Mercurial > dovecot > original-hg > dovecot-1.2

changeset 1578:ab2fb3c6a12b HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Using "*" as PAM service name now uses imap/pop3 service.
author Timo Sirainen <tss@iki.fi>
date Thu, 26 Jun 2003 02:15:34 +0300
parents b3ae1757f921
children a0207c0adf7e
files doc/auth.txt dovecot-example.conf src/auth/passdb-pam.c
diffstat 3 files changed, 24 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/doc/auth.txt	Thu Jun 26 01:42:55 2003 +0300
+++ b/doc/auth.txt	Thu Jun 26 02:15:34 2003 +0300
@@ -80,8 +80,14 @@
 ApplePAM (OSX). PAM doesn't provide user database, so you have to use
 something else for that - passwd usually.
 
-Here's an example /etc/pam.d/imap configuration file which uses
-standard UNIX authentication:
+By default Dovecot uses "dovecot" service, ie. the PAM configuration is in
+/etc/pam.d/dovecot file. You can override this by giving the wanted service
+name as parameter for pam. For example "auth_passdb = pam dovecot2". If you
+give "*" as service name, Dovecot uses "imap" service for IMAP connections
+and "pop3" service for POP3 connections.
+
+Here's an example /etc/pam.d/dovecot configuration file which uses standard
+UNIX authentication:
 
 auth	required	pam_unix.so nullok
 account	required	pam_unix.so
--- a/dovecot-example.conf	Thu Jun 26 01:42:55 2003 +0300
+++ b/dovecot-example.conf	Thu Jun 26 02:15:34 2003 +0300
@@ -381,7 +381,7 @@
 # Where password database is kept:
 #   passwd: /etc/passwd or similiar, using getpwnam()
 #   shadow: /etc/shadow or similiar, using getspnam()
-#   pam: PAM authentication
+#   pam [<service> | *]: PAM authentication
 #   passwd-file <path>: passwd-like file with specified location
 #   vpopmail: vpopmail authentication
 #   ldap <config path>: LDAP, see doc/dovecot-ldap.conf
--- a/src/auth/passdb-pam.c	Thu Jun 26 01:42:55 2003 +0300
+++ b/src/auth/passdb-pam.c	Thu Jun 26 02:15:34 2003 +0300
@@ -204,7 +204,8 @@
 }
 
 static void
-pam_verify_plain_child(const char *user, const char *password, int fd)
+pam_verify_plain_child(const char *service, const char *user,
+		       const char *password, int fd)
 {
 	pam_handle_t *pamh;
 	struct pam_userpass userpass;
@@ -221,7 +222,7 @@
 	userpass.user = user;
 	userpass.pass = password;
 
-	status = pam_start(service_name, user, &conv, &pamh);
+	status = pam_start(service, user, &conv, &pamh);
 	if (status != PAM_SUCCESS) {
 		result = PASSDB_RESULT_INTERNAL_FAILURE;
 		str = t_strdup_printf("pam_start(%s) failed: %s",
@@ -323,9 +324,18 @@
 		 verify_plain_callback_t *callback)
 {
         struct pam_auth_request *pam_auth_request;
+	const char *service;
 	int fd[2];
 	pid_t pid;
 
+	service = service_name != NULL ? service_name :
+		request->protocol == AUTH_PROTOCOL_IMAP ? "imap" :
+		request->protocol == AUTH_PROTOCOL_POP3 ? "pop3" : NULL;
+	if (service == NULL) {
+		i_error("Unknown protocol %d in auth request",
+			request->protocol);
+	}
+
 	if (pipe(fd) < 0) {
 		i_error("PAM: pipe() failed: %m");
 		callback(PASSDB_RESULT_INTERNAL_FAILURE, request);
@@ -343,7 +353,7 @@
 
 	if (pid == 0) {
 		(void)close(fd[0]);
-		pam_verify_plain_child(request->user, password, fd[1]);
+		pam_verify_plain_child(service, request->user, password, fd[1]);
 		_exit(0);
 	}
 
@@ -364,7 +374,8 @@
 
 static void pam_init(const char *args)
 {
-	service_name = i_strdup(*args != '\0' ? args : "dovecot");
+	service_name = strcmp(args, "*") == 0 ? NULL :
+		i_strdup(*args != '\0' ? args : "dovecot");
 	to_wait = NULL;
 }