Re: [Courier-imap] vchkpw-relay patch
Brought to you by:
mrsam
From: Brian C. <B.C...@po...> - 2005-10-09 09:47:17
|
On Sun, Oct 09, 2005 at 06:13:35AM +0400, Dvorkin Dmitry wrote: > i need smtp-after-imap in 4.0.x courier-imap... but there are only way > to do this - is to slightly change courier-authlib AUTH command... > this patch adds TCPREMOTEIP after AUTH ... <login>\n<pass>\n in > auth_generic() and allow to get and set it as the enviroment variable > after successfull authentification in authvchkpw.c auth_vchkpw(...) I think it would be good for the remote IP to be available in authentication modules, for several reasons (one being the ability to temporarily block an IP which is attempting a brute-force attack) But I'm not sure your patch is the right way to do this, because of the format of the AUTH message: > *************** > *** 54,59 **** > --- 54,61 ---- > strcat(strcat(buf, service), "\n"); > strcat(strcat(buf, authtype), "\n"); > strcat(buf, authdata); > + // by Dv > + strcat(strcat(buf, getenv( "TCPREMOTEIP")), "\n"); The format of the AUTH command includes a length value, which covers the service + authtype + authdata. There is not necessarily a delimiter at the end of authdata (although I think in practice the existing modules have one or more lines ending with \n). Remember that authdata might not necessarily be username + password: it can be CRAM challenge + response, and other future SASL mechanisms might be different again. Perhaps a better way, whilst still maintaining compatibility between old and new clients and authdaemons, is to stick the IP address on the AUTH line: AUTH 35 127.0.0.1 .. 35 bytes of data .. For consistency you'd need to add the same to the PASSWD command (e.g. as another tab-delimited field) and possibly the PRE command too. But at the end of the day, it's Sam who decides whether this goes into the source or not :-) One final comment: try using 'diff -u' in future. It's *so* much easier to read. Regards, Brian. |