On Fri, May 18, 2001 at 08:40:34PM -0400, Sam Varshavchik wrote:
> Fabio Pedrazzoli writes:
>
> > Hi,
> > what kind of auth do I need to run sqwebmail
> > on a mailserver with only qmail and chkpoppass
> > instead of vpopmail?
>
> It depends upon what chkpoppass does. Never heard of it.
>
> --
> Sam
Ok, this is the script:
----snip----
#!/usr/bin/perl
# @(#)chkpoppass 0.10 -- check pop password, setup and call qmail-pop3d if OK
# 4 september 1996
# [EMAIL PROTECTED]
($program=$0)=~s%.*/%%;
use Fcntl qw/O_RDONLY/;
use DB_File;
use MD5; # APOP support needs this
$mailhome = "/var/mailhome";
$poppassdb = "$mailhome/poppasswd.db";
$shell = '/bin/sh';
$delim=':';
$debug=0;
sub info {
print STDERR "$program: @_\n" if $debug;
}
sub read_uinfo {
my($user,$passwd,$apop_ts);
open X,"<&=3" or exit 111;
$_ = <X>;
# ugly; should use sysread instead
($user,$passwd,$apop_ts) = /^(.*)\0(.*)\0(.*)\0/;
while (<X>) {};
close X;
return ($user,$passwd,$apop_ts);
}
sub getpopnam {
my ($user)=shift;
my $passwd;
if (tied %popdb and $popdb{$user}) {
return ($user,$passwd) = split $delim, $popdb{$user};
} else {
return undef;
}
}
sub popuser {
my ($sent_user,$sent_passwd) = @_;
my($passwd,$found);
$passwd = (getpopnam($sent_user))[1];
$found = $passwd?$passwd eq crypt($sent_passwd,$passwd):undef;
info "popuser: $found";
return $found;
}
sub apop {
my ($sent_user,$sent_digest,$apop_ts) = @_;
my($user,$passwd,$found);
($user,$passwd) = getpopnam($sent_user);
$found = $passwd?MD5->hexhash("$apop_ts$passwd") eq $sent_digest:undef;
info "apop: $found";
return $found;
}
sub rpop {
my ($sent_user,$sent_passwd) = (@_);
my($rport,$found);
if ($sent_user eq $sent_passwd) {
$rport = $ENV{"TCPREMOTEPORT"};
$found = ($rport&&$rport < 1024); # IPPORT_RESERVED in <netinet/in.h>
info "rpop: $found";
}
return $found;
}
sub etcpasswd {
my ($sent_user,$sent_passwd) = @_;
my($user,$passwd,$dir,$found);
($user,$passwd,$dir) = (getpwnam($sent_user))[0,1,7];
$found = ($user and $passwd eq crypt($sent_passwd,$passwd));
info "etcpasswd: $found";
return ($found,$dir);
}
$user_program = shift || die "usage: $program user_program [args]\n";
tie %popdb, DB_File,$poppassdb,O_RDONLY,0,$DB_HASH or exit 111
if -f $poppassdb;
$found = 0;
($user,$passwd,$apop_ts) = $debug?@ARGV:read_uinfo;
info "[$user,$passwd]";
# check if APOP auth
if (!$found) {
($found) = apop $user,$passwd,$apop_ts;
if ($found) { $d=substr($user,0,1); $home="$mailhome/$d/$user"; }
}
# check if RPOP user
if (!$found) {
($found) = rpop $user,$passwd;
if ($found) {
if (getpopnam($user)) {
$d=substr($user,0,1);
$home="$mailhome/$d/$user";
} else {
$home=(getpwnam($user))[7];
}
}
}
# check if regular POP user
if (!$found) {
($found) = popuser $user,$passwd;
if ($found) { $d=substr($user,0,1); $home="$mailhome/$d/$user"; }
}
# check /etc/passwd
if (!$found) {
($found,$dir) = etcpasswd $user,$passwd;
if ($found) { $home="$dir";}
}
untie %popdb if tied %popdb;
if ($found) {
$ENV{"SHELL"} = $shell;
$ENV{"USER"} = $user;
$ENV{"HOME"} = $home;
info "$shell, $user, $home";
chdir $ENV{"HOME"} or exit 111;
exec $user_program, @ARGV;
die "$program: can't exec $user_program: $!\n";
}
exit 2;
----snip----
... and it is loaded by tcpserver in /etc/init.d/qmail-pop3d in place of vpopmail:
tcpserver -H -u $UsID -g $GrID -R 0 pop-3 \
qmail-popup $HOST chkpoppass \
qmail-pop3d Maildir &
it uses perl's DB_File tie() function to check password against a Berkeley DB.
The "trouble" is:
A customer of mine asked me for webmail.
He use a qmail-based mailserver whit about 100 mail virtual-domains.
The problem is the virtual domain handling.
I know sqwebmail is vpopmail compliant, but on that server virtual domains are
handled in the "old" qmail way, with the prefix on the user name associated
at the /var/qmail/control/virtualhost file; users autenticate against
pop with "prefix-username" instead of "username@domain".
So, is there a way to "wrap" this old autentication method to allow
the webmail compatibility without changing the username field configuration
in ALL the user's mail client? (They are about 2200 users ...)
Thanks in avance,
best regards
--
Fabio Pedrazzoli | www.bee-side.com
Network Administrator | www.rigadicomando.org
IT Consultant |
