[Dbmail-dev] Webmail ready dbmail

John Hansen Sun, 6 Jun 2004 22:43:16 +0200 (CEST)

Hi all,

attached, a patch + sql for postgresql that should make life easier when
using dbmail as a backend for webmail when also having the same
database/dbmail installation used for pop3/imap access for other users.


Simply add all users to the webmail_users table after adding them with
dbmail-adduser. I have not patched dbmail-adduser to do this.

two columns in webmail_users restricts access.

enabled, and popenabled. both boolean fields.

if enabled = true, user is allowed to connect from localhost only.
if popenabled is true as well, user can connect from any ip.
Note that popenabled = true and enabled = false means no access from
anywhere.

So setting enabled = false effectively disables pop/imap access, but
mail is still delivered to the users inbox, and when reenabled, no need
to reset passwords.

regards,

John

diff -urNad /usr/src/build/dbmail-2.0/auth/authldap.c /usr/src/build/dbmail-2.0-1a/auth/authldap.c
--- /usr/src/build/dbmail-2.0/auth/authldap.c	2004-04-02 22:21:53.000000000 +1000
+++ dbmail-2.0-1a/auth/authldap.c	2004-06-07 03:22:35.000000000 +1000
@@ -1906,7 +1906,7 @@
  *
  * returns useridnr on OK, 0 on validation failed, -1 on error 
  */
-int auth_validate(char *username, char *password, u64_t * user_idnr)
+int auth_validate(char *username, char *password, u64_t * user_idnr, char *client_ip)
 {
 	timestring_t timestring;
 
@@ -1975,7 +1975,7 @@
 /* returns useridnr on OK, 0 on validation failed, -1 on error */
 u64_t auth_md5_validate(char *username UNUSED,
 			unsigned char *md5_apop_he UNUSED,
-			char *apop_stamp UNUSED)
+			char *apop_stamp UNUSED, char *client_ip UNUSED)
 {
 
 	return 0;
diff -urNad /usr/src/build/dbmail-2.0/auth/authsql.c /usr/src/build/dbmail-2.0-1a/auth/authsql.c
--- /usr/src/build/dbmail-2.0/auth/authsql.c	2004-05-05 18:59:02.000000000 +1000
+++ dbmail-2.0-1a/auth/authsql.c	2004-06-07 03:50:31.000000000 +1000
@@ -589,7 +589,7 @@
 	return 0;
 }
 
-int auth_validate(char *username, char *password, u64_t * user_idnr)
+int auth_validate(char *username, char *password, u64_t * user_idnr, char *client_ip)
 {
 	const char *query_result;
 	int is_validated = 0;
@@ -623,8 +623,9 @@
 	db_escape_string(escuser, username, strlen(username));
 
 	snprintf(__auth_query_data, AUTH_QUERY_SIZE,
-		 "SELECT user_idnr, passwd, encryption_type FROM users "
-		 "WHERE userid = '%s'", escuser);
+		 "SELECT u.user_idnr, u.passwd, u.encryption_type, w.enabled, w.popenabled FROM users u "
+		 "INNER JOIN webmail_users w ON u.user_idnr = w.user_idnr "
+		 "WHERE u.userid = '%s'", escuser);
 
 	if (__auth_query(__auth_query_data) == -1) {
 		trace(TRACE_ERROR,
@@ -643,7 +644,6 @@
 
 	/* get encryption type */
 	query_result = db_get_result(0, 2);
-
 	if (!query_result || strcasecmp(query_result, "") == 0) {
 		trace(TRACE_DEBUG,
 		      "%s,%s: validating using cleartext passwords",
@@ -697,6 +697,15 @@
 		    (strncmp(makemd5(password), query_result, 32) ==
 		     0) ? 1 : 0;
 	}
+	
+	// is the mailbox enabled?
+	query_result = db_get_result(0, 3);
+	is_validated = (strncmp("t", query_result, 1) == 0) ? 1 : 0;
+	if(is_validated) {
+	    // is the mailbox enabled for non-localhost access?
+	    query_result = db_get_result(0, 4);
+	    is_validated = ( (strncmp("t", query_result, 1) == 0) || (strncmp("127.0.0.1", client_ip, 9) == 0) ) ? 1 : 0;
+	}
 
 	if (is_validated) {
 		query_result = db_get_result(0, 0);
@@ -723,7 +732,7 @@
 }
 
 u64_t auth_md5_validate(char *username, unsigned char *md5_apop_he,
-			char *apop_stamp)
+			char *apop_stamp, char *client_ip)
 {
 	/* returns useridnr on OK, 0 on validation failed, -1 on error */
 	char *checkstring;
@@ -731,11 +740,13 @@
 	u64_t user_idnr;
 	const char *query_result;
 	timestring_t timestring;
+	int is_validated = 0;
 
 	create_current_timestring(&timestring);
 	snprintf(__auth_query_data, AUTH_QUERY_SIZE,
-		 "SELECT passwd,user_idnr FROM users WHERE "
-		 "userid='%s'", username);
+		 "SELECT u.passwd, u.user_idnr, w.enabled, w.popenabled FROM users u "
+		 "INNER JOIN webmail_users w ON u.user_idnr = w.user_idnr "
+		 "WHERE u.userid = '%s'", username);
 
 	if (__auth_query(__auth_query_data) == -1) {
 		return -1;
@@ -780,6 +791,14 @@
 		query_result = db_get_result(0, 1);
 		user_idnr =
 		    (query_result) ? strtoull(query_result, NULL, 10) : 0;
+		// is the mailbox enabled?
+		query_result = db_get_result(0, 2);
+		is_validated = (strncmp("t", query_result, 1) == 0) ? 1 : 0;
+		if(is_validated) {
+		    // is the mailbox enabled for non-localhost access?
+		    query_result = db_get_result(0, 3);
+		    is_validated = ( (strncmp("t", query_result, 1) == 0) || (strncmp("127.0.0.1", client_ip, 9) == 0) ) ? 1 : 0;
+		}
 		db_free_result();
 		my_free(checkstring);
 
@@ -793,8 +812,14 @@
 			trace(TRACE_ERROR,
 			      "%s,%s: could not update user login time",
 			      __FILE__, __FUNCTION__);
-
-		return user_idnr;
+		if(is_validated)
+		    return user_idnr;
+		else
+		{
+		    trace(TRACE_MESSAGE, "%s,%s: user [%s] could not be validated",
+	    		__FILE__, __FUNCTION__, username);
+		    return 0;
+		}
 	}
 
 	trace(TRACE_MESSAGE, "%s,%s: user [%s] could not be validated",
diff -urNad /usr/src/build/dbmail-2.0/auth.h /usr/src/build/dbmail-2.0-1a/auth.h
--- /usr/src/build/dbmail-2.0/auth.h	2004-04-22 20:14:35.000000000 +1000
+++ dbmail-2.0-1a/auth.h	2004-06-07 03:22:02.000000000 +1000
@@ -217,7 +217,7 @@
  *     -  0 if not validated
  *     -  1 if OK
  */
-int auth_validate(char *username, char *password, u64_t * user_idnr);
+int auth_validate(char *username, char *password, u64_t * user_idnr, char *client_ip);
 
 /** 
  * \brief try tp validate a user using md5 hash
@@ -230,7 +230,7 @@
  *      -  user_idrn if OK
  */
 u64_t auth_md5_validate(char *username, unsigned char *md5_apop_he,
-			char *apop_stamp);
+			char *apop_stamp, char *client_ip);
 
 /**
  * \brief get username for a user_idnr
diff -urNad /usr/src/build/dbmail-2.0/imapcommands.c /usr/src/build/dbmail-2.0-1a/imapcommands.c
--- /usr/src/build/dbmail-2.0/imapcommands.c	2004-05-13 00:54:22.000000000 +1000
+++ dbmail-2.0-1a/imapcommands.c	2004-06-07 03:18:10.000000000 +1000
@@ -179,7 +179,7 @@
 		return 1;	/* error, return */
 
 	trace(TRACE_DEBUG, "_ic_login(): trying to validate user");
-	validate_result = auth_validate(args[0], args[1], &userid);
+	validate_result = auth_validate(args[0], args[1], &userid, ci->ip);
 	trace(TRACE_MESSAGE,
 	      "_ic_login(): user (id:%llu, name %s) tries login",
 	      userid, args[0]);
@@ -290,7 +290,7 @@
 
 
 	/* try to validate user */
-	validate_result = auth_validate(username, pass, &userid);
+	validate_result = auth_validate(username, pass, &userid, ci->ip);
 
 	if (validate_result == -1) {
 		/* a db-error occurred */
diff -urNad /usr/src/build/dbmail-2.0/pop3.c /usr/src/build/dbmail-2.0-1a/pop3.c
--- /usr/src/build/dbmail-2.0/pop3.c	2004-03-20 05:36:59.000000000 +1100
+++ dbmail-2.0-1a/pop3.c	2004-06-07 03:20:28.000000000 +1000
@@ -430,7 +430,7 @@
 			/* check in authorization layer if these credentials are correct */
 			validate_result = auth_validate(session->username,
 							session->password,
-							&result);
+							&result, client_ip);
 			switch (validate_result) {
 			case -1:
 				session->SessionResult = 3;
@@ -855,7 +855,7 @@
 			result =
 			    auth_md5_validate(session->username,
 					      md5_apop_he,
-					      session->apop_stamp);
+					      session->apop_stamp, client_ip);
 
 			my_free(md5_apop_he);
 			md5_apop_he = 0;

CREATE TABLE webmail_users (
    user_idnr bigint NOT NULL,
    title character(5) NOT NULL,
    "first" character varying(25) NOT NULL,
    "last" character varying(25) NOT NULL,
    organisation character varying(50) NOT NULL,
    email character varying(50) NOT NULL,
    address character varying(50) NOT NULL,
    town character varying(50) NOT NULL,
    state character varying(15) NOT NULL,
    pcode character(4) DEFAULT '0000'::bpchar NOT NULL,
    country character varying(25) DEFAULT 'Australia'::character varying NOT NULL,
    age character(6) NOT NULL,
    gender character(7) NOT NULL,
    securityq smallint NOT NULL,
    securitya character varying(25) NOT NULL,
    enabled boolean DEFAULT false NOT NULL,
    popenabled boolean DEFAULT false NOT NULL
);

ALTER TABLE ONLY webmail_users
    ADD CONSTRAINT webmail_users_pkey PRIMARY KEY (user_idnr);

ALTER TABLE ONLY webmail_users
    ADD CONSTRAINT webmail_users_fkey FOREIGN KEY (user_idnr) REFERENCES users(user_idnr) ON UPDATE CASCADE ON DELETE CASCADE;

[Dbmail-dev] Webmail ready dbmail

Reply via email to