Source Code 1992 March

home *** CD-ROM | disk | FTP | other *** search

/ Source Code 1992 March / Source_Code_CD-ROM_Walnut_Creek_March_1992.iso / usenet / altsrcs / 2 / 2728 < prev next >

Wrap

Internet Message Format | 1991-02-09 | 3KB

From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein) Newsgroups: alt.sources Subject: Unofficial patches to sendmail for RFC 931 support Message-ID: <28897:Feb809:32:5491@kramden.acf.nyu.edu> Date: 8 Feb 91 09:32:54 GMT These are unofficial patches to sendmail 5.65 to stop forgeries. After you apply these patches and reinstall sendmail, you can use $F in sendmail.cf for the real user name as determined by RFC 931 (or ``unauthenticated'' in case the sending host doesn't support RFC 931). I recommend changing the second line of HReceived from id $i; $b to id $i; $b, auth $F These patches should work on sendmail 5.65 (on ucbarpa), sendmail 5.61 (as on gatekeeper), and possibly earlier versions. You must have the authuser library, part of the authd package posted here recently. Make sure to add -lauthuser to sendmail's Makefile. ---Dan *** sendmail.h.old Thu Nov 17 13:35:08 1988 --- sendmail.h Thu Feb 7 05:59:32 1991 *************** *** 521,526 **** --- 521,527 ---- EXTERN char *SmtpPhase; /* current phase in SMTP processing */ EXTERN char *MyHostName; /* name of this host for SMTP messages */ EXTERN char *RealHostName; /* name of host we are talking to */ + EXTERN char *RealUser; /* name of user we're talking to, given by RFC 931 */ EXTERN struct sockaddr_in RealHostAddr;/* address of host we are talking to */ EXTERN char *CurHostName; /* current host we are dealing with */ EXTERN jmp_buf TopFrame; /* branch-to-top-of-loop-on-error frame */ *** srvrsmtp.c.old Thu Jan 19 18:03:48 1989 --- srvrsmtp.c Thu Feb 7 06:07:20 1991 *************** *** 240,245 **** --- 240,249 ---- break; define('s', sendinghost, CurEnv); define('r', "SMTP", CurEnv); + /* RFC 931 sender name---2/7/91 DJB */ + if (RealUser) + define('F', RealUser, CurEnv); + initsys(); setproctitle("%s %s: %s", CurEnv->e_id, CurHostName, inp); *** daemon.c.old Thu Jan 19 18:56:33 1989 --- daemon.c Thu Feb 7 06:04:49 1991 *************** *** 34,39 **** --- 34,41 ---- # include <sys/wait.h> # include <sys/time.h> # include <sys/resource.h> + extern int auth_fd(); + extern char *auth_tcpuser(); /* ** DAEMON.C -- routines to use when running as a daemon. *************** *** 94,99 **** --- 96,105 ---- register struct servent *sp; int on = 1; extern reapchild(); + unsigned long in; + unsigned short local; + unsigned short remote; + char *user; /* ** Set up the address for the mailer. *************** *** 211,216 **** --- 217,223 ---- ** Collect verified idea of sending host. ** Verify calling user id if possible here. */ + /* You got it. ---DJB, 2/7/91 */ (void) signal(SIGCHLD, SIG_DFL); *************** *** 230,235 **** --- 237,255 ---- /* should we check for illegal connection here? XXX */ RealHostName = newstr(buf); + + /* RFC 931 support added 2/7/91 by DJB */ + /* We could just use auth_xline but we don't */ + /* know the supposed username yet. */ + if (auth_fd(t,&in,&local,&remote) == -1) + user = "unauthenticated"; /* no point in worrying */ + else + { + user = auth_tcpuser(in,local,remote); + if (!user) + user = "unauthenticated"; + } + RealUser = newstr(user); (void) close(DaemonSocket); InChannel = fdopen(t, "r");