From: Art Cancro Date: Tue, 19 Dec 2006 22:44:30 +0000 (+0000) Subject: * Bumped version number to 7.01 X-Git-Tag: v7.86~3777 X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=86af5f9ab22255a00fc987076e1c7e5f3942504a * Bumped version number to 7.01 * 'host auth mode' (formerly 'autologin mode') is now defined in the global config, and selected during setup, instead of being a compile-time option --- diff --git a/citadel/acconfig.h b/citadel/acconfig.h index 2b2978625..bcbc621c7 100644 --- a/citadel/acconfig.h +++ b/citadel/acconfig.h @@ -1,9 +1,6 @@ /* define this to the Citadel home directory */ #undef CTDLDIR -/* define this to enable the autologin feature */ -#undef ENABLE_AUTOLOGIN - /* define this to disable use of curses */ #undef DISABLE_CURSES diff --git a/citadel/auth.c b/citadel/auth.c index 3a9dbf481..d23ca24dc 100644 --- a/citadel/auth.c +++ b/citadel/auth.c @@ -1,7 +1,7 @@ /* * $Id$ * - * system-level password checking for autologin + * system-level password checking for host auth mode * by Nathan Bryant, March 1999 * updated by Trey van Riper, June 2005 * diff --git a/citadel/citadel.h b/citadel/citadel.h index 426600a93..a90940c33 100644 --- a/citadel/citadel.h +++ b/citadel/citadel.h @@ -47,9 +47,9 @@ extern "C" { * usually more strict because you're not really supposed to dump/load and * upgrade at the same time. */ -#define REV_LEVEL 700 /* This version */ +#define REV_LEVEL 701 /* This version */ #define REV_MIN 591 /* Oldest compatible database */ -#define EXPORT_REV_MIN 684 /* Oldest compatible export files */ +#define EXPORT_REV_MIN 701 /* Oldest compatible export files */ #define SERVER_TYPE 0 /* zero for stock Citadel; other developers please obtain SERVER_TYPE codes for your implementations */ diff --git a/citadel/citserver.c b/citadel/citserver.c index 6a5193f97..1a949939e 100644 --- a/citadel/citserver.c +++ b/citadel/citserver.c @@ -267,11 +267,12 @@ void cmd_info(void) { cprintf("0\n"); /* 1 = no, this server is not LDAP-enabled */ #endif -#ifdef ENABLE_AUTOLOGIN - cprintf("1\n"); /* "create new user" never works with autologin */ -#else - cprintf("%d\n", config.c_disable_newu); /* otherwise, site defined */ -#endif + if (config.c_auth_mode == 1) { + cprintf("1\n"); /* "create new user" never works with host auth */ + } + else { + cprintf("%d\n", config.c_disable_newu); /* otherwise, site defined */ + } cprintf("%s\n", config.c_default_cal_zone); diff --git a/citadel/config.h b/citadel/config.h index d29076eec..5ae0aff6b 100644 --- a/citadel/config.h +++ b/citadel/config.h @@ -75,7 +75,7 @@ struct config { char c_default_cal_zone[128]; /* Default calendar time zone */ int c_pftcpdict_port; /* postfix tcptable support, see http://www.postfix.org/tcp_table.5.html */ int c_managesieve_port; /* managesieve port. */ - + int c_auth_mode; /* 0 = built-in Citadel auth; 1 = underlying host system auth */ }; diff --git a/citadel/configure.ac b/citadel/configure.ac index 375a66364..9f2ef07f2 100644 --- a/citadel/configure.ac +++ b/citadel/configure.ac @@ -1,7 +1,7 @@ dnl Process this file with autoconf to produce a configure script. dnl $Id$ AC_PREREQ(2.52) -AC_INIT([Citadel], [7.00], [http://www.citadel.org/]) +AC_INIT([Citadel], [7.01], [http://www.citadel.org/]) AC_REVISION([$Revision$]) AC_CONFIG_SRCDIR([citserver.c]) AC_PREFIX_DEFAULT(/usr/local/citadel) @@ -89,7 +89,6 @@ AC_ARG_WITH(docdir, -AC_ARG_ENABLE(autologin, [ --enable-autologin enable autologin (default is disabled)]) AC_ARG_ENABLE(chkpwd, [ --disable-chkpwd don't build 'chkpwd']) AC_ARG_ENABLE(threaded-client, [ --disable-threaded-client @@ -264,10 +263,10 @@ fi dnl Check for Solaris realtime support AC_CHECK_LIB(rt, sched_yield) -dnl Determine the system's authentication capabilities, if autologin is -dnl requested. We currently support PAM, standard getpwnam(), and getspnam() +dnl Determine the system's authentication capabilities. +dnl We currently support PAM, standard getpwnam(), and getspnam() dnl (Linux shadow passwords) -if test "$enable_autologin" = yes; then + if test "$with_pam" = yes; then save_LIBS=$LIBS AC_CHECK_LIB(pam, pam_start, [chkpwd_LIBS="-lpam $chkpwd_LIBS" @@ -290,7 +289,6 @@ if test "$enable_autologin" = yes; then fi fi if test "$ac_cv_func_crypt" = yes -o "$ac_cv_lib_crypt_crypt" = yes -o "$ac_cv_func_pam_start" = yes; then - AC_DEFINE(ENABLE_AUTOLOGIN) if test "$enable_chkpwd" != no; then AC_DEFINE(ENABLE_CHKPWD) CHKPWD=chkpwd @@ -298,7 +296,6 @@ if test "$enable_autologin" = yes; then AUTH=auth.lo fi fi -fi test -f /usr/local/lib/libresolv.a && LDFLAGS="$LDFLAGS -L/usr/local/lib" AC_CHECK_LIB(resolv, res_query, RESOLV="$RESOLV -lresolv") diff --git a/citadel/newinstall.sh b/citadel/newinstall.sh index d69e2c25f..c0bdef7a3 100644 --- a/citadel/newinstall.sh +++ b/citadel/newinstall.sh @@ -91,7 +91,6 @@ MAKEOPTS="" # CFLAGS C compiler flags # LDFLAGS Linker flags # IS_UPGRADE Set to "yes" if upgrading an existing Citadel -# IS_AUTOLOGIN Set to "yes" to force enabling autologin # CTDL_DIALOG Where (if at all) the "dialog" program may be found # Let Citadel setup recognize the Citadel installer @@ -312,16 +311,11 @@ install_sources () { cd $BUILD 2>&1 >>$LOG || die ( gzip -dc $CITADEL_SOURCE | tar -xf - ) 2>&1 >>$LOG || die cd $BUILD/citadel 2>&1 >>$LOG || die - if [ x$IS_AUTOLOGIN = xyes ] ; then - AL="--enable-autologin" - else - AL="" - fi if [ -z "$OK_DB" ] then - ./configure --prefix=$CITADEL --with-db=$SUPPORT --with-pam $AL --with-libical --disable-threaded-client 2>&1 >>$LOG || die + ./configure --prefix=$CITADEL --with-db=$SUPPORT --with-pam --with-libical --disable-threaded-client 2>&1 >>$LOG || die else - ./configure --prefix=$CITADEL --with-db=$OK_DB --with-pam $AL --with-libical --disable-threaded-client 2>&1 >>$LOG || die + ./configure --prefix=$CITADEL --with-db=$OK_DB --with-pam --with-libical --disable-threaded-client 2>&1 >>$LOG || die fi $MAKE $MAKEOPTS 2>&1 >>$LOG || die if [ $IS_UPGRADE = yes ] @@ -457,10 +451,6 @@ echo "" echo "Configuration:" echo "* Configure Citadel" echo "* Configure WebCit" -if [ x$IS_AUTOLOGIN = xyes ] ; then - echo 'NOTE: this is an autologin installation.' - echo ' Authentication against user accounts on the host system is enabled.' -fi echo "" echo -n "Perform the above installation steps now? " read yesno uid != (-1)) && (us->uid != CTDLUID)) { @@ -375,8 +374,6 @@ void do_uid_user_purge(struct ctdluser *us, void *data) { UserPurgeList = pptr; } } - -#endif /* ENABLE_AUTOLOGIN */ } @@ -460,13 +457,17 @@ int PurgeUsers(void) { char *transcript = NULL; lprintf(CTDL_DEBUG, "PurgeUsers() called\n"); -#ifdef ENABLE_AUTOLOGIN - ForEachUser(do_uid_user_purge, NULL); -#else - if (config.c_userpurge > 0) { - ForEachUser(do_user_purge, NULL); + + if (config.c_auth_mode == 1) { + /* host auth mode */ + ForEachUser(do_uid_user_purge, NULL); + } + else { + /* native auth mode */ + if (config.c_userpurge > 0) { + ForEachUser(do_user_purge, NULL); + } } -#endif transcript = malloc(SIZ); strcpy(transcript, "The following users have been auto-purged:\n"); diff --git a/citadel/serv_vandelay.c b/citadel/serv_vandelay.c index 0627187a6..940e8e222 100644 --- a/citadel/serv_vandelay.c +++ b/citadel/serv_vandelay.c @@ -318,6 +318,9 @@ void artv_do_export(void) { cprintf("%s\n", config.c_journal_dest); cprintf("%s\n", config.c_default_cal_zone); cprintf("%d\n", config.c_pftcpdict_port); + cprintf("%d\n", config.c_managesieve_port); + cprintf("%d\n", config.c_auth_mode); + /* Export the control file */ get_control(); @@ -400,13 +403,14 @@ void artv_import_config(void) { client_getln(config.c_journal_dest, sizeof config.c_journal_dest); client_getln(config.c_default_cal_zone, sizeof config.c_default_cal_zone); client_getln(buf, sizeof buf); config.c_pftcpdict_port = atoi(buf); + client_getln(buf, sizeof buf); config.c_managesieve_port = atoi(buf); + client_getln(buf, sizeof buf); config.c_auth_mode = atoi(buf); config.c_enable_fulltext = 0; /* always disable */ put_config(); lprintf(CTDL_INFO, "Imported config file\n"); } - void artv_import_control(void) { char buf[SIZ]; diff --git a/citadel/setup.c b/citadel/setup.c index 114323eea..6e3640f69 100644 --- a/citadel/setup.c +++ b/citadel/setup.c @@ -34,7 +34,7 @@ #endif -#define MAXSETUP 4 /* How many setup questions to ask */ +#define MAXSETUP 5 /* How many setup questions to ask */ #define UI_TEXT 0 /* Default setup type -- text only */ #define UI_DIALOG 2 /* Use the 'dialog' program */ @@ -57,6 +57,7 @@ char *setup_titles[] = "Citadel User ID", "Server IP address", "Server port number", + "Authentication mode" }; @@ -103,6 +104,15 @@ char *setup_text[] = { "of Citadel on the same computer and there is something else\n" "already using port 504.\n", +"Normally, a Citadel system uses a 'black box' authentication mode.\n" +"This means that users do not have accounts or home directories on\n" +"the underlying host system -- Citadel manages its own user database.\n" +"However, if you wish to override this behavior, you can enable the\n" +"host based authentication mode which is traditional for Unix systems.\n" +"Do you want to do this? Enter 0 for black box authentication mode,\n" +"or 1 for host authentication mode. FIXME this is badly worded,\n" +"rewrite it and offer a better dialog mode.\n" + }; struct config config; @@ -837,6 +847,10 @@ void edit_value(int curr) set_int_val(curr, &config.c_port_number); break; + /* FIXME we need a set_bool_val() function */ + case 5: + set_int_val(curr, &config.c_auth_mode); + break; } } diff --git a/citadel/user_ops.c b/citadel/user_ops.c index 3c3485e85..d1df3c27d 100644 --- a/citadel/user_ops.c +++ b/citadel/user_ops.c @@ -308,7 +308,6 @@ int getuserbynumber(struct ctdluser *usbuf, long int number) } -#ifdef ENABLE_AUTOLOGIN /* * getuserbyuid() - get user by system uid (for PAM mode authentication) * returns 0 if user was found @@ -335,7 +334,6 @@ int getuserbyuid(struct ctdluser *usbuf, uid_t number) } return (-1); } -#endif /* ENABLE_AUTOLOGIN */ @@ -359,53 +357,54 @@ int CtdlLoginExistingUser(char *trythisname) return login_not_found; } -#ifdef ENABLE_AUTOLOGIN + if (config.c_auth_mode == 1) { - /* If this is an autologin build, the only valid auth source is the - * host operating system. - */ - struct passwd pd; - struct passwd *tempPwdPtr; - char pwdbuffer[256]; + /* host auth mode */ - lprintf(CTDL_DEBUG, "asking host about <%s>\n", username); - getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr); - if (tempPwdPtr == NULL) { - return login_not_found; - } - lprintf(CTDL_DEBUG, "found it! uid=%d, gecos=%s\n", pd.pw_uid, pd.pw_gecos); - - /* Locate the associated Citadel account. - * If not found, make one attempt to create it. - */ - found_user = getuserbyuid(&CC->user, pd.pw_uid); - if (found_user != 0) { - create_user(username, 0); + struct passwd pd; + struct passwd *tempPwdPtr; + char pwdbuffer[256]; + + lprintf(CTDL_DEBUG, "asking host about <%s>\n", username); + getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr); + if (tempPwdPtr == NULL) { + return login_not_found; + } + lprintf(CTDL_DEBUG, "found it! uid=%d, gecos=%s\n", pd.pw_uid, pd.pw_gecos); + + /* Locate the associated Citadel account. + * If not found, make one attempt to create it. + */ found_user = getuserbyuid(&CC->user, pd.pw_uid); - } + if (found_user != 0) { + create_user(username, 0); + found_user = getuserbyuid(&CC->user, pd.pw_uid); + } -#else /* ENABLE_AUTOLOGIN */ - struct recptypes *valid = NULL; + } - /* First, try to log in as if the supplied name is a display name */ - found_user = getuser(&CC->user, username); + else { + /* native auth mode */ - /* If that didn't work, try to log in as if the supplied name - * is an e-mail address - */ - if (found_user != 0) { - valid = validate_recipients(username); - if (valid != NULL) { - if (valid->num_local == 1) { - found_user = getuser(&CC->user, - valid->recp_local); + struct recptypes *valid = NULL; + + /* First, try to log in as if the supplied name is a display name */ + found_user = getuser(&CC->user, username); + + /* If that didn't work, try to log in as if the supplied name + * is an e-mail address + */ + if (found_user != 0) { + valid = validate_recipients(username); + if (valid != NULL) { + if (valid->num_local == 1) { + found_user = getuser(&CC->user, valid->recp_local); + } + free(valid); } - free(valid); } } -#endif /* ENABLE_AUTOLOGIN */ - /* Did we find something? */ if (found_user == 0) { if (((CC->nologin)) && (CC->user.axlevel < 6)) { @@ -479,14 +478,14 @@ void session_startup(void) CC->user.axlevel = 6; } -#ifdef ENABLE_AUTOLOGIN /* If we're authenticating off the host system, automatically give * root the highest level of access. */ - if (CC->user.uid == 0) { - CC->user.axlevel = 6; + if (config.c_auth_mode == 1) { + if (CC->user.uid == 0) { + CC->user.axlevel = 6; + } } -#endif lputuser(&CC->user); @@ -589,13 +588,13 @@ static int validpw(uid_t uid, const char *pass) char buf[24]; if (pipe(pipev)) { - lprintf(CTDL_ERR, "pipe failed (%s): denying autologin access for " + lprintf(CTDL_ERR, "pipe failed (%s): denying host auth access for " "uid %ld\n", strerror(errno), (long)uid); return 0; } switch (pid = fork()) { case -1: - lprintf(CTDL_ERR, "fork failed (%s): denying autologin access for " + lprintf(CTDL_ERR, "fork failed (%s): denying host auth access for " "uid %ld\n", strerror(errno), (long)uid); close(pipev[0]); close(pipev[1]); @@ -623,7 +622,7 @@ static int validpw(uid_t uid, const char *pass) while (waitpid(pid, &status, 0) == -1) if (errno != EINTR) { - lprintf(CTDL_ERR, "waitpid failed (%s): denying autologin " + lprintf(CTDL_ERR, "waitpid failed (%s): denying host auth " "access for uid %ld\n", strerror(errno), (long)uid); return 0; @@ -664,31 +663,34 @@ int CtdlTryPassword(char *password) } code = (-1); + if (config.c_auth_mode == 1) { -#ifdef ENABLE_AUTOLOGIN + /* host auth mode */ - if (validpw(CC->user.uid, password)) { - code = 0; - /* we could get rid of this */ - lgetuser(&CC->user, CC->curr_user); - safestrncpy(CC->user.password, password, sizeof CC->user.password); - lputuser(&CC->user); - /* */ - } - else { - code = (-1); + if (validpw(CC->user.uid, password)) { + code = 0; + /* we could get rid of this */ + lgetuser(&CC->user, CC->curr_user); + safestrncpy(CC->user.password, password, sizeof CC->user.password); + lputuser(&CC->user); + /* */ + } + else { + code = (-1); + } } -#else /* ENABLE_AUTOLOGIN */ + else { - strproc(password); - strproc(CC->user.password); - code = strcasecmp(CC->user.password, password); - strproc(password); - strproc(CC->user.password); - code = strcasecmp(CC->user.password, password); + /* native auth mode */ -#endif /* ENABLE_AUTOLOGIN */ + strproc(password); + strproc(CC->user.password); + code = strcasecmp(CC->user.password, password); + strproc(password); + strproc(CC->user.password); + code = strcasecmp(CC->user.password, password); + } if (!code) { do_login(); @@ -812,20 +814,23 @@ int create_user(char *newusername, int become_user) safestrncpy(username, newusername, sizeof username); strproc(username); -#ifdef ENABLE_AUTOLOGIN - struct passwd pd; - struct passwd *tempPwdPtr; - char pwdbuffer[256]; + if (config.c_auth_mode == 1) { - getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr); - if (tempPwdPtr != NULL) { - extract_token(username, pd.pw_gecos, 0, ',', sizeof username); - uid = pd.pw_uid; - } - else { - return (ERROR + NO_SUCH_USER); + /* host auth mode */ + + struct passwd pd; + struct passwd *tempPwdPtr; + char pwdbuffer[256]; + + getpwnam_r(username, &pd, pwdbuffer, sizeof pwdbuffer, &tempPwdPtr); + if (tempPwdPtr != NULL) { + extract_token(username, pd.pw_gecos, 0, ',', sizeof username); + uid = pd.pw_uid; + } + else { + return (ERROR + NO_SUCH_USER); + } } -#endif if (!getuser(&usbuf, username)) { return (ERROR + ALREADY_EXISTS); @@ -913,11 +918,11 @@ void cmd_newu(char *cmdbuf) int a; char username[26]; -#ifdef ENABLE_AUTOLOGIN - cprintf("%d This system does not use native mode authentication.\n", - ERROR + NOT_HERE); - return; -#endif /* ENABLE_AUTOLOGIN */ + if (config.c_auth_mode == 1) { + cprintf("%d This system does not use native mode authentication.\n", + ERROR + NOT_HERE); + return; + } if (config.c_disable_newu) { cprintf("%d Self-service user account creation "