File cyrus-imapd-2.4.17_drac_auth.patch of Package cyrus-imapd
diff -Ppru cyrus-imapd-2.4.17.orig/configure.in cyrus-imapd-2.4.17/configure.in
--- cyrus-imapd-2.4.17.orig/configure.in 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/configure.in 2014-01-27 14:26:18.500280589 +0100
@@ -1229,6 +1229,19 @@ dnl (agentx was depricated, but SNMP_SUB
SNMP_SUBDIRS=""
AC_SUBST(SNMP_SUBDIRS)
+dnl
+dnl Test for DRAC
+dnl
+DRACLIBS=
+AC_ARG_WITH(drac, [ --with-drac=DIR use DRAC library in <DIR> [no] ],
+ if test -d "$withval"; then
+ LDFLAGS="$LDFLAGS -L${withval}"
+ AC_CHECK_LIB(drac, dracauth,
+ AC_DEFINE(DRAC_AUTH,[],[Build DRAC support?])
+ DRACLIBS="-ldrac")
+ fi)
+AC_SUBST(DRACLIBS)
+
CMU_LIBWRAP
CMU_UCDSNMP
Only in cyrus-imapd-2.4.17.orig/contrib: .drac_auth.patch.kate-swp
diff -Ppru cyrus-imapd-2.4.17.orig/imap/imapd.c cyrus-imapd-2.4.17/imap/imapd.c
--- cyrus-imapd-2.4.17.orig/imap/imapd.c 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/imap/imapd.c 2014-01-27 14:39:35.999446812 +0100
@@ -193,6 +193,18 @@ static struct proxy_context imapd_proxyc
1, 1, &imapd_authstate, &imapd_userisadmin, &imapd_userisproxyadmin
};
+#ifdef DRAC_AUTH
+static struct {
+ int interval; /* dracd "ping" interval; 0 = disabled */
+ unsigned long clientaddr;
+ struct prot_waitevent *event;
+} drac;
+
+extern int dracconn(char *server, char **errmsg);
+extern int dracsend(unsigned long userip, char **errmsg);
+extern int dracdisc(char **errmsg);
+#endif /* DRAC_AUTH */
+
/* current sub-user state */
struct index_state *imapd_index;
@@ -795,6 +807,23 @@ int service_init(int argc, char **argv,
/* setup for sending IMAP IDLE notifications */
idle_enabled();
+#ifdef DRAC_AUTH
+ /* setup for sending DRAC "pings" */
+ drac.event = NULL;
+ drac.interval = config_getint(IMAPOPT_DRACINTERVAL);
+ if (drac.interval < 0) drac.interval = 0;
+ if (drac.interval) {
+ char *err;
+
+ if (dracconn((char*) config_getstring(IMAPOPT_DRACHOST), &err) != 0) {
+ /* disable DRAC */
+ drac.interval = 0;
+ syslog(LOG_ERR, "dracconn: %s", err);
+ syslog(LOG_ERR, "DRAC notifications disabled");
+ }
+ }
+#endif /* DRAC_AUTH */
+
/* create connection to the SNMP listener, if available. */
snmp_connect(); /* ignore return code */
snmp_set_str(SERVER_NAME_VERSION,cyrus_version());
@@ -905,6 +934,14 @@ int service_main(int argc __attribute__(
imapd_haveaddr = 1;
}
}
+#ifdef DRAC_AUTH
+ if (((struct sockaddr *)&imapd_remoteaddr)->sa_family == AF_INET)
+ drac.clientaddr = ((struct sockaddr_in *)&imapd_remoteaddr)->sin_addr.s_addr;
+ else
+ drac.clientaddr = 0;
+ } else {
+ drac.clientaddr = 0;
+#endif /* DRAC_AUTH */
}
/* create the SASL connection */
@@ -949,6 +986,11 @@ int service_main(int argc __attribute__(
prot_flush(imapd_out);
snmp_increment(ACTIVE_CONNECTIONS, -1);
+#ifdef DRAC_AUTH
+ if (drac.event) prot_removewaitevent(imapd_in, drac.event);
+ drac.event = NULL;
+#endif /* DRAC_AUTH */
+
/* cleanup */
imapd_reset();
@@ -1061,6 +1103,10 @@ void shut_down(int code)
cyrus_done();
+#ifdef DRAC_AUTH
+ if (drac.interval) (void) dracdisc((char **)NULL);
+#endif /* DRAC_AUTH */
+
exit(code);
}
@@ -1121,6 +1167,36 @@ static void imapd_check(struct backend *
}
}
+#ifdef DRAC_AUTH
+/*
+ * Ping dracd every 'drac.interval' minutes
+ * to let it know that we are still connected
+ */
+struct prot_waitevent *drac_ping(struct protstream *s,
+ struct prot_waitevent *ev,
+ void *rock __attribute__((unused)))
+{
+ char *err;
+ static int nfailure = 0;
+
+ if (dracsend(drac.clientaddr, &err) != 0) {
+ syslog(LOG_ERR, "dracsend: %s", err);
+ if (++nfailure >= 3) {
+ /* can't contact dracd for 3 consecutive tries - disable DRAC */
+ prot_removewaitevent(s, ev);
+ drac.event = NULL;
+ syslog(LOG_ERR, "DRAC notifications disabled");
+ return NULL;
+ }
+ }
+ else
+ nfailure = 0;
+
+ ev->mark = time(NULL) + (drac.interval * 60);
+ return ev;
+}
+#endif /* DRAC_AUTH */
+
/*
* Top-level command loop parsing
*/
@@ -2335,6 +2411,11 @@ void cmd_login(char *tag, char *user)
capa_response(CAPA_PREAUTH|CAPA_POSTAUTH);
prot_printf(imapd_out, "] %s\r\n", reply);
+#ifdef DRAC_AUTH
+ if (!imapd_userisproxyadmin && drac.interval && drac.clientaddr)
+ drac.event = prot_addwaitevent(imapd_in, 0 /* now */, drac_ping, NULL);
+#endif /* DRAC_AUTH */
+
authentication_success();
}
@@ -2483,6 +2564,11 @@ void cmd_authenticate(char *tag, char *a
prot_setsasl(imapd_in, imapd_saslconn);
prot_setsasl(imapd_out, imapd_saslconn);
+#ifdef DRAC_AUTH
+ if (!imapd_userisproxyadmin && drac.interval && drac.clientaddr)
+ drac.event = prot_addwaitevent(imapd_in, 0 /* now */, drac_ping, NULL);
+#endif /* DRAC_AUTH */
+
authentication_success();
}
diff -Ppru cyrus-imapd-2.4.17.orig/imap/Makefile.in cyrus-imapd-2.4.17/imap/Makefile.in
--- cyrus-imapd-2.4.17.orig/imap/Makefile.in 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/imap/Makefile.in 2014-01-27 14:28:18.393629551 +0100
@@ -65,6 +65,7 @@ SIEVE_OBJS = @SIEVE_OBJS@
SIEVE_LIBS = @SIEVE_LIBS@
IMAP_COM_ERR_LIBS = @IMAP_COM_ERR_LIBS@
LIB_WRAP = @LIB_WRAP@
+DRAC_LIBS = @DRACLIBS@
LIBS = $(IMAP_LIBS) $(IMAP_COM_ERR_LIBS)
DEPLIBS = ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@
@@ -199,17 +200,17 @@ lmtpd.pure: lmtpd.o proxy.o $(LMTPOBJS)
imapd: $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE)
$(CC) $(LDFLAGS) -o imapd \
$(SERVICE) $(IMAPDOBJS) mutex_fake.o \
- libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP)
+ libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS)
imapd.pure: $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE)
$(PURIFY) $(PUREOPT) $(CC) $(LDFLAGS) -o imapd.pure \
$(SERVICE) $(IMAPDOBJS) mutex_fake.o libimap.a \
- $(DEPLIBS) $(LIBS) $(LIB_WRAP)
+ $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS)
imapd.quant: $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE)
$(QUANTIFY) $(QUANTOPT) $(CC) $(LDFLAGS) -o imapd.quant \
$(SERVICE) $(IMAPDOBJS) mutex_fake.o libimap.a \
- $(DEPLIBS) $(LIBS) $(LIB_WRAP)
+ $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS)
mupdate: mupdate.o mupdate-slave.o mupdate-client.o mutex_pthread.o tls.o \
libimap.a $(DEPLIBS)
@@ -227,7 +228,7 @@ mupdate.pure: mupdate.o mupdate-slave.o
pop3d: pop3d.o proxy.o backend.o tls.o mutex_fake.o libimap.a \
$(DEPLIBS) $(SERVICE)
$(CC) $(LDFLAGS) -o pop3d pop3d.o proxy.o backend.o tls.o $(SERVICE) \
- mutex_fake.o libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP)
+ mutex_fake.o libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS)
nntpd: nntpd.o proxy.o backend.o index.o smtpclient.o spool.o tls.o \
mutex_fake.o nntp_err.o libimap.a $(DEPLIBS) $(SERVICE)
diff -Ppru cyrus-imapd-2.4.17.orig/imap/pop3d.c cyrus-imapd-2.4.17/imap/pop3d.c
--- cyrus-imapd-2.4.17.orig/imap/pop3d.c 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/imap/pop3d.c 2014-01-27 14:42:59.437592923 +0100
@@ -109,7 +109,10 @@ extern int optind;
extern char *optarg;
extern int opterr;
-
+#ifdef DRAC_AUTH
+static int drac_enabled;
+extern int dracauth(char *server, unsigned long userip, char **errmsg);
+#endif /* DRAC_AUTH */
#ifdef HAVE_SSL
static SSL *tls_conn;
@@ -121,6 +124,7 @@ int popd_timeout;
char *popd_userid = 0, *popd_subfolder = 0;
struct mailbox *popd_mailbox = NULL;
struct auth_state *popd_authstate = 0;
+static int popd_userisproxyadmin = 0;
int config_popuseacl, config_popuseimapflags;
struct sockaddr_storage popd_localaddr, popd_remoteaddr;
int popd_haveaddr = 0;
@@ -149,7 +153,7 @@ static int popd_myrights;
/* the sasl proxy policy context */
static struct proxy_context popd_proxyctx = {
- 0, 1, &popd_authstate, NULL, NULL
+ 0, 1, &popd_authstate, NULL, &popd_userisproxyadmin
};
/* signal to config.c */
@@ -573,6 +577,10 @@ int service_main(int argc __attribute__(
prot_settimeout(popd_in, popd_timeout);
prot_setflushonread(popd_in, popd_out);
+#ifdef DRAC_AUTH
+ drac_enabled = (config_getint(IMAPOPT_DRACINTERVAL) > 0);
+#endif /* DRAC_AUTH */
+
if (kflag) kpop();
/* we were connected on pop3s port so we should do
@@ -1780,6 +1788,21 @@ int openinbox(void)
goto fail;
}
+#ifdef DRAC_AUTH
+ if (!popd_userisproxyadmin && drac_enabled &&
+ ((struct sockaddr *)&popd_remoteaddr)->sa_family == AF_INET) {
+ char *err;
+
+ if (dracauth((char*) config_getstring(IMAPOPT_DRACHOST),
+ ((struct sockaddr_in *)&popd_remoteaddr)->sin_addr.s_addr, &err) != 0) {
+ /* disable DRAC */
+ drac_enabled = 0;
+ syslog(LOG_ERR, "dracauth: %s", err);
+ syslog(LOG_ERR, "DRAC notifications disabled");
+ }
+ }
+#endif /* DRAC_AUTH */
+
if (mbentry.mbtype & MBTYPE_REMOTE) {
/* remote mailbox */
char *server = mbentry.partition;
diff -Ppru cyrus-imapd-2.4.17.orig/imap/version.c cyrus-imapd-2.4.17/imap/version.c
--- cyrus-imapd-2.4.17.orig/imap/version.c 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/imap/version.c 2014-01-27 14:43:43.310898321 +0100
@@ -175,6 +175,10 @@ void id_response(struct protstream *pout
snprintf(env_buf + strlen(env_buf), MAXIDVALUELEN - strlen(env_buf),
"; %s", SIEVE_VERSION);
#endif
+#ifdef DRAC_AUTH
+ snprintf(env_buf + strlen(env_buf), MAXIDVALUELEN - strlen(env_buf),
+ "; DRAC");
+#endif
#ifdef HAVE_LIBWRAP
snprintf(env_buf + strlen(env_buf), MAXIDVALUELEN - strlen(env_buf),
"; TCP Wrappers");
diff -Ppru cyrus-imapd-2.4.17.orig/lib/imapoptions cyrus-imapd-2.4.17/lib/imapoptions
--- cyrus-imapd-2.4.17.orig/lib/imapoptions 2012-12-01 20:57:54.000000000 +0100
+++ cyrus-imapd-2.4.17/lib/imapoptions 2014-01-27 14:44:48.881365112 +0100
@@ -315,6 +315,14 @@ Blank lines and lines beginning with ``#
server if the currently selected mailbox is (re)moved by another
session. Otherwise, the missing mailbox is treated as empty while
in use by the client.*/
+
+{ "dracinterval", 5, INT }
+/* If nonzero, enables the use of DRAC (Dynamic Relay Authorization
+ Control) by the pop3d and imapd daemons. Also sets the interval
+ (in minutes) between re-authorization requests made by imapd. */
+
+{ "drachost", "localhost", STRING }
+/* Hostname of the RPC dracd server. */
{ "duplicate_db", "skiplist", STRINGLIST("berkeley", "berkeley-nosync", "berkeley-hash", "berkeley-hash-nosync", "skiplist", "sql")}
/* The cyrusdb backend to use for the duplicate delivery suppression
