Re: PAM e POP3

Tue, 7 Sep 1999 06:20:03 -0700 

                    Hello, Alfredo!

On Tue, 7 Sep 1999, Alfredo Scotto wrote:

>Hi at All,
>Samebody have or know a POP3 server with PAM as
>User authentification?

Here is the patch for cucipop-1.31, that makes it understands PAM.

You need to add '-DUSE_PAM' to Makefile's CFLAGS and '-lpam -ldl' to LDFLAGS.
The /etc/pamd.conf section is the following:

pop3    auth       required   pam_pwdb.so
pop3    account    required   pam_pwdb.so

Bye.
--
Humans are communications junkies.  We just can't get enough.
                -- Alan Kay

--
    With best of best regards, Pawel S. Veselov (aka Black Angel)
       Web page : http://i.am/BlackAngel | ICQ UIN : 5252265
                   Internet e-mail : [EMAIL PROTECTED]

diff -urN cucipop-1.31.old/authenticate.c cucipop-1.31/authenticate.c
--- cucipop-1.31.old/authenticate.c     Tue Sep  7 16:24:29 1999
+++ cucipop-1.31/authenticate.c Tue Sep  7 18:07:56 1999
@@ -30,6 +30,15 @@
 #include <string.h>
 #include <stdlib.h>
 
+#ifdef USE_PAM
+#undef SHADOW_PASSWD
+#include <security/pam_appl.h>
+#define CALL_PAM(x)    if ((err=(x))!=PAM_SUCCESS) { \
+    fprintf(stdout, "pam: %s\n",pam_strerror(pamh,err)); \
+       pam_end(pamh, 0); return 0; }
+char * mpw  = (char *)NULL;
+#endif
+
 #ifdef SHADOW_PASSWD
 #include <shadow.h>
 #endif
@@ -182,9 +191,27 @@
   return &authi;                                              /* user found */
 }
 
+#ifdef USE_PAM
+    int my_conv(int msg_num, const struct pam_message **msg,
+           struct pam_response **resp, void *app) {
+       /* this may be wrong, I don't check msg_num */
+       struct pam_response *reply;
+
+       reply=(struct pam_response *)malloc(sizeof(struct pam_response));
+       reply->resp = (char *)malloc(strlen(mpw)+1);
+       bzero(reply->resp, strlen(mpw)+1);
+       strcpy(reply->resp, mpw);
+       reply->resp_retcode = 0;
+       *resp = reply;
+
+       return PAM_SUCCESS;
+    }
+#endif
+
 #ifndef PROCMAIL
 int auth_checkpassword(pass,pw,allowemptypw)const auth_identity*const pass;
  const char*const pw;const int allowemptypw;
+#ifndef USE_PAM
 { const char*rpw;
   rpw=pass->pw->pw_passwd;          /* get the regular (encrypted) password */
 #ifdef SHADOW_PASSWD
@@ -197,6 +224,29 @@
      return allowemptypw;                          /* should we allow this? */
   return !strcmp(rpw,crypt(pw,rpw));               /* compare the passwords */
 }
+#else
+{
+pam_handle_t *pamh;
+int err;
+struct pam_conv converse = {
+    my_conv,
+    (void *)NULL
+};
+    CALL_PAM(pam_start("pop3", pass->pw->pw_name, &converse, &pamh));
+    CALL_PAM(pam_fail_delay(pamh, 1000));
+    if (mpw) {
+       free(mpw);
+       mpw = (char *)NULL;
+    }
+    mpw = malloc(strlen(pw)+1);
+    bzero(mpw, strlen(pw)+1);
+    strcpy(mpw, pw);
+    CALL_PAM(pam_authenticate(pamh, 0));
+    CALL_PAM(pam_acct_mgmt(pamh, 0));
+    CALL_PAM(pam_end(pamh,0));
+    return 1;
+}
+#endif
 
 const char*auth_getsecret(pass)const auth_identity*const pass;
 { return authi.usersecret;

Reply via email to