sql/postgresql/create_tables.pgsql		2004-10-21 10:20:14.000000000 +1000
@@ -42,6 +42,8 @@
    curmail_size INT8 DEFAULT '0' NOT NULL,
    encryption_type VARCHAR(20) DEFAULT '' NOT NULL,
    last_login TIMESTAMP DEFAULT '1979-11-03 22:05:58' NOT NULL,
+   popenabled BOOL DEFAULT false NOT NULL,
+   webenabled BOOL DEFAULT false NOT NULL,
    PRIMARY KEY (user_idnr)
 );
 CREATE UNIQUE INDEX dbmail_users_name_idx ON dbmail_users(userid);
diff -ruN dbmail-2.0.0.orig/timsieve.c dbmail-2.0.0/timsieve.c
--- dbmail-2.0.0.orig/timsieve.c	2004-08-02 22:09:17.000000000 +1000
+++ dbmail-2.0.0/timsieve.c		2004-10-21 11:02:41.000000000 +1000
@@ -396,7 +396,7 @@
 							if (auth_validate
 							    (tmp64[1],
 							     tmp64[2],
-							     &useridnr) ==
+							     &useridnr, client_ip) ==
 							    1) {
 								fprintf((FILE *) stream, "OK\r\n");
 								session->

[Dbmail] Webmail Patch #2

Reply via email to