Re: auth_imap drop conn. when auth fail.

Thu, 23 May 2002 11:05:00 -0700 

Hi,

Chris Leung writes:
>       I found that my auth_imap & auth_pop of qmail-ldap will drop
> connection at once when user failure to auth themselves.  But when ldapdb
> don't exits such user, it can response 'NO Login failed.' insetad of close
> the connection at once.... e.g. following is a sample seesion.

The pop daemon is supposed to behave this way (ie close the connection
if the auth fails, whether the user exists or not).

As for auth_imap, I believe there's a bug in it. The patch below
corrects the problem (courier-imap uses the AUTHARGC env var, not
ARGC) and removes unneeded code if you run courier like this:

.../imaplogin .../auth_imap .../imapd Maildir

(ie you don't stack authentication modules)

Regards,

--
Adriano

------------------------------------------------

--- auth_imap.c.ori     Thu Jan 24 19:24:07 2002
+++ auth_imap.c Mon Jan 28 15:07:11 2002
@@ -152,52 +152,6 @@
 /* Checks if it was a hard fail (bad password) or just a soft error 
  * (user not found) argc and argv are the arguments of the next auth_module. */
 {
-       int i;
-       int pi[2];
-       char *t;
-       t = up;
-       
-       log(2, "warning: auth_fail: user %s failed\n", login);
-       if ( qldap_errno == AUTH_NOSUCH ) {
-               log(4, "warning: auth_fail: user %s not found\n", login);
-               if ( !env_unset("AUTHENTICATED") ) {
-                       qldap_errno = ERRNO;
-                       auth_error();
-               }
-               for( i=0; i<uplen; i++ ) if ( !up[i] ) { up[i] = '\n'; }
-               close(3);
-               if (pipe(pi) == -1) {
-                       qldap_errno = ERRNO;
-                       auth_error();
-               }
-               if (pi[0] != 3) { /* be serious, we closed 3 so ... */
-                       qldap_errno = AUTH_PANIC;
-                       auth_error();
-               }
-               switch( fork() ) {
-                       case -1:
-                               qldap_errno = ERRNO;
-                               auth_error();
-                       case 0:
-                               close(pi[1]);
-                               sig_pipedefault();
-                               execvp( argv[1],argv + 1); /* start next auth module */
-                               qldap_errno = ERRNO;
-                               auth_error();
-               }
-               close(pi[0]);
-               while (uplen) {
-                       i = write(pi[1],t,uplen);
-                       if (i == -1) {
-                               if (errno == error_intr) continue;
-                               /* note that some data may have been written */
-                       }
-                       t += i;
-                       uplen -= i;
-               }
-               close(pi[1]);
-               _exit(0);
-       }
        auth_error(); /* complete failure */
 }
 
@@ -339,7 +293,7 @@
 
        log(2, "warning: auth_error: authorization failed (%s)\n",
                   qldap_err_str(qldap_errno) );
-       if (! (env = env_get("ARGC") ) ) {
+       if (! (env = env_get("AUTHARGC") ) ) {
                _exit(111);
        }
        scan_ulong(env, &numarg);

Reply via email to