/* define this to the Citadel home directory */
#undef CTDLDIR
-/* define this to enable the autologin feature */
-#undef ENABLE_AUTOLOGIN
-
/* define this to disable use of curses */
#undef DISABLE_CURSES
/*
* $Id$
*
- * system-level password checking for autologin
+ * system-level password checking for host auth mode
* by Nathan Bryant, March 1999
* updated by Trey van Riper, June 2005
*
* usually more strict because you're not really supposed to dump/load and
* upgrade at the same time.
*/
-#define REV_LEVEL 700 /* This version */
+#define REV_LEVEL 701 /* This version */
#define REV_MIN 591 /* Oldest compatible database */
-#define EXPORT_REV_MIN 684 /* Oldest compatible export files */
+#define EXPORT_REV_MIN 701 /* Oldest compatible export files */
#define SERVER_TYPE 0 /* zero for stock Citadel; other developers please
obtain SERVER_TYPE codes for your implementations */
cprintf("0\n"); /* 1 = no, this server is not LDAP-enabled */
#endif
-#ifdef ENABLE_AUTOLOGIN
- cprintf("1\n"); /* "create new user" never works with autologin */
-#else
- cprintf("%d\n", config.c_disable_newu); /* otherwise, site defined */
-#endif
+ if (config.c_auth_mode == 1) {
+ cprintf("1\n"); /* "create new user" never works with host auth */
+ }
+ else {
+ cprintf("%d\n", config.c_disable_newu); /* otherwise, site defined */
+ }
cprintf("%s\n", config.c_default_cal_zone);
char c_default_cal_zone[128]; /* Default calendar time zone */
int c_pftcpdict_port; /* postfix tcptable support, see http://www.postfix.org/tcp_table.5.html */
int c_managesieve_port; /* managesieve port. */
-
+ int c_auth_mode; /* 0 = built-in Citadel auth; 1 = underlying host system auth */
};
dnl Process this file with autoconf to produce a configure script.
dnl $Id$
AC_PREREQ(2.52)
-AC_INIT([Citadel], [7.00], [http://www.citadel.org/])
+AC_INIT([Citadel], [7.01], [http://www.citadel.org/])
AC_REVISION([$Revision$])
AC_CONFIG_SRCDIR([citserver.c])
AC_PREFIX_DEFAULT(/usr/local/citadel)
-AC_ARG_ENABLE(autologin, [ --enable-autologin enable autologin (default is disabled)])
AC_ARG_ENABLE(chkpwd, [ --disable-chkpwd don't build 'chkpwd'])
AC_ARG_ENABLE(threaded-client, [ --disable-threaded-client
dnl Check for Solaris realtime support
AC_CHECK_LIB(rt, sched_yield)
-dnl Determine the system's authentication capabilities, if autologin is
-dnl requested. We currently support PAM, standard getpwnam(), and getspnam()
+dnl Determine the system's authentication capabilities.
+dnl We currently support PAM, standard getpwnam(), and getspnam()
dnl (Linux shadow passwords)
-if test "$enable_autologin" = yes; then
+
if test "$with_pam" = yes; then
save_LIBS=$LIBS
AC_CHECK_LIB(pam, pam_start, [chkpwd_LIBS="-lpam $chkpwd_LIBS"
fi
fi
if test "$ac_cv_func_crypt" = yes -o "$ac_cv_lib_crypt_crypt" = yes -o "$ac_cv_func_pam_start" = yes; then
- AC_DEFINE(ENABLE_AUTOLOGIN)
if test "$enable_chkpwd" != no; then
AC_DEFINE(ENABLE_CHKPWD)
CHKPWD=chkpwd
AUTH=auth.lo
fi
fi
-fi
test -f /usr/local/lib/libresolv.a && LDFLAGS="$LDFLAGS -L/usr/local/lib"
AC_CHECK_LIB(resolv, res_query, RESOLV="$RESOLV -lresolv")
# CFLAGS C compiler flags
# LDFLAGS Linker flags
# IS_UPGRADE Set to "yes" if upgrading an existing Citadel
-# IS_AUTOLOGIN Set to "yes" to force enabling autologin
# CTDL_DIALOG Where (if at all) the "dialog" program may be found
# Let Citadel setup recognize the Citadel installer
cd $BUILD 2>&1 >>$LOG || die
( gzip -dc $CITADEL_SOURCE | tar -xf - ) 2>&1 >>$LOG || die
cd $BUILD/citadel 2>&1 >>$LOG || die
- if [ x$IS_AUTOLOGIN = xyes ] ; then
- AL="--enable-autologin"
- else
- AL=""
- fi
if [ -z "$OK_DB" ]
then
- ./configure --prefix=$CITADEL --with-db=$SUPPORT --with-pam $AL --with-libical --disable-threaded-client 2>&1 >>$LOG || die
+ ./configure --prefix=$CITADEL --with-db=$SUPPORT --with-pam --with-libical --disable-threaded-client 2>&1 >>$LOG || die
else
- ./configure --prefix=$CITADEL --with-db=$OK_DB --with-pam $AL --with-libical --disable-threaded-client 2>&1 >>$LOG || die
+ ./configure --prefix=$CITADEL --with-db=$OK_DB --with-pam --with-libical --disable-threaded-client 2>&1 >>$LOG || die
fi
$MAKE $MAKEOPTS 2>&1 >>$LOG || die
if [ $IS_UPGRADE = yes ]
echo "Configuration:"
echo "* Configure Citadel"
echo "* Configure WebCit"
-if [ x$IS_AUTOLOGIN = xyes ] ; then
- echo 'NOTE: this is an autologin installation.'
- echo ' Authentication against user accounts on the host system is enabled.'
-fi
echo ""
echo -n "Perform the above installation steps now? "
read yesno </dev/tty
/*
* Back end function to check user accounts for associated Unix accounts
- * which no longer exist.
+ * which no longer exist. (Only relevant for host auth mode.)
*/
void do_uid_user_purge(struct ctdluser *us, void *data) {
-#ifdef ENABLE_AUTOLOGIN
struct PurgeList *pptr;
if ((us->uid != (-1)) && (us->uid != CTDLUID)) {
UserPurgeList = pptr;
}
}
-
-#endif /* ENABLE_AUTOLOGIN */
}
char *transcript = NULL;
lprintf(CTDL_DEBUG, "PurgeUsers() called\n");
-#ifdef ENABLE_AUTOLOGIN
- ForEachUser(do_uid_user_purge, NULL);
-#else
- if (config.c_userpurge > 0) {
- ForEachUser(do_user_purge, NULL);
+
+ if (config.c_auth_mode == 1) {
+ /* host auth mode */
+ ForEachUser(do_uid_user_purge, NULL);
+ }
+ else {
+ /* native auth mode */
+ if (config.c_userpurge > 0) {
+ ForEachUser(do_user_purge, NULL);
+ }
}
-#endif
transcript = malloc(SIZ);
strcpy(transcript, "The following users have been auto-purged:\n");
cprintf("%s\n", config.c_journal_dest);
cprintf("%s\n", config.c_default_cal_zone);
cprintf("%d\n", config.c_pftcpdict_port);
+ cprintf("%d\n", config.c_managesieve_port);
+ cprintf("%d\n", config.c_auth_mode);
+
/* Export the control file */
get_control();
client_getln(config.c_journal_dest, sizeof config.c_journal_dest);
client_getln(config.c_default_cal_zone, sizeof config.c_default_cal_zone);
client_getln(buf, sizeof buf); config.c_pftcpdict_port = atoi(buf);
+ client_getln(buf, sizeof buf); config.c_managesieve_port = atoi(buf);
+ client_getln(buf, sizeof buf); config.c_auth_mode = atoi(buf);
config.c_enable_fulltext = 0; /* always disable */
put_config();
lprintf(CTDL_INFO, "Imported config file\n");
}
-
void artv_import_control(void) {
char buf[SIZ];
#endif
-#define MAXSETUP 4 /* How many setup questions to ask */
+#define MAXSETUP 5 /* How many setup questions to ask */
#define UI_TEXT 0 /* Default setup type -- text only */
#define UI_DIALOG 2 /* Use the 'dialog' program */
"Citadel User ID",
"Server IP address",
"Server port number",
+ "Authentication mode"
};
"of Citadel on the same computer and there is something else\n"
"already using port 504.\n",
+"Normally, a Citadel system uses a 'black box' authentication mode.\n"
+"This means that users do not have accounts or home directories on\n"
+"the underlying host system -- Citadel manages its own user database.\n"
+"However, if you wish to override this behavior, you can enable the\n"
+"host based authentication mode which is traditional for Unix systems.\n"
+"Do you want to do this? Enter 0 for black box authentication mode,\n"
+"or 1 for host authentication mode. FIXME this is badly worded,\n"
+"rewrite it and offer a better dialog mode.\n"
+
};
struct config config;
set_int_val(curr, &config.c_port_number);
break;
+ /* FIXME we need a set_bool_val() function */
+ case 5:
+ set_int_val(curr, &config.c_auth_mode);
+ break;
}
}
}
-#ifdef ENABLE_AUTOLOGIN
/*
* getuserbyuid() - get user by system uid (for PAM mode authentication)
* returns 0 if user was found
}
return (-1);
}
-#endif /* ENABLE_AUTOLOGIN */
return login_not_found;
}
-#ifdef ENABLE_AUTOLOGIN
+ if (config.c_auth_mode == 1) {
- /* If this is an autologin build, the only valid auth source is the
- * host operating system.
- */
- struct passwd pd;
- struct passwd *tempPwdPtr;
- char pwdbuffer[256];
+ /* host auth mode */
- lprintf(CTDL_DEBUG, "asking host about <%s>\n", username);
- getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr);
- if (tempPwdPtr == NULL) {
- return login_not_found;
- }
- lprintf(CTDL_DEBUG, "found it! uid=%d, gecos=%s\n", pd.pw_uid, pd.pw_gecos);
-
- /* Locate the associated Citadel account.
- * If not found, make one attempt to create it.
- */
- found_user = getuserbyuid(&CC->user, pd.pw_uid);
- if (found_user != 0) {
- create_user(username, 0);
+ struct passwd pd;
+ struct passwd *tempPwdPtr;
+ char pwdbuffer[256];
+
+ lprintf(CTDL_DEBUG, "asking host about <%s>\n", username);
+ getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr);
+ if (tempPwdPtr == NULL) {
+ return login_not_found;
+ }
+ lprintf(CTDL_DEBUG, "found it! uid=%d, gecos=%s\n", pd.pw_uid, pd.pw_gecos);
+
+ /* Locate the associated Citadel account.
+ * If not found, make one attempt to create it.
+ */
found_user = getuserbyuid(&CC->user, pd.pw_uid);
- }
+ if (found_user != 0) {
+ create_user(username, 0);
+ found_user = getuserbyuid(&CC->user, pd.pw_uid);
+ }
-#else /* ENABLE_AUTOLOGIN */
- struct recptypes *valid = NULL;
+ }
- /* First, try to log in as if the supplied name is a display name */
- found_user = getuser(&CC->user, username);
+ else {
+ /* native auth mode */
- /* If that didn't work, try to log in as if the supplied name
- * is an e-mail address
- */
- if (found_user != 0) {
- valid = validate_recipients(username);
- if (valid != NULL) {
- if (valid->num_local == 1) {
- found_user = getuser(&CC->user,
- valid->recp_local);
+ struct recptypes *valid = NULL;
+
+ /* First, try to log in as if the supplied name is a display name */
+ found_user = getuser(&CC->user, username);
+
+ /* If that didn't work, try to log in as if the supplied name
+ * is an e-mail address
+ */
+ if (found_user != 0) {
+ valid = validate_recipients(username);
+ if (valid != NULL) {
+ if (valid->num_local == 1) {
+ found_user = getuser(&CC->user, valid->recp_local);
+ }
+ free(valid);
}
- free(valid);
}
}
-#endif /* ENABLE_AUTOLOGIN */
-
/* Did we find something? */
if (found_user == 0) {
if (((CC->nologin)) && (CC->user.axlevel < 6)) {
CC->user.axlevel = 6;
}
-#ifdef ENABLE_AUTOLOGIN
/* If we're authenticating off the host system, automatically give
* root the highest level of access.
*/
- if (CC->user.uid == 0) {
- CC->user.axlevel = 6;
+ if (config.c_auth_mode == 1) {
+ if (CC->user.uid == 0) {
+ CC->user.axlevel = 6;
+ }
}
-#endif
lputuser(&CC->user);
char buf[24];
if (pipe(pipev)) {
- lprintf(CTDL_ERR, "pipe failed (%s): denying autologin access for "
+ lprintf(CTDL_ERR, "pipe failed (%s): denying host auth access for "
"uid %ld\n", strerror(errno), (long)uid);
return 0;
}
switch (pid = fork()) {
case -1:
- lprintf(CTDL_ERR, "fork failed (%s): denying autologin access for "
+ lprintf(CTDL_ERR, "fork failed (%s): denying host auth access for "
"uid %ld\n", strerror(errno), (long)uid);
close(pipev[0]);
close(pipev[1]);
while (waitpid(pid, &status, 0) == -1)
if (errno != EINTR) {
- lprintf(CTDL_ERR, "waitpid failed (%s): denying autologin "
+ lprintf(CTDL_ERR, "waitpid failed (%s): denying host auth "
"access for uid %ld\n",
strerror(errno), (long)uid);
return 0;
}
code = (-1);
+ if (config.c_auth_mode == 1) {
-#ifdef ENABLE_AUTOLOGIN
+ /* host auth mode */
- if (validpw(CC->user.uid, password)) {
- code = 0;
- /* we could get rid of this */
- lgetuser(&CC->user, CC->curr_user);
- safestrncpy(CC->user.password, password, sizeof CC->user.password);
- lputuser(&CC->user);
- /* */
- }
- else {
- code = (-1);
+ if (validpw(CC->user.uid, password)) {
+ code = 0;
+ /* we could get rid of this */
+ lgetuser(&CC->user, CC->curr_user);
+ safestrncpy(CC->user.password, password, sizeof CC->user.password);
+ lputuser(&CC->user);
+ /* */
+ }
+ else {
+ code = (-1);
+ }
}
-#else /* ENABLE_AUTOLOGIN */
+ else {
- strproc(password);
- strproc(CC->user.password);
- code = strcasecmp(CC->user.password, password);
- strproc(password);
- strproc(CC->user.password);
- code = strcasecmp(CC->user.password, password);
+ /* native auth mode */
-#endif /* ENABLE_AUTOLOGIN */
+ strproc(password);
+ strproc(CC->user.password);
+ code = strcasecmp(CC->user.password, password);
+ strproc(password);
+ strproc(CC->user.password);
+ code = strcasecmp(CC->user.password, password);
+ }
if (!code) {
do_login();
safestrncpy(username, newusername, sizeof username);
strproc(username);
-#ifdef ENABLE_AUTOLOGIN
- struct passwd pd;
- struct passwd *tempPwdPtr;
- char pwdbuffer[256];
+ if (config.c_auth_mode == 1) {
- getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr);
- if (tempPwdPtr != NULL) {
- extract_token(username, pd.pw_gecos, 0, ',', sizeof username);
- uid = pd.pw_uid;
- }
- else {
- return (ERROR + NO_SUCH_USER);
+ /* host auth mode */
+
+ struct passwd pd;
+ struct passwd *tempPwdPtr;
+ char pwdbuffer[256];
+
+ getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr);
+ if (tempPwdPtr != NULL) {
+ extract_token(username, pd.pw_gecos, 0, ',', sizeof username);
+ uid = pd.pw_uid;
+ }
+ else {
+ return (ERROR + NO_SUCH_USER);
+ }
}
-#endif
if (!getuser(&usbuf, username)) {
return (ERROR + ALREADY_EXISTS);
int a;
char username[26];
-#ifdef ENABLE_AUTOLOGIN
- cprintf("%d This system does not use native mode authentication.\n",
- ERROR + NOT_HERE);
- return;
-#endif /* ENABLE_AUTOLOGIN */
+ if (config.c_auth_mode == 1) {
+ cprintf("%d This system does not use native mode authentication.\n",
+ ERROR + NOT_HERE);
+ return;
+ }
if (config.c_disable_newu) {
cprintf("%d Self-service user account creation "