cvm-0.96/0000775000076400007640000000000011326155156011607 5ustar bruceguentercvm-0.96/module_command.c0000664000076400007640000000360311326155156014740 0ustar bruceguenter/* cvm/module_command.c - CVM command module main routine * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include "module.h" static int read_input(void) { size_t rd; cvm_module_inbuflen = 0; for (cvm_module_inbuflen = 0; cvm_module_inbuflen <= BUFSIZE; cvm_module_inbuflen += rd) { if ((rd = read(0, cvm_module_inbuffer+cvm_module_inbuflen, BUFSIZE-cvm_module_inbuflen)) == (unsigned)-1) return CVME_IO; if (rd == 0) break; } return 0; } static int write_output(void) { size_t wr; unsigned char* ptr; for (ptr = cvm_module_outbuffer; cvm_module_outbuflen > 0; cvm_module_outbuflen -= wr, ptr += wr) { if ((wr = write(1, ptr, cvm_module_outbuflen)) == (unsigned)-1 || wr == 0) return CVME_IO; } return 0; } extern void usage(void); int command_main(void) { int code; int wcode; if ((code = cvm_module_init()) != 0) return code; if ((code = read_input()) != 0) { cvm_module_stop(); return code; } code = cvm_module_handle_request(); cvm_module_fact_end(code); if ((wcode = write_output()) != 0 && code == 0) code = wcode; cvm_module_stop(); return code & CVME_MASK; } cvm-0.96/random.c0000664000076400007640000000265211326155156013240 0ustar bruceguenter/* cvm/random.c - CVM random number generation * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ /* Derived from dns_random.c from djbdns-1.05, which was made public * domain as per http://cr.yp.to/distributors.html on 2007-12-28. */ #include #include #include #include #include #include "random.h" static struct surfrand state; void cvm_random_init(void) { struct timeval tv; uint32 data[32]; gettimeofday(&tv, 0); data[0] += tv.tv_sec; data[1] += tv.tv_usec; data[2] = getpid(); data[3] = getppid(); surfrand_init(&state, data, 32); } void cvm_random_fill(unsigned char* buf, unsigned len) { surfrand_fill(&state, buf, len); } cvm-0.96/FILES0000664000076400007640000000331611326155156012377 0ustar bruceguenterANNOUNCEMENT AUTOFILES COPYING ChangeLog ChangeLog.vmailmgr FILES INSTHIER LIBVERSION Makefile NEWS NEWS.sql NEWS.vmailmgr README README.vchkpw README.vmailmgr SRCFILES TARGETS TODO VERSION client_domain.c client_setenv.c client_setugid.c client_xfer_command.c client_xfer_compat.c client_xfer_local.c client_xfer_udp.c conf-bgincs conf-bglibs conf-bin conf-cc conf-include conf-ld conf-lib credentials.h credentials.html cvm-0.96.spec cvm-benchclient.c cvm-benchclient.html cvm-chain.c cvm-chain.html cvm-checkpassword.c cvm-checkpassword.html cvm-mysql-local.c cvm-mysql-udp.c cvm-mysql.c cvm-mysql.html cvm-pgsql-local.c cvm-pgsql-udp.c cvm-pgsql.c cvm-pgsql.html cvm-pwfile.c cvm-pwfile.html cvm-qmail.c cvm-qmail.html cvm-sqlite.c cvm-sqlite.html cvm-testclient.c cvm-testclient.html cvm-unix.c cvm-unix.html cvm-v1benchclient.c cvm-v1checkpassword.c cvm-v1testclient.c cvm-vchkpw.c cvm-vmailmgr-local.c cvm-vmailmgr-udp.c cvm-vmailmgr.c cvm-vmailmgr.h cvm-vmailmgr.html cvm.html cvm/module.h errors.c errors.h errors.html facts.c facts.h facts.html getpwnam.c module.h module.html module_command.c module_command_main.c module_local.c module_local_main.c module_log.c module_main.c module_output.c module_request.c module_udp.c module_udp_main.c protocol-1.html protocol-2.html protocol.h qmail-domains.c qmail-dotfile.c qmail-init.c qmail-lookup.c qmail-users.c qmail.h random.c random.h rationale.html sasl-auth-test.c sasl.h sasl.html sasl_auth.c sasl_authenticate.c sasl_cram_md5.c sasl_init.c sasl_internal.h sasl_login.c sasl_plain.c sasl_start.c sql-auth.c sql-query-test.c sql-query.c sql.h sql.html tests.sh v1client.c v1client.h v1client.html v2client.c v2client.h v2client.html v2client_wrappers.c vmautoconvert.c vmlookup.c cvm-0.96/NEWS0000664000076400007640000003653011326155156012315 0ustar bruceguenter------------------------------------------------------------------------------- Changes in version 0.96 - Added support for checking permissions in cvm-qmail. See discussion of $CVM_QMAIL_CHECK_PERMS in cvm-qmail.html - Added support for I/O timeouts for cvm-local modules. - Fixed the SQLite module to copy the row data. - Fixed cvm-qmail dieing if control/locals is missing. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.95 - Added a "lookaside" mode to cvm-qmail, to assist with proper chaining to cvm-vmailmgr or other modules. - Fixed failure in cvm-qmail when virtualdomains did not exist. - Fixed client.h symlink to point to v2client.h to match the library. - Fixed cvm-vmailmgr to fail with OUTOFSCOPE=1 when the virtual password table file does not exist, instead of failing with an I/O error. This should improve its ability to chain with other modules. - Added cvm-sqlite from Wayne Marshall Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.90 - Added support for chaining modules within the version client library. To use this, specify the module string as a list of modules separated with commas. For example: cvm-command:/path/to/module,cvm-local:/path/to/socket This enhancement deprecates the cvm-chain module. - Introduced an "out of scope" fact, to be used on credential rejection results when the supplied credentials are outside of the scope of authority of the module. The cvm-vmailmgr and cvm-qmail modules report this fact as appropriate, and cvm-chain copies it as appropriate from the modules it invokes. - A random anti-spoofing tag is added to all version 2 client requests. Its length is set by $CVM_RANDOM_BYTES and defaults to 8. - Fixed a bug that caused the domain output to be set incorrectly when doing qmail lookups with a domain not in the control files with $CVM_QMAIL_ASSUME_LOCAL set. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.82 - Fixed handling of user/domain name splitting in the client library when the caller doesn't initially provide a domain name. - cvm_client_setenv now also sets $MAILDIR for use with Courier IMAP. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.81 - Fixed a typo in the INSTHIER file that caused incomplete installations. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.80 - Modified the build procedures to use libtool to produce and install shared libraries. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.76 - Fixed the autoconvert feature of cvm-vmailmgr to set the permissions and ownership of the created password table to that of the original. - Added a feature to all qmail-based modules to treat all domains as local if $CVM_QMAIL_ASSUME_LOCAL is set. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.75 - Added an "autoconvert" mode to cvm-vmailmgr, which converts encrypted passwords to plain-text on successful authentication if $VMAILMGR_AUTOCONVERT is set. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.71 - Several brown-paper-bag bug fixes. - Updated the cvm-vchkpw module. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.70 - Major SASL rewrite: - Rewrote SASL API to eliminate static data, making it reentrant. - Fixed up the SASL library to use the v2 client library. - Added SASL generic text I/O authentication framework from mailfront. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.60 * This version brings major API changes. * - All module symbols are named cvm_module_* - All client symbols are named cvm_client_* - Macros are used to preserve source compatability with existing code. - Added cvm-chain combination client/module program (adapted from code contributed by Dale Woolridge). Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.50 * This version is a major upgrade providing support for the CVM2 * protocol. All the modules included here now support both the new CVM2 * protocol and the existing CVM1 protocol. There are two seperate * client libraries, cvm-v1client and cvm-v2client. The previous library * and header names are retained as symlinks to the v1client files. NOTE: The version 1 client library is now depricated and may be removed in future versions of the package. All new software should target the version 2 API. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.33 - Added compile fix for cvm-vchkpw. Thanks Peter Palmreuther. - Fixed handling qmail lookups of extensions containing periods. - Fixed handling qmail lookups with missing domains by reading control/me and control/envnoathost. - Fixed handling qmail lookups when cdb/users exists but does not contain all users. Thanks Dale Woolridge. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.32 - Fixed the qmail lookups in cvm-qmail to lower-case both the username and the "-ext" part in .qmail-ext files, just like qmail-local does. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.31 - Changed error code in the qmail code from EBADMSG to EDOM to allow compilation on *BSD systems. This is strictly a compile-fix version. If the previous version compiled for you, there is no reason to upgrade. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.30 - Added "lookup mode" common code, available in all modules. - Added new cvm-qmail module, which can be used to verify validity of recipient addresses on qmail systems. - Fixed cvm/module.h header file include problem. Thanks Paul Jarc for pointing this out. - Significantly factorized the qmail code underlying the vmailmgr modules, making them more conformant to qmail's delivery process. - Removed the now obsoleted cvm-vmlookup lookup-only module. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.20 - Merged cvm-vmailmgr (including cvm-vmlookup) into this package. - Re-merged in SQL modules from cvm-sql package (cvm-mysql and cvm-pgsql). - Fixed a bug in the module library: cvm_fact_shell was treated as mandatory instead of optional. - Fixed a bug in client.c that prevented at least OpenBSD from using UDP modules. Thanks Balazs Nagy. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.18 - Changed the order of the chdir in cvm_setugid, to avoid problems with NFS mounted file shares. - Fixed yet another typo in installer that put a header file in place of a library. - The cvm_setenv routine now exports both $MAIL and $MAILBOX, as some programs (notably Dovecot IMAP) prefer to use $MAIL. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.17 - Corrected typo in installer code that left out the all-important "lib" prefix on files installed in /usr/lib - Fixed cvm-testclient to work with modules that accept zero credentials (ie unprotected lookup modules). Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.16 - Merged cvm-sasl library from bglibs into this package. - Bug fix for SIGPIPE (on at least Solaris) if modules exit unexpectedly (from Lars Uffmann). - Modified the module command mode to always write the output, even if authentication failed. This allows command mode to be used with a UCSPI server to provide other modes of servers. - The module library now allows for setting the ownership of the created local socket by setting $CVM_SOCKET_MODE, $CVM_SOCKET_OWNER, and $CVM_SOCKET_GROUP. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.15 - Added a new generic module library that supports all three operation modes (command, local socket, UDP socket) from the same binary. The separated module libraries have been retained for compatibility, but the separated modules have been removed from this package. - Fixed cvm-unix to properly handle shadow passwords. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.12 - Fixed a buffer mis-allocation bug in the getpwnam code. - Fixed a one-off bug in the client code that parses user/domain names. - Fixed a Solaris/SysV portability problem. - Switched to external bglibs. - Dropped use of non-portable fgetpwent in cvm-pwfile. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.11 - Removed the MySQL and PgSQL modules from this package, and bundled them into a seperate cvm-sql package. - Bugfix: cvm-unix did not lowercase the account name before calling getpwnam. - Added some convenience functions to the client library. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.10 - Added support to the MySQL and PgSQL modules for executing a query after credential validation, useful for updating a "last logged in at" field or similar. - Modified the client->server protocol to include a protocol identifier byte (to allow for future revisions) and a domain name. - Modified the client library to optionally parse a domain name out of the account name. - Modified the MySQL and PgSQL modules to deal with domain names. - The MySQL module will now read connection options out of a defaults file if specified. NOTE: Modules built against this version of CVM will be incompatible with clients built against older versions, and vice versa! Use care when upgrading. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.8 - Added additional error codes. - Added a MySQL module. - Added a PgSQL module. - Use pwcmp for password comparisons in all modules except for cvm-unix. - Added a required function "cvm_auth_stop" to the module API, which is called once at module shutdown. - Bug fix in the cvm-unix module from Paul Jarc to make the supplemental group id list reported by cvm-unix actually follow the fact specification. - Bug fix in the client library code that caused the shell fact to be required. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.7 - Added a text-file module, cvm-pwfile. - Modified the client and module APIs to add "cvm_" in front of all exported symbols. - Added a required function "cvm_auth_init" to the module API, which is called once at program startup. - Modified cvm-unix to output the group name and the supplemental group list. - Fixed the APIs to use "unsigned long" for the integer type instead of just "unsigned". - Fixed the client library to properly handle lists of facts. - Fixed use of iopoll to properly support systems with a missing or broken poll syscall. Note: This release doesn't make any of the protocol changes discussed in the mailing lists. Since those changes are fairly radical, they will go into a second version of CVM, named either CVM2 or CVMX or something. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.6 - Fixed some client library bugs. - Added a benchmarking client. - Added a checkpassword client. ------------------------------------------------------------------------------- Changes in version 0.5 - Added support for long-running UDP and local-domain socket modules. ------------------------------------------------------------------------------- Changes in version 0.3 - Fixed handling of negative values in client library. - Fixed a bug in the client library that caused handling bad data to not indicate any error. ------------------------------------------------------------------------------- Changes in version 0.2 - Renamed cvm_unix to cvm-unix. - Fixed a bug in parsing in fact_uint, which incorrectly used strtol. - Added more documentation. ------------------------------------------------------------------------------- cvm-0.96/NEWS.vmailmgr0000664000076400007640000000513611326155156014130 0ustar bruceguenter------------------------------------------------------------------------------- Changes in version 0.7 - Made lock-out of disabled mailboxes optional. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.6 - Elimiated a duplicate chdir in the fast path of lookups. - Virtual user names needed to be lower-cased before use, and domain names needed case-insensitive lookups. - Added some automated tests. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.5 - Added a lookup-only module, cvm-vmlookup. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.4 - Fixed the support for unencrypted passwords. - Converted to external bglibs. - Added support for qmail in paths other than /var/qmail by setting $QMAIL_ROOT. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.3 - virtualdomains is now cached land reloaded automatically when it is modified. - Added support for using the qmail-users CDB file for lookups. This together with the virtualdomains cache greatly speeds up lookups on large servers. - Added support for unencrypted passwords, prefixed with '$0$' to distinguish them from plain crypt (no prefix) and MD5-crypt (prefixed with '$1$'). Note that creating such password entries requires modified vmailmgr tools which are not yet generally available. - Added optional debugging output. - Removed base user authentication. !!NOTE!! This means that authentication for both real users and virtual users using passwords in /etc/passwd will no longer work. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.2 - Output mailbox facts suitable for use with pop3front-auth. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- cvm-0.96/tests.sh0000664000076400007640000012610711326155156013314 0ustar bruceguenter#!/bin/sh src=`pwd` tmp=$src/tests-tmp rm -rf $tmp mkdir -p $tmp PATH="$src:/bin:/usr/bin:/usr/local/bin" tests_failed=0 tests_count=0 _UID=`id -u` _GID=`id -g` usage() { echo "usage: sh $0 [-v]" } vecho() { :; } while getopts v flag do case $flag in v) vecho() { echo "$*"; } ;; *) usage; exit 1 ;; esac done printf='env printf' home=$tmp/home mkdir $home CVM_PWFILE_PATH=$tmp/pwfile export CVM_PWFILE_PATH make_pwfile() { ( echo 'pwfuser:testpass:123:456:Gecos,xyz:/home/ftp:/bin/false' echo 'cryptuser:tpzv1IkcX9.fE:234:567:Crypt:/home/crypt:/bin/true' ) >$CVM_PWFILE_PATH } CVM_SQLITE_DB=$tmp/db.sqlite CVM_SQLITE_QUERY='SELECT password, username, userid, groupid, directory, realname, shell, groupname, domain, sys_username, sys_directory, mailbox_path FROM accounts WHERE username=$account AND domain=$domain' CVM_SQLITE_PWCMP=plain export CVM_SQLITE_DB CVM_SQLITE_QUERY CVM_SQLITE_PWCMP make_sqlite() { sqlite3 $CVM_SQLITE_DB <$tmp/cvm-$base-lookup #!/bin/sh CVM_LOOKUP_SECRET=secret export CVM_LOOKUP_SECRET exec $src/cvm-$base EOF cat <$tmp/cvm-$base-nosecret #!/bin/bash unset CVM_LOOKUP_SECRET exec $src/cvm-$base EOF done chmod +x $tmp/cvm-* QMAIL_ROOT=$tmp export QMAIL_ROOT mkdir $tmp/users ( uid=`id -u` gid=`id -g` hlen=`echo $home $uid $gid | wc -c` tlen=`echo $tmp $uid $gid | wc -c` $printf "+6,%d:!user\0->user\000$uid\000$gid\000$home\0\0\n" $(($hlen+6)) $printf "+6,%d:!user-->user\000$uid\000$gid\000$home\0-\0\n" $(($hlen+7)) $printf "+7,%d:!alias\0->alias\000$uid\000$gid\000$tmp/alias\0\0\n" $(($tlen+13)) $printf "+7,%d:!alias-->alias\000$uid\000$gid\000$tmp/alias\0-\0\n" $(($tlen+14)) $printf "+1,%d:!->alias\000$uid\000$gid\000$tmp/alias\0-\0\n" $(($tlen+14)) echo ) | cdbmake $tmp/users/cdb $tmp/users/tmp mkdir $tmp/control echo local.dom >$tmp/control/locals echo test.tld:user >$tmp/control/virtualdomains echo noathost:user >>$tmp/control/virtualdomains echo noathost >$tmp/control/envnoathost mkdir $tmp/alias echo \# >$home/.qmail-wild-default echo \# >$home/.qmail-addr echo \# >$home/.qmail-dot:addr echo \# >$tmp/alias/.qmail-alias echo \# >$tmp/alias/.qmail-awild-default echo \# >$tmp/alias/.qmail-adot:addr ( $printf '+4,69:virt->\x2\x8\x1\0$1$aSoIrl/J$TmAwoxKzrPJ0IaW5UvX4A0\0./virt\0\0\0-\0-\0-\0-\0001016731358\0-\0\n' echo ) | cdbmake $home/passwd.cdb $home/passwd.tmp sasltest() { make_pwfile env \ CVM_SASL_PLAIN=$src/cvm-pwfile \ PROTO=TCP \ TCPLOCALHOST=localhost \ $src/sasl-auth-test "$@" rm -f $CVM_PWFILE_PATH } run_compare_test() { local name=$1 shift sed -e "s:@SOURCE@:$src:g" -e "s:@TMPDIR@:$tmp:g" -e "s:@UID@:$_UID:" -e "s:@GID@:$_GID:" >$tmp/expected ( runtest "$@" 2>&1 ) 2>&1 >$tmp/actual-raw cat -v $tmp/actual-raw >$tmp/actual if ! cmp $tmp/expected $tmp/actual >/dev/null 2>&1 then echo "Test $name $@ failed:" ( cd $tmp; diff -U 9999 expected actual | tail -n +3; echo; ) tests_failed=$(($tests_failed+1)) fi rm -f $tmp/expected $tmp/actual tests_count=$(($tests_count+1)) } ##### Test tests/command-bad-username ##### runtest() { make_pwfile $src/cvm-testclient $src/cvm-pwfile pxfuser '' testpass } vecho Running test tests/command-bad-username run_compare_test tests/command-bad-username <$tmp/cvmlookup #!/bin/sh CVM_LOOKUP_SECRET=$secret export CVM_LOOKUP_SECRET exec $src/cvm-pwfile EOF chmod +x $tmp/cvmlookup $src/cvm-testclient $tmp/cvmlookup pwfuser '' env CVM_LOOKUP_SECRET='' \ $src/cvm-testclient $tmp/cvmlookup pwfuser '' env CVM_LOOKUP_SECRET=$secret \ $src/cvm-testclient $tmp/cvmlookup pwfuser '' rm -f $tmp/cvmlookup } vecho Running test tests/lookup '' run_compare_test tests/lookup '' <$tmp/cvmlookup #!/bin/sh CVM_LOOKUP_SECRET=$secret export CVM_LOOKUP_SECRET exec $src/cvm-pwfile EOF chmod +x $tmp/cvmlookup $src/cvm-v1testclient $tmp/cvmlookup pwfuser '' $src/cvm-v1testclient $tmp/cvmlookup pwfuser '' '' $src/cvm-v1testclient $tmp/cvmlookup pwfuser '' secret rm -f $tmp/cvmlookup } vecho Running test tests/v1lookup '' run_compare_test tests/v1lookup '' <$tmp/.qmail-lookaside-default $src/cvm-testclient $tmp/cvm-qmail-lookup lookaside-someone test.tld } export CVM_LOOKUP_SECRET=secret export CVM_QMAIL_CHECK_PERMS=0 $src/cvm-testclient $tmp/cvm-qmail-lookup addr test.tld chmod 000 $home echo $src/cvm-testclient $tmp/cvm-qmail-lookup addr test.tld export CVM_QMAIL_CHECK_PERMS=- echo $src/cvm-testclient $tmp/cvm-qmail-lookup addr test.tld chmod 755 $home unset CVM_LOOKUP_SECRET unset CVM_QMAIL_CHECK_PERMS } vecho Running test tests/qmail-lookup-perms run_compare_test tests/qmail-lookup-perms <$home/.qmail-lookaside-default $src/cvm-testclient $tmp/cvm-qmail-lookup lookaside-someone test.tld } export CVM_LOOKUP_SECRET=secret export CVM_QMAIL_LOOKASIDE='/bin/program1 /bin/program2 /bin/program3' doit '| /bin/program foo' echo doit '| /bin/program1 foo' echo doit '| /bin/program2 foo' echo doit '| /bin/program3 foo' echo doit ' |/bin/program1' echo doit $'#before\n|/bin/program2\n#after' unset CVM_LOOKUP_SECRET unset CVM_QMAIL_LOOKASIDE } vecho Running test tests/qmail-lookup-lookaside run_compare_test tests/qmail-lookup-lookaside <$tmp/log & echo $! >$tmp/pid sleep 1 cat $tmp/log } vecho Running test tests/start-pwfile-udp run_compare_test tests/start-pwfile-udp <$tmp/log & echo $! >$tmp/pid sleep 1 cat $tmp/log } vecho Running test tests/start-pwfile-local run_compare_test tests/start-pwfile-local <

CVM

cvm-sasl

Overview

cvm-sasl is a library for programs that need to do authentication via SASL (RFC 2222). It provides a generic interface for doing the authentication using CV modules.

Configuration

To configuration an application that uses cvm-sasl, set one or more of the following environment variables to the name of a CVM that can accept the indicated type of credentials:

Name SASL Mechanism CVM Credentials
CVM_SASL_CRAM_MD5 CRAM-MD5 (RFC 2195) 2: Challenge, Response
CVM_SASL_LOGIN LOGIN 1: Plain text password
CVM_SASL_PLAIN PLAIN (RFC 2595) and LOGIN 1: Plain text password

Note: as of this writing, there are no CRAM-MD5 CVMs, so that functionality is completely untested. If $CVM_SASL_LOGIN is set, it is overrides $CVM_SASL_PLAIN for LOGIN authenticaiton.

cvm-0.96/facts.h0000664000076400007640000000167411326155156013070 0ustar bruceguenter#ifndef CVM__FACTS__H__ #define CVM__FACTS__H__ #define CVM_FACT_USERNAME 1 #define CVM_FACT_USERID 2 #define CVM_FACT_GROUPID 3 #define CVM_FACT_REALNAME 4 #define CVM_FACT_DIRECTORY 5 #define CVM_FACT_SHELL 6 #define CVM_FACT_GROUPNAME 7 #define CVM_FACT_SUPP_GROUPID 8 #define CVM_FACT_SYS_USERNAME 9 #define CVM_FACT_SYS_DIRECTORY 10 #define CVM_FACT_OFFICE_LOCATION 11 #define CVM_FACT_WORK_PHONE 12 #define CVM_FACT_HOME_PHONE 13 #define CVM_FACT_DOMAIN 14 #define CVM_FACT_MAILBOX 15 #define CVM_FACT_OUTOFSCOPE 16 extern const char* cvm_fact_username; extern unsigned long cvm_fact_userid; extern unsigned long cvm_fact_groupid; extern const char* cvm_fact_realname; extern const char* cvm_fact_directory; extern const char* cvm_fact_shell; extern const char* cvm_fact_groupname; extern const char* cvm_fact_sys_username; extern const char* cvm_fact_sys_directory; extern const char* cvm_fact_domain; extern const char* cvm_fact_mailbox; #endif cvm-0.96/NEWS.sql0000664000076400007640000000151111326155156013102 0ustar bruceguenter------------------------------------------------------------------------------- Changes in version 0.12 - Fixed bug: the MySQL code never freed its results, leading to a rather significant memory leak. - Handle lost connections by reconnecting and retrying the query (once). Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- Changes in version 0.11 - Added a mailbox path column to the required query results. - There is no longer a default query, as it won't likely work for anybody. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- cvm-0.96/conf-bin0000664000076400007640000000007611326155156013230 0ustar bruceguenter/usr/local/bin Programs will be installed in this directory. cvm-0.96/conf-cc0000664000076400007640000000016111326155156013040 0ustar bruceguentergcc -W -Wall -Wshadow -O -g -I/usr/local/include -I/var/vpopmail/include This will be used to compile .c files. cvm-0.96/ChangeLog.vmailmgr0000664000076400007640000002652711326155156015212 0ustar bruceguenter------------------------------------------------------------------------ rev 47: bruce | 2003-05-23 15:12:17 -0600 (Fri, 23 May 2003) | 2 lines Changed paths: M /trunk/tests/build-qmail Adjusted printf invocation in test for RH6 compatibility. ------------------------------------------------------------------------ rev 46: bruce | 2003-05-23 14:58:48 -0600 (Fri, 23 May 2003) | 2 lines Changed paths: M /trunk/NEWS M /trunk/spec A /trunk/tests A /trunk/tests/build-qmail A /trunk/tests/del-qmail A /trunk/tests/lookup-badpass A /trunk/tests/lookup-normal A /trunk/tests/lookup-pass A /trunk/tests/lookup-upper-domain A /trunk/tests/lookup-upper-virt A /trunk/tests/test-normal A /trunk/tests/test-upper-domain A /trunk/tests/test-upper-pass A /trunk/tests/test-upper-virt A /trunk/tests.inc Added several self-tests. ------------------------------------------------------------------------ rev 45: bruce | 2003-05-23 10:29:57 -0600 (Fri, 23 May 2003) | 2 lines Changed paths: M /trunk/NEWS M /trunk/lookup.c Do proper case manipulation in lookups and tests. ------------------------------------------------------------------------ rev 44: bruce | 2003-05-23 09:44:52 -0600 (Fri, 23 May 2003) | 2 lines Changed paths: M /trunk/NEWS M /trunk/cvm-vmailmgr.h M /trunk/lookup.c M /trunk/main.c Elimiated a duplicate chdir in the fast path of lookups. ------------------------------------------------------------------------ rev 43: bruce | 2003-05-23 09:44:20 -0600 (Fri, 23 May 2003) | 2 lines Changed paths: M /trunk/NEWS M /trunk/VERSION Bumped version up to 0.6 ------------------------------------------------------------------------ rev 41: bruce | 2003-05-21 17:42:53 -0600 (Wed, 21 May 2003) | 2 lines Changed paths: M /trunk/README.in Added some helpful usage notes. ------------------------------------------------------------------------ rev 40: bruce | 2003-05-21 16:41:00 -0600 (Wed, 21 May 2003) | 2 lines Changed paths: M /trunk/VERSION Bumped version number to 0.5 ------------------------------------------------------------------------ rev 39: bruce | 2003-05-21 16:40:29 -0600 (Wed, 21 May 2003) | 2 lines Changed paths: M /trunk/spec Added BuildRequires for base cvm libraries. ------------------------------------------------------------------------ rev 38: bruce | 2003-05-21 16:38:22 -0600 (Wed, 21 May 2003) | 3 lines Changed paths: M /trunk/cvm-vmailmgr=x Broke common code away from cvm-vmailmgr, and added cvm-vmlookup lookup-only module. ------------------------------------------------------------------------ rev 37: bruce | 2003-05-21 16:37:57 -0600 (Wed, 21 May 2003) | 2 lines Changed paths: A /trunk/cvm-vmailmgr-local=x A /trunk/cvm-vmailmgr-udp=x Restored the old-style modules, for compatibility with old installations. ------------------------------------------------------------------------ rev 36: bruce | 2003-05-21 16:37:24 -0600 (Wed, 21 May 2003) | 2 lines Changed paths: M /trunk/insthier.c Add cvm-vmlookup to the list of installed programs. ------------------------------------------------------------------------ rev 35: bruce | 2003-05-21 16:36:37 -0600 (Wed, 21 May 2003) | 3 lines Changed paths: M /trunk/NEWS M /trunk/cvm-vmailmgr.c A /trunk/cvm-vmailmgr.h A /trunk/cvm-vmlookup.c A /trunk/cvm-vmlookup=x A /trunk/lookup.c A /trunk/main.c Broke common code away from cvm-vmailmgr, and added cvm-vmlookup lookup-only module. ------------------------------------------------------------------------ rev 34: bruce | 2003-05-20 17:09:53 -0600 (Tue, 20 May 2003) | 2 lines Changed paths: D /trunk/cvm-vmailmgr-local=x D /trunk/cvm-vmailmgr-udp=x M /trunk/cvm-vmailmgr.c M /trunk/cvm-vmailmgr=x Converted to new CVM libraries, merging all three CVM modes into one module. ------------------------------------------------------------------------ rev 32: bruce | 2003-04-15 13:53:57 -0600 (Tue, 15 Apr 2003) | 2 lines Changed paths: M /trunk/spec Remove generated files before rebuilding installer. ------------------------------------------------------------------------ rev 31: bruce | 2003-04-15 13:47:54 -0600 (Tue, 15 Apr 2003) | 2 lines Changed paths: M /trunk/spec Added BuildRequires for bglibs. ------------------------------------------------------------------------ rev 30: bruce | 2003-04-15 13:46:08 -0600 (Tue, 15 Apr 2003) | 2 lines Changed paths: M /trunk/cvm-vmailmgr-local=x M /trunk/cvm-vmailmgr-udp=x M /trunk/cvm-vmailmgr=x Changed to new-style bglibs library links. ------------------------------------------------------------------------ rev 29: bruce | 2003-04-15 13:45:49 -0600 (Tue, 15 Apr 2003) | 2 lines Changed paths: D /trunk/README A /trunk/README.in (from /trunk/README:26) Converted to templated README file. ------------------------------------------------------------------------ rev 28: bruce | 2003-04-15 13:44:13 -0600 (Tue, 15 Apr 2003) | 2 lines Changed paths: D /trunk/README.CVS Removed irrelevant file. ------------------------------------------------------------------------ rev 27: bruce | 2003-04-15 13:43:55 -0600 (Tue, 15 Apr 2003) | 2 lines Changed paths: M /trunk/NEWS M /trunk/cvm-vmailmgr.c Added support for qmail in paths other than /var/qmail by setting $QMAIL_ROOT. ------------------------------------------------------------------------ rev 24: bruce | 2002-12-15 15:09:24 -0600 (Sun, 15 Dec 2002) | 2 lines Changed paths: M /trunk/NEWS M /trunk/README M /trunk/cvm-vmailmgr-local=x M /trunk/cvm-vmailmgr-udp=x M /trunk/cvm-vmailmgr.c M /trunk/cvm-vmailmgr=x M /trunk/insthier.c Converted to external bglibs. ------------------------------------------------------------------------ rev 23: bruce | 2002-11-20 18:37:33 -0600 (Wed, 20 Nov 2002) | 2 lines Changed paths: M /trunk/NEWS Added bug fix notes. ------------------------------------------------------------------------ rev 22: bruce | 2002-11-20 18:36:19 -0600 (Wed, 20 Nov 2002) | 2 lines Changed paths: M /trunk/README M /trunk/VERSION Bumped version to 1.4 ------------------------------------------------------------------------ rev 21: bruce | 2002-10-28 21:44:35 -0600 (Mon, 28 Oct 2002) | 2 lines Changed paths: M /trunk/cvm-vmailmgr.c Pass null_crypt the right variable. ------------------------------------------------------------------------ rev 20: bruce | 2002-10-28 21:43:01 -0600 (Mon, 28 Oct 2002) | 2 lines Changed paths: M /trunk/cvm-vmailmgr.c Deny access if the mailbox is disabled. ------------------------------------------------------------------------ rev 19: bruce | 2002-10-28 21:42:03 -0600 (Mon, 28 Oct 2002) | 2 lines Changed paths: M /trunk/README M /trunk/cvm-vmailmgr.c Adjusted copyright to include 2002. ------------------------------------------------------------------------ rev 18: bruce | 2002-02-08 21:33:45 -0600 (Fri, 08 Feb 2002) | 3 lines Changed paths: M /trunk/NEWS M /trunk/cvm-vmailmgr.c Near total rewrite, including using qmail-users CDB file and caching virtualdomains. ------------------------------------------------------------------------ rev 17: bruce | 2002-02-08 21:32:21 -0600 (Fri, 08 Feb 2002) | 2 lines Changed paths: M /trunk/TODO *** empty log message *** ------------------------------------------------------------------------ rev 16: bruce | 2002-02-08 21:32:11 -0600 (Fri, 08 Feb 2002) | 3 lines Changed paths: M /trunk/README Bumped up version. Updated FQ notice. ------------------------------------------------------------------------ rev 15: bruce | 2002-02-08 21:31:31 -0600 (Fri, 08 Feb 2002) | 2 lines Changed paths: M /trunk/cvm-vmailmgr-local=x M /trunk/cvm-vmailmgr-udp=x M /trunk/cvm-vmailmgr=x Include needed str library. ------------------------------------------------------------------------ rev 14: bruce | 2001-12-30 06:13:39 -0600 (Sun, 30 Dec 2001) | 2 lines Changed paths: M /trunk/VERSION Bumped the version number. ------------------------------------------------------------------------ rev 13: bruce | 2001-12-30 06:13:18 -0600 (Sun, 30 Dec 2001) | 2 lines Changed paths: M /trunk/cvm-vmailmgr.c Removed a hard-coded virtualdomains path. ------------------------------------------------------------------------ rev 12: bruce | 2001-12-30 06:10:39 -0600 (Sun, 30 Dec 2001) | 3 lines Changed paths: M /trunk/cvm-vmailmgr.c Removed local user authentication (in preparation for using qmail-users CDB lookups). ------------------------------------------------------------------------ rev 11: bruce | 2001-12-30 05:55:14 -0600 (Sun, 30 Dec 2001) | 2 lines Changed paths: M /trunk/cvm-vmailmgr.c Preload virtualdomains at startup time. ------------------------------------------------------------------------ rev 10: bruce | 2001-12-30 05:45:48 -0600 (Sun, 30 Dec 2001) | 4 lines Changed paths: M /trunk/cvm-vmailmgr.c Added debugging information. Cache virtualdomains, and check for changes. Handle non-encrypted ($0$) passwords. ------------------------------------------------------------------------ rev 9: bruce | 2001-09-13 00:08:14 -0600 (Thu, 13 Sep 2001) | 2 lines Changed paths: M /trunk/NEWS A /trunk/README.CVS *** empty log message *** ------------------------------------------------------------------------ rev 8: bruce | 2001-09-13 00:07:09 -0600 (Thu, 13 Sep 2001) | 2 lines Changed paths: M /trunk/cvm-vmailmgr-local=x M /trunk/cvm-vmailmgr-udp=x M /trunk/cvm-vmailmgr=x Add the required path library. ------------------------------------------------------------------------ rev 7: bruce | 2001-09-13 00:06:56 -0600 (Thu, 13 Sep 2001) | 3 lines Changed paths: M /trunk/cvm-vmailmgr.c Do a proper path merge to produce the mailbox directory, and use it as the home directory fact as well. ------------------------------------------------------------------------ rev 6: bruce | 2001-09-12 23:41:06 -0600 (Wed, 12 Sep 2001) | 2 lines Changed paths: M /trunk/README M /trunk/VERSION *** empty log message *** ------------------------------------------------------------------------ rev 5: bruce | 2001-09-12 23:40:59 -0600 (Wed, 12 Sep 2001) | 2 lines Changed paths: M /trunk/NEWS M /trunk/cvm-vmailmgr.c Output fact suitable for use with pop3front-auth. ------------------------------------------------------------------------ rev 4: bruce | 2001-08-24 20:03:49 -0600 (Fri, 24 Aug 2001) | 2 lines Changed paths: M /trunk/README *** empty log message *** ------------------------------------------------------------------------ rev 3: bruce | 2001-08-23 23:07:24 -0600 (Thu, 23 Aug 2001) | 2 lines Changed paths: M /trunk/README A /trunk/makedist.py A /trunk/spec *** empty log message *** ------------------------------------------------------------------------ rev 2: bruce | 2001-08-23 22:58:17 -0600 (Thu, 23 Aug 2001) | 2 lines Changed paths: M /trunk/cvm-vmailmgr.c Modified for new CVM domain handling. ------------------------------------------------------------------------ rev 1: bruce | 2001-08-10 22:29:01 -0600 (Fri, 10 Aug 2001) | 2 lines Changed paths: A /trunk A /trunk/NEWS A /trunk/README A /trunk/TODO A /trunk/VERSION A /trunk/cvm-vmailmgr-local.c A /trunk/cvm-vmailmgr-local=x A /trunk/cvm-vmailmgr-udp.c A /trunk/cvm-vmailmgr-udp=x A /trunk/cvm-vmailmgr.c A /trunk/cvm-vmailmgr=x A /trunk/insthier.c First checkin ------------------------------------------------------------------------ cvm-0.96/cvm-pgsql-udp.c0000664000076400007640000000000011326155156014440 0ustar bruceguentercvm-0.96/qmail.h0000664000076400007640000000161411326155156013065 0ustar bruceguenter#ifndef CVM__QMAIL__H__ #define CVM__QMAIL__H__ #include struct qmail_user { str user; unsigned long uid; unsigned long gid; str homedir; char dash; str ext; }; extern const char* qmail_root; extern const char* qmail_me; extern const char* qmail_envnoathost; int qmail_init(void); int qmail_users_init(void); int qmail_users_reinit(void); int qmail_users_lookup(struct qmail_user* user, const char* name, char dash); int qmail_users_lookup_split(struct qmail_user* u, const char* name, str* local, str* ext); int qmail_domains_init(void); int qmail_domains_reinit(void); int qmail_domains_lookup(const str* d, str* domain, str* prefix); int qmail_dotfile_exists(const struct qmail_user* user, const char* ext, str* path); int qmail_lookup_init(void); int qmail_lookup_cvm(struct qmail_user* user, str* domain, str* username, str* ext); #endif cvm-0.96/cvm-pgsql-local.c0000664000076400007640000000000011326155156014742 0ustar bruceguentercvm-0.96/cvm-pgsql.c0000664000076400007640000000423311326155156013666 0ustar bruceguenter/* cvm/cvm-pgsql.c - PgSQL CVM * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include "module.h" #include "sql.h" const char program[] = "cvm-pgsql"; const char sql_query_var[] = "CVM_PGSQL_QUERY"; const char sql_pwcmp_var[] = "CVM_PGSQL_PWCMP"; const char sql_postq_var[] = "CVM_PGSQL_POSTQ"; static PGconn* pg; int sql_auth_init(void) { if ((pg = PQconnectdb("")) == 0) return CVME_IO; if (PQstatus(pg) == CONNECTION_BAD) return CVME_IO; return 0; } static PGresult* result; const char* sql_get_field(int field) { return PQgetisnull(result, 0, field) ? 0 : PQgetvalue(result, 0, field); } static int pgsql_query(const str* query) { if (result) PQclear(result); if ((result = PQexec(pg, query->s)) != 0) return 1; if (PQstatus(pg) != CONNECTION_BAD) return 0; PQreset(pg); if ((result = PQexec(pg, query->s)) != 0) return 1; return 0; } int sql_post_query(const str* query) { if (!pgsql_query(query)) return CVME_IO | CVME_FATAL; switch (PQresultStatus(result)) { case PGRES_TUPLES_OK: case PGRES_COMMAND_OK: return 0; default: return CVME_IO; } } int sql_auth_query(const str* query) { if (!pgsql_query(query)) return -(CVME_IO | CVME_FATAL); switch (PQresultStatus(result)) { case PGRES_TUPLES_OK: return PQntuples(result); case PGRES_COMMAND_OK: return -CVME_PERMFAIL; default: return -CVME_IO; } } void sql_auth_stop(void) { PQfinish(pg); } cvm-0.96/v1client.html0000664000076400007640000001103511326155156014222 0ustar bruceguenter

CVM

CVM Version 1 Client Library

The CVM version 1 client library defines the following functions:

int cvm_client_authenticate(const char* module, const char* account, const char* domain, const char** credentials, int parse_account)

This is the main entry point to the library. Simply set up the credentials as an array with a trailing NULL pointer and call authenticate. If the domain parameter is a NULL pointer, it will be treated as an empty string; no other parameter may be NULL. The function will return 0 if authentication succeeded and an error code otherwise.

If parse_account is true then account is searched for the last instance of any character from cvm_client_account_split_chars. If found, domain is replaced with the portion of account following that character, and account is truncated before that character. cvm_client_account_split_chars defaults to "@", which may be overridden by either setting it to a different string from the client program or by setting the $CVM_ACCOUNT_SPLIT_CHARS environment variable. Setting it to an empty string will effectively prevent parsing of the account name, no matter what parse_account may be set to.

If authentication succeeds, this routine automatically retrieves cvm_fact_username, cvm_fact_userid, cvm_fact_groupid, cvm_fact_directory, and cvm_fact_shell. cvm_fact_realname, cvm_fact_groupname, cvm_fact_sys_username, cvm_fact_sys_directory, and cvm_fact_domain are also set if they were present in the results.

The client should change directory to the named home directory and drop root priviledges as soon as possible after successful authentication. Where reasonable, the client should also chroot to the directory for added protection.

int cvm_client_fact_str(unsigned number, const char** data)

Retrieves a fact from the data returned by the module as a NUL-terminated string. Returns zero if the fact was present, and CVME_NOFACT otherwise. Successive calls to this function with the same number return subsequent facts if more than one instance of the fact was present.

int cvm_client_fact_uint(unsigned number, unsigned long* data)

Retrieves a fact from the data returned by the module as an unsigned integer. Returns zero if the fact was present and was an unsigned integer. Returns CVME_BAD_MODDATA if the fact was present but was not an unsigned integer. Successive calls to this function with the same number return subsequent facts if more than one instance of the fact was present.

const char* cvm_client_ucspi_domain(void)

Retrieves the UCSPI local domain from the environment variable named ${PROTO}LOCALHOST. Use this as the domain paramenter to cvm_authenticate in all UCSPI servers that have no other means of determining the domain name.

int cvm_client_setenv(void)

Exports the following environment variables based on their associated CVM fact. If the fact was optional and was not present in the results from the module, the environment variable will not be set or unset.

Variable CVM Fact
USER CVM_FACT_USERNAME
UID CVM_FACT_USERID
GID CVM_FACT_GROUPID
NAME CVM_FACT_REALNAME
HOME CVM_FACT_DIRECTORY
SHELL CVM_FACT_SHELL
GROUP CVM_FACT_GROUPNAME
DOMAIN CVM_FACT_DOMAIN
MAIL CVM_FACT_MAILBOX
MAILBOX CVM_FACT_MAILBOX
MAILDIR CVM_FACT_MAILBOX
int cvm_client_setugid(void)

Calls chdir, setgid and setuid with appropriate values based on the data returned from the authentication. Returns zero if any of the calls failed.

cvm-0.96/cvm-pwfile.c0000664000076400007640000000602211326155156014024 0ustar bruceguenter/* cvm/cvm-pwfile.c - Alternate passwd file CVM module * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include #include "module.h" const char program[] = "cvm-pwfile"; static const char* pwfilename; int cvm_module_init(void) { if ((pwfilename = getenv("CVM_PWFILE_PATH")) == 0) return CVME_CONFIG; if (!pwcmp_start(getenv("CVM_PWFILE_PWCMP"))) return CVME_GENERAL; return 0; } static int parse_rest(char* rest) { /* Format: "UID:GID:NAME,other:DIR:SHELL" */ char* tmp; cvm_fact_userid = strtoul(rest, &tmp, 10); if (*tmp != ':') return 0; rest = tmp + 1; cvm_fact_groupid = strtoul(rest, &tmp, 10); if (*tmp != ':') return 0; rest = tmp + 1; cvm_fact_realname = rest; if ((tmp = strchr(rest, ',')) != 0) { *tmp++ = 0; rest = tmp; } if ((tmp = strchr(rest, ':')) == 0) return 0; *tmp++ = 0; cvm_fact_directory = rest = tmp; if ((tmp = strchr(rest, ':')) == 0) return 0; *tmp++ = 0; cvm_fact_shell = rest = tmp; cvm_fact_groupname = 0; return 1; } static char* passwd; static char* rest; static str line; int cvm_module_lookup(void) { ibuf pwfile; long namelen; if (cvm_module_credentials[CVM_CRED_ACCOUNT].s == 0) return CVME_NOCRED; passwd = 0; namelen = cvm_module_credentials[CVM_CRED_ACCOUNT].len; if (!ibuf_open(&pwfile, pwfilename, 0)) return CVME_IO; while (ibuf_getstr(&pwfile, &line, LF)) { line.s[--line.len] = 0; if (strncasecmp(cvm_module_credentials[CVM_CRED_ACCOUNT].s, line.s, namelen) == 0 && line.s[namelen] == ':') { passwd = line.s + namelen; *passwd++ = 0; break; } } ibuf_close(&pwfile); if (passwd == 0) return CVME_PERMFAIL; if ((rest = strchr(passwd, ':')) == 0 || rest == passwd) return CVME_PERMFAIL; *rest++ = 0; return 0; } int cvm_module_authenticate(void) { CVM_CRED_REQUIRED(PASSWORD); switch (pwcmp_check(cvm_module_credentials[CVM_CRED_PASSWORD].s, passwd)) { case 0: return 0; case -1: return CVME_IO | CVME_FATAL; default: return CVME_PERMFAIL; } } int cvm_module_results(void) { cvm_fact_username = line.s; if (!parse_rest(rest)) return CVME_CONFIG; return 0; } void cvm_module_stop(void) { pwcmp_stop(); } cvm-0.96/sql-query-test.c0000664000076400007640000000140711326155156014674 0ustar bruceguenter#include #include #include #include "credentials.h" #include "sql.h" const char program[] = "sql-query-test"; const int msg_show_pid = 0; str cvm_module_credentials[CVM_CRED_MAX+1]; int main(int argc, char* argv[]) { static str s; memset(cvm_module_credentials, 0, sizeof cvm_module_credentials); if (argc != 4) die3(1, "usage: ", program, " query account domain"); if (!sql_query_validate(argv[1])) die1(2, "Validation of query failed"); str_copys(&cvm_module_credentials[CVM_CRED_ACCOUNT], argv[2]); str_copys(&cvm_module_credentials[CVM_CRED_DOMAIN], argv[3]); if (!sql_query_build(argv[1], &s)) die1(3, "Query building failed"); obuf_putstr(&outbuf, &s); obuf_putsflush(&outbuf, "\n"); return 0; } cvm-0.96/README.vchkpw0000664000076400007640000000211611326155156013770 0ustar bruceguenter cvm-vchkpw for authentication using vpopmail from http://www.inter7.com/vpopmail.html vpopmail is a virtual domain manager for qmail. Using this cvm you can authenticate against the user-data managed by vpopmail. CHANGES TO conf-cc AND conf-ld cvm-vchkpw is linked against libvpopmail.a which is installed in $vpopmailhome/lib/. Thus you need to add "-I$vpopmailhome/include" to conf-cc and "-L$vpopmailhome/lib" to conf-ld. If your vpopmail installation has mysql-support, you also have to add "-L/usr/local/lib/mysql -R/usr/local/lib/mysql" to conf-ld. COMPILATION AND INSTALLATION cvm-vchkpw has to be compiled as root because libvpopmail.a is only readable by root as it contains the login-data for the user-database. cvm-vchkpw should also be installed with restricted permissions: -rwxr-x--- 1 root vchkpw 117455 Dec 14 13:30 cvm-vchkpw where vchkpw is the group of the vpopmail-user. USAGE EXAMPLE runfile for daemontools: exec softlimit -m 2000000 setuidgid vpopmail \ /usr/local/bin/cvm-vchkpw \ cvm-local:/service/cvm-vchkpw/socket cvm-0.96/module_output.c0000664000076400007640000000555411326155156014671 0ustar bruceguenter/* cvm/module_output.c - Response formatting * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include "module.h" #include "protocol.h" unsigned char cvm_module_outbuffer[BUFSIZE]; unsigned cvm_module_outbuflen; static unsigned char* outbufptr; static int v1fact(unsigned number, const char* data, unsigned len) { /* Always leave room for a trailing NUL. */ if (cvm_module_outbuflen + len + 3 > BUFSIZE) { cvm_module_outbuflen = BUFSIZE; return 0; } cvm_module_outbuflen += len + 2; *outbufptr++ = number; memcpy(outbufptr, data, len); outbufptr += len; *outbufptr++ = 0; return 1; } static int v2fact(unsigned number, const char* data, unsigned len) { /* Always leave room for a trailing zero type byte. */ if (cvm_module_outbuflen + len + 3 > BUFSIZE) { cvm_module_outbuflen = BUFSIZE; return 0; } cvm_module_outbuflen += len + 2; *outbufptr++ = number; *outbufptr++ = len; memcpy(outbufptr, data, len); outbufptr += len; return 1; } static int (*fact)(unsigned,const char*,unsigned); static void cvm1_fact_start(void) { fact = v1fact; cvm_module_outbuflen = 1; outbufptr = cvm_module_outbuffer + 1; } static void cvm2_fact_start(void) { fact = v2fact; cvm_module_outbuflen = 0; outbufptr = cvm_module_outbuffer; v2fact(0, (char*)cvm_module_inbuffer+2, cvm_module_inbuffer[1]); } void cvm_module_fact_start(void) { if (cvm_module_inbuffer[0] == CVM2_PROTOCOL) cvm2_fact_start(); else cvm1_fact_start(); } int cvm_module_fact_str(unsigned number, const char* data) { if (!data) return 0; return fact(number, data, strlen(data)); } void cvm_module_fact_end(unsigned code) { if (cvm_module_outbuflen >= BUFSIZE) code = CVME_BAD_MODDATA; cvm_module_outbuffer[0] = code; *outbufptr++ = 0; ++cvm_module_outbuflen; } int cvm_module_fact_uint(unsigned number, unsigned long data) { char buf[64]; char* ptr; if (!data) return fact(number, "0", 1); ptr = buf + 63; *ptr-- = 0; while (data) { *ptr-- = (data % 10) + '0'; data /= 10; } ++ptr; return fact(number, ptr, buf+63-ptr); } cvm-0.96/conf-ld0000664000076400007640000000012711326155156013054 0ustar bruceguentergcc -g -L/usr/local/lib This will be used to link .o and .a files into an executable. cvm-0.96/module_local_main.c0000664000076400007640000000230311326155156015414 0ustar bruceguenter/* cvm/module_local_main.c - Local CVM server module main routine * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include "module.h" const int msg_show_pid = 0; void usage(void) { die3(1, "usage: ", program, "-local /PATH/TO/SOCKET"); } extern int local_main(const char*); int main(int argc, char** argv) { if (argc != 2) usage(); cvm_module_init_request(); return local_main(argv[1]); } cvm-0.96/sasl_login.c0000664000076400007640000000167011326155156014111 0ustar bruceguenter#include "sasl.h" #include "sasl_internal.h" static const char cusername[] = "Username:"; static const char cpassword[] = "Password:"; static int response2(struct sasl_state* ss, const str* response, str* challenge) { if (response->len == 0) return SASL_RESP_BAD; return sasl_authenticate_plain(ss, ss->username.s, response->s); (void)challenge; } static int response1(struct sasl_state* ss, const str* response, str* challenge) { if (response->len == 0) return SASL_RESP_BAD; if (!str_copy(&ss->username, response) || !str_copys(challenge, cpassword)) return SASL_TEMP_FAIL; ss->response = response2; return SASL_CHALLENGE; } int sasl_login_start(struct sasl_state* ss, const str* response, str* challenge) { if (response) return response1(ss, response, challenge); if (!str_copys(challenge, cusername)) return SASL_TEMP_FAIL; ss->response = response1; return SASL_CHALLENGE; } cvm-0.96/cvm-vmailmgr.h0000664000076400007640000000077511326155156014372 0ustar bruceguenter#ifndef CVM_VMAILMGR__H__ #define CVM_VMAILMGR__H__ extern str default_user; /* Results from looking up the user */ extern struct qmail_user vmuser; extern str domain; extern str virtuser; extern str vpwdata; extern const char* pwfile; #define DEBUG(A,B,C) debug(__FUNCTION__, __LINE__, A, B, C) extern void debug(const char* func, int line, const char* a, const char* b, const char* c); extern int lookup_init(void); extern int lookup_virtuser(void); extern int vmailmgr_autoconvert(void); #endif cvm-0.96/cvm-vmailmgr-local.c0000664000076400007640000000000011326155156015432 0ustar bruceguentercvm-0.96/protocol-2.html0000664000076400007640000000610711326155156014501 0ustar bruceguenter

CVM

CVM Version 1 Protocol

CVM Version 2 Protocol

The version 2 protocol was built based on lessons learned while working with the version 1 protocol. In particular, it is impossible to pass binary data with the version 1 protocol without escaping to avoid NUL bytes. It is also difficult to differentiate between different types of credentials (ie secret vs. password vs. challenge/response) since there is no indication given in the request packet what types of credentials are being sent. Spoofing attacks are possible against version 1 UDP clients, since an attacker may forge valid responses with relative ease. This second version protocol retains the efficiency of the original protocol while correcting these deficiencies.

General Packet Format

Input to and output from the module follows a similar packet format: a packet identifier byte, a length byte L, L bytes of random data (used to help prevent spoofing of UDP responses), followed by a series of tagged strings and completed with a single NUL (zero) byte. The total size of either the input or the output must not exceed 512 bytes. The random data in the response is copied exactly from the request.

A tagged string consists of a tag byte T, a length byte L, and L bytes of data. The tag byte identifies what credential (in the input request) or what fact (in the output response) is represented by the data. Note that the initial random data in the packet may be viewed as a tagged string that just differs in the tag value convention.

Input

The packet identifier in the input (request) packet is the protocol version number (2). Example (all numbers are hexadecimal):

0000000: 0208 0102 0304 0506 0708 0108 7573 6572  ............user
0000010: 6e61 6d65 0209 6c6f 6361 6c68 6f73 7403  name..localhost.
0000020: 0870 6173 7377 6f72 6400                 .password.

Output

The packet identifier in the output (response) packet is the error code value, with zero representing successful validation.

Implementation Considerations

The module must report a temporary error if it detects malformed input (incorrect credentials, etc.). Extra data following the final NUL byte in the credentials is a fault in the invoking code, and must be rejected by the module. Similarly, extra data following the final NUL byte in the facts is a fault in the module code.

All data following an unsuccessful result status code must be ignored by the invoking code. Modules should not produce any facts when validation fails.

An executable module must exit 0 if authentication succeeds. Non-zero exit codes from an executable module should be treated as a temporary error.

The invoker of an executable module must assume a temporary error if the module either fails to completely read its input or produces incomplete output, even if the module exits without error.

cvm-0.96/sasl-auth-test.c0000664000076400007640000000132711326155156014634 0ustar bruceguenter#include #include #include #include "sasl.h" const char program[] = "sasl-auth-test"; const int msg_show_pid = 0; struct sasl_auth sa = { .prefix = "+ ", .in = &inbuf, .out = &outbuf, }; int main(int argc, char* argv[]) { static str s; int i; int j; const char* msg; if (argc != 2) die3(1, "usage: ", program, " string"); if (!sasl_auth_init(&sa)) die1(1, "sasl_auth_init failed"); if (!sasl_auth_caps(&s)) die1(1, "sasl_auth_cap failed"); msg1(s.s); str_copys(&s, argv[1]); if ((i = sasl_auth1(&sa, &s)) != 0) { j = i; msg = sasl_auth_msg(&j); dief(1, "{sasl_auth1 failed: }d{\n }d{ }s", i, j, msg); } return 0; (void)argc; } cvm-0.96/conf-bgincs0000664000076400007640000000003211326155156013715 0ustar bruceguenter/usr/local/bglibs/include cvm-0.96/qmail-domains.c0000664000076400007640000000712411326155156014512 0ustar bruceguenter/* qmail-domains.c - qmail locals/virtualdomains lookup routines * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include "qmail.h" static dict vdomains; static struct stat vdomains_stat; static str vdomains_path; static dict locals; static struct stat locals_stat; static str locals_path; static int assume_local = 0; static int map_lower(str* s) { str_lower(s); return 1; } static int stat_changed(const char* path, const struct stat* orig, struct stat* curr) { if (stat(path, curr) != 0) return -1; if (orig->st_mtime != curr->st_mtime || orig->st_ino != curr->st_ino || orig->st_size != curr->st_size) return 1; return 0; } static int load_dict(const char* path, struct stat* oldstat, dict* dictp, void (*free_fn)(void*), int (*load_fn)(void)) { struct stat s; switch (stat_changed(path, oldstat, &s)) { case -1: if (errno != ENOENT) return 0; oldstat->st_mtime = 0; oldstat->st_ino = 0; oldstat->st_size = 0; dict_free(dictp, free_fn); return 1; case 0: return 1; } // FIXME: obuf_putsflush(&errbuf, "Reloading *path*\n"); *oldstat = s; dict_free(dictp, free_fn); return load_fn(); } static int _load_vdomains(void) { return dict_load_map(&vdomains, vdomains_path.s, 0, ':', map_lower, 0); } static int load_vdomains(void) { return load_dict(vdomains_path.s, &vdomains_stat, &vdomains, dict_str_free, _load_vdomains); } static int _load_locals(void) { return dict_load_list(&locals, locals_path.s, 0, map_lower); } static int load_locals(void) { return load_dict(locals_path.s, &locals_stat, &locals, 0, _load_locals); } int qmail_domains_reinit(void) { if (!load_locals() || !load_vdomains()) return -1; return 0; } int qmail_domains_init(void) { assume_local = getenv("CVM_QMAIL_ASSUME_LOCAL") != 0; if (!str_copy2s(&vdomains_path, qmail_root, "/control/virtualdomains") || !str_copy2s(&locals_path, qmail_root, "/control/locals")) return -1; if (!load_locals() || !load_vdomains()) return -1; return 0; } int qmail_domains_lookup(const str* d, str* domain, str* prefix) { dict_entry* e; if (!str_copy(domain, d)) return -1; str_lower(domain); if ((e = dict_get(&locals, domain)) != 0) return str_copys(prefix, "") ? 1 : -1; if ((e = dict_get(&vdomains, domain)) == 0) { unsigned i; while ((i = str_findnext(domain, '.', 1)) != (unsigned)-1) { str_lcut(domain, i); if ((e = dict_get(&vdomains, domain)) != 0) break; } } if (e == 0) { if (assume_local) { if (!str_copys(prefix, "")) return -1; if (!str_copy(domain, d)) return -1; str_lower(domain); return 1; } return 0; } if (!str_copy(prefix, (str*)e->data)) return -1; return 1; } cvm-0.96/cvm-qmail.c0000664000076400007640000001026411326155156013644 0ustar bruceguenter/* cvm-qmail.c - qmail lookup-only CVM * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include #include "module.h" #include "qmail.h" const char program[] = "cvm-qmail"; static struct qmail_user user; static str domain; static str username; static str ext; static str programs; static int check_perms = 0; static uid_t saved_uid; static gid_t saved_gid; int cvm_module_init(void) { const char* tmp; if (qmail_lookup_init() == -1) return CVME_IO; if ((tmp = getenv("CVM_QMAIL_LOOKASIDE")) != 0) { if (!str_copys(&programs, tmp)) return CVME_IO | CVME_FATAL; str_subst(&programs, ' ', 0); } if ((tmp = getenv("CVM_QMAIL_CHECK_PERMS")) != 0 && tmp[0] != 0) { check_perms = (tmp[0] == '-') ? CVME_PERMFAIL : CVME_IO; saved_uid = getuid(); saved_gid = getgid(); } return 0; } static int lookup_programs(const str* path) { static str dotqmail; striter line; striter progname; const char* start; const char* end; unsigned long left; if (!ibuf_openreadclose(path->s, &dotqmail)) return -1; striter_loop(&line, &dotqmail, '\n') { /* skip over spaces preceding '|' */ for (start = line.startptr, left = line.len; left > 0 && isspace(*start); --left, ++start) ; if (left > 0 && *start == '|') { /* skip spaces preceding the program name */ for (++start, --left; left > 0 && isspace(*start); --left, ++start) ; /* the program name ends at the first space */ for (end = start; left > 0 && !isspace(*end); --left, ++end) ; if (end > start) { striter_loop(&progname, &programs, 0) { if ((unsigned long)(end - start) == progname.len && memcmp(progname.startptr, start, progname.len) == 0) return 1; } } } } return 0; } /* Account name is either "baseuser-virtuser" or "virtuser@domain" */ int cvm_module_lookup(void) { static str path; int r; switch (qmail_lookup_cvm(&user, &domain, &username, &ext)) { case -1: return CVME_IO; case 0: break; case 1: cvm_module_fact_uint(CVM_FACT_OUTOFSCOPE, 1); return CVME_PERMFAIL; default: cvm_module_fact_uint(CVM_FACT_OUTOFSCOPE, 0); return CVME_PERMFAIL; } if (check_perms) { setegid(user.gid); seteuid(user.uid); } r = qmail_dotfile_exists(&user, ext.s, &path); if (check_perms) { seteuid(saved_uid); setegid(saved_gid); } switch (r) { case -1: if (errno == EACCES && check_perms == CVME_PERMFAIL) { cvm_module_fact_uint(CVM_FACT_OUTOFSCOPE, 0); return CVME_PERMFAIL; } return CVME_IO; case 0: cvm_module_fact_uint(CVM_FACT_OUTOFSCOPE, 0); return CVME_PERMFAIL; } if (programs.len > 0) { switch (lookup_programs(&path)) { case -1: return CVME_IO; case 0: break; default: cvm_module_fact_uint(CVM_FACT_OUTOFSCOPE, 1); return CVME_PERMFAIL; } } return 0; } int cvm_module_authenticate(void) { return CVME_CONFIG; } int cvm_module_results(void) { cvm_fact_username = user.user.s; cvm_fact_userid = user.uid; cvm_fact_groupid = user.gid; cvm_fact_realname = 0; cvm_fact_directory = user.homedir.s; cvm_fact_shell = 0; cvm_fact_sys_username = user.user.s; cvm_fact_sys_directory = user.homedir.s; cvm_fact_domain = domain.s; cvm_fact_mailbox = user.homedir.s; return 0; } void cvm_module_stop(void) { } cvm-0.96/client_xfer_compat.c0000664000076400007640000000406511326155156015625 0ustar bruceguenter/* cvm/client_xfer_compat.c - CVM client command transmission wrappers * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include #include "v1client.h" static unsigned wrapper(const char* module, unsigned char buffer[CVM_BUFSIZE], unsigned* buflen, unsigned (*fn)(const char* module, const struct cvm_packet* request, struct cvm_packet* response)) { struct cvm_packet request; struct cvm_packet response; unsigned result; memcpy(request.data, buffer, sizeof buffer); request.length = *buflen; result = fn(module, &request, &response); memcpy(buffer, response.data, sizeof buffer); *buflen = response.length; return result; } unsigned cvm_xfer_command(const char* module, unsigned char buffer[CVM_BUFSIZE], unsigned* buflen) { return wrapper(module, buffer, buflen, cvm_xfer_command_packets); } unsigned cvm_xfer_local(const char* module, unsigned char buffer[CVM_BUFSIZE], unsigned* buflen) { return wrapper(module, buffer, buflen, cvm_xfer_local_packets); } unsigned cvm_xfer_udp(const char* module, unsigned char buffer[CVM_BUFSIZE], unsigned* buflen) { return wrapper(module, buffer, buflen, cvm_xfer_udp_packets); } cvm-0.96/v2client_wrappers.c0000664000076400007640000000437411326155156015434 0ustar bruceguenter/* cvm/v2client_wrappers.c - CVM version 2 client library wrapper functions * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include "v2client.h" #include "credentials.h" static unsigned add(struct cvm_credential* creds, unsigned i, unsigned type, const char* value) { if (value == 0) return i; if (value[0] == 0) return i; creds[i].type = type; if (!str_copys(&creds[i].value, value)) return 0; return i + 1; } static int doit(struct cvm_credential creds[], const char* module, const char* account, const char* domain, const char* password, int split_account) { unsigned i; creds[0].type = CVM_CRED_ACCOUNT; if (!str_copys(&creds[0].value, account)) return CVME_IO; if ((i = add(creds, 1, CVM_CRED_DOMAIN, domain)) == 0) return CVME_IO; if (split_account) { cvm_client_split_account(&creds[0].value, &creds[1].value); if (i == 1) if ((i = add(creds, i, CVM_CRED_DOMAIN, creds[i].value.s)) == 0) return CVME_IO; } if ((i = add(creds, i, CVM_CRED_PASSWORD, password)) == 0) return CVME_IO; return cvm_client_authenticate(module, i, creds); } int cvm_client_authenticate_password(const char* module, const char* account, const char* domain, const char* password, int split_account) { struct cvm_credential creds[3]; unsigned i; int result; memset(creds, 0, sizeof creds); result = doit(creds, module, account, domain, password, split_account); for (i = 0; i < 3; ++i) str_free(&creds[i].value); return result; } cvm-0.96/qmail-users.c0000664000076400007640000001167511326155156014227 0ustar bruceguenter/* qmail-users.c - qmail users/cdb lookup routines * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include #include #include #include #include "qmail.h" static str users_path; static int users_fd = -1; static struct cdb users_cdb; static struct stat users_stat; int qmail_users_reinit(void) { struct stat s; /* If we can see the users CDB file... */ if (stat(users_path.s, &s) != -1) { /* If it was either not open or has changed since the last open... */ if (users_fd == -1 || s.st_ino != users_stat.st_ino || s.st_mtime != users_stat.st_mtime || s.st_size != users_stat.st_size) { /* If it was previously open, close it */ if (users_fd != -1) { close(users_fd); cdb_free(&users_cdb); } /* And re-open it */ if ((users_fd = open(users_path.s, O_RDONLY)) != -1) { fstat(users_fd, &users_stat); cdb_init(&users_cdb, users_fd); } } } else if (users_fd != -1) { close(users_fd); cdb_free(&users_cdb); users_fd = -1; } return 0; } int qmail_users_init(void) { if (!str_copy2s(&users_path, qmail_root, "/users/cdb")) return -1; return qmail_users_reinit(); } static int lookup_userscdb(struct qmail_user* u, str* name, char dash) { char* ptr; const char* end; const char* user; const char* home; int i; if (!str_spliceb(name, 0, 0, "!", 1) || (name->len > 1 && !str_catc(name, dash))) { errno = ENOMEM; return -1; } if ((i = cdb_get(&users_cdb, name, name)) <= 0) return i; /* name now contains: * user NUL uid NUL gid NUL home NUL dash NUL ext */ errno = EDOM; ptr = name->s; end = name->s + name->len; user = ptr; if ((ptr += strlen(ptr) + 1) >= end) return -1; u->uid = strtoul(ptr, &ptr, 10); if (*ptr++ != 0 || ptr >= end) return -1; u->gid = strtoul(ptr, &ptr, 10); if (*ptr++ != 0 || ptr >= end) return -1; home = ptr; if ((ptr += strlen(ptr) + 1) >= end) return -1; if ((u->dash = *ptr) != 0) ++ptr; if (*ptr++ != 0 || ptr > end) return -1; if (!str_copys(&u->user, user) || !str_copys(&u->homedir, home) || !str_copyb(&u->ext, ptr, end-ptr)) { errno = ENOMEM; return -1; } return 1; } static int lookup_passwd(struct qmail_user* u, const str* namestr, char dash) { const struct passwd* pw; const char* name; if (*(name = namestr->s) == 0) name = "alias"; if ((pw = getpwnam(name)) == 0) return (errno == ETXTBSY) ? -1 : 0; if (!str_copys(&u->user, pw->pw_name) || !str_copys(&u->homedir, pw->pw_dir) || !str_copys(&u->ext, "")) { errno = ENOMEM; return -1; } u->uid = pw->pw_uid; u->gid = pw->pw_gid; u->dash = dash; return 1; } int qmail_users_lookup(struct qmail_user* u, const char* name, char dash) { static str lname; if (!str_copys(&lname, name)){ errno = ENOMEM; return -1; } str_lower(&lname); if (users_fd != -1) { switch (lookup_userscdb(u, &lname, dash)) { case -1: return -1; case 0: break; default: return 1; } if (!str_copys(&lname, name)){ errno = ENOMEM; return -1; } } return lookup_passwd(u, &lname, dash); } int qmail_users_lookup_split(struct qmail_user* u, const char* name, str* local, str* ext) { static str account; int i; /* Check if the name is a base UNIX user. */ if (!str_copys(local, name)) return -1; if (!str_copys(ext, "")) return -1; switch (qmail_users_lookup(u, name, 0)) { case -1: return -1; case 0: break; default: return 1; } /* Now, look for increasingly shorter base-ext pairs */ if (!str_copy(&account, local)) return -1; i = account.len; while (i > 0 && (i = str_findprev(&account, '-', i-1)) != -1) { if (!str_copyb(local, account.s, i)) return -1; if (!str_copyb(ext, account.s+i+1, account.len-i-1)) return -1; switch (qmail_users_lookup(u, local->s, '-')) { case -1: return -1; case 0: continue; default: return 1; } } switch (qmail_users_lookup(u, "", '-')) { case -1: return -1; case 0: return 0; } str_copyb(local, "", 0); if (!str_copy(ext, &account)) return -1; return 1; } cvm-0.96/sasl.h0000664000076400007640000000322011326155156012717 0ustar bruceguenter#ifndef CVM__SASL__H__ #define CVM__SASL__H__ #include struct sasl_state; typedef int (*saslfn)(struct sasl_state*, const str* response, str* challenge); struct sasl_mechanism { const char* name; const char* var; const char* cvm; saslfn start; struct sasl_mechanism* next; }; struct sasl_state { saslfn response; str init; str username; const char* domain; const struct sasl_mechanism* mech; }; extern const struct sasl_mechanism* sasl_mechanisms; extern int sasl_init(struct sasl_state*); extern int sasl_start(struct sasl_state*, const char* mechanism, const str* initresponse, str* challenge); #define SASL_AUTH_OK 0 /* Authentication is complete */ #define SASL_AUTH_FAILED 1 /* Authentication failed (permanently) */ #define SASL_NO_MECH 2 /* Invalid or unknown mechanism name */ #define SASL_TEMP_FAIL 3 /* Temporary or internal failure */ #define SASL_CHALLENGE 4 /* Send challenge to client, wait for response */ #define SASL_RESP_REQUIRED 5 /* A response was required but not given */ #define SASL_RESP_NOTALLOWED 6 /* A (initial) response was given but not allowed */ #define SASL_RESP_BAD 7 /* The response was invalid */ #define SASL_RESP_EOF 8 /* EOF while waiting for response */ struct ibuf; struct obuf; struct sasl_auth { struct sasl_state state; const char* prefix; const char* suffix; struct ibuf* in; struct obuf* out; }; int sasl_auth_caps(str* caps); int sasl_auth_init(struct sasl_auth* sa); int sasl_auth2(struct sasl_auth* sa, const char* mechanism, const char* iresponse); int sasl_auth1(struct sasl_auth* sa, const str* arg); const char* sasl_auth_msg(int* code); #endif cvm-0.96/module_request.c0000664000076400007640000001171511326155156015015 0ustar bruceguenter/* cvm/module_request.c - Request parsing code * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include "module.h" #include "protocol.h" const char* cvm_account_name; const char* cvm_account_domain; unsigned char cvm_module_inbuffer[BUFSIZE+1]; unsigned cvm_module_inbuflen; const char* cvm_module_lookup_secret = 0; str cvm_module_credentials[CVM_CRED_MAX+1]; void cvm_module_init_request(void) { /* Determine if the module is to operate in lookup mode, and if not set the local credential values appropriately. */ cvm_module_lookup_secret = getenv("CVM_LOOKUP_SECRET"); memset(cvm_module_credentials, 0, sizeof cvm_module_credentials); } static int v1copy_advance(const char** ptr, char** buf, unsigned* len) { char* tmp; if ((tmp = memchr(*buf, 0, *len)) == 0) return 0; ++tmp; if (*len < (unsigned)(tmp - *buf)) return 0; *ptr = *buf; *len -= tmp - *buf; *buf = tmp; return 1; } static int parse_v1_input(void) { char* buf; unsigned len; const char* cred; /* Prevent buffer run-off by ensuring there is at least one NUL byte */ cvm_module_inbuffer[BUFSIZE] = 0; buf = (char*)cvm_module_inbuffer + 1; len = cvm_module_inbuflen - 1; /* Account name */ if (!v1copy_advance(&cred, &buf, &len)) return CVME_BAD_CLIDATA; if (!str_copys(&cvm_module_credentials[CVM_CRED_ACCOUNT], cred)) return CVME_IO; /* Domain name */ if (!v1copy_advance(&cred, &buf, &len)) return CVME_BAD_CLIDATA; if (*cred != 0 && !str_copys(&cvm_module_credentials[CVM_CRED_DOMAIN], cred)) return CVME_IO; if (len > 1) { /* Allow for only a single credential if one is present. No existing CVM1 module could handle more than one. */ if (!v1copy_advance(&cred, &buf, &len)) return CVME_BAD_CLIDATA; if (!str_copys((cvm_module_lookup_secret != 0) ? &cvm_module_credentials[CVM_CRED_SECRET] : &cvm_module_credentials[CVM_CRED_PASSWORD], cred)) return CVME_IO; } if (len != 1) return CVME_BAD_CLIDATA; return 0; } static int parse_v2_input(void) { unsigned i; unsigned len; unsigned type; for (i = cvm_module_inbuffer[1] + 2; i < cvm_module_inbuflen - 2; i += len + 2) { type = cvm_module_inbuffer[i]; len = cvm_module_inbuffer[i+1]; if (type <= CVM_CRED_MAX) if (!str_copyb(&cvm_module_credentials[type], (char*)cvm_module_inbuffer+i+2, len)) return CVME_IO; } if (i >= cvm_module_inbuflen || cvm_module_inbuffer[i] != 0) return CVME_BAD_CLIDATA; return 0; } static int parse_input(void) { if (cvm_module_inbuffer[0] == CVM2_PROTOCOL) return parse_v2_input(); if (cvm_module_inbuffer[0] == CVM1_PROTOCOL) return parse_v1_input(); return CVME_BAD_CLIDATA; } int cvm_module_handle_request(void) { int code; unsigned i; for (i = 0; i <= CVM_CRED_MAX; ++i) cvm_module_credentials[i].len = 0; cvm_module_fact_start(); if ((code = parse_input()) != 0) return code; if (cvm_module_lookup_secret != 0 && *cvm_module_lookup_secret != 0) { if (cvm_module_credentials[CVM_CRED_SECRET].len == 0 || str_diffs(&cvm_module_credentials[CVM_CRED_SECRET], cvm_module_lookup_secret) != 0) return CVME_NOCRED; } if ((code = cvm_module_lookup()) != 0) return code; if (cvm_module_lookup_secret == 0) if ((code = cvm_module_authenticate()) != 0) return code; if ((code = cvm_module_results()) != 0) return code; cvm_module_fact_str(CVM_FACT_USERNAME, cvm_fact_username); cvm_module_fact_uint(CVM_FACT_USERID, cvm_fact_userid); cvm_module_fact_uint(CVM_FACT_GROUPID, cvm_fact_groupid); if (cvm_fact_realname) cvm_module_fact_str(CVM_FACT_REALNAME, cvm_fact_realname); cvm_module_fact_str(CVM_FACT_DIRECTORY, cvm_fact_directory); if (cvm_fact_shell) cvm_module_fact_str(CVM_FACT_SHELL, cvm_fact_shell); if (cvm_fact_groupname) cvm_module_fact_str(CVM_FACT_GROUPNAME, cvm_fact_groupname); if (cvm_fact_sys_username) cvm_module_fact_str(CVM_FACT_SYS_USERNAME, cvm_fact_sys_username); if (cvm_fact_sys_directory) cvm_module_fact_str(CVM_FACT_SYS_DIRECTORY, cvm_fact_sys_directory); if (cvm_fact_domain) cvm_module_fact_str(CVM_FACT_DOMAIN, cvm_fact_domain); if (cvm_fact_mailbox) cvm_module_fact_str(CVM_FACT_MAILBOX, cvm_fact_mailbox); return 0; } cvm-0.96/cvm-chain.c0000664000076400007640000000344611326155156013627 0ustar bruceguenter#include #include #include #include #include #include "module.h" #include "v2client.h" const char program[] = "cvm-chain"; const char* chains[10]; int chain_count; static void cvm_chain_init() { cvm_fact_username = 0; cvm_fact_userid = -1; cvm_fact_groupid = -1; cvm_fact_directory = 0; cvm_fact_shell = 0; cvm_fact_realname = 0; cvm_fact_groupname = 0; cvm_fact_sys_username = 0; cvm_fact_sys_directory = 0; cvm_fact_domain = 0; cvm_fact_mailbox = 0; } int cvm_module_init(void) { int i; char varname[] = "CVM_CHAIN#"; chain_count = 0; for (i = 0; i <= 9; ++i) { varname[9] = i + '0'; if ((chains[chain_count] = getenv(varname)) != 0) ++chain_count; } if (chain_count == 0) return CVME_CONFIG | CVME_FATAL; cvm_chain_init(); return 0; } int cvm_module_lookup(void) { int i; int credcount; int code; unsigned long outofscope = 1; int saw_outofscope = 0; struct cvm_credential creds[CVM_CRED_MAX+1]; for (i = credcount = 0; i <= CVM_CRED_MAX; ++i) { if (cvm_module_credentials[i].len > 0) { creds[credcount].type = i; creds[credcount].value = cvm_module_credentials[i]; ++credcount; } } for (code = i = 0; i < chain_count && ((code & CVME_FATAL) == 0); i++) { cvm_chain_init(); code = cvm_client_authenticate(chains[i], credcount, creds); if (code != CVME_PERMFAIL) return code; if (outofscope && cvm_client_fact_uint(CVM_FACT_OUTOFSCOPE, &outofscope) == 0) saw_outofscope = 1; } if (saw_outofscope) cvm_module_fact_uint(CVM_FACT_OUTOFSCOPE, outofscope); return code; } int cvm_module_authenticate(void) { return 0; } int cvm_module_results(void) { cvm_client_setenv(); return 0; } void cvm_module_stop(void) { } cvm-0.96/cvm-mysql.c0000664000076400007640000000546211326155156013712 0ustar bruceguenter/* cvm/cvm-mysql.c - MySQL CVM * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include "module.h" #include "sql.h" const char program[] = "cvm-mysql"; const char sql_query_var[] = "CVM_MYSQL_QUERY"; const char sql_pwcmp_var[] = "CVM_MYSQL_PWCMP"; const char sql_postq_var[] = "CVM_MYSQL_POSTQ"; static MYSQL mysql; static const char* host; static const char* user; static const char* pass; static const char* db; static unsigned port; static const char* unix_socket; static int do_connect(void) { if (!mysql_real_connect(&mysql, host, user, pass, db, port, unix_socket, 0)) return CVME_IO; return 0; } int sql_auth_init(void) { const char* tmp; host = getenv("CVM_MYSQL_HOST"); user = getenv("CVM_MYSQL_USER"); pass = getenv("CVM_MYSQL_PASS"); db = getenv("CVM_MYSQL_DB"); tmp = getenv("CVM_MYSQL_PORT"); port = tmp ? atoi(tmp) : 0; unix_socket = getenv("CVM_MYSQL_SOCKET"); mysql_init(&mysql); if ((tmp = getenv("CVM_MYSQL_DEFAULT_FILE")) != 0) if (mysql_options(&mysql, MYSQL_READ_DEFAULT_FILE, tmp)) return CVME_CONFIG; if ((tmp = getenv("CVM_MYSQL_DEFAULT_GROUP")) != 0) if (mysql_options(&mysql, MYSQL_READ_DEFAULT_GROUP, tmp)) return CVME_CONFIG; return do_connect(); } int sql_post_query(const str* query) { int i; if (mysql_real_query(&mysql, query->s, query->len) == 0) return 0; if (mysql_errno(&mysql) != CR_SERVER_LOST) return CVME_IO | CVME_FATAL; mysql_close(&mysql); if ((i = do_connect()) != 0) return i; if (mysql_real_query(&mysql, query->s, query->len) == 0) return 0; return CVME_IO | CVME_FATAL; } static MYSQL_ROW row; int sql_auth_query(const str* query) { int i; static MYSQL_RES* result = 0; if ((i = sql_post_query(query)) != 0) return -i; if (result != 0) mysql_free_result(result); result = mysql_store_result(&mysql); row = mysql_fetch_row(result); return mysql_num_rows(result); } const char* sql_get_field(int field) { return row[field]; } void sql_auth_stop(void) { mysql_close(&mysql); } cvm-0.96/module_udp_main.c0000664000076400007640000000223411326155156015115 0ustar bruceguenter/* cvm/module_udp_main.c - UDP CVM server module main routine * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include "module.h" const int msg_show_pid = 0; void usage(void) { die3(1, "usage: ", program, "-udp IP PORT"); } extern int udp_main(const char*, const char*); int main(int argc, char** argv) { if (argc != 3) usage(); cvm_module_init_request(); return udp_main(argv[1], argv[2]); } cvm-0.96/sasl_plain.c0000664000076400007640000000141011326155156014074 0ustar bruceguenter#include #include "sasl.h" #include "sasl_internal.h" static int response1(struct sasl_state* ss, const str* response, str* challenge) { unsigned i; unsigned j; if (response->len == 0) return SASL_RESP_BAD; if ((i = str_findfirst(response, 0)) == (unsigned)-1) return SASL_RESP_BAD; ++i; if ((j = str_findnext(response, 0, i)) == (unsigned)-1) return SASL_RESP_BAD; ++j; return sasl_authenticate_plain(ss, response->s+i, response->s+j); (void)challenge; } int sasl_plain_start(struct sasl_state* ss, const str* response, str* challenge) { if (response) return response1(ss, response, challenge); if (!str_truncate(challenge, 0)) return SASL_TEMP_FAIL; ss->response = response1; return SASL_CHALLENGE; } cvm-0.96/LIBVERSION0000664000076400007640000000000611326155156013202 0ustar bruceguenter2:0:1 cvm-0.96/cvm-mysql.html0000664000076400007640000000361511326155156014432 0ustar bruceguenter

CVM

CVM SQL Framework

The cvm-mysql Module

Synopsis:

MySQL module

Credentials:

  1. Pass phrase

Description:

This module queries a MySQL database for the account name, compares the stored pass phrase with the given one using crypt.

Configuration Variables:

$CVM_MYSQL_DEFAULT_FILE
The full path of the defaults file to read if the following variable is set. If not set, the file $HOME/.my.cnf will be read (the MySQL default).
$CVM_MYSQL_DEFAULT_GROUP
If set, the module will read connection default options from the named group in the defaults file as above.
$CVM_MYSQL_HOST
The hostname or IP of the MySQL server. If not set, a connection to the local host is assumed.
$CVM_MYSQL_USER
The MySQL login ID to connect as. If not set, the invoking user is assumed.
$CVM_MYSQL_PASS
The password for the above user.
$CVM_MYSQL_DB
The database name, must be set.
$CVM_MYSQL_PORT
The port number for the TCP/IP connection (only used if the server is not local).
$CVM_MYSQL_POSTQ (optional)
The SQL query to execute after the credentials have been validated.
$CVM_MYSQL_PWCMP (optional)
The password comparison module to use.
$CVM_MYSQL_SOCKET
The path to the socket that should be used for connections to a local server.
$CVM_MYSQL_QUERY (optional)
The SQL query to issue to retrieve the row containing the account information from the database.
cvm-0.96/v2client.h0000664000076400007640000000476711326155156013524 0ustar bruceguenter#ifndef CVM__V2CLIENT__H__ #define CVM__V2CLIENT__H__ #include #include "facts.h" #include "errors.h" #define CVM_BUFSIZE 512 struct cvm_credential { unsigned type; str value; }; struct cvm_packet { unsigned length; unsigned char data[CVM_BUFSIZE]; }; extern const char* cvm_client_account_split_chars; extern const char* cvm_client_ucspi_domain(void); extern int cvm_client_split_account(str* account, str* domain); extern int cvm_client_authenticate(const char* module, unsigned count, const struct cvm_credential* credentials); extern int cvm_client_fact_str(unsigned number, const char** data, unsigned* length); extern int cvm_client_fact_uint(unsigned number, unsigned long* data); extern int cvm_client_setugid(void); extern int cvm_client_setenv(void); extern unsigned cvm_xfer_command_packets(const char* module, const struct cvm_packet* request, struct cvm_packet* response); extern unsigned cvm_xfer_local_packets(const char* path, const struct cvm_packet* request, struct cvm_packet* response); extern unsigned cvm_xfer_udp_packets(const char* hostport, const struct cvm_packet* request, struct cvm_packet* response); /* Wrapper functions for library compatibility. */ extern unsigned cvm_xfer_command(const char* module, unsigned char buffer[CVM_BUFSIZE], unsigned* buflen); extern unsigned cvm_xfer_local(const char* path, unsigned char buffer[CVM_BUFSIZE], unsigned* buflen); extern unsigned cvm_xfer_udp(const char* hostport, unsigned char buffer[CVM_BUFSIZE], unsigned* buflen); /* Wrapper functions. */ extern int cvm_client_authenticate_password(const char* module, const char* account, const char* domain, const char* password, int split_account); #ifndef CVM_NOCOMPAT /* Legacy definitions. */ #define cvm_account_split_chars cvm_client_account_split_chars #define cvm_ucspi_domain cvm_client_ucspi_domain #define cvm_setugid cvm_client_setugid #define cvm_setenv cvm_client_setenv #define cvm_authenticate_password cvm_client_authenticate_password #define cvm_split_account cvm_client_split_account #ifndef CVM__MODULE__H__ # define cvm_authenticate cvm_client_authenticate # define cvm_fact_str cvm_client_fact_str # define cvm_fact_uint cvm_client_fact_uint #else # undef cvm_authenticate # undef cvm_fact_str # undef cvm_fact_uint #endif #endif #endif cvm-0.96/qmail-dotfile.c0000664000076400007640000000361111326155156014503 0ustar bruceguenter/* qmail-dotfile.c - qmail dotfile ($HOME/.qmail*) lookup routines * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include "qmail.h" int qmail_dotfile_exists(const struct qmail_user* user, const char* ext, str* path) { struct stat st; int split; int baselen; /* System users are not required to have a .qmail file */ if (user->dash == 0) return ext == 0 || *ext == 0; if (!str_copy(path, &user->homedir)) return -1; if (!str_cats(path, "/.qmail")) return -1; baselen = path->len; if (!str_catc(path, user->dash)) return -1; if (!str_cat(path, &user->ext)) return -1; if (ext != 0) { while (*ext) { if (!str_catc(path, isupper(*ext) ? tolower(*ext) : (*ext == '.') ? ':' : *ext)) return -1; ++ext; } } split = path->len; for (;;) { if (stat(path->s, &st) == 0) return 1; if (errno != ENOENT) return -1; if ((split = str_findprev(path, '-', split - 1)) == -1 || split < baselen) break; path->len = split + 1; if (!str_cats(path, "default")) return -1; } return 0; } cvm-0.96/README.vmailmgr0000664000076400007640000000402511326155156014305 0ustar bruceguentercvm-vmailmgr CVM modules for use with vmailmgr Bruce Guenter Version 0.6 2003-05-23 This package contains CVMs for authenticating against vmailmgr password tables. A mailing list has been set up to discuss vmailmgr. To subscribe, send an email to: vmailmgr-subscribe@lists.untroubled.org A mailing list archive is available at: http://lists.untroubled.org/?list=vmailmgr Development versions of @PACKAGE@ are available via Subversion at: svn://bruce-guenter.dyndns.org/@PACKAGE@/trunk Requirements: - Should work with all versions of vmailmgr that use CDB password tables, introduced in version 0.89 (only tested with version 0.96.9). - bglibs library package version 1.009 or later. - cvm version 0.17 or later. Configuration: - If your virtual domain password tables are stored in a file other than passwd.cdb, set $VMAILMGR_PWFILE to that file name. - If you want to protect lookups, set $VMLOOKUP_SECRET to an arbitrary string before invoking cvm-vmlookup. - Set $QMAIL_ROOT to the base qmail directory (defaults to "/var/qmail"). - Set $VMAILMGR_DEFAULT to the vmailmgr default username (defaults to "+"). - Set $DEBUG (to anything) to see debugging output. - See http://untroubled.org/cvm/cvm.html for information on running local or UDP server modules. Security Notes: - This CVM will typically need to run as root. This project was initiated at FutureQuest, Inc. We are releasing it as an open-source project because we felt it would be useful to others, as well as to repay our debt of gratitude to the larger open-source community for the excellent packages we have enjoyed. For more details, you may contact FutureQuest, Inc. at: FutureQuest, Inc. PO BOX 623127 Oviedo FL 32762-3127 USA http://www.FutureQuest.net/ ossi@FutureQuest.net This package is Copyright(C) 2001-2003 Bruce Guenter or FutureQuest, Inc., and may be copied according to the GNU GENERAL PUBLIC LICENSE (GPL) Version 2 or a later version. A copy of this license is included with this package. This package comes with no warranty of any kind. cvm-0.96/ChangeLog0000664000076400007640000060471611326155156013377 0ustar bruceguentercommit 3d2afb2a50701a07b7afb412f028b65534070a63 Author: Bruce Guenter Date: Thu Jan 21 13:43:54 2010 -0600 qmail-domains: Merge load_locals and load_vdomains qmail-domains.c | 53 +++++++++++++++++++++++++++-------------------------- 1 files changed, 27 insertions(+), 26 deletions(-) commit e608c3ffa58de2662bd7af2bd13b5b25616df26d Author: Bruce Guenter Date: Tue Jan 19 18:04:46 2010 -0600 Fix reloading qmail locals/virtualdomains if they are deleted qmail-domains.c | 24 ++++++++++++++++++++---- 1 files changed, 20 insertions(+), 4 deletions(-) commit a30c2a30aed241864df6cd942f91f041b0f40ea0 Author: Bruce Guenter Date: Thu Jan 14 14:43:07 2010 -0600 cvm-qmail: Fix to not die if control/locals is missing NEWS | 2 ++ TODO | 4 ++++ qmail-domains.c | 2 +- 3 files changed, 7 insertions(+), 1 deletions(-) commit 5cca802019a21a964893d81147fe45258774b4e3 Author: Bruce Guenter Date: Mon Jan 11 22:38:54 2010 -0600 Add support for I/O timeouts to local modules NEWS | 2 ++ cvm.html | 4 +++- module.h | 1 + module_local.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++-- 4 files changed, 54 insertions(+), 3 deletions(-) commit 0021c0210799072b07627ebcfc703d7d302a09d6 Author: Bruce Guenter Date: Mon Jan 11 11:06:38 2010 -0600 Add TODO note about SQL prepare/execute idea TODO | 4 +--- 1 files changed, 1 insertions(+), 3 deletions(-) commit fa31274aab5dd945ffa0afaf7d0fc14817c4f051 Author: Bruce Guenter Date: Mon Jan 11 10:49:17 2010 -0600 cvm-qmail: Add permission checking with seteuid NEWS | 3 +++ cvm-qmail.c | 26 +++++++++++++++++++++++++- cvm-qmail.html | 7 +++++++ tests/qmail-lookup-perms | 40 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 75 insertions(+), 1 deletions(-) create mode 100644 tests/qmail-lookup-perms commit 7ef7b8205bae3da7ce939dc48bf7603d083eecb5 Author: Bruce Guenter Date: Fri Jan 8 23:49:54 2010 -0600 Move the fake qmail home directory into a subdirectory in tests tests.inc | 24 ++++++++++++-------- tests/chain-client | 6 ++-- tests/chain-module | 6 ++-- tests/qmail-lookup | 48 +++++++++++++++++++++--------------------- tests/qmail-lookup-assume | 6 ++-- tests/qmail-lookup-lookaside | 8 +++--- tests/qmail-lookup-nodomain | 6 ++-- tests/split | 30 +++++++++++++------------- tests/vmailmgr-normal | 6 ++-- tests/vmailmgr-upper-domain | 6 ++-- tests/vmailmgr-upper-virt | 6 ++-- tests/vmailmgr-xconvert | 14 ++++++------ tests/vmlookup-normal | 6 ++-- tests/vmlookup-notable | 8 +++--- tests/vmlookup-pass | 6 ++-- tests/vmlookup-upper-domain | 6 ++-- tests/vmlookup-upper-virt | 6 ++-- 17 files changed, 101 insertions(+), 97 deletions(-) commit b27df59e84eb49d6ffc4400493b9aa4c1384bd6a Author: Bruce Guenter Date: Mon Feb 16 15:47:50 2009 -0600 Fix the SQLite module to copy the row data in the callback function. NEWS | 2 ++ cvm-sqlite.c | 22 +++++++++++++++------- 2 files changed, 17 insertions(+), 7 deletions(-) commit c6d7cd76e97053ed121b2230d997ab8fb649baad Author: Bruce Guenter Date: Mon Feb 16 10:48:42 2009 -0600 Added note about SQLite module to the README. README.in | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit da87c9476edbba5173ff7c7f66b1603a46222386 Author: Bruce Guenter Date: Mon Feb 16 16:28:36 2009 -0600 Bumped version to 0.96 NEWS | 5 +++++ VERSION | 2 +- 2 files changed, 6 insertions(+), 1 deletions(-) commit bbecd1a5b5220844abc75f8efdb568f60618122f Author: Bruce Guenter Date: Tue Jan 13 22:50:30 2009 -0600 Bumped version to 0.95 NEWS | 2 +- VERSION | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 5e7732cf3d7d3e6b92a2606566600d33b3e36ece Author: Bruce Guenter Date: Tue Jan 13 22:49:45 2009 -0600 Added note about cvm-sqlite to the NEWS file. NEWS | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) commit 897a02f57ab67b9c2ed14b08d06ef5c3eb7d7496 Author: Bruce Guenter Date: Tue Jan 13 22:47:20 2009 -0600 Wayne placed cvm-sqlite in the public domain; I added some slight touchups. Date: Tue, 13 Jan 2009 10:02:55 +0000 From: Wayne Marshall To: Bruce Guenter Subject: Re: cvm-sqlite Message-ID: <20090113100255.162456ba@alloy.copperisle.com> Hi Bruce, > > I was just going to push out a new version of cvm, and noticed I hadn't > merged the SQLite module yet. I noticed the sources I had downloaded > from your site don't have any copyright notice on them. Please publish > a version that has a copyright compatible with the GPLv2, or send me a > note assigning copyright to me, so I can include this in the main cvm > package. > Please consider the sources as public domain. Best regards, Wayne cvm-sqlite.c | 36 +++++++++++++++++++----------------- cvm-sqlite.html | 21 +++++---------------- 2 files changed, 24 insertions(+), 33 deletions(-) commit 94de1ef0deca5d6ae5ae3b84d91a8f3e209fa123 Author: Bruce Guenter Date: Tue Jan 13 22:45:02 2009 -0600 Added self tests for the SQLite CVM. tests.inc | 28 ++++++++++++++++++++++++++++ tests/sqlite | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+), 0 deletions(-) create mode 100644 tests/sqlite commit e0d62ae6da1642506c20ce38bce27be7b501b4fe Author: Bruce Guenter Date: Mon Jan 12 14:39:59 2009 -0600 Skip cvm-sqlite in the main "programs" target. programs.spac | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) commit c125a76f2e75ca7a39c7ce69d3ccdc871b7ab4fa Author: Bruce Guenter Date: Mon Jan 12 14:39:27 2009 -0600 Fixed some compiler warnings about unused parameters in cvm-sqlite.c cvm-sqlite.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) commit ab212c65db311f7cd756924caba051c86297e979 Author: Bruce Guenter Date: Mon Jan 12 14:32:20 2009 -0600 Removed a trailing space in the SQLite CVM. cvm-sqlite.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 27dbfda73d826a4be4947462d557dac572ff58f1 Author: Bruce Guenter Date: Mon Apr 14 17:25:04 2008 -0600 Added cvm-sqlite implementation from Wayne Marshall INSTHIER | 1 + TOP.spac | 2 +- cvm-sqlite.c | 131 +++++++++++++++++++++++++++++++++++++++++++ cvm-sqlite.html | 107 +++++++++++++++++++++++++++++++++++ cvm-pgsql=x => cvm-sqlite=x | 2 +- sqlite.spac | 1 + 6 files changed, 242 insertions(+), 2 deletions(-) create mode 100644 cvm-sqlite.c create mode 100644 cvm-sqlite.html copy cvm-pgsql=x => cvm-sqlite=x (65%) create mode 100644 sqlite.spac commit 47d7a8d49ef3bd3a049bce3ef7444e975ba11b52 Author: Bruce Guenter Date: Mon Jan 12 15:56:35 2009 -0600 Touched up the documentation for $CVM_QMAIL_LOOKASIDE. cvm-qmail.html | 14 +++++++------- 1 files changed, 7 insertions(+), 7 deletions(-) commit 68715f891e7876fbb8fa916bbe0d1dcad8eb3a40 Author: Bruce Guenter Date: Fri Apr 18 17:06:07 2008 -0600 Added a "lookaside" mode to cvm-qmail, to assist with proper chaining to cvm-vmailmgr or other modules. NEWS | 3 ++ cvm-qmail.c | 75 +++++++++++++++++++++++++++++++++++++++--- cvm-qmail.html | 9 +++++ tests/qmail-lookup-lookaside | 50 ++++++++++++++++++++++++++++ 4 files changed, 132 insertions(+), 5 deletions(-) create mode 100644 tests/qmail-lookup-lookaside commit 35e06ba21b4d8292d3c3ea6729c4674acc7e205c Author: Bruce Guenter Date: Fri Apr 18 15:48:00 2008 -0600 Made qmail_dotfile_exists output the path to the .qmail file to the caller. cvm-qmail.c | 3 ++- qmail-dotfile.c | 26 +++++++++++++------------- qmail.h | 3 ++- 3 files changed, 17 insertions(+), 15 deletions(-) commit 56499ed5b2c5db9cdd6fb3cc9c8eb7d80fdd9be8 Author: Bruce Guenter Date: Mon Jan 12 14:30:47 2009 -0600 Added some TODO notes. TODO | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) commit cc61e88b1c2572739146ae72162eaa5ba993d436 Author: Bruce Guenter Date: Fri Jan 9 11:08:14 2009 -0600 Fix a compiler warning with a NULL in pipefork. client_xfer_command.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 20a7ce2a37c48ebb55416845bbb66276ab7a9771 Author: Bruce Guenter Date: Fri Jan 9 11:07:42 2009 -0600 Eliminate an unused variable in cvm_random_init. random.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) commit de65cb868de4dbe0c0da3f8b0f309811e62f1b2f Author: Bruce Guenter Date: Fri Apr 18 17:35:42 2008 -0600 Added notes about OUTOFSCOPE to the HTML documentation. cvm-qmail.html | 15 +++++++++------ cvm-vmailmgr.html | 4 +++- 2 files changed, 12 insertions(+), 7 deletions(-) commit e6898800e15f53d9bc805346ab41bfab05f979b3 Author: Bruce Guenter Date: Fri Apr 18 17:32:41 2008 -0600 Make vmlookup fail with OUTOFSCOPE=1 when the password table is not there. Previously, cvm-vmailmgr would fail with an I/O error when the virtual password table was missing. This would cause problems for chaining properly with other modules. NEWS | 4 ++++ tests/vmlookup-notable | 15 +++++++++++++++ vmlookup.c | 8 +++++++- 3 files changed, 26 insertions(+), 1 deletions(-) create mode 100644 tests/vmlookup-notable commit 3eec484b9ba9eec1fb12b3d891d2a5bfbf20a18a Author: Bruce Guenter Date: Mon Apr 14 17:26:07 2008 -0600 Fixed portability problem in tests/qmail-lookup-nodomain Thanks Gerrit Pape tests/qmail-lookup-nodomain | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) commit c1b8f4eb8f53e129dc7a8862112b06c53f34d961 Author: Bruce Guenter Date: Mon Apr 14 17:02:50 2008 -0600 Fixed client.h symlink to point to v2client.h to match the library. INSTHIER | 2 +- NEWS | 2 ++ 2 files changed, 3 insertions(+), 1 deletions(-) commit 0afc023c43090c1a24a45f089ccccb4d38ff1309 Author: Bruce Guenter Date: Mon Apr 14 16:15:46 2008 -0600 Fixed failure in cvm-qmail when virtualdomains did not exist. NEWS | 1 + qmail-domains.c | 3 ++- tests/qmail-lookup-novirtualdomains | 10 ++++++++++ 3 files changed, 13 insertions(+), 1 deletions(-) create mode 100644 tests/qmail-lookup-novirtualdomains commit 9ee2e1dc01882f019a24795717cde7ece3b4749c Author: Bruce Guenter Date: Mon Apr 14 16:14:52 2008 -0600 Bumped version to 0.91 NEWS | 6 ++++++ VERSION | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit b3e870f546807d5d5f5bf27edbb659dda704e05a Author: Bruce Guenter Date: Fri Apr 11 21:01:47 2008 -0600 Fixed Require/BuildRequires for bglibs in the spec. spec | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) commit d9527c62c479318bc07fce5752889902e1c6fa8c Author: Bruce Guenter Date: Fri Apr 11 21:01:34 2008 -0600 Fixed requirement for bglibs version 1.103 in the README. README.in | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit a5e5853cc3373e37e80a85028caa2b6bdd8d3de5 Author: Bruce Guenter Date: Fri Apr 11 17:51:59 2008 -0600 Bumped LIBVERSION and VERSION in preparation for release. LIBVERSION | 2 +- NEWS | 2 +- VERSION | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) commit 4cd773bb274e9d4b0f4f9a2df3c91bc0ae0f997e Author: Bruce Guenter Date: Fri Apr 11 17:49:51 2008 -0600 Added compatibility wrapper functions to the client_xfer_* functions. The actual functions are renamed to a new name of client_xfer_*_packets, and wrapper functions were added with the original names and signatures. This is done to prevent requiring a major version bump to LIBVERSION, which would break all clients that linked to the shared library. client_xfer_command.c | 6 ++-- client_xfer_compat.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++ client_xfer_local.c | 6 ++-- client_xfer_udp.c | 6 ++-- libcvm-v1client=l | 1 + libcvm-v2client=l | 1 + v1client.c | 6 ++-- v1client.h | 23 ++++++++++++---- v2client.c | 6 ++-- v2client.h | 23 ++++++++++++---- 10 files changed, 120 insertions(+), 27 deletions(-) create mode 100644 client_xfer_compat.c commit e9c90d275972753f6abf8437399adda448b3d84f Author: Bruce Guenter Date: Fri Apr 11 17:22:48 2008 -0600 Added two tests that were missing from the previous commits. tests/chain-client | 38 ++++++++++++++++++++++++++++++++++++++ tests/chain-module | 44 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+), 0 deletions(-) create mode 100644 tests/chain-client create mode 100644 tests/chain-module commit 5838d329188acbb974f21b034036b2073f49992e Author: Bruce Guenter Date: Fri Apr 11 17:21:36 2008 -0600 Moved the note about the random tag into the v2 client documentation. cvm.html | 5 ----- v2client.html | 4 ++++ 2 files changed, 4 insertions(+), 5 deletions(-) commit 6ab3f46136798c4f64198d63e8297c97fe82a6e4 Author: Bruce Guenter Date: Fri Apr 11 17:19:56 2008 -0600 Added support for chaining modules in the v2 library. NEWS | 8 +++++++ TODO | 5 ---- cvm-chain.html | 3 +- cvm.html | 8 +++++++ tests/chain | 44 -------------------------------------- v2client.c | 64 ++++++++++++++++++++++++++++++++++++++++++------------- 6 files changed, 67 insertions(+), 65 deletions(-) delete mode 100644 tests/chain commit bae2ac68954b1d19020771ff28c5f920e3b71cd8 Author: Bruce Guenter Date: Fri Apr 11 16:24:02 2008 -0600 Seperate the single xfer packet into request and response packets. This again breaks the previous ABI, and requires a LIBVERSION bump. client_xfer_command.c | 11 ++++++----- client_xfer_local.c | 15 ++++++++------- client_xfer_udp.c | 18 ++++++++++-------- v1client.c | 15 ++++++++------- v1client.h | 9 ++++++--- v2client.c | 16 +++++++++------- v2client.h | 9 ++++++--- 7 files changed, 53 insertions(+), 40 deletions(-) commit 3028400e3141622aca2603daa0f6779430b377d7 Author: Bruce Guenter Date: Fri Apr 11 16:06:53 2008 -0600 Introduced struct cvm_packet, and modified many client functions to use it. This will require a major bump to the library version, as all the client_xfer_* functions are now incompatible with the previous versions. client_xfer_command.c | 9 +++--- client_xfer_local.c | 13 ++++----- client_xfer_udp.c | 16 +++++----- v1client.c | 57 +++++++++++++++++++++----------------- v1client.h | 15 ++++++---- v2client.c | 72 +++++++++++++++++++++++-------------------------- v2client.h | 15 ++++++---- 7 files changed, 101 insertions(+), 96 deletions(-) commit eba511388ab210394cdc1648a9e4a7c6b46dc353 Author: Bruce Guenter Date: Fri Apr 11 14:14:16 2008 -0600 Moved the client buffer data into a structure. This is the start of preparation for having both an input and output buffer, which is required for transferring multiple packets in the client. v2client.c | 71 +++++++++++++++++++++++++++++++++--------------------------- 1 files changed, 39 insertions(+), 32 deletions(-) commit ea954c8b67a725ea7788da2ef8861db4c664afce Author: Bruce Guenter Date: Fri Apr 11 13:03:20 2008 -0600 Clarify the semantics of the return path of cvm_client_authenticate. v2client.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) commit 08579e77b0768e426f655bbcfe67c2a822b1cb68 Author: Bruce Guenter Date: Fri Apr 11 11:19:31 2008 -0600 Simplified the logic in cvm-chain slightly. cvm-chain.c | 5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-) commit bbfbe51f1d3e860d6c7a88c741a43c9d60973348 Author: Bruce Guenter Date: Thu Apr 10 13:10:54 2008 -0600 Added notes to NEWS about which modules handle OUTOFSCOPE. NEWS | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) commit 4069686096f6942788aa4236b87f78a90820d87a Author: Bruce Guenter Date: Thu Apr 10 13:09:38 2008 -0600 Handle the OUTOFSCOPE fact in cvm-chain by passing it through. cvm-chain.c | 8 ++++++++ cvm-chain.html | 6 ++++++ tests/chain | 2 ++ 3 files changed, 16 insertions(+), 0 deletions(-) commit f00e590a59c0b6baf71abcdb7c0dd0e05a7188aa Author: Bruce Guenter Date: Thu Apr 10 11:40:02 2008 -0600 Bumped the revision number in LIBVERSION in preparation for release. LIBVERSION | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 4c123d75f0a650a427bf02754ab03da91f517ddf Author: Bruce Guenter Date: Thu Apr 10 10:34:20 2008 -0600 Added two missing vmailmgr lookup self-tests. .../{qmail-lookup-baddomain => vmlookup-baddomain} | 5 ++--- tests/{vmailmgr-upper-pass => vmlookup-baduser} | 3 ++- 2 files changed, 4 insertions(+), 4 deletions(-) copy tests/{qmail-lookup-baddomain => vmlookup-baddomain} (53%) copy tests/{vmailmgr-upper-pass => vmlookup-baduser} (53%) commit 645465c10c46dda4ba9ab88802a63d439dc2dc56 Author: Bruce Guenter Date: Thu Apr 10 10:34:00 2008 -0600 Fixed up some HTML bugs in the documentation. credentials.html | 10 ++++++---- cvm.html | 22 +++++++++++++--------- errors.html | 7 +++++-- facts.html | 14 ++++++++------ module.html | 11 ++++++++--- protocol-1.html | 18 ++++++++++++------ protocol-2.html | 3 +-- rationale.html | 3 +++ sasl.html | 6 ++++-- sql.html | 4 ++-- v1client.html | 8 ++++++-- v2client.html | 9 +++++++-- 12 files changed, 75 insertions(+), 40 deletions(-) commit f9e6280122f07d3f6447951cabf2954680e50c4a Author: Bruce Guenter Date: Thu Apr 10 10:25:01 2008 -0600 Added a note about $CVM_RANDOM_BYTES to the HTML documentation. cvm.html | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) commit 834fe8834f5dca529701a89d60522b5b73453bd4 Author: Bruce Guenter Date: Thu Apr 10 10:11:01 2008 -0600 Fixed make_randombytes to only initialize once. v2client.c | 18 ++++++++++-------- 1 files changed, 10 insertions(+), 8 deletions(-) commit ed54d4afe40a84e16fe7de148231f20f56a1d2a3 Author: Bruce Guenter Date: Thu Apr 10 09:56:45 2008 -0600 Switched to using the new surfrand in bglibs to generate random data. random.c | 58 ++++++++++------------------------------------------------ random.h | 2 +- spec | 2 +- v2client.c | 3 +-- 4 files changed, 13 insertions(+), 52 deletions(-) commit 0762fd93ae6e62d7eb6856f4336a6c47acf04b93 Author: Bruce Guenter Date: Thu Apr 10 09:44:55 2008 -0600 Add OUTOFSCOPE facts in all PERMFAIL exits in qmail and vmailmgr CVMs. cvm-qmail.c | 4 +++- cvm-vmailmgr.c | 3 +++ tests/qmail-lookup | 4 ++++ tests/vmailmgr-normal | 1 + tests/vmailmgr-upper-pass | 1 + tests/vmlookup-badpass | 1 + vmlookup.c | 2 ++ 7 files changed, 15 insertions(+), 1 deletions(-) commit 592c52683bf9fc7061684ec787cc8d42d7b4de7b Author: Bruce Guenter Date: Sun Mar 30 22:01:34 2008 -0600 Only add the random tag when transmitting over UDP. v2client.c | 12 +++++++++--- 1 files changed, 9 insertions(+), 3 deletions(-) commit a6f11de73eaf6a2ed37cc109f9629f1794e179ed Author: Bruce Guenter Date: Sun Mar 30 14:59:45 2008 -0600 Let the random tag length be set by $CVM_RANDOM_BYTES. NEWS | 3 +++ v2client.c | 11 ++++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) commit c756cc0335b6f515c1ca7f1642fb60641825ac7a Author: Bruce Guenter Date: Sun Mar 30 14:56:27 2008 -0600 Add 8 bytes of random data to client requests. libcvm-v2client=l | 1 + random.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++ random.h | 7 ++++ v2client.c | 20 +++++++++++- 4 files changed, 114 insertions(+), 1 deletions(-) create mode 100644 random.c create mode 100644 random.h commit 3bcf5c4b86aebe260fe03b590621d289f1dc8a1a Author: Bruce Guenter Date: Sat Mar 29 23:42:30 2008 -0600 Output the out of scope fact in qmail and vmailmgr CVMs When a qmail lookup is done on a domain that does not exist in virtualdomains, no determination can be made about users in that domain, so the result is "out of scope". Similarly, vmailmgr treats any failed qmail lookup as "out of scope", since it can't then do its virtual user lookup. This fact is also reported on error in cvm-testclient. Also bumped the version to 0.85, due to the significance of this change. NEWS | 6 +++++- TODO | 2 ++ VERSION | 2 +- cvm-qmail.c | 7 ++++++- cvm-testclient.c | 7 ++++--- qmail-lookup.c | 14 ++++++++++---- tests/chain | 4 ++++ tests/qmail-lookup-assume | 1 + tests/qmail-lookup-baddomain | 6 ++++++ tests/split | 4 ++++ tests/vmailmgr-normal | 4 ++++ vmlookup.c | 18 ++++++++++++++---- 12 files changed, 61 insertions(+), 14 deletions(-) create mode 100644 tests/qmail-lookup-baddomain commit e0d65bdc3ab9ba2be5d389cb50d16c4a10f30693 Author: Bruce Guenter Date: Sat Mar 29 18:55:44 2008 -0600 Changed the fatal error in cvm-testclient to a message. cvm-testclient.c | 3 ++- tests/chain | 2 +- tests/command-bad-password | 2 +- tests/command-bad-username | 2 +- tests/lookup | 4 ++-- tests/pwfile-bad-password | 2 +- tests/pwfile-local-bad-password | 2 +- tests/pwfile-udp-bad-password | 2 +- tests/qmail-lookup | 8 ++++---- tests/qmail-lookup-assume | 2 +- tests/split | 8 ++++---- tests/vmailmgr-upper-pass | 2 +- tests/vmlookup-badpass | 2 +- 13 files changed, 21 insertions(+), 20 deletions(-) commit 48d4f28acbec04698d70fb333af8706c202f3bdb Author: Bruce Guenter Date: Fri Mar 28 17:48:51 2008 -0600 Add an "out of scope" fact, to be used on permanent failures. facts.h | 1 + facts.html | 11 +++++++++++ 2 files changed, 12 insertions(+), 0 deletions(-) commit 2f0bfb87ae2347bbd1306eee8a4451ab376cb6f6 Author: Bruce Guenter Date: Fri Mar 28 17:16:13 2008 -0600 The v2 protocol will now allow facts in the response packet. protocol-2.html | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) commit ec467434975b61b37545da501d14ec56cd5ccef7 Author: Bruce Guenter Date: Fri Mar 28 17:04:29 2008 -0600 Always do a minimal parse on the input buffer in v2client. v2client.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) commit 8d1d10d71ac199584e5d2671215dcfefffa2ec83 Author: Bruce Guenter Date: Fri Mar 28 17:01:22 2008 -0600 Don't truncate the module output when the result code is not zero. module_output.c | 11 +++-------- 1 files changed, 3 insertions(+), 8 deletions(-) commit 2730e859f2e67f1031427c77934a2fa8ae5cdd39 Author: Bruce Guenter Date: Fri Mar 28 16:47:21 2008 -0600 Added a test for a bad password with pwfile in command mode. .../{command-bad-username => pwfile-bad-password} | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) copy tests/{command-bad-username => pwfile-bad-password} (64%) commit c2734cee638eb109caa004247d21da0b673b8b82 Author: Bruce Guenter Date: Fri Mar 28 15:58:36 2008 -0600 Make command mode transfers work the same as other transfers. The local and UDP transfer functions both return the status of the transfer itself. The command mode returns CVME_IO if the transfer failed, but if the module failed it also would return that error code. This modification stuffs the result code into the buffer as expected and returns 0 if the transfer succeeded. client_xfer_command.c | 12 ++++++++---- 1 files changed, 8 insertions(+), 4 deletions(-) commit e7ba58ea3627c97133b4b1c892bce4803379c922 Author: Bruce Guenter Date: Fri Mar 28 15:49:30 2008 -0600 Rewrote several constant return values to use CVME_* macros. client_xfer_command.c | 6 +++--- client_xfer_udp.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) commit 8f038d92c5268c19f7cd9cb9fa15a183a6bc1bb1 Author: Bruce Guenter Date: Thu Mar 20 14:44:19 2008 -0600 Point to the GIT repository for development versions. README.in | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) commit dc58a1d308d23232007e20e68bc2603f2ecc29f0 Author: Bruce Guenter Date: Thu Mar 20 14:43:57 2008 -0600 Ignore most automatically generated files. .gitignore | 37 +++++++++++++++++++++++++++++++++++++ 1 files changed, 37 insertions(+), 0 deletions(-) create mode 100644 .gitignore commit 1377a540163964a4688f338e3df851e243672d29 Author: Bruce Guenter Date: Fri Jan 5 19:30:07 2007 +0000 Fixed a bug that caused the domain output to be set incorrectly when doing qmail lookups with a domain not in the control files with $CVM_QMAIL_ASSUME_LOCAL set. NEWS | 3 +++ qmail-domains.c | 13 +++++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) commit f9b79ae998564f07a56c83092a5af8070136daf9 Author: Bruce Guenter Date: Thu Jan 4 08:38:10 2007 +0000 Bumped version to 0.83 NEWS | 6 ++++++ VERSION | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit 2cb0b2a8c0b844218d05cd3b3797292174d26aec Author: Bruce Guenter Date: Wed Aug 30 23:55:33 2006 +0000 Bumped the library revision number. LIBVERSION | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 9aef171e9359bde6a8ac7f3524d7f1e976fdfae5 Author: Bruce Guenter Date: Wed Aug 30 23:09:45 2006 +0000 Fixed handling of user/domain name splitting in the client library when the caller doesn't initially provide a domain name. NEWS | 3 ++ tests/split | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++ v2client_wrappers.c | 40 ++++++++++++++++--------- 3 files changed, 109 insertions(+), 14 deletions(-) create mode 100644 tests/split commit 7f564868aeeaa34aa17ff26711740f35cdc02c51 Author: Bruce Guenter Date: Wed Aug 30 23:09:37 2006 +0000 Split domain names from the username in the test client (for testing). cvm-testclient.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) commit 1d5fde08b81cbf6cb42cec5e5fe646a8d999db0e Author: Bruce Guenter Date: Wed Aug 30 21:56:35 2006 +0000 Added a note in the documentation about $MAIL and $MAILDIR. v1client.html | 4 ++++ v2client.html | 4 ++++ 2 files changed, 8 insertions(+), 0 deletions(-) commit 0e780bc64e3a55d0c1c94655fcfa31db3629be5e Author: Bruce Guenter Date: Wed Aug 30 21:55:16 2006 +0000 Set $MAILDIR in cvm_client_setenv NEWS | 1 + client_setenv.c | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) commit 9776ace0e914f0ac23cf91ee17ab711a319e007b Author: Bruce Guenter Date: Wed Aug 30 21:53:13 2006 +0000 Bumped version to 0.82 NEWS | 6 ++++++ VERSION | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit 42a707d7dc5cd5c6d068c21a4503f4ec8ca682ae Author: Bruce Guenter Date: Sun Jul 30 22:27:44 2006 +0000 Fixed a typo in the INSTHIER file that caused incomplete installations. INSTHIER | 2 ++ NEWS | 2 ++ 2 files changed, 4 insertions(+), 0 deletions(-) commit 4f7e1a3edd5be264ec24350bcee7beac6f9f5c94 Author: Bruce Guenter Date: Sun Jul 30 20:41:17 2006 +0000 Bumped version to 0.81 NEWS | 6 ++++++ VERSION | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit 3e502f88f59e3e333803f45fe0d63a32c58f849b Author: Bruce Guenter Date: Fri Jul 28 22:23:55 2006 +0000 Fixed up the README documentation. README.in | 12 ++++++------ 1 files changed, 6 insertions(+), 6 deletions(-) commit 716a6b0605672e834adeba75446f1e36bfe04012 Author: Bruce Guenter Date: Fri Jul 28 22:21:57 2006 +0000 Fixed up the spec for the shared library install. spec | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) commit ef9f5dda256090f45683bafa5987db013709c077 Author: Bruce Guenter Date: Fri Jul 28 22:21:38 2006 +0000 Added note about shared library change to NEWS. NEWS | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) commit e11fe9d45051bcd2cd743db3fed609f0e5d75b9e Author: Bruce Guenter Date: Fri Jul 28 22:20:49 2006 +0000 The installed libraries need to be made executable. INSTHIER | 14 +++++++------- 1 files changed, 7 insertions(+), 7 deletions(-) commit cf16e001345f1ea069f564e3bd81e7a203a65464 Author: Bruce Guenter Date: Fri Jul 28 04:51:55 2006 +0000 Bumped version to 0.80 NEWS | 6 ++++++ VERSION | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit e629bb2a5e581b74620f7b8c30d9c02e89dca08d Author: Bruce Guenter Date: Fri Jul 28 04:51:14 2006 +0000 Rewrote the remaining em.ca addresses to untroubled.org. client_domain.c | 2 +- client_setenv.c | 2 +- client_setugid.c | 2 +- client_xfer_command.c | 2 +- client_xfer_local.c | 2 +- client_xfer_udp.c | 2 +- cvm-benchclient.c | 2 +- cvm-checkpassword.c | 2 +- cvm-mysql.c | 2 +- cvm-pgsql.c | 2 +- cvm-pwfile.c | 2 +- cvm-qmail.c | 2 +- cvm-testclient.c | 2 +- cvm-unix.c | 2 +- cvm-v1benchclient.c | 2 +- cvm-v1checkpassword.c | 2 +- cvm-v1testclient.c | 2 +- cvm-vmailmgr.c | 2 +- errors.c | 2 +- facts.c | 2 +- getpwnam.c | 2 +- module_command.c | 2 +- module_command_main.c | 2 +- module_local.c | 2 +- module_local_main.c | 2 +- module_log.c | 2 +- module_main.c | 2 +- module_output.c | 2 +- module_request.c | 2 +- module_udp.c | 2 +- module_udp_main.c | 2 +- qmail-domains.c | 2 +- qmail-dotfile.c | 2 +- qmail-init.c | 2 +- qmail-lookup.c | 2 +- qmail-users.c | 2 +- spec | 4 ++-- sql-auth.c | 2 +- sql-query.c | 2 +- v1client.c | 2 +- v2client.c | 2 +- v2client_wrappers.c | 2 +- vmautoconvert.c | 2 +- vmlookup.c | 2 +- 44 files changed, 45 insertions(+), 45 deletions(-) commit dd3a793d80c251a5bd443342cd8b7066ec051661 Author: Bruce Guenter Date: Fri Jul 28 04:48:43 2006 +0000 Create, link, and install shared libraries. INSTHIER | 62 +++++++++++++++++++++++++----------------------- LIBVERSION | 1 + cvm-benchclient=x | 2 +- cvm-chain=x | 4 +- cvm-checkpassword=x | 2 +- cvm-mysql-local=x | 4 +- cvm-mysql-udp=x | 4 +- cvm-mysql=x | 4 +- cvm-pgsql-local=x | 4 +- cvm-pgsql-udp=x | 4 +- cvm-pgsql=x | 4 +- cvm-pwfile=x | 2 +- cvm-qmail=x | 4 +- cvm-testclient=x | 2 +- cvm-unix=x | 2 +- cvm-v1benchclient=x | 2 +- cvm-v1checkpassword=x | 2 +- cvm-v1testclient=x | 2 +- cvm-vchkpw=x | 2 +- cvm-vmailmgr-local=x | 4 +- cvm-vmailmgr-udp=x | 4 +- cvm-vmailmgr=x | 4 +- sasl-auth-test=x | 4 +- 23 files changed, 66 insertions(+), 63 deletions(-) create mode 100644 LIBVERSION commit 6746aeec1bfbaf2103e4a3fea10e82bbd4f4267e Author: Bruce Guenter Date: Fri Jul 28 04:46:51 2006 +0000 Fixed the old em.ca email address. README.in | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 0fdea6d9c1493ebebd3c8475adf3adb6262e2157 Author: Bruce Guenter Date: Wed Jul 26 14:56:32 2006 +0000 Renamed all the libraries to have their target libcvm- prefix. INSTHIER | 16 ++++++++-------- cvm-benchclient=x | 2 +- cvm-chain=x | 4 ++-- cvm-checkpassword=x | 2 +- cvm-mysql-local=x | 4 ++-- cvm-mysql-udp=x | 4 ++-- cvm-mysql=x | 4 ++-- cvm-pgsql-local=x | 4 ++-- cvm-pgsql-udp=x | 4 ++-- cvm-pgsql=x | 4 ++-- cvm-pwfile=x | 2 +- cvm-qmail=x | 4 ++-- cvm-testclient=x | 2 +- cvm-unix=x | 2 +- cvm-v1benchclient=x | 2 +- cvm-v1checkpassword=x | 2 +- cvm-v1testclient=x | 2 +- cvm-vchkpw=x | 2 +- cvm-vmailmgr-local=x | 4 ++-- cvm-vmailmgr-udp=x | 4 ++-- cvm-vmailmgr=x | 4 ++-- command=l => libcvm-command=l | 0 local=l => libcvm-local=l | 0 module=l => libcvm-module=l | 0 qmail=l => libcvm-qmail=l | 0 sasl=l => libcvm-sasl=l | 0 sql=l => libcvm-sql=l | 0 udp=l => libcvm-udp=l | 0 v1client=l => libcvm-v1client=l | 0 v2client=l => libcvm-v2client=l | 0 sasl-auth-test=x | 4 ++-- 31 files changed, 41 insertions(+), 41 deletions(-) rename command=l => libcvm-command=l (100%) rename local=l => libcvm-local=l (100%) rename module=l => libcvm-module=l (100%) rename qmail=l => libcvm-qmail=l (100%) rename sasl=l => libcvm-sasl=l (100%) rename sql=l => libcvm-sql=l (100%) rename udp=l => libcvm-udp=l (100%) rename v1client=l => libcvm-v1client=l (100%) rename v2client=l => libcvm-v2client=l (100%) commit 674b8fdadc9bb2076d5af548e89dfa5d30f123ed Author: Bruce Guenter Date: Mon Aug 29 16:02:41 2005 +0000 Documentation touch-ups: make reference to cvm-qmail in cvm-vmailmgr config variables, and properly alphabetize the variable names. cvm-qmail.html | 11 ++++++----- cvm-vmailmgr.html | 24 +++++++++++------------- 2 files changed, 17 insertions(+), 18 deletions(-) commit b022e652256b321679ff53103bc803d9c82143d6 Author: Bruce Guenter Date: Mon Aug 29 15:55:32 2005 +0000 Added a feature to all qmail-based modules to treat all domains as local if $CVM_QMAIL_ASSUME_LOCAL is set. NEWS | 3 +++ cvm-qmail.html | 4 ++++ qmail-domains.c | 8 +++++++- tests/qmail-lookup-assume | 22 ++++++++++++++++++++++ 4 files changed, 36 insertions(+), 1 deletions(-) create mode 100644 tests/qmail-lookup-assume commit 69f2b82e3609c48aa5d8bacdcd175f21684eafad Author: Bruce Guenter Date: Sun Aug 28 21:41:50 2005 +0000 Fixed a missing-escaped-$ typo on the vmailmgr-xconvert test. tests/vmailmgr-xconvert | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 4911f9350b69ecd51fc80a30aaf2ad81ac979d30 Author: Bruce Guenter Date: Sun Aug 28 21:40:43 2005 +0000 Fixed the autoconvert feature of cvm-vmailmgr to set the permissions and ownership of the created password table to that of the original. NEWS | 2 ++ vmautoconvert.c | 8 +++++++- 2 files changed, 9 insertions(+), 1 deletions(-) commit 1d0459b3de1c3714ac4c305018e737a9fd590317 Author: Bruce Guenter Date: Sun Aug 28 21:28:05 2005 +0000 Bumped version to 0.76 NEWS | 6 ++++++ VERSION | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit 91a69ac3169874fe5db088ea56a21daacffc455a Author: Bruce Guenter Date: Sat Aug 27 06:46:41 2005 +0000 Use cdbget to dump the converted record in a more useful format. tests/vmailmgr-xconvert | 9 ++++----- 1 files changed, 4 insertions(+), 5 deletions(-) commit e379c4e4e3cd0e925c4d91a749e088e9526cc224 Author: Bruce Guenter Date: Tue Aug 23 19:35:46 2005 +0000 Fixed up printf invocations to make them work around the bugs in ash's builtin printf. tests.inc | 14 ++++++++------ 1 files changed, 8 insertions(+), 6 deletions(-) commit 752c8899cae14a6ad835e075d06a5f2acbc43c6d Author: Bruce Guenter Date: Tue Aug 23 18:22:48 2005 +0000 Bumped version number to 0.75, just because. NEWS | 2 +- VERSION | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit fe38b19c2405f8f08fab02f50614116acd95cf37 Author: Bruce Guenter Date: Fri Aug 19 23:35:32 2005 +0000 Documented the new $VMAILMGR_AUTOCONVERT environment variable. NEWS | 3 ++- cvm-vmailmgr.html | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletions(-) commit 0325b7c841ac1cd359e96ec073798c2b2fd071eb Author: Bruce Guenter Date: Fri Aug 19 22:42:17 2005 +0000 The previous cvm-vmailmgr autoconvert fix requires a patch only present in bglibs 1.027. spec | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 25834b571395cc91513a7ebb834c81854fb468fb Author: Bruce Guenter Date: Fri Aug 19 22:40:49 2005 +0000 Added an "autoconvert" mode to cvm-vmailmgr, which converts encrypted passwords to plain-text on successful authentication. NEWS | 2 + TODO | 12 +--- cvm-vmailmgr-local=x | 1 + cvm-vmailmgr-udp=x | 1 + cvm-vmailmgr.c | 8 +++- cvm-vmailmgr.h | 1 + cvm-vmailmgr=x | 1 + tests.inc | 12 ++-- tests/vmailmgr-xconvert | 35 +++++++++++++ vmautoconvert.c | 124 +++++++++++++++++++++++++++++++++++++++++++++++ 10 files changed, 181 insertions(+), 16 deletions(-) create mode 100644 tests/vmailmgr-xconvert create mode 100644 vmautoconvert.c commit 29f315139b80cc69e6b4ddbb0e8289c034580902 Author: Bruce Guenter Date: Fri Aug 19 21:00:18 2005 +0000 Since there is no more cvm-vmlookup module, merge vmmain.c back into cvm-vmailmgr.c (and adjust cvm-vmailmgr.h to match). cvm-vmailmgr-local=x | 1 - cvm-vmailmgr-udp=x | 1 - cvm-vmailmgr.c | 93 ++++++++++++++++++++++++++++++++++++++++- cvm-vmailmgr.h | 3 - cvm-vmailmgr=x | 1 - vmmain.c | 114 -------------------------------------------------- 6 files changed, 91 insertions(+), 122 deletions(-) delete mode 100644 vmmain.c commit 06b0b0db32ccde56163763637cf29074d6bfa049 Author: Bruce Guenter Date: Fri Aug 19 20:53:11 2005 +0000 Converted to use bg-installer for installation. INSTHIER | 44 ++++++++++++++++++++++++++++++++++++++++ insthier.c | 66 ------------------------------------------------------------ spec | 17 ++++++--------- 3 files changed, 51 insertions(+), 76 deletions(-) create mode 100644 INSTHIER delete mode 100644 insthier.c commit 82f676a1b8ee8add2c3d585e1ea5ad77a384eec8 Author: Bruce Guenter Date: Fri Aug 19 20:43:24 2005 +0000 Bumped version to 0.72 NEWS | 6 ++++++ VERSION | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit 4010efebcaa073b7115816b669c1d35887a429a7 Author: Bruce Guenter Date: Thu Jun 2 04:55:07 2005 +0000 Add the ChangeLog to the list of "extra" website files. makedist.py | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) commit 4f76b66b4bff655dcd0137e7d6b2092e40642678 Author: Bruce Guenter Date: Thu Jun 2 04:20:11 2005 +0000 Updated the cvm-vchkpw module. It now compiles, and should work but remains completely untested. NEWS | 2 ++ TOP.spac | 2 +- cvm-vchkpw.c | 44 ++++++++++++++++++++++---------------------- cvm-vchkpw=x | 11 +++++++++++ programs.spac | 4 +++- 5 files changed, 39 insertions(+), 24 deletions(-) create mode 100644 cvm-vchkpw=x commit bbca084e8ec365dc385db2a3883074b72fddab10 Author: Bruce Guenter Date: Thu Jun 2 04:02:23 2005 +0000 Initial commit of sasl_auth.c source. sasl_auth.c | 141 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 141 insertions(+), 0 deletions(-) create mode 100644 sasl_auth.c commit 0a0918380b5147a82877524b8ad282ea95429e11 Author: Bruce Guenter Date: Thu Jun 2 03:59:43 2005 +0000 Initial commit of the cvm-chain.html documentation page. cvm-chain.html | 39 +++++++++++++++++++++++++++++++++++++++ 1 files changed, 39 insertions(+), 0 deletions(-) create mode 100644 cvm-chain.html commit 2efdbbcb67c128bad5fe013e5075e9b979788c3c Author: Bruce Guenter Date: Thu Jun 2 01:39:19 2005 +0000 Set PROTO to make UCSPI variables work. tests.inc | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) commit 18612d50590bab463a4aabdea6dbda27116fefb2 Author: Bruce Guenter Date: Thu Jun 2 01:39:00 2005 +0000 Use %{_includedir} for locaing the PostgreSQL headers. spec | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 219600cc1bd52dffb347e9d3f03af0f2ec0b6621 Author: Bruce Guenter Date: Thu Jun 2 01:38:32 2005 +0000 Added a to do note about auto-converting passwords. TODO | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) commit 7e8fa37fcb0358fe4f8069879cf11bc551129f33 Author: Bruce Guenter Date: Thu Jun 2 01:38:12 2005 +0000 Rewrote v2client_wrappers to avoid static strings. TODO | 2 -- v2client_wrappers.c | 33 +++++++++++++++++++++------------ 2 files changed, 21 insertions(+), 14 deletions(-) commit aa63ca143b93bb8251baadc102fad0ecbab474cc Author: Bruce Guenter Date: Thu Jun 2 01:19:28 2005 +0000 Bumped version to 0.71 for several brown-paper-bag bug fixes. NEWS | 7 +++++++ VERSION | 2 +- 2 files changed, 8 insertions(+), 1 deletions(-) commit 6d64e106eef170a61f325e360208f172f8627e2e Author: Bruce Guenter Date: Thu Jun 2 01:18:49 2005 +0000 If no domain is present, use an empty one instead of crashing. sasl_authenticate.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) commit aa8b6f855c7222d4f00e2f33cc8148e824bc8b85 Author: Bruce Guenter Date: Thu Jun 2 01:17:34 2005 +0000 Use ucspi_localhost() instead of getenv("TCPLOCALHOST") to determine the local host name. cvm-checkpassword.c | 6 ++++-- cvm-v1checkpassword.c | 5 +++-- sasl_init.c | 3 ++- 3 files changed, 9 insertions(+), 5 deletions(-) commit e52561c6d6e660c886ad2e8a0570330881d42b9e Author: Bruce Guenter Date: Thu Jun 2 01:13:21 2005 +0000 Only set sa->response if no initial response is present. sasl_login.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit d67f1120638fe6ce754aeae5e34c7c0c1582085f Author: Bruce Guenter Date: Thu Jun 2 01:12:59 2005 +0000 Switched to a static response function. sasl_plain.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) commit 0739385948e7403a10f531f0b50b3970e5c9b0ee Author: Bruce Guenter Date: Thu Jun 2 01:12:30 2005 +0000 Switched to a static response function. sasl_cram_md5.c | 9 +++++---- 1 files changed, 5 insertions(+), 4 deletions(-) commit 8219f9631ed20b46064345788cc383067b51d3b8 Author: Bruce Guenter Date: Thu Jun 2 01:09:46 2005 +0000 Use multiple response functions instead of keeping state based on the length of sa->username. sasl_login.c | 28 +++++++++++++++++----------- 1 files changed, 17 insertions(+), 11 deletions(-) commit 6b1da0761bf8cf921f9c37d3bff95a792e58890e Author: Bruce Guenter Date: Thu Jun 2 01:04:26 2005 +0000 Make sure to set the username empty before starting the login process, otherwise all logins after the first will fail. sasl_login.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) commit 6ebc2be95a6696485566d475987fbb8ea64cec88 Author: Bruce Guenter Date: Wed Jun 1 23:16:14 2005 +0000 Make sure the "install" target is in the local TOP spac rule. TOP.spac | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit b063ada4d54addfb8b3b69b995256e1983b07b83 Author: Bruce Guenter Date: Wed Jun 1 22:48:45 2005 +0000 Now requires bglibs-1.020 (format strings). README.in | 2 +- spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit c1eb15c2d7f38754b5737cef5a1ad2e87ccebda0 Author: Bruce Guenter Date: Wed Jun 1 20:11:07 2005 +0000 Rewrote SASL API to eliminate static data, making it reentrant. Bumped version up to 0.70 as a result. NEWS | 10 ++++++-- VERSION | 2 +- sasl.h | 25 +++++++++++++++------- sasl_authenticate.c | 24 ++++++++++++--------- sasl_cram_md5.c | 56 +++++++++++++++++++++++++++----------------------- sasl_init.c | 34 ++++++++++++++---------------- sasl_internal.h | 20 ++++++----------- sasl_login.c | 37 +++++++++++++++++++-------------- sasl_plain.c | 32 ++++++++++++++++++----------- sasl_start.c | 13 ++++------- 10 files changed, 138 insertions(+), 115 deletions(-) commit 77c2a25ab6c4d21df8429e5cd00f9983012d14f3 Author: Bruce Guenter Date: Wed Jun 1 19:42:26 2005 +0000 Added SASL generic text I/O authentication framework from mailfront. NEWS | 2 + TODO | 2 + sasl-auth-test.c | 36 ++++++++++++++++++ cvm-benchclient=x => sasl-auth-test=x | 2 +- sasl.h | 19 ++++++++++ sasl=l | 1 + sasl_authenticate.c | 65 +++++++++++++++++++++++++++++++-- tests.inc | 9 +++++ tests/sasl-eof | 8 ++++ tests/sasl-login1 | 10 +++++ tests/sasl-login2 | 8 ++++ tests/sasl-nomech | 7 ++++ tests/sasl-plain-fail | 7 ++++ tests/sasl-plain1 | 8 ++++ tests/sasl-plain2 | 5 +++ 15 files changed, 184 insertions(+), 5 deletions(-) create mode 100644 sasl-auth-test.c copy cvm-benchclient=x => sasl-auth-test=x (59%) create mode 100644 tests/sasl-eof create mode 100644 tests/sasl-login1 create mode 100644 tests/sasl-login2 create mode 100644 tests/sasl-nomech create mode 100644 tests/sasl-plain-fail create mode 100644 tests/sasl-plain1 create mode 100644 tests/sasl-plain2 commit 54ec21b2e76d3fa6a65e0cb49e4f3a1cc19cfe29 Author: Bruce Guenter Date: Tue May 31 19:28:03 2005 +0000 Fixed up the SASL library to use the v2 client library. NEWS | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) commit 1be3087d15c36e58a580e77f7063bab9c319f34d Author: Bruce Guenter Date: Tue May 31 19:27:53 2005 +0000 Fixed up the SASL library to use the v2 client library. sasl_cram_md5.c | 37 ++++++++++++++++++++++++++++++------- sasl_internal.h | 4 +++- sasl_login.c | 5 +---- sasl_plain.c | 5 +---- 4 files changed, 35 insertions(+), 16 deletions(-) commit 5f02201c047e639c0e2c97c6350af21de5f6d81b Author: Bruce Guenter Date: Tue May 31 19:26:54 2005 +0000 Bumped version to 0.65 NEWS | 6 ++++++ VERSION | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit f040a31d8142979328903171a5361c0587e120e0 Author: Bruce Guenter Date: Tue May 31 16:51:07 2005 +0000 Clarified the CVM_CRED_RESPONSE_TYPE value semantics. credentials.html | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) commit bede08a08b9947ad2f397bab252a9766b3122158 Author: Bruce Guenter Date: Tue May 31 15:37:56 2005 +0000 Make the credentials parameter const, as it is not modified. v2client.c | 4 ++-- v2client.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit 74e0647cc53f89d3baab50c83b4327e73fe847c2 Author: Bruce Guenter Date: Mon May 30 05:46:34 2005 +0000 Move #include to the first in the list, as BSD needs this. client_xfer_command.c | 2 +- client_xfer_udp.c | 2 +- cvm-chain.c | 2 +- cvm-unix.c | 2 +- cvm-vchkpw.c | 2 +- cvm-vmailmgr.c | 2 +- module_output.c | 2 +- sasl_cram_md5.c | 2 +- v1client.c | 2 +- v2client.c | 2 +- vmlookup.c | 2 +- vmmain.c | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) commit 07b4a7cdfa8019c30e24c386f2e3dc1906fbe739 Author: Bruce Guenter Date: Sun May 29 22:41:13 2005 +0000 Added test for cvm-chain. TODO | 4 ++-- tests/chain | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 tests/chain commit 98428778ca68ae9ecf0093b4835ed6604e5f9a82 Author: Bruce Guenter Date: Fri May 27 23:01:19 2005 +0000 Added cvm-chain combination client/module program (adapted from code contributed by Dale Woolridge). NEWS | 3 + cvm-chain.c | 87 +++++++++++++++++++++++++++++++++++++++++++ cvm-pwfile=x => cvm-chain=x | 6 +- cvm.html | 1 + insthier.c | 1 + 5 files changed, 95 insertions(+), 3 deletions(-) create mode 100644 cvm-chain.c copy cvm-pwfile=x => cvm-chain=x (58%) commit 53b6c7ca58ba768b3c68ddfd923e5a0be057cff1 Author: Bruce Guenter Date: Fri May 27 17:55:05 2005 +0000 Renamed client and module library symbols in the documentation. module.html | 45 ++++++++++++++++---------------- v1client.html | 66 +++++++++++++++++++++++----------------------- v2client.html | 79 +++++++++++++++++++++++++++----------------------------- 3 files changed, 94 insertions(+), 96 deletions(-) commit b655f048ef2acc8a1e66c4aa454010a47ccd5ed8 Author: Bruce Guenter Date: Fri May 27 17:54:43 2005 +0000 Renamed cvm_ucspi_domain to match other cvm client library functions. client_domain.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 4f8789466c717d611ea7e27345e150e2dd14e218 Author: Bruce Guenter Date: Wed May 25 23:52:01 2005 +0000 Added an #ifdef in the headers to prevent the definition of the compatibility macros. module.h | 2 +- v1client.h | 2 +- v2client.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) commit 5cd904868cbdd7d92f3fa4f4b02836854ca53f0b Author: Bruce Guenter Date: Wed May 25 23:37:52 2005 +0000 Major API change, bumping up the version number to 0.60. - All module symbols are named cvm_module_* - All client symbols are named cvm_client_* NEWS | 10 ++++- VERSION | 2 +- client_setenv.c | 8 ++-- client_setugid.c | 2 +- credentials.h | 2 +- cvm-benchclient.c | 2 +- cvm-checkpassword.c | 6 ++-- cvm-pwfile.c | 14 ++++---- cvm-qmail.c | 6 ++-- cvm-testclient.c | 6 ++-- cvm-unix.c | 14 ++++---- cvm-v1benchclient.c | 2 +- cvm-v1checkpassword.c | 6 ++-- cvm-v1testclient.c | 4 +- cvm-vmailmgr.c | 4 +- module.h | 75 +++++++++++++++++++++++++++------------ module_command.c | 20 +++++++---- module_local.c | 24 ++++++++----- module_local_main.c | 2 +- module_log.c | 24 ++++++------ module_main.c | 2 +- module_output.c | 48 ++++++++++++------------ module_request.c | 95 ++++++++++++++++++++++++++----------------------- module_udp.c | 19 +++++----- module_udp_main.c | 2 +- qmail-lookup.c | 11 +++--- sasl_authenticate.c | 2 +- sasl_cram_md5.c | 2 +- sql-auth.c | 8 ++-- sql-query-test.c | 8 ++-- sql-query.c | 8 ++-- v1client.c | 38 ++++++++++---------- v1client.h | 39 +++++++++++++++----- v2client.c | 38 ++++++++++---------- v2client.h | 51 +++++++++++++++++++------- v2client_wrappers.c | 6 ++-- vmlookup.c | 4 +- vmmain.c | 4 +- 38 files changed, 358 insertions(+), 260 deletions(-) commit 81f619e2fac8c012658d42ff2915d1418a2815ff Author: Bruce Guenter Date: Wed May 25 19:24:31 2005 +0000 Renamed cvm_auth_{init,stop} to cvm_module_{init,stop}. NEWS | 1 + cvm-pwfile.c | 4 ++-- cvm-qmail.c | 4 ++-- cvm-unix.c | 4 ++-- cvm-vchkpw.c | 4 ++-- module.h | 4 ++-- module.html | 4 ++-- module_command.c | 6 +++--- module_local.c | 4 ++-- module_udp.c | 4 ++-- sql-auth.c | 4 ++-- vmmain.c | 4 ++-- 12 files changed, 24 insertions(+), 23 deletions(-) commit 736d03654370bb57b19571ed5de067b6a0a4eef2 Author: Bruce Guenter Date: Wed May 25 18:32:20 2005 +0000 Bumped version to 0.51 NEWS | 6 ++++++ VERSION | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit 767a19e47b683e12b620baae6bf8ea3a8eed0c26 Author: Bruce Guenter Date: Wed May 11 19:56:16 2005 +0000 Authenticating against cvm-qmail is nonsense, so make cvm-qmail work only in lookup mode. cvm-qmail.c | 3 +-- tests/qmail-lookup | 3 ++- 2 files changed, 3 insertions(+), 3 deletions(-) commit 87a19f4f5652af4d13e37adf31012fd8a509ac8b Author: Bruce Guenter Date: Tue May 10 22:38:11 2005 +0000 Clear the memory for cvm_credentials just like the module code does. sql-query-test.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) commit d829df457bb4f88b757dc2f92f6a1912800fb463 Author: Bruce Guenter Date: Tue May 10 22:36:59 2005 +0000 Switched completely away from using stdio. TODO | 4 -- cvm-benchclient.c | 31 +++++++++------- cvm-checkpassword.c | 11 +++--- cvm-pwfile.c | 29 ++++++++------- cvm-testclient.c | 67 ++++++++++++++++++++++------------- cvm-v1benchclient.c | 31 ++++++++-------- cvm-v1checkpassword.c | 15 ++++---- cvm-v1testclient.c | 73 ++++++++++++++++++++++++--------------- module_command_main.c | 4 ++- module_local.c | 18 +++++----- module_local_main.c | 10 +++-- module_main.c | 13 ++++--- module_udp.c | 15 ++++++-- module_udp_main.c | 10 +++-- sql-query-test.c | 27 +++++++------- tests/command-bad-password | 2 +- tests/command-bad-username | 2 +- tests/lookup | 4 +- tests/pwfile-local-bad-password | 2 +- tests/pwfile-udp-bad-password | 2 +- tests/qmail-lookup | 8 ++-- tests/v1lookup | 4 +- tests/vmailmgr-upper-pass | 2 +- tests/vmlookup-badpass | 2 +- 24 files changed, 219 insertions(+), 167 deletions(-) commit c5b1c6c4c04592df71a03f3f821a4abd8efd9495 Author: Bruce Guenter Date: Tue May 10 17:39:00 2005 +0000 Split conf-home control into conf-bin/include/lib, to help deal with systems on which the different directories are in non-obvious places. insthier.c | 11 ++++++----- spec | 21 ++++++++++++--------- 2 files changed, 18 insertions(+), 14 deletions(-) commit f50028e7ae2932400a566b916539d7ce3543ba01 Author: Bruce Guenter Date: Tue May 10 17:27:41 2005 +0000 Added notes about the rationale behind the version 2 protocol. protocol-2.html | 11 +++++++++++ 1 files changed, 11 insertions(+), 0 deletions(-) commit 93294165b14e63b866710f1526cbad25d6ceeca9 Author: Bruce Guenter Date: Tue May 10 17:07:04 2005 +0000 Fixed some missing details in the v2client API documentation. v2client.html | 13 +++++++++++++ 1 files changed, 13 insertions(+), 0 deletions(-) commit 0fb99a401ab494a024d60e519aee785e5a01837d Author: Bruce Guenter Date: Tue May 10 17:06:43 2005 +0000 Updated the notes about the changes in this release. NEWS | 11 +++++++++-- TODO | 12 +++++------- 2 files changed, 14 insertions(+), 9 deletions(-) commit 9c2e34f23e1cf11ff83ab1f14cd7e2620a1b0a84 Author: Bruce Guenter Date: Tue May 10 16:58:18 2005 +0000 Removed the unreferenced client.html documentation. client.html | 101 ----------------------------------------------------------- 1 files changed, 0 insertions(+), 101 deletions(-) delete mode 100644 client.html commit e77ce356c9d5e33a8381f1023b9291b3a8591e66 Author: Bruce Guenter Date: Tue May 10 16:58:02 2005 +0000 Updated the module API documentation. module.html | 22 +++++++++------------- 1 files changed, 9 insertions(+), 13 deletions(-) commit 9aa5cc5d2e2491e878f299f07c0ca1bdb3f3125d Author: Bruce Guenter Date: Tue May 10 16:56:29 2005 +0000 Added tests of the v1 module compatibility mode. tests/stop-pwfile-local | 2 +- tests/stop-pwfile-udp | 2 +- tests/{pwfile-local => v1local} | 2 +- tests/{lookup => v1lookup} | 8 +++----- tests/{pwfile-udp => v1udp} | 2 +- 5 files changed, 7 insertions(+), 9 deletions(-) copy tests/{pwfile-local => v1local} (84%) copy tests/{lookup => v1lookup} (88%) copy tests/{pwfile-udp => v1udp} (84%) commit 091a2c2901302f2fe004f0a4e2229762cd5015ab Author: Bruce Guenter Date: Tue May 10 16:50:42 2005 +0000 Documented the new Version 2 API. cvm.html | 3 +- client.html => v1client.html | 4 +- client.html => v2client.html | 52 ++++++++++++++++++++++------------------- 3 files changed, 32 insertions(+), 27 deletions(-) copy client.html => v1client.html (97%) copy client.html => v2client.html (71%) commit 5cf4f41981ec93910a49ed5dcbe86ff967ff1956 Author: Bruce Guenter Date: Tue May 10 16:43:05 2005 +0000 Modified the API for cvm_split_account to be a little more reasonable. v2client.c | 31 +++++++++++++------------------ v2client.h | 3 +-- v2client_wrappers.c | 2 +- 3 files changed, 15 insertions(+), 21 deletions(-) commit 53f2d9832186737773447e5408ccc5d20b05e40a Author: Bruce Guenter Date: Tue May 10 06:02:00 2005 +0000 Converted cvm-benchclient to the v2 API. cvm-benchclient.c | 16 ++++++++++------ cvm-benchclient=x | 2 +- cvm-benchclient.c => cvm-v1benchclient.c | 0 cvm-benchclient=x => cvm-v1benchclient=x | 0 insthier.c | 3 ++- 5 files changed, 13 insertions(+), 8 deletions(-) copy cvm-benchclient.c => cvm-v1benchclient.c (100%) copy cvm-benchclient=x => cvm-v1benchclient=x (100%) commit e39e77437d4b28a0f313dea348ead810f3ddcc6f Author: Bruce Guenter Date: Tue May 10 05:53:09 2005 +0000 Added missing test. tests/qmail-lookup-nodomain | 14 ++++++++++++++ 1 files changed, 14 insertions(+), 0 deletions(-) create mode 100644 tests/qmail-lookup-nodomain commit 22d97b1da5173c8be71b25397dcb42fca5dfa89d Author: Bruce Guenter Date: Tue May 10 05:51:53 2005 +0000 Converted cvm-checkpassword to the version 2 API. cvm-checkpassword.c | 9 +++++---- cvm-checkpassword=x | 2 +- cvm-checkpassword.c => cvm-v1checkpassword.c | 0 cvm-benchclient=x => cvm-v1checkpassword=x | 0 insthier.c | 1 + 5 files changed, 7 insertions(+), 5 deletions(-) copy cvm-checkpassword.c => cvm-v1checkpassword.c (100%) copy cvm-benchclient=x => cvm-v1checkpassword=x (100%) commit f5c4c7e77a7d73152ad329a1368fd139d184a0ac Author: Bruce Guenter Date: Mon May 9 23:39:39 2005 +0000 Dropped the now redundant cvm_authenticate_lookup wrapper function. cvm-testclient.c | 2 +- v2client.h | 4 ---- v2client_wrappers.c | 16 ---------------- 3 files changed, 1 insertions(+), 21 deletions(-) commit f7461c43f748d7a0979d4bdd2c966386202b35b0 Author: Bruce Guenter Date: Mon May 9 23:38:42 2005 +0000 Modified the wrapper functions to only send across the credentials that are not NULL or empty. tests/pwfile-local | 2 +- tests/pwfile-local-bad-password | 2 +- tests/pwfile-udp | 2 +- tests/pwfile-udp-bad-password | 2 +- tests/stop-pwfile-local | 2 +- tests/stop-pwfile-udp | 2 +- v2client_wrappers.c | 37 ++++++++++++++++++++++++++----------- 7 files changed, 32 insertions(+), 17 deletions(-) commit bf2b641e7b22a1658702d29670cbfcd887d89176 Author: Bruce Guenter Date: Mon May 9 23:32:09 2005 +0000 Split out the API for splitting a domain name from the account name into a seperate function. v2client.c | 58 ++++++++++++++++++++++++-------------------------- v2client.h | 5 ++- v2client_wrappers.c | 11 +++++++-- 3 files changed, 39 insertions(+), 35 deletions(-) commit 37eba429fe14e62e99fd46d05d17e66c0da40ca1 Author: Bruce Guenter Date: Mon May 9 23:16:40 2005 +0000 Fixed up tests to match current behavior. tests.inc | 21 ++++++++++++++++++--- tests/command-bad-password | 2 +- tests/command-bad-username | 2 +- tests/command-case | 2 +- tests/command-no-prefix | 2 +- tests/command-prefix | 2 +- tests/lookup | 18 +++++++++++++++--- tests/pwfile | 2 +- tests/pwfile-crypt | 2 +- tests/pwfile-local | 4 ++-- tests/pwfile-local-bad-password | 4 ++-- tests/pwfile-udp | 4 ++-- tests/pwfile-udp-bad-password | 4 ++-- tests/qmail-lookup | 2 +- tests/start-pwfile-local | 2 +- tests/start-pwfile-udp | 2 +- tests/stop-pwfile-local | 2 +- tests/stop-pwfile-udp | 2 +- tests/vmailmgr-normal | 2 +- tests/vmailmgr-upper-domain | 2 +- tests/vmailmgr-upper-pass | 2 +- tests/vmailmgr-upper-virt | 2 +- tests/vmlookup-badpass | 4 ++-- tests/vmlookup-normal | 3 ++- tests/vmlookup-pass | 3 ++- tests/vmlookup-upper-domain | 3 ++- tests/vmlookup-upper-virt | 3 ++- 27 files changed, 67 insertions(+), 36 deletions(-) commit 6b14b418af4267265e3aca380cfd0ffb95e46533 Author: Bruce Guenter Date: Mon May 9 23:06:43 2005 +0000 Since qmail_lookup_cvm handles the case where the domain credential is missing, it shouldn't be marked as required in the module. cvm-qmail.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) commit bf7a94d39ad09bb01ae8c43f6422d1178baad16b Author: Bruce Guenter Date: Mon May 9 19:50:08 2005 +0000 Fixed a bug in module output where error packets would always be sent in version 1 protocol format. module_output.c | 11 +++++------ module_request.c | 2 +- 2 files changed, 6 insertions(+), 7 deletions(-) commit 56c1845596833f5a9494567514d40f62f046e5fe Author: Bruce Guenter Date: Mon May 9 18:52:11 2005 +0000 Added plain lookup wrapper for cvm_authenticate. cvm-testclient.c | 18 ++++++++++++++---- v2client.h | 10 +++++----- v2client_wrappers.c | 12 ++++++++++++ 3 files changed, 31 insertions(+), 9 deletions(-) commit 8c838917f8d32cbb359300cd263ac76b4a2963f2 Author: Bruce Guenter Date: Mon May 9 18:51:52 2005 +0000 Fixed bug with parsing the length byte in cvm_fact_str. v2client.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 08f35c9d69b233ccc681b4f5b42fb58a6450435e Author: Bruce Guenter Date: Mon May 9 18:19:29 2005 +0000 Fixed bug introduced with the $CVM_LOOKUP_SECRET variable. v2client.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) commit f9356a1b18b604569897de18f505b6786a704117 Author: Bruce Guenter Date: Mon May 9 17:49:56 2005 +0000 If $CVM_LOOKUP_SECRET is set, and no CVM_CRED_SECRET credential is present, automatically add it to the set of credentials sent by the client. v2client.c | 11 ++++++++++- 1 files changed, 10 insertions(+), 1 deletions(-) commit eb0e36bf0f92068db6a977ae2f8eb669db0b3bac Author: Bruce Guenter Date: Mon May 9 05:15:57 2005 +0000 Since I have committed actual code for the v2 protocol, it no longer is really a "work in progress". cvm.html | 3 ++- protocol-2.html | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) commit b269b79cb813f71aa771d0742cf47614a7d2c447 Author: Bruce Guenter Date: Mon May 9 05:11:26 2005 +0000 Added initial support for protocol v2 to client library; fixed some related bugs in the module library. cvm-testclient.c | 10 +- module_output.c | 3 +- module_request.c | 2 +- v2client.c | 166 +++++++++++++++++---------- v2client.h | 27 ++++- v2client=l | 1 + module_local_main.c => v2client_wrappers.c | 36 +++--- 7 files changed, 153 insertions(+), 92 deletions(-) copy module_local_main.c => v2client_wrappers.c (51%) commit 18d5cc1c09796c59e86ee7c0241b2bf35982bdba Author: Bruce Guenter Date: Mon May 9 04:28:04 2005 +0000 Fixed potential problem with overflowing unsigned numbers. v1client.c | 9 +++++---- 1 files changed, 5 insertions(+), 4 deletions(-) commit 74b0822d6996a39db773b0bbe8086ab7973823a3 Author: Bruce Guenter Date: Sun May 8 06:11:57 2005 +0000 Use global CVM_BUFSIZE constant. v1client.c | 5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-) commit 0495d3318fa478a084d2cbaab655cc64a856775f Author: Bruce Guenter Date: Sun May 8 06:09:48 2005 +0000 Move parsing the result code in the buffer into the parse_buffer routine. v1client.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 01d1f682eba537c3c5aae886e4142aea7e4adaa7 Author: Bruce Guenter Date: Sun May 8 06:08:33 2005 +0000 Don't try to interpret the buffer in the transfer code. client_xfer_udp.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 19196d4f03c2396de81d07fdcf06da4c8536f315 Author: Bruce Guenter Date: Sun May 8 05:57:48 2005 +0000 Renamed the soon-to-be version 2 client library to v2client, and put in compatibility links to the version 1 client library, to allow existing software to compile properly. client_domain.c | 2 +- client_setenv.c | 2 +- client_setugid.c | 2 +- client_xfer_command.c | 2 +- client_xfer_local.c | 2 +- client_xfer_udp.c | 2 +- cvm-benchclient.c | 2 +- cvm-benchclient=x | 2 +- cvm-checkpassword.c | 2 +- cvm-checkpassword=x | 2 +- cvm-testclient.c | 2 +- cvm-testclient=x | 2 +- insthier.c | 6 ++++-- sasl_authenticate.c | 2 +- sasl_cram_md5.c | 2 +- client.c => v2client.c | 2 +- client.h => v2client.h | 4 ++-- client=l => v2client=l | 2 +- 18 files changed, 22 insertions(+), 20 deletions(-) rename client.c => v2client.c (99%) rename client.h => v2client.h (94%) rename client=l => v2client=l (91%) commit 4acd0b6f3055a0705d3347ff5811b538b04dee9e Author: Bruce Guenter Date: Sun May 8 05:41:00 2005 +0000 Fixed another signed char* instance. v1client.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) commit 38f6e8b60b02bdc203c17604c3922d5fef6cf0b5 Author: Bruce Guenter Date: Sun May 8 05:36:11 2005 +0000 Fixed usage of global "str" type as variable name. client_setenv.c | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) commit 396111a60d3efa2892b21005b3e5023698258497 Author: Bruce Guenter Date: Sun May 8 05:02:38 2005 +0000 Broke out the command/local/UDP client-module transmission code, as this will be identical in both protocols. client.c | 176 +------------------------------------------------ client.h | 12 ++++ client=l | 3 + client_xfer_command.c | 125 +++++++++++++++++++++++++++++++++++ client_xfer_local.c | 59 ++++++++++++++++ client_xfer_udp.c | 81 ++++++++++++++++++++++ v1client.c | 176 +------------------------------------------------ v1client.h | 16 ++++- v1client=l | 3 + 9 files changed, 303 insertions(+), 348 deletions(-) create mode 100644 client_xfer_command.c create mode 100644 client_xfer_local.c create mode 100644 client_xfer_udp.c commit 05adb704cad84e467ec418ecfb12f0a34eec0990 Author: Bruce Guenter Date: Sun May 8 03:43:45 2005 +0000 Saved a copy of the v1 protocol clients and API for compatibility testing. cvm-testclient.c => cvm-v1testclient.c | 2 +- cvm-benchclient=x => cvm-v1testclient=x | 2 +- insthier.c | 3 +++ client.c => v1client.c | 2 +- client.h => v1client.h | 0 client=l => v1client=l | 2 +- 6 files changed, 7 insertions(+), 4 deletions(-) copy cvm-testclient.c => cvm-v1testclient.c (98%) copy cvm-benchclient=x => cvm-v1testclient=x (59%) copy client.c => v1client.c (99%) copy client.h => v1client.h (100%) copy client=l => v1client=l (85%) commit 74e38a89b8eb807734ab3d6356db8b5ac4587900 Author: Bruce Guenter Date: Sat May 7 19:25:14 2005 +0000 Rewrote the module code to handle both v2 and v1 protocols. NEWS | 8 ++++ VERSION | 2 +- credentials.h | 2 + cvm-pwfile.c | 16 ++++---- cvm-qmail.c | 4 +- cvm-unix.c | 10 ++-- cvm-vmailmgr.c | 24 ++++++----- cvm.html | 2 +- insthier.c | 3 +- module.h | 13 ++++-- module_log.c | 17 ++++++-- module_output.c | 47 ++++++++++++++++++++--- module_request.c | 79 ++++++++++++++++++++++++++++----------- protocol-2.html | 2 + qmail-domains.c | 4 +- qmail-lookup.c | 10 +++-- qmail.h | 2 +- sql-auth.c | 9 ++-- sql-query-test.c | 8 ++-- sql-query.c | 30 ++++++++++---- tests/lookup | 26 +++++++++++- tests/pwfile-local | 2 +- tests/pwfile-local-bad-password | 2 +- tests/pwfile-udp | 2 +- tests/pwfile-udp-bad-password | 2 +- tests/stop-pwfile-local | 2 +- tests/stop-pwfile-udp | 2 +- vmlookup.c | 2 +- 28 files changed, 231 insertions(+), 101 deletions(-) commit bfc6a4406dd320a97b7fe57fc81ae6bd026b8cf1 Author: Bruce Guenter Date: Fri May 6 23:04:33 2005 +0000 Rewrote the version 2 protocol to be more like version 1, for efficiency and ease of implementation. cvm.html | 2 +- protocol.html => protocol-1.html | 5 +-- protocol-2.html | 71 +++++++++++++++++++------------------ protocol.h | 8 +---- 4 files changed, 40 insertions(+), 46 deletions(-) rename protocol.html => protocol-1.html (98%) commit cd6f05f25b006f6590a420c3f94ca7def0396400 Author: Bruce Guenter Date: Fri May 6 22:54:08 2005 +0000 Cleaned up some formatting, expanded details. errors.html | 32 +++++++++++++++++--------------- 1 files changed, 17 insertions(+), 15 deletions(-) commit c5260923e8b7ff5d4a55125ad9215f0ed165fd63 Author: Bruce Guenter Date: Fri May 6 22:53:26 2005 +0000 Fixed up some formatting and clarified the contents of strings. facts.html | 36 ++++++++++++++++++------------------ 1 files changed, 18 insertions(+), 18 deletions(-) commit e415d738ad6877ecba9948f3bf7b2751d1b52582 Author: Bruce Guenter Date: Fri May 6 07:16:55 2005 +0000 Fact numbers are effectively unsigned, so the API should match everywhere. client.c | 18 +++++++++--------- client.h | 4 ++-- client.html | 4 ++-- module.h | 6 +++--- module.html | 4 ++-- module_output.c | 10 +++++----- 6 files changed, 23 insertions(+), 23 deletions(-) commit 49aa052f31547f1cd3cbcc28a8669c3e9ff68b3d Author: Bruce Guenter Date: Fri May 6 07:00:39 2005 +0000 Missed changing one pointer to the output buffer to unsigned char type. module_output.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 527c6b14792100fcc33a08ce2372ee6ed9ade23d Author: Bruce Guenter Date: Fri May 6 06:55:41 2005 +0000 Converted the input and output module buffers to unsigned char type. module.h | 4 ++-- module_output.c | 2 +- module_request.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) commit 7e503b872085d87fc284a0771d3f42291b1d6d6e Author: Bruce Guenter Date: Thu May 5 23:55:30 2005 +0000 Added a response type credential, to distinguish between different challenge-response mechanisms (APOP, CRAM-MD5, etc). credentials.h | 12 +++--------- credentials.html | 16 ++++++++++++---- 2 files changed, 15 insertions(+), 13 deletions(-) commit e33bc1355444793d49ea51b5411663e96e86de27 Author: Bruce Guenter Date: Thu May 5 22:28:01 2005 +0000 Missed a closing ` on the load line in the comments of cvm-vchkpw.c cvm-vchkpw.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit c064fc4a83033bf7d1549199701778552f76bc8c Author: Bruce Guenter Date: Thu May 5 16:42:22 2005 +0000 Moved the protocol definitions into a shared header file, in preparation for CVM2. client.c | 5 +++-- client.h | 2 -- module.h | 2 -- module_request.c | 5 +++-- protocol.h | 13 +++++++++++++ 5 files changed, 19 insertions(+), 8 deletions(-) create mode 100644 protocol.h commit c388ed3bd9d99fb2ee72a63740edf6e5a88cf7e4 Author: Bruce Guenter Date: Thu May 5 15:31:55 2005 +0000 Reorganized the credentials slightly. More reorganization is on the way to fully provide support for all challenge-response mechanisms. credentials.h | 6 +++--- credentials.html | 18 +++++++++--------- 2 files changed, 12 insertions(+), 12 deletions(-) commit d6516b1cd71793109abb037513095e7d3cfbc95a Author: Bruce Guenter Date: Thu May 5 06:12:59 2005 +0000 Renamed "str" to simply "s" to avoid conflicts with the "str" data type. module_log.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) commit c1c2cf402c0656c44fe2a4fc0af373ca052b85b7 Author: Bruce Guenter Date: Thu May 5 05:51:37 2005 +0000 Adjusted tests to account for the getpwnam fallback after CDB lookup failure. tests.inc | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) commit c3642488922acd713db7a719d98a9bfe346d3b10 Author: Bruce Guenter Date: Thu May 5 04:21:03 2005 +0000 Fixed the cvm-pwfile documentation to say that the default password comparison mode was plain-text instead of UNIX crypt. cvm-pwfile.html | 7 +++++-- 1 files changed, 5 insertions(+), 2 deletions(-) commit d8045af6afbf597dd2a3d7d32cc37b1eb82ea1bb Author: Bruce Guenter Date: Thu May 5 03:58:46 2005 +0000 Fixed handling qmail lookups when cdb/users exists but does not contain all users. Thanks Dale Woolridge. NEWS | 3 +++ qmail-users.c | 17 +++++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) commit 37e8e6f60c95687f4f7397a8103ddc99dcdda979 Author: Bruce Guenter Date: Wed May 4 23:23:08 2005 +0000 Fixed handling qmail lookups with missing domains by reading control/me and control/envnoathost. NEWS | 3 +++ qmail-init.c | 48 +++++++++++++++++++++++++++++++++++++++++++++++- qmail-lookup.c | 3 +++ qmail.h | 2 ++ tests.inc | 2 ++ 5 files changed, 57 insertions(+), 1 deletions(-) commit c84081ca55cf585e6e79facc86df06f6054d7c25 Author: Bruce Guenter Date: Wed May 4 22:44:35 2005 +0000 Fixed handling qmail lookups of extensions containing periods. NEWS | 2 ++ qmail-dotfile.c | 14 +++++++++----- tests.inc | 2 ++ tests/qmail-lookup | 29 ++++++++++++++++++++++++++++- 4 files changed, 41 insertions(+), 6 deletions(-) commit 85aace1b002eada8ce9c3816e7fb9cab4dd7fbea Author: Bruce Guenter Date: Wed May 4 22:12:39 2005 +0000 Added error strings analogous to sys_errlist. client=l | 1 + cvm-benchclient.c | 5 ++- cvm-testclient.c | 5 ++- errors.c | 45 +++++++++++++++++++++++++++++++++++++++ errors.h | 3 ++ tests/command-bad-password | 2 +- tests/command-bad-username | 2 +- tests/lookup | 8 +++--- tests/pwfile-local-bad-password | 2 +- tests/pwfile-udp-bad-password | 2 +- tests/qmail-lookup | 8 +++--- tests/vmailmgr-upper-pass | 2 +- tests/vmlookup-badpass | 2 +- 13 files changed, 69 insertions(+), 18 deletions(-) create mode 100644 errors.c commit 3464a89eae81252385281180ed5dab3948a2ecf9 Author: Bruce Guenter Date: Tue May 3 20:53:27 2005 +0000 Conditionally install cvm-vchkpw, just like cvm-mysql and friends. Thanks Peter Palmreuther insthier.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) commit acc529aa20cebb8d67bb26b109b9382f56644b44 Author: Bruce Guenter Date: Tue May 3 20:51:04 2005 +0000 Added compile fix for cvm-vchkpw. Thanks Peter Palmreuther NEWS | 1 + cvm-vchkpw.c | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) commit 75970418242f7c8df2bc1caa768003b80ae48b00 Author: Bruce Guenter Date: Tue May 3 20:45:58 2005 +0000 Bumped up version to 0.33. NEWS | 6 ++++++ VERSION | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit a1da5d34f10ba8a894ccdc5c6a826ebfbce766b6 Author: Bruce Guenter Date: Fri Jan 14 22:09:36 2005 +0000 Also lower-case the user name when looking it up, just like qmail-local does. NEWS | 4 ++-- qmail-users.c | 30 +++++++++++++++++------------- tests/qmail-lookup | 27 +++++++++++++++++++++++++-- 3 files changed, 44 insertions(+), 17 deletions(-) commit 3f45e53655b5f2087ed2fae5f7710be4d4f02b16 Author: Bruce Guenter Date: Fri Jan 14 20:47:03 2005 +0000 Fixed the .qmail-ext lookup in cvm-qmail to lower-case the "-ext" part just like qmail-local does. NEWS | 2 ++ qmail-dotfile.c | 10 ++++++++-- tests/qmail-lookup | 18 +++++++++++++++++- 3 files changed, 27 insertions(+), 3 deletions(-) commit f91eda1a3db547df1f03f99ce0548f48fe9d3338 Author: Bruce Guenter Date: Fri Jan 14 20:06:32 2005 +0000 Bumped version to 0.32 NEWS | 6 ++++++ VERSION | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit 1b727854defa0ede65046100cef9ec4f0fdaa7af Author: Bruce Guenter Date: Fri Jan 14 20:04:33 2005 +0000 Bumped year to 2005. README.in | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit c6cf60fa4376e9e9425a10155b4626c442261961 Author: Bruce Guenter Date: Thu Dec 2 05:29:35 2004 +0000 Rewrote and expanded the module documentation, fixing the lack of documentation on cvm_results() module.html | 53 ++++++++++++++++++++++++++++++----------------------- 1 files changed, 30 insertions(+), 23 deletions(-) commit 7e8c05c2db3f07adf9525829905185cca8c78deb Author: Bruce Guenter Date: Mon Nov 15 20:18:16 2004 +0000 Changed error code in the qmail code from EBADMSG to EDOM to allow compilation on *BSD systems. NEWS | 6 ++++++ qmail-users.c | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit ca33033de5e98a9870f817e08c568752b82da820 Author: Bruce Guenter Date: Mon Nov 15 20:06:41 2004 +0000 Bumped version to 0.31 NEWS | 5 +++++ VERSION | 2 +- 2 files changed, 6 insertions(+), 1 deletions(-) commit 09b77ea63facb8b46cace2a42922d0a0a0222cd3 Author: Bruce Guenter Date: Fri Nov 12 16:53:15 2004 +0000 Add distribution of the extra README files into EXTRADIST. EXTRADIST | 2 ++ doc.dist | 1 - 2 files changed, 2 insertions(+), 1 deletions(-) commit 3427d8e06e21a296f1cf365237d2602ea3411ab1 Author: Bruce Guenter Date: Wed Nov 10 23:09:07 2004 +0000 Modified the behavior of lookup mode slightly: if the lookup secret is empty, it is treated as indicating that no password is needed but still operate in lookup mode. cvm.html | 7 +++++-- module_request.c | 14 +++++++++----- tests/lookup | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 50 insertions(+), 7 deletions(-) create mode 100644 tests/lookup commit b6a1414f8fce90cc0e543f75dfd218d5c74cf3b6 Author: Bruce Guenter Date: Wed Nov 10 20:36:54 2004 +0000 Updated the tests to use/test the new generic lookup mode. tests.inc | 4 ++-- tests/qmail-lookup | 5 +---- tests/vmlookup-badpass | 2 -- tests/vmlookup-normal | 2 +- tests/vmlookup-pass | 4 +--- tests/vmlookup-upper-domain | 2 +- tests/vmlookup-upper-virt | 2 +- 7 files changed, 7 insertions(+), 14 deletions(-) commit cc5f7eb0c013ea0b4922bd3238c793f27f011d63 Author: Bruce Guenter Date: Wed Nov 10 20:36:27 2004 +0000 Updated the executable linking files and the spec to use the new unified bglibs file. README.in | 5 +---- cvm-benchclient=x | 2 +- cvm-checkpassword=x | 2 +- cvm-mysql-local=x | 3 +-- cvm-mysql-udp=x | 3 +-- cvm-mysql=x | 3 +-- cvm-pgsql-local=x | 3 +-- cvm-pgsql-udp=x | 3 +-- cvm-pgsql=x | 3 +-- cvm-pwfile=x | 2 +- cvm-testclient=x | 2 +- cvm-unix=x | 2 +- cvm-vmailmgr-local=x | 14 ++------------ cvm-vmailmgr-udp=x | 14 ++------------ cvm-vmailmgr=x | 11 ++--------- spec | 2 +- sql-query-test=x | 2 +- 17 files changed, 20 insertions(+), 56 deletions(-) commit 7ce7718ace78ab9a64c87afd01c6632c78b4400d Author: Bruce Guenter Date: Wed Nov 10 20:13:31 2004 +0000 Removed the now obsoleted cvm-vmlookup lookup-only module. NEWS | 2 ++ cvm-vmlookup.c | 35 ----------------------------------- cvm-vmlookup=x | 15 --------------- insthier.c | 1 - 4 files changed, 2 insertions(+), 51 deletions(-) delete mode 100644 cvm-vmlookup.c delete mode 100644 cvm-vmlookup=x commit 08996123e728f95509d92c969170f989df1b9629 Author: Bruce Guenter Date: Wed Nov 10 20:12:30 2004 +0000 Replaced the "try_default" global, which is only set when doing lookups, with the new cvm_lookup_secret run-time flag. cvm-vmailmgr.c | 3 +-- cvm-vmailmgr.h | 1 - vmlookup.c | 4 +++- 3 files changed, 4 insertions(+), 4 deletions(-) commit 3e5429e0198aa299b2a0f50b0bc98fce5ee1e40d Author: Bruce Guenter Date: Wed Nov 10 20:11:18 2004 +0000 Made the lookup secret value an exported symbol so that modules can adjust their behavior dependant on if lookup mode is enabled. module.h | 1 + module_request.c | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) commit e8bdf6f96ceb081a9a97f405dfc1c4e8a3435349 Author: Bruce Guenter Date: Wed Nov 10 18:48:43 2004 +0000 Added documentation for the qmail and vmailmgr modules. cvm-qmail.html | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ cvm-vmailmgr.html | 43 +++++++++++++++++++++++++++++++++++++++++++ cvm.html | 2 ++ 3 files changed, 98 insertions(+), 0 deletions(-) create mode 100644 cvm-qmail.html create mode 100644 cvm-vmailmgr.html commit 0bc8fe5adc068b1e76f2c1442214d43d85614405 Author: Bruce Guenter Date: Wed Nov 10 18:33:15 2004 +0000 Reformatted the "Configuration Variables" sections to be more readable. cvm-mysql.html | 51 ++++++++++++++++++++++++++------------------------- cvm-pgsql.html | 28 ++++++++++++++-------------- cvm-pwfile.html | 12 ++++++------ cvm-unix.html | 4 +++- 4 files changed, 49 insertions(+), 46 deletions(-) commit b67c60695e01d557019b2f2b686f152f1a1dfc2a Author: Bruce Guenter Date: Wed Nov 10 17:50:05 2004 +0000 Added the README file from vmailmgr to the repository. README.vmailmgr | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 62 insertions(+), 0 deletions(-) create mode 100644 README.vmailmgr commit f902711cc661ed54a9ec5b42d1b7a8f86d6f9454 Author: Bruce Guenter Date: Wed Nov 10 16:41:30 2004 +0000 Added "lookup mode" common code, available in all modules. Renamed cvm-qmaillookup to cvm-qmail, since it is no longer lookup-specific. Bumped the version to 0.30, as this is a major internal change. NEWS | 10 ++++++---- VERSION | 2 +- command=l | 1 - cvm-qmaillookup.c => cvm-qmail.c | 15 ++------------- cvm-qmaillookup=x => cvm-qmail=x | 0 cvm-vmailmgr.h | 1 - cvm-vmlookup.c | 10 +--------- cvm.html | 5 +++++ insthier.c | 2 +- local=l | 1 - module.h | 2 +- module.html | 21 ++++++--------------- module=l | 1 - module_local_main.c | 3 ++- module_main.c | 3 ++- module_preauth.c | 6 ------ module_request.c | 33 +++++++++++++++++++++++++++------ module_udp_main.c | 3 ++- tests.inc | 2 +- tests/{qmaillookup => qmail-lookup} | 4 ++++ tests/vmlookup-badpass | 6 +++--- tests/vmlookup-pass | 4 ++-- udp=l | 1 - vmmain.c | 4 +--- 24 files changed, 67 insertions(+), 73 deletions(-) rename cvm-qmaillookup.c => cvm-qmail.c (86%) rename cvm-qmaillookup=x => cvm-qmail=x (100%) delete mode 100644 module_preauth.c rename tests/{qmaillookup => qmail-lookup} (97%) commit 211c62cd9c3918d14928be2f9270715293d6444c Author: Bruce Guenter Date: Wed Nov 10 04:24:52 2004 +0000 The *SQL modules are no longer in a seperate package. cvm.html | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) commit 61d44c49f27fa561fb6a5ecdc97290d0dca5613b Author: Bruce Guenter Date: Wed Nov 10 04:24:18 2004 +0000 Added the cvm_auth_stop function and expanded the note about not exiting to encompass all module supplied functions. module.html | 10 +++++++--- 1 files changed, 7 insertions(+), 3 deletions(-) commit 22abecb8343490178a113da7611fbb36c6c8576b Author: Bruce Guenter Date: Wed Nov 10 04:22:20 2004 +0000 Make sure the HTML files get included in the tarball. doc.dist | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) commit 1ddd424d14df4a96aa3a45dbf237973f6f3b9efa Author: Bruce Guenter Date: Wed Nov 10 04:03:18 2004 +0000 Fixed obsoleted URL. TODO | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 7e429d7a9335b0a2aa7735882df17095732d30a3 Author: Bruce Guenter Date: Tue Nov 9 20:48:21 2004 +0000 Add support for substituting a predetermined domain name and user if the given domain isn't found in locals or virtualdomains. This allows lookups where the domain is in (more)rcpthosts to succeed even if they aren't local domains (for cases where the server is acting as a secondary etc). qmail-lookup.c | 18 +++++++++++++++++- 1 files changed, 17 insertions(+), 1 deletions(-) commit 013f6bacf16b4fb8f091a35e0c3b126a4d1edd97 Author: Bruce Guenter Date: Tue Nov 9 16:57:37 2004 +0000 Since these modules all call the qmail_lookup_cvm code, use the associated qmail_lookup_init for initialization. cvm-qmaillookup.c | 4 +--- vmlookup.c | 4 +--- vmmain.c | 1 - 3 files changed, 2 insertions(+), 7 deletions(-) commit ed3a6b65f17426a1cc5f247a3daad98146ea9588 Author: Bruce Guenter Date: Tue Nov 9 04:07:22 2004 +0000 Make sure the new cvm-qmaillookup module gets installed too. spec | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 31262fd78802da8d4e224b8589525decf12f855e Author: Bruce Guenter Date: Mon Nov 8 19:51:36 2004 +0000 Added cvm-qmaillookup to installed modules. insthier.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) commit a8bc5300d208a4143d15114cef565cd42a124738 Author: Bruce Guenter Date: Mon Nov 8 18:47:08 2004 +0000 Reworked the tests framework for vmailmgr, and added tests for cvm-qmaillookup tests.inc | 34 ++++++++++++++- tests/build-qmail | 22 ---------- tests/del-qmail | 5 -- tests/qmaillookup | 93 +++++++++++++++++++++++++++++++++++++++++++ tests/vmailmgr-normal | 11 ++--- tests/vmailmgr-upper-domain | 11 ++--- tests/vmailmgr-upper-pass | 1 - tests/vmailmgr-upper-virt | 11 ++--- tests/vmlookup-badpass | 1 - tests/vmlookup-normal | 11 ++--- tests/vmlookup-pass | 11 ++--- tests/vmlookup-upper-domain | 11 ++--- tests/vmlookup-upper-virt | 11 ++--- 13 files changed, 159 insertions(+), 74 deletions(-) delete mode 100644 tests/build-qmail delete mode 100644 tests/del-qmail create mode 100644 tests/qmaillookup commit 0c3c04ba05cd75d548f0bfc9b921799762425a70 Author: Bruce Guenter Date: Mon Nov 8 18:39:28 2004 +0000 System users (as indicated by not having a "dash" in the users structure) do not need a .qmail file to be considered to exist. However, it is invalid to try to add an extension to them. qmail-dotfile.c | 11 ++++------- 1 files changed, 4 insertions(+), 7 deletions(-) commit 84cd09336f932a0d28e243c2cc8e8a1d30f97c03 Author: Bruce Guenter Date: Mon Nov 8 17:30:12 2004 +0000 Add the README.vmailmgr and README.vchkpw files to the distribution archive. doc.dist | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) create mode 100644 doc.dist commit 7f25e38bdbc685470a87718742db2f6061ecc8e9 Author: Bruce Guenter Date: Sat Nov 6 15:42:12 2004 +0000 Added note about the qmail code rewrite. NEWS | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) commit 2415672df56a03f5206b1c3e7bef5c489dfb909e Author: Bruce Guenter Date: Sat Nov 6 15:41:03 2004 +0000 Added new cvm-qmaillookup module, which can be used to verify validity of recipient addresses on qmail systems. NEWS | 3 ++ cvm-qmaillookup.c | 97 +++++++++++++++++++++++++++++++++++++++++++++++++++++ cvm-qmaillookup=x | 5 +++ 3 files changed, 105 insertions(+), 0 deletions(-) create mode 100644 cvm-qmaillookup.c create mode 100644 cvm-qmaillookup=x commit d1429b400cf07d6a7ad2262287d3abfde3728701 Author: Bruce Guenter Date: Sat Nov 6 15:37:44 2004 +0000 Add support for default/alias delivery. qmail-users.c | 22 +++++++++++++++------- 1 files changed, 15 insertions(+), 7 deletions(-) commit a77360c91eef3572517f17d62dba8627bbfa1847 Author: Bruce Guenter Date: Sat Nov 6 15:36:51 2004 +0000 Renamed qmail_vdomains_* to qmail_domains_* and added control/local lookups, which makes the qmail looks completely compliant with qmail. qmail-vdomains.c => qmail-domains.c | 71 +++++++++++++++++++++++++---------- qmail-lookup.c | 19 +++++---- qmail.h | 6 +- qmail=l | 2 +- tests/build-qmail | 1 + vmlookup.c | 2 +- 6 files changed, 67 insertions(+), 34 deletions(-) rename qmail-vdomains.c => qmail-domains.c (56%) commit b83b55a0578a56a8b5d7632ab38cca3f803c48ac Author: Bruce Guenter Date: Sat Nov 6 15:35:40 2004 +0000 Added error checking on str_* return codes. qmail-dotfile.c | 15 ++++++--------- 1 files changed, 6 insertions(+), 9 deletions(-) commit e671bf836a845c126601c03d166ad41016233a04 Author: Bruce Guenter Date: Fri Nov 5 22:44:05 2004 +0000 Rewrote the lookup_reinit, lookup_domain, lookup_baseuser, and lookup_virtuser to use the newly created qmail_lookup_cvm routine. cvm-vmailmgr.h | 3 --- vmlookup.c | 41 +++++++---------------------------------- vmmain.c | 3 --- 3 files changed, 7 insertions(+), 40 deletions(-) commit 87e85153257f5bd26f76de8ad1f2035452dc0179 Author: Bruce Guenter Date: Fri Nov 5 22:35:08 2004 +0000 Instead of calling vpwentry_auth from within the (custom) qmail lookup code, use a cvm_preauth routine to specifically handle the lookup module case (for cvm-vmlookup, unneeded in cvm-vmailmgr). cvm-vmailmgr.c | 11 ++++------- cvm-vmailmgr.h | 3 +-- cvm-vmlookup.c | 9 ++++++--- vmlookup.c | 8 ++++---- vmmain.c | 8 ++------ 5 files changed, 17 insertions(+), 22 deletions(-) commit 39efd003bf6d26f24f91b1108d4b5d87cdd85514 Author: Bruce Guenter Date: Fri Nov 5 22:17:33 2004 +0000 Updated this documentation to reflect the current calling sequence. module.html | 12 ++++++++---- 1 files changed, 8 insertions(+), 4 deletions(-) commit ebda35bbc3309c46b20f260301d60224b018fdd7 Author: Bruce Guenter Date: Fri Nov 5 22:16:35 2004 +0000 Added an optional cvm_preauth call before doing account lookups. command=l | 1 + local=l | 1 + module.h | 1 + module.html | 9 +++++++++ module=l | 1 + module_preauth.c | 6 ++++++ module_request.c | 1 + udp=l | 1 + 8 files changed, 21 insertions(+), 0 deletions(-) create mode 100644 module_preauth.c commit dd1f24db82f1c27152925aba3f1dc405f67e0b64 Author: Bruce Guenter Date: Fri Nov 5 18:39:21 2004 +0000 Added qmail dotfile ($HOME/.qmail*) and generic lookup functions. qmail-dotfile.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++ qmail-lookup.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ qmail.h | 8 ++++++ qmail=l | 2 + 4 files changed, 140 insertions(+), 0 deletions(-) create mode 100644 qmail-dotfile.c create mode 100644 qmail-lookup.c commit a16a4478e9ed60ce346dc0e622d7cf3c6f8515b5 Author: Bruce Guenter Date: Fri Nov 5 18:38:19 2004 +0000 Updated file header comments. vmlookup.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) commit ba5f465937e0b1575df012484e5a51f6aed22d69 Author: Bruce Guenter Date: Fri Nov 5 04:21:48 2004 +0000 Broke the vmailmgr lookup code into three parts: 1) qmail virtualdomains lookups 2) qmail users/cdb lookups 3) vmailmgr password table lookups cvm-vmailmgr-local=x | 1 + cvm-vmailmgr-udp=x | 1 + cvm-vmailmgr.h | 5 +- cvm-vmailmgr=x | 1 + cvm-vmlookup=x | 1 + module_command_main.c => qmail-init.c | 17 ++- qmail-users.c | 178 +++++++++++++++++++++++++++ qmail-vdomains.c | 94 ++++++++++++++ qmail.h | 29 +++++ qmail=l | 3 + vmlookup.c | 216 +++++---------------------------- vmmain.c | 15 +-- 12 files changed, 355 insertions(+), 206 deletions(-) copy module_command_main.c => qmail-init.c (71%) create mode 100644 qmail-users.c create mode 100644 qmail-vdomains.c create mode 100644 qmail.h create mode 100644 qmail=l commit 7450c7ec570c6d48ed491c2a4dbf31e79b88304b Author: Bruce Guenter Date: Thu Nov 4 18:06:06 2004 +0000 Fixed cvm/module.h header file include problem. Thanks Paul Jarc for pointing this out. NEWS | 3 +++ cvm-vmailmgr.c | 2 +- cvm-vmlookup.c | 2 +- sql-auth.c | 2 +- sql-query.c | 4 ++-- vmlookup.c | 2 +- vmmain.c | 2 +- 7 files changed, 10 insertions(+), 7 deletions(-) commit d07f47f56f4dfd1b88c44af11b5448ddb973d12f Author: Bruce Guenter Date: Thu Nov 4 16:47:24 2004 +0000 Bumped version to 0.25 NEWS | 5 +++++ VERSION | 2 +- 2 files changed, 6 insertions(+), 1 deletions(-) commit b85ac56c4ac89121c3313f5c561ea6943f7a378f Author: Bruce Guenter Date: Thu Nov 4 03:47:55 2004 +0000 Added -I/usr/include/pgsql flag needed in some build environments. spec | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 7647fe0a48f24a0da5b36e810261b9346e3d26e7 Author: Bruce Guenter Date: Thu Nov 4 00:13:39 2004 +0000 Switch to newer "tail -n #" usage. tests/pwfile-local | 2 +- tests/pwfile-local-bad-password | 2 +- tests/pwfile-udp | 2 +- tests/pwfile-udp-bad-password | 2 +- tests/stop-pwfile-local | 2 +- tests/stop-pwfile-udp | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) commit 43d99f307354c1f31eb25f0af8717eff4b34a9b0 Author: Bruce Guenter Date: Sat Feb 21 05:36:17 2004 +0000 Fixed a bug in client.c that prevented at least OpenBSD from using UDP modules. Thanks Balazs Nagy. NEWS | 3 +++ client.c | 3 +-- 2 files changed, 4 insertions(+), 2 deletions(-) commit d03ce34cad3e7ab64b66a2cc7af7280b97d58b06 Author: Bruce Guenter Date: Tue Feb 10 20:28:20 2004 +0000 Added cvm-vchkpw README from Sebastian Benoit README.vchkpw | 37 +++++++++++++++++++++++++++++++++++++ 1 files changed, 37 insertions(+), 0 deletions(-) create mode 100644 README.vchkpw commit ef4f167044211da9560883187dc3434b64128ef8 Author: Bruce Guenter Date: Tue Feb 10 19:29:03 2004 +0000 Added comments from Sebastian Benoit cvm-vchkpw.c | 29 +++++++++++++++++++++++++++++ 1 files changed, 29 insertions(+), 0 deletions(-) commit bc66fb533d91d10873dbd4f8e41dfff9823c1dff Author: Bruce Guenter Date: Tue Feb 10 19:22:31 2004 +0000 Treat cvm_fact_shell as optional (as defined by facts.html) instead of required. NEWS | 3 +++ module_request.c | 3 ++- 2 files changed, 5 insertions(+), 1 deletions(-) commit de75551505d3f719b931afc407bd834b6cfb53ed Author: Bruce Guenter Date: Tue Feb 10 06:10:52 2004 +0000 Seperate the lookup, authenticate, and result generation into three seperate functions. This will (eventually) allow for lookup-only operation without recoding modules. cvm-pwfile.c | 19 ++++++++++++---- cvm-unix.c | 19 ++++++++++++---- cvm-vchkpw.c | 58 +++++++++++++++++++++++++++---------------------- module.h | 2 + module_request.c | 2 + sql-auth.c | 22 +++++++++++++----- vmmain.c | 63 ++++++++++++++++++++++++++++------------------------- 7 files changed, 113 insertions(+), 72 deletions(-) commit 5a469bc35045755bb74cb895947094c3bbd87d35 Author: Bruce Guenter Date: Mon Feb 9 18:24:20 2004 +0000 Added missing NEWS.sql to extra distributed files. EXTRADIST | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) commit 6cba446a94220e4875ded22f5d6b7bb343db2f0e Author: Bruce Guenter Date: Mon Feb 9 17:53:43 2004 +0000 Added notes from cvm-vmailmgr. EXTRADIST | 2 + NEWS.vmailmgr | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ README.in | 17 ++++++++++++++ 3 files changed, 88 insertions(+), 0 deletions(-) create mode 100644 NEWS.vmailmgr commit 2edbb4c5edb63a90a77f2617a24c6708884bf9ff Author: Bruce Guenter Date: Mon Feb 9 17:44:37 2004 +0000 Merged SQL modules back in from the seperated cvm-sql package. NEWS | 2 + NEWS.sql | 21 ++++++ README.in | 1 + TODO | 8 ++ TOP.spac | 1 + cvm-vmailmgr-local.c => cvm-mysql-local.c | 0 cvm-mysql-local=x | 8 ++ cvm-vmailmgr-local.c => cvm-mysql-udp.c | 0 cvm-mysql-udp=x | 8 ++ cvm-mysql.c | 102 +++++++++++++++++++++++++++++ cvm-mysql.html | 64 ++++++++++++++++++ cvm-mysql=x | 7 ++ cvm-vmailmgr-local.c => cvm-pgsql-local.c | 0 cvm-pgsql-local=x | 8 ++ cvm-vmailmgr-local.c => cvm-pgsql-udp.c | 0 cvm-pgsql-udp=x | 8 ++ cvm-pgsql.c | 80 ++++++++++++++++++++++ cvm-pgsql.html | 46 +++++++++++++ cvm-pwfile=x => cvm-pgsql=x | 4 +- insthier.c | 16 +++++ mysql.spac | 1 + pgsql.spac | 1 + programs.spac | 5 ++ spec | 29 ++++++++- sql-auth.c | 97 +++++++++++++++++++++++++++ sql-query-test.c | 26 +++++++ sql-query-test=x | 2 + sql-query.c | 99 ++++++++++++++++++++++++++++ sql.h | 19 +++++ sql.html | 41 ++++++++++++ sql=l | 2 + tests/sql-substitution | 32 +++++++++ 32 files changed, 735 insertions(+), 3 deletions(-) create mode 100644 NEWS.sql create mode 100644 TOP.spac copy cvm-vmailmgr-local.c => cvm-mysql-local.c (100%) create mode 100644 cvm-mysql-local=x copy cvm-vmailmgr-local.c => cvm-mysql-udp.c (100%) create mode 100644 cvm-mysql-udp=x create mode 100644 cvm-mysql.c create mode 100644 cvm-mysql.html create mode 100644 cvm-mysql=x copy cvm-vmailmgr-local.c => cvm-pgsql-local.c (100%) create mode 100644 cvm-pgsql-local=x copy cvm-vmailmgr-local.c => cvm-pgsql-udp.c (100%) create mode 100644 cvm-pgsql-udp=x create mode 100644 cvm-pgsql.c create mode 100644 cvm-pgsql.html copy cvm-pwfile=x => cvm-pgsql=x (64%) create mode 100644 mysql.spac create mode 100644 pgsql.spac create mode 100644 programs.spac create mode 100644 sql-auth.c create mode 100644 sql-query-test.c create mode 100644 sql-query-test=x create mode 100644 sql-query.c create mode 100644 sql.h create mode 100644 sql.html create mode 100644 sql=l create mode 100644 tests/sql-substitution commit 35f96b6168ec5ae452b51c0edddce0eb205fd285 Author: Bruce Guenter Date: Mon Feb 9 16:04:12 2004 +0000 Added contributed vpopmail CVM (cvm-vchkpw). EXTRADIST | 1 + cvm-vchkpw.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 0 deletions(-) create mode 100644 EXTRADIST create mode 100644 cvm-vchkpw.c commit 5eddefd7955059698205d09e180283527570c2d4 Author: Bruce Guenter Date: Mon Feb 9 15:43:04 2004 +0000 Merged cvm-vmailmgr (including cvm-vmlookup) into this package. ChangeLog.vmailmgr | 372 +++++++++++++++++++++++++++++++++ NEWS | 1 + README.in | 19 ++ TODO | 8 + cvm-vmailmgr-local=x | 18 ++ cvm-vmailmgr-udp=x | 18 ++ cvm-vmailmgr.c | 78 +++++++ cvm-vmailmgr.h | 34 +++ cvm-vmailmgr=x | 14 ++ module_local_main.c => cvm-vmlookup.c | 29 ++-- cvm-vmlookup=x | 14 ++ insthier.c | 4 + spec | 1 + tests.inc | 3 + tests/build-qmail | 21 ++ tests/del-qmail | 5 + tests/vmailmgr-normal | 14 ++ tests/vmailmgr-upper-domain | 14 ++ tests/vmailmgr-upper-pass | 4 + tests/vmailmgr-upper-virt | 14 ++ tests/vmlookup-badpass | 6 + tests/vmlookup-normal | 14 ++ tests/vmlookup-pass | 16 ++ tests/vmlookup-upper-domain | 14 ++ tests/vmlookup-upper-virt | 14 ++ vmlookup.c | 304 +++++++++++++++++++++++++++ vmmain.c | 122 +++++++++++ 27 files changed, 1162 insertions(+), 13 deletions(-) create mode 100644 ChangeLog.vmailmgr create mode 100644 cvm-vmailmgr-local.c create mode 100644 cvm-vmailmgr-local=x create mode 100644 cvm-vmailmgr-udp.c create mode 100644 cvm-vmailmgr-udp=x create mode 100644 cvm-vmailmgr.c create mode 100644 cvm-vmailmgr.h create mode 100644 cvm-vmailmgr=x copy module_local_main.c => cvm-vmlookup.c (63%) create mode 100644 cvm-vmlookup=x create mode 100644 tests/build-qmail create mode 100644 tests/del-qmail create mode 100644 tests/vmailmgr-normal create mode 100644 tests/vmailmgr-upper-domain create mode 100644 tests/vmailmgr-upper-pass create mode 100644 tests/vmailmgr-upper-virt create mode 100644 tests/vmlookup-badpass create mode 100644 tests/vmlookup-normal create mode 100644 tests/vmlookup-pass create mode 100644 tests/vmlookup-upper-domain create mode 100644 tests/vmlookup-upper-virt create mode 100644 vmlookup.c create mode 100644 vmmain.c commit 96830fef3d3ed6ba11ab0d4946b5685ab6126d57 Author: Bruce Guenter Date: Mon Feb 9 15:41:27 2004 +0000 Bumped up the copyright year. README.in | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 8a59fbe29b48ebeec277ad66a36b4b2cc6ac8544 Author: Bruce Guenter Date: Mon Feb 9 04:14:06 2004 +0000 Bumped version up to 0.20 NEWS | 6 ++++++ VERSION | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit 14025065d67a7fb2782b09f40684293f2c149c15 Author: Bruce Guenter Date: Mon Nov 17 23:50:01 2003 +0000 Renamed lists.em.ca to lists.untroubled.org README.in | 4 ++-- makedist.py | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) commit 2c35942e4fa8bf0ce0f44aeabfea68f9f47317dc Author: Bruce Guenter Date: Mon Nov 17 23:47:58 2003 +0000 Converted tests to use pwfile to allow for fully localized config. tests.inc | 9 +++++++++ tests/command-bad-password | 3 ++- tests/command-bad-username | 3 ++- tests/command-case | 17 ++++++++--------- tests/command-no-prefix | 17 ++++++++--------- tests/command-prefix | 17 ++++++++--------- tests/pwfile | 3 +-- tests/pwfile-crypt | 17 ++++++++--------- tests/{pwfile => pwfile-local} | 8 +++++--- tests/pwfile-local-bad-password | 7 +++++++ tests/{pwfile => pwfile-udp} | 8 +++++--- tests/pwfile-udp-bad-password | 7 +++++++ tests/start-pwfile-local | 7 +++++++ tests/start-pwfile-udp | 7 +++++++ tests/start-unix-local | 7 ------- tests/start-unix-udp | 7 ------- tests/{stop-unix-local => stop-pwfile-local} | 2 +- tests/{stop-unix-udp => stop-pwfile-udp} | 2 +- tests/unix-local | 18 ------------------ tests/unix-local-bad-password | 6 ------ tests/unix-udp | 18 ------------------ tests/unix-udp-bad-password | 6 ------ 22 files changed, 86 insertions(+), 110 deletions(-) create mode 100644 tests.inc copy tests/{pwfile => pwfile-local} (61%) create mode 100644 tests/pwfile-local-bad-password copy tests/{pwfile => pwfile-udp} (61%) create mode 100644 tests/pwfile-udp-bad-password create mode 100644 tests/start-pwfile-local create mode 100644 tests/start-pwfile-udp delete mode 100644 tests/start-unix-local delete mode 100644 tests/start-unix-udp rename tests/{stop-unix-local => stop-pwfile-local} (88%) rename tests/{stop-unix-udp => stop-pwfile-udp} (85%) delete mode 100644 tests/unix-local delete mode 100644 tests/unix-local-bad-password delete mode 100644 tests/unix-udp delete mode 100644 tests/unix-udp-bad-password commit e516a455a815219c3e833e05f45676a24a046e82 Author: Bruce Guenter Date: Mon Nov 17 16:49:53 2003 +0000 Export both $MAIL and $MAILBOX if cvm_fact_mailbox is set. NEWS | 3 +++ client_setenv.c | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) commit be6c39bc20b1ab1d3183a8137bfece6135ff3b02 Author: Bruce Guenter Date: Mon Jul 7 18:33:56 2003 +0000 Changed the order of the chdir in cvm_setugid. NEWS | 3 +++ client_setugid.c | 2 +- 2 files changed, 4 insertions(+), 1 deletions(-) commit efa8b7951d8b827a770e033df4c44e57bb3b6024 Author: Bruce Guenter Date: Thu May 22 15:43:11 2003 +0000 Fixed yet another installer typo, installing sasl.h as libcvm-sasl.a NEWS | 2 ++ insthier.c | 2 +- 2 files changed, 3 insertions(+), 1 deletions(-) commit 79a0321876eb8469965ba1bd38c258871bb00bd1 Author: Bruce Guenter Date: Thu May 22 15:42:18 2003 +0000 Bumped version number to 0.18 NEWS | 6 ++++++ VERSION | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit 448ee685afa83b9fcfc68f8c663614d4f7fd35a1 Author: Bruce Guenter Date: Wed May 21 22:03:25 2003 +0000 Fixed cvm-testclient to work with modules that accept zero credentials. NEWS | 3 +++ cvm-testclient.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) commit 98a4a2896c35a696635ab44833356425da23e9a9 Author: Bruce Guenter Date: Tue May 20 22:47:29 2003 +0000 Added missing "lib" prefix to installed library files. NEWS | 2 ++ insthier.c | 12 ++++++------ 2 files changed, 8 insertions(+), 6 deletions(-) commit d0f3aed44308fe7303b4ae9fca549ff9c8c781b3 Author: Bruce Guenter Date: Tue May 20 22:45:38 2003 +0000 Bumped up version number. NEWS | 6 ++++++ VERSION | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit eeb2169ba249eef137ecfc4e435921f850322a98 Author: Bruce Guenter Date: Tue Apr 22 18:20:37 2003 +0000 Use paths in all command invocations. tests/command-bad-password | 2 +- tests/command-bad-username | 2 +- tests/command-case | 2 +- tests/command-no-prefix | 2 +- tests/command-prefix | 2 +- tests/pwfile | 2 +- tests/pwfile-crypt | 2 +- tests/start-unix-local | 2 +- tests/start-unix-udp | 2 +- tests/unix-local | 2 +- tests/unix-local-bad-password | 2 +- tests/unix-udp | 2 +- tests/unix-udp-bad-password | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) commit f945ec64c0b76215db909be891bfd7822817c0d8 Author: Bruce Guenter Date: Tue Apr 22 18:18:16 2003 +0000 Fixed up tests to use new module invocation mode. tests/start-unix-local | 2 +- tests/start-unix-udp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 9e763e97b499a12d781d6bcdf3dae5dc61c2af05 Author: Bruce Guenter Date: Tue Apr 22 18:15:44 2003 +0000 Added socket.lib to all executable targets. cvm-pwfile=x | 1 + cvm-unix=x | 1 + 2 files changed, 2 insertions(+), 0 deletions(-) commit fb62cff5561e3ab65ad83f5c76746203d8bec8c4 Author: Bruce Guenter Date: Tue Apr 22 18:03:25 2003 +0000 Allow for setting the mode & ownership of the created local socket. NEWS | 4 +++ TODO | 3 -- cvm.html | 6 ++++- module_local.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++------ 4 files changed, 67 insertions(+), 12 deletions(-) commit b2f0c980d441066a9d5fedb911f202880ca01fed Author: Bruce Guenter Date: Tue Apr 22 17:04:25 2003 +0000 Modified the module command mode to always write the output. NEWS | 4 ++++ module_command.c | 8 ++++---- 2 files changed, 8 insertions(+), 4 deletions(-) commit db5a1c4a047a4b17aef2a3fac369b540c8eeb747 Author: Bruce Guenter Date: Mon Apr 21 23:06:57 2003 +0000 Updated examples and some details. protocol-2.html | 31 +++++++++++++------------------ 1 files changed, 13 insertions(+), 18 deletions(-) commit 1c83a94fc946bd93d20644df38130ac5f55d83cd Author: Bruce Guenter Date: Mon Apr 21 23:06:11 2003 +0000 Added a "shared secret" credential number. credentials.h | 1 + credentials.html | 8 ++++++++ 2 files changed, 9 insertions(+), 0 deletions(-) commit d45aabadab5e4d0ec6f2e949ffcb86bab79209a5 Author: Bruce Guenter Date: Thu Apr 17 16:33:36 2003 +0000 From: "Lars Uffmann" I ran into a problem where a cvm-command module exited without reading frpom the pipe-fd. The parent-process (imapfront-auth) then died due to an untrapped SIGPIPE. This happens only on Solaris (all versions). The same cvm on Linux did not recvieved the PIPE signal. A patch is attached, which blocks SIGPIPE before any call to either cvm_udp, cvm_local or cvm_command, instead of just cvm_local. NEWS | 3 +++ client.c | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) commit a5bc65fcf52d5abb362a08da75247bab9cee389b Author: Bruce Guenter Date: Thu Apr 17 16:31:39 2003 +0000 Added note about cvm-sasl library. NEWS | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) commit ab86d6aad312d7ed03b2eff1d95674514c5fe2b7 Author: Bruce Guenter Date: Thu Apr 17 16:25:36 2003 +0000 Bumped up version to 0.16 NEWS | 6 ++++++ VERSION | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit e56935f1a84a86cd3fbd5c008c548449eadbce2e Author: Bruce Guenter Date: Wed Apr 16 20:24:03 2003 +0000 Fixed up usage documentation. cvm-benchclient.html | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 2c92efdb5dd6ba608a67ff97e5eb2d48f8d7a528 Author: Bruce Guenter Date: Tue Apr 15 23:23:30 2003 +0000 Merged SASL library into cvm package from bglibs. cvm.html | 1 + insthier.c | 3 +++ sasl.h | 35 +++++++++++++++++++++++++++++++++++ sasl.html | 42 ++++++++++++++++++++++++++++++++++++++++++ sasl=l | 6 ++++++ sasl_authenticate.c | 13 +++++++++++++ sasl_cram_md5.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ sasl_init.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ sasl_internal.h | 17 +++++++++++++++++ sasl_login.c | 28 ++++++++++++++++++++++++++++ sasl_plain.c | 26 ++++++++++++++++++++++++++ sasl_start.c | 19 +++++++++++++++++++ 12 files changed, 282 insertions(+), 0 deletions(-) create mode 100644 sasl.h create mode 100644 sasl.html create mode 100644 sasl=l create mode 100644 sasl_authenticate.c create mode 100644 sasl_cram_md5.c create mode 100644 sasl_init.c create mode 100644 sasl_internal.h create mode 100644 sasl_login.c create mode 100644 sasl_plain.c create mode 100644 sasl_start.c commit a214c23f95a2b1d64b2f33cc9c0a946e6cfec3c2 Author: Bruce Guenter Date: Tue Apr 15 22:51:36 2003 +0000 Build the libraries too... spec | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 453217f4ecc0295012aad9198093e66013bc46a0 Author: Bruce Guenter Date: Tue Apr 15 22:48:18 2003 +0000 Fixed usage information. module_main.c | 5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-) commit 3bdbbce27f896483b79a000738ba9e724e6bfa18 Author: Bruce Guenter Date: Tue Apr 15 22:41:42 2003 +0000 Removed the separated modules. NEWS | 3 ++- cvm-pwfile-local.c | 1 - cvm-pwfile-local=x | 5 ----- cvm-pwfile-udp.c | 1 - cvm-pwfile-udp=x | 5 ----- cvm-unix-local.c | 1 - cvm-unix-local=x | 7 ------- cvm-unix-udp.c | 1 - cvm-unix-udp=x | 7 ------- insthier.c | 4 ---- 10 files changed, 2 insertions(+), 33 deletions(-) delete mode 100644 cvm-pwfile-local.c delete mode 100644 cvm-pwfile-local=x delete mode 100644 cvm-pwfile-udp.c delete mode 100644 cvm-pwfile-udp=x delete mode 100644 cvm-unix-local.c delete mode 100644 cvm-unix-local=x delete mode 100644 cvm-unix-udp.c delete mode 100644 cvm-unix-udp=x commit 098860e24c35f78b1348636acc01202ffb0ae932 Author: Bruce Guenter Date: Tue Apr 15 22:40:57 2003 +0000 Install new generic module library. insthier.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) commit 73367667ba4f5e5744233b8f9c013cf3dbe9003e Author: Bruce Guenter Date: Tue Apr 15 22:39:32 2003 +0000 Link to the new generic module library. cvm-pwfile.c | 2 ++ cvm-pwfile=x | 3 ++- cvm-unix.c | 10 ++-------- cvm-unix=x | 3 ++- 4 files changed, 8 insertions(+), 10 deletions(-) commit 8d05c5ebdf9c4ba5bb3449b018c3fd44fb60b376 Author: Bruce Guenter Date: Tue Apr 15 22:38:53 2003 +0000 Fixed the documentation here to match the current program. cvm-testclient.html | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit d179b4fbcdcea346dbc5c43d37fb34036a9b25e8 Author: Bruce Guenter Date: Tue Apr 15 22:38:15 2003 +0000 Added a new generic module library that supports all three operation modes (command, local socket, UDP socket) from the same binary. NEWS | 4 ++++ cvm.html | 17 +++++++++++++++++ module.h | 2 ++ local=l => module=l | 10 ++++++---- module_udp_main.c => module_main.c | 26 ++++++++++++++++++++++---- 5 files changed, 51 insertions(+), 8 deletions(-) copy local=l => module=l (61%) copy module_udp_main.c => module_main.c (59%) commit 618aeaba1df92385c33f38660e4b9a03cac66fe9 Author: Bruce Guenter Date: Tue Apr 15 22:31:45 2003 +0000 Separated the main routine from the authentication loop. command=l | 1 + local=l | 1 + module_command.c | 4 +++- client_setugid.c => module_command_main.c | 17 +++++++---------- module_local.c | 16 ++++------------ client_setugid.c => module_local_main.c | 25 +++++++++++++++++-------- module_udp.c | 19 +++++-------------- client_setugid.c => module_udp_main.c | 27 +++++++++++++++++---------- udp=l | 1 + 9 files changed, 56 insertions(+), 55 deletions(-) copy client_setugid.c => module_command_main.c (67%) copy client_setugid.c => module_local_main.c (66%) copy client_setugid.c => module_udp_main.c (64%) commit 285c005e6d0b39b0203287163ee531ceb11bff87 Author: Bruce Guenter Date: Tue Apr 15 22:28:34 2003 +0000 Use the right #ifdef when checking for shadow password support. NEWS | 1 + getpwnam.c | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) commit 46f641e752bafa69a3211777d5818ac90bf393bf Author: Bruce Guenter Date: Tue Apr 15 22:27:26 2003 +0000 Bumped up version number to 0.15 NEWS | 6 ++++++ VERSION | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit 9651549afec1c0d533ad6331c3312d4ebca73328 Author: Bruce Guenter Date: Tue Apr 15 21:11:36 2003 +0000 Removed irrelevant CVS file. README.CVS | 5 ----- 1 files changed, 0 insertions(+), 5 deletions(-) delete mode 100644 README.CVS commit 17c095700da0754cdefa4ecbd601db882ce86207 Author: Bruce Guenter Date: Tue Apr 15 21:11:24 2003 +0000 Switched to templated README file. README => README.in | 13 ++++++++----- 1 files changed, 8 insertions(+), 5 deletions(-) rename README => README.in (83%) commit 5f9be9934f5c16c32aaecdff838d27670339b76c Author: Bruce Guenter Date: Tue Apr 15 21:10:43 2003 +0000 Include development files in the installed set. insthier.c | 39 ++++++++++++++++++++++++++++----------- spec | 32 +++++++++++++++++++++----------- 2 files changed, 49 insertions(+), 22 deletions(-) commit ff274bc13520bb4493838f44288d00bf799f2d81 Author: Bruce Guenter Date: Tue Apr 15 20:48:46 2003 +0000 Broke the protocol document into current + proposed sections. protocol-2.html | 67 +++++++++++++++++++++++++++++++ protocol.html | 117 +++++++++++++++++-------------------------------------- 2 files changed, 103 insertions(+), 81 deletions(-) create mode 100644 protocol-2.html commit 339779ae1fb2217e54f2ad9ac44d1b3354c4abcc Author: Bruce Guenter Date: Tue Apr 15 20:48:17 2003 +0000 Use new style external bglibs linkage. cvm-benchclient=x | 2 +- cvm-checkpassword=x | 2 +- cvm-pwfile-local=x | 4 ++-- cvm-pwfile-udp=x | 4 ++-- cvm-pwfile=x | 2 +- cvm-testclient=x | 2 +- cvm-unix-local=x | 2 +- cvm-unix-udp=x | 2 +- 8 files changed, 10 insertions(+), 10 deletions(-) commit 6839a3da7ca566a67b6ce3b9203fb335584dd3ca Author: Bruce Guenter Date: Tue Apr 15 20:46:25 2003 +0000 Added mailbox path to list of facts in all tests. tests/command-case | 1 + tests/command-no-prefix | 1 + tests/command-prefix | 1 + tests/pwfile | 1 + tests/pwfile-crypt | 1 + tests/unix-local | 1 + tests/unix-udp | 1 + 7 files changed, 7 insertions(+), 0 deletions(-) commit f35872ffbb8ad251284435f807c519c490763bd9 Author: Bruce Guenter Date: Tue Apr 15 20:46:01 2003 +0000 Dropped use of non-portable fgetpwent in cvm-pwfile. NEWS | 2 + cvm-pwfile.c | 75 +++++++++++++++++++++++++++++++++++++++++++-------------- tests/pwfile | 2 +- 3 files changed, 59 insertions(+), 20 deletions(-) commit 1106eab0032d15b250b42f0aa06ad4d84c1b09df Author: Bruce Guenter Date: Fri Jan 3 17:22:58 2003 +0000 Fixed up for new ipv4addr definition. client.c | 10 +++++----- module_udp.c | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) commit e4e3a2328f509c656c35dcab358895a1c9af238a Author: Bruce Guenter Date: Fri Dec 20 22:26:13 2002 +0000 Previous commit was missing this change. cvm-pwfile.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 8ac8a5631833ce38238c2e5812f8a7f811034076 Author: Bruce Guenter Date: Fri Dec 20 21:37:52 2002 +0000 Completed switch to external bglibs. NEWS | 2 ++ README | 13 ++++++++++--- cvm-benchclient=x | 4 +--- cvm-checkpassword=x | 4 +--- cvm-pwfile-local=x | 4 ++-- cvm-pwfile-udp=x | 4 ++-- cvm-pwfile=x | 2 +- cvm-testclient=x | 4 +--- cvm-unix-local=x | 2 +- cvm-unix-udp=x | 2 +- insthier.c | 2 +- 11 files changed, 23 insertions(+), 20 deletions(-) commit 4ff4977828c463e3c400be2727f6a08c762db720 Author: Bruce Guenter Date: Tue Dec 17 00:13:14 2002 +0000 *** empty log message *** README.CVS | 2 +- TODO | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) commit 2a8d3131fed91908104fe6fc37b76cb479a71e12 Author: Bruce Guenter Date: Tue Dec 17 00:12:59 2002 +0000 Changed version to 0.12 NEWS | 11 +++++++++++ README | 2 +- VERSION | 2 +- 3 files changed, 13 insertions(+), 2 deletions(-) commit a70005cb956a9d5676eb15496ecfb2b9006d23d3 Author: Bruce Guenter Date: Tue Dec 17 00:12:11 2002 +0000 Clarified the protocol specification. protocol.html | 28 +++++++++++++--------------- 1 files changed, 13 insertions(+), 15 deletions(-) commit 534d502ff1a9277a4646ef96b8b7325508dc46c3 Author: Bruce Guenter Date: Tue Dec 17 00:11:49 2002 +0000 Clarified the module requirements. module.html | 8 ++++++++ 1 files changed, 8 insertions(+), 0 deletions(-) commit e81bebf84798da91d88cb5a0eb88cf428d06ddc1 Author: Bruce Guenter Date: Tue Dec 17 00:10:28 2002 +0000 Prevent a potential file descriptor leak. module_local.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) commit 0d4f9b4d5c7f96a21015e7c130f466f0a4cd200e Author: Bruce Guenter Date: Tue Dec 17 00:09:59 2002 +0000 Add a new error code: CVME_NOCRED. errors.h | 4 +++- errors.html | 4 ++++ 2 files changed, 7 insertions(+), 1 deletions(-) commit 9224338ac20cb54a6340a254e296bd3f576e658a Author: Bruce Guenter Date: Tue Dec 17 00:09:16 2002 +0000 Change *sql links to reflect that cvm-sql is now seperate. cvm.html | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) commit 51565e1de325f73c6fb60ff7f4bb9471634f5e77 Author: Bruce Guenter Date: Tue Dec 17 00:08:40 2002 +0000 Use the "net" library instead of "socket". cvm-benchclient=x | 2 +- cvm-checkpassword=x | 2 +- cvm-pwfile-local=x | 2 +- cvm-pwfile-udp=x | 2 +- cvm-testclient=x | 2 +- cvm-unix-local=x | 2 +- cvm-unix-udp=x | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) commit 98b89132ef31132ea4489cc3aeaa17916594d2b1 Author: Bruce Guenter Date: Tue Dec 17 00:07:42 2002 +0000 Added a chdir/setuid recommendation. client.html | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) commit 6e06b97a4610b9a318f0eea043cd40bee5767656 Author: Bruce Guenter Date: Tue Dec 17 00:06:43 2002 +0000 Converted to external bglibs headers. client.c | 7 ++++--- client_setenv.c | 3 ++- cvm-unix.c | 5 +++-- getpwnam.c | 5 +++-- module_local.c | 4 +++- module_udp.c | 4 +++- 6 files changed, 18 insertions(+), 10 deletions(-) commit f56d0a741dbb3270be4295e59cdce3219919dc2d Author: Bruce Guenter Date: Mon Dec 16 23:58:28 2002 +0000 Building no longer requires postgresql or mysql. spec | 2 -- 1 files changed, 0 insertions(+), 2 deletions(-) commit cea5b17bdf52906c2d31746ccd4d5502b621bfd4 Author: Bruce Guenter Date: Thu Apr 18 04:55:40 2002 +0000 Set $GIDS to a comma-seperated list of supplemental group IDs. client_setenv.c | 57 ++++++++++++++++++++++++++++++++++++++++++------------ 1 files changed, 44 insertions(+), 13 deletions(-) commit 6518d5ad68edb42eca75026dbf91f2bb8245cd5e Author: Bruce Guenter Date: Fri Dec 28 13:23:38 2001 +0000 Fixed thinko in reallocating the account name buffer -- needed to reallocate the buffer based on the *new* length, not the *old*. getpwnam.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) commit 36879b5ad36346499e94c527f85c1165a07d49a6 Author: Bruce Guenter Date: Fri Oct 19 05:11:31 2001 +0000 Added missing socket.lib link targets. cvm-benchclient=x | 1 + cvm-checkpassword=x | 1 + cvm-pwfile-local=x | 1 + cvm-pwfile-udp=x | 1 + cvm-testclient=x | 1 + cvm-unix-local=x | 1 + cvm-unix-udp=x | 1 + 7 files changed, 7 insertions(+), 0 deletions(-) commit a4324d3d373310823a566ce8ecaf696217eac532 Author: Bruce Guenter Date: Thu Sep 27 23:42:59 2001 +0000 Fixed one-off bug in parsing domain names. client.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit c8f0a1ef5d2a0701ff2648288ab7782b20526e6f Author: Bruce Guenter Date: Wed Sep 19 03:57:36 2001 +0000 Added example datagrams. protocol.html | 20 ++++++++++++++++++-- 1 files changed, 18 insertions(+), 2 deletions(-) commit 15d75177a5ba8b971715c78c9d4e56c89205c717 Author: Bruce Guenter Date: Wed Sep 19 03:35:39 2001 +0000 Documented the version 2 protocol. protocol.html | 105 ++++++++++++++++++++++++++++++++++++++------------------ 1 files changed, 71 insertions(+), 34 deletions(-) commit 34379facf8a43101429848e3ec7554bf232d383b Author: Bruce Guenter Date: Wed Sep 19 03:35:09 2001 +0000 Added credential definitions. credentials.h | 18 ++++++++++++ credentials.html | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ cvm.html | 1 + 3 files changed, 97 insertions(+), 0 deletions(-) create mode 100644 credentials.h create mode 100644 credentials.html commit e5c5420265ae4b2d1ceb790c2952e24e4a3d68db Author: Bruce Guenter Date: Wed Sep 19 03:34:31 2001 +0000 Fixed a typo. rationale.html | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) commit 7f0289c74aab04f9b41889069ebef31a16b3c278 Author: Bruce Guenter Date: Wed Sep 19 03:33:34 2001 +0000 Reworded the section on predefined and local fact numbering. facts.html | 18 +++++++++--------- 1 files changed, 9 insertions(+), 9 deletions(-) commit 484ebeacfda756a340463d58c0a0e9987bbe59c6 Author: Bruce Guenter Date: Wed Sep 19 03:33:02 2001 +0000 Renamed AUTHENTICATOR to CVM finally. facts.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) commit 21d71d02c879726157ea358cda192b14bcd59187 Author: Bruce Guenter Date: Fri Sep 14 04:16:41 2001 +0000 Added the mailbox path fact to the output. cvm-testclient.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) commit b4f39b85d8b29b44c2a44484baaca0441a6776af Author: Bruce Guenter Date: Thu Sep 13 04:29:15 2001 +0000 Removed mysql and pgsql installations. insthier.c | 6 ------ 1 files changed, 0 insertions(+), 6 deletions(-) commit ec7b55d314a37f546367410248c0eaf875b3d4c6 Author: Bruce Guenter Date: Thu Sep 13 04:25:46 2001 +0000 Removed mysql and pgsql portions. spec | 22 ---------------------- 1 files changed, 0 insertions(+), 22 deletions(-) commit e826ec7a4720a0205707aee8bc254a539f9b3166 Author: Bruce Guenter Date: Thu Sep 13 04:24:36 2001 +0000 Added missing setenv.o object. cvm-benchclient=x | 1 + cvm-testclient=x | 1 + 2 files changed, 2 insertions(+), 0 deletions(-) commit aefa70251ad015fd3eb8e675bcff1b81d581ec9c Author: Bruce Guenter Date: Thu Sep 13 04:22:47 2001 +0000 *** empty log message *** README | 4 ++-- TODO | 2 ++ client.h | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) commit 32979eca679e2afb16be086b5f6cd140e01b9f44 Author: Bruce Guenter Date: Thu Sep 13 04:22:28 2001 +0000 Replaced manual setenv calls with call to cvm_setenv. cvm-checkpassword.c | 11 ++--------- 1 files changed, 2 insertions(+), 9 deletions(-) commit 43564003bede59416119002c98f9ce1672db5906 Author: Bruce Guenter Date: Mon Sep 10 23:11:54 2001 +0000 Added some convenience client functions. client.h | 4 +++ client.html | 40 +++++++++++++++++++++++++++++ client=l | 3 ++ facts.c => client_domain.c | 35 ++++++++++++++++--------- client_setenv.c | 58 +++++++++++++++++++++++++++++++++++++++++++ facts.c => client_setugid.c | 24 ++++++++--------- 6 files changed, 138 insertions(+), 26 deletions(-) copy facts.c => client_domain.c (61%) create mode 100644 client_setenv.c copy facts.c => client_setugid.c (62%) commit 3f2941cb02870d825d7cfd96557dcf191f3e3951 Author: Bruce Guenter Date: Mon Sep 10 23:11:15 2001 +0000 *** empty log message *** NEWS | 2 ++ TODO | 10 ++++++++++ 2 files changed, 12 insertions(+), 0 deletions(-) commit 0fe670b7990308eb0d6eb3c70b80cfdadcacdc36 Author: Bruce Guenter Date: Mon Sep 10 22:34:46 2001 +0000 Added new fact CVM_FACT_MAILBOX. client.c | 1 + facts.c | 1 + facts.h | 2 ++ facts.html | 10 ++++++++++ module_request.c | 2 ++ 5 files changed, 16 insertions(+), 0 deletions(-) commit 2c548d84e1bde042f26d5b9cd0accee2ac6bfdd1 Author: Bruce Guenter Date: Wed Aug 29 03:21:35 2001 +0000 Modified tests to use new SPAC testing framework. rts.exp | 101 ----------------------------------------- rts.sh | 1 - rts.tests | 64 -------------------------- tests/command-bad-password | 3 + tests/command-bad-username | 3 + tests/command-case | 14 ++++++ tests/command-no-prefix | 14 ++++++ tests/command-prefix | 14 ++++++ tests/pwfile | 14 ++++++ tests/pwfile-crypt | 15 ++++++ tests/start-unix-local | 7 +++ tests/start-unix-udp | 7 +++ tests/stop-unix-local | 12 +++++ tests/stop-unix-udp | 10 ++++ tests/unix-local | 17 +++++++ tests/unix-local-bad-password | 6 +++ tests/unix-udp | 17 +++++++ tests/unix-udp-bad-password | 6 +++ 18 files changed, 159 insertions(+), 166 deletions(-) delete mode 100644 rts.exp delete mode 100644 rts.sh delete mode 100644 rts.tests create mode 100644 tests/command-bad-password create mode 100644 tests/command-bad-username create mode 100644 tests/command-case create mode 100644 tests/command-no-prefix create mode 100644 tests/command-prefix create mode 100644 tests/pwfile create mode 100644 tests/pwfile-crypt create mode 100644 tests/start-unix-local create mode 100644 tests/start-unix-udp create mode 100644 tests/stop-unix-local create mode 100644 tests/stop-unix-udp create mode 100644 tests/unix-local create mode 100644 tests/unix-local-bad-password create mode 100644 tests/unix-udp create mode 100644 tests/unix-udp-bad-password commit 50998433a1d9d2082697a06610023860c04a9534 Author: Bruce Guenter Date: Wed Aug 29 02:23:23 2001 +0000 Bugfix: cvm_getpwnam needs to lowercase the account name. NEWS | 3 +++ getpwnam.c | 44 +++++++++++++++++++++++++++++--------------- 2 files changed, 32 insertions(+), 15 deletions(-) commit c24e50338f0b344598d95a11009960160dd9dfb7 Author: Bruce Guenter Date: Tue Aug 28 23:33:40 2001 +0000 *** empty log message *** NEWS | 8 ++++++++ VERSION | 2 +- 2 files changed, 9 insertions(+), 1 deletions(-) commit 1dd4b785e5583aab837562e68eeded34f98fe89c Author: Bruce Guenter Date: Sat Aug 25 02:23:11 2001 +0000 Removed the SQL portions and put them into a seperate package, cvm-sql. README | 1 - cvm-mysql-local=x | 8 ---- cvm-mysql-udp=x | 8 ---- cvm-mysql.c | 88 --------------------------------------------- cvm-mysql.html | 63 -------------------------------- cvm-mysql=x | 6 --- cvm-pgsql-local=x | 7 ---- cvm-pgsql-udp=x | 7 ---- cvm-pgsql.c | 68 ----------------------------------- cvm-pgsql.html | 45 ----------------------- cvm-pgsql=x | 6 --- rts.exp | 17 --------- rts.tests | 18 --------- sql-auth.c | 103 ----------------------------------------------------- sql-query-test.c | 26 ------------- sql-query-test=x | 2 - sql-query.c | 99 -------------------------------------------------- sql.h | 19 ---------- sql.html | 40 -------------------- sql=l | 2 - 20 files changed, 0 insertions(+), 633 deletions(-) delete mode 100644 cvm-mysql-local.c delete mode 100644 cvm-mysql-local=x delete mode 100644 cvm-mysql-udp.c delete mode 100644 cvm-mysql-udp=x delete mode 100644 cvm-mysql.c delete mode 100644 cvm-mysql.html delete mode 100644 cvm-mysql=x delete mode 100644 cvm-pgsql-local.c delete mode 100644 cvm-pgsql-local=x delete mode 100644 cvm-pgsql-udp.c delete mode 100644 cvm-pgsql-udp=x delete mode 100644 cvm-pgsql.c delete mode 100644 cvm-pgsql.html delete mode 100644 cvm-pgsql=x delete mode 100644 sql-auth.c delete mode 100644 sql-query-test.c delete mode 100644 sql-query-test=x delete mode 100644 sql-query.c delete mode 100644 sql.h delete mode 100644 sql.html delete mode 100644 sql=l commit d3636f9a8d3e2de438fc3b5efe06bb2de5b33d5a Author: Bruce Guenter Date: Sat Aug 25 00:07:55 2001 +0000 Fixed up tests to account for domain name. rts.exp | 15 ++++++++++----- rts.tests | 48 ++++++++++++++++++++++++------------------------ 2 files changed, 34 insertions(+), 29 deletions(-) commit 3d31acd5232c791ee7ec0b08dcd1bb78a640506a Author: Bruce Guenter Date: Sat Aug 25 00:07:47 2001 +0000 *** empty log message *** README | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit e5bd18c7f076dd4aad0dadf185aaf74a5c01dd83 Author: Bruce Guenter Date: Fri Aug 24 04:51:45 2001 +0000 *** empty log message *** TODO | 2 -- 1 files changed, 0 insertions(+), 2 deletions(-) commit d33a7d31984c479e5206e5bdf6538d8f2476244b Author: Bruce Guenter Date: Fri Aug 24 04:44:13 2001 +0000 Make the MySQL module handle connection options from a defaults file. NEWS | 3 +++ TODO | 4 ---- cvm-mysql.c | 6 ++++++ cvm-mysql.html | 8 ++++++++ 4 files changed, 17 insertions(+), 4 deletions(-) commit 5d8c377aa3bc1e6936a62faf7784d701f3cf02cf Author: Bruce Guenter Date: Fri Aug 24 04:37:57 2001 +0000 Updated the SQL code to handle domain names. NEWS | 2 ++ TODO | 2 -- sql-auth.c | 9 +++++---- sql-query-test.c | 6 ++++-- sql-query.c | 8 ++++++-- sql.html | 13 ++++++++----- 6 files changed, 25 insertions(+), 15 deletions(-) commit 5c58eb7314c201a54bb674244273788faaec72cd Author: Bruce Guenter Date: Fri Aug 24 04:28:26 2001 +0000 Cleaned up some wording. rationale.html | 70 +++++++++++++++++++++++++++++-------------------------- 1 files changed, 37 insertions(+), 33 deletions(-) commit f30e53db4ad1f78ae9d9e6ccc7d58a3fbcbf42d6 Author: Bruce Guenter Date: Fri Aug 24 04:28:13 2001 +0000 Documented new cvm_authenticate interface. client.html | 32 +++++++++++++++++++++++--------- 1 files changed, 23 insertions(+), 9 deletions(-) commit c132a79d2bb939550c562e89f2b7f475fd2f090f Author: Bruce Guenter Date: Fri Aug 24 04:27:36 2001 +0000 *** empty log message *** NEWS | 15 ++++++++++++++- TODO | 6 ++++++ 2 files changed, 20 insertions(+), 1 deletions(-) commit 60627545f0146bedf485d93db4d2df5db578d7b1 Author: Bruce Guenter Date: Fri Aug 24 04:27:28 2001 +0000 Updated to new insthier interface. insthier.c | 30 +++++++++++++++--------------- 1 files changed, 15 insertions(+), 15 deletions(-) commit 60713b84ae3940e410e4e00d6b6ca5d45fab1080 Author: Bruce Guenter Date: Fri Aug 24 04:24:04 2001 +0000 Modified to use the new cvm_authenticate interface. cvm-checkpassword.c | 10 +++++----- cvm-checkpassword.html | 5 +++++ 2 files changed, 10 insertions(+), 5 deletions(-) commit 463a362c0606a33497a13d7c0156cf70745b0563 Author: Bruce Guenter Date: Fri Aug 24 04:22:11 2001 +0000 Document new client->server protocol. protocol.html | 14 ++++++++++---- 1 files changed, 10 insertions(+), 4 deletions(-) commit 5b373fd471aff9251afd83c39d4fa2914d2e182d Author: Bruce Guenter Date: Fri Aug 24 04:21:51 2001 +0000 Adjust to new cvm_authenticate calling scheme. cvm-benchclient.c | 7 ++++--- cvm-testclient.c | 12 +++++++----- 2 files changed, 11 insertions(+), 8 deletions(-) commit f3b9064c921a318b9906549a3a3680de02ce8f10 Author: Bruce Guenter Date: Fri Aug 24 04:21:17 2001 +0000 Fixed a typo in the declaration of cvm-getpwnam. cvm-unix.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit e92c4abf1c0e056ac35d7a045f7ffb5ff6b54013 Author: Bruce Guenter Date: Fri Aug 24 04:19:40 2001 +0000 Added a new fact for domain names. facts.c | 1 + facts.h | 2 ++ facts.html | 8 ++++++++ 3 files changed, 11 insertions(+), 0 deletions(-) commit 634fc8c00560a42db077fc20bf00688fd3c90f09 Author: Bruce Guenter Date: Fri Aug 24 04:17:51 2001 +0000 Document the new domain name features. module.html | 15 ++++++++------- 1 files changed, 8 insertions(+), 7 deletions(-) commit 469bc3d4f9f408447502294ed2fd1165f845d2d3 Author: Bruce Guenter Date: Fri Aug 24 04:17:08 2001 +0000 Reverted the change of data types from "const char*" to "str". module.h | 7 +++---- module_log.c | 24 +++++++++--------------- module_request.c | 37 +++++++++++++++++-------------------- 3 files changed, 29 insertions(+), 39 deletions(-) commit 034c0ebd73a8ff1cfff9f3b8eb8a84aee9fdaf06 Author: Bruce Guenter Date: Fri Aug 24 04:03:06 2001 +0000 Log the domain name along with the account name. module_log.c | 23 +++++++++++++++-------- 1 files changed, 15 insertions(+), 8 deletions(-) commit 051725331617683b62836fdf1b2c32cb76573c6e Author: Bruce Guenter Date: Fri Aug 24 04:02:27 2001 +0000 Handle the protocol number and domain name in parsing the request packet. Store the results in str's instead of const char*. module.h | 13 ++++++++++--- module_request.c | 37 +++++++++++++++++++++++++++---------- 2 files changed, 37 insertions(+), 13 deletions(-) commit 52d0093cba9ed118a5755ff0af95feab88f467b5 Author: Bruce Guenter Date: Fri Aug 24 04:00:32 2001 +0000 Modified to handle domain names in the protocol, and parsing domain names in the account name. client.c | 54 ++++++++++++++++++++++++++++++++++++++++++++---------- client.h | 11 ++++++++--- 2 files changed, 52 insertions(+), 13 deletions(-) commit 6ef0b6dc6543ad121728b7b18534bd8e17300910 Author: Bruce Guenter Date: Wed Aug 15 10:25:45 2001 +0000 *** empty log message *** README | 2 +- TODO | 5 +++++ VERSION | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) commit 97b540dcdaddbf42c06a2d3735048d56be36709f Author: Bruce Guenter Date: Fri Aug 10 21:35:17 2001 +0000 *** empty log message *** TODO | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) commit cca9550afb1a7b9e70da5f49f13079e3a7e3929e Author: Bruce Guenter Date: Fri Aug 10 21:35:04 2001 +0000 Moved the multi-step getpwnam functionality into a seperate module. cvm-unix-local=x | 1 + cvm-unix-udp=x | 1 + cvm-unix.c | 43 ++++++------------------------------ cvm-unix=x | 1 + getpwnam.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 74 insertions(+), 36 deletions(-) create mode 100644 getpwnam.c commit b21fb0b538ea43392885dd28d9cf255753281362 Author: Bruce Guenter Date: Fri Aug 10 21:26:15 2001 +0000 Set the umask to zero before creating the socket to allow full access to it. module_local.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) commit a9f3adfa1fd535a42e861fcead538203734f7eb5 Author: Bruce Guenter Date: Thu Aug 9 23:10:24 2001 +0000 *** empty log message *** TODO | 8 ++++++++ 1 files changed, 8 insertions(+), 0 deletions(-) commit f5acba5dfc9069ec0f833336e4e409bebcc4b226 Author: Bruce Guenter Date: Wed Jul 18 04:25:08 2001 +0000 Bumped up the version number. NEWS | 6 ++++++ README | 4 ++-- VERSION | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) commit e513e77b08c55647f65ffd6ea4192a0e5736c2b3 Author: Bruce Guenter Date: Wed Jul 18 04:22:59 2001 +0000 Added support to the SQL framework for executing a query after the credentials have been validated. cvm-mysql.c | 12 ++++++++++-- cvm-mysql.html | 10 +++++++--- cvm-pgsql.c | 12 ++++++++++++ cvm-pgsql.html | 10 +++++++--- sql-auth.c | 15 ++++++++++++--- sql.h | 2 ++ 6 files changed, 50 insertions(+), 11 deletions(-) commit b00941aac83a5c1899e5741f517c7b7d60dcb7fe Author: Bruce Guenter Date: Tue Jul 17 02:34:21 2001 +0000 Reworded details of query substitution. sql.html | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) commit 56c318eedd8afdbefd12a2d33d0793b5fc03edac Author: Bruce Guenter Date: Tue Jul 17 02:30:40 2001 +0000 Renamed sql-query.html to sql.html. cvm-mysql.html | 4 ++-- cvm-pgsql.html | 4 ++-- sql-query.html | 37 ------------------------------------- sql.html | 37 +++++++++++++++++++++++++++++++++++++ 4 files changed, 41 insertions(+), 41 deletions(-) delete mode 100644 sql-query.html create mode 100644 sql.html commit 5da3147364f891601c644ba14ac4604bf756ec83 Author: Bruce Guenter Date: Tue Jul 17 02:22:46 2001 +0000 Moved the default query from sql-query.c to sql-auth.c sql-auth.c | 6 ++++++ sql-query.c | 6 ------ 2 files changed, 6 insertions(+), 6 deletions(-) commit 9937743adb055bd716067a950c58efc44b745d8e Author: Bruce Guenter Date: Tue Jul 17 02:22:26 2001 +0000 Added some new tests for the SQL query parser. rts.exp | 37 ++++++++++++++++++++++++++++++++----- rts.tests | 22 +++++++++++++++++++++- 2 files changed, 53 insertions(+), 6 deletions(-) commit ff716efcb308c08c183481d373fb6619aa6925a3 Author: Bruce Guenter Date: Tue Jul 17 02:12:42 2001 +0000 Added group name, system username, and system directory to the list of query results. sql-auth.c | 6 +++--- sql-query.c | 5 +++-- sql-query.html | 9 ++++++--- 3 files changed, 12 insertions(+), 8 deletions(-) commit 67378eb569d5fd145908124a494e74f2201305ae Author: Bruce Guenter Date: Tue Jul 17 00:35:53 2001 +0000 Reverted back to older non-automatically versioned version. README | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) commit 01ac9c52129d432c00da393943adc385be82dd8f Author: Bruce Guenter Date: Tue Jul 17 00:29:23 2001 +0000 Merged the common code in the MySQL and PgSQL modules into a common core. cvm-mysql-local=x | 4 +- cvm-mysql-udp=x | 4 +- cvm-mysql.c | 63 +++++++++++------------------------------- cvm-mysql=x | 2 +- cvm-pgsql-local=x | 4 +- cvm-pgsql-udp=x | 4 +- cvm-pgsql.c | 66 +++++++++------------------------------------ cvm-pgsql=x | 2 +- cvm-pgsql.c => sql-auth.c | 47 +++++++++++++------------------- sql.h | 8 +++++ sql=l | 1 + 11 files changed, 68 insertions(+), 137 deletions(-) copy cvm-pgsql.c => sql-auth.c (61%) commit e4acb331b3f2a8748fc7a0064e12a7a92d0e3a8c Author: Bruce Guenter Date: Tue Jul 17 00:25:16 2001 +0000 *** empty log message *** NEWS | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) commit 9eaeaaefb96a4000b1ea696f314709300adc7602 Author: Bruce Guenter Date: Tue Jul 17 00:24:43 2001 +0000 Fixed bug: the shell fact is not required. client.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) commit 3546f5ebff8f2f890a50552dd723cb50eeb61164 Author: Bruce Guenter Date: Tue Jul 17 00:13:58 2001 +0000 Only include sql-query.o, not the entire sql.a. sql-query-test=x | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit ce7e7bc759ca79ec637aeef6c8ba58c8c12fd56b Author: Bruce Guenter Date: Mon Jul 16 23:49:06 2001 +0000 Modified the SQL query building framework to use $account instead of % for the substitution reference, and also to allow references to environment variables. Changed the required order of fields in the query. cvm-mysql.c | 5 ++- cvm-pgsql.c | 5 ++- sql-query.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++------- sql-query.html | 16 +++++++++----- sql.h | 1 + 5 files changed, 67 insertions(+), 18 deletions(-) commit 740e7c4a4d238d4730ec466930f48c4318bb2f86 Author: Bruce Guenter Date: Mon Jul 16 23:48:00 2001 +0000 Added a test harness for the sql-query framework. sql-query-test.c | 24 ++++++++++++++++++++++++ sql-query-test=x | 2 ++ 2 files changed, 26 insertions(+), 0 deletions(-) create mode 100644 sql-query-test.c create mode 100644 sql-query-test=x commit 6043e666fcfe1b8d7aa62d29d5bff02fa2717724 Author: Bruce Guenter Date: Mon Jul 16 22:26:15 2001 +0000 Clarified requirements of required fields. sql-query.html | 16 ++++++++-------- 1 files changed, 8 insertions(+), 8 deletions(-) commit 69c52badb7d4825a3737f8384cd4dfd7a03164f2 Author: Bruce Guenter Date: Sat Jul 14 03:41:59 2001 +0000 Fixed old URL references. spec | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) commit b100c3eef5dbffecc1d78205eb40e6d0119ecf42 Author: Bruce Guenter Date: Sat Jul 14 00:26:33 2001 +0000 The PostgreSQL package is named postgresql, not pgsql. spec | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 8f7635d0bd207a4b3afc9b8b887da6e2a2e99fc3 Author: Bruce Guenter Date: Fri Jul 13 23:58:40 2001 +0000 Fixed typo in description tag. spec | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 940faaddfab0b9dc1e0e17dc95e4057de9ebba26 Author: Bruce Guenter Date: Fri Jul 13 22:54:24 2001 +0000 *** empty log message *** README | 4 ++-- TODO | 4 ---- 2 files changed, 2 insertions(+), 6 deletions(-) commit 9c97df1fb8b08cd039a3754a60c8c6267309b07b Author: Bruce Guenter Date: Fri Jul 13 05:55:38 2001 +0000 *** empty log message *** NEWS | 8 +++++--- 1 files changed, 5 insertions(+), 3 deletions(-) commit 5c25af05fbf059de08c37cefb750b59f5763fb35 Author: Bruce Guenter Date: Fri Jul 13 05:54:16 2001 +0000 Moved the common SQL documentation into a seperate file. cvm-mysql.html | 19 ++----------------- cvm-pgsql.html | 19 ++----------------- sql-query.html | 30 ++++++++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 34 deletions(-) create mode 100644 sql-query.html commit 5f824dfc7e28fda9cb259e63bae8d25bc479799e Author: Bruce Guenter Date: Fri Jul 13 05:53:51 2001 +0000 Modified the SQL framework to allow substitution of multiple % symbols. cvm-mysql.c | 8 +++----- cvm-pgsql.c | 8 +++----- sql-query.c | 36 ++++++++++++++---------------------- sql.h | 4 ++-- 4 files changed, 22 insertions(+), 34 deletions(-) commit 02aac5d24d76ff3f4cc1a0238f2a477f6649d712 Author: Bruce Guenter Date: Wed Jul 11 21:09:04 2001 +0000 *** empty log message *** TODO | 8 +++++--- 1 files changed, 5 insertions(+), 3 deletions(-) commit 264cb67f495b9123f3de6ed020a2f19b758d41ea Author: Bruce Guenter Date: Tue Jul 10 23:12:34 2001 +0000 Note PAM in the ideas. cvm.html | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) commit fc34d94637a467f77fe2f35a7b892372a7543bc6 Author: Bruce Guenter Date: Tue Jul 10 23:12:06 2001 +0000 Reference the pwcmp configuration parameter. cvm-mysql.html | 3 +++ cvm-pgsql.html | 3 +++ cvm-pwfile.html | 5 +++++ 3 files changed, 11 insertions(+), 0 deletions(-) commit abfdf98753adb11c954fdff8c0fde0ad85f43ad2 Author: Bruce Guenter Date: Tue Jul 10 23:11:44 2001 +0000 Use pwcmp library for password comparisons. cvm-pwfile.c | 16 ++++++++++++---- 1 files changed, 12 insertions(+), 4 deletions(-) commit 878d9e3f650d5613125401ee8953efb2bf09d8f2 Author: Bruce Guenter Date: Tue Jul 10 23:11:13 2001 +0000 Need to link against pwcmp client library. cvm-mysql-local=x | 1 + cvm-mysql-udp=x | 1 + cvm-mysql=x | 1 + cvm-pgsql-local=x | 1 + cvm-pgsql-udp=x | 1 + cvm-pgsql=x | 1 + cvm-pwfile-local=x | 1 + cvm-pwfile-udp=x | 1 + cvm-pwfile=x | 1 + 9 files changed, 9 insertions(+), 0 deletions(-) commit 899922c4b37a5892511c8bff681a1330c2e22738 Author: Bruce Guenter Date: Tue Jul 10 23:11:01 2001 +0000 Use new pwcmp client library for password comparisons. Remove unused str_cats_quoted routine. Signal fatal errors to the module library. Add cvm_auth_stop routine. cvm-pgsql.c | 39 +++++++++++++++++---------------------- 1 files changed, 17 insertions(+), 22 deletions(-) commit 5f7c5862040d8693e3ef8dcdbc9ab9aed6397876 Author: Bruce Guenter Date: Tue Jul 10 23:10:00 2001 +0000 Use new pwcmp library for password comparisons. Fixed bug in database connect function. Signal fatal errors to the module library. Add cvm_auth_stop routine. cvm-mysql.c | 43 +++++++++++++++++++++++++------------------ 1 files changed, 25 insertions(+), 18 deletions(-) commit 9ec267cefc6e2fcdfcff3cb9b4a600f46ee31f00 Author: Bruce Guenter Date: Tue Jul 10 23:08:03 2001 +0000 *** empty log message *** NEWS | 6 ++++++ TODO | 15 --------------- 2 files changed, 6 insertions(+), 15 deletions(-) commit b5681d1a32ec77dcc25c29b7eb49974bc175e09b Author: Bruce Guenter Date: Tue Jul 10 05:48:52 2001 +0000 Added a stub cvm_auth_stop routine. cvm-unix.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) commit c7b518bac62bdc5f96a17c19d9b247a41982444e Author: Bruce Guenter Date: Tue Jul 10 04:52:52 2001 +0000 Split the mysql and pgsql modules into subpackages. spec | 30 +++++++++++++++++++++++++++++- 1 files changed, 29 insertions(+), 1 deletions(-) commit 0a0a6cc34fb1948d0b520c6dc63d3eea9dc662ab Author: Bruce Guenter Date: Tue Jul 10 04:36:46 2001 +0000 Added a fatal error indicator. Added a new required function, cvm_auth_stop. errors.h | 5 +++++ module.h | 1 + module_command.c | 10 ++++++---- module_local.c | 9 ++++++--- module_udp.c | 9 ++++++--- 5 files changed, 24 insertions(+), 10 deletions(-) commit 64fe613bcddd7cc60539ed3b41408b67d98c718e Author: Bruce Guenter Date: Sun Jul 8 10:34:31 2001 +0000 *** empty log message *** TODO | 17 ++++++++++++++++- 1 files changed, 16 insertions(+), 1 deletions(-) commit c420a2d18cc1ac0451ffd3f81658c99ae6536a1c Author: Bruce Guenter Date: Sat Jul 7 05:03:46 2001 +0000 Added new MySQL and PgSQL modules. cvm.html | 2 ++ insthier.c | 18 ++++++++++++------ 2 files changed, 14 insertions(+), 6 deletions(-) commit 4a09e98c488a170c7ae58f817fab0ac5485a2412 Author: Bruce Guenter Date: Sat Jul 7 05:03:21 2001 +0000 The pwfile module doesn't need s.lib or shadow.lib. cvm-pwfile-local=x | 2 -- cvm-pwfile-udp=x | 2 -- cvm-pwfile=x | 2 -- 3 files changed, 0 insertions(+), 6 deletions(-) commit ef11bfa41b52bd71f590d5f35cfa0b2334ba016b Author: Bruce Guenter Date: Sat Jul 7 05:02:57 2001 +0000 *** empty log message *** NEWS | 12 ++++++++++++ README.CVS | 1 + TODO | 8 +++++--- VERSION | 2 +- 4 files changed, 19 insertions(+), 4 deletions(-) commit 8c98cd07c4046cdea5b3418de41f365387029d8d Author: Bruce Guenter Date: Sat Jul 7 05:02:31 2001 +0000 Use new "config" error code. cvm-pwfile.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit ae1f98a13a9d1b1699ee0b38714d2bd3eb24ef3e Author: Bruce Guenter Date: Sat Jul 7 05:01:27 2001 +0000 Added new MySQL module. cvm-pgsql-local.c => cvm-mysql-local.c | 0 cvm-mysql-local=x | 7 ++ cvm-pgsql-local.c => cvm-mysql-udp.c | 0 cvm-mysql-udp=x | 7 ++ cvm-mysql.c | 97 ++++++++++++++++++++++++++++++++ cvm-pgsql.html => cvm-mysql.html | 30 +++++++--- cvm-pgsql-local=x => cvm-mysql=x | 3 +- 7 files changed, 132 insertions(+), 12 deletions(-) copy cvm-pgsql-local.c => cvm-mysql-local.c (100%) create mode 100644 cvm-mysql-local=x copy cvm-pgsql-local.c => cvm-mysql-udp.c (100%) create mode 100644 cvm-mysql-udp=x create mode 100644 cvm-mysql.c copy cvm-pgsql.html => cvm-mysql.html (51%) copy cvm-pgsql-local=x => cvm-mysql=x (53%) commit a9a5298b39a6ed802cc66779be84bba4fe430132 Author: Bruce Guenter Date: Sat Jul 7 05:01:15 2001 +0000 Added new PgSQL module. cvm-pgsql-local=x | 6 +++ cvm-pgsql-udp=x | 6 +++ cvm-pgsql.c | 102 +++++++++++++++++++++++++++++++++++++++++++++++++++++ cvm-pgsql.html | 53 +++++++++++++++++++++++++++ cvm-pgsql=x | 5 +++ 5 files changed, 172 insertions(+), 0 deletions(-) create mode 100644 cvm-pgsql-local.c create mode 100644 cvm-pgsql-local=x create mode 100644 cvm-pgsql-udp.c create mode 100644 cvm-pgsql-udp=x create mode 100644 cvm-pgsql.c create mode 100644 cvm-pgsql.html create mode 100644 cvm-pgsql=x commit 415d9d842dd3d29dec8c286f24a21c137e178e89 Author: Bruce Guenter Date: Sat Jul 7 04:55:12 2001 +0000 Added new configuration error code. errors.h | 1 + errors.html | 4 ++++ 2 files changed, 5 insertions(+), 0 deletions(-) commit 16f1cb142cba761c2cbdbfc04e3d785ca18c497c Author: Bruce Guenter Date: Sat Jul 7 04:32:51 2001 +0000 Added a library of functions common to SQL modules (currently only the query building mechanism). sql-query.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ sql.h | 8 +++++++ sql=l | 1 + 3 files changed, 75 insertions(+), 0 deletions(-) create mode 100644 sql-query.c create mode 100644 sql.h create mode 100644 sql=l commit 3ab9631d60623b1d9408905f95ca2f14047601fa Author: Bruce Guenter Date: Sat Jul 7 00:16:24 2001 +0000 Applied patch from Paul Jarc to fix temporary error return cases, and properly add the primary group ID to the supplemental group list. cvm-unix.c | 17 ++++++++++------- 1 files changed, 10 insertions(+), 7 deletions(-) commit 6d0241c08787c6daafa244bb5ee0a422ffa78df4 Author: Bruce Guenter Date: Fri Jul 6 03:47:32 2001 +0000 *** empty log message *** README | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 1a876877e1f81eb8f9f64e3fc77d06a66e10da32 Author: Bruce Guenter Date: Fri Jul 6 03:47:19 2001 +0000 Added explanation for CVM_PWFILE_PATH cvm-pwfile.html | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) commit 6dcdefb13c1908f627cb61c68d1589b11376faa3 Author: Bruce Guenter Date: Wed Jul 4 10:52:29 2001 +0000 Added the TODO file. TODO | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-) create mode 100644 TODO commit 8c8bcd232929ff9602ac7fed6b0309438faad7f3 Author: Bruce Guenter Date: Wed Jul 4 10:51:41 2001 +0000 The CDB library is not needed yet. README.CVS | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) commit 9d894b7e46176395c16e0a65d850054e6e3dec87 Author: Bruce Guenter Date: Wed Jul 4 04:32:13 2001 +0000 Renamed cvm-file to cvm-pwfile to reflect its true nature. NEWS | 2 +- cvm-file-local.c | 1 - cvm-file-udp.c | 1 - cvm-pwfile-local.c | 1 + cvm-file-local=x => cvm-pwfile-local=x | 0 cvm-pwfile-udp.c | 1 + cvm-file-udp=x => cvm-pwfile-udp=x | 0 cvm-file.c => cvm-pwfile.c | 4 ++-- cvm-file.html => cvm-pwfile.html | 7 ++++--- cvm-file=x => cvm-pwfile=x | 0 cvm.html | 2 +- insthier.c | 6 +++--- 12 files changed, 13 insertions(+), 12 deletions(-) delete mode 100644 cvm-file-local.c delete mode 100644 cvm-file-udp.c create mode 100644 cvm-pwfile-local.c rename cvm-file-local=x => cvm-pwfile-local=x (100%) create mode 100644 cvm-pwfile-udp.c rename cvm-file-udp=x => cvm-pwfile-udp=x (100%) rename cvm-file.c => cvm-pwfile.c (93%) rename cvm-file.html => cvm-pwfile.html (73%) rename cvm-file=x => cvm-pwfile=x (100%) commit b0ed4709998801ec0e52f900dce3e1652389c983 Author: Bruce Guenter Date: Wed Jul 4 04:32:00 2001 +0000 *** empty log message *** README | 8 ++++++-- README.CVS | 5 +++++ 2 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 README.CVS commit 950eeef0f6ab466b48723bd2cc94ccfc0dab6d02 Author: Bruce Guenter Date: Sat Jun 30 06:05:01 2001 +0000 Added a new cvm-file module set. cvm-file-local.c | 1 + cvm-unix-local=x => cvm-file-local=x | 0 cvm-file-udp.c | 1 + cvm-unix-udp=x => cvm-file-udp=x | 0 cvm-unix.c => cvm-file.c | 78 +++++++--------------------------- cvm-file.html | 29 +++++++++++++ cvm-unix=x => cvm-file=x | 0 cvm.html | 8 +++- insthier.c | 3 + 9 files changed, 56 insertions(+), 64 deletions(-) create mode 100644 cvm-file-local.c copy cvm-unix-local=x => cvm-file-local=x (100%) create mode 100644 cvm-file-udp.c copy cvm-unix-udp=x => cvm-file-udp=x (100%) copy cvm-unix.c => cvm-file.c (50%) create mode 100644 cvm-file.html copy cvm-unix=x => cvm-file=x (100%) commit c555f06decd9f0b371a802ccd982209b220968aa Author: Bruce Guenter Date: Sat Jun 30 06:04:48 2001 +0000 Replaced the hard-coded numeric error codes with CVME symbols. cvm-unix.c | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) commit 88d49225f0195ce252e94988b5405dfe225951b0 Author: Bruce Guenter Date: Sat Jun 30 06:04:12 2001 +0000 *** empty log message *** NEWS | 8 +++++++- README | 2 +- spec | 12 ++++++------ 3 files changed, 14 insertions(+), 8 deletions(-) commit 8886dcd81856543fcfe47d745a3193c98a82d253 Author: Bruce Guenter Date: Sat Jun 30 05:58:52 2001 +0000 Added some documentation for cvm-unix. cvm-unix.html | 26 ++++++++++++++++++++++++++ 1 files changed, 26 insertions(+), 0 deletions(-) create mode 100644 cvm-unix.html commit 34bb6070ce672f3fcbeeb531b4e075ab102d169d Author: Bruce Guenter Date: Sat Jun 30 05:58:27 2001 +0000 Documented the new cvm_auth_init API. module.html | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) commit caaf5503e6bbe2a3f5a466555391f376fcc79a30 Author: Bruce Guenter Date: Sat Jun 30 05:20:37 2001 +0000 Added new cvm_auth_init feature to the module API. cvm-unix.c | 5 +++++ module.h | 1 + module_command.c | 1 + module_local.c | 1 + module_udp.c | 4 +++- 5 files changed, 11 insertions(+), 1 deletions(-) commit caa57683d25848daa71ffb78be9c678184f15068 Author: Bruce Guenter Date: Sat Jun 30 05:19:37 2001 +0000 *** empty log message *** NEWS | 6 ++++++ makedist.py | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) commit 759f9ec37d4333b30ed76d99cdde4b4b32011b7a Author: Bruce Guenter Date: Sat May 19 03:39:56 2001 +0000 *** empty log message *** NEWS | 8 ++++++++ 1 files changed, 8 insertions(+), 0 deletions(-) commit a72d9a69ce77fbd54b086680a4cff6387ac10e16 Author: Bruce Guenter Date: Sat May 19 03:39:46 2001 +0000 Updated to call the new cvm_ prefixed symbols. cvm-benchclient.c | 3 +-- cvm-checkpassword.c | 16 ++++++++-------- cvm-testclient.c | 11 ++++++----- cvm-unix.c | 36 ++++++++++++++++++------------------ 4 files changed, 33 insertions(+), 33 deletions(-) commit 11b31e96225a66d5f04ace64748dfcb928f33251 Author: Bruce Guenter Date: Sat May 19 03:38:22 2001 +0000 Prepend "cvm_" to all exported symbols. Invert the return value from the cvm_fact routines. client.c | 57 +++++++++++++++++++++++++++++++-------------------------- client.h | 6 +++--- client.html | 37 ++++++++++++++++++++----------------- 3 files changed, 54 insertions(+), 46 deletions(-) commit f7f4f7ef8e541c34b99d327ae96ff46088efac44 Author: Bruce Guenter Date: Sat May 19 03:37:22 2001 +0000 Prepend all exported symbols with "cvm_" module.h | 18 +++++++++--------- module.html | 38 +++++++++++++++++++------------------- module_command.c | 2 +- module_local.c | 2 +- module_log.c | 4 ++-- module_output.c | 8 ++++---- module_request.c | 34 +++++++++++++++++++--------------- module_udp.c | 2 +- 8 files changed, 56 insertions(+), 52 deletions(-) commit 30e14ad932f583c6eafa7e12ba95f9040b3494e1 Author: Bruce Guenter Date: Sat May 19 01:22:01 2001 +0000 Added specific note about what numbers are reserved for local or experimental use. Made the CVM_FACT_SHELL fact optional. facts.html | 13 +++++++------ 1 files changed, 7 insertions(+), 6 deletions(-) commit d68024a12c7e4a108cf76527af75c71d5e3ba0e0 Author: Bruce Guenter Date: Sat May 19 00:36:14 2001 +0000 Added a "no fact" error code. errors.h | 1 + errors.html | 3 +++ 2 files changed, 4 insertions(+), 0 deletions(-) commit 46b5ea0930c2556fc2fcdacf8bc3ab70195d560f Author: Bruce Guenter Date: Sat May 19 00:35:58 2001 +0000 Renamed all facts to prepend a "cvm_". facts.c | 18 +++++++++--------- facts.h | 44 ++++++++++++++++++++++---------------------- facts.html | 26 +++++++++++++------------- 3 files changed, 44 insertions(+), 44 deletions(-) commit 65e2ca40d335da22365a3f2edb18ac205b669780 Author: Bruce Guenter Date: Fri May 18 04:31:05 2001 +0000 Added the office location, work phone, and home phone information from the GECOS field of the passwd struct. facts.h | 3 +++ facts.html | 24 ++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 0 deletions(-) commit 20c213c4ce4a6ec79dfc5460b12c6c1131aaceab Author: Bruce Guenter Date: Fri May 18 02:01:50 2001 +0000 Improved the wording and formatting of the documentation. cvm.html | 2 +- errors.html | 26 +++++++---- facts.html | 145 ++++++++++++++++++++++++++++++++++++++++++++++------------- 3 files changed, 131 insertions(+), 42 deletions(-) commit b643385a671fdd9ca8ff4d3676a28c919043c301 Author: Bruce Guenter Date: Fri May 18 02:01:19 2001 +0000 Add a short delay after backgrounding the socket servers so they can establish their socket. benchmark.sh | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) commit 80b9e3a19b6a3b2255795f6ae0d701926832711f Author: Bruce Guenter Date: Fri May 18 02:00:28 2001 +0000 Truncate the GECOS field at the first comma. Parse and show the supplemental group IDs. cvm-unix.c | 39 +++++++++++++++++++++++++++++++++++---- 1 files changed, 35 insertions(+), 4 deletions(-) commit b45b717a35701fe0cabba1543b8f6558f897bb9b Author: Bruce Guenter Date: Thu May 17 22:06:18 2001 +0000 *** empty log message *** module.html | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit d6161270662b2f8449c2f8ff96b0c8697b4d1783 Author: Bruce Guenter Date: Thu May 17 22:05:53 2001 +0000 Added support for reporting the supplemental group list. cvm-testclient.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) commit b8201df4d6a62dd63736ef7bd982552070346a37 Author: Bruce Guenter Date: Wed May 16 11:42:13 2001 +0000 *** empty log message *** NEWS | 8 ++++++++ README | 4 ++-- VERSION | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) commit bad9da3fb8778e6db68d116314810b840105f826 Author: Bruce Guenter Date: Wed May 16 11:41:05 2001 +0000 Completed upgrading "unsigned" to "unsigned long" as the integer fact type everywhere. cvm-testclient.c | 4 ++-- facts.c | 4 ++-- facts.h | 4 ++-- module.h | 2 +- module_output.c | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) commit df6049c23e1f85c6afce8fad8901ba4b0449c6a6 Author: Bruce Guenter Date: Wed May 16 11:37:39 2001 +0000 Include the proper dynamic header file. cvm-checkpassword.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 2d9c32abd8667a0d5e00060bc70b3ed1231a0cc1 Author: Bruce Guenter Date: Wed May 16 11:35:55 2001 +0000 Moved the list of fact numbers into its own document. cvm.html | 1 + facts.html | 47 +++++++++++++++++++++++++++++++++++++++++++++++ protocol.html | 43 +++---------------------------------------- 3 files changed, 51 insertions(+), 40 deletions(-) create mode 100644 facts.html commit d70d7a0dfe8ab686af36bbdb905b22de5312fe19 Author: Bruce Guenter Date: Wed May 16 11:35:26 2001 +0000 Modified the fact_uint function to use unsigned long instead of just unsigned. Modified the fact_str function to return sucessive facts when the call is repeated. client.c | 19 +++++++++++++------ client.h | 2 +- client.html | 19 ++++++++++++------- 3 files changed, 26 insertions(+), 14 deletions(-) commit 283b30c4a29eb5126206408f56c5353684756d29 Author: Bruce Guenter Date: Wed May 16 11:34:01 2001 +0000 Improved wording. rationale.html | 28 ++++++++++++++-------------- 1 files changed, 14 insertions(+), 14 deletions(-) commit 60e0e691e89aad7c8d20fc045d70acbc209acd35 Author: Bruce Guenter Date: Fri May 11 01:58:51 2001 +0000 Moved to the new Python-based SPAC makedist system. makedist.in | 46 ---------------------------------------------- makedist.py | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 46 deletions(-) delete mode 100644 makedist.in create mode 100644 makedist.py commit 852ab4bf14208887dba4319d9563e72ed714f964 Author: Bruce Guenter Date: Fri May 11 01:58:26 2001 +0000 Add iopoll.o to this programs that use iopoll. cvm-benchclient=x | 1 + cvm-checkpassword=x | 1 + cvm-testclient=x | 1 + 3 files changed, 3 insertions(+), 0 deletions(-) commit e7a95f7591ed4445cc23507abe5a3d903468072a Author: Bruce Guenter Date: Fri May 11 01:58:00 2001 +0000 Fixed the use of the wrong error code for an authentication failure. rts.exp | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 11713a7f84933b9ca471c1d32f8c39fdffe0346b Author: Bruce Guenter Date: Thu May 10 00:56:17 2001 +0000 *** empty log message *** README | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) commit 1d5b0b76ed435df0393a6babe67c3781951aa114 Author: Bruce Guenter Date: Thu May 10 00:52:00 2001 +0000 Added program documentation. cvm-benchclient.html | 23 +++++++++++++++++++++++ cvm-checkpassword.html | 31 +++++++++++++++++++++++++++++++ cvm-testclient.html | 22 ++++++++++++++++++++++ cvm.html | 8 +++++++- 4 files changed, 83 insertions(+), 1 deletions(-) create mode 100644 cvm-benchclient.html create mode 100644 cvm-checkpassword.html create mode 100644 cvm-testclient.html commit 51335d25581803f926de954fa8ff975a8ed24e84 Author: Bruce Guenter Date: Thu May 10 00:51:43 2001 +0000 Fixed the program name in the usage notes. cvm-benchclient.c | 2 +- cvm-testclient.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit dc914e7555d35502beb22518569fdf490b194400 Author: Bruce Guenter Date: Thu May 10 00:40:02 2001 +0000 Added missing close of FD 3 after reading the data. cvm-checkpassword.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) commit c312b0f6acedf16221bb55a1357a4e493d9647bf Author: Bruce Guenter Date: Wed May 9 23:54:42 2001 +0000 Add new program cvm-checkpassword to list of installed binaries. insthier.c | 11 ++++++----- 1 files changed, 6 insertions(+), 5 deletions(-) commit cf17a0191f63a4712c52fd067395c27962592e70 Author: Bruce Guenter Date: Wed May 9 23:43:53 2001 +0000 *** empty log message *** README | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit ccad775cc7f6c76b89289ebb6a774bbf21152b0e Author: Bruce Guenter Date: Wed May 9 23:37:53 2001 +0000 Added a checkpassword emulator. NEWS | 2 + cvm-checkpassword.c | 74 ++++++++++++++++++++++++++++++ cvm-benchclient=x => cvm-checkpassword=x | 1 + 3 files changed, 77 insertions(+), 0 deletions(-) create mode 100644 cvm-checkpassword.c copy cvm-benchclient=x => cvm-checkpassword=x (73%) commit 88d7f781f4761b9f26643fa9b08cb20b0a3ebfdb Author: Bruce Guenter Date: Thu Mar 22 23:59:59 2001 +0000 *** empty log message *** NEWS | 6 ++++++ insthier.c | 9 +++++---- 2 files changed, 11 insertions(+), 4 deletions(-) commit 3527b756a0610fb42ec2789a08a0ccc50d2a3770 Author: Bruce Guenter Date: Thu Mar 22 23:59:36 2001 +0000 Bumped up the version number. README | 2 +- VERSION | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 17882518011f631416709bfffe94e11c1a331ab6 Author: Bruce Guenter Date: Thu Mar 22 23:59:02 2001 +0000 Added a benchmarking tool. benchmark.sh | 20 +++++++++++++++ cvm-testclient.c => cvm-benchclient.c | 42 +++++++++++++++----------------- cvm-testclient=x => cvm-benchclient=x | 0 3 files changed, 40 insertions(+), 22 deletions(-) create mode 100644 benchmark.sh copy cvm-testclient.c => cvm-benchclient.c (56%) copy cvm-testclient=x => cvm-benchclient=x (100%) commit c656ac6328558c42241e47dda46a5aa9f1ef3072 Author: Bruce Guenter Date: Thu Mar 22 23:58:41 2001 +0000 Fixed bogus use of vfork, and poor handling of data parsing. client.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) commit d564152e626b01890e5c9a3421086926330a2f15 Author: Bruce Guenter Date: Tue Mar 20 05:17:02 2001 +0000 *** empty log message *** NEWS | 2 ++ README | 6 +++--- makedist.in | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) commit 43d636f8b803dfb110f6b32d4ee5f4270ad2536f Author: Bruce Guenter Date: Tue Mar 20 05:11:48 2001 +0000 *** empty log message *** README | 12 +++++++++++- spec | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) commit cae7e8cd7062395a21dc573b02dd4960570eeba9 Author: Bruce Guenter Date: Tue Mar 20 05:10:17 2001 +0000 Added GPL copyright notices. client.c | 17 +++++++++++++++++ cvm-testclient.c | 17 +++++++++++++++++ cvm-unix.c | 17 +++++++++++++++++ facts.c | 17 +++++++++++++++++ module_command.c | 17 +++++++++++++++++ module_local.c | 17 +++++++++++++++++ module_log.c | 17 +++++++++++++++++ module_output.c | 17 +++++++++++++++++ module_request.c | 17 +++++++++++++++++ module_udp.c | 17 +++++++++++++++++ 10 files changed, 170 insertions(+), 0 deletions(-) commit 2d4deb68e5b20ae9d1099f2b6dce9e5caf07f9e7 Author: Bruce Guenter Date: Tue Mar 20 05:04:16 2001 +0000 Exit in signal handler. module_local.c | 2 ++ module_udp.c | 1 + 2 files changed, 3 insertions(+), 0 deletions(-) commit cb998175ccb6d6454f529c4faea96d4920d75913 Author: Bruce Guenter Date: Tue Mar 20 05:03:54 2001 +0000 Fixed return of error codes from command exit. client.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) commit a6c32b0a1017c5d1e5cc4a7285c683d0290bc3cc Author: Bruce Guenter Date: Tue Mar 20 05:03:40 2001 +0000 Filled in tests. rts.exp | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ rts.tests | 45 ++++++++++++++++++++++++++++++++ 2 files changed, 131 insertions(+), 0 deletions(-) commit 57f7ca9dbc88638b6ecaaf8f8f4f39356975476e Author: Bruce Guenter Date: Tue Mar 20 04:30:48 2001 +0000 Totally rewrote the package to provide three modes of operation. client.c | 101 +++++++++++++++++++++++++++++++++++++++++++----------- client.h | 1 + command=l | 4 ++ cvm-testclient.c | 2 +- cvm-unix-local.c | 1 + cvm-unix-local=x | 5 +++ cvm-unix-udp.c | 1 + cvm-unix-udp=x | 5 +++ cvm-unix.c | 36 ++++++++++---------- cvm-unix=x | 3 +- errors.h | 10 +++++ insthier.c | 4 ++- local=l | 5 +++ module.h | 35 ++++++++++++++----- module=l | 4 -- module_command.c | 37 ++++++++++++++++++++ module_input.c | 54 ----------------------------- module_local.c | 71 ++++++++++++++++++++++++++++++++++++++ module_log.c | 33 +++++++++++++++++ module_main.c | 18 ---------- module_output.c | 76 ++++++++++++++++++++++------------------ module_request.c | 50 ++++++++++++++++++++++++++ module_udp.c | 65 ++++++++++++++++++++++++++++++++++ udp=l | 5 +++ 24 files changed, 466 insertions(+), 160 deletions(-) create mode 100644 command=l create mode 100644 cvm-unix-local.c create mode 100644 cvm-unix-local=x create mode 100644 cvm-unix-udp.c create mode 100644 cvm-unix-udp=x create mode 100644 errors.h create mode 100644 local=l delete mode 100644 module=l create mode 100644 module_command.c delete mode 100644 module_input.c create mode 100644 module_local.c create mode 100644 module_log.c delete mode 100644 module_main.c create mode 100644 module_request.c create mode 100644 module_udp.c create mode 100644 udp=l commit 4f95ebec9001161406e1cad903b8ecacf82ac2d1 Author: Bruce Guenter Date: Tue Mar 20 04:30:26 2001 +0000 *** empty log message *** README | 10 ---------- rts.sh | 1 + rts.tests | 17 +++++++++++++++++ 3 files changed, 18 insertions(+), 10 deletions(-) create mode 100644 rts.exp create mode 100644 rts.sh create mode 100644 rts.tests commit aff17ace6d684e46b14eb2f7738790428c3b6cfc Author: Bruce Guenter Date: Tue Mar 20 04:30:07 2001 +0000 Removed the mailing list data from the makedist.in and added it to README. README | 14 ++++++++++++-- makedist.in | 8 -------- 2 files changed, 12 insertions(+), 10 deletions(-) commit 7d5f274774fd887e73f90a062b0938d7f0f5cd94 Author: Bruce Guenter Date: Tue Mar 20 04:27:55 2001 +0000 Bumped up version number. VERSION | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 37728ba372c9bd998b241cd0f1f52984b8b6a442 Author: Bruce Guenter Date: Tue Mar 20 04:27:09 2001 +0000 Added note about new features. Bumped version number. NEWS | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) commit 8e6dd007d8c102de78216d2d270f33b2afd252ce Author: Bruce Guenter Date: Tue Mar 20 04:23:57 2001 +0000 Renamed the local-domain socket module to cvm-local: cvm.html | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) commit 3287bdae5eec0b0360e6bb43ff1c590978a84f95 Author: Bruce Guenter Date: Mon Mar 12 05:16:58 2001 +0000 Updated documentation for new server framework. client.html | 4 ++-- cvm.html | 19 ++++++++++++++++--- errors.html | 24 ++++++++++++++++++++++++ module.html | 49 +++++++++++++++++++++++++++++++++---------------- protocol.html | 52 ++++++++++++++++++++++------------------------------ rationale.html | 44 ++++++++++++++++++++++++++++---------------- 6 files changed, 125 insertions(+), 67 deletions(-) create mode 100644 errors.html commit 2268a04800b90a0abf157f974a114947341e3cab Author: Bruce Guenter Date: Sat Mar 10 10:24:51 2001 +0000 Rewrote the client library to do UDP calls. client.c | 190 ++++++++++++++++++++++++++++++++++++++----------------------- 1 files changed, 118 insertions(+), 72 deletions(-) commit e3f18ce746f113c066f0b562c2588394d82be6d0 Author: Bruce Guenter Date: Sat Mar 10 10:24:14 2001 +0000 CVM clients now need the socket library. cvm-testclient=x | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) commit 4f537f9509d570dad4b7a522b1754edb8aa2e3fd Author: Bruce Guenter Date: Sat Mar 10 10:23:51 2001 +0000 Further split up the CVM documentation, modified to account for upcoming UDP modifications. cvm.html | 195 ++------------------------------------------------------ protocol.html | 123 +++++++++++++++++++++++++++++++++++ rationale.html | 53 +++++++++++++++ 3 files changed, 181 insertions(+), 190 deletions(-) create mode 100644 protocol.html create mode 100644 rationale.html commit 7614e9153ecf9326551e74e2a24c4e337ed96c8b Author: Bruce Guenter Date: Sat Mar 10 10:22:40 2001 +0000 Shrank buffer size down to 512 bytes. module_input.c | 2 +- module_output.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 199f458e28f9aa63c5e6180d2efa36fd2ee5804d Author: Bruce Guenter Date: Thu Mar 8 21:08:19 2001 +0000 Updated date. README | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 7c1defdeea064f57e65998f0ebb24c541b4b5239 Author: Bruce Guenter Date: Wed Mar 7 23:25:54 2001 +0000 *** empty log message *** NEWS | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) commit fb391630b67c6efc638cf25b08ad8be89a490e1b Author: Bruce Guenter Date: Wed Mar 7 06:04:34 2001 +0000 Bumped up version number. NEWS | 5 +++++ README | 2 +- VERSION | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) commit 61f0d5e6cc162b10cc11a3af0e780149a82632fd Author: Bruce Guenter Date: Wed Mar 7 05:13:08 2001 +0000 Properly handle unsigned numbers, rejecting negatives. Return error if parsing data fails, even if module returns OK. client.c | 15 ++++++++++----- 1 files changed, 10 insertions(+), 5 deletions(-) commit 3c9bbf02a13386897cef05fcb708e46d118d12b1 Author: Bruce Guenter Date: Tue Feb 27 23:16:15 2001 +0000 Fixed to account for file name changes. insthier.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) commit e98a40bb0ee83d0f934b95b993d0a238eadc7efc Author: Bruce Guenter Date: Tue Feb 27 23:15:15 2001 +0000 Fixed up date. README | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) commit b1c4e59e7130f3d100474c137ce49632649c78d3 Author: Bruce Guenter Date: Tue Feb 27 23:15:09 2001 +0000 Added shadow.lib dependancy to cvm-unix. cvm-unix=x | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) commit d3e9b823eb23a821987564198018fde6d00930e0 Author: Bruce Guenter Date: Fri Feb 23 23:27:40 2001 +0000 Renamed testcvmclient to cvm-testclient testcvmclient.c => cvm-testclient.c | 0 testcvmclient=x => cvm-testclient=x | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename testcvmclient.c => cvm-testclient.c (100%) rename testcvmclient=x => cvm-testclient=x (100%) commit 779a2572e1b6f6ce116e265ac480d3be6c44bc01 Author: Bruce Guenter Date: Fri Feb 23 23:18:02 2001 +0000 Added new library documentation. client.html | 34 ++++++++++++++++++++++++++++++++++ cvm.html | 4 ++++ module.html | 25 +++++++++++++++++++++++++ 3 files changed, 63 insertions(+), 0 deletions(-) create mode 100644 client.html create mode 100644 module.html commit 7bb8c0920474bfb9838ce6203b3bfeed291d9aa1 Author: Bruce Guenter Date: Fri Feb 23 23:17:48 2001 +0000 Fixed bug of using strtol instead of strtoul. client.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit 015b0361f1d706c31d3f70fe2fe1d4ef8450ca37 Author: Bruce Guenter Date: Fri Feb 23 23:17:30 2001 +0000 Bumped up version number. NEWS | 9 +++++++++ VERSION | 2 +- 2 files changed, 10 insertions(+), 1 deletions(-) commit b2059c0de39baa636b397f864c9e923764553d29 Author: Bruce Guenter Date: Fri Feb 23 23:16:59 2001 +0000 Renamed cvm_unix to cvm-unix. cvm_unix.c => cvm-unix.c | 0 cvm_unix=x => cvm-unix=x | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename cvm_unix.c => cvm-unix.c (100%) rename cvm_unix=x => cvm-unix=x (100%) commit affd58af588221d8995c4124064d26c4a6a713f7 Author: Bruce Guenter Date: Fri Feb 23 06:29:57 2001 +0000 *** empty log message *** README | 23 ++++++----------------- makedist.in | 4 ++-- 2 files changed, 8 insertions(+), 19 deletions(-) commit 1bb91bb2ab79b5d7f93ec38f5e6ad7f31bdb65a5 Author: Bruce Guenter Date: Fri Feb 23 06:26:42 2001 +0000 Added the makedist file. makedist.in | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 54 insertions(+), 0 deletions(-) create mode 100644 makedist.in commit 80dbf7a93bec247add0c2366261c88f1a68993f8 Author: Bruce Guenter Date: Fri Feb 23 06:24:31 2001 +0000 Fixed up distribution files. README | 28 ++++++++++++++++++++++++++++ VERSION | 2 +- spec | 41 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 1 deletions(-) create mode 100644 NEWS create mode 100644 README create mode 100644 spec commit e1a827619c89f298eb013e526a5de6c6260de35f Author: Bruce Guenter Date: Fri Feb 23 05:37:59 2001 +0000 Renamed testclient to testcvmclient. testclient.c | 10 ---------- testcvmclient.c | 32 ++++++++++++++++++++++++++++++++ testclient=x => testcvmclient=x | 0 3 files changed, 32 insertions(+), 10 deletions(-) delete mode 100644 testclient.c create mode 100644 testcvmclient.c rename testclient=x => testcvmclient=x (100%) commit 5e2fedb65135d3a24ef00215bec7a9a697feedc2 Author: Bruce Guenter Date: Fri Feb 23 05:37:48 2001 +0000 Install cvm_unix and testcvmclient in conf_bin. insthier.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) commit 1f8329493eb5d421c1852b1a7a4ba20839129656 Author: Bruce Guenter Date: Fri Feb 23 05:37:22 2001 +0000 Wait for program exit after killing the program to catch exit codes properly. client.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) commit ddc8cc1f8763c0168577d145d3201beb16721d82 Author: Bruce Guenter Date: Fri Feb 23 05:24:15 2001 +0000 Renamed interface.html to cvm.html interface.html => cvm.html | 17 ++++++++++++++++- 1 files changed, 16 insertions(+), 1 deletions(-) rename interface.html => cvm.html (89%) commit 1adb2c7f9b0862ec7ac5852700262dce77d986fd Author: Bruce Guenter Date: Fri Feb 23 05:15:28 2001 +0000 Renamed auth_sys to cvm_unix. auth_sys.c => cvm_unix.c | 0 auth_sys=x => cvm_unix=x | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename auth_sys.c => cvm_unix.c (100%) rename auth_sys=x => cvm_unix=x (100%) commit a3606c8b481e028d9b6aa56cacff1248edc6c358 Author: Bruce Guenter Date: Fri Feb 23 05:11:51 2001 +0000 Initial revision VERSION | 1 + auth_sys.c | 62 ++++++++++++++++++ auth_sys=x | 2 + client.c | 158 +++++++++++++++++++++++++++++++++++++++++++++ client.h | 10 +++ client=l | 2 + facts.c | 11 +++ facts.h | 25 +++++++ insthier.c | 1 + interface.html | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ module.h | 19 ++++++ module=l | 4 + module_input.c | 54 ++++++++++++++++ module_main.c | 18 +++++ module_output.c | 59 +++++++++++++++++ testclient.c | 10 +++ testclient=x | 1 + 17 files changed, 627 insertions(+), 0 deletions(-) create mode 100644 VERSION create mode 100644 auth_sys.c create mode 100644 auth_sys=x create mode 100644 client.c create mode 100644 client.h create mode 100644 client=l create mode 100644 facts.c create mode 100644 facts.h create mode 100644 insthier.c create mode 100644 interface.html create mode 100644 module.h create mode 100644 module=l create mode 100644 module_input.c create mode 100644 module_main.c create mode 100644 module_output.c create mode 100644 testclient.c create mode 100644 testclient=x cvm-0.96/client_xfer_udp.c0000664000076400007640000000506711326155156015135 0ustar bruceguenter/* cvm/client_xfer_udp.c - CVM client UDP transmission library * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include #include #include "v1client.h" #include "protocol.h" /* UDP module invocation *****************************************************/ static int udp_sendrecv(int sock, ipv4addr* ip, ipv4port port, const struct cvm_packet* request, struct cvm_packet* response) { int timeout; int try; iopoll_fd ifd; ifd.fd = sock; ifd.events = IOPOLL_READ; for (timeout = 2, try = 0; try < 4; timeout *= 2, ++try) { if ((unsigned)socket_send4(sock, (char*)request->data, request->length, ip, port) != request->length) return 0; if (iopoll(&ifd, 1, timeout*1000) != 0) return (response->length = socket_recv4(sock, (char*)response->data, CVM_BUFSIZE, ip, &port)) != (unsigned)-1; } return 0; } unsigned cvm_xfer_udp_packets(const char* hostport, const struct cvm_packet* request, struct cvm_packet* response) { static char* hostname; char* portstr; ipv4port port; int sock; struct hostent* he; ipv4addr ip; if ((portstr = strchr(hostport, ':')) == 0) return CVME_GENERAL; if (hostname) free(hostname); hostname = malloc(portstr-hostport+1); memcpy(hostname, hostport, portstr-hostport); hostname[portstr-hostport] = 0; port = strtoul(portstr+1, &portstr, 10); if (*portstr != 0) return CVME_GENERAL; if ((he = gethostbyname(hostname)) == 0) return CVME_GENERAL; memcpy(&ip, he->h_addr_list[0], 4); if ((sock = socket_udp()) == -1) return CVME_IO; if (!udp_sendrecv(sock, &ip, port, request, response)) { close(sock); return CVME_IO; } close(sock); return 0; } cvm-0.96/cvm-v1testclient.c0000664000076400007640000000464011326155156015167 0ustar bruceguenter/* cvm/cvm-v1testclient.c - Diagnostic CVM client * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include "v1client.h" const char program[] = "cvm-v1testclient"; const int msg_show_pid = 0; static void s(const char* name, const char* value) { obuf_puts(&outbuf, name); obuf_puts(&outbuf, (value == 0) ? "(null)" : value); obuf_putc(&outbuf, '\n'); } static void u(const char* name, unsigned long value) { obuf_puts(&outbuf, name); obuf_putu(&outbuf, value); obuf_putc(&outbuf, '\n'); } int main(int argc, char** argv) { int i; unsigned long v; char num[FMT_ULONG_LEN]; if (argc < 4) die1(1, "Incorrect usage.\n" "usage: cvm-testclient cvmodule account domain [credential [credential ...]]\n"); i = cvm_client_authenticate(argv[1], argv[2], argv[3], (const char**)(argv+4), 0); if (i) { num[fmt_udec(num, i)] = 0; die5(i, "Authentication failed, error #", num, " (", (i < cvm_nerr) ? cvm_errlist[i] : "Unknown error code", ")"); } s("user name: ", cvm_fact_username); u("user ID: ", cvm_fact_userid); u("group ID: ", cvm_fact_groupid); s("real name: ", cvm_fact_realname); s("directory: ", cvm_fact_directory); s("shell: ", cvm_fact_shell); s("group name: ", cvm_fact_groupname); s("system user name: ", cvm_fact_sys_username); s("system directory: ", cvm_fact_sys_directory); s("domain: ", cvm_fact_domain); s("mailbox path: ", cvm_fact_mailbox); while (cvm_client_fact_uint(CVM_FACT_SUPP_GROUPID, &v) == 0) u("supp. group ID: ", v); obuf_flush(&outbuf); return 0; } cvm-0.96/random.h0000664000076400007640000000023511326155156013240 0ustar bruceguenter#ifndef CVM__RANDOM__H__ #define CVM__RANDOM__H__ extern void cvm_random_init(void); extern void cvm_random_fill(unsigned char* buf, unsigned len); #endif cvm-0.96/facts.c0000664000076400007640000000232411326155156013054 0ustar bruceguenter/* cvm/facts.c - Predefined credential facts * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include "facts.h" const char* cvm_fact_username = 0; unsigned long cvm_fact_userid = 0; unsigned long cvm_fact_groupid = 0; const char* cvm_fact_realname = 0; const char* cvm_fact_directory = 0; const char* cvm_fact_shell = 0; const char* cvm_fact_groupname = 0; const char* cvm_fact_sys_username = 0; const char* cvm_fact_sys_directory = 0; const char* cvm_fact_domain = 0; const char* cvm_fact_mailbox = 0; cvm-0.96/README0000664000076400007640000000503311326155156012470 0ustar bruceguentercvm Credential Validation Modules Bruce Guenter Version 0.96 2010-01-21 This package contains: - The reference source for the CVM interface. - Diagnostic and benchmark CVM clients. - A checkpassword interface CVM client. - A UNIX/POSIX system module (uses getpwnam). - A flat-file module. - A vmailmgr module. - MySQL, PgSQL, and SQLite modules. - A library for client writers. - A set of libraries for module writers. A mailing list has been set up to discuss this and other packages. To subscribe, send an email to: bgware-subscribe@lists.untroubled.org A mailing list archive is available at: http://lists.untroubled.org/?list=bgware Development versions of cvm are available via GIT at: http://untroubled.org/git/cvm.git Requirements: - bglibs library package version 1.103 or later. - The vmailmgr modules should work with all versions of vmailmgr that use CDB password tables, introduced in vmailmgr version 0.89 (only tested with version 0.96.9) - libtool Installation: - Make sure the latest version of bglibs from http://untroubled.org/bglibs/ is compiled and installed. - Build the sources by running "make" - After the package has been compiled, run the following commands as root: make install If you want to install in a different directory, run: make install install_prefix=/prefix vmailmgr Configuration: - If your virtual domain password tables are stored in a file other than passwd.cdb, set $VMAILMGR_PWFILE to that file name. - Set $QMAIL_ROOT to the base qmail directory (defaults to "/var/qmail"). - Set $VMAILMGR_DEFAULT to the vmailmgr default username (defaults to "+"). - Set $DEBUG (to anything) to see debugging output. - See http://untroubled.org/cvm/cvm.html for information on running local or UDP server modules. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ This program is Copyright(C) 2010 Bruce Guenter, and may be copied according to the GNU GENERAL PUBLIC LICENSE (GPL) Version 2 or a later version. A copy of this license is included with this package. This package comes with no warranty of any kind. The cvm-vmailmgr project was initiated at FutureQuest, Inc. We are releasing it as an open-source project because we felt it would be useful to others, as well as to repay our debt of gratitude to the larger open-source community for the excellent packages we have enjoyed. For more details, you may contact FutureQuest, Inc. at: FutureQuest, Inc. PO BOX 623127 Oviedo FL 32762-3127 USA http://www.FutureQuest.net/ cvm-0.96/vmautoconvert.c0000664000076400007640000000647011326155156014676 0ustar bruceguenter/* vmautoconvert.c - Automatically convert passwords for vmailmgr. * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include #include #include #include #include "module.h" #include "qmail.h" #include "cvm-vmailmgr.h" static int read_start(ibuf* in, uint32* end) { unsigned char buf[2048]; if (!ibuf_read(in, (char*)buf, sizeof buf)) return 0; *end = uint32_get_lsb(buf); return 1; } static int read_cdb_pair(ibuf* in, str* key, str* data) { unsigned char buf[8]; uint32 keylen; uint32 datalen; if (!ibuf_read(in, (char*)buf, sizeof buf)) return 0; keylen = uint32_get_lsb(buf); datalen = uint32_get_lsb(buf+4); if (!str_ready(key, keylen) || !str_ready(data, datalen) || !ibuf_read(in, key->s, keylen) || !ibuf_read(in, data->s, datalen)) return 0; key->s[key->len = keylen] = 0; data->s[data->len = datalen] = 0; return 1; } static str tmppwfile; static str key; static str data; static int convert_data(void) { struct vpwentry vpw; int status = 1; memset(&vpw, 0, sizeof vpw); if (!vpwentry_import(&vpw, &virtuser, &data)) return 0; status = str_copyb(&vpw.pass, "$0$", 3) && str_cat(&vpw.pass, &cvm_module_credentials[CVM_CRED_PASSWORD]) && vpwentry_export(&vpw, &data); vpwentry_free(&vpw); return status; } int vmailmgr_autoconvert(void) { int writefd = -1; ibuf reader; struct cdb_make writer; int error = 0; int readall = 0; int writerr = 0; if ((writefd = path_mktemp(pwfile, &tmppwfile)) != -1) { if (cdb_make_start(&writer, writefd) != 0) error = CVME_IO | CVME_FATAL; else { if (ibuf_open(&reader, pwfile, 0)) { uint32 end; struct stat st; if (fstat(reader.io.fd, &st) == 0 && fchmod(writefd, st.st_mode) == 0 && fchown(writefd, st.st_uid, st.st_gid) == 0 && read_start(&reader, &end)) { while (ibuf_tell(&reader) < end) { if (!read_cdb_pair(&reader, &key, &data)) break; if (str_diff(&key, &virtuser) == 0) if (!convert_data()) { writerr = 1; break; } if (cdb_make_add(&writer, key.s, key.len, data.s, data.len) != 0) { writerr = 1; break; } } readall = ibuf_tell(&reader) == end; } ibuf_close(&reader); } if (cdb_make_finish(&writer) != 0) error |= CVME_FATAL; else if (readall && !writerr) rename(tmppwfile.s, pwfile); } close(writefd); unlink(tmppwfile.s); } return error; } cvm-0.96/cvm-pwfile.html0000664000076400007640000000162011326155156014545 0ustar bruceguenter

CVM

The cvm-pwfile Module

Synopsis:

UNIX-style passwd file module

Credentials:

  1. Pass phrase

Description:

This module loads entries from an alternate password file using the fgetpwent API, which requires the file to be formatted the same as the UNIX /etc/passwd file. No group name lookups are done.

Configuration Variables:

$CVM_PWFILE_PATH
the path to the passwd file containing the credential information.
$CVM_PWFILE_PWCMP (optional)
The password comparison module to use. If it is not set, the default password comparison mode is plain-text. To use UNIX crypt style passwords, like /etc/passwd does, set this to "crypt".
cvm-0.96/client_setugid.c0000664000076400007640000000211411326155156014753 0ustar bruceguenter/* cvm/client_setugid.c - CVM client standard setuid/setgid call * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include "v1client.h" int cvm_client_setugid(void) { if (setgid(cvm_fact_groupid) == -1) return 0; if (setuid(cvm_fact_userid) == -1) return 0; if (chdir(cvm_fact_directory) == -1) return 0; return 1; } cvm-0.96/cvm-testclient.html0000664000076400007640000000077511326155156015447 0ustar bruceguenter

CVM

The cvm-testclient Program

cvm-testclient provides a method of testing CV modules from the command line.

Interface

     cvm-testclient CVM account domain credential [credential ...]

cvm-testclient will invoke the named CV module and provide a verbose report of the results, including details on the standard facts reported by the module.

cvm-0.96/cvm-v1checkpassword.c0000664000076400007640000000407311326155156015651 0ustar bruceguenter/* cvm/cvm-v1checkpassword.c - Checkpassword emulator for CVM * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include "v1client.h" const char program[] = "cvm-v1checkpassword"; const int msg_show_pid = 0; static char buffer[513]; static char* pass; void get_data(void) { unsigned buflen; unsigned rd; for (buflen = 0; buflen < sizeof buffer; buflen += rd) { do rd = read(3, buffer+buflen, sizeof buffer - buflen); while ((rd == (unsigned)-1) && (errno == EINTR)); if (rd == (unsigned)-1) exit(111); /* Read error */ if (rd == 0) break; } close(3); if (buflen >= sizeof buffer) exit(2); /* Buffer too long */ if ((pass = memchr(buffer, 0, buflen)) == 0) exit(2); /* No password */ ++pass; if (memchr(pass, 0, buflen-(pass-buffer)) == 0) exit(2); /* No terminator */ } int main(int argc, char** argv) { int i; const char* tokens[2]; if (argc < 3) die3(111, "usage: ", program, " cvmodule program [args ...]"); get_data(); tokens[0] = pass; tokens[1] = 0; if ((i = cvm_client_authenticate(argv[1], buffer, ucspi_localhost(), tokens, 1)) != 0) return i; if (!cvm_client_setugid()) return 111; if (!cvm_client_setenv()) return 111; execvp(argv[2], argv+2); return 111; } cvm-0.96/cvm-checkpassword.c0000664000076400007640000000411511326155156015377 0ustar bruceguenter/* cvm/cvm-checkpassword.c - Checkpassword emulator for CVM * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include "v2client.h" const char program[] = "cvm-checkpassword"; const int msg_show_pid = 0; static char buffer[513]; static char* pass; void get_data(void) { unsigned buflen; unsigned rd; for (buflen = 0; buflen < sizeof buffer; buflen += rd) { do rd = read(3, buffer+buflen, sizeof buffer - buflen); while ((rd == (unsigned)-1) && (errno == EINTR)); if (rd == (unsigned)-1) exit(111); /* Read error */ if (rd == 0) break; } close(3); if (buflen >= sizeof buffer) exit(2); /* Buffer too long */ if ((pass = memchr(buffer, 0, buflen)) == 0) exit(2); /* No password */ ++pass; if (memchr(pass, 0, buflen-(pass-buffer)) == 0) exit(2); /* No terminator */ } int main(int argc, char** argv) { int i; const char* tokens[2]; if (argc < 3) die3(111, "usage: ", program, " cvmodule program [args ...]"); get_data(); tokens[0] = pass; tokens[1] = 0; if ((i = cvm_client_authenticate_password(argv[1], buffer, ucspi_localhost(), pass, 1)) != 0) return i; if (!cvm_client_setugid()) return 111; if (!cvm_client_setenv()) return 111; execvp(argv[2], argv+2); return 111; } cvm-0.96/sasl_auth.c0000664000076400007640000000740011326155156013737 0ustar bruceguenter#include #include #include #include #include #include "sasl.h" #include "v2client.h" int sasl_auth_init(struct sasl_auth* sa) { if (sa->prefix == 0) sa->prefix = ""; if (sa->suffix == 0) sa->suffix = "\r\n"; if (sa->in == 0) sa->in = &inbuf; if (sa->out == 0) sa->out = &outbuf; return sasl_init(&sa->state); } int sasl_auth_caps(str* caps) { const struct sasl_mechanism* smech; if (!sasl_mechanisms) return 0; if (!str_truncate(caps, 0) || !str_copys(caps, "AUTH")) return -1; for (smech = sasl_mechanisms; smech != 0; smech = smech->next) if (!str_catc(caps, ' ') || !str_cats(caps, smech->name)) return -1; return 1; } int sasl_auth2(struct sasl_auth* sa, const char* mechanism, const char* init_response) { str challenge = {0,0,0}; str challenge64 = {0,0,0}; str response = {0,0,0}; str response64 = {0,0,0}; int i; str* iresponsestr; if (init_response != 0) { if (!str_truncate(&response, 0)) return -1; if (!base64_decode_line(init_response, &response)) { msg3("SASL AUTH ", mechanism, " failed: bad response"); str_free(&response); return SASL_RESP_BAD; } iresponsestr = &response; } else iresponsestr = 0; i = sasl_start(&sa->state, mechanism, iresponsestr, &challenge); while (i == SASL_CHALLENGE) { i = -1; if (str_truncate(&challenge64, 0) && base64_encode_line((const unsigned char*)challenge.s, challenge.len, &challenge64) && obuf_puts(sa->out, sa->prefix) && obuf_putstr(sa->out, &challenge64) && obuf_putsflush(sa->out, sa->suffix) && ibuf_getstr_crlf(sa->in, &response64)) { if (response64.len == 0 || response64.s[0] == '*') { msg3("SASL AUTH ", mechanism, " failed: aborted"); i = SASL_AUTH_FAILED; } else if (!str_truncate(&response, 0) || !base64_decode_line(response64.s, &response)) { msg3("SASL AUTH ", mechanism, " failed: bad response"); i = SASL_RESP_BAD; } else i = sa->state.response(&sa->state, &response, &challenge); } else if (ibuf_eof(sa->in)) i = SASL_RESP_EOF; } if (i == SASL_AUTH_OK) { str_truncate(&response, 0); str_copys(&response, "username="); str_cats(&response, cvm_fact_username); if (cvm_fact_sys_username != 0) { str_cats(&response, " sys_username="); str_cats(&response, cvm_fact_sys_username); } if (cvm_fact_domain != 0 && cvm_fact_domain[0] != 0) { str_cats(&response, " domain="); str_cats(&response, cvm_fact_domain); } msg4("SASL AUTH ", mechanism, " ", response.s); cvm_client_setenv(); } else msg3("SASL AUTH ", mechanism, " failed"); str_free(&response); str_free(&response64); str_free(&challenge); str_free(&challenge64); return i; } int sasl_auth1(struct sasl_auth* sa, const str* arg) { str mechanism = {0,0,0}; int s; if ((s = str_findfirst(arg, ' ')) != -1) { if (!str_copyb(&mechanism, arg->s, s)) return -1; while (arg->s[s] == ' ') ++s; s = sasl_auth2(sa, mechanism.s, arg->s+s); str_free(&mechanism); } else s = sasl_auth2(sa, arg->s, 0); return s; } const char* sasl_auth_msg(int* code) { int newcode; const char* msg; #define R(C,M) newcode=C; msg=M; break switch (*code) { case SASL_AUTH_FAILED: R(501,"Authentication failed."); case SASL_NO_MECH: R(504,"Unrecognized authentication mechanism."); case SASL_RESP_REQUIRED: R(535,"Response was required but not given."); case SASL_RESP_NOTALLOWED: R(535,"Initial response not allowed."); case SASL_RESP_BAD: R(501,"Could not decode the response."); case SASL_RESP_EOF: R(535,"End of file reached."); default: R(451,"Internal error."); } *code = newcode; return msg; } cvm-0.96/qmail-lookup.c0000664000076400007640000000510511326155156014366 0ustar bruceguenter/* qmail-lookup.c - qmail CVM lookup routines * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include "module.h" #include "qmail.h" static const char* missingdomain = 0; static const char* missinguser = "alias"; int qmail_lookup_init(void) { if (qmail_init() != 0 || qmail_users_init() != 0 || qmail_domains_init() != 0) return -1; if ((missingdomain = getenv("CVM_QMAIL_MISSINGDOMAIN")) != 0) if (*missingdomain == 0) missingdomain = "localhost"; if ((missinguser = getenv("CVM_QMAIL_MISSINGUSER")) == 0 || *missinguser == 0) missinguser = "alias"; return 0; } /* Look up the CVM domain and account name in the qmail configuration. * Returns: * -1 System or other error * 0 Success * 1 Domain not found * 2 Account not found */ int qmail_lookup_cvm(struct qmail_user* user, str* domain, str* username, str* ext) { static str prefix; static str fullname; if (cvm_module_credentials[CVM_CRED_DOMAIN].len == 0) if (!str_copys(&cvm_module_credentials[CVM_CRED_DOMAIN], qmail_envnoathost)) return CVME_IO; if (qmail_users_reinit() != 0 || qmail_domains_reinit() != 0) return -1; switch (qmail_domains_lookup(&cvm_module_credentials[CVM_CRED_DOMAIN], domain, &prefix)) { case -1: return -1; case 0: if (missingdomain == 0) return 1; if (!str_copys(domain, missingdomain) || !str_copys(&fullname, missinguser)) return -1; break; default: fullname.len = 0; if (prefix.len > 0) if (!str_copy(&fullname, &prefix) || !str_catc(&fullname, '-')) return -1; if (!str_cat(&fullname, &cvm_module_credentials[CVM_CRED_ACCOUNT])) return -1; } switch (qmail_users_lookup_split(user, fullname.s, username, ext)) { case -1: return -1; case 0: return 2; } return 0; } cvm-0.96/SRCFILES0000664000076400007640000000214411326155156012745 0ustar bruceguenterINSTHIER client_domain.c client_setenv.c client_setugid.c client_xfer_command.c client_xfer_compat.c client_xfer_local.c client_xfer_udp.c credentials.h cvm-benchclient.c cvm-chain.c cvm-checkpassword.c cvm-mysql-local.c cvm-mysql-udp.c cvm-mysql.c cvm-pgsql-local.c cvm-pgsql-udp.c cvm-pgsql.c cvm-pwfile.c cvm-qmail.c cvm-sqlite.c cvm-testclient.c cvm-unix.c cvm-v1benchclient.c cvm-v1checkpassword.c cvm-v1testclient.c cvm-vchkpw.c cvm-vmailmgr-local.c cvm-vmailmgr-udp.c cvm-vmailmgr.c cvm-vmailmgr.h cvm/module.h errors.c errors.h facts.c facts.h getpwnam.c module.h module_command.c module_command_main.c module_local.c module_local_main.c module_log.c module_main.c module_output.c module_request.c module_udp.c module_udp_main.c protocol.h qmail-domains.c qmail-dotfile.c qmail-init.c qmail-lookup.c qmail-users.c qmail.h random.c random.h sasl-auth-test.c sasl.h sasl_auth.c sasl_authenticate.c sasl_cram_md5.c sasl_init.c sasl_internal.h sasl_login.c sasl_plain.c sasl_start.c sql-auth.c sql-query-test.c sql-query.c sql.h v1client.c v1client.h v2client.c v2client.h v2client_wrappers.c vmautoconvert.c vmlookup.c cvm-0.96/module_main.c0000664000076400007640000000323311326155156014245 0ustar bruceguenter/* cvm/module.c - CVM generic server module main routine * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include "module.h" const int msg_show_pid = 0; void usage(void) { die5(1, "Incorrect usage.\n" "usage: ", program, " cvm-local:/path/to/socket\n" "or: ", program, " cvm-udp:hostname:port"); } extern int command_main(void); extern int local_main(const char*); extern int udp_main(const char*, const char*); int main(int argc, char** argv) { cvm_module_init_request(); if (argc == 1) return command_main(); if (argc == 2) { if (memcmp(argv[1], "cvm-local:", 10) == 0) return local_main(argv[1] + 10); if (memcmp(argv[1], "cvm-udp:", 8) == 0) { char* hostname = argv[1] + 8; char* port = strchr(hostname, ':'); if (port == 0) usage(); *port++ = 0; return udp_main(hostname, port); } } usage(); return 0; } cvm-0.96/sql.h0000664000076400007640000000111111326155156012551 0ustar bruceguenter#ifndef CVM__SQL__H__ #define CVM__SQL__H__ #include extern const char sql_query_default[]; extern int sql_query_validate(const char* template); extern int sql_query_build(const char* template, str* q); /* These routines must be defined by the SQL module */ extern const char sql_query_var[]; extern const char sql_pwcmp_var[]; extern const char sql_postq_var[]; extern int sql_auth_init(void); extern int sql_auth_query(const str* query); extern int sql_post_query(const str* query); extern const char* sql_get_field(int field); extern void sql_auth_stop(void); #endif cvm-0.96/cvm-checkpassword.html0000664000076400007640000000152611326155156016124 0ustar bruceguenter

CVM

The cvm-checkpassword Program

cvm-checkpassword provides a checkpassword interface for CVM modules.

Interface

     cvm-checkpassword CVM Command [arguments ...]

See the above links for details on both the CVM and checkpassword interfaces. To use this interface with qmail-pop3d, use the following command line: 

     /var/qmail/bin/qmail-popup \
     cvm-checkpassword cvm-unix \
     /var/qmail/bin/qmail-pop3d ./Maildir/

Note: The default mode of operations for this module is to attempt to split a domain name from the account name. If this is not desirable, set $CVM_ACCOUNT_SPLIT_CHARS to an empty string.

cvm-0.96/client_xfer_local.c0000664000076400007640000000356511326155156015440 0ustar bruceguenter/* cvm/client_xfer_local.c - CVM client local transmission library * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include "v1client.h" #include "protocol.h" /* UNIX local-domain socket module invocation ********************************/ unsigned cvm_xfer_local_packets(const char* path, const struct cvm_packet* request, struct cvm_packet* response) { int sock; int result; unsigned io; unsigned done; unsigned len; result = CVME_IO; response->length = 0; if ((sock = socket_unixstr()) != -1 && socket_connectu(sock, path)) { for (done = 0, len = request->length; done < len; done += io) { if ((io = write(sock, request->data+done, len-done)) == 0) break; if (io == (unsigned)-1) break; } socket_shutdown(sock, 0, 1); if (done >= len) { for (done = 0; done < CVM_BUFSIZE; done += io) { if ((io = read(sock, response->data+done, CVM_BUFSIZE-done)) == 0) break; if (io == (unsigned)-1) done = CVM_BUFSIZE+1; } if (done <= CVM_BUFSIZE) { response->length = done; result = 0; } } } close(sock); return result; } cvm-0.96/TARGETS0000664000076400007640000000421311326155156012643 0ustar bruceguenterall clean clean-spac client_domain.lo client_domain.o client_setenv.lo client_setenv.o client_setugid.lo client_setugid.o client_xfer_command.lo client_xfer_command.o client_xfer_compat.lo client_xfer_compat.o client_xfer_local.lo client_xfer_local.o client_xfer_udp.lo client_xfer_udp.o compile crypt.lib cvm-benchclient cvm-benchclient.o cvm-chain cvm-chain.o cvm-checkpassword cvm-checkpassword.o cvm-mysql cvm-mysql-local cvm-mysql-local.o cvm-mysql-udp cvm-mysql-udp.o cvm-mysql.o cvm-pgsql cvm-pgsql-local cvm-pgsql-local.o cvm-pgsql-udp cvm-pgsql-udp.o cvm-pgsql.o cvm-pwfile cvm-pwfile.o cvm-qmail cvm-qmail.o cvm-sqlite cvm-sqlite.o cvm-testclient cvm-testclient.o cvm-unix cvm-unix.o cvm-v1benchclient cvm-v1benchclient.o cvm-v1checkpassword cvm-v1checkpassword.o cvm-v1testclient cvm-v1testclient.o cvm-vchkpw cvm-vchkpw.o cvm-vmailmgr cvm-vmailmgr-local cvm-vmailmgr-local.o cvm-vmailmgr-udp cvm-vmailmgr-udp.o cvm-vmailmgr.o docs errors.lo errors.o facts.lo facts.o getpwnam.o install libcvm-command.la libcvm-local.la libcvm-module.la libcvm-qmail.la libcvm-sasl.la libcvm-sql.la libcvm-udp.la libcvm-v1client.la libcvm-v2client.la libraries load ltcompile ltload makeshlib module_command.lo module_command.o module_command_main.lo module_command_main.o module_local.lo module_local.o module_local_main.lo module_local_main.o module_log.lo module_log.o module_main.lo module_main.o module_output.lo module_output.o module_request.lo module_request.o module_udp.lo module_udp.o module_udp_main.lo module_udp_main.o mysql pgsql programs qmail-domains.lo qmail-domains.o qmail-dotfile.lo qmail-dotfile.o qmail-init.lo qmail-init.o qmail-lookup.lo qmail-lookup.o qmail-users.lo qmail-users.o random.lo random.o s.lib sasl-auth-test sasl-auth-test.o sasl_auth.lo sasl_auth.o sasl_authenticate.lo sasl_authenticate.o sasl_cram_md5.lo sasl_cram_md5.o sasl_init.lo sasl_init.o sasl_login.lo sasl_login.o sasl_plain.lo sasl_plain.o sasl_start.lo sasl_start.o shadow.lib socket.lib sql-auth.lo sql-auth.o sql-query-test sql-query-test.o sql-query.lo sql-query.o sqlite v1client.lo v1client.o v2client.lo v2client.o v2client_wrappers.lo v2client_wrappers.o vmautoconvert.o vmlookup.o cvm-0.96/module_log.c0000664000076400007640000000344411326155156014106 0ustar bruceguenter/* cvm/module_log.c - CVM server module logging functions * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include "module.h" void cvm_module_log_startup(void) { write(1, "Starting.\n", 10); } void cvm_module_log_shutdown(void) { write(1, "Stopping.\n", 10); } void cvm_module_log_request(void) { char buf[BUFSIZE+4]; char* ptr; ptr = buf; switch (cvm_module_outbuffer[0]) { case 0: *ptr++ = '+'; break; case CVME_PERMFAIL: *ptr++ = '-'; break; default: *ptr++ = '?'; break; } *ptr++ = ' '; if (cvm_module_credentials[CVM_CRED_ACCOUNT].s != 0) { memcpy(ptr, cvm_module_credentials[CVM_CRED_ACCOUNT].s, cvm_module_credentials[CVM_CRED_ACCOUNT].len); ptr += cvm_module_credentials[CVM_CRED_ACCOUNT].len; } if (cvm_module_credentials[CVM_CRED_DOMAIN].s != 0) { *ptr++ = '@'; memcpy(ptr, cvm_module_credentials[CVM_CRED_DOMAIN].s, cvm_module_credentials[CVM_CRED_DOMAIN].len); ptr += cvm_module_credentials[CVM_CRED_DOMAIN].len; } *ptr++ = '\n'; *ptr = 0; write(1, buf, ptr-buf); } cvm-0.96/v1client.c0000664000076400007640000001167511326155156013512 0ustar bruceguenter/* cvm/client.c - CVM client library * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include #include #include "v1client.h" #include "protocol.h" const char* cvm_client_account_split_chars = "@"; static struct cvm_packet request; static struct cvm_packet response; /* Packet management code ****************************************************/ static int parse_packet(struct cvm_packet* p) { if (p->data[0] != 0) return p->data[0]; if (p->length < 3 || p->data[p->length-1] != 0 || p->data[p->length-2] != 0) return CVME_BAD_MODDATA; if (cvm_client_fact_str(CVM_FACT_USERNAME, &cvm_fact_username) || cvm_client_fact_uint(CVM_FACT_USERID, &cvm_fact_userid) || cvm_client_fact_uint(CVM_FACT_GROUPID, &cvm_fact_groupid) || cvm_client_fact_str(CVM_FACT_DIRECTORY, &cvm_fact_directory)) return CVME_BAD_MODDATA; cvm_client_fact_str(CVM_FACT_SHELL, &cvm_fact_shell); cvm_client_fact_str(CVM_FACT_REALNAME, &cvm_fact_realname); cvm_client_fact_str(CVM_FACT_GROUPNAME, &cvm_fact_groupname); cvm_client_fact_str(CVM_FACT_SYS_USERNAME, &cvm_fact_sys_username); cvm_client_fact_str(CVM_FACT_SYS_DIRECTORY, &cvm_fact_sys_directory); cvm_client_fact_str(CVM_FACT_DOMAIN, &cvm_fact_domain); cvm_client_fact_str(CVM_FACT_MAILBOX, &cvm_fact_mailbox); return 0; } static int packet_add(struct cvm_packet* p, const char* str, unsigned len) { unsigned char* ptr; if (p->length + len + 1 >= CVM_BUFSIZE-1) return 0; ptr = p->data + p->length; memcpy(ptr, str, len); ptr[len] = 0; p->length += len + 1; return 1; } static unsigned build_packet(struct cvm_packet* p, const char* account, const char* domain, const char** credentials, int parse_domain) { unsigned i; unsigned actlen; p->data[0] = CVM1_PROTOCOL; p->length = 1; actlen = strlen(account); if (parse_domain) { const char* sc; if ((sc = getenv("CVM_ACCOUNT_SPLIT_CHARS")) == 0) sc = cvm_client_account_split_chars; i = strlen(account); while (i-- > 0) { if (strchr(sc, account[i]) != 0) { domain = account + i + 1; actlen = i; break; } } } if (!packet_add(p, account, actlen)) return 0; if (!packet_add(p, domain, strlen(domain))) return 0; for (i = 0; credentials[i] != 0; i++) if (!packet_add(p, credentials[i], strlen(credentials[i]))) return 0; p->data[p->length++] = 0; return 1; } int cvm_client_fact_str(unsigned number, const char** data) { static unsigned char* ptr = 0; static unsigned last_number = -1; if (!ptr || number != last_number) ptr = response.data+1; last_number = number; while (*ptr) { unsigned char* tmp = ptr; ptr += strlen((char*)ptr) + 1; if (*tmp == number) { *data = (char*)tmp + 1; return 0; } } return CVME_NOFACT; } int cvm_client_fact_uint(unsigned number, unsigned long* data) { const char* str; unsigned long i; int err; if ((err = cvm_client_fact_str(number, &str)) != 0) return err; for (i = 0; *str >= '0' && *str <= '9'; ++str) { unsigned long tmp = i; i = (i * 10) + (*str - '0'); if (i < tmp) return CVME_BAD_MODDATA; } if (*str) return CVME_BAD_MODDATA; *data = i; return 0; } /* Top-level wrapper *********************************************************/ int cvm_client_authenticate(const char* module, const char* account, const char* domain, const char** credentials, int parse_domain) { int result; void (*oldsig)(int); if (domain == 0) domain = ""; if (!build_packet(&request, account, domain, credentials, parse_domain)) return CVME_GENERAL; oldsig = signal(SIGPIPE, SIG_IGN); if (!memcmp(module, "cvm-udp:", 8)) result = cvm_xfer_udp_packets(module+8, &request, &response); else if (!memcmp(module, "cvm-local:", 10)) result = cvm_xfer_local_packets(module+10, &request, &response); else { if (!memcmp(module, "cvm-command:", 12)) module += 12; result = cvm_xfer_command_packets(module, &request, &response); } signal(SIGPIPE, oldsig); if (result != 0) return result; return parse_packet(&response); } cvm-0.96/client_domain.c0000664000076400007640000000236611326155156014567 0ustar bruceguenter/* cvm/client_domain.c - Determine domain from environment * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include "v1client.h" static long len = 0; static char* var = 0; const char* cvm_client_ucspi_domain(void) { const char* proto; long newlen; if ((proto = getenv("PROTO")) == 0) proto = "TCP"; newlen = strlen(proto) + 9; if (newlen > len) { free(var); var = malloc(newlen+1); len = newlen; } strcpy(var, proto); strcat(var, "LOCALHOST"); return getenv(var); } cvm-0.96/client_xfer_command.c0000664000076400007640000000605411326155156015760 0ustar bruceguenter/* cvm/client_xfer_command.c - CVM client command transmission library * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include #include "v1client.h" static pid_t pid; /* Command module execution **************************************************/ static int pipefork(const char* cmd, int pipes[2]) { int pipe1[2]; int pipe2[2]; if (pipe(pipe1) == -1 || pipe(pipe2) == -2) return 0; pid = fork(); switch (pid) { case -1: return 0; case 0: close(0); close(pipe1[1]); dup2(pipe1[0], 0); close(pipe1[0]); close(1); close(pipe2[0]); dup2(pipe2[1], 1); close(pipe2[1]); execlp(cmd, cmd, NULL); exit(1); default: close(pipe1[0]); pipes[0] = pipe1[1]; close(pipe2[1]); pipes[1] = pipe2[0]; return 1; } } static void killit(void) { if (pid != -1) kill(pid, SIGTERM); } static int waitforit(void) { int status; pid_t tmp; while ((tmp = wait(&status)) != -1) { if (tmp == pid) return WIFEXITED(status) ? WEXITSTATUS(status) : -CVME_IO; } return -CVME_IO; } static int write_buffer(int fd, const unsigned char* buffer, unsigned buflen) { size_t wr; while (buflen > 0) { wr = write(fd, buffer, buflen); if (wr == 0 || wr == (unsigned)-1) return 0; buflen -= wr; buffer += wr; } return 1; } static unsigned read_buffer(int fd, unsigned char* buffer) { size_t rd; unsigned buflen; for (buflen = 0; buflen < CVM_BUFSIZE; buffer += rd, buflen += rd) { rd = read(fd, buffer, CVM_BUFSIZE-buflen); if (rd == (unsigned)-1) return 0; if (rd == 0) break; } return buflen; } unsigned cvm_xfer_command_packets(const char* module, const struct cvm_packet* request, struct cvm_packet* response) { int pipes[2]; int result; if (!pipefork(module, pipes)) return CVME_IO; if (!write_buffer(pipes[0], request->data, request->length) || close(pipes[0]) == -1 || (response->length = read_buffer(pipes[1], response->data)) == 0 || close(pipes[1]) == -1) { killit(); if ((result = waitforit()) < 0) return -result; return CVME_IO; } if ((result = waitforit()) < 0) return -result; response->data[0] = result; return 0; } cvm-0.96/module_udp.c0000664000076400007640000000453311326155156014115 0ustar bruceguenter/* cvm/module_udp.c - UDP CVM server module loop * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include "module.h" static int sock; static ipv4addr ip; static ipv4port port; static int read_input(void) { cvm_module_inbuflen = socket_recv4(sock, (char*)cvm_module_inbuffer, BUFSIZE, &ip, &port); if (cvm_module_inbuflen == (unsigned)-1) return CVME_IO; return 0; } static void write_output(void) { socket_send4(sock, (char*)cvm_module_outbuffer, cvm_module_outbuflen, &ip, port); } static void exitfn() { cvm_module_log_shutdown(); exit(0); } extern void usage(void); int udp_main(const char* hostname, const char* portname) { int code; struct hostent* he; char* tmp; signal(SIGINT, exitfn); signal(SIGTERM, exitfn); if ((he = gethostbyname(hostname)) == 0) usage(); memcpy(&ip, he->h_addr_list[0], 4); if ((port = strtoul(portname, &tmp, 10)) == 0 || port >= 0xffff || *tmp != 0) usage(); if ((sock = socket_udp()) == -1) { error1sys("Could not create socket"); return CVME_IO; } if (!socket_bind4(sock, &ip, port)) { error1sys("Could not bind socket"); return CVME_IO; } if ((code = cvm_module_init()) != 0) return code; cvm_module_log_startup(); code = 0; do { if ((code = read_input()) != 0) continue; code = cvm_module_handle_request(); cvm_module_fact_end(code & CVME_MASK); cvm_module_log_request(); write_output(); } while ((code & CVME_FATAL) == 0); cvm_module_stop(); return 0; } cvm-0.96/sasl_cram_md5.c0000664000076400007640000000510511326155156014465 0ustar bruceguenter#include #include #include #include #include "v2client.h" #include "sasl.h" #include "sasl_internal.h" static const unsigned char hex2bin[256] = { -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 0-15 */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 16-31 */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 32-47 */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1,-1,-1,-1,-1, /* 48-63 */ -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 64-79 */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 80-95 */ -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 96-111 */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 112-127 */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 128-143 */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 144-159 */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 160-175 */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 176-191 */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 192-207 */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 208-223 */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 224-239 */ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, /* 240-255 */ }; static int response1(struct sasl_state* ss, const str* response, str* challenge) { char binresp[16]; const str binrespstr = { binresp, 16, 0 }; unsigned i; unsigned j; if (response->len == 0) return SASL_RESP_BAD; if ((i = str_findfirst(response, ' ')) == (unsigned)-1 || response->len - i != 33) return SASL_RESP_BAD; response->s[i] = 0; for (j = 0; j < 32; j += 2) binresp[j/2] = hex2bin[(unsigned char)response->s[i+j]] << 4 | hex2bin[(unsigned char)response->s[i+j+1]]; return sasl_authenticate_cram(ss, response->s, "CRAM-MD5", &ss->init, &binrespstr); (void)challenge; } int sasl_cram_md5_start(struct sasl_state* ss, const str* response, str* challenge) { struct timeval tv; const char* hostname; if (response) return SASL_RESP_NOTALLOWED; ss->response = response1; if ((hostname = cvm_client_ucspi_domain()) == 0) hostname = "unknown"; if (gettimeofday(&tv, 0) == -1 || !str_copys(&ss->init, "<") || !str_cati(&ss->init, getpid()) || !str_catc(&ss->init, '.') || !str_catu(&ss->init, tv.tv_sec) || !str_catc(&ss->init, '.') || !str_catuw(&ss->init, tv.tv_usec, 6, '0') || !str_catc(&ss->init, '@') || !str_cats(&ss->init, hostname) || !str_catc(&ss->init, '>') || !str_copy(challenge, &ss->init)) return SASL_TEMP_FAIL; return SASL_CHALLENGE; } cvm-0.96/conf-bglibs0000664000076400007640000000002611326155156013715 0ustar bruceguenter/usr/local/bglibs/lib cvm-0.96/errors.html0000664000076400007640000000255511326155156014020 0ustar bruceguenter

CVM

CVM Error Values

The following errors are defined:

# Name Description
1 CVME_GENERAL Unspecified error.
2 CVME_BAD_CLIDATA Invalid data from the client.
3 CVME_BAD_MODDATA Invalid data from the CVM.
4 CVME_IO Input or output error while communicating with the CVM.
5 CVME_NOFACT A requested fact was not present.
6 CVME_CONFIG The module has incomplete or non-functional configuration. This typically means an environment variable is missing or has bad contents.
7 CVME_NOCRED A credential that is required for successful validation by the module was not present in the input to the module.
100 CVME_PERMFAIL The credentials were accepted by the module but are incorrect.

Any non-zero value other than CVME_PERMFAIL (100) should be considered a temporary error.

cvm-0.96/cvm-qmail.html0000664000076400007640000000624211326155156014367 0ustar bruceguenter

CVM

The cvm-qmail Module

Synopsis:

qmail configuration lookup module

Credentials:

None, only operates as a lookup module.

Description:

This module uses the standard qmail configuration files to determine if an address is valid, using the same lookups that qmail would. It first checks control/locals and then control/virtualdomains to determine if the domain is valid, and to determine the prefix to add to virtual domain usernames. If the domain is not found, it fails with OUTOFSCOPE set to true. It then looks up the resulting username in users/cdb (or the system password table if the CDB does not exist) to determine the correct home directory. If the address would require a .qmail-something file, it ensures that that file exists as well, doing -default checks as necessary. If the address is not deliverable based on these checks, it fails with OUTOFSCOPE set to false.

Configuration Variables:

$CVM_QMAIL_ASSUME_LOCAL (optional)
If set, all domains not found in control/virtualdomains are assumed to be local domains.
$CVM_QMAIL_CHECK_PERMS (optional)
If set, the CVM will check that the .qmail file is accessible by temporarily switching to the target user ID. If $CVM_QMAIL_CHECK_PERMS starts with a "-" and the lookup fails because access was denied, then the lookup is rejected with a permanent error, otherwise a temporary I/O error is returned.
$CVM_QMAIL_LOOKASIDE (optional)
This variable contains a list of program names, separated by spaces. If one of these program names is found as a program delivery in the .qmail file, cvm-qmail will fail the lookup with OUTOFSCOPE set to true. This is useful for chaining lookups to cvm-vmailmgr or other modules that correspond to programs that are executed from .qmail-default files.
$CVM_QMAIL_MISSINGDOMAIN (optional)
If this is set and the domain name is not a local or virtual qmail domain, this domain name is substituted and the lookup succeeds. This allows for setups where domains listed in control/rcpthosts and control/morercpthosts.cdb (which are accepted by the SMTP receiver) are not listed as local or virtual domains. If this is set to an empty value, "localhost" is substituted. This has no effect if $CVM_QMAIL_ASSUME_LOCAL is set.
$CVM_QMAIL_MISSINGUSER (optional)
When missing domain substitution is being done, the value of this variable is used to replace the username. The value must exist as a valid system user. Defaults to "alias" which will normally exist on all qmail systems.
$QMAIL_ROOT (optional)
The root directory under which all the qmail configuration files are expected to be found. Defaults to "/var/qmail", which is the normal qmail install path.
cvm-0.96/INSTHIER0000664000076400007640000000213211326155156012755 0ustar bruceguenter>lib s:::::libcvm-client.a:libcvm-v2client.a s:::::libcvm-client.la:libcvm-v2client.la s:::::libcvm-client.so:libcvm-v2client.so l:::755::libcvm-command.la l:::755::libcvm-local.la l:::755::libcvm-module.la l:::755::libcvm-qmail.la l:::755::libcvm-sasl.la l:::755::libcvm-sql.la l:::755::libcvm-udp.la l:::755::libcvm-v1client.la l:::755::libcvm-v2client.la >bin l:::755::cvm-benchclient l:::755::cvm-chain l:::755::cvm-checkpassword l?:::755::cvm-mysql l?:::755::cvm-mysql-local l?:::755::cvm-mysql-udp l?:::755::cvm-pgsql l?:::755::cvm-pgsql-local l?:::755::cvm-pgsql-udp l:::755::cvm-pwfile l:::755::cvm-qmail l?:::755::cvm-sqlite l:::755::cvm-testclient l:::755::cvm-v1benchclient l:::755::cvm-v1checkpassword l:::755::cvm-v1testclient l:::755::cvm-vmailmgr l:::755::cvm-vmailmgr-local l:::755::cvm-vmailmgr-udp l:::755::cvm-unix l?:::755::cvm-vchkpw >include s:::::cvm-sasl.h:cvm/sasl.h d:::755:cvm s:::644:cvm:client.h:v2client.h c:::644:cvm:credentials.h c:::644:cvm:errors.h c:::644:cvm:facts.h c:::644:cvm:module.h c:::644:cvm:protocol.h c:::644:cvm:sasl.h c:::644:cvm:v1client.h c:::644:cvm:v2client.h cvm-0.96/facts.html0000664000076400007640000001005311326155156013574 0ustar bruceguenter

CVM

CVM Fact Definitions

Types

Facts may have one of two types:

  • string: An arbitrary length series of ASCII characters (not containing NUL in the version 1 protocol).
  • integer: A series of ASCII numerals interpreted as an unsigned decimal value.

Numbering

All predefined fact numbers will have values between 1 and 127 inclusive. All other fact numbers (from 128 to 255) are reserved for local or experimental use. Facts marked as "required" must be present at least once in the result. Facts marked as "multiple" may be present more than once; all other facts are optional and must be present at most once. Facts may be reported in any order, and that order carries no significance.

# Name Type Required/
Optional/
Multiple		 Description
1 CVM_FACT_USERNAME string Required The login user name.
2 CVM_FACT_USERID integer Required The user numerical ID.
3 CVM_FACT_GROUPID integer Required The group numerical ID.
4 CVM_FACT_REALNAME string Optional The user's real name.
5 CVM_FACT_DIRECTORY string Required The "home" directory.
6 CVM_FACT_SHELL string Optional The login shell.
7 CVM_FACT_GROUPNAME string Optional The login group name, as reported by the system tables.
8 CVM_FACT_SUPP_GROUPID integer Optional
Multiple		 Supplemental group ID list, must contain the primary group ID.
9 CVM_FACT_SYS_USERNAME string Optional The system user name. For virtual login systems, this may differ from fact #1. Where present, this should be the user name associated with the user ID as reported by the system tables (ie getpwuid).
10 CVM_FACT_SYS_DIRECTORY string Optional The base "home" directory. For virtual login systems, this may differ from fact #5. Where present, this should be the directory associated with the user ID as reported by the system tables (ie getpwuid).
11 CVM_FACT_OFFICE_LOCATION string Optional The office location from the GECOS field.
12 CVM_FACT_WORK_PHONE string Optional The work phone number from the GECOS field.
13 CVM_FACT_HOME_PHONE string Optional The home phone number from the GECOS field.
14 CVM_FACT_DOMAIN string Optional The domain name associated with the validated credentials.
15 CVM_FACT_MAILBOX string Optional The path to the mailbox file or directory. If this path is not prefixed with a slash ('/'), it must be interpreted as relative to the home directory.
16 CVM_FACT_OUTOFSCOPE integer Optional This fact is only relevant on permanent failures. If present, a non-zero value indicates that validation failed because the given credentials were outside of the scope for which the module is authoritative.
cvm-0.96/client_setenv.c0000664000076400007640000000524511326155156014623 0ustar bruceguenter/* cvm/client_setenv.c - CVM client standard setenv calls * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include "v1client.h" static char* utoa_rec(unsigned i, char* buf) { if (i < 10) *buf = i + '0'; else { buf = utoa_rec(i / 10, buf); *buf = (i % 10) + '0'; } *++buf = 0; return buf; } static char utoa_buf[32]; static char* utoa(unsigned i) { utoa_rec(i, utoa_buf); return utoa_buf; } static int utoa_len(unsigned i) { return utoa_rec(i, utoa_buf) - utoa_buf; } static int set_gids(void) { unsigned long gid; long len; char* start; char* ptr; int result; len = 0; while (cvm_client_fact_uint(CVM_FACT_SUPP_GROUPID, &gid) == 0) len += utoa_len(gid) + 1; /* Don't set $GIDS if no supplementary group IDs were listed */ if (len == 0) return 1; /* Reset to the start of facts list */ cvm_client_fact_uint(-1, &gid); ptr = start = malloc(len); while (cvm_client_fact_uint(CVM_FACT_SUPP_GROUPID, &gid) == 0) { if (ptr > start) *ptr++ = ','; ptr = utoa_rec(gid, ptr); } result = setenv("GIDS", start, 1) == 0; free(start); return result; } int cvm_client_setenv(void) { if (setenv("USER", cvm_fact_username, 1) != 0) return 0; if (setenv("UID", utoa(cvm_fact_userid), 1) != 0) return 0; if (setenv("GID", utoa(cvm_fact_groupid), 1) != 0) return 0; if (cvm_fact_realname && setenv("NAME", cvm_fact_realname, 1) != 0) return 0; if (setenv("HOME", cvm_fact_directory, 1) != 0) return 0; if (cvm_fact_shell && setenv("SHELL", cvm_fact_shell, 1) != 0) return 0; if (cvm_fact_groupname && setenv("GROUP", cvm_fact_groupname, 1) != 0) return 0; if (cvm_fact_domain && setenv("DOMAIN", cvm_fact_domain, 1) != 0) return 0; if (cvm_fact_mailbox && (setenv("MAIL", cvm_fact_mailbox, 1) != 0 || setenv("MAILBOX", cvm_fact_mailbox, 1) != 0 || setenv("MAILDIR", cvm_fact_mailbox, 1))) return 0; if (!set_gids()) return 0; return 1; } cvm-0.96/conf-lib0000664000076400007640000000010011326155156013212 0ustar bruceguenter/usr/local/lib Libraries will be installed in this directory. cvm-0.96/cvm-sqlite.c0000664000076400007640000000640611326155156014045 0ustar bruceguenter/* cvm/cvm-sqlite.c - SQLite CVM * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * Placed into the public domain by Wayne Marshall */ #include #include #include #include #include #include #include "sql.h" const char program[] = "cvm-sqlite"; const char sql_query_var[] = "CVM_SQLITE_QUERY"; const char sql_pwcmp_var[] = "CVM_SQLITE_PWCMP"; const char sql_postq_var[] = "CVM_SQLITE_POSTQ"; #define MAX_NFIELDS 12 /* struct for one row of query result: */ struct sql_row { int nfields; const char* data[MAX_NFIELDS]; }; /* variables in scope of this file: */ static const char *dbfile; static sqlite3 *db; static int result_rows; static struct sql_row row; /* ** sqlite3 query callback interface ** ** * called for each row in query result ** * cvm design assumes/requires only one row returned per query ** * return of more than one row results in: error #100 (Credentials rejected) ** */ static int my_callback(void *callback_arg, int nfields, char **data, char **field_names) { int i; row.nfields = nfields; for (i = 0; i < MAX_NFIELDS && i < nfields; ++i) { if (row.data[i] != NULL) free((char*)row.data[i]); if (data[i] != NULL) if ((data[i] = strdup(data[i])) == NULL) return 1; row.data[i] = data[i]; } ++result_rows; return 0; (void)callback_arg; (void)field_names; } int sql_auth_init(void) { int err = 0; dbfile = getenv("CVM_SQLITE_DB"); if(dbfile == NULL) return CVME_CONFIG; err = sqlite3_open(dbfile, &db); if(err != SQLITE_OK) return CVME_IO; err = sqlite3_busy_timeout(db, 1000); if(err != SQLITE_OK) return CVME_FATAL; result_rows = 0; return 0; } int sql_auth_query(const str *query) { int err = 0; result_rows = 0; err = sqlite3_exec(db, query->s, &my_callback, NULL, NULL); if(err != SQLITE_OK) return -(CVME_IO | CVME_FATAL); return result_rows; } /* XXX, not sure how this might be used: */ int sql_post_query(const str *query) { return 0; (void)query; } /* ** NOTE: ** ** cvm design assumes/requires credential query to select fields ** in an exact specific order ** ** that is, field names don't matter ** what matters is field order in the result set ** ** btw, defining CVM_SQLITE_QUERY in the module environment is *required* ** that is, no default query is provided ** */ const char * sql_get_field(int n) { return (n < row.nfields ? row.data[n] : NULL); } void sql_auth_stop(void) { sqlite3_close(db); return; } /* cvm-sqlite.c: EOF */ cvm-0.96/v2client.html0000664000076400007640000001262711326155156014233 0ustar bruceguenter

CVM

CVM Version 2 Client Library

The CVM version 2 client library defines the following functions:

int cvm_client_authenticate(const char* module, unsigned count, struct cvm_credential* credentials)

This is the main entry point to the library. Set up the credentials as an array and call cvm_client_authenticate. The credentials must contain a CVM_CRED_ACCOUNT entry. The function will return 0 if authentication succeeded and an error code otherwise. The credentials have the following structure: 

struct
cvm_credential { unsigned type; str value; }

If $CVM_LOOKUP_SECRET is set, and no CVM_CRED_SECRET credential is present in the credentials, its value is added to the set of outgoing credentials automatically to assist with the workings of lookup modules.

If authentication succeeds, this routine automatically retrieves cvm_fact_username, cvm_fact_userid, cvm_fact_groupid, cvm_fact_directory, and cvm_fact_shell. cvm_fact_realname, cvm_fact_groupname, cvm_fact_sys_username, cvm_fact_sys_directory, and cvm_fact_domain are also set if they were present in the results.

The client should change directory to the named home directory and drop root priviledges as soon as possible after successful authentication. Where reasonable, the client should also chroot to the directory for added protection.

A random tag is added to the transmitted data to prevent spoofing when a remote module is being contacted (UDP mode). Its size is set by $CVM_RANDOM_BYTES, and defaults to 8 bytes.

int cvm_client_split_account(str* account, str* domain)

This function splits a domain name, if present, from of the account name. It searches for the last instance of any character from cvm_client_account_split_chars in account. If found, domain is replaced with the portion of account following that character, and account is truncated before that character. cvm_client_account_split_chars defaults to "@", which may be overridden by either setting it to a different string from the client program or by setting the $CVM_ACCOUNT_SPLIT_CHARS environment variable. Setting it to an empty string will effectively prevent parsing of the account name.

int cvm_client_authenticate_password(const char* module, const char* account, const char* domain, const char* password, int split_account)

This is a convenience wrapper function for the cvm_authenticate and cvm_split_account functions. The domain and password credentials are only sent if they are not NULL and not empty.

int cvm_client_fact_str(unsigned number, const char** data)

Retrieves a fact from the data returned by the module as a NUL-terminated string. Returns zero if the fact was present, and CVME_NOFACT otherwise. Successive calls to this function with the same number return subsequent facts if more than one instance of the fact was present.

int cvm_client_fact_uint(unsigned number, unsigned long* data)

Retrieves a fact from the data returned by the module as an unsigned integer. Returns zero if the fact was present and was an unsigned integer. Returns CVME_BAD_MODDATA if the fact was present but was not an unsigned integer. Successive calls to this function with the same number return subsequent facts if more than one instance of the fact was present.

const char* cvm_client_ucspi_domain(void)

Retrieves the UCSPI local domain from the environment variable named ${PROTO}LOCALHOST. Use this as the domain paramenter to cvm_authenticate in all UCSPI servers that have no other means of determining the domain name.

int cvm_client_setenv(void)

Exports the following environment variables based on their associated CVM fact. If the fact was optional and was not present in the results from the module, the environment variable will not be set or unset.

Variable CVM Fact
USER CVM_FACT_USERNAME
UID CVM_FACT_USERID
GID CVM_FACT_GROUPID
NAME CVM_FACT_REALNAME
HOME CVM_FACT_DIRECTORY
SHELL CVM_FACT_SHELL
GROUP CVM_FACT_GROUPNAME
DOMAIN CVM_FACT_DOMAIN
MAIL CVM_FACT_MAILBOX
MAILBOX CVM_FACT_MAILBOX
MAILDIR CVM_FACT_MAILBOX
int cvm_client_setugid(void)

Calls chdir, setgid and setuid with appropriate values based on the data returned from the authentication. Returns zero if any of the calls failed.

cvm-0.96/module.html0000664000076400007640000000565711326155156013777 0ustar bruceguenter

CVM

CVM Module Library

To write a module using the CVM module library, you must provide the following items:

int cvm_module_init(void)
This function is called once when the CVM starts up.
int cvm_module_lookup(void)
This function is used to retrieve the stored credentials for the named user. If the named user does not exist, this function must return CVME_PERMFAIL (value 100). Before this function is called, the input request is read and the account name is parsed into cvm_account_name, the domain name into cvm_account_domain, and the credentials are parsed into cvm_credentials.
int cvm_module_authenticate(void)
The main authentication verification function. This function is not called when the module is operating in lookup mode. If authentication fails, this function must return CVME_PERMFAIL (value 100).
int cvm_module_results(void)
This function is used to provide the lookup results to the client. All required facts must be set by this function: cvm_fact_username, cvm_fact_userid, cvm_fact_groupid, cvm_fact_directory, and cvm_fact_shell. The following facts may optional be set as well: cvm_fact_realname, cvm_fact_groupname, cvm_fact_sys_username, cvm_fact_sys_directory, and cvm_fact_domain. All of these will be sent to the client automatically by the invoking module framework, with the optional facts being sent only if they have been set. If any other facts are to be returned to the client, send them in this function with cvm_module_fact_str(unsigned number, const char* data) or cvm_module_fact_uint(unsigned number, unsigned data).
void cvm_module_stop(void)
This routine is called once when the CVM is shut down.

If any function fails due to a temporary error (read error, out of memory, connection failed, etc), it must return a non-zero error code (other than CVME_PERMFAIL). Otherwise, return zero.

The credentials sent from the client are accessable through the global cvm_credentials array (type str), which is indexed by the credential type number.

NOTE: The functions supplied by the module must never exit except on fatal errors. If any memory is allocated in the course of processing a request, it must either be freed or reallocated on the next invocation.

Each module will implement at least one type of credential validation (ie plain text, CRAM, etc). Modules are not obligated to implement multiple types of validation, but may do so by examinimg which types of credentials are present in the input. The invoker will choose which modules to invoke depending on what type of credentials it needs validated.

cvm-0.96/cvm-sqlite.html0000664000076400007640000000433711326155156014570 0ustar bruceguenter

CVM

CVM SQL Framework

The cvm-sqlite Module

Synopsis:

SQLite module

Credentials:

  1. Pass phrase

Description:

This module queries an SQLite database for credential validation.

Configuration Variables:

The following environmental variables are required in the execution environment of cvm-sqlite:

$CVM_SQLITE_DB
The full path to the credential database file.
$CVM_SQLITE_QUERY
The SQL query statement used to submit for credential validation.
$CVM_SQLITE_PWCMP
The password comparison module to use. Set to one of two values:
  • 'crypt', for passwords stored encrypted
  • 'plain', for passwords stored unencrypted

Sample Schema

The following CREATE TABLE statement is shown as an example for initializing an SQLite database for use with this CVM:


CREATE TABLE accounts (
  username      TEXT NOT NULL,  -- required
  domain        TEXT NOT NULL DEFAULT '',
  password      TEXT NOT NULL,  -- required
  userid        TEXT NOT NULL,  -- required
  groupid       TEXT NOT NULL,  -- required
  realname      TEXT,           -- opt
  directory     TEXT NOT NULL,  -- required
  shell         TEXT,           -- opt
  groupname     TEXT,           -- opt
  sys_username  TEXT,           -- opt
  sys_directory TEXT,           -- opt
  mailbox_path  TEXT,           -- opt
  UNIQUE (username, domain)
);

Sample Query

The following example shows CVM_SQLITE_QUERY defined with a query statement for use with the above schema:


CVM_SQLITE_QUERY='
  SELECT
    -- required:
    password, username, userid, groupid, directory,
    -- optional gecos:
    realname, shell,
    -- optional other:
    groupname, domain, sys_username, sys_directory, mailbox_path
  FROM accounts
  WHERE username=$account
  AND   domain=$domain '
cvm-0.96/credentials.h0000664000076400007640000000062211326155156014255 0ustar bruceguenter#ifndef CVM__CREDENTIALS__H__ #define CVM__CREDENTIALS__H__ #define CVM_CRED_ACCOUNT 1 #define CVM_CRED_DOMAIN 2 #define CVM_CRED_PASSWORD 3 #define CVM_CRED_SECRET 4 #define CVM_CRED_CHALLENGE 5 #define CVM_CRED_RESPONSE 6 #define CVM_CRED_RESPONSE_TYPE 7 #define CVM_CRED_MAX 7 #define CVM_CRED_REQUIRED(X) do{ if (cvm_module_credentials[CVM_CRED_##X].len==0) return CVME_NOCRED; }while(0) #endif cvm-0.96/cvm/0000755000076400007640000000000011326155156012372 5ustar bruceguentercvm-0.96/cvm/module.h0000664000076400007640000000463111326155156014036 0ustar bruceguenter#ifndef CVM__MODULE__H__ #define CVM__MODULE__H__ #include "credentials.h" #include "errors.h" #include "facts.h" #include #define BUFSIZE 512 #define LOG_OK 'y' #define LOG_FAIL 'n' #define LOG_ERROR '?' extern const char program[]; extern const char* cvm_module_lookup_secret; extern unsigned char cvm_module_outbuffer[BUFSIZE]; extern unsigned cvm_module_outbuflen; extern unsigned char cvm_module_inbuffer[BUFSIZE+1]; extern unsigned cvm_module_inbuflen; extern void cvm_module_fact_start(void); extern int cvm_module_fact_str(unsigned number, const char* data); extern int cvm_module_fact_uint(unsigned number, unsigned long data); extern void cvm_module_fact_end(unsigned code); extern void cvm_module_init_request(void); extern int cvm_module_handle_request(void); extern void cvm_module_log_startup(void); extern void cvm_module_log_request(void); extern void cvm_module_log_shutdown(void); extern int cvm_module_parse_domain(const char* seperators); extern str cvm_module_credentials[CVM_CRED_MAX+1]; extern int cvm_module_init(void); extern int cvm_module_lookup(void); extern int cvm_module_authenticate(void); extern int cvm_module_results(void); extern void cvm_module_stop(void); #ifndef CVM_NOCOMPAT /* Legacy definitions. */ #define cvm_lookup_secret cvm_module_lookup_secret #define outbuffer cvm_module_outbuffer #define outbuflen cvm_module_outbuflen #define inbuffer cvm_module_inbuffer #define inbuflen cvm_module_inbuflen #define cvm_fact_start cvm_module_fact_start #define cvm_fact_end cvm_module_fact_end #define init_request cvm_module_init_request #define handle_request cvm_module_handle_request #define log_startup cvm_module_log_startup #define log_request cvm_module_log_request #define log_shutdown cvm_module_log_shutdown #define cvm_parse_domain cvm_module_parse_domain #define cvm_credential_count cvm_module_credential_count #define cvm_credentials cvm_module_credentials #define cvm_lookup cvm_module_lookup #define cvm_results cvm_module_results #ifndef CVM__CLIENT__H__ # define cvm_authenticate cvm_module_authenticate # define cvm_fact_str cvm_module_fact_str # define cvm_fact_uint cvm_module_fact_uint #else # undef cvm_authenticate # undef cvm_fact_str # undef cvm_fact_uint #endif #endif #endif cvm-0.96/cvm-unix.html0000664000076400007640000000101211326155156014235 0ustar bruceguenter

CVM

The cvm-unix Module

Synopsis:

UNIX/POSIX-standard module

Credentials:

  1. Pass phrase

Description:

This module uses the POSIX standard getpwnam and crypt APIs to validate credentials. If the system has either the getuserpw or the getspnam APIs, they will also be used to locate the encrypted password.

Configuration Variables:

None

cvm-0.96/cvm-benchclient.html0000664000076400007640000000112611326155156015536 0ustar bruceguenter

CVM

The cvm-benchclient Program

cvm-benchclient provides a method of testing the performance of a CV module.

Interface

     cvm-benchclient count CVM account domain credential [credential ...]

cvm-benchclient will invoke the named CV module count times without pausing. If the module fails to validate the credentials, cvm-benchclient exits immediately with a non-zero exit code, as reported by the module.

cvm-0.96/cvm-testclient.c0000664000076400007640000000525511326155156014723 0ustar bruceguenter/* cvm/cvm-testclient.c - Diagnostic CVM client * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include "v2client.h" const char program[] = "cvm-testclient"; const int msg_show_pid = 0; const char usage[] = "\n" "usage: cvm-testclient cvmodule account domain\n" " or: cvm-testclient cvmodule account domain password\n"; static void s(const char* name, const char* value) { obuf_puts(&outbuf, name); obuf_puts(&outbuf, (value == 0) ? "(null)" : value); obuf_endl(&outbuf); } static void u(const char* name, unsigned long value) { obuf_puts(&outbuf, name); obuf_putu(&outbuf, value); obuf_endl(&outbuf); } int main(int argc, char** argv) { int i; unsigned long v; char num[FMT_ULONG_LEN]; switch (argc) { case 4: i = cvm_client_authenticate_password(argv[1], argv[2], argv[3], 0, 1); break; case 5: i = cvm_client_authenticate_password(argv[1], argv[2], argv[3], argv[4], 1); break; default: die2(1, "Incorrect usage.", usage); return 1; } if (i) { num[fmt_udec(num, i)] = 0; msg5("Authentication failed, error #", num, " (", (i < cvm_nerr) ? cvm_errlist[i] : "Unknown error code", ")"); if (cvm_client_fact_uint(CVM_FACT_OUTOFSCOPE, &v) == 0) u("out of scope: ", v); return i; } s("user name: ", cvm_fact_username); u("user ID: ", cvm_fact_userid); u("group ID: ", cvm_fact_groupid); s("real name: ", cvm_fact_realname); s("directory: ", cvm_fact_directory); s("shell: ", cvm_fact_shell); s("group name: ", cvm_fact_groupname); s("system user name: ", cvm_fact_sys_username); s("system directory: ", cvm_fact_sys_directory); s("domain: ", cvm_fact_domain); s("mailbox path: ", cvm_fact_mailbox); while (cvm_client_fact_uint(CVM_FACT_SUPP_GROUPID, &v) == 0) u("supp. group ID: ", v); return 0; } cvm-0.96/cvm-chain.html0000664000076400007640000000301211326155156014336 0ustar bruceguenter

CVM

The cvm-chain Module

Synopsis:

multi-module chaining shim

Credentials:

This module passes all its input credentials to the configured client modules. NOTE: The version 2 client library now supports chaining internally. As such, this module is deprecated.

Description:

This module invokes a sequence of other modules. If the first module returns success (no error), the module passes the results back to its caller, otherwise it calls the second module and so on. If no module succeeds, the error code from the last module is returned.

If any of the modules reports the "out of scope" fact in a permanent failure, this module will report it as well. The output fact will be true unless any module reported a false value. This way, if any module reports that the credentials were within its scope, so will cvm-chain.

Configuration Variables:

$CVM_CHAIN0 through $CVM_CHAIN9
These 10 variables specify the modules to be called. They are called in order from 0 through 9, if set.

Note: The previous versions of this module (not part of the main cvm package) used the environment variable $CVM_CHAIN to configure the list of modules. This will not work with this module. If you were using one of these previous versions you will need to change your configuration to match the above usage.

cvm-0.96/protocol.h0000664000076400007640000000015711326155156013624 0ustar bruceguenter#ifndef CVM__PROTOCOL__H__ #define CVM__PROTOCOL__H__ #define CVM1_PROTOCOL 1 #define CVM2_PROTOCOL 2 #endif cvm-0.96/v1client.h0000664000076400007640000000413111326155156013504 0ustar bruceguenter#ifndef CVM__V1CLIENT__H__ #define CVM__V1CLIENT__H__ #include "facts.h" #include "errors.h" #define CVM_BUFSIZE 512 struct cvm_packet { unsigned length; unsigned char data[CVM_BUFSIZE]; }; extern const char* cvm_client_account_split_chars; extern const char* cvm_client_ucspi_domain(void); extern int cvm_client_authenticate(const char* module, const char* account, const char* domain, const char** credentials, int parse_account); extern int cvm_client_fact_str(unsigned number, const char** data); extern int cvm_client_fact_uint(unsigned number, unsigned long* data); extern int cvm_client_setugid(void); extern int cvm_client_setenv(void); extern unsigned cvm_xfer_command_packets(const char* module, const struct cvm_packet* request, struct cvm_packet* response); extern unsigned cvm_xfer_local_packets(const char* path, const struct cvm_packet* request, struct cvm_packet* response); extern unsigned cvm_xfer_udp_packets(const char* hostport, const struct cvm_packet* request, struct cvm_packet* response); /* Wrapper functions for library compatibility. */ extern unsigned cvm_xfer_command(const char* module, unsigned char buffer[CVM_BUFSIZE], unsigned* buflen); extern unsigned cvm_xfer_local(const char* path, unsigned char buffer[CVM_BUFSIZE], unsigned* buflen); extern unsigned cvm_xfer_udp(const char* hostport, unsigned char buffer[CVM_BUFSIZE], unsigned* buflen); #ifndef CVM_NOCOMPAT /* Legacy definitions. */ #define cvm_account_split_chars cvm_client_account_split_chars #define cvm_ucspi_domain cvm_client_ucspi_domain #define cvm_setugid cvm_client_setugid #define cvm_setenv cvm_client_setenv #define cvm_split_account cvm_client_split_account #ifndef CVM__MODULE__H__ # define cvm_authenticate cvm_client_authenticate # define cvm_fact_str cvm_client_fact_str # define cvm_fact_uint cvm_client_fact_uint #else # undef cvm_authenticate # undef cvm_fact_str # undef cvm_fact_uint #endif #endif #endif cvm-0.96/protocol-1.html0000664000076400007640000000537711326155156014510 0ustar bruceguenter

CVM

CVM Version 2 Proposed Protocol

CVM Version 1 Protocol

Input

Input to the authenticator is as follows. All items except the first, which is a single byte, are NUL-terminated strings. The total length of the input must not exceed 512 bytes.

  1. Protocol number, 1.
  2. Account name base (ie user name).
  3. Account domain name.
  4. List of credentials.
  5. An empty string (ie a single NUL byte).

The credentials consist of one of the following:

  • For plain login, the password.
  • For APOP, the timestamp and MD5 digest.
  • For CRAM-MD5 keyed hashing, as specified in RFC 2095, the challenge and MD5 digest.

Output

If authentication succeeds, the output from the module is a single byte success code followed by a list of facts about the authenticator. The total size of the output must not exceed 512 bytes.

If authentication succeeded, the code byte will be 0. If the credentials are accepted by this module, but are not valid, the code will be 100 (permanent failure). Any other code indicates a temporary error.

Each fact consists of a single byte identifying what type of fact is being reported, followed by a sequence of zero or more non-NUL bytes, terminated by a single NUL byte. A second NUL byte follows the last fact and indicates the end of the list.

Environment Variables

The following environment variables may be set by the invoker:

SERVICE
The service name, to be used (for example) by PAM modules to determine which configuration file to load.

Note: for non-command modules, the invoker is NOT the CVM client. The CVM client has no control over the environment variables of non-command modules.

Implementation Considerations

The module must report a temporary error if it detects malformed input (incorrect credentials, etc.). Extra data following the final NUL byte in the credentials is a fault in the invoking code, and must be rejected by the module. Similarly, extra data following the final NUL byte in the facts is a fault in the module code.

All data following an unsuccessful result status code must be ignored by the invoking code. Modules should not produce any facts when validation fails.

An executable module must exit 0 if authentication succeeds. Non-zero exit codes from an executable module should be treated as a temporary error.

The invoker of an executable module must assume a temporary error if the module either fails to completely read its input or produces incomplete output, even if the module exits without error.

cvm-0.96/module_local.c0000664000076400007640000001131611326155156014414 0ustar bruceguenter/* cvm/module_local.c - Local CVM server module loop * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include #include #include #include "module.h" static const char* path; static int sock; static int conn; static unsigned long timeout = 1000; static int poll_timeout(int fd, int event, unsigned long* timeout_left) { struct timeval start; struct timeval end; iopoll_fd io; int r; io.fd = fd; io.events = event; gettimeofday(&start, 0); r = iopoll_restart(&io, 1, *timeout_left); gettimeofday(&end, 0); *timeout_left -= (end.tv_usec - start.tv_usec) / 1000 + (end.tv_sec - start.tv_sec) * 1000; return r; } static int read_input(void) { unsigned rd; unsigned long timeout_left; if ((conn = socket_acceptu(sock)) == -1) return CVME_IO; if (!nonblock_on(conn)) { close(conn); return CVME_IO; } for (cvm_module_inbuflen = 0, timeout_left = timeout; cvm_module_inbuflen < BUFSIZE; cvm_module_inbuflen += rd) { switch (poll_timeout(conn, IOPOLL_READ, &timeout_left)) { case 0: case -1: close(conn); return CVME_IO; } if ((rd = read(conn, cvm_module_inbuffer+cvm_module_inbuflen, BUFSIZE-cvm_module_inbuflen)) == 0) break; if (rd == (unsigned)-1) { close(conn); return CVME_IO; } } return 0; } static void write_output(void) { unsigned wr; unsigned written; unsigned long timeout_left; for (written = 0, timeout_left = timeout; written < cvm_module_outbuflen; written += wr) { if (poll_timeout(conn, IOPOLL_WRITE, &timeout_left) != 1) break; if ((wr = write(conn, cvm_module_outbuffer+written, cvm_module_outbuflen-written)) == 0) break; if (wr == (unsigned)-1) break; } close(conn); } static void exitfn() { unlink(path); cvm_module_log_shutdown(); exit(0); } static int make_socket(void) { mode_t old_umask; mode_t mode = 0777; uid_t owner = -1; gid_t group = -1; const char* tmp; char* end; struct passwd* pw; struct group* gr; if ((tmp = getenv("CVM_SOCKET_MODE")) != 0) mode = strtoul(tmp, 0, 8); if ((tmp = getenv("CVM_SOCKET_OWNER")) != 0) { owner = strtoul(tmp, &end, 10); if (*end != 0) { if ((pw = getpwnam(tmp)) == 0) { error1sys("getpwnam failed"); return CVME_IO; } owner = pw->pw_uid; group = pw->pw_gid; } } if ((tmp = getenv("CVM_SOCKET_GROUP")) != 0) { group = strtoul(tmp, &end, 10); if (*end != 0) { if ((gr = getgrnam(tmp)) == 0) { error1sys("getgrnam failed"); return CVME_IO; } group = gr->gr_gid; } } old_umask = umask((mode & 0777) ^ 0777); if ((sock = socket_unixstr()) == -1) error1sys("Could not create socket"); else if (!socket_bindu(sock, path)) error1sys("Could not bind socket"); else if (chmod(path, mode) == -1) error1sys("Could not change socket permission"); else if (chown(path, owner, group) == -1) error1sys("Could not change socket ownership"); else if (!socket_listen(sock, 1)) error1sys("Could not listen on socket"); else { umask(old_umask); return 0; } return CVME_IO; } extern void usage(void); int local_main(const char* p) { int code; const char* e; path = p; signal(SIGPIPE, SIG_IGN); signal(SIGINT, exitfn); signal(SIGTERM, exitfn); if ((e = getenv("CVM_LOCAL_TIMEOUT")) == 0 || (timeout = strtoul(e, (char**)&e, 10)) == 0 || *e != 0) timeout = DEFAULT_TIMEOUT; if ((code = make_socket()) != 0) return code; if ((code = cvm_module_init()) != 0) return code; cvm_module_log_startup(); code = 0; do { if ((code = read_input()) != 0) continue; code = cvm_module_handle_request(); cvm_module_fact_end(code & CVME_MASK); cvm_module_log_request(); write_output(); } while ((code & CVME_FATAL) == 0); cvm_module_stop(); return 0; } cvm-0.96/getpwnam.c0000664000076400007640000000410411326155156013574 0ustar bruceguenter/* cvm/getpwnam.c - Handles getpwnam+getspnam+getuserpw combinations * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include "module.h" #ifdef HASSPNAM #include static struct spwd* spw; #endif #ifdef HASUSERPW #include static struct userpw* uwp; #endif static char* actbuf = 0; static unsigned actlen = 0; static const char* copyact(const char* account) { unsigned len; char *ptr; if ((len = strlen(account)) > actlen) { if ((actbuf = realloc(actbuf, len+1)) == 0) return 0; actlen = len; } for (ptr = actbuf; *account != 0; ++ptr, ++account) *ptr = isupper(*account) ? tolower(*account) : *account; *ptr = 0; return actbuf; } int cvm_getpwnam(const char* account, struct passwd** pwp) { struct passwd* pw; account = copyact(account); if ((pw = getpwnam(account)) == 0) return (errno == ETXTBSY) ? CVME_IO : CVME_PERMFAIL; #ifdef HASUSERPW if ((upw = getuserpw(account)) == 0) { if (errno == ETXTBSY) return CVME_IO; } else if (upw->upw_passwd) pw->pw_passwd = upw->upw_passwd; #endif #ifdef HASSPNAM if ((spw = getspnam(account)) == 0) { if (errno == ETXTBSY) return CVME_IO; } else if (spw->sp_pwdp) pw->pw_passwd = spw->sp_pwdp; #endif *pwp = pw; return 0; } cvm-0.96/cvm-vmailmgr.c0000664000076400007640000001106611326155156014360 0ustar bruceguenter/* cvm-vmailmgr.c - Direct file access vmailmgr CVM * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "module.h" #include "qmail.h" #include "cvm-vmailmgr.h" const char program[] = "cvm-vmailmgr"; extern char* crypt(const char* key, const char* salt); extern char* md5_crypt(const char* key, const char* salt); static const char* null_crypt(const char* pass) { static str buffer; if (!str_copys(&buffer, "$0$")) return 0; if (!str_cats(&buffer, pass)) return 0; return buffer.s; } str default_user = {0,0,0}; str domain = {0,0,0}; str virtuser = {0,0,0}; str vpwdata = {0,0,0}; const char* pwfile = 0; static int lock_disabled; static int do_autoconvert; static vpwentry vpw; #define DEBUG(A,B,C) debug(__FUNCTION__, __LINE__, A, B, C) static int show_debug = 0; void debug(const char* func, int line, const char* a, const char* b, const char* c) { if (!show_debug) return; obuf_puts(&errbuf, func); obuf_putc(&errbuf, '('); obuf_puti(&errbuf, line); obuf_puts(&errbuf, "): "); if (a) obuf_puts(&errbuf, a); if (b) obuf_puts(&errbuf, b); if (c) obuf_puts(&errbuf, c); obuf_putsflush(&errbuf, "\n"); } int cvm_module_init(void) { const char* tmp; memset(&vpw, 0, sizeof vpw); if ((pwfile = getenv("VMAILMGR_PWFILE")) == 0) pwfile = "passwd.cdb"; if ((tmp = getenv("VMAILMGR_DEFAULT")) == 0) tmp = "+"; lock_disabled = getenv("VMAILMGR_LOCK_DISABLED") != 0; do_autoconvert = getenv("VMAILMGR_AUTOCONVERT") != 0; if (!str_copys(&default_user, tmp)) return CVME_GENERAL; if (getenv("DEBUG") != 0) show_debug = 1; return lookup_init(); } static str directory; /* Account name is either "baseuser-virtuser" or "virtuser@domain" */ int cvm_module_lookup(void) { int err; if ((err = lookup_virtuser()) != 0) return err; if (!vpwentry_import(&vpw, &virtuser, &vpwdata)) { DEBUG("Could not import virtual password data", 0, 0); return CVME_IO; } return 0; } int cvm_module_authenticate(void) { const char* stored; const char* enc; const char* pass; CVM_CRED_REQUIRED(PASSWORD); if (lock_disabled && !vpw.is_mailbox_enabled) { DEBUG("Mailbox is disabled", 0, 0); cvm_module_fact_uint(CVM_FACT_OUTOFSCOPE, 0); return CVME_PERMFAIL; } if (vpw.pass.len < 3) { DEBUG("Encoded password is too short", 0, 0); cvm_module_fact_uint(CVM_FACT_OUTOFSCOPE, 0); return CVME_PERMFAIL; } stored = vpw.pass.s; pass = cvm_module_credentials[CVM_CRED_PASSWORD].s; if (stored[0] == '$' && stored[2] == '$') { switch (stored[1]) { case '0': enc = null_crypt(pass); break; case '1': enc = md5_crypt(pass, stored); break; default: enc = crypt(pass, stored); } } else enc = crypt(pass, stored); if (strcmp(enc, stored) == 0) { if (do_autoconvert && (stored[0] != '$' || stored[1] != '0' || stored[2] != '$')) return vmailmgr_autoconvert(); return 0; } DEBUG("authentication denied", 0, 0); cvm_module_fact_uint(CVM_FACT_OUTOFSCOPE, 0); return CVME_PERMFAIL; } int cvm_module_results(void) { if (!str_copy(&directory, &vmuser.homedir)) return CVME_IO; if (!path_merge(&directory, vpw.directory.s)) return CVME_IO; cvm_fact_username = vpw.name.s; cvm_fact_userid = vmuser.uid; cvm_fact_groupid = vmuser.gid; cvm_fact_realname = 0; cvm_fact_directory = directory.s; cvm_fact_shell = 0; cvm_fact_sys_username = vmuser.user.s; cvm_fact_sys_directory = vmuser.homedir.s; cvm_fact_domain = domain.s; cvm_fact_mailbox = directory.s; return 0; } void cvm_module_stop(void) { } cvm-0.96/sql.html0000664000076400007640000000247011326155156013277 0ustar bruceguenter

CVM

CVM SQL Framework

Query Substitution: $VAR and ${VAR} are replaced with the quoted value of the environment variable named VAR. Use the second form when VAR contains anything other than alpha-numeric or underscore (_) characters. Do not include quotes in the query. The variables account and domain contain the account and domain names given by the CVM client. $$ is replaced with a single dollar sign.

Query Results: The query must produce the following fields exactly in order. All required fields must not be null or empty.

  1. Password, encrypted with crypt (required)
  2. Actual account name (required)
  3. User ID (integer) (required)
  4. Group ID (integer) (required)
  5. Directory (required)
  6. Real name (optional)
  7. Login shell (optional)
  8. Group name (optional)
  9. Domain name (optional)
  10. System account name (optional)
  11. System account directory (optional)
  12. Mailbox path (optional)

Default Query: SELECT password, username, userid, groupid, directory, realname, shell, groupname, domain, sys_username, sys_directory FROM accounts WHERE username=$account AND domain=$domain

cvm-0.96/rationale.html0000664000076400007640000000627611326155156014466 0ustar bruceguenter

CVM

CVM Design Rationale

Design Rationale

Single credential type per module.

Eliminating the choice of credential types from the logic required by the modules simplifies the support code required by those modules. In fact, it should also simplify the code required by the invoking code, since the invoker will necessarily have different handling for reading and parsing different credential types from a client. Servers that only handle one type of credentials do not have to deal with this detail.

Variable fact list.

There is no one list of facts that must be reported by an authenticator. This list that is reported may be extended to include more optional facts.

Single-byte fact identifiers.

Simplifying identifier names into a single byte greatly simplifies parsing code, without making the output code any more complex, and without significantly reducing the range of facts that can be expressed. It also helps to avoid enlarging the datagram size, which is important due to the strict limits on total size (see below).

No chaining.

What was accomplished by chaining with Courier's authentication modules can be better accomplished through other means. If multiple types of authentication for the same credentials can occur, run seperate services on seperate IPs that use different CVM modules. If multiple types of credentials are used, they will each invoke a seperate CVM module. This eliminates all of the coding and design headaches associated with chaining Courier IMAP authentication modules.

No execution by the module.

With the checkpassword interface, the authentication module drops root priviledges before executing the second stage program. This however greatly reduces or eliminates the feasability of executing the unpriviledged second stage program in a chroot environment for additional security.

Limited input and output size.

Limiting the total input and output and output size to reasonable values eliminates one class of denial of service attacks by limiting the amount of memory required for buffers and parsing on both the part of the module and the invoker.

512 byte request and response maximum sizes.

A single UDP frame is limited to 512 bytes without introducing serious transmission reliability problems. The UDP response also contains a single byte indicating success/failure that the executable-mode programs transmit out-of-band through the program's exit code.

Options for long-running server modules.

Long-running server modules provide a method for transitioning permissions boundaries (such as requiring EUID 0 to read /etc/shadow) without having to resort to setuid execution, as well as opportunities for caching of credential information that may otherwise take significant amounts of time to fetch.

Options for both UNIX domain and UDP server modules.

Through the standard UNIX permission model, system administrators can restrict access to UNIX domain servers. Administrators of clusters can use UDP modules to provide centralized authentication services.

cvm-0.96/errors.h0000664000076400007640000000074411326155156013301 0ustar bruceguenter#ifndef CVM__ERRORS__H__ #define CVM__ERRORS__H__ #define CVME_GENERAL 1 #define CVME_BAD_CLIDATA 2 #define CVME_BAD_MODDATA 3 #define CVME_IO 4 #define CVME_NOFACT 5 #define CVME_CONFIG 6 #define CVME_NOCRED 7 #define CVME_PERMFAIL 100 /* This error code is only used by modules, to signal that the error is fatal and should cause module shutdown. */ #define CVME_FATAL 0x100 #define CVME_MASK 0x0ff extern const char* const cvm_errlist[]; extern const int cvm_nerr; #endif cvm-0.96/cvm-vmailmgr.html0000664000076400007640000000264011326155156015100 0ustar bruceguenter

CVM

The cvm-vmailmgr Module

Synopsis:

vmailmgr virtual user validation module

Credentials:

  1. Pass phrase

Description:

This module validates credentials using accounts in a vmailmgr system. It does domain lookups the same way qmail would to determine what system account and virtual account to use. If the domain is not being managed by vmailmgr, it fails with OUTOFSCOPE set to true.

Configuration Variables:

$VMAILMGR_AUTOCONVERT (optional)
If this is set, encrypted passwords in the virtual password file will be automatically converted to plain text format after the first successful authentication. Plain text passwords are required for use of challenge-response authentication methods such as CRAM-MD5.
$VMAILMGR_DEFAULT (optional)
The name of the default or "catch-all" account to look up if no match is found for the virtual account name. Defaults to "+", and is only used in lookup mode.
$VMAILMGR_PWFILE (optional)
The relative path to the password file located in the virtual domain's home directory. Defaults to "passwd.cdb"

Note: All configuration variables available for cvm-qmail are also usable here.

cvm-0.96/COPYING0000664000076400007640000004311011326155156012641 0ustar bruceguenter GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. cvm-0.96/cvm-v1benchclient.c0000664000076400007640000000320211326155156015260 0ustar bruceguenter/* cvm/cvm-v1benchclient.c - CVM benchmark client * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include "v1client.h" const char program[] = "cvm-v1benchclient"; const int msg_show_pid = 0; int main(int argc, char** argv) { int a; unsigned long count; unsigned long i; char* ptr; char num[FMT_ULONG_LEN]; if (argc < 6) die3(1, "usage: ", program, " count cvmodule account domain credential [credential ...]\n"); if ((count = strtoul(argv[1], &ptr, 10)) == 0 || *ptr) die2(1, "Invalid number for count: ", argv[1]); for (i = 0; i < count; i++) { if ((a = cvm_client_authenticate(argv[2], argv[3], argv[4], (const char**)(argv+5), 0)) != 0) { num[fmt_udec(num, a)] = 0; die5(a, "Authentication failed, error #", num, " (", (a < cvm_nerr) ? cvm_errlist[i] : "Unknown error code", ")"); } } return 0; } cvm-0.96/cvm-unix.c0000664000076400007640000000470111326155156013523 0ustar bruceguenter/* cvm/cvm-unix.c - UNIX/POSIX-standard CVM module * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include "module.h" const char program[] = "cvm-unix"; extern char* crypt(const char* key, const char* salt); int cvm_module_init(void) { return 0; } extern int cvm_getpwnam(const char*, struct passwd**); static struct passwd* pw; static struct group* gr; int cvm_module_lookup(void) { int err; if ((err = cvm_getpwnam(cvm_module_credentials[CVM_CRED_ACCOUNT].s, &pw)) != 0) return err; if (pw->pw_passwd == 0) return CVME_PERMFAIL; return 0; } int cvm_module_authenticate(void) { CVM_CRED_REQUIRED(PASSWORD); if (strcmp(crypt(cvm_module_credentials[CVM_CRED_PASSWORD].s, pw->pw_passwd), pw->pw_passwd) != 0) return CVME_PERMFAIL; return 0; } int cvm_module_results(void) { char* tmp; if ((tmp = strchr(pw->pw_gecos, ',')) != 0) *tmp = 0; cvm_fact_username = pw->pw_name; cvm_fact_userid = pw->pw_uid; cvm_fact_groupid = pw->pw_gid; cvm_fact_realname = pw->pw_gecos; cvm_fact_directory = pw->pw_dir; cvm_fact_shell = pw->pw_shell; cvm_module_fact_uint(CVM_FACT_SUPP_GROUPID, pw->pw_gid); if (cvm_fact_groupname) free((char*)cvm_fact_groupname); cvm_fact_groupname = 0; setgrent(); while ((gr = getgrent()) != 0) { if (gr->gr_gid == pw->pw_gid) cvm_fact_groupname = strdup(gr->gr_name); else { unsigned i; for (i = 0; gr->gr_mem[i]; i++) if (strcmp(gr->gr_mem[i], pw->pw_name) == 0) { cvm_module_fact_uint(CVM_FACT_SUPP_GROUPID, gr->gr_gid); break; } } } endgrent(); return 0; } void cvm_module_stop(void) { } cvm-0.96/module.h0000664000076400007640000000466611326155156013261 0ustar bruceguenter#ifndef CVM__MODULE__H__ #define CVM__MODULE__H__ #include "credentials.h" #include "errors.h" #include "facts.h" #include #define BUFSIZE 512 #define DEFAULT_TIMEOUT 1000 #define LOG_OK 'y' #define LOG_FAIL 'n' #define LOG_ERROR '?' extern const char program[]; extern const char* cvm_module_lookup_secret; extern unsigned char cvm_module_outbuffer[BUFSIZE]; extern unsigned cvm_module_outbuflen; extern unsigned char cvm_module_inbuffer[BUFSIZE+1]; extern unsigned cvm_module_inbuflen; extern void cvm_module_fact_start(void); extern int cvm_module_fact_str(unsigned number, const char* data); extern int cvm_module_fact_uint(unsigned number, unsigned long data); extern void cvm_module_fact_end(unsigned code); extern void cvm_module_init_request(void); extern int cvm_module_handle_request(void); extern void cvm_module_log_startup(void); extern void cvm_module_log_request(void); extern void cvm_module_log_shutdown(void); extern int cvm_module_parse_domain(const char* seperators); extern str cvm_module_credentials[CVM_CRED_MAX+1]; extern int cvm_module_init(void); extern int cvm_module_lookup(void); extern int cvm_module_authenticate(void); extern int cvm_module_results(void); extern void cvm_module_stop(void); #ifndef CVM_NOCOMPAT /* Legacy definitions. */ #define cvm_lookup_secret cvm_module_lookup_secret #define outbuffer cvm_module_outbuffer #define outbuflen cvm_module_outbuflen #define inbuffer cvm_module_inbuffer #define inbuflen cvm_module_inbuflen #define cvm_fact_start cvm_module_fact_start #define cvm_fact_end cvm_module_fact_end #define init_request cvm_module_init_request #define handle_request cvm_module_handle_request #define log_startup cvm_module_log_startup #define log_request cvm_module_log_request #define log_shutdown cvm_module_log_shutdown #define cvm_parse_domain cvm_module_parse_domain #define cvm_credential_count cvm_module_credential_count #define cvm_credentials cvm_module_credentials #define cvm_lookup cvm_module_lookup #define cvm_results cvm_module_results #ifndef CVM__CLIENT__H__ # define cvm_authenticate cvm_module_authenticate # define cvm_fact_str cvm_module_fact_str # define cvm_fact_uint cvm_module_fact_uint #else # undef cvm_authenticate # undef cvm_fact_str # undef cvm_fact_uint #endif #endif #endif cvm-0.96/sql-query.c0000664000076400007640000000620311326155156013716 0ustar bruceguenter/* cvm/sql-query.c - SQL query parsing and insertion framework. * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include "module.h" #include "sql.h" #define QUOTE '\'' #define BACKSLASH '\\' static int str_catb_quoted(str* s, const char* ptr, unsigned long len) { if (!str_catc(s, QUOTE)) return 0; for (; len > 0; ++ptr, --len) { switch (*ptr) { case 0: if (!str_cats(s, "\\0")) return 0; continue; case QUOTE: if (!str_catc(s, QUOTE)) return 0; break; case BACKSLASH: if (!str_catc(s, BACKSLASH)) return 0; break; } str_catc(s, *ptr); } return str_catc(s, QUOTE); } int sql_query_validate(const char* template) { while ((template = strchr(template, '$')) != 0) { ++template; switch (*template) { case '$': ++template; break; case '{': ++template; if ((template = strchr(template, '}')) == 0) return 0; ++template; default: while (isalnum(*template) || *template == '_') ++template; } } return 1; } int sql_query_build(const char* template, str* q) { static str name; const char* ptr; if (!str_truncate(q, 0)) return 0; while ((ptr = strchr(template, '$')) != 0) { if (!str_catb(q, template, ptr - template)) return 0; template = ptr + 1; switch (*template) { case '$': ++template; if (!str_truncate(&name, 0)) return 0; break; case '{': ++template; if ((ptr = strchr(template, '}')) == 0) return 0; if (!str_copyb(&name, template, ptr-template)) return 0; template = ptr + 1; break; default: if (!str_truncate(&name, 0)) return 0; while (isalnum(*template) || *template == '_') if (!str_catc(&name, *template++)) return 0; } if (name.len == 0) { if (!str_catc(q, '$')) return 0; } else { if (str_diffs(&name, "account") == 0) { if (!str_catb_quoted(q, cvm_module_credentials[CVM_CRED_ACCOUNT].s, cvm_module_credentials[CVM_CRED_ACCOUNT].len)) return 0; } else if (str_diffs(&name, "domain") == 0) { if (!str_catb_quoted(q, cvm_module_credentials[CVM_CRED_DOMAIN].s, cvm_module_credentials[CVM_CRED_DOMAIN].len)) return 0; } else { ptr = getenv(name.s); if (ptr != 0) if (!str_catb_quoted(q, ptr, strlen(ptr))) return 0; } } } if (!str_cats(q, template)) return 0; return 1; } cvm-0.96/conf-include0000664000076400007640000000011011326155156014070 0ustar bruceguenter/usr/local/include C header files will be installed in this directory. cvm-0.96/TODO0000664000076400007640000000313611326155156012302 0ustar bruceguenter- Add a CVM suitable for anonymous FTP - v1client dies if domain is NULL in cvm_client_authenticate (can't reproduce this bug) - Write tests for: - cvm_client_split_account in v2client.c - cvm_client_ucspi_domain and cvm_client_setugid (?) - Add concurrent access support to cvm-local mode? - Add cvm-tcp module code? - Build a caching CVM proxy - Two hash tables keyed on binary request string. - First hash table for positive responses, holds raw response binary. - Second hash table for negative responses, holds only response code. - Caches positive response for $TTL seconds. - Caches negative response for $TTL_BAD seconds. - Do not cache temporary errors. - Add support for allow/deny tables - File based: if $CVM_ACCESS/deny/$USER exists, or if $CVM_ACCESS/allow exists and $CVM_ACCESS/allow/$USER does not exist, deny the user. Call a common function to test. - SQL modules: add an extra required boolean column to the query. - Write a module to do lookups from a CDB file, as well as a tool to manipulate that file "cdbpasswd". - Write cvm UDP-to-command and local-to-command relays: - recv input block from socket - spawn command - write block - read result - send result back on socket - Split into cvm (containing the main modules) and lib/cvm (containing the client/module code). cvm-*sql: - Add hooks for prepare/execute in SQL modules. cvm-vmailmgr: - Add code to vmailmgr_auth to try to grab the password from /etc/passwd if the main authentication fails. - Write modules for authenticating against a vmailmgrd daemon, both local and (TCP) remote. cvm-0.96/cvm-benchclient.c0000664000076400007640000000345511326155156015023 0ustar bruceguenter/* cvm/cvm-benchclient.c - CVM benchmark client * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include "v2client.h" #include #include const char program[] = "cvm-benchclient"; const int msg_show_pid = 0; const char usage[] = "\n" "usage: cvm-benchclient count cvmodule account domain\n" " or: cvm-benchclient count cvmodule account domain password\n"; int main(int argc, char** argv) { int a; unsigned long count; unsigned long i; char* ptr; char num[FMT_ULONG_LEN]; if (argc < 5) die2(1, "Too few command-line arguments", usage); if (argc > 6) die2(1, "Too many command-line arguments", usage); if ((count = strtoul(argv[1], &ptr, 10)) == 0 || *ptr) die2(1, "Invalid number for count: ", argv[1]); for (i = 0; i < count; i++) { if ((a = cvm_client_authenticate_password(argv[2], argv[3], argv[4], argv[5], 0)) != 0) { num[fmt_udec(num, a)] = 0; die5(a, "Authentication failed, error #", num, " (", (a < cvm_nerr) ? cvm_errlist[i] : "Unknown error code", ")"); } } return 0; } cvm-0.96/cvm-vchkpw.c0000664000076400007640000000372211326155156014044 0ustar bruceguenter/* cvm-vchkpw.c for authentication against vpopmail from http://www.inter7.com add to conf-cc: -I/usr/local/vpopmail/include add to Makefile (mysql if vpopmail is compiled with mysql): cvm-vchkpw: load cvm-vchkpw.o module.a crypt.lib shadow.lib s.lib socket.lib ./load cvm-vchkpw getpwnam.o module.a `cat crypt.lib` `cat shadow.lib` `cat s.lib` `cat socket.lib` -L/usr/local/vpopmail/lib -L/usr/local/lib/mysql -lbg -lvpopmail -lmysqlclient cvm-vchkpw.o: compile cvm-vchkpw.c module.h facts.h errors.h ./compile cvm-vchkpw.c and add cvm-vchkpw to the programs rule */ #include #include #include #include #include #include #include "module.h" const char program[] = "cvm-vchkpw"; int cvm_module_init(void) { return 0; } void cvm_module_stop(void) { return; } static struct vqpasswd* mypw; int cvm_lookup(void) { CVM_CRED_REQUIRED(DOMAIN); if ((mypw = vauth_getpw(cvm_credentials[CVM_CRED_ACCOUNT].s, cvm_credentials[CVM_CRED_DOMAIN].s)) == 0) return CVME_PERMFAIL; return 0; } int cvm_authenticate(void) { CVM_CRED_REQUIRED(PASSWORD); if (vauth_crypt(cvm_credentials[CVM_CRED_ACCOUNT].s, cvm_credentials[CVM_CRED_DOMAIN].s, cvm_credentials[CVM_CRED_PASSWORD].s, mypw) != 0) return CVME_PERMFAIL; return 0; } int cvm_results(void) { char* mailbox; char* tmpstr; uid_t uid; gid_t gid; const long dirlen = strlen(mypw->pw_dir); tmpstr = vget_assign(cvm_credentials[CVM_CRED_DOMAIN].s, 0, 0, &uid, &gid); mailbox = malloc(dirlen + 10); memcpy(mailbox, mypw->pw_dir, dirlen); memcpy(mailbox+dirlen, "/Maildir/", 10); cvm_fact_username = mypw->pw_name; cvm_fact_userid = uid; cvm_fact_groupid = gid; cvm_fact_realname = mypw->pw_gecos; cvm_fact_directory = mypw->pw_dir; cvm_fact_mailbox = mailbox; cvm_fact_shell = mypw->pw_shell; cvm_fact_domain = cvm_credentials[CVM_CRED_DOMAIN].s; cvm_fact_groupname = 0; return 0; } cvm-0.96/cvm-pgsql.html0000664000076400007640000000226211326155156014410 0ustar bruceguenter

CVM

CVM SQL Framework

The cvm-pgsql Module

Synopsis:

PgSQL module

Credentials:

  1. Pass phrase

Description:

This module queries a PgSQL database for the account name, compares the stored pass phrase with the given one using crypt.

Configuration Variables:

The server hostname, port, database, username, password, and additional options can be controlled by setting $PGHOST, $PGPORT, $PGDATABASE, $PGUSER, $PGPASSWORD, and $PGOPTIONS respectively, which are parsed by the PgSQL client library.

$CVM_MYSQL_POSTQ (optional)
The SQL query to execute after the credentials have been validated.
$CVM_PGSQL_PWCMP (optional)
The password comparison module to use.
$CVM_PGSQL_QUERY (optional)
The SQL query to issue to retrieve the row containing the account information from the database.
cvm-0.96/VERSION0000664000076400007640000000001111326155156012647 0ustar bruceguentercvm 0.96 cvm-0.96/errors.c0000664000076400007640000000340011326155156013264 0ustar bruceguenter/* cvm/errors.c - Error strings * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include "errors.h" static const char na[] = "Unknown error"; const char* const cvm_errlist[] = { "No error", /* 0 */ "General error", /* 1 CVME_GENERAL */ "Invalid data from client", /* 2 CVME_BAD_CLIDATA */ "Invalid data from module", /* 3 CVME_BAD_MODDATA */ "Input/Output error", /* 4 CVME_IO */ "Fact missing in data from client", /* 5 CVME_NOFACT */ "Configuration error", /* 6 CVME_CONFIG */ "Credential missing in data from module", /* 7 CVME_NOCRED */ na, na, na,na,na,na,na,na,na,na,na,na, /* 10-19 */ na,na,na,na,na,na,na,na,na,na, /* 20-29 */ na,na,na,na,na,na,na,na,na,na, /* 30-39 */ na,na,na,na,na,na,na,na,na,na, /* 40-49 */ na,na,na,na,na,na,na,na,na,na, /* 50-59 */ na,na,na,na,na,na,na,na,na,na, /* 60-69 */ na,na,na,na,na,na,na,na,na,na, /* 70-79 */ na,na,na,na,na,na,na,na,na,na, /* 80-89 */ na,na,na,na,na,na,na,na,na,na, /* 90-99 */ "Credentials rejected", /* 100 CVME_PERMFAIL */ }; const int cvm_nerr = 101; cvm-0.96/credentials.html0000664000076400007640000000421511326155156014774 0ustar bruceguenter

CVM

CVM Credential Definitions

Types

Credentials may have one of two types:

  • string: An arbitrary length series of ASCII characters not containing NUL.
  • integer: A series of ASCII digits interpreted as an unsigned decimal value.

Numbering

All predefined credential numbers will have values betweehn 1 and 127 inclusive. All other credential numbers (from 128 to 255) are reserved for local or experimental use. Credentials may be given to the module in any order that is convenient to the client, and that order carries no significance. Unless otherwise specified, each fact must be present at most once in the input.

# Name Type Description
1 CVM_CRED_ACCOUNT string The account name. This fact is required by all modules.
2 CVM_CRED_DOMAIN string The (DNS) domain name that may be associated with the account.
3 CVM_CRED_PASSWORD string Plain text password.
4 CVM_CRED_SECRET string This fact contains a secret that is shared between the client and the module, required for authentication to succeed.
5 CVM_CRED_CHALLENGE string For challenge-response mechanisms (such as APOP or CRAM-MD5), the one-time challenge that was issued to the client.
6 CVM_CRED_RESPONSE string For challenge-response mechanisms, the response from the client.
7 CVM_CRED_RESPONSE_TYPE string For challenge-response mechanisms, the name of the type of mechanism that was used to generate the response. Examples: "APOP" or "CRAM-MD5"

cvm-0.96/vmlookup.c0000664000076400007640000000653511326155156013640 0ustar bruceguenter/* vmlookup.c - vmailmgr CVM lookup routines * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "module.h" #include "qmail.h" #include "cvm-vmailmgr.h" static str account; static str baseuser; /* Results from looking up the user */ struct qmail_user vmuser; int lookup_reinit(void) { return 0; } int lookup_init(void) { if (!str_truncate(&account, 0) || !str_truncate(&domain, 0) || !str_truncate(&baseuser, 0) || !str_truncate(&virtuser, 0)) return CVME_GENERAL; if (qmail_lookup_init() != 0) return CVME_IO; return 0; } int lookup_virtuser(void) { int err; int fd; struct cdb cdb; DEBUG("cvm domain = '", cvm_module_credentials[CVM_CRED_DOMAIN].s, "'"); switch (qmail_lookup_cvm(&vmuser, &domain, &baseuser, &virtuser)) { case -1: return CVME_IO; case 0: break; default: /* Either the domain was not found, or it was found pointing to a * nonexistant user. In either case, there is no vmailmgr table to * look up. */ cvm_module_fact_uint(CVM_FACT_OUTOFSCOPE, 1); return CVME_PERMFAIL; } if (virtuser.len == 0) { cvm_module_fact_uint(CVM_FACT_OUTOFSCOPE, 1); return CVME_PERMFAIL; } memset(&cdb, 0, sizeof cdb); str_lower(&virtuser); /* Found a virtual user, authenticate it. */ if (chdir(vmuser.homedir.s) == -1) return CVME_IO; if ((fd = open(pwfile, O_RDONLY)) == -1) { if (errno == ENOENT) { cvm_module_fact_uint(CVM_FACT_OUTOFSCOPE, 1); return CVME_PERMFAIL; } return CVME_IO; } cdb_init(&cdb, fd); switch (cdb_get(&cdb, &virtuser, &vpwdata)) { case -1: DEBUG("cdb_get returned error", 0, 0); err = CVME_IO; break; case 0: DEBUG("cdb_get failed", 0, 0); /* Only handle the default user when in lookup mode, as authenticating the default user shouldn't happen. */ if (cvm_module_lookup_secret != 0) { switch (cdb_get(&cdb, &default_user, &vpwdata)) { case -1: DEBUG("cdb_get returned error", 0, 0); err = CVME_IO; break; case 0: DEBUG("cdb_get failed", 0, 0); err = CVME_PERMFAIL; break; default: err = 0; } } else err = CVME_PERMFAIL; break; default: err = 0; } cdb_free(&cdb); close(fd); if (err == CVME_PERMFAIL) cvm_module_fact_uint(CVM_FACT_OUTOFSCOPE, 0); return err; } cvm-0.96/cvm-mysql-udp.c0000664000076400007640000000000011326155156014457 0ustar bruceguentercvm-0.96/cvm-mysql-local.c0000664000076400007640000000000011326155156014761 0ustar bruceguentercvm-0.96/module_command_main.c0000664000076400007640000000171111326155156015742 0ustar bruceguenter/* cvm/module_command_main.c - CVM command module main routine * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include "module.h" extern int command_main(void); const int msg_show_pid = 0; int main(void) { return command_main(); } cvm-0.96/cvm-0.96.spec0000664000076400007640000000362611326155156013651 0ustar bruceguenterName: cvm Summary: Credential Validation Modules Version: 0.96 Release: 1 License: GPL Group: Utilities/System Source: http://untroubled.org/cvm/cvm-0.96.tar.gz BuildRoot: %{_tmppath}/cvm-buildroot URL: http://untroubled.org/cvm/ Packager: Bruce Guenter Requires: bglibs >= 1.103 BuildRequires: libtool BuildRequires: bglibs-devel >= 1.103 BuildRequires: mysql-devel BuildRequires: postgresql-devel Obsoletes: cvm-vmailmgr %description This package implements the CVM interface as a client (cvm-testclient), and as a module (cvm-unix, cvm-pwfile). %package devel Summary: Development libraries for CVM Group: Development/Libraries %description devel This package includes all the development libraries and headers for building CVM clients or modules. %package mysql Group: Utilities/System Summary: MySQL Credential Validation Modules %description mysql Credential Validation Modules that authenticate against a MySQL server. %package pgsql Group: Utilities/System Summary: PostgreSQL Credential Validation Modules %description pgsql Credential Validation Modules that authenticate against a PostgreSQL server. %prep %setup %build echo gcc "%{optflags}" -I%{_includedir}/pgsql >conf-cc echo gcc -s -L%{_libdir}/mysql >conf-ld echo %{_bindir} >conf-bin echo %{_includedir} >conf-include echo %{_libdir} >conf-lib make libraries programs mysql pgsql %install rm -fr %{buildroot} mkdir -p %{buildroot}%{_bindir} mkdir -p %{buildroot}%{_includedir} mkdir -p %{buildroot}%{_libdir} make install_prefix=%{buildroot} install %clean rm -rf %{buildroot} %post /sbin/ldconfig %files %defattr(-,root,root) %doc COPYING NEWS README *.html %{_bindir}/cvm-[^mp]* %{_bindir}/cvm-pwfile %{_libdir}/*.so.* %files devel %defattr(-,root,root) %{_includedir}/* %{_libdir}/*.a %{_libdir}/*.la %{_libdir}/*.so %files mysql %defattr(-,root,root) %{_bindir}/cvm-mysql* %files pgsql %defattr(-,root,root) %{_bindir}/cvm-pgsql* cvm-0.96/sasl_start.c0000664000076400007640000000067111326155156014136 0ustar bruceguenter#include #include "sasl.h" #include "sasl_internal.h" int sasl_start(struct sasl_state* ss, const char* mechanism, const str* initresponse, str* challenge) { const struct sasl_mechanism* mech; for (mech = sasl_mechanisms; mech != 0; mech = mech->next) { if (strcasecmp(mechanism, mech->name) == 0) { ss->mech = mech; return mech->start(ss, initresponse, challenge); } } return SASL_NO_MECH; } cvm-0.96/sql-auth.c0000664000076400007640000000565611326155156013525 0ustar bruceguenter/* cvm/sql-auth.c - Generic SQL authentication layer * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include "module.h" #include "sql.h" static const char* query; static const char* postq; int cvm_module_init(void) { int result; if ((query = getenv(sql_query_var)) == 0) return CVME_CONFIG; if (!sql_query_validate(query)) return CVME_CONFIG; if ((postq = getenv(sql_postq_var)) != 0) if (!sql_query_validate(postq)) return CVME_CONFIG; if ((result = sql_auth_init()) != 0) return result; if (!pwcmp_start(getenv(sql_pwcmp_var))) return CVME_GENERAL; return 0; } static str q; int cvm_module_lookup(void) { int i; /* Query the database based on the custom query */ if (!sql_query_build(query, &q)) return CVME_GENERAL | CVME_FATAL; if ((i = sql_auth_query(&q)) < 0) return -i; /* If the result didn't produce a single row, fail the username */ return (i == 1) ? 0 : CVME_PERMFAIL; } int cvm_module_authenticate(void) { const char* cpw; CVM_CRED_REQUIRED(PASSWORD); /* If there is no password field, fail the password */ cpw = sql_get_field(0); if (cpw == 0 || cpw[0] == 0) return CVME_PERMFAIL; /* Finally, if the stored pass is not the same, fail the pass */ switch (pwcmp_check(cvm_module_credentials[CVM_CRED_PASSWORD].s, cpw)) { case 0: return 0; case -1: return CVME_IO | CVME_FATAL; default: return CVME_PERMFAIL; } } int cvm_module_results(void) { int i; if (postq) { if (!sql_query_build(postq, &q)) return CVME_GENERAL | CVME_FATAL; if ((i = sql_post_query(&q)) != 0) return i; } /* Credentials accepted */ cvm_fact_username = sql_get_field(1); cvm_fact_userid = strtol(sql_get_field(2), 0, 10); cvm_fact_groupid = strtol(sql_get_field(3), 0, 10); cvm_fact_directory = sql_get_field(4); cvm_fact_realname = sql_get_field(5); cvm_fact_shell = sql_get_field(6); cvm_fact_groupname = sql_get_field(7); cvm_fact_domain = sql_get_field(8); cvm_fact_sys_username = sql_get_field(9); cvm_fact_sys_directory = sql_get_field(10); cvm_fact_mailbox = sql_get_field(11); return 0; } void cvm_module_stop(void) { pwcmp_stop(); sql_auth_stop(); } cvm-0.96/cvm-vmailmgr-udp.c0000664000076400007640000000000011326155156015130 0ustar bruceguentercvm-0.96/sasl_internal.h0000664000076400007640000000103111326155156014611 0ustar bruceguenter#ifndef CVM__SASL_INTERNAL__H__ #define CVM__SASL_INTERNAL__H__ extern int sasl_login_start(struct sasl_state*, const str*, str*); extern int sasl_plain_start(struct sasl_state*, const str*, str*); extern int sasl_cram_md5_start(struct sasl_state*, const str*, str*); extern int sasl_authenticate_plain(struct sasl_state*, const char* account, const char* password); extern int sasl_authenticate_cram(struct sasl_state*, const char* account, const char* cram_type, const str* challenge, const str* response); #endif cvm-0.96/Makefile0000664000076400007640000004242511326155156013256 0ustar bruceguenter# Don't edit Makefile! Use conf-* for configuration. # # Generated by spac see http://untroubled.org/spac/ SHELL=/bin/sh DEFAULT: all all: libraries programs docs clean: TARGETS rm -f `cat TARGETS` clean-spac: clean AUTOFILES rm -f `cat AUTOFILES` client_domain.lo client_domain.o: ltcompile client_domain.c v1client.h facts.h errors.h ./ltcompile client_domain.c client_setenv.lo client_setenv.o: ltcompile client_setenv.c v1client.h facts.h errors.h ./ltcompile client_setenv.c client_setugid.lo client_setugid.o: ltcompile client_setugid.c v1client.h facts.h errors.h ./ltcompile client_setugid.c client_xfer_command.lo client_xfer_command.o: ltcompile client_xfer_command.c v1client.h facts.h errors.h ./ltcompile client_xfer_command.c client_xfer_compat.lo client_xfer_compat.o: ltcompile client_xfer_compat.c v1client.h facts.h errors.h ./ltcompile client_xfer_compat.c client_xfer_local.lo client_xfer_local.o: ltcompile client_xfer_local.c v1client.h facts.h errors.h protocol.h ./ltcompile client_xfer_local.c client_xfer_udp.lo client_xfer_udp.o: ltcompile client_xfer_udp.c v1client.h facts.h errors.h protocol.h ./ltcompile client_xfer_udp.c compile: conf-cc conf-bgincs ( bgincs=`head -n 1 conf-bgincs`; \ echo '#!/bin/sh'; \ echo 'source=$$1; shift'; \ echo 'base=`echo "$$source" | sed -e s:\\\\.c$$::`'; \ echo exec `head -n 1 conf-cc` -I. "-I'$${bgincs}'" '-o $${base}.o -c $$source $${1+"$$@"}'; \ ) >compile chmod 755 compile crypt.lib: compile load @echo -n 'Checking for -lcrypt: ' @echo 'main() { ; }' >trylib-lcrypt.c @{ ./compile trylib-lcrypt.c && ./load trylib-lcrypt -lcrypt; } >/dev/null 2>&1 \ && { echo -lcrypt >crypt.lib; echo yes; } \ || { echo -n >crypt.lib; echo no; } @rm -f trylib-lcrypt.c trylib-lcrypt.o trylib-lcrypt cvm-benchclient: cvm-benchclient.o ltload libcvm-v2client.la socket.lib ./ltload cvm-benchclient libcvm-v2client.la -lbg `cat socket.lib` cvm-benchclient.o: compile cvm-benchclient.c v2client.h facts.h errors.h ./compile cvm-benchclient.c cvm-chain: cvm-chain.o ltload libcvm-module.la libcvm-v2client.la socket.lib s.lib ./ltload cvm-chain libcvm-module.la libcvm-v2client.la -lbg `cat socket.lib` `cat s.lib` cvm-chain.o: compile cvm-chain.c module.h credentials.h errors.h facts.h v2client.h ./compile cvm-chain.c cvm-checkpassword: cvm-checkpassword.o ltload libcvm-v2client.la socket.lib ./ltload cvm-checkpassword libcvm-v2client.la -lbg `cat socket.lib` cvm-checkpassword.o: compile cvm-checkpassword.c v2client.h facts.h errors.h ./compile cvm-checkpassword.c cvm-mysql: cvm-mysql.o ltload libcvm-module.la libcvm-sql.la crypt.lib ./ltload cvm-mysql libcvm-module.la libcvm-sql.la -lbg -lpwcmp -L/usr/lib/mysql -lmysqlclient `cat crypt.lib` cvm-mysql-local: cvm-mysql-local.o ltload cvm-mysql.o libcvm-local.la libcvm-sql.la crypt.lib ./ltload cvm-mysql-local cvm-mysql.o libcvm-local.la libcvm-sql.la -lbg -lpwcmp -L/usr/lib/mysql -lmysqlclient `cat crypt.lib` cvm-mysql-local.o: compile cvm-mysql-local.c ./compile cvm-mysql-local.c cvm-mysql-udp: cvm-mysql-udp.o ltload cvm-mysql.o libcvm-udp.la libcvm-sql.la crypt.lib ./ltload cvm-mysql-udp cvm-mysql.o libcvm-udp.la libcvm-sql.la -lbg -lpwcmp -L/usr/lib/mysql -lmysqlclient `cat crypt.lib` cvm-mysql-udp.o: compile cvm-mysql-udp.c ./compile cvm-mysql-udp.c cvm-mysql.o: compile cvm-mysql.c module.h credentials.h errors.h facts.h sql.h ./compile cvm-mysql.c cvm-pgsql: cvm-pgsql.o ltload libcvm-module.la libcvm-sql.la crypt.lib ./ltload cvm-pgsql libcvm-module.la libcvm-sql.la -lbg -lpwcmp -lpq `cat crypt.lib` cvm-pgsql-local: cvm-pgsql-local.o ltload cvm-pgsql.o libcvm-local.la libcvm-sql.la crypt.lib ./ltload cvm-pgsql-local cvm-pgsql.o libcvm-local.la libcvm-sql.la -lbg -lpwcmp -lpq `cat crypt.lib` cvm-pgsql-local.o: compile cvm-pgsql-local.c ./compile cvm-pgsql-local.c cvm-pgsql-udp: cvm-pgsql-udp.o ltload cvm-pgsql.o libcvm-udp.la libcvm-sql.la crypt.lib ./ltload cvm-pgsql-udp cvm-pgsql.o libcvm-udp.la libcvm-sql.la -lbg -lpwcmp -lpq `cat crypt.lib` cvm-pgsql-udp.o: compile cvm-pgsql-udp.c ./compile cvm-pgsql-udp.c cvm-pgsql.o: compile cvm-pgsql.c module.h credentials.h errors.h facts.h sql.h ./compile cvm-pgsql.c cvm-pwfile: cvm-pwfile.o ltload libcvm-module.la crypt.lib socket.lib ./ltload cvm-pwfile libcvm-module.la -lbg -lpwcmp `cat crypt.lib` `cat socket.lib` cvm-pwfile.o: compile cvm-pwfile.c module.h credentials.h errors.h facts.h ./compile cvm-pwfile.c cvm-qmail: cvm-qmail.o ltload getpwnam.o libcvm-module.la libcvm-qmail.la crypt.lib ./ltload cvm-qmail getpwnam.o libcvm-module.la libcvm-qmail.la -lbg `cat crypt.lib` cvm-qmail.o: compile cvm-qmail.c module.h credentials.h errors.h facts.h qmail.h ./compile cvm-qmail.c cvm-sqlite: cvm-sqlite.o ltload libcvm-module.la libcvm-sql.la crypt.lib ./ltload cvm-sqlite libcvm-module.la libcvm-sql.la -lbg -lpwcmp -L/usr/lib/sqlite -lsqlite3 `cat crypt.lib` cvm-sqlite.o: compile cvm-sqlite.c cvm/module.h credentials.h errors.h facts.h sql.h ./compile cvm-sqlite.c cvm-testclient: cvm-testclient.o ltload libcvm-v2client.la socket.lib ./ltload cvm-testclient libcvm-v2client.la -lbg `cat socket.lib` cvm-testclient.o: compile cvm-testclient.c v2client.h facts.h errors.h ./compile cvm-testclient.c cvm-unix: cvm-unix.o ltload getpwnam.o libcvm-module.la crypt.lib shadow.lib s.lib socket.lib ./ltload cvm-unix getpwnam.o libcvm-module.la -lbg `cat crypt.lib` `cat shadow.lib` `cat s.lib` `cat socket.lib` cvm-unix.o: compile cvm-unix.c module.h credentials.h errors.h facts.h ./compile cvm-unix.c cvm-v1benchclient: cvm-v1benchclient.o ltload libcvm-v1client.la socket.lib ./ltload cvm-v1benchclient libcvm-v1client.la -lbg `cat socket.lib` cvm-v1benchclient.o: compile cvm-v1benchclient.c v1client.h facts.h errors.h ./compile cvm-v1benchclient.c cvm-v1checkpassword: cvm-v1checkpassword.o ltload libcvm-v1client.la socket.lib ./ltload cvm-v1checkpassword libcvm-v1client.la -lbg `cat socket.lib` cvm-v1checkpassword.o: compile cvm-v1checkpassword.c v1client.h facts.h errors.h ./compile cvm-v1checkpassword.c cvm-v1testclient: cvm-v1testclient.o ltload libcvm-v1client.la socket.lib ./ltload cvm-v1testclient libcvm-v1client.la -lbg `cat socket.lib` cvm-v1testclient.o: compile cvm-v1testclient.c v1client.h facts.h errors.h ./compile cvm-v1testclient.c cvm-vchkpw: cvm-vchkpw.o ltload libcvm-module.la crypt.lib shadow.lib s.lib socket.lib ./ltload cvm-vchkpw libcvm-module.la -L/usr/local/vpopmail/lib -L/var/vpopmail/lib -L/usr/local/lib/mysql -lbg -lvpopmail -lmysqlclient `cat crypt.lib` `cat shadow.lib` `cat s.lib` `cat socket.lib` cvm-vchkpw.o: compile cvm-vchkpw.c module.h credentials.h errors.h facts.h ./compile cvm-vchkpw.c cvm-vmailmgr: cvm-vmailmgr.o ltload vmautoconvert.o vmlookup.o getpwnam.o libcvm-module.la libcvm-qmail.la socket.lib crypt.lib ./ltload cvm-vmailmgr vmautoconvert.o vmlookup.o getpwnam.o libcvm-module.la libcvm-qmail.la -lbg `cat socket.lib` `cat crypt.lib` cvm-vmailmgr-local: cvm-vmailmgr-local.o ltload cvm-vmailmgr.o vmautoconvert.o vmlookup.o getpwnam.o libcvm-local.la libcvm-qmail.la socket.lib crypt.lib ./ltload cvm-vmailmgr-local cvm-vmailmgr.o vmautoconvert.o vmlookup.o getpwnam.o libcvm-local.la libcvm-qmail.la -lbg `cat socket.lib` `cat crypt.lib` cvm-vmailmgr-local.o: compile cvm-vmailmgr-local.c ./compile cvm-vmailmgr-local.c cvm-vmailmgr-udp: cvm-vmailmgr-udp.o ltload cvm-vmailmgr.o vmautoconvert.o vmlookup.o getpwnam.o libcvm-udp.la libcvm-qmail.la socket.lib crypt.lib ./ltload cvm-vmailmgr-udp cvm-vmailmgr.o vmautoconvert.o vmlookup.o getpwnam.o libcvm-udp.la libcvm-qmail.la -lbg `cat socket.lib` `cat crypt.lib` cvm-vmailmgr-udp.o: compile cvm-vmailmgr-udp.c ./compile cvm-vmailmgr-udp.c cvm-vmailmgr.o: compile cvm-vmailmgr.c module.h credentials.h errors.h facts.h qmail.h cvm-vmailmgr.h ./compile cvm-vmailmgr.c docs: errors.lo errors.o: ltcompile errors.c errors.h ./ltcompile errors.c facts.lo facts.o: ltcompile facts.c facts.h ./ltcompile facts.c getpwnam.o: compile getpwnam.c module.h credentials.h errors.h facts.h ./compile getpwnam.c install: INSTHIER conf-lib conf-bin conf-include bg-installer -v load chmod 755 load ltcompile: conf-cc conf-bgincs ( bgincs=`head -n 1 conf-bgincs`; \ if libtool --tag=CC --help >/dev/null 2>&1; then tag='--tag=CC'; fi; \ echo '#!/bin/sh'; \ echo 'source=$$1; shift'; \ echo 'base=`echo "$$source" | sed -e s:\\\\.c$$::`'; \ echo exec libtool --mode=compile --silent $$tag `head -n 1 conf-cc` -I. "-I'$${bgincs}'" '-o $${base}.lo -c $$source $${1+"$$@"}'; \ ) >ltcompile chmod 755 ltcompile ltload: conf-ld conf-bglibs ( bglibs=`head -n 1 conf-bglibs`; \ if libtool --tag=CC --help >/dev/null 2>&1; then tag='--tag=CC'; fi; \ echo '#!/bin/sh';\ echo 'main="$$1"; shift';\ echo exec libtool --mode=link --silent $$tag `head -n 1 conf-ld` -L. "-L'$${bglibs}'" "-Wl,-R'$${bglibs}'" '-o "$$main" "$$main.o" $${1+"$$@"}' -lbg-sysdeps; \ ) >ltload chmod 755 ltload makeshlib: conf-ld conf-lib LIBVERSION Makefile ( if libtool --tag=CC --help >/dev/null 2>&1; then tag='--tag=CC'; fi; \ echo '#!/bin/sh'; \ echo 'lib="$$1"; shift';\ echo 'rm -f "$$lib"';\ echo libtool --mode=link --silent $$tag `head -n 1 conf-ld` '-o "$$lib" -rpath' `head -n 1 conf-lib` -version-info `head -n 1 LIBVERSION` '$${1+"$$@"}';\ ) >makeshlib chmod 755 makeshlib module_command.lo module_command.o: ltcompile module_command.c module.h credentials.h errors.h facts.h ./ltcompile module_command.c module_command_main.lo module_command_main.o: ltcompile module_command_main.c module.h credentials.h errors.h facts.h ./ltcompile module_command_main.c module_local.lo module_local.o: ltcompile module_local.c module.h credentials.h errors.h facts.h ./ltcompile module_local.c module_local_main.lo module_local_main.o: ltcompile module_local_main.c module.h credentials.h errors.h facts.h ./ltcompile module_local_main.c module_log.lo module_log.o: ltcompile module_log.c module.h credentials.h errors.h facts.h ./ltcompile module_log.c module_main.lo module_main.o: ltcompile module_main.c module.h credentials.h errors.h facts.h ./ltcompile module_main.c module_output.lo module_output.o: ltcompile module_output.c module.h credentials.h errors.h facts.h protocol.h ./ltcompile module_output.c module_request.lo module_request.o: ltcompile module_request.c module.h credentials.h errors.h facts.h protocol.h ./ltcompile module_request.c module_udp.lo module_udp.o: ltcompile module_udp.c module.h credentials.h errors.h facts.h ./ltcompile module_udp.c module_udp_main.lo module_udp_main.o: ltcompile module_udp_main.c module.h credentials.h errors.h facts.h ./ltcompile module_udp_main.c mysql: cvm-mysql cvm-mysql-local cvm-mysql-udp pgsql: cvm-pgsql cvm-pgsql-local cvm-pgsql-udp programs: cvm-v1checkpassword cvm-benchclient sasl-auth-test cvm-v1benchclient cvm-testclient cvm-vmailmgr sql-query-test cvm-vmailmgr-local cvm-vmailmgr-udp cvm-v1testclient cvm-chain cvm-checkpassword cvm-unix cvm-qmail cvm-pwfile qmail-domains.lo qmail-domains.o: ltcompile qmail-domains.c qmail.h ./ltcompile qmail-domains.c qmail-dotfile.lo qmail-dotfile.o: ltcompile qmail-dotfile.c qmail.h ./ltcompile qmail-dotfile.c qmail-init.lo qmail-init.o: ltcompile qmail-init.c qmail.h ./ltcompile qmail-init.c qmail-lookup.lo qmail-lookup.o: ltcompile qmail-lookup.c module.h credentials.h errors.h facts.h qmail.h ./ltcompile qmail-lookup.c qmail-users.lo qmail-users.o: ltcompile qmail-users.c qmail.h ./ltcompile qmail-users.c random.lo random.o: ltcompile random.c random.h ./ltcompile random.c s.lib: compile load @echo -n 'Checking for -ls: ' @echo 'main() { ; }' >trylib-ls.c @{ ./compile trylib-ls.c && ./load trylib-ls -ls; } >/dev/null 2>&1 \ && { echo -ls >s.lib; echo yes; } \ || { echo -n >s.lib; echo no; } @rm -f trylib-ls.c trylib-ls.o trylib-ls sasl-auth-test: sasl-auth-test.o ltload libcvm-sasl.la libcvm-v2client.la ./ltload sasl-auth-test libcvm-sasl.la libcvm-v2client.la -lbg sasl-auth-test.o: compile sasl-auth-test.c sasl.h ./compile sasl-auth-test.c sasl_auth.lo sasl_auth.o: ltcompile sasl_auth.c sasl.h v2client.h facts.h errors.h ./ltcompile sasl_auth.c sasl_authenticate.lo sasl_authenticate.o: ltcompile sasl_authenticate.c v2client.h facts.h errors.h credentials.h sasl.h sasl_internal.h ./ltcompile sasl_authenticate.c sasl_cram_md5.lo sasl_cram_md5.o: ltcompile sasl_cram_md5.c v2client.h facts.h errors.h sasl.h sasl_internal.h ./ltcompile sasl_cram_md5.c sasl_init.lo sasl_init.o: ltcompile sasl_init.c sasl.h sasl_internal.h ./ltcompile sasl_init.c sasl_login.lo sasl_login.o: ltcompile sasl_login.c sasl.h sasl_internal.h ./ltcompile sasl_login.c sasl_plain.lo sasl_plain.o: ltcompile sasl_plain.c sasl.h sasl_internal.h ./ltcompile sasl_plain.c sasl_start.lo sasl_start.o: ltcompile sasl_start.c sasl.h sasl_internal.h ./ltcompile sasl_start.c shadow.lib: compile load @echo -n 'Checking for -lshadow: ' @echo 'main() { ; }' >trylib-lshadow.c @{ ./compile trylib-lshadow.c && ./load trylib-lshadow -lshadow; } >/dev/null 2>&1 \ && { echo -lshadow >shadow.lib; echo yes; } \ || { echo -n >shadow.lib; echo no; } @rm -f trylib-lshadow.c trylib-lshadow.o trylib-lshadow socket.lib: compile load @echo -n 'Checking for socket libraries: ' @echo 'main() { ; }' >trylib-lsocket.c @{ ./compile trylib-lsocket.c && ./load trylib-lsocket -lsocket -lnsl; } >/dev/null 2>&1 \ && { echo -lsocket -lnsl >socket.lib; echo -lsocket -lnsl; } \ || { : >socket.lib; echo no; } @rm -f trylib-lsocket.c trylib-lsocket.o trylib-lsocket sql-auth.lo sql-auth.o: ltcompile sql-auth.c module.h credentials.h errors.h facts.h sql.h ./ltcompile sql-auth.c sql-query-test: sql-query-test.o load sql-query.o ./load sql-query-test sql-query.o -lbg sql-query-test.o: compile sql-query-test.c credentials.h sql.h ./compile sql-query-test.c sql-query.lo sql-query.o: ltcompile sql-query.c module.h credentials.h errors.h facts.h sql.h ./ltcompile sql-query.c sqlite: cvm-sqlite v1client.lo v1client.o: ltcompile v1client.c v1client.h facts.h errors.h protocol.h ./ltcompile v1client.c v2client.lo v2client.o: ltcompile v2client.c v2client.h facts.h errors.h credentials.h protocol.h random.h ./ltcompile v2client.c v2client_wrappers.lo v2client_wrappers.o: ltcompile v2client_wrappers.c v2client.h facts.h errors.h credentials.h ./ltcompile v2client_wrappers.c vmautoconvert.o: compile vmautoconvert.c module.h credentials.h errors.h facts.h qmail.h cvm-vmailmgr.h ./compile vmautoconvert.c vmlookup.o: compile vmlookup.c module.h credentials.h errors.h facts.h qmail.h cvm-vmailmgr.h ./compile vmlookup.c cvm-0.96/cvm.html0000664000076400007640000000766311326155156013276 0ustar bruceguenter

CVM: Credential Validation Module

CVM Protocol Version 1 Description
CVM Protocol Version 2 Description
CVM Credential Definitions
CVM Fact Definitions
CVM Version 1 Client Library
CVM Version 2 Client Library
CVM Module Library
CVM SASL Library
CVM Error Values
CVM Design Rationale

The cvm-checkpassword Program
The cvm-testclient Program
The cvm-benchclient Program

The cvm-unix Module
The cvm-pwfile Module
The cvm-vmailmgr Module
The cvm-qmail Module
The cvm-mysql Module
The cvm-pgsql Module
The cvm-chain Module

CVM is a framework for validating a set of credentials against a database using a filter program. The modules act as a filter, taking a set of credentials as input and writing a set of facts as output if those credentials are valid. Optional input is given to the module through environment variables.

Some of the ideas for CVM came from experience with PAM (pluggable authentication modules), the checkpassword interface used by qmail-pop3d, and the "authmod" interface used by Courier IMAP and POP3. This framework places fewer restrictions on the invoking client than checkpassword does, and is much simpler to implement on both sides than PAM and the authmod framework.

Contact Modes

CVM modules may be contacted by one of three modes:

  1. Command execution: Use a module name of cvm-command:/path/to/command. The cvm-command: prefix is optional.
  2. UNIX (or local) domain socket: Use a module name of cvm-local:/path/to/socket.
  3. UDP: Use a module name of cvm-udp:hostname:port.

Modules may be chained in the client. To do so, specify the list of modules separated by a comma. For example:

cvm-local:/path/to/socket,cvm-command:/path/to/module

The first module to either report success, a temporary failure, or permanent failure with an in-scope result terminates the chain.

Module Invocation

CVM modules are invoked using a similar syntax to the above:

  1. UNIX (or local) domain server: Use a command-line argument of cvm-local:/path/to/socket. If $CVM_SOCKET_MODE is set, the created socket will have this mode (in octal, defaults to 777). If $CVM_SOCKET_OWNER or $CVM_SOCKET_GROUP are set, the created socket will have its UID/GID set appropriately. The module will wait a maximum of 1000ms for complete input to be received from the client or to completely send the response. This value may be overridden by $CVM_IO_TIMEOUT.
  2. UDP socket server: Use a command-line argument of cvm-udp:hostname:port. The hostname argument specifies the IP to bind the socket to. Normally this will be 0 to bind to all IPs.

If $CVM_LOOKUP_SECRET is set, the module operates in "lookup mode". In this mode, the authentication function provided by the module will not be called. Instead, the module library will handle authentication internally, before the lookup happens. If the secret is empty, the module will expect no credentials to be passed to the module, otherwise one must be passed and it must match the secret.

cvm-0.96/AUTOFILES0000664000076400007640000000016611326155156013070 0ustar bruceguenterAUTOFILES LIBVERSION Makefile SRCFILES TARGETS conf-bgincs conf-bglibs conf-bin conf-cc conf-include conf-ld conf-lib cvm-0.96/sasl_init.c0000664000076400007640000000251111326155156013737 0ustar bruceguenter#include #include #include #include "sasl.h" #include "sasl_internal.h" static struct sasl_mechanism mechanisms[4] = { { "LOGIN", "CVM_SASL_PLAIN", 0, sasl_login_start, 0 }, { "PLAIN", "CVM_SASL_PLAIN", 0, sasl_plain_start, 0 }, { "CRAM-MD5", "CVM_SASL_CRAM_MD5", 0, sasl_cram_md5_start, 0 }, { 0, 0, 0, 0, 0 }, }; const struct sasl_mechanism* sasl_mechanisms; static void set_mech(struct sasl_mechanism* mech, const char* cvm, struct sasl_mechanism** prev, struct sasl_mechanism** first) { mech->cvm = cvm; if (*prev != 0) (*prev)->next = mech; else if (*first == 0) *prev = *first = mech; } int sasl_init(struct sasl_state* ss) { struct sasl_mechanism* prev; struct sasl_mechanism* first; struct sasl_mechanism* mech; const char* tmp; for (mech = mechanisms, first = 0, prev = 0; mech->name != 0; ++mech) { if ((tmp = getenv(mech->var)) != 0) set_mech(mech, tmp, &prev, &first); } /* backwards compatibility for $CVM_SASL_LOGIN */ if (!mechanisms[0].cvm && (tmp = getenv("CVM_SASL_LOGIN")) != 0) { prev = 0; first = 0; set_mech(&mechanisms[0], tmp, &prev, &first); } sasl_mechanisms = first; memset(ss, 0, sizeof *ss); ss->domain = ucspi_localhost(); return 1; } cvm-0.96/qmail-init.c0000664000076400007640000000416111326155156014021 0ustar bruceguenter/* qmailn.c - qmail initialization routines * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include "qmail.h" const char* qmail_root = "/var/qmail"; const char* qmail_me = 0; const char* qmail_envnoathost = 0; static int read_control(const char* control, const char** s, str* path) { /* Hostnames are realistically limited to 256 bytes. This is overkill. */ char buf[4096]; int fd; long rd; char* nl; char* news; long len; if (!str_copy3s(path, qmail_root, "/control/", control)) return -1; if ((fd = open(path->s, O_RDONLY)) == -1) return (errno == ENOENT) ? 0 : -1; rd = read(fd, buf, sizeof buf); close(fd); if (rd <= 0) return rd; if ((nl = memchr(buf, '\n', rd)) == 0) nl = buf + rd; len = nl - buf; if ((news = malloc(len + 1)) == 0) return -1; memcpy(news, buf, len); news[len] = 0; *s = news; return 0; } int qmail_init(void) { str path = { 0,0,0 }; const char* tmp; if ((tmp = getenv("QMAIL_ROOT")) != 0) qmail_root = tmp; if (read_control("envnoathost", &qmail_envnoathost, &path) != 0) return -1; if (read_control("me", &qmail_me, &path) != 0) return -1; if (qmail_envnoathost == 0) qmail_envnoathost = (qmail_me == 0) ? "envnoathost" : qmail_me; if (qmail_me == 0) qmail_me = "me"; str_free(&path); return 0; } cvm-0.96/sasl_authenticate.c0000664000076400007640000000415711326155156015462 0ustar bruceguenter#include #include "v2client.h" #include "credentials.h" #include "sasl.h" #include "sasl_internal.h" static int setup(int count, struct cvm_credential* creds, const char* account, const char* domain) { memset(creds, 0, count * sizeof creds[0]); creds[0].type = CVM_CRED_ACCOUNT; if (!str_copys(&creds[0].value, account)) return 0; if (domain == 0) domain = ""; creds[1].type = CVM_CRED_DOMAIN; if (!str_copys(&creds[1].value, domain)) return 0; return cvm_client_split_account(&creds[0].value, &creds[1].value); } static void free_creds(int count, struct cvm_credential* creds) { while (count > 1) str_free(&creds[--count].value); } static int authenticate_free(const char* cvm, int count, struct cvm_credential* creds) { int result; result = cvm_client_authenticate(cvm, count, creds); free_creds(count, creds); return result; } int sasl_authenticate_plain(struct sasl_state* ss, const char* account, const char* password) { struct cvm_credential creds[3]; if (!setup(3, creds, account, ss->domain)) return SASL_TEMP_FAIL; creds[2].type = CVM_CRED_PASSWORD; if (!str_copys(&creds[2].value, password)) return SASL_TEMP_FAIL; switch (authenticate_free(ss->mech->cvm, 3, creds)) { case 0: return SASL_AUTH_OK; case CVME_PERMFAIL: return SASL_AUTH_FAILED; default: return SASL_TEMP_FAIL; } } int sasl_authenticate_cram(struct sasl_state* ss, const char* account, const char* cram_type, const str* challenge, const str* response) { struct cvm_credential creds[5]; if (!setup(5, creds, account, ss->domain)) return SASL_TEMP_FAIL; creds[2].type = CVM_CRED_CHALLENGE; if (!str_copy(&creds[2].value, challenge)) return SASL_TEMP_FAIL; creds[3].type = CVM_CRED_RESPONSE; if (!str_copy(&creds[3].value, response)) return SASL_TEMP_FAIL; creds[4].type = CVM_CRED_RESPONSE_TYPE; if (!str_copys(&creds[4].value, cram_type)) return SASL_TEMP_FAIL; switch (authenticate_free(ss->mech->cvm, 5, creds)) { case 0: return SASL_AUTH_OK; case CVME_PERMFAIL: return SASL_AUTH_FAILED; default: return SASL_TEMP_FAIL; } } cvm-0.96/ANNOUNCEMENT0000664000076400007640000000624611326155156013434 0ustar bruceguenterVersion 0.96 of cvm is now available at: http://untroubled.org/cvm/ ------------------------------------------------------------------------------ Changes in version 0.96 - Added support for checking permissions in cvm-qmail. See discussion of $CVM_QMAIL_CHECK_PERMS in cvm-qmail.html - Added support for I/O timeouts for cvm-local modules. - Fixed the SQLite module to copy the row data. - Fixed cvm-qmail dieing if control/locals is missing. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ ------------------------------------------------------------------------------- cvm Credential Validation Modules Bruce Guenter Version 0.96 2010-01-21 This package contains: - The reference source for the CVM interface. - Diagnostic and benchmark CVM clients. - A checkpassword interface CVM client. - A UNIX/POSIX system module (uses getpwnam). - A flat-file module. - A vmailmgr module. - MySQL, PgSQL, and SQLite modules. - A library for client writers. - A set of libraries for module writers. A mailing list has been set up to discuss this and other packages. To subscribe, send an email to: bgware-subscribe@lists.untroubled.org A mailing list archive is available at: http://lists.untroubled.org/?list=bgware Development versions of cvm are available via GIT at: http://untroubled.org/git/cvm.git Requirements: - bglibs library package version 1.103 or later. - The vmailmgr modules should work with all versions of vmailmgr that use CDB password tables, introduced in vmailmgr version 0.89 (only tested with version 0.96.9) - libtool Installation: - Make sure the latest version of bglibs from http://untroubled.org/bglibs/ is compiled and installed. - Build the sources by running "make" - After the package has been compiled, run the following commands as root: make install If you want to install in a different directory, run: make install install_prefix=/prefix vmailmgr Configuration: - If your virtual domain password tables are stored in a file other than passwd.cdb, set $VMAILMGR_PWFILE to that file name. - Set $QMAIL_ROOT to the base qmail directory (defaults to "/var/qmail"). - Set $VMAILMGR_DEFAULT to the vmailmgr default username (defaults to "+"). - Set $DEBUG (to anything) to see debugging output. - See http://untroubled.org/cvm/cvm.html for information on running local or UDP server modules. Development of this version has been sponsored by FutureQuest, Inc. ossi@FutureQuest.net http://www.FutureQuest.net/ This program is Copyright(C) 2010 Bruce Guenter, and may be copied according to the GNU GENERAL PUBLIC LICENSE (GPL) Version 2 or a later version. A copy of this license is included with this package. This package comes with no warranty of any kind. The cvm-vmailmgr project was initiated at FutureQuest, Inc. We are releasing it as an open-source project because we felt it would be useful to others, as well as to repay our debt of gratitude to the larger open-source community for the excellent packages we have enjoyed. For more details, you may contact FutureQuest, Inc. at: FutureQuest, Inc. PO BOX 623127 Oviedo FL 32762-3127 USA http://www.FutureQuest.net/ cvm-0.96/v2client.c0000664000076400007640000001754011326155156013510 0ustar bruceguenter/* cvm/client.c - CVM client library * Copyright (C) 2010 Bruce Guenter * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include #include #include #include #include "v2client.h" #include "credentials.h" #include "protocol.h" #include "random.h" const char* cvm_client_account_split_chars = "@"; static struct cvm_packet request; static struct cvm_packet response; static struct { unsigned type; unsigned start; } offsets[CVM_BUFSIZE/2]; static str randombytes; /* Packet management code ****************************************************/ static int parse_packet(struct cvm_packet* p) { unsigned i; unsigned o; if (p->length < 3) return CVME_BAD_MODDATA; if (p->data[1] != randombytes.len) return CVME_BAD_MODDATA; if (memcmp(p->data+2, randombytes.s, randombytes.len) != 0) return CVME_BAD_MODDATA; if (p->data[p->length-1] != 0) return CVME_BAD_MODDATA; /* This funny loop gives all the strings in the p->data NUL termination. */ for (i = 0, o = p->data[1] + 2; o < sizeof p->data && p->data[o] != 0; ++i, o += p->data[o+1] + 2) { offsets[i].type = p->data[o]; offsets[i].start = o+2; p->data[o] = 0; } offsets[i].type = offsets[i].start = 0; if (p->data[0] != 0) return p->data[0]; /* Extract required and common facts. */ if (cvm_client_fact_str(CVM_FACT_USERNAME, &cvm_fact_username, &i) || cvm_client_fact_uint(CVM_FACT_USERID, &cvm_fact_userid) || cvm_client_fact_uint(CVM_FACT_GROUPID, &cvm_fact_groupid) || cvm_client_fact_str(CVM_FACT_DIRECTORY, &cvm_fact_directory, &i)) return CVME_BAD_MODDATA; cvm_client_fact_str(CVM_FACT_SHELL, &cvm_fact_shell, &i); cvm_client_fact_str(CVM_FACT_REALNAME, &cvm_fact_realname, &i); cvm_client_fact_str(CVM_FACT_GROUPNAME, &cvm_fact_groupname, &i); cvm_client_fact_str(CVM_FACT_SYS_USERNAME, &cvm_fact_sys_username, &i); cvm_client_fact_str(CVM_FACT_SYS_DIRECTORY, &cvm_fact_sys_directory, &i); cvm_client_fact_str(CVM_FACT_DOMAIN, &cvm_fact_domain, &i); cvm_client_fact_str(CVM_FACT_MAILBOX, &cvm_fact_mailbox, &i); return 0; } static unsigned packet_add(struct cvm_packet* p, unsigned type, unsigned len, const char* data) { unsigned char* ptr; if (p->length + len + 2 >= CVM_BUFSIZE-1) return 0; ptr = p->data + p->length; *ptr++ = type; *ptr++ = len; memcpy(ptr, data, len); p->length += len + 2; return 1; } static void make_randombytes(void) { static int initialized = 0; unsigned i; const char *e; if (!initialized) { cvm_random_init(); if (randombytes.len == 0) { if ((e = getenv("CVM_RANDOM_BYTES")) != 0) i = atoi(e); else i = 8; str_ready(&randombytes, i); randombytes.len = i; } initialized = 1; } cvm_random_fill((unsigned char*)randombytes.s, randombytes.len); } static unsigned build_packet(struct cvm_packet* p, unsigned count, const struct cvm_credential* credentials, int addrandom) { const char* env; unsigned i; int has_secret; if (addrandom) make_randombytes(); else randombytes.len = 0; p->length = 0; if (!packet_add(p, CVM2_PROTOCOL, randombytes.len, randombytes.s)) return 0; for (i = 0, has_secret = 0; i < count; ++i, ++credentials) { if (credentials->type == CVM_CRED_SECRET) has_secret = 1; if (!packet_add(p, credentials->type, credentials->value.len, credentials->value.s)) return 0; } if (!has_secret && (env = getenv("CVM_LOOKUP_SECRET")) != 0) if (!packet_add(p, CVM_CRED_SECRET, strlen(env), env)) return 0; p->data[p->length++] = 0; return 1; } int cvm_client_fact_str(unsigned number, const char** data, unsigned* length) { static unsigned last_offset = 0; static unsigned last_number = -1; unsigned o; int err = CVME_NOFACT; o = (number != last_number || offsets[last_offset].type == 0) ? 0 : last_offset; last_number = number; while (offsets[o].type != 0) { if (offsets[o++].type == number) { *length = (*data = (char*)response.data + offsets[o-1].start)[-1]; err = 0; break; } } last_offset = o; return err; } int cvm_client_fact_uint(unsigned number, unsigned long* data) { const char* ptr; unsigned len; unsigned long i; int err; if ((err = cvm_client_fact_str(number, &ptr, &len)) != 0) return err; for (i = 0; len > 0 && *ptr >= '0' && *ptr <= '9'; ++ptr, --len) { unsigned long tmp = i; i = (i * 10) + (*ptr - '0'); if (i < tmp) return CVME_BAD_MODDATA; } if (len > 0) return CVME_BAD_MODDATA; *data = i; return 0; } int cvm_client_split_account(str* account, str* domain) { unsigned actlen; char* actptr; unsigned i; const char* sc; actlen = account->len; actptr = account->s; if ((sc = getenv("CVM_ACCOUNT_SPLIT_CHARS")) == 0) sc = cvm_client_account_split_chars; i = actlen; while (i-- > 0) { if (strchr(sc, actptr[i]) != 0) { if (!str_copyb(domain, actptr + i + 1, actlen - i - 1)) return 0; account->s[account->len = i] = 0; break; } } return 1; } /* Top-level wrapper *********************************************************/ int cvm_client_authenticate(const char* modules, unsigned count, const struct cvm_credential* credentials) { int result; void (*oldsig)(int); int addrandom; static str module_list; striter i; unsigned long u; /* Make a copy of the module list so we can make the strings NUL * terminated internally. */ if (!str_copys(&module_list, modules)) return CVME_IO | CVME_FATAL; str_subst(&module_list, ',', '\0'); /* Set addrandom to true if any module uses UDP. */ addrandom = 0; striter_loop(&i, &module_list, '\0') { if (memcmp(i.startptr, "cvm-udp:", 8) == 0) { addrandom = 1; break; } } if (!build_packet(&request, count, credentials, addrandom)) return CVME_GENERAL; oldsig = signal(SIGPIPE, SIG_IGN); /* Invoke each module in the list, exiting when any module produces a * non-PERMFAIL result, or when it produces a PERMFAIL result with * OUTOFSCOPE set to 0. */ striter_loop(&i, &module_list, '\0') { if (!memcmp(i.startptr, "cvm-udp:", 8)) result = cvm_xfer_udp_packets(i.startptr+8, &request, &response); else if (!memcmp(i.startptr, "cvm-local:", 10)) result = cvm_xfer_local_packets(i.startptr+10, &request, &response); else { if (!memcmp(i.startptr, "cvm-command:", 12)) i.startptr += 12; result = cvm_xfer_command_packets(i.startptr, &request, &response); } /* Note: the result returned by cvm_xfer_* indicates if transmission * succeeded, not the actual result of validation. The validation * result is returned by parse_packet. */ if (result == 0) result = parse_packet(&response); /* Return success and temporary failures. */ if (result != CVME_PERMFAIL) break; /* Also return permanent failure if the result is in scope. */ if (cvm_client_fact_uint(CVM_FACT_OUTOFSCOPE, &u) == 0 && u == 0) break; } signal(SIGPIPE, oldsig); return result; }