Re: [Courier-imap] vchkpw-relay patch
Brought to you by:
mrsam
Menu
▾
▴
Re: [Courier-imap] vchkpw-relay patch
|
From: Brian C. <B.C...@po...> - 2005-10-09 09:47:17
|
On Sun, Oct 09, 2005 at 06:13:35AM +0400, Dvorkin Dmitry wrote:
> i need smtp-after-imap in 4.0.x courier-imap... but there are only way
> to do this - is to slightly change courier-authlib AUTH command...
> this patch adds TCPREMOTEIP after AUTH ... <login>\n<pass>\n in
> auth_generic() and allow to get and set it as the enviroment variable
> after successfull authentification in authvchkpw.c auth_vchkpw(...)
I think it would be good for the remote IP to be available in authentication
modules, for several reasons (one being the ability to temporarily block an
IP which is attempting a brute-force attack)
But I'm not sure your patch is the right way to do this, because of the
format of the AUTH message:
> ***************
> *** 54,59 ****
> --- 54,61 ----
> strcat(strcat(buf, service), "\n");
> strcat(strcat(buf, authtype), "\n");
> strcat(buf, authdata);
> + // by Dv
> + strcat(strcat(buf, getenv( "TCPREMOTEIP")), "\n");
The format of the AUTH command includes a length value, which covers the
service + authtype + authdata. There is not necessarily a delimiter at the
end of authdata (although I think in practice the existing modules have one
or more lines ending with \n). Remember that authdata might not necessarily
be username + password: it can be CRAM challenge + response, and other
future SASL mechanisms might be different again.
Perhaps a better way, whilst still maintaining compatibility between old and
new clients and authdaemons, is to stick the IP address on the AUTH line:
AUTH 35 127.0.0.1
.. 35 bytes of data ..
For consistency you'd need to add the same to the PASSWD command (e.g. as
another tab-delimited field) and possibly the PRE command too. But at the
end of the day, it's Sam who decides whether this goes into the source or
not :-)
One final comment: try using 'diff -u' in future. It's *so* much easier to
read.
Regards,
Brian.
|