Update of /cvsroot/tmda/tmda/bin
In directory sc8-pr-cvs1:/tmp/cvs-serv3655
Modified Files:
ChangeLog tmda-ofmipd
Log Message:
Added ability to authenticate against multiple servers, to support IP-based
virtual domains. Fixed bug in VDomainProxy with default domains and IP-
based domains, where 'domain' was left uninitialized.
Index: ChangeLog
===================================================================
RCS file: /cvsroot/tmda/tmda/bin/ChangeLog,v
retrieving revision 1.248
retrieving revision 1.249
diff -u -r1.248 -r1.249
--- ChangeLog 22 Jan 2003 18:45:31 -0000 1.248
+++ ChangeLog 27 Jan 2003 07:47:59 -0000 1.249
@@ -1,3 +1,17 @@
+2003-01-27 Tim Legant <[EMAIL PROTECTED]>
+
+ * tmda-ofmipd (run_remoteauth): Add capability to authenticate
+ against servers on different aliases, to support IP-based virtual
+ domains. Uses mapping file (~/.tmda/ipauthmap) or same IP client
+ connected to, if no file. If file exists but server IP cannot be
+ found, fall back to localhost.
+
+ (ipauthmap2dict): Helper function to read ipauthmap and return
+ Python dictionary.
+
+ (VDomainProxy.process_message): Set 'domain' to empty string for
+ IP-based or default domains (VPopMail).
+
2003-01-22 Jason R. Mastaler <[EMAIL PROTECTED]>
* tmda-ofmipd (SMTPChannel.__init__): Don't advertise CRAM-MD5
Index: tmda-ofmipd
===================================================================
RCS file: /cvsroot/tmda/tmda/bin/tmda-ofmipd,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- tmda-ofmipd 22 Jan 2003 18:45:33 -0000 1.21
+++ tmda-ofmipd 27 Jan 2003 07:47:59 -0000 1.22
@@ -192,9 +192,12 @@
if running_as_root:
username = 'tofmipd'
authfile = '/etc/tofmipd'
+ ipauthmapfile = '/etc/ipauthmap'
else:
username = None
- authfile = os.path.join(os.path.expanduser('~'), '.tmda', 'tofmipd')
+ tmda_path = os.path.join(os.path.expanduser('~'), '.tmda')
+ authfile = os.path.join(tmda_path, 'tofmipd')
+ ipauthmapfile = os.path.join(tmda_path, 'ipauthmap')
def warning(msg='', exit=1):
@@ -270,11 +273,11 @@
authproto, arg = arg.split('://', 1)
except ValueError:
authproto, arg = arg, None
- remoteauth['proto'] = authproto
- remoteauth['port'] = defaultauthports[authproto]
if authproto not in defaultauthports.keys():
raise ValueError, 'Protocol not supported: ' + authproto + \
'\nPlease pick one of ' + repr(defaultauthports.keys())
+ remoteauth['proto'] = authproto
+ remoteauth['port'] = defaultauthports[authproto]
if arg:
try:
arg, dn = arg.split('/', 1)
@@ -315,6 +318,8 @@
if vdomainspath and not vhomescript:
msg = "WARNING: --vdomains-path given but --vhomescript not given." + \
" Ignoring --vdomainspath."
+ vdomainspath = '/var/qmail/control/virtualdomains'
+ warning(msg, exit=0)
import asynchat
@@ -435,45 +440,50 @@
return rcpttos_quoted
-def run_remoteauth(username, password):
+def run_remoteauth(username, password, localip):
"""Authenticate username/password combination against a remote
resource. Return 1 upon successful authentication, and 0
otherwise."""
+ authhost = remoteauth['host']
+ authport = remoteauth['port']
+ if authhost == '0.0.0.0':
+ ipauthmap = ipauthmap2dict(ipauthmapfile)
+ if len(ipauthmap) == 0:
+ authhost = localip
+ else:
+ authdata = ipauthmap.get(localip, '127.0.0.1').split(':')
+ authhost = authdata[0]
+ if len(authdata) > 1:
+ authport = authdata[1]
+ else:
+ authport = remoteauth['port']
print >> DEBUGSTREAM, "trying %s authentication for %s@%s:%s" % \
- (remoteauth['proto'], username, remoteauth['host'],
- remoteauth['port'])
- port = defaultauthports[remoteauth['proto']]
+ (remoteauth['proto'], username, authhost, authport)
if remoteauth['proto'] == 'imap':
import imaplib
- if remoteauth['port']:
- port = int(remoteauth['port'])
- M = imaplib.IMAP4(remoteauth['host'], port)
+ M = imaplib.IMAP4(authhost, int(authport))
try:
M.login(username, password)
M.logout()
return 1
except:
print >> DEBUGSTREAM, "imap authentication for %s@%s failed" % \
- (username, remoteauth['host'])
+ (username, authhost)
return 0
elif remoteauth['proto'] == 'imaps':
import imaplib
- if remoteauth['port']:
- port = int(remoteauth['port'])
- M = IMAP4_SSL(remoteauth['host'], port)
+ M = IMAP4_SSL(authhost, int(authport))
try:
M.login(username, password)
M.logout()
return 1
except:
print >> DEBUGSTREAM, "imaps authentication for %s@%s failed" % \
- (username, remoteauth['host'])
+ (username, authhost)
return 0
elif remoteauth['proto'] in ('pop3', 'apop'):
import poplib
- if remoteauth['port']:
- port = int(remoteauth['port'])
- M = poplib.POP3(remoteauth['host'], port)
+ M = poplib.POP3(authhost, int(authport))
try:
if remoteauth['proto'] == 'pop3':
M.user(username)
@@ -486,21 +496,18 @@
return 1
except:
print >> DEBUGSTREAM, "%s authentication for %s@%s failed" % \
- (remoteauth['proto'], username, remoteauth['host'])
+ (remoteauth['proto'], username, authhost)
return 0
elif remoteauth['proto'] == 'ldap':
import ldap
- if remoteauth['port']:
- port = int(remoteauth['port'])
try:
- M = ldap.initialize("ldap://%s:%s"; % (remoteauth['host'],
- remoteauth['port']))
+ M = ldap.initialize("ldap://%s:%s"; % (authhost, authport))
M.simple_bind_s(remoteauth['dn'] % username, password)
M.unbind_s()
return 1
except:
print >> DEBUGSTREAM, "ldap authentication for %s@%s failed" % \
- (username, remoteauth['host'])
+ (username, authhost)
return 0
# proto not implemented
print >> DEBUGSTREAM, "Error: protocol %s not implemented" % \
@@ -525,6 +532,24 @@
return authdict
+def ipauthmap2dict(ipauthmapfile):
+ """Iterate 'ipauthmapfile' (IP1:IP2:port) and return a dictionary
+ containing IP1 -> IP2:port hashes."""
+ ipauthmap = {}
+ try:
+ fp = file(ipauthmapfile, 'r')
+ for line in fp:
+ line = line.strip()
+ if line == '':
+ continue
+ ipdata = line.split(':', 1)
+ ipauthmap[ipdata[0].strip()] = ipdata[1].strip()
+ fp.close()
+ except IOError:
+ pass
+ return ipauthmap
+
+
def b64_encode(s):
"""base64 encoding without the trailing newline."""
return base64.encodestring(s)[:-1]
@@ -594,8 +619,9 @@
self.__auth_username = username.lower()
self.__auth_password = password
if remoteauth['enable']:
+ localip = self.__conn.getsockname()[0]
# Try first with the remote auth
- if run_remoteauth(username, password):
+ if run_remoteauth(username, password, localip):
return 1
if authprog:
# Then with the authprog
@@ -621,8 +647,9 @@
self.__auth_username = username.lower()
self.__auth_password = password
if remoteauth['enable']:
+ localip = self.__conn.getsockname()[0]
# Try first with the remote auth
- if run_remoteauth(username, password):
+ if run_remoteauth(username, password, localip):
return 1
if authprog:
# Then with the authprog
@@ -1043,6 +1070,8 @@
user = userinfo[0]
if len(userinfo) > 1:
domain = userinfo[1]
+ else:
+ domain = ''
# If running as uid 0, fork in preparation for running the tmda-inject
# process and change UID and GID to the virtual domain user. This is
# for VMailMgr, where each virtual domain is a system (/etc/passwd)
_______________________________________
tmda-cvs mailing list
http://tmda.net/lists/listinfo/tmda-cvs
