[prev in list] [next in list] [prev in thread] [next in thread]
List: squirrelmail-cvs
Subject: [SM-CVS] SF.net SVN: squirrelmail:[14113] trunk/imap_proxy
From: pdontthink () users ! sourceforge ! net
Date: 2011-05-08 7:59:43
Message-ID: E1QIytz-0004xs-LH () sfp-svn-1 ! v30 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Revision: 14113
http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=14113&view=rev
Author: pdontthink
Date: 2011-05-08 07:59:43 +0000 (Sun, 08 May 2011)
Log Message:
-----------
Add configurable, arbitrary pre-authentication command that the administrator can use \
to send non-standard commands to the server before each user authenticates (for an \
example usage, see: http://en.wikipedia.org/wiki/Yahoo!_Mail#Free_IMAP_and_SMTPs_access \
)
Modified Paths:
--------------
trunk/imap_proxy/ChangeLog
trunk/imap_proxy/include/imapproxy.h
trunk/imap_proxy/scripts/imapproxy.conf
trunk/imap_proxy/src/imapcommon.c
Modified: trunk/imap_proxy/ChangeLog
===================================================================
--- trunk/imap_proxy/ChangeLog 2011-05-08 07:57:09 UTC (rev 14112)
+++ trunk/imap_proxy/ChangeLog 2011-05-08 07:59:43 UTC (rev 14113)
@@ -1,13 +1,20 @@
2011-04-17 Paul Lesniewski <paul@squirrelmail.org>
- * Add restart operation to (linux) init script
- * Add BSD-style init script (thanks to Emmanuel Dreyfus)
+ * Added configurable, arbitrary pre-authentication command
+ that the administrator can use to send non-standard
+ commands to the server before each user authenticates
+ (for an example usage, see:
+ http://en.wikipedia.org/wiki/Yahoo!_Mail#Free_IMAP_and_SMTPs_access )
2011-04-17 Paul Lesniewski <paul@squirrelmail.org>
- * Fixed server connection synchronization issues in the SELECT
- cache code (ensure server failures result in server connections
- being fully shut down and removed from connection cache).
+ * Add restart operation to (linux) init script
+ * Add BSD-style init script (thanks to Emmanuel Dreyfus)
2011-04-17 Paul Lesniewski <paul@squirrelmail.org>
+ * Fixed server connection synchronization issues in the SELECT
+ cache code (ensure server failures result in server connections
+ being fully shut down and removed from connection cache).
+
+2011-04-17 Paul Lesniewski <paul@squirrelmail.org>
* When NO or BAD response is returned from the server against
a LOGIN or AUTHENTICATE request, we now log the full server
response and pass it back to the client (useful if client
Modified: trunk/imap_proxy/include/imapproxy.h
===================================================================
--- trunk/imap_proxy/include/imapproxy.h 2011-05-08 07:57:09 UTC (rev 14112)
+++ trunk/imap_proxy/include/imapproxy.h 2011-05-08 07:59:43 UTC (rev 14113)
@@ -300,6 +300,7 @@
unsigned char support_starttls; /* starttls support flag */
unsigned char login_disabled; /* login disabled flag */
char *chroot_directory; /* chroot(2) into this dir */
+ char *preauth_command; /* arbitrary pre-authentication \
command */
char *auth_sasl_plain_username; /* authentication username under SASL \
PLAIN */
char *auth_sasl_plain_password; /* authentication password under SASL \
PLAIN */
char *auth_shared_secret; /* REQUIRED shared secret in leiu of a \
user password when using LOGIN command with SASL PLAIN authentication */
Modified: trunk/imap_proxy/scripts/imapproxy.conf
===================================================================
--- trunk/imap_proxy/scripts/imapproxy.conf 2011-05-08 07:57:09 UTC (rev 14112)
+++ trunk/imap_proxy/scripts/imapproxy.conf 2011-05-08 07:59:43 UTC (rev 14113)
@@ -185,6 +185,23 @@
#
+## preauth_command
+##
+## Arbitrary command that can be sent to the server before
+## authenticating users. This can be useful to access non-
+## standard IMAP servers such as Yahoo!, which requires the
+## following command to be sent before authentication is allowed:
+## ID ("GUID" "1")
+## (See: http://en.wikipedia.org/wiki/Yahoo!_Mail#Free_IMAP_and_SMTPs_access )
+## To use such a command, this setting should look like this:
+## preauth_command ID ("GUID" "1")
+## No matter what this command is, it is expected to return an
+## OK response
+#
+#preauth_command
+
+
+#
## enable_admin_commands
##
## Used to enable or disable the internal squirrelmail-imap_proxy
Modified: trunk/imap_proxy/src/imapcommon.c
===================================================================
--- trunk/imap_proxy/src/imapcommon.c 2011-05-08 07:57:09 UTC (rev 14112)
+++ trunk/imap_proxy/src/imapcommon.c 2011-05-08 07:59:43 UTC (rev 14113)
@@ -746,6 +746,116 @@
/*
+ * Send and validate pre-authentication command if given
+ */
+ if ( PC_Struct.preauth_command )
+ {
+ snprintf( SendBuf, BufLen, "P0001 %s\r\n", PC_Struct.preauth_command );
+
+ if ( IMAP_Write( Server.conn, SendBuf, strlen(SendBuf) ) == -1 )
+ {
+ syslog( LOG_INFO,
+ "PREAUTH failed: IMAP_Write() failed attempting to send pre-authentication \
command to IMAP server: %s", + strerror( errno ) );
+ goto fail;
+ }
+
+ // Read the server response
+ //
+ for ( ;; )
+ {
+ if ( ( rc = IMAP_Line_Read( &Server ) ) == -1 )
+ {
+ syslog( LOG_INFO,
+ "PREAUTH failed: No response from IMAP server after sending pre-authentication \
command (%s)", + PC_Struct.preauth_command );
+ goto fail;
+ }
+
+ if ( Server.LiteralBytesRemaining )
+ {
+ syslog(LOG_ERR, "%s: Unexpected string literal in server pre-authentication \
response.", fn ); + goto fail;
+ }
+
+ if ( Server.ReadBuf[0] != '*' )
+ break;
+ }
+
+
+ // Try to match up the tag in the server response to the client tag.
+ //
+ endptr = Server.ReadBuf + rc;
+
+ tokenptr = memtok( Server.ReadBuf, endptr, &last );
+
+ if ( !tokenptr )
+ {
+
+ // no tokens found in server response? Not likely, but we still
+ // have to check.
+ //
+ syslog( LOG_INFO, "PREAUTH failed: server response to pre-authentication \
command contained no tokens." ); + goto fail;
+ }
+
+ if ( memcmp( (const void *)tokenptr, (const void *)"P0001", strlen( tokenptr ) ) )
+ {
+
+ // non-matching tag read back from the server... Lord knows what this
+ // is, so we'll fail.
+ //
+ syslog( LOG_INFO, "PREAUTH failed: server response to pre-authentication \
command contained non-matching tag." ); + goto fail;
+ }
+
+
+ // Now that we've matched the tags up, see if the response was 'OK'
+ //
+ tokenptr = memtok( NULL, endptr, &last );
+
+ if ( !tokenptr )
+ {
+ // again, not likely but we still have to check...
+ //
+ syslog( LOG_INFO, "PREAUTH failed: Malformed server response to \
pre-authentication command" ); + goto fail;
+ }
+
+ if ( memcmp( (const void *)tokenptr, "OK", 2 ) )
+ {
+ // In order to log the full server response (minus the tag),
+ // we want to re-construct the ReadBuf starting at the location
+ // currently pointed to by tokenptr. Thus, we put back the
+ // last space that memtok() had replaced with a null characater
+ // (at location pointed to by last).
+ //
+ *last = ' ';
+
+ // Then we re-adjust endptr to point to the CR at the end of
+ // the line and set to NULL (a few lines below) so we can use
+ // the rest of the response information as a normal string
+ //
+ endptr = memchr( last + 1, '\r', endptr - (last + 1) );
+
+ // No CR is unexpected; does this indicate malformed response?
+ // Probably. Anyway, we'll just give up on finding any other
+ // info from the server.
+ //
+ if ( !endptr )
+ endptr = last;
+
+ *endptr = '\0';
+
+ syslog( LOG_INFO,
+ "PREAUTH failed: non-OK server response to pre-authentication command (%s): %s",
+ PC_Struct.preauth_command, tokenptr );
+ goto fail;
+ }
+ }
+
+
+ /*
* If configured to do so, execute SASL PLAIN authentication
* using the static authentication username and password from
* configuration (auth_sasl_plain_username/auth_sasl_plain_password).
This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic