RE: Any Decent IMAP server? [single-uid interface]
Darcy Buskermolen [mailto:[EMAIL PROTECTED]] wrote: > What I did for a very simular project was develop a replacement to getpwent > for uwimad. > > then when linking the Imap server, Just include the new "getpwent" instead > of the standard system one and away you go. if you require more info on > this let me know and I'll send my getpwent to you. How do you deal with password checking? Seems to me that your username would get passed to the pam library (or whatever your system does) and then fail. Did you also hack up the checkpw function? Please send a copy to me. Right now I'm trying to figure out if it's worth taking the time to package my thing up nicely and release it open source style. That means it has gotta: (a) be a good solution for what other people want to do (and no way better solution already floating around), (b) and be something that more than a couple people want - David Harris Principal Engineer, DRH Internet Services
RE: Any Decent IMAP server? [single-uid interface]
What I did for a very simular project was develop a replacement to getpwent for uwimad. then when linking the Imap server, Just include the new "getpwent" instead of the standard system one and away you go. if you require more info on this let me know and I'll send my getpwent to you. At 11:57 AM 12/2/99 -0500, David Harris wrote: > >Make the username be in the form "user%domain.com". Then look these up in a >database or DB File or cdb to get the home directory, the encoded password, and >(if they are not all running under the same user) the unix username to switch >to. > > - David Harris > Principal Engineer, DRH Internet Services > > >-Original Message- >From: Denis Voitenko [mailto:[EMAIL PROTECTED]] >Sent: Thursday, December 02, 1999 2:54 PM >To:David Harris; Thomas Neumann >Cc: Philip Gabbert; qmail >Subject: Re: Any Decent IMAP server? [single-uid interface] > >While digging thru the code... > >Here's a situation. Let's say you've got a poopload of virtual domains all >pointing to a single IP address (a cheap solution =8-)) and of course there >is a ton of overlapping names. How would you authenticate those users? Would >you include a domain in the login as you did before? Like denis-o3m.com ? >Maybe I am missing something... > >Denis Voitenko >Tel: 856 809-9252 >Mail: [EMAIL PROTECTED] >ICQ: 9396092 > > > > >
RE: Any Decent IMAP server? [single-uid interface]
Make the username be in the form "user%domain.com". Then look these up in a database or DB File or cdb to get the home directory, the encoded password, and (if they are not all running under the same user) the unix username to switch to. - David Harris Principal Engineer, DRH Internet Services -Original Message- From: Denis Voitenko [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 02, 1999 2:54 PM To: David Harris; Thomas Neumann Cc: Philip Gabbert; qmail Subject: Re: Any Decent IMAP server? [single-uid interface] While digging thru the code... Here's a situation. Let's say you've got a poopload of virtual domains all pointing to a single IP address (a cheap solution =8-)) and of course there is a ton of overlapping names. How would you authenticate those users? Would you include a domain in the login as you did before? Like denis-o3m.com ? Maybe I am missing something... Denis Voitenko Tel: 856 809-9252 Mail: [EMAIL PROTECTED] ICQ: 9396092
Re: Any Decent IMAP server? [single-uid interface]
While digging thru the code... Here's a situation. Let's say you've got a poopload of virtual domains all pointing to a single IP address (a cheap solution =8-)) and of course there is a ton of overlapping names. How would you authenticate those users? Would you include a domain in the login as you did before? Like denis-o3m.com ? Maybe I am missing something... Denis Voitenko Tel: 856 809-9252 Mail: [EMAIL PROTECTED] ICQ: 9396092 - Original Message - From: David Harris <[EMAIL PROTECTED]> To: Thomas Neumann <[EMAIL PROTECTED]>; Denis Voitenko <[EMAIL PROTECTED]> Cc: Philip Gabbert <[EMAIL PROTECTED]>; qmail <[EMAIL PROTECTED]>; David Harris <[EMAIL PROTECTED]> Sent: Thursday, December 02, 1999 7:47 AM Subject: RE: Any Decent IMAP server? [single-uid interface] > > Baah... I figure that I'll just provide my interface for now to let you all see > if this is something that would be useful. I think I've made it general enough > to write anything you want in the authentication/authorization function. > > begin interface description - > > Here is the relevant data from vpop.h: > > vpop__data* vpop__userauthen (char* username, char* password, char* > default_base_username); > > typedef struct { > int valid_form; > int valid_user; > char* unix_username; > char* virtual_username; > char* black_box_home; > int authenticated; > char* log_error; > } vpop__data; > > The function vpop__userauthen is called whenever a user is trying to > authenticate with the system. It is called _before_ any unix usernames are > checked. Depending on the values in the returned vpop__data structure, the > username and password will or will not be checked as a valid UNIX username. > > Here are the details... > > vpop__useauthen is called with, of course, the username and the password of the > user trying to connect. However "default_base_username" is a little weird. If > c-client is trying to login a user and it is not running as root it will > provide the username of the current user in default_base_username here. If > c-client is running as root, and can switch to any user then this will e NULL. > (You will not get a non-NULL value from imapd but rather from tools like dmail > in the imap-utils package. These tools are used for things like local delivery > and are already running as the correct UNIX user.) > > vpop__userauthen then gets to control what c-client does by the structure it > returns... here are what the values mean > > * valid_form specifies if the username looks like a virtual username. If this > is returned as true, c-client does not try to check the username and password > as a UNIX user. If valid_form is false, vpop__userauthen should set it false > and just return there. > > * valid_user specifies if this username is a valid username. This can only be > true if valid_form is true. > > * unix_username specifies the UNIX username that we should switch uid/gid to > when accessing the mail of the virtual user. > > * virtual_username specifies the virtual username of the virtual e-mail > account. Does not have to be a valid login user or anything. Not currently used > for anything. :-) > > * black_box_home specifies the directory where the e-mail for this user will > be stored. unix_username should have write permission here. The user is locked > down into this directory and now allowed to get mail from anywhere else in the > system. > > * authenticated specifies if the password was correct. Even if the supplied > password was incorrect vpop__userauthen is required to set the unix_username, > virtual_username, and black_box_home values. This is because sometimes this > information is needed without password authentication outside of imapd, such as > when dmail is used to deliver to a virtual e-mail user. > > * log_error is a string to log as an error. If this is not NULL, it will be > written to the standard c-client error reporting device. Inside of imapd this > will work its way into syslog. > > end interface description - > > I figure that someone could just write a vpop__userauthen function to run a > little external program, such as interfacing to one of the currently existing > virtual user packages. Other hackers could just write their own site specific > vpop__userauthen functions like I have done. > > Oh, one note. This is really an imapd and ipop3d server together. The c-client > library is modified which is used by imapd, ipop3d, and imap-utils. This way > you write this once function and it works for all your mail server programs. > > - David Harris >Principal Engineer, DRH Internet Services > > >
RE: Any Decent IMAP server? [single-uid interface]
Baah... I figure that I'll just provide my interface for now to let you all see if this is something that would be useful. I think I've made it general enough to write anything you want in the authentication/authorization function. begin interface description - Here is the relevant data from vpop.h: vpop__data* vpop__userauthen (char* username, char* password, char* default_base_username); typedef struct { int valid_form; int valid_user; char* unix_username; char* virtual_username; char* black_box_home; int authenticated; char* log_error; } vpop__data; The function vpop__userauthen is called whenever a user is trying to authenticate with the system. It is called _before_ any unix usernames are checked. Depending on the values in the returned vpop__data structure, the username and password will or will not be checked as a valid UNIX username. Here are the details... vpop__useauthen is called with, of course, the username and the password of the user trying to connect. However "default_base_username" is a little weird. If c-client is trying to login a user and it is not running as root it will provide the username of the current user in default_base_username here. If c-client is running as root, and can switch to any user then this will e NULL. (You will not get a non-NULL value from imapd but rather from tools like dmail in the imap-utils package. These tools are used for things like local delivery and are already running as the correct UNIX user.) vpop__userauthen then gets to control what c-client does by the structure it returns... here are what the values mean * valid_form specifies if the username looks like a virtual username. If this is returned as true, c-client does not try to check the username and password as a UNIX user. If valid_form is false, vpop__userauthen should set it false and just return there. * valid_user specifies if this username is a valid username. This can only be true if valid_form is true. * unix_username specifies the UNIX username that we should switch uid/gid to when accessing the mail of the virtual user. * virtual_username specifies the virtual username of the virtual e-mail account. Does not have to be a valid login user or anything. Not currently used for anything. :-) * black_box_home specifies the directory where the e-mail for this user will be stored. unix_username should have write permission here. The user is locked down into this directory and now allowed to get mail from anywhere else in the system. * authenticated specifies if the password was correct. Even if the supplied password was incorrect vpop__userauthen is required to set the unix_username, virtual_username, and black_box_home values. This is because sometimes this information is needed without password authentication outside of imapd, such as when dmail is used to deliver to a virtual e-mail user. * log_error is a string to log as an error. If this is not NULL, it will be written to the standard c-client error reporting device. Inside of imapd this will work its way into syslog. end interface description - I figure that someone could just write a vpop__userauthen function to run a little external program, such as interfacing to one of the currently existing virtual user packages. Other hackers could just write their own site specific vpop__userauthen functions like I have done. Oh, one note. This is really an imapd and ipop3d server together. The c-client library is modified which is used by imapd, ipop3d, and imap-utils. This way you write this once function and it works for all your mail server programs. - David Harris Principal Engineer, DRH Internet Services