File cyrus-imapd-2.4.17_drac_auth.patch of Package cyrus-imapd

Overview Repositories Revisions Requests Users Attributes Meta

File cyrus-imapd-2.4.17_drac_auth.patch of Package cyrus-imapd

diff -Ppru cyrus-imapd-2.4.17.orig/configure.in cyrus-imapd-2.4.17/configure.in
--- cyrus-imapd-2.4.17.orig/configure.in	2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/configure.in	2014-01-27 14:26:18.500280589 +0100
@@ -1229,6 +1229,19 @@ dnl (agentx was depricated, but SNMP_SUB
 SNMP_SUBDIRS=""
 AC_SUBST(SNMP_SUBDIRS)
 
+dnl
+dnl Test for DRAC
+dnl
+DRACLIBS=
+AC_ARG_WITH(drac, [  --with-drac=DIR         use DRAC library in <DIR> [no] ],
+	if test -d "$withval"; then
+		LDFLAGS="$LDFLAGS -L${withval}"
+		AC_CHECK_LIB(drac, dracauth,
+			AC_DEFINE(DRAC_AUTH,[],[Build DRAC support?])
+			DRACLIBS="-ldrac")
+	fi)
+AC_SUBST(DRACLIBS)
+
 CMU_LIBWRAP
 CMU_UCDSNMP
 
Only in cyrus-imapd-2.4.17.orig/contrib: .drac_auth.patch.kate-swp
diff -Ppru cyrus-imapd-2.4.17.orig/imap/imapd.c cyrus-imapd-2.4.17/imap/imapd.c
--- cyrus-imapd-2.4.17.orig/imap/imapd.c	2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/imap/imapd.c	2014-01-27 14:39:35.999446812 +0100
@@ -193,6 +193,18 @@ static struct proxy_context imapd_proxyc
     1, 1, &imapd_authstate, &imapd_userisadmin, &imapd_userisproxyadmin
 };
 
+#ifdef DRAC_AUTH
+static struct {
+    int interval;		/* dracd "ping" interval; 0 = disabled */
+    unsigned long clientaddr;
+    struct prot_waitevent *event;
+} drac;
+
+extern int dracconn(char *server, char **errmsg);
+extern int dracsend(unsigned long userip, char **errmsg);
+extern int dracdisc(char **errmsg);
+#endif /* DRAC_AUTH */
+
 /* current sub-user state */
 struct index_state *imapd_index;
 
@@ -795,6 +807,23 @@ int service_init(int argc, char **argv,
     /* setup for sending IMAP IDLE notifications */
     idle_enabled();
 
+#ifdef DRAC_AUTH
+    /* setup for sending DRAC "pings" */
+    drac.event = NULL;
+    drac.interval = config_getint(IMAPOPT_DRACINTERVAL);
+    if (drac.interval < 0) drac.interval = 0;
+    if (drac.interval) {
+	char *err;
+
+	if (dracconn((char*) config_getstring(IMAPOPT_DRACHOST), &err) != 0) {
+	    /* disable DRAC */
+	    drac.interval = 0;
+	    syslog(LOG_ERR, "dracconn: %s", err);
+	    syslog(LOG_ERR, "DRAC notifications disabled");
+	}
+    }
+#endif /* DRAC_AUTH */
+
     /* create connection to the SNMP listener, if available. */
     snmp_connect(); /* ignore return code */
     snmp_set_str(SERVER_NAME_VERSION,cyrus_version());
@@ -905,6 +934,14 @@ int service_main(int argc __attribute__(
 		imapd_haveaddr = 1;
 	    }
 	}
+#ifdef DRAC_AUTH
+	if (((struct sockaddr *)&imapd_remoteaddr)->sa_family == AF_INET)
+	    drac.clientaddr = ((struct sockaddr_in *)&imapd_remoteaddr)->sin_addr.s_addr;
+	else
+	    drac.clientaddr = 0;
+    } else {
+	drac.clientaddr = 0;
+#endif /* DRAC_AUTH */
     }
 
     /* create the SASL connection */
@@ -949,6 +986,11 @@ int service_main(int argc __attribute__(
     prot_flush(imapd_out);
     snmp_increment(ACTIVE_CONNECTIONS, -1);
 
+#ifdef DRAC_AUTH
+    if (drac.event) prot_removewaitevent(imapd_in, drac.event);
+    drac.event = NULL;
+#endif /* DRAC_AUTH */
+
     /* cleanup */
     imapd_reset();
 
@@ -1061,6 +1103,10 @@ void shut_down(int code)
 
     cyrus_done();
 
+#ifdef DRAC_AUTH
+    if (drac.interval) (void) dracdisc((char **)NULL);
+#endif /* DRAC_AUTH */
+
     exit(code);
 }
 
@@ -1121,6 +1167,36 @@ static void imapd_check(struct backend *
     }
 }
 
+#ifdef DRAC_AUTH
+/*
+ * Ping dracd every 'drac.interval' minutes
+ * to let it know that we are still connected
+ */
+struct prot_waitevent *drac_ping(struct protstream *s,
+				 struct prot_waitevent *ev,
+				 void *rock __attribute__((unused)))
+{
+    char *err;
+    static int nfailure = 0;
+
+    if (dracsend(drac.clientaddr, &err) != 0) {
+	syslog(LOG_ERR, "dracsend: %s", err);
+	if (++nfailure >= 3) {
+	    /* can't contact dracd for 3 consecutive tries - disable DRAC */
+	    prot_removewaitevent(s, ev);
+	    drac.event = NULL;
+	    syslog(LOG_ERR, "DRAC notifications disabled");
+	    return NULL;
+	}
+    }
+    else
+	nfailure = 0;
+
+    ev->mark = time(NULL) + (drac.interval * 60);
+    return ev;
+}
+#endif /* DRAC_AUTH */
+
 /*
  * Top-level command loop parsing
  */
@@ -2335,6 +2411,11 @@ void cmd_login(char *tag, char *user)
     capa_response(CAPA_PREAUTH|CAPA_POSTAUTH);
     prot_printf(imapd_out, "] %s\r\n", reply);
 
+#ifdef DRAC_AUTH
+    if (!imapd_userisproxyadmin && drac.interval && drac.clientaddr)
+	drac.event = prot_addwaitevent(imapd_in, 0 /* now */, drac_ping, NULL);
+#endif /* DRAC_AUTH */
+
     authentication_success();
 }
 
@@ -2483,6 +2564,11 @@ void cmd_authenticate(char *tag, char *a
     prot_setsasl(imapd_in,  imapd_saslconn);
     prot_setsasl(imapd_out, imapd_saslconn);
 
+#ifdef DRAC_AUTH
+    if (!imapd_userisproxyadmin && drac.interval && drac.clientaddr)
+	drac.event = prot_addwaitevent(imapd_in, 0 /* now */, drac_ping, NULL);
+#endif /* DRAC_AUTH */
+
     authentication_success();
 }
 
diff -Ppru cyrus-imapd-2.4.17.orig/imap/Makefile.in cyrus-imapd-2.4.17/imap/Makefile.in
--- cyrus-imapd-2.4.17.orig/imap/Makefile.in	2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/imap/Makefile.in	2014-01-27 14:28:18.393629551 +0100
@@ -65,6 +65,7 @@ SIEVE_OBJS = @SIEVE_OBJS@
 SIEVE_LIBS = @SIEVE_LIBS@
 IMAP_COM_ERR_LIBS = @IMAP_COM_ERR_LIBS@
 LIB_WRAP = @LIB_WRAP@
+DRAC_LIBS = @DRACLIBS@
 LIBS = $(IMAP_LIBS) $(IMAP_COM_ERR_LIBS)
 DEPLIBS = ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@
 
@@ -199,17 +200,17 @@ lmtpd.pure: lmtpd.o proxy.o $(LMTPOBJS)
 imapd: $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE)
 	$(CC) $(LDFLAGS) -o imapd \
 	 $(SERVICE) $(IMAPDOBJS) mutex_fake.o \
-	libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP)
+	libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS)
 
 imapd.pure: $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE)
 	$(PURIFY) $(PUREOPT) $(CC) $(LDFLAGS) -o imapd.pure \
 	 $(SERVICE) $(IMAPDOBJS) mutex_fake.o libimap.a \
-	$(DEPLIBS) $(LIBS) $(LIB_WRAP)
+	$(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS)
 
 imapd.quant: $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE)
 	$(QUANTIFY) $(QUANTOPT) $(CC) $(LDFLAGS) -o imapd.quant \
 	 $(SERVICE) $(IMAPDOBJS) mutex_fake.o libimap.a \
-	$(DEPLIBS) $(LIBS) $(LIB_WRAP)
+	$(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS)
 
 mupdate: mupdate.o mupdate-slave.o mupdate-client.o mutex_pthread.o tls.o \
 	libimap.a $(DEPLIBS)
@@ -227,7 +228,7 @@ mupdate.pure: mupdate.o mupdate-slave.o
 pop3d: pop3d.o proxy.o backend.o tls.o mutex_fake.o libimap.a \
 	$(DEPLIBS) $(SERVICE)
 	$(CC) $(LDFLAGS) -o pop3d pop3d.o proxy.o backend.o tls.o $(SERVICE) \
-	 mutex_fake.o libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP)
+	 mutex_fake.o libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS)
 
 nntpd: nntpd.o proxy.o backend.o index.o smtpclient.o spool.o tls.o \
 	 mutex_fake.o nntp_err.o libimap.a $(DEPLIBS) $(SERVICE)
diff -Ppru cyrus-imapd-2.4.17.orig/imap/pop3d.c cyrus-imapd-2.4.17/imap/pop3d.c
--- cyrus-imapd-2.4.17.orig/imap/pop3d.c	2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/imap/pop3d.c	2014-01-27 14:42:59.437592923 +0100
@@ -109,7 +109,10 @@ extern int optind;
 extern char *optarg;
 extern int opterr;
 
-
+#ifdef DRAC_AUTH
+static int drac_enabled;
+extern int dracauth(char *server, unsigned long userip, char **errmsg);
+#endif /* DRAC_AUTH */
 
 #ifdef HAVE_SSL
 static SSL *tls_conn;
@@ -121,6 +124,7 @@ int popd_timeout;
 char *popd_userid = 0, *popd_subfolder = 0;
 struct mailbox *popd_mailbox = NULL;
 struct auth_state *popd_authstate = 0;
+static int popd_userisproxyadmin = 0;
 int config_popuseacl, config_popuseimapflags;
 struct sockaddr_storage popd_localaddr, popd_remoteaddr;
 int popd_haveaddr = 0;
@@ -149,7 +153,7 @@ static int popd_myrights;
 
 /* the sasl proxy policy context */
 static struct proxy_context popd_proxyctx = {
-    0, 1, &popd_authstate, NULL, NULL
+    0, 1, &popd_authstate, NULL, &popd_userisproxyadmin
 };
 
 /* signal to config.c */
@@ -573,6 +577,10 @@ int service_main(int argc __attribute__(
     prot_settimeout(popd_in, popd_timeout);
     prot_setflushonread(popd_in, popd_out);
 
+#ifdef DRAC_AUTH
+    drac_enabled = (config_getint(IMAPOPT_DRACINTERVAL) > 0);
+#endif /* DRAC_AUTH */
+
     if (kflag) kpop();
 
     /* we were connected on pop3s port so we should do 
@@ -1780,6 +1788,21 @@ int openinbox(void)
 	goto fail;
     }
 
+#ifdef DRAC_AUTH
+    if (!popd_userisproxyadmin && drac_enabled &&
+	((struct sockaddr *)&popd_remoteaddr)->sa_family == AF_INET) {
+	char *err;
+
+	if (dracauth((char*) config_getstring(IMAPOPT_DRACHOST),
+		     ((struct sockaddr_in *)&popd_remoteaddr)->sin_addr.s_addr, &err) != 0) {
+	    /* disable DRAC */
+	    drac_enabled = 0;
+	    syslog(LOG_ERR, "dracauth: %s", err);
+	    syslog(LOG_ERR, "DRAC notifications disabled");
+	}
+    }
+#endif /* DRAC_AUTH */
+
     if (mbentry.mbtype & MBTYPE_REMOTE) {
 	/* remote mailbox */
 	char *server = mbentry.partition;
diff -Ppru cyrus-imapd-2.4.17.orig/imap/version.c cyrus-imapd-2.4.17/imap/version.c
--- cyrus-imapd-2.4.17.orig/imap/version.c	2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/imap/version.c	2014-01-27 14:43:43.310898321 +0100
@@ -175,6 +175,10 @@ void id_response(struct protstream *pout
     snprintf(env_buf + strlen(env_buf), MAXIDVALUELEN - strlen(env_buf),
 	     "; %s", SIEVE_VERSION);
 #endif
+#ifdef DRAC_AUTH
+    snprintf(env_buf + strlen(env_buf), MAXIDVALUELEN - strlen(env_buf),
+	     "; DRAC");
+#endif
 #ifdef HAVE_LIBWRAP
     snprintf(env_buf + strlen(env_buf), MAXIDVALUELEN - strlen(env_buf),
 	     "; TCP Wrappers");
diff -Ppru cyrus-imapd-2.4.17.orig/lib/imapoptions cyrus-imapd-2.4.17/lib/imapoptions
--- cyrus-imapd-2.4.17.orig/lib/imapoptions	2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/lib/imapoptions	2014-01-27 14:44:48.881365112 +0100
@@ -315,6 +315,14 @@ Blank lines and lines beginning with ``#
    server if the currently selected mailbox is (re)moved by another
    session.  Otherwise, the missing mailbox is treated as empty while
    in use by the client.*/
+ 
+{ "dracinterval", 5, INT }
+/* If nonzero, enables the use of DRAC (Dynamic Relay Authorization
+   Control) by the pop3d and imapd daemons.  Also sets the interval
+   (in minutes) between re-authorization requests made by imapd. */
+
+{ "drachost", "localhost", STRING }
+/* Hostname of the RPC dracd server. */
 
 { "duplicate_db", "skiplist", STRINGLIST("berkeley", "berkeley-nosync", "berkeley-hash", "berkeley-hash-nosync", "skiplist", "sql")}
 /* The cyrusdb backend to use for the duplicate delivery suppression

Places

File cyrus-imapd-2.4.17_drac_auth.patch of Package cyrus-imapd

Places