byterazor/qpsmtpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

auth_cvm_unix_local: log entries, strict

Browse Source
This commit is contained in:
Matt Simerson 2012-05-07 03:36:01 -04:00 committed by Robert
parent 8103c5a132
commit fda2f4a730
1 changed files with 41 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
plugins/auth/auth_cvm_unix_local
View File

@ -40,6 +40,11 @@ Version $Id: auth_cvm_unix_local,v 1.1 2005/06/09 22:50:06 gordonr Exp gordonr $
=cut =cut
use strict;
use warnings;
use Qpsmtpd::Constants;
use Socket; use Socket;
use constant SMTP_PORT => getservbyname("smtp", "tcp") || 25; use constant SMTP_PORT => getservbyname("smtp", "tcp") || 25;
use constant SSMTP_PORT => getservbyname("ssmtp", "tcp") || 465; use constant SSMTP_PORT => getservbyname("ssmtp", "tcp") || 465;
@ -48,24 +53,25 @@ sub register {
my ( $self, $qp, %arg ) = @_; my ( $self, $qp, %arg ) = @_;
unless ($arg{cvm_socket}) { unless ($arg{cvm_socket}) {
$self->log(LOGERROR, "authcvm - requires cvm_socket argument"); $self->log(LOGERROR, "skip: requires cvm_socket argument");
return 0; return 0;
} };
$self->{_args} = { %arg };
$self->{_enable_smtp} = $arg{enable_smtp} || 'no'; $self->{_enable_smtp} = $arg{enable_smtp} || 'no';
$self->{_enable_ssmtp} = $arg{enable_ssmtp} || 'yes'; $self->{_enable_ssmtp} = $arg{enable_ssmtp} || 'yes';
my $port = $ENV{PORT} || SMTP_PORT; my $port = $ENV{PORT} || SMTP_PORT;
return 0 if ($port == SMTP_PORT and $self->{_enable_smtp} ne 'yes'); return 0 if ($port == SMTP_PORT && $arg{enable_smtp} ne 'yes');
return 0 if ($port == SSMTP_PORT and $self->{_enable_ssmtp} ne 'yes'); return 0 if ($port == SSMTP_PORT && $arg{enable_ssmtp} ne 'yes');
if ($arg{cvm_socket} =~ /^([\w\/.-]+)$/) { if ($arg{cvm_socket} =~ /^([\w\/.-]+)$/) {
$self->{_cvm_socket} = $1; $self->{_cvm_socket} = $1;
} }
unless (-S $self->{_cvm_socket}) { unless (-S $self->{_cvm_socket}) {
$self->log(LOGERROR, "authcvm - cvm_socket missing or not usable"); $self->log(LOGERROR, "skip: cvm_socket missing or not usable");
return 0; return 0;
} }
@ -78,12 +84,19 @@ sub authcvm_plain {
my ( $self, $transaction, $method, $user, $passClear, $passHash, $ticket ) = my ( $self, $transaction, $method, $user, $passClear, $passHash, $ticket ) =
@_; @_;
$self->log(LOGINFO, "authcvm authentication attempt for: $user"); socket(SOCK, PF_UNIX, SOCK_STREAM, 0) or do {
$self->log(LOGERROR, "skip: socket creation attempt for: $user");
return (DENY, "authcvm");
};
socket(SOCK, PF_UNIX, SOCK_STREAM, 0) or return (DENY, "authcvm"); # DENY, really? Should this plugin return a DENY when it cannot connect
# to the cvs socket? I'd expect such a failure to return DECLINED, so
# any other auth plugins could take a stab at authenticating the user
connect(SOCK, sockaddr_un($self->{_cvm_socket})) connect(SOCK, sockaddr_un($self->{_cvm_socket})) or do {
or return (DENY, "authcvm"); $self->log(LOGERROR, "skip: socket connection attempt for: $user");
return (DENY, "authcvm");
};
my $o = select(SOCK); $| = 1; select($o); my $o = select(SOCK); $| = 1; select($o);
@ -92,9 +105,26 @@ sub authcvm_plain {
print SOCK "\001$u\000$host\000$passClear\000\000"; print SOCK "\001$u\000$host\000$passClear\000\000";
shutdown SOCK, 1; shutdown SOCK, 1; # tell remote we're finished
my $ret = <SOCK>; my $ret = <SOCK>;
my ($s) = unpack ("C", $ret); my ($s) = unpack ("C", $ret);
return ( ($s ? $s == 100 ? DENY : DECLINED : OK), 'authcvm');
if ( ! defined $s ) {
$self->log(LOGERROR, "skip: no response from cvm for $user");
return (DECLINED);
};
if ( $s == 0 ) {
$self->log(LOGINFO, "pass: authentication for: $user");
return (OK, "auth success for $user");
};
if ( $s == 100 ) {
$self->log(LOGINFO, "fail: authentication failure for: $user");
return (DENY, 'auth failure (100)');
};
$self->log(LOGERROR, "skip: unknown response from cvm for $user");
return (DECLINED, "unknown result code ($s)");
} }