On Tue, 19 Aug 2003, TwinsPop wrote: >Currently I call qmail-pop3d from within a perl script, itself called >from tcpserver: > tcpserver localhost 110 popauth.pl >popauth.pl checks auth (user and pass handed to it via stdin, checked >against MySQL db) and a few other things, and then ends with: > exec "/var/qmail/bin/qmail-pop3d path/to/Maildir"; >Works like champ. I'd like to support imap as well. What sort of >incantations are required to do this same thing with bincimap-up and/or >bincimapd? > + watch for m/\d login user pass/i (anything before this?) > + authenticate against our db > + response to send? (unless next step would send it) > + how to call bincimapd?
The sequence of commands when performing an authentication are many, so your script would have to implement all unauthenticated state commands: NOOP, LOGIN, AUTHENTICATE PLAIN, AUTHENTICATE LOGIN, CAPABILITY and LOGOUT. You could, perhaps, only support LOGIN and hope that clients will be happy with this, but it's a requirement in the protocol to at least support AUTHENTICATE PLAIN so I'm not quite sure. Input can be passed as strings, quoted strings or literals. So there are three ways to encode the username and password in plain text. When invoking bincimapd, you need to export all the configuration settings from /etc/opt/bincimap/bincimap.conf (so you need to parse that file too) as hex-encoded key=value pairs in the environment. You could also pass all settings from the conf file as arguments to bincimapd, though. Finally, export BINCIMAP_LOGIN with the tag and command used to authenticate. Now qmail-pop3d handles I/O with the user itself, but since Binc IMAP supports SSL and TLS, bincimap-up (or your script replacement) would have to tunnel all input to the server, and all output from the server would have to be passed to the user. So it's quite complex. And I'm sure I missed something. :-) You could do all this, but I would rather suggest you write a checkpassword compatible authenticator, and let qmail-pop3d and Binc IMAP handle communication with users. The checkpassword interface is quite simple, so you shouldn't have any problems with it. The input comes from file descriptor 3, from which you can read one and one character until EOF. The first sequence of characters is the username. Then comes a \0, then the password, then \0 again. The rest you can ignore. If you have problems fixing this in bash, you could consider perl. Check the username and password, then execute $1 (first argument). Then you could just plug it straight into Binc or qmail-pop3d like the regular checkpassword. Good luck! Andy :-) -- Andreas Aardal Hanssen | http://www.andreas.hanssen.name/gpg Author of Binc IMAP | "It is better not to do something | than to do it poorly."
