serverfilters-commit

[<ton...@us...>]

Update of /cvsroot/serverfilters/script
In directory sc8-pr-cvs1:/tmp/cvs-serv19158

Modified Files:
	Makefile filtercmd.c test.sh 
Added Files:
	checkcreds_cclient.c filtercmd.h 
Log Message:
Working credential checking using UW IMAP library

--- NEW FILE: checkcreds_cclient.c ---
/* Credential checking using UW c-client library
 *
 *
 */

// error definitions
#include "filtercmd.h"

// c-client library
#include MAIL_H

static char *callback_user, *callback_passwd;

int checkcredentials(imapserver, user, passwd) 
char *imapserver;
char *user;
char *passwd;
{
	char mailboxname[MAILTMPLEN];
	MAILSTREAM *stream;
	NETMBX mb;
	DRIVER *d;

        /* we expect these to be accessed before this function returns */
	callback_user = user;
	callback_passwd = passwd;

        /* initialize all of the c-client drivers */
        #include LINKAGE_C

	/* ensure the c-client library supports IMAP */
 	d = (DRIVER*) mail_parameters(NIL, GET_DRIVER, (void*)"imap");
	if (!d) { 
		return ERR_BAD_LIBRARY;
	}
 
 	/* reduce timeout/retries */
 	#ifdef IMAP_TIMEOUT
        mail_parameters(NIL, SET_OPENTIMEOUT, (void*)IMAP_TIMEOUT);
        mail_parameters(NIL, SET_READTIMEOUT, (void*)IMAP_TIMEOUT);
        mail_parameters(NIL, SET_WRITETIMEOUT, (void*)IMAP_TIMEOUT);
        mail_parameters(NIL, SET_CLOSETIMEOUT, (void*)IMAP_TIMEOUT);
        mail_parameters(NIL, SET_RSHTIMEOUT, (void*)IMAP_TIMEOUT);
        #endif
  	mail_parameters(NIL, SET_MAXLOGINTRIALS, (void*)1);

	snprintf(mailboxname, MAILTMPLEN, "{%s/norsh/service=imap/user=\"%s\"}INBOX", imapserver, user);

	stream = mail_open(NIL, mailboxname, NIL);

	if (stream != NIL) {
		mail_close(stream);
		return ERR_OK;
	} else {
		return ERR_BAD_CREDENTIALS;
	}
}

/* we must store user and password when this is called */
void mm_login (NETMBX *mb,char *user,char *pwd,long trial) {
	#ifdef DEBUG
	printf("mm_login: {%s/%s/user=\"%s\"}\n",mb->host,mb->service,mb->user);
	printf("mm_login -> %s %s\n", callback_user, callback_passwd);
	#endif

	strncpy(user, callback_user, MAILTMPLEN);
	strncpy(pwd, callback_passwd, MAILTMPLEN);
}
void mm_log (char *string,long errflg) {
  #ifdef DEBUG
  char *errflgname;
  switch ((short) errflg) {
    case NIL: 	errflgname = "NIL"; break;
    case PARSE: errflgname = "PARSE"; break;
    case WARN: 	errflgname = "WARN"; break;
    case ERROR:	errflgname = "ERROR"; break;
    default: 	errflgname = "?"; break;    
  };
  printf("mm_log: %s: %s\n", errflgname, string);
  #endif
}
void mm_notify (MAILSTREAM *stream,char *string,long errflg) {
	mm_log(string, errflg);
}


/* c-client callbacks we don't need to implement*/
void mm_flags (MAILSTREAM *stream,unsigned long number){}
void mm_status (MAILSTREAM *stream,char *mailbox,MAILSTATUS *status){}
void mm_searched (MAILSTREAM *stream,unsigned long number){}
void mm_exists (MAILSTREAM *stream,unsigned long number){}
void mm_expunged (MAILSTREAM *stream,unsigned long number){}
void mm_list (MAILSTREAM *stream,int delimiter,char *name,long attributes) {}
void mm_lsub (MAILSTREAM *stream,int delimiter,char *name,long attributes) {}
void mm_dlog (char *string){}
void mm_critical (MAILSTREAM *stream) {}
void mm_nocritical (MAILSTREAM *stream) {}
long mm_diskerror (MAILSTREAM *stream,long errcode,long serious) {}
void mm_fatal (char *string) {}

--- NEW FILE: filtercmd.h ---

/* error definitions */
#define ERR_OK 0
#define ERR_NO_RC_FILE 1
#define ERR_NO_CMD 2
#define ERR_USAGE 3
#define ERR_INVALID_COMMAND 4
#define ERR_USER_IS_ROOT 5
#define ERR_BAD_RC_PATH 6
#define ERR_BAD_TEMP_PATH 7
#define ERR_COPY_CANT_OPEN_SRC 8
#define ERR_COPY_CANT_OPEN_DEST 9
#define ERR_NEED_CREDENTIALS 10
#define ERR_CANT_READ_IMAP_SERVER 11
#define ERR_BAD_UID_GID 12
#define ERR_BAD_CREDENTIALS 13
#define ERR_BAD_LIBRARY 14

static char *err_strings[] = {
/* non error (error index 0) */
"",

/* silent error -- rcexists false result */
"",

"You forgot to provide a command.\n",

/* placeholder - usage errors are expected to be printed directly */
"Usage error - consult filtercmd.c\n",  

"Invalid command specified.\n",

/* this command will refuse to handles root's filter files */
"The root user cannot be edited for security reasons\n",

"rc file path fails checks\n",

"temp file path fails checks\n",

"Can't open source file\n",

"Can't open destination file\n",

"Credentials not passed correctly\n",

"Can't read imap server from configfile\n",

"Can't find uid/gid for user\n",

"Bad credentials\n",

"Can't verify credentials, IMAP not supported by library\n",

};

Index: Makefile
===================================================================
RCS file: /cvsroot/serverfilters/script/Makefile,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** Makefile	13 Dec 2003 23:42:30 -0000	1.2
--- Makefile	14 Dec 2003 20:55:27 -0000	1.3
***************
*** 1,11 ****
! LIBS=-lc-client -lssl -lpam -L/usr/kerberos/lib/ -lgssapi_krb5
  
  all: filtercmd
  
! filtercmd: filtercmd.c filtercmd.opts
! 	gcc -o filtercmd filtercmd.c `cat filtercmd.opts` $(LIBS)
  	chmod 4750 filtercmd
! 	chown root:http filtercmd
  
  test: test.sh filtercmd
  	sh test.sh
--- 1,28 ----
! HTTPD_GROUP=apache
! CFLAGS=
! #CFLAGS=-DDEBUG
! 
! # c-client credentials checking
! CHECKCREDS=checkcreds_cclient.o
! LIBS=/usr/src/local/pine4.58/imap/c-client/c-client.a -lssl -lpam -L/usr/kerberos/lib/ -lgssapi_krb5 -lcrypt
! I=/usr/src/local/pine4.58/imap/c-client/
! CCLIENT_CFLAGS=-I$I '-DMAIL_H="mail.h"' '-DLINKAGE_C="linkage.c"' -DIMAP_TIMEOUT=2
  
  all: filtercmd
  
! filtercmd: filtercmd.o $(CHECKCREDS)
! 	gcc -o filtercmd filtercmd.o $(CHECKCREDS) $(LIBS) 
  	chmod 4750 filtercmd
! 	chown root:$(HTTPD_GROUP) filtercmd
! 
! filtercmd.o: filtercmd.c filtercmd.opts
! 	gcc -c filtercmd.c $(CFLAGS) `cat filtercmd.opts`
! 
! checkcreds_cclient.o: checkcreds_cclient.c
! 	gcc -c checkcreds_cclient.c $(CFLAGS) $(CCLIENT_CFLAGS)
  
  test: test.sh filtercmd
  	sh test.sh
+ 
+ clean:
+ 	rm *.o *~

Index: filtercmd.c
===================================================================
RCS file: /cvsroot/serverfilters/script/filtercmd.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** filtercmd.c	13 Dec 2003 23:42:30 -0000	1.4
--- filtercmd.c	14 Dec 2003 20:55:27 -0000	1.5
***************
*** 6,10 ****
  #define MAXLEN 1024
  
! 
  
  #include <stdio.h>
--- 6,10 ----
  #define MAXLEN 1024
  
! /* define DEBUG for debugging output */
  
  #include <stdio.h>
***************
*** 14,20 ****
  #include <sys/stat.h>
  #include <pwd.h>
! 
! // c-client library
! #include <imap/mail.h>
  
  void eperror(register char *);
--- 14,18 ----
  #include <sys/stat.h>
  #include <pwd.h>
! #include "filtercmd.h"
  
  void eperror(register char *);
***************
*** 27,80 ****
  int  checkpath(char*, char*);
  int  validpath(char*, char**);
! 
! /* error definitions */
! #define ERR_NO_RC_FILE 1
! #define ERR_NO_CMD 2
! #define ERR_USAGE 3
! #define ERR_INVALID_COMMAND 4
! #define ERR_USER_IS_ROOT 5
! #define ERR_BAD_RC_PATH 6
! #define ERR_BAD_TEMP_PATH 7
! #define ERR_COPY_CANT_OPEN_SRC 8
! #define ERR_COPY_CANT_OPEN_DEST 9
! #define ERR_NEED_CREDENTIALS 10
! #define ERR_CANT_READ_IMAP_SERVER 11
! #define ERR_BAD_UID_GID 12
! #define ERR_BAD_CREDENTIALS 13
! 
! static char *err_strings[] = {
! /* non error (error index 0) */
! "",
! 
! /* silent error -- rcexists false result */
! "",
! 
! "You forgot to provide a command.\n",
! 
! /* placeholder - usage errors are expected to be printed directly */
! "Usage error - consult filtercmd.c\n",  
! 
! "Invalid command specified.\n",
! 
! /* this command will refuse to handles root's filter files */
! "The root user cannot be edited for security reasons\n",
! 
! "rc file path fails checks\n",
! 
! "temp file path fails checks\n",
! 
! "Can't open source file\n",
! 
! "Can't open destination file\n",
! 
! "Credentials not passed correctly\n",
! 
! "Can't read imap server from configfile\n",
! 
! "Can't find uid/gid for user\n",
! 
! "Bad credentials\n",
! 
! };
  
  int main(int argc, char *argv[]){
--- 25,29 ----
  int  checkpath(char*, char*);
  int  validpath(char*, char**);
! int  checkcredentials(char*, char*, char*);
  
  int main(int argc, char *argv[]){
***************
*** 110,115 ****
  	if((setuid(UID)) < 0) eperror("setuid");
  
! 	if (!checkcredentials(imap_server, user, passwd)) {
! 		return inerror(ERR_BAD_CREDENTIALS);
  	}
  
--- 59,64 ----
  	if((setuid(UID)) < 0) eperror("setuid");
  
! 	if (i = checkcredentials(imap_server, user, passwd)) {
! 		return inerror(i);
  	}
  
***************
*** 228,283 ****
  	return 1;
  }
- 
- static char *callback_user, *callback_passwd;
- 
- int checkcredentials(imapserver, user, passwd) 
- char *imapserver;
- char *user;
- char *passwd;
- {
- 	char mailboxname[STR_MAX];
- 	int result, debug = 1;
- 	MAILSTREAM *stream;
- 
- 	/*DEBUG*/
- 	printf("checkcredentials: imap://%s:%s@%s\n", user, passwd, imapserver);
- 
-         /* we expect these to be accessed before this function returns */
- 	callback_user = user;
- 	callback_passwd = passwd;
- 
- 	snprintf(mailboxname, STR_MAX, "{%s/service=imap}", imapserver);
- 
- 	stream = mail_open(NIL, mailboxname, debug);
- 
- 	return stream != NIL;
- }
- 
- /* we must store user and password when this is called */
- void mm_login (NETMBX *mb,char *user,char *pwd,long trial) {
- 	/* we hope the buffers are big enough */
- 	strcpy(user, callback_user);
- 	strcpy(pwd, callback_passwd);
- }
- void mm_log (char *string,long errflg) {
- 	/*DEBUG*/
- 	printf("mm_log: %s\n", string);
- }
- 
- 
- /* c-client callbacks */
- void mm_flags (MAILSTREAM *stream,unsigned long number){}
- void mm_status (MAILSTREAM *stream,char *mailbox,MAILSTATUS *status){}
- void mm_searched (MAILSTREAM *stream,unsigned long number){}
- void mm_exists (MAILSTREAM *stream,unsigned long number){}
- void mm_expunged (MAILSTREAM *stream,unsigned long number){}
- void mm_list (MAILSTREAM *stream,int delimiter,char *name,long attributes) {}
- void mm_lsub (MAILSTREAM *stream,int delimiter,char *name,long attributes) {}
- void mm_notify (MAILSTREAM *stream,char *string,long errflg){}
- void mm_dlog (char *string){}
- void mm_critical (MAILSTREAM *stream) {}
- void mm_nocritical (MAILSTREAM *stream) {}
- long mm_diskerror (MAILSTREAM *stream,long errcode,long serious) {}
- void mm_fatal (char *string) {}
  
  int parsephpstring(varname, line, dest, destlen)
--- 177,180 ----

Index: test.sh
===================================================================
RCS file: /cvsroot/serverfilters/script/test.sh,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** test.sh	13 Dec 2003 19:47:39 -0000	1.1
--- test.sh	14 Dec 2003 20:55:27 -0000	1.2
***************
*** 1,2 ****
! (echo $USER; echo a_password) | ./filtercmd getrc /home/$USER/.procmailrc /tmp/test || echo "RESULT:" $?
  
--- 1,2 ----
! (echo someuser; echo somepassword) | ./filtercmd getrc /home/tony/.procmailrc /tmp/test; echo "RESULT:" $?