Re: [Dbmail] Usermap to deny POP3 and allow IMAP

Wed, 05 Mar 2008 07:42:19 -0800 

John,

the logic appears to be broken.

please try the attached patch.

Please not however that you should include a /0 for wildcard address matching
because the cidr calls assume a /32 mask if none is specified which is not what
you want.

inet:0.0.0.0:110        will never match for tcp/110 connects
inet:0.0.0.0/0:110      will always match for tcp/110 connects

so with attached patch:

 INSERT INTO `dbmail_usermap` (`login`, `sock_allow`, `sock_deny`,
 `userid`) VALUES
        ('[EMAIL PROTECTED]',
        'inet:127.0.0.1:143',
        'inet:0.0.0.0/0:110',
        '[EMAIL PROTECTED]');

will work as expected.


John Fawcett wrote:
> For some users I wanted to block pop3 but allow imap from the webmail
> on localhost.
> 
> I entered this into usermaps, but it also blocks login to imap from
> 127.0.0.1.
> 
> Is anyone using usermap for the purpose or notice something wrong in
> this entry?
> 
> INSERT INTO `dbmail_usermap` (`login`, `sock_allow`, `sock_deny`,
> `userid`) VALUES
> ('[EMAIL PROTECTED]','inet:127.0.0.1:143','inet:0.0.0.0:110','[EMAIL 
> PROTECTED]');
> 
> 
> here's the log snippet
> 
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[imapsession]
> dbmail-imapsession.c,dbmail_imap_session_handle_auth(+1618): trying to
> validate user [EMAIL PROTECTED], pass [XXXX]
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[sql]
> dbmysql.c,db_query(+287): query [SELECT userid FROM dbmail_usermap WHERE
> 1 = 2]
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
> dbmodule.c,db_query(+151): last query took [0] seconds
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
> db.c,db_use_usermap(+167): enabling usermap lookups
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
> db.c,db_usermap_resolve(+4748): checking userid [EMAIL PROTECTED] in
> usermap
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
> db.c,db_usermap_resolve(+4759): client on inet socket [inet:127.0.0.1:143]
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[sql]
> dbmysql.c,db_query(+287): query [SELECT login, sock_allow, sock_deny,
> userid FROM dbmail_usermap WHERE login in ('[EMAIL PROTECTED]','ANY')
> ORDER BY sock_allow, sock_deny]
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
> dbmodule.c,db_query(+151): last query took [0] seconds
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[misc]
> misc.c,dm_sock_score(+830): base[inet:0.0.0.0:110]
> test[inet:127.0.0.1:143] => [0]
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[misc]
> misc.c,dm_sock_compare(+853): clientsock [inet:127.0.0.1:143]
> sock_allow[], sock_deny [inet:0.0.0.0:110] => [1]
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
> db.c,db_usermap_resolve(+4799): access denied
> 
> thanks
> John
_______________________________________________
DBmail mailing list
[email protected]
https://mailman.fastxs.nl/mailman/listinfo/dbmail

-- 
  ________________________________________________________________
  Paul Stevens                                      paul at nfg.nl
  NET FACILITIES GROUP                     GPG/PGP: 1024D/11F8CD31
  The Netherlands________________________________http://www.nfg.nl

>From 47b8239030ed66e792247ebdb7f1c0f8ccd8d67e Mon Sep 17 00:00:00 2001
From: Paul J Stevens <[EMAIL PROTECTED]>
Date: Wed, 5 Mar 2008 16:32:54 +0100
Subject: fix the usermap logic

---
 db.c   |    4 ++--
 misc.c |   14 +++++++-------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/db.c b/db.c
index 09646c1..a223cac 100644
--- a/db.c
+++ b/db.c
@@ -4715,10 +4715,10 @@ int db_usermap_resolve(clientinfo_t *ci, const char *username, char *real_userna
 		userid = db_get_result(row, 3);
 		result = dm_sock_compare(clientsock, "", sockno);
 		/* any match on sockno will be fatal */
-		if (result) {
+		if (! result) {
 			TRACE(TRACE_DEBUG,"access denied");
 			db_free_result();
-			return result;
+			return DM_EGENERAL;
 		}
 		score = dm_sock_score(clientsock, sockok);
 		if (score > bestscore) {
diff --git a/misc.c b/misc.c
index efc3bcc..36da85b 100644
--- a/misc.c
+++ b/misc.c
@@ -833,21 +833,21 @@ int dm_sock_score(const char *base, const char *test)
 
 static int socket_match(const char *base, const char *test)
 {
-	return (dm_sock_score(base,test) ? 0 : 1);
+	return (dm_sock_score(base,test) ? TRUE : FALSE);
 
 }
 
 int dm_sock_compare(const char *clientsock, const char *sock_allow, const char *sock_deny) 
 {
-	int result = DM_EGENERAL;
+	int result = TRUE;
 	assert(clientsock);
 	
 	if ( (strlen(sock_allow) == 0) && (strlen(sock_deny) == 0) ) {
-		result = DM_SUCCESS;
-	} else if (strlen(sock_deny) > 0 && socket_match(sock_deny, clientsock)==0) {
-		result = DM_EGENERAL;
-	} else if (strlen(sock_allow) > 0  && socket_match(sock_allow, clientsock)==0) {
-		result = DM_SUCCESS;
+		result = TRUE;
+	} else if (strlen(sock_deny) && socket_match(sock_deny, clientsock)) {
+		result = FALSE;
+	} else if (strlen(sock_allow) && socket_match(sock_allow, clientsock)) {
+		result = TRUE;
 	}
 
 	TRACE(TRACE_DEBUG, "clientsock [%s] sock_allow[%s], sock_deny [%s] => [%d]", clientsock, sock_allow, sock_deny, result);
-- 
1.5.2.5


_______________________________________________
DBmail mailing list
[email protected]
https://mailman.fastxs.nl/mailman/listinfo/dbmail

Reply via email to