Date: Wed, 26 Dec 2001 12:46:26 +0100 (CET) From: dirk.meyer@dinoex.sub.org To: FreeBSD-gnats-submit@freebsd.org Subject: ports/33190: ports/popa3d Message-ID: <200112261146.fBQBkQ0O017594@home.dinoex.sub.org>
next in thread | raw e-mail | index | archive | help
>Number: 33190 >Category: ports >Synopsis: ports/popa3d >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Dec 26 03:50:00 PST 2001 >Closed-Date: >Last-Modified: >Originator: Dirk Meyer >Release: FreeBSD 4.4-STABLE i386 >Organization: privat >Environment: pop3ad >Description: update to 0.5, cleanup support SMTP relay after successful pop3 authenication. >How-To-Repeat: >Fix: maintainer mailed at: 22th Decmber 2001 note removed/delete: files.smtp/POPAUTH files.smtp/patch-aa files.smtp/patch-ab files.smtp/patch-pop_auth.c files.smtp/patch-pop_pbs.c files.smtp/patch-pop_root.c files.smtp/popauth.m4 install patches: diff popa3d/Makefile popa3d/Makefile --- popa3d/Makefile Fri Sep 21 21:56:26 2001 +++ popa3d/Makefile Sat Dec 22 14:19:38 2001 @@ -6,7 +6,7 @@ # PORTNAME= popa3d -PORTVERSION= 0.4 +PORTVERSION= 0.5 CATEGORIES= mail MASTER_SITES= http://www.openwall.com/popa3d/ \ ftp://ftp.openwall.com/popa3d/ \ @@ -16,18 +16,12 @@ PKGNAMESUFFIX?= -before-sendmail .endif -.if defined(SMTP_AFTER_POP3) -PATCH_SITES= http://www.openwall.com/popa3d/contrib/ -PATCHFILES= popa3d-0.4-before-sendmail.tar.gz -PATCH_DIST_STRIP= -p1 -.endif - MAINTAINER= gonza@techline.ru ALL_TARGET= popa3d .if defined(SMTP_AFTER_POP3) -PATCHDIR= ${MASTERDIR}/files.smtp +EXTRA_PATCHES+= ${FILESDIR}/pop-before-sendmail.patch PLIST= ${WRKDIR}/.PLIST.more pre-configure: @@ -36,7 +30,6 @@ @${ECHO} "share/sendmail/cf/hack/popauth.m4" >>${PLIST} post-patch: - @${PERL5} -pi -e "s=LOG_MAIL=LOG_DAEMON=" ${WRKSRC}/params.h @${PERL5} -pi -e "s=db1/db.h=db.h=" ${WRKSRC}/pop_root.c .endif @@ -47,14 +40,14 @@ ${INSTALL} ${COPY} -o root -g wheel -m 500 \ ${WRKSRC}/popa3d ${PREFIX}/libexec/popa3d .if defined(SMTP_AFTER_POP3) - ${INSTALL_DATA} ${PATCHDIR}/popauth.m4 ${CFDIR}/hack + ${INSTALL_DATA} ${FILESDIR}/popauth.m4 ${CFDIR}/hack .endif .if !defined(NOPORTDOCS) ${MKDIR} ${PREFIX}/share/doc/popa3d ${INSTALL_MAN} ${WRKSRC}/DESIGN ${PREFIX}/share/doc/popa3d - ${INSTALL_MAN} ${WRKSRC}/COPYING ${PREFIX}/share/doc/popa3d + ${INSTALL_MAN} ${WRKSRC}/LICENSE ${PREFIX}/share/doc/popa3d .if defined(SMTP_AFTER_POP3) - ${INSTALL_DATA} ${PATCHDIR}/POPAUTH ${PREFIX}/share/doc/popa3d + ${INSTALL_DATA} ${FILESDIR}/POPAUTH ${PREFIX}/share/doc/popa3d .endif .endif diff popa3d/distinfo popa3d/distinfo --- popa3d/distinfo Fri Sep 21 21:56:26 2001 +++ popa3d/distinfo Sat Dec 22 11:44:49 2001 @@ -1,2 +1,2 @@ -MD5 (popa3d-0.4.tar.gz) = 4ce2ed209abeaeaae7724d8d24bb7dbf +MD5 (popa3d-0.5.tar.gz) = ffe1644da7ffd0e66bf7e1c671f729aa MD5 (popa3d-0.4-before-sendmail.tar.gz) = 8e1aed8c86e1df777eee116667ad9d54 diff popa3d/files/POPAUTH popa3d/files/POPAUTH --- popa3d/files/POPAUTH Thu Jan 1 01:00:00 1970 +++ popa3d/files/POPAUTH Sat Dec 16 21:28:00 2000 @@ -0,0 +1,49 @@ + popa3d patch for POP-before-SMTP and SMTP-after-POP + + Garry Glendown / Dec. 12th 2000 + +On the 'net there are a couple of solutions to allow for POP-before-SMTP +authentication in order to allow for relaying of mails. Anyway, the +solutions I found didn't really apeal to me, so I hacked popa3d a bit, +which we already used on one of our machines to serve mail to dialup +customers. + + Prerequisites + +This patch supplies data to sendmail to allow for certain IPs to use it +as a relaying host. In order to use with your sendmail installation, get +the popauth-hack (http://www.sendmail.org/~ca/email/rules/popauth.m4) +and install it by adding "HACK(`popauth')" to you .mc-file. + + Installing + +The patch - enabled through the POPB4SMTP-define in the Makefile - +accesses the file "/etc/mail/popauth.db" (create with "makemap hash +/etc/mail/popauth </dev/null") and adds the IP of the sucessfully +authenticated POP-user to it. Once the IP appears in the .db-file, +sendmail will allow the IP to relay mail from it. + +Apart from the IP, which is added as LHS in the database, the patch adds +the timestamp of the authentication as RHS (which the sendmail-hack +ignores). This timestamp is then used to remove old IPs which are older +than VALIDTIME seconds (defined in the Makefile). + + Disclaimer + +This hack has been in production use for a week on our server and though +there are in average 30-60 POP3 logins per minute (going up to 2-3 +requests per seconds during daytime), we have not had any problems. +Please note that I'm no expert at the Berkeley db library - I just +hacked up a version using the old db1 functions and it worked out. +There may be things to do better, but it seems to work fine for me. If +you have any suggestions, let me know ... I've tried to play it safe and +wrapped all db-access into a semaphore-protected block, hopefully +allowing for safe multiple execution ... also, I tried to make sure that +the string functions all check for the available array length. + +If you have any suggestions, questions or feedback of any other kind +concerning this hack, don't bug the author of popa3d, but drop me a mail +at garry@glendown.de + +G.Glendown / Dec 15th 2000 + diff popa3d/files/patch-aa popa3d/files/patch-aa --- popa3d/files/patch-aa Sat Apr 1 05:39:44 2000 +++ popa3d/files/patch-aa Sat Dec 22 11:58:02 2001 @@ -1,37 +1,22 @@ ---- params.h.orig Tue Feb 1 09:16:24 2000 -+++ params.h Sat Mar 4 16:12:48 2000 -@@ -33,7 +33,7 @@ - * An unprivileged dummy user to run as before authentication. The user - * and its UID must not be used for any other purpose. +--- params.h.orig Tue Oct 16 06:10:34 2001 ++++ params.h Sat Dec 22 11:57:52 2001 +@@ -99,7 +99,7 @@ + * A pseudo-user to run as before authentication. The user and its UID + * must not be used for any other purpose. */ --#define POP_USER "popa3d" +-#define POP_USER POP_SERVER +#define POP_USER "pop" /* - * Sessions will be closed if idle for longer than POP_TIMEOUT seconds. -@@ -62,7 +62,7 @@ - * Do we have shadow passwords? (Not for *BSD.) - * Note: password aging is not supported. + * An empty directory to chroot to before authentication. The directory +@@ -142,8 +142,8 @@ + * + * Note that there's no built-in password aging support. */ +-#define AUTH_PASSWD 0 -#define AUTH_SHADOW 1 ++#define AUTH_PASSWD 1 +#define AUTH_SHADOW 0 + #define AUTH_PAM 0 + #define AUTH_PAM_USERPASS 0 - /* - * A salt used to waste some CPU time on dummy crypt(3) calls and make -@@ -81,14 +81,14 @@ - * Your mail spool directory. Note: only local (non-NFS) mode 775 mail - * spools are currently supported. - */ --#define MAIL_SPOOL_PATH "/var/spool/mail" -+#define MAIL_SPOOL_PATH "/var/mail" - - /* - * How do we talk to syslogd? These should be fine for most systems. - */ - #define SYSLOG_IDENT "popa3d" - #define SYSLOG_OPTIONS LOG_PID --#define SYSLOG_FACILITY LOG_DAEMON -+#define SYSLOG_FACILITY LOG_MAIL - #define SYSLOG_PRIORITY LOG_NOTICE - - /* diff popa3d/files/patch-ab popa3d/files/patch-ab --- popa3d/files/patch-ab Sat Apr 1 05:39:44 2000 +++ popa3d/files/patch-ab Sat Dec 22 11:59:55 2001 @@ -1,24 +1,22 @@ ---- Makefile.orig Tue Feb 1 06:56:46 2000 -+++ Makefile Sat Mar 4 18:34:28 2000 -@@ -1,9 +1,8 @@ +--- Makefile.orig Sun Oct 28 02:10:49 2001 ++++ Makefile Sat Dec 22 11:59:22 2001 +@@ -1,15 +1,15 @@ -CC = gcc -LD = gcc -+CC?= gcc ++CC? = gcc ++LD = ${CC} RM = rm -f - CFLAGS = -c -Wall -O2 -fomit-frame-pointer --LDFLAGS = -s --#LDFLAGS = -s -lcrypt -+#LDFLAGS = -s -+LDFLAGS = -s -lcrypt - - PROJ = popa3d - OBJS = md5/md5.o \ -@@ -13,7 +12,7 @@ - misc.o - - popa3d: $(OBJS) -- $(LD) $(LDFLAGS) $(OBJS) -o popa3d -+ $(CC) $(LDFLAGS) $(OBJS) -o popa3d - - md5/md5.o: md5/md5.c md5/md5.h - $(CC) $(CFLAGS) -D_LIBC md5/md5.c -o md5/md5.o + MKDIR = mkdir -p + INSTALL = install +-CFLAGS = -c -Wall -O2 -fomit-frame-pointer ++CFLAGS += -c -Wall -O2 -fomit-frame-pointer + # You may use OpenSSL's MD5 routines instead of the ones supplied here + #CFLAGS += -DHAVE_OPENSSL + LDFLAGS = -s + LIBS = + # Linux with glibc, FreeBSD, NetBSD +-#LIBS += -lcrypt ++LIBS += -lcrypt + # HP-UX trusted system + #LIBS += -lsec + # Solaris (POP_STANDALONE, POP_VIRTUAL) diff popa3d/files/pop-before-sendmail.patch popa3d/files/pop-before-sendmail.patch --- popa3d/files/pop-before-sendmail.patch Thu Jan 1 01:00:00 1970 +++ popa3d/files/pop-before-sendmail.patch Sat Dec 22 17:44:15 2001 @@ -0,0 +1,184 @@ +--- Makefile.orig Sat Dec 22 12:00:30 2001 ++++ Makefile Sat Dec 22 12:20:30 2001 +@@ -39,6 +39,9 @@ + misc.o \ + md5/md5.o + ++OBJS += pop_db.o ++CFLAGS += -DPOPB4SMTP -DVALIDTIME=600 ++ + all: $(PROJ) + + popa3d: $(OBJS) +--- pop_auth.c.orig Thu Sep 6 01:52:35 2001 ++++ pop_auth.c Sat Dec 22 17:41:02 2001 +@@ -14,6 +14,7 @@ + #if POP_VIRTUAL + #include "virtual.h" + #endif ++#include "pop_db.h" + + static char *pop_user, *pop_pass; + +@@ -75,15 +76,17 @@ + #if POP_VIRTUAL + if (virtual_domain) { + syslog(result == AUTH_OK ? SYSLOG_PRI_LO : SYSLOG_PRI_HI, +- "Authentication %s for %s@%s", ++ "Authentication %s for %s@%s from %s", + result == AUTH_OK ? "passed" : "failed", + user ? user : "UNKNOWN USER", +- virtual_domain); ++ virtual_domain, ++ client_addr(1) ); + return; + } + #endif + syslog(result == AUTH_OK ? SYSLOG_PRI_LO : SYSLOG_PRI_HI, +- "Authentication %s for %s", ++ "Authentication %s for %s from %s", + result == AUTH_OK ? "passed" : "failed", +- user ? user : "UNKNOWN USER"); ++ user ? user : "UNKNOWN USER", ++ client_addr(1)); + } +--- pop_db.c.orig Sat Dec 22 15:55:37 2001 ++++ pop_db.c Sat Dec 22 17:41:50 2001 +@@ -0,0 +1,107 @@ ++ ++#include <sys/types.h> ++#include <sys/socket.h> ++#include <netinet/in.h> ++#include <arpa/inet.h> ++#include <sys/stat.h> ++ ++#ifdef POPB4SMTP ++#include <fcntl.h> ++#include <db.h> ++#include <time.h> ++#include <stdio.h> ++#include <string.h> ++#include <stdlib.h> ++#endif ++ ++#include "pop_db.h" ++ ++int log_error(char *s); ++ ++ ++/* Function from G.Glendown Dec 2000 */ ++ ++char addr_buf[256]; ++ ++char *client_addr(int fd) ++{ ++ struct sockaddr sa; ++ struct sockaddr_in *sockin = (struct sockaddr_in *) (&sa); ++ int length = sizeof(sa); ++ ++ strcpy(addr_buf,"0.0.0.0"); ++ ++ if (fd == -1) { ++ return addr_buf; ++ } ++ ++ if (getpeername(fd, &sa, &length) < 0) { ++ return addr_buf; ++ } ++ ++ strcpy(addr_buf, (char *)inet_ntoa(sockin->sin_addr)); ++ return addr_buf; ++} ++ ++#ifdef POPB4SMTP ++ ++/* Function written by Dirk Meyer */ ++ ++void write_db_entry(void) ++{ ++ DB *db; ++ DBT key, data; ++ char ts[16]; ++ int ret, fd, st; ++ time_t tv; ++ ++ /* create is not set, this is intended, ++ function will be ignored, if database was not created */ ++ db = dbopen("/etc/mail/popauth.db", O_RDWR, 0644, DB_HASH, NULL); ++ if ( db == NULL ) ++ return; ++ ++ /* lock all changes */ ++ fd = db->fd(db); ++ if ( fd == -1 ) { ++ st = -1; ++ log_error( "db->fd() failed" ); ++ } else { ++ st = flock(fd, LOCK_EX); ++ } ++ ++ if (st == 0) { ++ /* generate entry */ ++ key.data = client_addr(1); ++ key.size = strlen(key.data); ++ sprintf(ts, "%lu", (long)time(NULL)); ++ data.data = ts; ++ data.size = strlen(ts); ++ db->put(db, &key, &data, 0); ++ db->sync(db,0); ++ ++ /* cleanup old entrys */ ++ ret = db->seq(db, &key, &data, R_FIRST); ++ while (!ret) { ++ data.size = data.size < 16 ? data.size : 15; ++ strncpy(ts,data.data, data.size); ++ ts[data.size] = 0; ++ tv = atol(ts); ++ if ((tv+VALIDTIME) < time(NULL)) { ++ db->del(db, &key, 0); ++ db->sync(db, 0); ++ /* start over */ ++ ret = db->seq(db, &key, &data, R_FIRST); ++ continue; ++ } ++ ret = db->seq(db, &key, &data, R_NEXT); ++ } ++ st = flock(fd, LOCK_UN); ++ } else { ++ log_error( "lock() failed" ); ++ } ++ db->close(db); ++} ++ ++#endif ++ +--- pop_db.h.orig Sat Dec 22 15:55:37 2001 ++++ pop_db.h Sat Dec 22 15:55:37 2001 +@@ -0,0 +1,4 @@ ++ ++char *client_addr(int fd); ++void write_db_entry(void); ++ +--- pop_root.c.orig Sat Sep 8 14:58:32 2001 ++++ pop_root.c Sat Dec 22 17:27:37 2001 +@@ -32,6 +32,9 @@ + #if POP_VIRTUAL + #include "virtual.h" + #endif ++#ifdef POPB4SMTP ++#include "pop_db.h" ++#endif + + #if !VIRTUAL_ONLY + extern struct passwd *auth_userpass(char *user, char *pass, int *known); +@@ -151,6 +154,10 @@ + if (!*pass) return AUTH_FAILED; + memset(pass, 0, strlen(pass)); + if (!*user) return AUTH_FAILED; ++ ++#ifdef POPB4SMTP ++ write_db_entry(); ++#endif + + if (set_user(pw)) return AUTH_FAILED; + diff popa3d/files/popauth.m4 popa3d/files/popauth.m4 --- popa3d/files/popauth.m4 Thu Jan 1 01:00:00 1970 +++ popa3d/files/popauth.m4 Sun Jul 22 13:39:46 2001 @@ -0,0 +1,47 @@ +divert(-1) +# +# Copyright (c) 2000 Claus Assmann <ca+popauth@mine.informatik.uni-kiel.de> +# +# In short: you can do whatever you want with this, but don't blame me! +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# <URL: http://www.sendmail.org/~ca/email/chk-89n.html > +# +VERSIONID(`$Id: popauth.m4,v 1.5 2000/10/19 17:47:53 ca Exp $') + +LOCAL_CONFIG +ifdef(`DATABASE_MAP_TYPE', `', `define(`DATABASE_MAP_TYPE', `hash')') +Kpopauth ifelse(defn(`_ARG_'), `', + `DATABASE_MAP_TYPE -a<OK> /etc/mail/popauth', + `_ARG_') +ifdef(`CF_LEVEL', `dnl has been introduced in 8.10 +dnl this can be used to add a tag to entries in the map +dnl to restrict the access +ifdef(`POP_B4_SMTP_TAG',, `define(`POP_B4_SMTP_TAG', `POP:')')dnl +ifdef(`POP_TO', `dnl +ifdef(`_ARITH_MAP_', `', `dnl +define(`_ARITH_MAP_', `1')dnl +Karith arith') +')', `dnl +define(`POP_B4_SMTP_TAG', `')dnl +')dnl +LOCAL_RULESETS +SLocal_check_rcpt +R$* $: $(popauth `'$&{client_addr} $: <?> $) +R<?> $@ NoPopAuth +ifdef(`POP_TO', `dnl +R$+ $: $(arith - $@ $1 $@ $&t $) +R$+ $: $(arith l $@ $1 $@ POP_TO $) +RTRUE $# OK', ` +R$*<OK> $# OK') diff popa3d/pkg-plist popa3d/pkg-plist --- popa3d/pkg-plist Fri Sep 21 21:56:26 2001 +++ popa3d/pkg-plist Sat Dec 22 12:27:04 2001 @@ -1,5 +1,5 @@ @comment $FreeBSD: ports/mail/popa3d/pkg-plist,v 1.3 2001/09/16 09:43:08 dinoex Exp $ libexec/popa3d %%PORTDOCS%%share/doc/popa3d/DESIGN -%%PORTDOCS%%share/doc/popa3d/COPYING +%%PORTDOCS%%share/doc/popa3d/LICENSE %%PORTDOCS%%@dirrm share/doc/popa3d >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112261146.fBQBkQ0O017594>