On Mon, Dec 12, Ken Murchison wrote: > I am pleased to announce the release of Cyrus IMAPd 2.3.0. This is an > BETA-quality release, reflecting that it has significant numbers of new > features that have not been tested on a wide-scale basis, although > earlier versions of this code have been running at two sites for quite > some time. Some of the new features include mailspool replication > (based on David Carter's work), "unified" Murder code, separate > meta-data partitions, several new IMAP and Sieve extensions, and many > more visible and invisible changes.
contrib/drac_auth patch did not apply, the attached one applies. -- With best regards, Carsten Hoeger
Index: cyrus-imapd-2.3.0/configure.in
===================================================================
--- cyrus-imapd-2.3.0.orig/configure.in
+++ cyrus-imapd-2.3.0/configure.in
@@ -1003,6 +1003,19 @@ dnl (agentx was depricated, but SNMP_SUB
SNMP_SUBDIRS=""
AC_SUBST(SNMP_SUBDIRS)
+dnl
+dnl Test for DRAC
+dnl
+DRACLIBS=
+AC_ARG_WITH(drac, [ --with-drac=DIR use DRAC library in <DIR> [no] ],
+ if test -d "$withval"; then
+ LDFLAGS="$LDFLAGS -L${withval}"
+ AC_CHECK_LIB(drac, dracauth,
+ AC_DEFINE(DRAC_AUTH,[],[Build DRAC support?])
+ DRACLIBS="-ldrac")
+ fi)
+AC_SUBST(DRACLIBS)
+
CMU_LIBWRAP
CMU_UCDSNMP
Index: cyrus-imapd-2.3.0/imap/Makefile.in
===================================================================
--- cyrus-imapd-2.3.0.orig/imap/Makefile.in
+++ cyrus-imapd-2.3.0/imap/Makefile.in
@@ -66,6 +66,7 @@ SIEVE_OBJS = @SIEVE_OBJS@
SIEVE_LIBS = @SIEVE_LIBS@
IMAP_COM_ERR_LIBS = @IMAP_COM_ERR_LIBS@
LIB_WRAP = @LIB_WRAP@
+DRAC_LIBS = @DRACLIBS@
LIBS = $(IMAP_LIBS) $(IMAP_COM_ERR_LIBS)
DEPLIBS = ../lib/libcyrus.a ../lib/libcyrus_min.a @DEPLIBS@
@@ -202,17 +203,17 @@ lmtpd.pure: lmtpd.o proxy.o $(LMTPOBJS)
imapd: xversion $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE)
$(CC) $(LDFLAGS) -o imapd \
$(SERVICE) $(IMAPDOBJS) mutex_fake.o \
- libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP)
+ libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS)
imapd.pure: $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE)
$(PURIFY) $(PUREOPT) $(CC) $(LDFLAGS) -o imapd.pure \
$(SERVICE) $(IMAPDOBJS) mutex_fake.o libimap.a \
- $(DEPLIBS) $(LIBS) $(LIB_WRAP)
+ $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS)
imapd.quant: $(IMAPDOBJS) mutex_fake.o libimap.a $(DEPLIBS) $(SERVICE)
$(QUANTIFY) $(QUANTOPT) $(CC) $(LDFLAGS) -o imapd.quant \
$(SERVICE) $(IMAPDOBJS) mutex_fake.o libimap.a \
- $(DEPLIBS) $(LIBS) $(LIB_WRAP)
+ $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS) $(DRAC_LIBS)
mupdate: mupdate.o mupdate-slave.o mupdate-client.o mutex_pthread.o tls.o \
libimap.a $(DEPLIBS)
@@ -230,7 +231,7 @@ mupdate.pure: mupdate.o mupdate-slave.o
pop3d: pop3d.o proxy.o backend.o tls.o mutex_fake.o libimap.a \
$(DEPLIBS) $(SERVICE)
$(CC) $(LDFLAGS) -o pop3d pop3d.o proxy.o backend.o tls.o $(SERVICE) \
- mutex_fake.o libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP)
+ mutex_fake.o libimap.a $(DEPLIBS) $(LIBS) $(LIB_WRAP) $(DRAC_LIBS)
nntpd: nntpd.o proxy.o backend.o index.o smtpclient.o spool.o tls.o \
mutex_fake.o nntp_err.o libimap.a $(DEPLIBS) $(SERVICE)
Index: cyrus-imapd-2.3.0/imap/imapd.c
===================================================================
--- cyrus-imapd-2.3.0.orig/imap/imapd.c
+++ cyrus-imapd-2.3.0/imap/imapd.c
@@ -172,6 +172,18 @@ static struct proxy_context imapd_proxyc
1, 1, &imapd_authstate, &imapd_userisadmin, &imapd_userisproxyadmin
};
+#ifdef DRAC_AUTH
+static struct {
+ int interval; /* dracd "ping" interval; 0 = disabled */
+ unsigned long clientaddr;
+ struct prot_waitevent *event;
+} drac;
+
+extern int dracconn(char *server, char **errmsg);
+extern int dracsend(unsigned long userip, char **errmsg);
+extern int dracdisc(char **errmsg);
+#endif /* DRAC_AUTH */
+
/* current sub-user state */
static struct mailbox mboxstruct;
static struct mailbox *imapd_mailbox;
@@ -637,6 +649,23 @@ int service_init(int argc, char **argv,
idle_init();
}
+#ifdef DRAC_AUTH
+ /* setup for sending DRAC "pings" */
+ drac.event = NULL;
+ drac.interval = config_getint(IMAPOPT_DRACINTERVAL);
+ if (drac.interval < 0) drac.interval = 0;
+ if (drac.interval) {
+ char *err;
+
+ if (dracconn((char*) config_getstring(IMAPOPT_DRACHOST), &err) != 0) {
+ /* disable DRAC */
+ drac.interval = 0;
+ syslog(LOG_ERR, "dracconn: %s", err);
+ syslog(LOG_ERR, "DRAC notifications disabled");
+ }
+ }
+#endif /* DRAC_AUTH */
+
/* create connection to the SNMP listener, if available. */
snmp_connect(); /* ignore return code */
snmp_set_str(SERVER_NAME_VERSION,CYRUS_VERSION);
@@ -741,6 +770,15 @@ int service_main(int argc __attribute__(
imapd_haveaddr = 1;
}
}
+
+#ifdef DRAC_AUTH
+ if (((struct sockaddr *)&imapd_remoteaddr)->sa_family == AF_INET)
+ drac.clientaddr = ((struct sockaddr_in
*)&imapd_remoteaddr)->sin_addr.s_addr;
+ else
+ drac.clientaddr = 0;
+ } else {
+ drac.clientaddr = 0;
+#endif /* DRAC_AUTH */
}
/* create the SASL connection */
@@ -783,6 +821,11 @@ int service_main(int argc __attribute__(
prot_flush(imapd_out);
snmp_increment(ACTIVE_CONNECTIONS, -1);
+#ifdef DRAC_AUTH
+ if (drac.event) prot_removewaitevent(imapd_in, drac.event);
+ drac.event = NULL;
+#endif /* DRAC_AUTH */
+
/* cleanup */
imapd_reset();
@@ -873,6 +916,10 @@ void shut_down(int code)
cyrus_done();
+#ifdef DRAC_AUTH
+ if (drac.interval) (void) dracdisc((char **)NULL);
+#endif /* DRAC_AUTH */
+
exit(code);
}
@@ -932,6 +979,35 @@ static void imapd_check(struct backend *
}
}
+#ifdef DRAC_AUTH
+/*
+ * Ping dracd every 'drac.interval' minutes
+ * to let it know that we are still connected
+ */
+struct prot_waitevent *drac_ping(struct protstream *s,
+ struct prot_waitevent *ev, void *rock)
+{
+ char *err;
+ static int nfailure = 0;
+
+ if (dracsend(drac.clientaddr, &err) != 0) {
+ syslog(LOG_ERR, "dracsend: %s", err);
+ if (++nfailure >= 3) {
+ /* can't contact dracd for 3 consecutive tries - disable DRAC */
+ prot_removewaitevent(s, ev);
+ drac.event = NULL;
+ syslog(LOG_ERR, "DRAC notifications disabled");
+ return NULL;
+ }
+ }
+ else
+ nfailure = 0;
+
+ ev->mark = time(NULL) + (drac.interval * 60);
+ return ev;
+}
+#endif /* DRAC_AUTH */
+
/*
* Top-level command loop parsing
*/
@@ -2030,6 +2106,11 @@ void cmd_login(char *tag, char *user)
prot_printf(imapd_out, "%s OK %s\r\n", tag, reply);
+#ifdef DRAC_AUTH
+ if (drac.interval && drac.clientaddr)
+ drac.event = prot_addwaitevent(imapd_in, 0 /* now */, drac_ping, NULL);
+#endif /* DRAC_AUTH */
+
/* Create telemetry log */
imapd_logfd = telemetry_log(imapd_userid, imapd_in, imapd_out, 0);
@@ -2179,6 +2260,11 @@ cmd_authenticate(char *tag, char *authty
prot_setsasl(imapd_in, imapd_saslconn);
prot_setsasl(imapd_out, imapd_saslconn);
+#ifdef DRAC_AUTH
+ if (drac.interval && drac.clientaddr)
+ drac.event = prot_addwaitevent(imapd_in, 0 /* now */, drac_ping, NULL);
+#endif /* DRAC_AUTH */
+
/* Create telemetry log */
imapd_logfd = telemetry_log(imapd_userid, imapd_in, imapd_out, 0);
Index: cyrus-imapd-2.3.0/imap/pop3d.c
===================================================================
--- cyrus-imapd-2.3.0.orig/imap/pop3d.c
+++ cyrus-imapd-2.3.0/imap/pop3d.c
@@ -103,6 +103,10 @@ extern char *optarg;
extern int opterr;
+#ifdef DRAC_AUTH
+static int drac_enabled;
+extern int dracauth(char *server, unsigned long userip, char **errmsg);
+#endif /* DRAC_AUTH */
#ifdef HAVE_SSL
static SSL *tls_conn;
@@ -507,6 +511,10 @@ int service_main(int argc __attribute__(
prot_settimeout(popd_in, timeout*60);
prot_setflushonread(popd_in, popd_out);
+#ifdef DRAC_AUTH
+ drac_enabled = (config_getint(IMAPOPT_DRACINTERVAL) > 0);
+#endif /* DRAC_AUTH */
+
if (kflag) kpop();
/* we were connected on pop3s port so we should do
@@ -1636,6 +1644,21 @@ int openinbox(void)
popd_mailbox = &mboxstruct;
proc_register("pop3d", popd_clienthost, popd_userid,
popd_mailbox->name);
+
+#ifdef DRAC_AUTH
+ if (drac_enabled &&
+ ((struct sockaddr *)&popd_remoteaddr)->sa_family == AF_INET) {
+ char *err;
+
+ if (dracauth((char*) config_getstring(IMAPOPT_DRACHOST),
+ ((struct sockaddr_in
*)&popd_remoteaddr)->sin_addr.s_addr, &err) != 0) {
+ /* disable DRAC */
+ drac_enabled = 0;
+ syslog(LOG_ERR, "dracauth: %s", err);
+ syslog(LOG_ERR, "DRAC notifications disabled");
+ }
+ }
+#endif /* DRAC_AUTH */
}
/* Create telemetry log */
Index: cyrus-imapd-2.3.0/imap/version.c
===================================================================
--- cyrus-imapd-2.3.0.orig/imap/version.c
+++ cyrus-imapd-2.3.0/imap/version.c
@@ -151,6 +151,10 @@ void id_response(struct protstream *pout
snprintf(env_buf + strlen(env_buf), MAXIDVALUELEN - strlen(env_buf),
"; %s", SIEVE_VERSION);
#endif
+#ifdef DRAC_AUTH
+ snprintf(env_buf + strlen(env_buf), MAXIDVALUELEN - strlen(env_buf),
+ "; DRAC");
+#endif
#ifdef HAVE_LIBWRAP
snprintf(env_buf + strlen(env_buf), MAXIDVALUELEN - strlen(env_buf),
"; TCP Wrappers");
Index: cyrus-imapd-2.3.0/lib/imapoptions
===================================================================
--- cyrus-imapd-2.3.0.orig/lib/imapoptions
+++ cyrus-imapd-2.3.0/lib/imapoptions
@@ -195,6 +195,14 @@ are listed with ``<none>''.
{ "deleteright", "c", STRING }
/* The right that a user needs to delete a mailbox. */
+{ "dracinterval", 5, INT }
+/* If nonzero, enables the use of DRAC (Dynamic Relay Authorization
+ Control) by the pop3d and imapd daemons. Also sets the interval
+ (in minutes) between re-authorization requests made by imapd. */
+
+{ "drachost", "localhost", STRING }
+/* Hostname of the RPC dracd server. */
+
{ "duplicate_db", "berkeley-nosync", STRINGLIST("berkeley", "berkeley-nosync",
"skiplist") }
/* The cyrusdb backend to use for the duplicate delivery suppression
and sieve. */
pgpnMtfgePXlP.pgp
Description: PGP signature
---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
