Support both kerberised and non-kerberised versions of the POP3
protocol. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@562 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
@@ -23,7 +23,7 @@ extern int errno;
|
||||
|
||||
static
|
||||
int
|
||||
authenticate(POP *p, struct sockaddr_in *addr)
|
||||
krb_authenticate(POP *p, struct sockaddr_in *addr)
|
||||
{
|
||||
|
||||
#ifdef KERBEROS
|
||||
@@ -56,6 +56,13 @@ authenticate(POP *p, struct sockaddr_in *addr)
|
||||
return(POP_SUCCESS);
|
||||
}
|
||||
|
||||
static
|
||||
int
|
||||
plain_authenticate (POP *p, struct sockaddr_in *addr)
|
||||
{
|
||||
return(POP_SUCCESS);
|
||||
}
|
||||
|
||||
/*
|
||||
* init: Start a Post Office Protocol session
|
||||
*/
|
||||
@@ -91,7 +98,7 @@ pop_init(POP *p,int argcount,char **argmessage)
|
||||
#endif
|
||||
|
||||
/* Process command line arguments */
|
||||
while ((c = getopt(argcount,argmessage,"dt:")) != EOF)
|
||||
while ((c = getopt(argcount,argmessage,"kdt:")) != EOF)
|
||||
switch (c) {
|
||||
|
||||
/* Debugging requested */
|
||||
@@ -112,6 +119,11 @@ pop_init(POP *p,int argcount,char **argmessage)
|
||||
trace_file_name = optarg;
|
||||
break;
|
||||
|
||||
/* Use kerberos version of POP3 protocol */
|
||||
case 'k':
|
||||
p->kerberosp = 1;
|
||||
break;
|
||||
|
||||
/* Timeout value passed. Default changed */
|
||||
case 'T':
|
||||
pop_timeout = atoi(optarg);
|
||||
@@ -225,5 +237,5 @@ pop_init(POP *p,int argcount,char **argmessage)
|
||||
pop_log(p,POP_PRIORITY,"Debugging turned on");
|
||||
#endif /* DEBUG */
|
||||
|
||||
return(authenticate(p, &cs));
|
||||
return((p->kerberosp ? krb_authenticate : plain_authenticate)(p, &cs));
|
||||
}
|
||||
|
||||
@@ -23,19 +23,14 @@ int
|
||||
pop_pass (POP *p)
|
||||
{
|
||||
struct passwd * pw;
|
||||
#ifdef KERBEROS
|
||||
char lrealm[REALM_SZ];
|
||||
int status;
|
||||
#else
|
||||
char *crypt();
|
||||
#endif /* KERBEROS */
|
||||
|
||||
/* Look for the user in the password file */
|
||||
if ((pw = k_getpwnam(p->user)) == NULL)
|
||||
return (pop_msg(p,POP_FAILURE,
|
||||
"Password supplied for \"%s\" is incorrect.",p->user));
|
||||
|
||||
#ifdef KERBEROS
|
||||
if ((status = krb_get_lrealm(lrealm,1)) == KFAILURE) {
|
||||
pop_log(p, POP_FAILURE, "%s: (%s.%s@%s) %s", p->client, kdata.pname,
|
||||
kdata.pinst, kdata.prealm, krb_get_err_text(status));
|
||||
@@ -43,46 +38,30 @@ pop_pass (POP *p)
|
||||
"Kerberos error: \"%s\".", krb_get_err_text(status)));
|
||||
}
|
||||
|
||||
if (kuserok (&kdata, p->user)) {
|
||||
pop_log(p, POP_FAILURE,
|
||||
"%s: (%s.%s@%s) tried to retrieve mail for %s.",
|
||||
p->client, kdata.pname, kdata.pinst, kdata.prealm,
|
||||
p->user);
|
||||
return(pop_msg(p,POP_FAILURE,
|
||||
"Popping not authorized"));
|
||||
if (!p->kerberosp) {
|
||||
/* We don't accept connections from users with null passwords */
|
||||
if (pw->pw_passwd == NULL)
|
||||
return (pop_msg(p,
|
||||
POP_FAILURE,
|
||||
"Password supplied for \"%s\" is incorrect.",
|
||||
p->user));
|
||||
|
||||
if (krb_verify_user(p->user, "", lrealm, p->pop_parm[1], 1) &&
|
||||
verify_unix_user(p->user, p->pop_parm[1]))
|
||||
return (pop_msg(p,POP_FAILURE,
|
||||
"Password supplied for \"%s\" is incorrect.",
|
||||
p->user));
|
||||
} else {
|
||||
if (kuserok (&kdata, p->user)) {
|
||||
pop_log(p, POP_FAILURE,
|
||||
"%s: (%s.%s@%s) tried to retrieve mail for %s.",
|
||||
p->client, kdata.pname, kdata.pinst, kdata.prealm,
|
||||
p->user);
|
||||
return(pop_msg(p,POP_FAILURE,
|
||||
"Popping not authorized"));
|
||||
}
|
||||
}
|
||||
|
||||
#if 0
|
||||
if (strcmp(kdata.prealm,lrealm)) {
|
||||
pop_log(p, POP_FAILURE, "%s: (%s.%s@%s) realm not accepted.",
|
||||
p->client, kdata.pname, kdata.pinst, kdata.prealm);
|
||||
return(pop_msg(p,POP_FAILURE,
|
||||
"Kerberos realm \"%s\" not accepted.", kdata.prealm));
|
||||
}
|
||||
|
||||
if (strcmp(kdata.pinst,"")) {
|
||||
pop_log(p, POP_FAILURE, "%s: (%s.%s@%s) instance not accepted.",
|
||||
p->client, kdata.pname, kdata.pinst, kdata.prealm);
|
||||
return(pop_msg(p,POP_FAILURE,
|
||||
"Must use null Kerberos(tm) instance - \"%s.%s\" not accepted.",
|
||||
kdata.pname, kdata.pinst));
|
||||
}
|
||||
#endif
|
||||
|
||||
#else /* !KERBEROS */
|
||||
|
||||
/* We don't accept connections from users with null passwords */
|
||||
if (pw->pw_passwd == NULL)
|
||||
return (pop_msg(p,POP_FAILURE,
|
||||
"Password supplied for \"%s\" is incorrect.",p->user));
|
||||
|
||||
/* Compare the supplied password with the password file entry */
|
||||
if (strcmp (crypt (p->pop_parm[1], pw->pw_passwd), pw->pw_passwd) != 0)
|
||||
return (pop_msg(p,POP_FAILURE,
|
||||
"Password supplied for \"%s\" is incorrect.",p->user));
|
||||
|
||||
#endif /* !KERBEROS */
|
||||
|
||||
/* Build the name of the user's maildrop */
|
||||
(void)sprintf(p->drop_name,"%s/%s",POP_MAILDIR,p->user);
|
||||
|
||||
|
||||
@@ -220,6 +220,7 @@ typedef struct { /* POP parameter block */
|
||||
char * pop_parm[MAXPARMCOUNT]; /* Parse POP parameter list */
|
||||
int parm_count; /* Number of parameters in
|
||||
parsed list */
|
||||
int kerberosp; /* Using KPOP? */
|
||||
} POP;
|
||||
|
||||
int pop_dele(POP *p);
|
||||
|
||||
Reference in New Issue
Block a user