Re: [Exim] SMTP Auth against /etc/master.passwd on FreeBSD

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Andy Rabagliati
Datum:  
To: exim-users
Betreff: Re: [Exim] SMTP Auth against /etc/master.passwd on FreeBSD
On Tue, 22 Apr 2003 22:44:02 +0100, Jez Hancock jez.hancock at munk.nu wrote :-

http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030421/052791.html

> The code is here anyway in case anyone in future is interested:


On Wed, 23 Apr 2003 10:19:53 +0200, Kirill Miazine replied with some excellent suggestions.

I compiled exim4 for FreeBSD, with pam support, but could not get pam
to work for me. I used the following authenticator :-

#plain:
# driver = plaintext
# public_name = PLAIN
# server_condition = "${if pam{$2:$3}{1}{0}}"
# server_set_id = $1

But had no luck. This would, naturally, be the best solution.

Any better ideas on this one ?

I implemented Kirill Miazine's suggestions, and, for completeness,
this is the result.

It works for me .. thanks everybody !!

Cheers,     Andy!


#############################################################
#!/usr/bin/perl

# Originally by Jez Hancock jez.hancock at munk.nu
# Other suggestions by Kirill Miazine
# Patched by Andy Rabagliati - andyr at wizzy.com

package EximAuth;

use strict;
use vars qw(@ISA);
use Crypt::PasswdMD5;
use Net::Server::PreFork;
@ISA = qw(Net::Server::PreFork);

sub process_request {
    my $self = shift;
    my $sock = $self->{'server'}->{'client'};
    chomp(my $username = $sock->getline());
    chomp(my $password = $sock->getline());


    # some minimal data validation:
    if (!$username ||
        !$password ||
        length($username) >16 ||
        length($password) >255) {
        return $sock->print("no");
    }
    # get the line from the pwd db based on $username:
    my (undef,$sys_password) = getpwnam($username);


    # get the salt:
    my ($salt) = $sys_password =~ /\$.*\$(.*)\$/;


    # get our hash:
    my $hash=unix_md5_crypt($password, $salt);


    $sock->print($hash eq $sys_password ? 'yes' : 'no');
    # for debug output:
    #open(LOG, ">>/tmp/log") || die("can't open logfile:  $!");
    #print(LOG "username: $username submitted password: "
    #        ."$password salt: $salt myhash: $hash syshash: $sys_password\n"
    #);
}


umask(0000);
__PACKAGE__->run(
    proto => 'unix',
    port => '/var/spool/exim/auth/auth.sock',
    min_servers => 5,
    min_spare_servers => 5,
    max_spare_servers => 10,
    max_servers => 15,
    max_requests => 1000,
    log_level => 7,
);
#------------------------------------------------------------------------------
#and an exim authenticator:
#------------------------------------------------------------------------------
#plain:
#  driver = plaintext
#  public_name = PLAIN
#  server_condition = ${readsocket{/var/spool/exim/auth/auth.sock}{$2\n$3\n}}
#------------------------------------------------------------------------------