[Dovecot] [PATCH] to fix 2 pam issues
Timo, I finally made the time to backport a pam fix I created for proftpd over to dovecot, that allows FreeBSD's pam_group to work as expected. (the bug was escalated to me internally hehe.. ). I also noticed an issue while testing that will be confusing to users. If the docs stay as is, or the other half of this patch is applied, then when the dovecot.conf contains: passdb pam { args = * } the imap files within etc/pam.d right now have to be named 'IMAP' and 'POP3' rather than the expected 'imap' and 'pop3'. The attached patch fixes the code to match the docs. -Phil. --- src/auth/passdb-pam.c.orig Mon Mar 26 10:10:26 2007 +++ src/auth/passdb-pam.c Mon Apr 2 16:18:54 2007 @@ -275,6 +275,8 @@ (void)pam_set_item(pamh, PAM_RHOST, host); /* TTY is needed by eg. pam_access module */ (void)pam_set_item(pamh, PAM_TTY, "dovecot"); + /* FreeBSD's pam_group need this set as well */ + (void)pam_set_item(pamh, PAM_RUSER, request->user); status = pam_auth(request, pamh, &str); if ((status2 = pam_end(pamh, status)) == PAM_SUCCESS) { @@ -428,8 +430,15 @@ int fd[2]; pid_t pid; - service = module->service_name != NULL ? - module->service_name : request->service; + if (module->service_name != NULL) { + service = module->service_name; + } else { + if (!strncmp(request->service, "IMAP", strlen(request->service))) + service = "imap"; + else if (!strncmp(request->service, "POP3", strlen(request->service))) + service = "pop3"; + } + auth_request_log_debug(request, "pam", "lookup service=%s", service); if (worker) {
On Mon, 2007-04-02 at 16:42 -0600, Phil Oleson wrote:
Timo,
I finally made the time to backport a pam fix I created for proftpd over to dovecot, that allows FreeBSD's pam_group to work as expected. (the bug was escalated to me internally hehe.. ).
I added this to CVS HEAD, but I don't think I'll add it for v1.0. Maybe for v1.0.1.
I also noticed an issue while testing that will be confusing to users. If the docs stay as is, or the other half of this patch is applied, then when the dovecot.conf contains:
passdb pam { args = * }
the imap files within etc/pam.d right now have to be named 'IMAP' and 'POP3' rather than the expected 'imap' and 'pop3'. The attached patch fixes the code to match the docs.
Linux PAM actually lowercases them internally, so I hadn't noticed. If I change this it could break some existing installations.. But I guess it's better to do it now than have it confusingly work in different ways. Changed.
participants (2)
-
Phil Oleson
-
Timo Sirainen