From 20d9dec654c0ee8ccf92f51aa83fd70c0685414e Mon Sep 17 00:00:00 2001
From: Assar Westerlund <assar@sics.se>
Date: Wed, 5 Jun 1996 08:23:46 +0000
Subject: [PATCH] Support both kerberised and non-kerberised versions of the
 POP3 protocol.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@562 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 appl/popper/pop_init.c | 18 ++++++++++--
 appl/popper/pop_pass.c | 65 ++++++++++++++----------------------------
 appl/popper/popper.h   |  1 +
 3 files changed, 38 insertions(+), 46 deletions(-)

diff --git a/appl/popper/pop_init.c b/appl/popper/pop_init.c
index 5ba90b9d2..37eaf32a3 100644
--- a/appl/popper/pop_init.c
+++ b/appl/popper/pop_init.c
@@ -23,7 +23,7 @@ extern int      errno;
 
 static
 int
-authenticate(POP *p, struct sockaddr_in *addr)
+krb_authenticate(POP *p, struct sockaddr_in *addr)
 {
 
 #ifdef KERBEROS
@@ -56,6 +56,13 @@ authenticate(POP *p, struct sockaddr_in *addr)
     return(POP_SUCCESS);
 }
 
+static
+int
+plain_authenticate (POP *p, struct sockaddr_in *addr)
+{
+    return(POP_SUCCESS);
+}
+
 /* 
  *  init:   Start a Post Office Protocol session
  */
@@ -91,7 +98,7 @@ pop_init(POP *p,int argcount,char **argmessage)
 #endif
 
     /*  Process command line arguments */
-    while ((c = getopt(argcount,argmessage,"dt:")) != EOF)
+    while ((c = getopt(argcount,argmessage,"kdt:")) != EOF)
         switch (c) {
 
             /*  Debugging requested */
@@ -112,6 +119,11 @@ pop_init(POP *p,int argcount,char **argmessage)
                 trace_file_name = optarg;
                 break;
 
+	    /* Use kerberos version of POP3 protocol */
+	    case 'k':
+		p->kerberosp = 1;
+		break;
+
             /*  Timeout value passed.  Default changed */
             case 'T':
                 pop_timeout = atoi(optarg);
@@ -225,5 +237,5 @@ pop_init(POP *p,int argcount,char **argmessage)
         pop_log(p,POP_PRIORITY,"Debugging turned on");
 #endif /* DEBUG */
 
-    return(authenticate(p, &cs));
+    return((p->kerberosp ? krb_authenticate : plain_authenticate)(p, &cs));
 }
diff --git a/appl/popper/pop_pass.c b/appl/popper/pop_pass.c
index db579052c..44f90f48e 100644
--- a/appl/popper/pop_pass.c
+++ b/appl/popper/pop_pass.c
@@ -23,19 +23,14 @@ int
 pop_pass (POP *p)
 {
     struct passwd  *   pw;
-#ifdef KERBEROS
     char lrealm[REALM_SZ];
     int status; 
-#else
-    char *crypt();
-#endif /* KERBEROS */
 
     /*  Look for the user in the password file */
     if ((pw = k_getpwnam(p->user)) == NULL)
         return (pop_msg(p,POP_FAILURE,
             "Password supplied for \"%s\" is incorrect.",p->user));
 
-#ifdef KERBEROS
     if ((status = krb_get_lrealm(lrealm,1)) == KFAILURE) {
         pop_log(p, POP_FAILURE, "%s: (%s.%s@%s) %s", p->client, kdata.pname, 
                 kdata.pinst, kdata.prealm, krb_get_err_text(status));
@@ -43,46 +38,30 @@ pop_pass (POP *p)
             "Kerberos error:  \"%s\".", krb_get_err_text(status)));
     }
 
-    if (kuserok (&kdata, p->user)) {
-	 pop_log(p, POP_FAILURE,
-		 "%s: (%s.%s@%s) tried to retrieve mail for %s.",
-		 p->client, kdata.pname, kdata.pinst, kdata.prealm,
-		 p->user);
-	 return(pop_msg(p,POP_FAILURE,
-			"Popping not authorized"));
+    if (!p->kerberosp) {
+	 /*  We don't accept connections from users with null passwords */
+	 if (pw->pw_passwd == NULL)
+	      return (pop_msg(p,
+			      POP_FAILURE,
+			      "Password supplied for \"%s\" is incorrect.",
+			      p->user));
+
+	if (krb_verify_user(p->user, "", lrealm, p->pop_parm[1], 1) &&
+	    verify_unix_user(p->user, p->pop_parm[1]))
+	     return (pop_msg(p,POP_FAILURE,
+			     "Password supplied for \"%s\" is incorrect.",
+			     p->user));
+    } else {
+	 if (kuserok (&kdata, p->user)) {
+	      pop_log(p, POP_FAILURE,
+		      "%s: (%s.%s@%s) tried to retrieve mail for %s.",
+		      p->client, kdata.pname, kdata.pinst, kdata.prealm,
+		      p->user);
+	      return(pop_msg(p,POP_FAILURE,
+			     "Popping not authorized"));
+	 }
     }
 
-#if 0
-    if (strcmp(kdata.prealm,lrealm))  {
-         pop_log(p, POP_FAILURE, "%s: (%s.%s@%s) realm not accepted.", 
-                 p->client, kdata.pname, kdata.pinst, kdata.prealm);
-         return(pop_msg(p,POP_FAILURE,
-                     "Kerberos realm \"%s\" not accepted.", kdata.prealm));
-    }
-
-    if (strcmp(kdata.pinst,"")) {
-        pop_log(p, POP_FAILURE, "%s: (%s.%s@%s) instance not accepted.", 
-                 p->client, kdata.pname, kdata.pinst, kdata.prealm);
-        return(pop_msg(p,POP_FAILURE,
-              "Must use null Kerberos(tm) instance -  \"%s.%s\" not accepted.",
-              kdata.pname, kdata.pinst));
-    }
-#endif
-
-#else /* !KERBEROS */
-
-    /*  We don't accept connections from users with null passwords */
-    if (pw->pw_passwd == NULL)
-        return (pop_msg(p,POP_FAILURE,
-            "Password supplied for \"%s\" is incorrect.",p->user));
-
-    /*  Compare the supplied password with the password file entry */
-    if (strcmp (crypt (p->pop_parm[1], pw->pw_passwd), pw->pw_passwd) != 0)
-        return (pop_msg(p,POP_FAILURE,
-            "Password supplied for \"%s\" is incorrect.",p->user));
-
-#endif /* !KERBEROS */
-
     /*  Build the name of the user's maildrop */
     (void)sprintf(p->drop_name,"%s/%s",POP_MAILDIR,p->user);
 
diff --git a/appl/popper/popper.h b/appl/popper/popper.h
index 0e08b52c2..9a232bed6 100644
--- a/appl/popper/popper.h
+++ b/appl/popper/popper.h
@@ -220,6 +220,7 @@ typedef struct  {                               /*  POP parameter block */
     char            *   pop_parm[MAXPARMCOUNT]; /*  Parse POP parameter list */
     int                 parm_count;             /*  Number of parameters in 
                                                     parsed list */
+    int			kerberosp;		/*  Using KPOP? */
 } POP;
 
 int pop_dele(POP *p);