On 14/02/2007 19:52, Timo Sirainen wrote:
I propose to amend the syntax of the PAM service name in dovecot.conf, [...] I think I'll add the %c variable and than allow the PAM service name to contain %variables. So you can then use eg. "dovecot%c" as the service name and it expands to "dovecot" / "dovecotsecure" or something. [...] In auth_request_import() check if key contains "secured". If it does, it's SSL/TLS. Add such bitfield to struct auth_request. Then use it in
On Wed, 2007-02-14 at 19:17 +0000, John Robinson wrote: the PAM code.
Something like the attached? I've done both the %c patch myself (it expands to "secured") and sent the service name for expansion. It appears to work for me (I successfully used "dovecot%3c" with PAM files dovecot and dovecotsec), but I'd be very grateful if you'd look it over and see if there are any horrible errors in it - and if it's not too bad, feel free to include it in the distribution. Cheers, John. diff -ur --exclude='*.orig' --exclude='*.rej' --exclude='*~' dovecot-1.0.rc22.orig/src/auth/auth-request.c dovecot-1.0.rc22/src/auth/auth-request.c --- dovecot-1.0.rc22.orig/src/auth/auth-request.c 2007-01-24 16:35:00.000000000 +0000 +++ dovecot-1.0.rc22/src/auth/auth-request.c 2007-02-18 12:50:19.000000000 +0000 @@ -155,6 +155,8 @@ net_addr2ip(value, &request->local_ip); else if (strcmp(key, "rip") == 0) net_addr2ip(value, &request->remote_ip); + else if (strcmp(key, "secured") == 0) + request->tls_secured = 1; else return FALSE; @@ -1017,6 +1019,7 @@ { 'p', NULL }, { 'w', NULL }, { '!', NULL }, + { 'c', NULL }, { '\0', NULL } }; struct var_expand_table *tab; @@ -1051,6 +1054,7 @@ tab[9].value = auth_request->passdb == NULL ? "" : dec2str(auth_request->passdb->id); } + tab[10].value = auth_request->tls_secured ? "secured" : ""; return tab; } diff -ur --exclude='*.orig' --exclude='*.rej' --exclude='*~' dovecot-1.0.rc22.orig/src/auth/auth-request.h dovecot-1.0.rc22/src/auth/auth-request.h --- dovecot-1.0.rc22.orig/src/auth/auth-request.h 2007-01-16 13:21:58.000000000 +0000 +++ dovecot-1.0.rc22/src/auth/auth-request.h 2007-02-18 12:50:59.000000000 +0000 @@ -81,6 +81,7 @@ unsigned int proxy:1; unsigned int cert_username:1; unsigned int userdb_lookup:1; + unsigned int tls_secured:1; /* ... mechanism specific data ... */ }; diff -ur --exclude='*.orig' --exclude='*.rej' --exclude='*~' dovecot-1.0.rc22.orig/src/auth/passdb-pam.c dovecot-1.0.rc22/src/auth/passdb-pam.c --- dovecot-1.0.rc22.orig/src/auth/passdb-pam.c 2006-12-03 16:57:23.000000000 +0000 +++ dovecot-1.0.rc22/src/auth/passdb-pam.c 2007-02-18 12:47:35.000000000 +0000 @@ -393,9 +393,20 @@ const char *service; int fd[2]; pid_t pid; + const struct var_expand_table *table; + string_t *expanded_service; - service = module->service_name != NULL ? - module->service_name : request->service; + if (module->service_name == NULL) { + service = request->service; + } else { + t_push(); + expanded_service = t_str_new(256); + table = auth_request_get_var_expand_table(request, + auth_request_str_escape); + var_expand(expanded_service, module->service_name, table); + service = p_strdup(request->pool, str_c(expanded_service)); + t_pop(); + } if (pipe(fd) < 0) { auth_request_log_error(request, "pam", "pipe() failed: %m"); callback(PASSDB_RESULT_INTERNAL_FAILURE, request);