From: Timo Sirainen Date: Wed, 25 Jun 2003 23:15:34 +0000 (+0300) Subject: Using "*" as PAM service name now uses imap/pop3 service. X-Git-Tag: 1.1.alpha1~4528 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=67b2c958f6de410bc86b68edc669b28b02c933f4;p=thirdparty%2Fdovecot%2Fcore.git Using "*" as PAM service name now uses imap/pop3 service. --HG-- branch : HEAD --- diff --git a/doc/auth.txt b/doc/auth.txt index d790c8bc66..8035f3635a 100644 --- a/doc/auth.txt +++ b/doc/auth.txt @@ -80,8 +80,14 @@ We should work with Linux PAM, Solaris PAM, OpenPAM (FreeBSD) and ApplePAM (OSX). PAM doesn't provide user database, so you have to use something else for that - passwd usually. -Here's an example /etc/pam.d/imap configuration file which uses -standard UNIX authentication: +By default Dovecot uses "dovecot" service, ie. the PAM configuration is in +/etc/pam.d/dovecot file. You can override this by giving the wanted service +name as parameter for pam. For example "auth_passdb = pam dovecot2". If you +give "*" as service name, Dovecot uses "imap" service for IMAP connections +and "pop3" service for POP3 connections. + +Here's an example /etc/pam.d/dovecot configuration file which uses standard +UNIX authentication: auth required pam_unix.so nullok account required pam_unix.so diff --git a/dovecot-example.conf b/dovecot-example.conf index c8d5dddbed..4ab26c3e48 100644 --- a/dovecot-example.conf +++ b/dovecot-example.conf @@ -381,7 +381,7 @@ auth_userdb = passwd # Where password database is kept: # passwd: /etc/passwd or similiar, using getpwnam() # shadow: /etc/shadow or similiar, using getspnam() -# pam: PAM authentication +# pam [ | *]: PAM authentication # passwd-file : passwd-like file with specified location # vpopmail: vpopmail authentication # ldap : LDAP, see doc/dovecot-ldap.conf diff --git a/src/auth/passdb-pam.c b/src/auth/passdb-pam.c index 1dd43941be..383e63062b 100644 --- a/src/auth/passdb-pam.c +++ b/src/auth/passdb-pam.c @@ -204,7 +204,8 @@ static int pam_auth(pam_handle_t *pamh, const char *user, const char **error) } static void -pam_verify_plain_child(const char *user, const char *password, int fd) +pam_verify_plain_child(const char *service, const char *user, + const char *password, int fd) { pam_handle_t *pamh; struct pam_userpass userpass; @@ -221,7 +222,7 @@ pam_verify_plain_child(const char *user, const char *password, int fd) userpass.user = user; userpass.pass = password; - status = pam_start(service_name, user, &conv, &pamh); + status = pam_start(service, user, &conv, &pamh); if (status != PAM_SUCCESS) { result = PASSDB_RESULT_INTERNAL_FAILURE; str = t_strdup_printf("pam_start(%s) failed: %s", @@ -323,9 +324,18 @@ pam_verify_plain(struct auth_request *request, const char *password, verify_plain_callback_t *callback) { struct pam_auth_request *pam_auth_request; + const char *service; int fd[2]; pid_t pid; + service = service_name != NULL ? service_name : + request->protocol == AUTH_PROTOCOL_IMAP ? "imap" : + request->protocol == AUTH_PROTOCOL_POP3 ? "pop3" : NULL; + if (service == NULL) { + i_error("Unknown protocol %d in auth request", + request->protocol); + } + if (pipe(fd) < 0) { i_error("PAM: pipe() failed: %m"); callback(PASSDB_RESULT_INTERNAL_FAILURE, request); @@ -343,7 +353,7 @@ pam_verify_plain(struct auth_request *request, const char *password, if (pid == 0) { (void)close(fd[0]); - pam_verify_plain_child(request->user, password, fd[1]); + pam_verify_plain_child(service, request->user, password, fd[1]); _exit(0); } @@ -364,7 +374,8 @@ pam_verify_plain(struct auth_request *request, const char *password, static void pam_init(const char *args) { - service_name = i_strdup(*args != '\0' ? args : "dovecot"); + service_name = strcmp(args, "*") == 0 ? NULL : + i_strdup(*args != '\0' ? args : "dovecot"); to_wait = NULL; }