# HG changeset patch # User Timo Sirainen # Date 1218578218 14400 # Node ID 30e4c3360e7628a416a77871d92242e45bdc0314 # Parent 14a061acbb7b5b60dece592ac5562ac435fecce6 vpopmail: Added webmail=ip parameter. Use it for checking imap/webmail access. diff -r 14a061acbb7b -r 30e4c3360e76 src/auth/passdb-vpopmail.c --- a/src/auth/passdb-vpopmail.c Tue Aug 12 17:27:26 2008 -0400 +++ b/src/auth/passdb-vpopmail.c Tue Aug 12 17:56:58 2008 -0400 @@ -9,6 +9,7 @@ #include "safe-memset.h" #include "passdb.h" #include "password-scheme.h" +#include "auth-cache.h" #include "userdb-vpopmail.h" @@ -16,6 +17,38 @@ #define VPOPMAIL_DEFAULT_PASS_SCHEME "CRYPT" +struct vpopmail_passdb_module { + struct passdb_module module; + + struct ip_addr webmail_ip; +}; + +static bool vpopmail_is_disabled(struct auth_request *request, + const struct vqpasswd *vpw) +{ + struct passdb_module *_module = request->passdb->passdb; + struct vpopmail_passdb_module *module = + (struct vpopmail_passdb_module *)_module; + + if (strcmp(request->service, "IMAP") == 0) { + if ((vpw->pw_gid & NO_IMAP) != 0) { + /* IMAP from webmail IP may still be allowed */ + if (!net_ip_compare(&module->webmail_ip, + &request->remote_ip)) + return TRUE; + } + if ((vpw->pw_gid & NO_WEBMAIL) != 0) { + if (net_ip_compare(&module->webmail_ip, + &request->remote_ip)) + return TRUE; + } + } + if ((vpw->pw_gid & NO_POP) != 0 && + strcmp(request->service, "POP3") == 0) + return TRUE; + return FALSE; +} + static char * vpopmail_password_lookup(struct auth_request *auth_request, bool cleartext, enum passdb_result *result_r) @@ -30,10 +63,7 @@ return NULL; } - if (((vpw->pw_gid & NO_IMAP) != 0 && - strcmp(auth_request->service, "IMAP") == 0) || - ((vpw->pw_gid & NO_POP) != 0 && - strcmp(auth_request->service, "POP3") == 0)) { + if (vpopmail_is_disabled(auth_request, vpw)) { auth_request_log_info(auth_request, "vpopmail", "%s disabled", auth_request->service); password = NULL; @@ -125,17 +155,27 @@ static struct passdb_module * vpopmail_preinit(struct auth_passdb *auth_passdb, const char *args) { - struct passdb_module *module; + struct vpopmail_passdb_module *module; + const char *const *tmp; - module = p_new(auth_passdb->auth->pool, struct passdb_module, 1); - module->default_pass_scheme = VPOPMAIL_DEFAULT_PASS_SCHEME; + module = p_new(auth_passdb->auth->pool, + struct vpopmail_passdb_module, 1); + module->module.default_pass_scheme = VPOPMAIL_DEFAULT_PASS_SCHEME; - if (strncmp(args, "cache_key=", 10) == 0) { - module->cache_key = - auth_cache_parse_key(auth_passdb->auth->pool, - args + 10); + tmp = t_strsplit_spaces(args, " "); + for (; *tmp != NULL; tmp++) { + if (strncmp(*tmp, "cache_key=", 10) == 0) { + module->module.cache_key = + auth_cache_parse_key(auth_passdb->auth->pool, + *tmp + 10); + } else if (strncmp(*tmp, "webmail=", 8) == 0) { + if (net_addr2ip(*tmp + 8, &module->webmail_ip) < 0) + i_fatal("vpopmail: Invalid webmail IP address"); + } else { + i_fatal("vpopmail: Unknown setting: %s", *tmp); + } } - return module; + return &module->module; } static void vpopmail_deinit(struct passdb_module *module ATTR_UNUSED)