[courier-users] authpipe and maildrop

authpipe is a nice addition to the courier-authlib modules. I'm glad to
have the flexibility that it provides. I recently wrote my first
authProg and got it working with courier-imap in no time. However as
soon as I tried to use maildrop things went south.

I traced the problem to the last bit of preauthpipe.c (line 104):

-----------------------------------------------------------------------

if (pass == 0) return (0); /* Just get the authentication info */
return ((*callback)(&auth, arg));

-----------------------------------------------------------------------

The check for no password short circuits the callback function that
fills out the auth info structure with HOMEDIR, MAILDIR, etc. Here's the
problem, maildrop does not do an AUTH. Instead it issues the CHECK
command and so does not provide a password to authpipe.

>From the README it seems like maildrop is right in expecting to have
this data structure filled out after issuing a CHECK.

http://www.courier-mta.org/authlib/README_authlib.html says:

"The remaining requests: USERNAME, HOMEDIR, MAILDIR, ADDRESS, FULLNAME,
and OPTIONS are valid only after a successful AUTH or CHECK, and the
external program should respond with the corresponding information about
the requested account."

For the time being I've just commented out line 104 -- but I don't know
if that is the right solution going forward. What was the rationale
behind the early return? Is there any problem with letting the pipe
callback execute every time authpipecommon() runs?

By the way here's a skeleton authProg written in python using eval
instead of a switch statement to process the authpipe protocol commands.

#!/usr/bin/python
import sys

validUID = None

def main():
cmd = "-"
while cmd.strip() != "":
cmd = sys.stdin.readline()
try:
eval(cmd[:-1] + "()")
except NameError:
respond('?? ')

def respond(str):
sys.stdout.write(str + "\n")
sys.stdout.flush()

def uid_is_known(uid):
global validUID
if validUID:
return True
else:
#do something to figure out if this uid is valid
if isValidUID(uid):
validUID = uid
return True
else:
return False
def CHECK():
uid = sys.stdin.readline()[:-1]

if uid_is_known(uid):
respond('OK user exists')
else:
respond('BAD UID')

def AUTH():
uid = sys.stdin.readline()[:-1]
pw = sys.stdin.readline()[:-1]

if not uid_is_known(uid):
sys.exit(0)

#do your password checking here
if passwordMatches():
validUser = uid
respond('OK user exists and password is correct')
else:
respond('SORRY authentication failed')
sys.exit(0)

#very important -- user must exist on the system
def USERNAME():
respond('OK username')

def HOMEDIR():
respond('OK homedir')

def MAILDIR():
respond('OK maildir')

def ADDRESS():
respond('OK a@b.com')

def FULLNAME():
respond('OK somename')

def OPTIONS():
respond('OK ')

def PASSWD():
sys.stdoute.write('?? ')

if __name__ == '__main__':
main()








-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users