Re: [Dovecot] Tru64 Unix and SIA

27 Sep 2006

      Timo Sirainen wrote:
...
On Wed, 2006-09-20 at 14:46 +1000, Simon L Jackson wrote:
...
I have recently written a (minimal) Tru64 Unix SIA password module for
Dovecot as part of testing a Dovecot installation.
Has anyone else written a Tru64 Unix SIA module?
Is anyone else interested in such a module?
If so, how might I/we go about getting this/such a module into the
main Dovecot source?
First show me the code, then I'll see how it looks like :) If it's small
you might as well post the patch here to the list, for larger either
mail me or give some URL.
I'll try just posting it.

There are some diffs and finally that new source.

---------------------------------------------------------------------------------
b02> diff /usr/src/dovecot-1.0.rc7/configure.in.orig 
/usr/src/dovecot-1.0.rc7/configure.in
101a102,110
...
AC_ARG_WITH(sia,
[  --with-sia              Build with SIA support (default)],
      if test x$withval = xno; then
              want_sia=no
      else
              want_sia=yes
      fi,
      want_sia=yes)
1352a1362,1372
...
])
fi
if test $want_sia = yes; then
      AC_CHECK_FUNC(sia_validate_user, [
              AC_CHECK_HEADERS(sia.h siad.h sys/security.h)
              need_crypt=yes
              AC_DEFINE(PASSDB_SIA,, Build with SIA support)
              passdb="$passdb sia"
              AC_CHECK_LIB(security, sia_validate_user)
              LIBS="$LIBS -depth_ring_search"
b02> diff /usr/src/dovecot-1.0.rc7/config.h.in.orig 
/usr/src/dovecot-1.0.rc7/config.h.in
407a408,410
...
/* Build with sia support */
#undef PASSDB_SIA
b02> diff /usr/src/dovecot-1.0.rc7/src/lib/mountpoint.c.orig 
/usr/src/dovecot-1.0.rc7/src/lib/mountpoint.c
53c53
<       point_r->type = p_strdup(pool, buf.f_fstypename);
---
...
point_r->type = p_strdup(pool, getvfsbynumber(buf.f_type));
b02> diff /usr/src/dovecot-1.0.rc7/src/auth/Makefile.in.orig 
/usr/src/dovecot-1.0.rc7/src/auth/Makefile.in
84,85c84,88
<       passdb-checkpassword.$(OBJEXT) passdb-shadow.$(OBJEXT) \
<       passdb-vpopmail.$(OBJEXT) passdb-sql.$(OBJEXT) \
---
...
passdb-checkpassword.$(OBJEXT) \
      passdb-shadow.$(OBJEXT) \
      passdb-sia.$(OBJEXT) \
      passdb-vpopmail.$(OBJEXT) \
      passdb-sql.$(OBJEXT) \
312a316
...
passdb-sia.c \
475a480
...
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/passdb-sia.Po@am__quote@
b02> diff /usr/src/dovecot-1.0.rc7/src/auth/passdb.c.orig 
/usr/src/dovecot-1.0.rc7/src/auth/passdb.c
13a14
extern struct passdb_module_interface passdb_sia;
38a40,42
#endif
#ifdef PASSDB_SIA
      &passdb_sia,
b02> cat /usr/src/dovecot-1.0.rc7/src/auth/passdb-sia.c
/* Copyright (C) 2006 Simon L Jackson */
#include "common.h"

#ifdef PASSDB_SIA

#include "safe-memset.h"
#include "passdb.h"
#include "mycrypt.h"

#include 
#include 
#include 
#include 

/* #define SIA_CACHE_KEY "%u" */
#define SIA_PASS_SCHEME "CRYPT"

static int checkpw_collect (
  int timeout,
  int rendition,
  uchar_t *title,
  int nprompts,
  prompt_t *prompts )
{
  switch (rendition) {
    case SIAONELINER:
    case SIAINFO:
    case SIAWARNING:
      return SIACOLSUCCESS;
  }
  return SIACOLABORT;           /* another else is bogus */
}

static void
local_sia_verify_plain(struct auth_request *request, const char *password,
                    verify_plain_callback_t *callback)
{
        struct passwd *pw;
        bool result;

        pw = getpwnam(request->user);
        if (pw == NULL) {
                auth_request_log_info(request, "sia", "unknown user");
                callback(PASSDB_RESULT_USER_UNKNOWN, request);
                return;
        }

        /* check if the password is valid */
        if (password != NULL) {
                char *argutility = "dovecot";
                result = ( sia_validate_user 
(checkpw_collect,1,&argutility,NULL,
                        (char *) request->user,NULL,NULL,NULL,(char *) 
password) == SIASUCCESS );
        }

        if (!result) {
                auth_request_log_info(request, "sia", "password mismatch");
                callback(PASSDB_RESULT_PASSWORD_MISMATCH, request);
                return;
        }

        /* make sure we're using the username exactly as it's in the 
database */
        auth_request_set_field(request, "user", pw->pw_name, NULL);

        callback(PASSDB_RESULT_OK, request);
}

static void local_sia_init(struct passdb_module *module,
                        const char *args __attr_unused__)
{
/*      module->cache_key = SIA_CACHE_KEY; */
        module->default_pass_scheme = SIA_PASS_SCHEME;
}

static void local_sia_deinit(struct passdb_module *module __attr_unused__)
{
}

struct passdb_module_interface passdb_sia = {
        "sia",

        NULL,
        local_sia_init,
        local_sia_deinit,

        local_sia_verify_plain,
        NULL
};

#endif

-----------------------------------------------------------------------------------------

Cheers

-- 
Simon L Jackson
Carringbush.Net

+-
Carringbush.Net
Hosting * Development * Advice

Web: www.carringbush.net http://www.carringbush.net/
Email: simon.jackson@carringbush.net mailto:simon.jackson@carringbush.net

Office: +61 3 9411 4400
Support: +61 3 9411 4444
Fax: +61 3 9411 4499

Level 1
15 Bedford Street
Collingwood VIC 3066
Australia

P.O. Box 1464
Collingwood VIC 3066
Australia
+-