Import akpop3d 0.7.7.

Submitted by Maxime Guillaud <bsd-ports@mguillaud.net>.

akpop3d is a POP3 daemon aimed to be small and secure.  It is
stand-alone, very small, easy to modify.  Despite its small size, it
offers a lot of features.
This commit is contained in:
naddy 2004-11-08 21:57:05 +00:00
parent bfc9881693
commit 8e5db79efa
13 changed files with 535 additions and 0 deletions

25
mail/akpop3d/Makefile Normal file
View File

@ -0,0 +1,25 @@
# $OpenBSD: Makefile,v 1.1.1.1 2004/11/08 21:57:05 naddy Exp $
COMMENT= "small and secure POP3 daemon"
DISTNAME= akpop3d-0.7.7
CATEGORIES= mail
HOMEPAGE= http://www.synflood.at/akpop3d/
MAINTAINER= Maxime Guillaud <bsd-ports@mguillaud.net>
# GPL
PERMIT_PACKAGE_CDROM= Yes
PERMIT_PACKAGE_FTP= Yes
PERMIT_DISTFILES_CDROM= Yes
PERMIT_DISTFILES_FTP= Yes
MASTER_SITES= ${HOMEPAGE} \
http://www.mguillaud.net/ports/akpop3d/
EXTRACT_SUFX= .tar.bz2
CONFIGURE_STYLE=gnu
NO_REGRESS= Yes
.include <bsd.port.mk>

3
mail/akpop3d/distinfo Normal file
View File

@ -0,0 +1,3 @@
MD5 (akpop3d-0.7.7.tar.bz2) = 3ba404fb452f4452deb206a3074c1b28
RMD160 (akpop3d-0.7.7.tar.bz2) = 8d3271fe295b259174d62aa471a12ea06fc03ebd
SHA1 (akpop3d-0.7.7.tar.bz2) = 687b17646f85f043003e18e07dc40259ded2a15d

View File

@ -0,0 +1,26 @@
$OpenBSD: patch-Makefile_in,v 1.1.1.1 2004/11/08 21:57:05 naddy Exp $
--- Makefile.in.orig Mon Aug 11 21:12:11 2003
+++ Makefile.in Wed Oct 27 20:57:17 2004
@@ -1,7 +1,7 @@
# $Id: patch-Makefile_in,v 1.1.1.1 2004/11/08 21:57:05 naddy Exp $
CC=@CC@
-CFLAGS=@CFLAGS@ @DEFS@ -D_BSD_SOURCE
+CFLAGS=@CFLAGS@ @DEFS@ -D_BSD_SOURCE -DSYSCONFDIR="\"@sysconfdir@\""
LDFLAGS=@LDFLAGS@
LIBS=@LIBS@
@@ -60,8 +60,12 @@ install_sbin:
$(INSTALL) $(OUTPUT) $(DESTDIR)$(sbindir)
install_man:
+ $(RM) $(OUTPUT).8.tmp
+ sed -e "s;/etc/pop3;@sysconfdir@/pop3;g" \
+ -e "s;/etc/akpop3d;@sysconfdir@/akpop3d;g" \
+ $(OUTPUT).8 > $(OUTPUT).8.tmp
mkdir -p $(DESTDIR)$(mandir)/man8
- $(INSTALL) $(OUTPUT).8 $(DESTDIR)$(mandir)/man8
+ $(INSTALL) $(OUTPUT).8.tmp $(DESTDIR)$(mandir)/man8/$(OUTPUT).8
# $(GZIP) $(DESTDIR)$(mandir)/man8/$(OUTPUT).8
install_init:

View File

@ -0,0 +1,29 @@
$OpenBSD: patch-akpop3d_8,v 1.1.1.1 2004/11/08 21:57:05 naddy Exp $
--- akpop3d.8.orig Sun Jul 27 18:51:25 2003
+++ akpop3d.8 Sun Oct 17 17:22:09 2004
@@ -17,6 +17,7 @@
.Op Fl l Ar address
.Op Fl a Ar authfile
.Op Fl m Ar spooldir
+.Op Fl g Ar group
.Op Fl D
.Op Fl L Ar mboxfile
.Op Fl t Ar timeout
@@ -46,7 +47,7 @@ source package.
.Sh OPTIONS
.Nm
accepts the following commandline switches:
-.Bl -tag
+.Bl -tag -width 0
.It Fl d
Run as a daemon (in the background). The process ID of the daemon is written to
a PID file, which by default is
@@ -87,6 +88,8 @@ for the SSL key. (Point this to your RSA
Listen on the given
.Ar port
instead of port 995 (SSL) or 110 (non-SSL).
+.It Fl g Ar group
+Specify the group ID used to access the mail spool.
.It Fl l Ar address
Listen on the given
.Ar address

View File

@ -0,0 +1,40 @@
$OpenBSD: patch-authenticate_c,v 1.1.1.1 2004/11/08 21:57:05 naddy Exp $
--- authenticate.c.orig Sun Aug 17 19:44:55 2003
+++ authenticate.c Mon Nov 8 22:49:53 2004
@@ -25,6 +25,9 @@
#include "strlcpy.h"
#include "mysql.h"
+#define POP3ALLOW_FILE SYSCONFDIR "/pop3.allow"
+#define POP3DENY_FILE SYSCONFDIR "/pop3.deny"
+
extern const char * authfile;
char real_username[MAXLINE+1];
char real_maildrop[MAXLINE+1];
@@ -104,7 +107,7 @@ static int user_in_file(char * user, cha
static int is_user_allowed(char * user) {
int allow, deny;
- switch (user_in_file(user,"/etc/pop3.allow")>0) {
+ switch (user_in_file(user,POP3ALLOW_FILE)>0) {
case 0:
allow = 0;
break;
@@ -115,7 +118,7 @@ static int is_user_allowed(char * user)
return 0;
}
- switch (user_in_file(user,"/etc/pop3.deny")) {
+ switch (user_in_file(user,POP3DENY_FILE)) {
case 0:
deny = 0;
break;
@@ -322,7 +325,7 @@ int authenticate(char * username, char *
memset(pass,0,sizeof(pass));
strlcpy(pass,password,len+1);
- /* check /etc/pop3.{allow,deny} */
+ /* check %sysconfdir%/pop3.{allow,deny} */
if (0!=use_pop3_allow_deny && 0==is_user_allowed(user)) {
return 0;
}

View File

@ -0,0 +1,20 @@
$OpenBSD: patch-lock_maildrop_c,v 1.1.1.1 2004/11/08 21:57:05 naddy Exp $
--- lock_maildrop.c.orig Sun Aug 17 19:44:55 2003
+++ lock_maildrop.c Fri Aug 27 01:45:07 2004
@@ -49,13 +49,14 @@ int lock_maildrop(char * maildrop, uid_t
return 1;
}
-void remove_lock(char * maildrop) {
+int remove_lock(char * maildrop) {
size_t lf_len = (size_t)strlen(maildrop)+strlen(".lock")+1;
char * lf = alloca(lf_len);
if (lf!=NULL) {
snprintf(lf,lf_len,"%s.lock",maildrop);
- unlink(lf);
+ return unlink(lf);
}
+ return -2;
}
int lock_fd(int fd) {

View File

@ -0,0 +1,12 @@
$OpenBSD: patch-lock_maildrop_h,v 1.1.1.1 2004/11/08 21:57:05 naddy Exp $
--- lock_maildrop.h.orig Thu Jan 3 21:21:52 2002
+++ lock_maildrop.h Fri Aug 27 01:45:07 2004
@@ -5,7 +5,7 @@
int lock_maildrop(char * maildrop, uid_t uid, gid_t gid);
-void remove_lock(char * maildrop);
+int remove_lock(char * maildrop);
int lock_fd(int fd);

View File

@ -0,0 +1,166 @@
$OpenBSD: patch-main_c,v 1.1.1.1 2004/11/08 21:57:05 naddy Exp $
--- main.c.orig Sat Aug 2 16:54:56 2003
+++ main.c Wed Oct 27 19:36:57 2004
@@ -23,26 +23,34 @@
#include "ssl.h"
#include "strlcpy.h"
+#ifndef DEFAULT_GROUP_NAME
+# define DEFAULT_GROUP_NAME "mail"
+#endif
+
static char * port = NULL;
static int become_daemon = 0;
const char * pidfile = "/var/run/akpop3d.pid";
-const char * ssl_certfile = "/etc/akpop3d/cert.pem";
-const char * ssl_keyfile = "/etc/akpop3d/key.pem";
+const char * ssl_certfile = SYSCONFDIR "/akpop3d/cert.pem";
+const char * ssl_keyfile = SYSCONFDIR "/akpop3d/key.pem";
+const char * group_name = DEFAULT_GROUP_NAME;
const char * authfile = NULL;
const char * local_mbox = NULL;
const char * tmp_dir = "/tmp";
char * mailspool = "/var/mail/";
int use_pop3_allow_deny = 0;
int enable_mysql = 0;
-unsigned int timeout = 30;
+unsigned int timeout = 600;
+extern int *socks, maxs;
+extern fd_set deffds;
-
+#ifdef HAVE_LIBMYSQLCLIENT
/* mysql pointers */
extern char *HOSTNAME;
extern char *USERNAME;
extern char *PASSWORD;
extern char *DATABASE;
extern char *TABLE;
+#endif /* HAVE_LIBMYSQLCLIENT */
int daemonize(void);
void pop3_session(int fd);
@@ -68,14 +76,15 @@ static void usage(char * argv0) {
" -s use SSL for all connections\n"
" -c <certfile> use <certfile> for SSL certificate [%s]\n"
" -k <keyfile> use <keyfile> for SSL RSA key [%s]\n"
- " -p <port> listen on <port> [default: 110, or 995 if SSL]\n",
- ssl_certfile, ssl_keyfile
+ " -p <port> listen on <port> [default: 110, or 995 if SSL]\n"
+ " -g <group> use GID <group> to access spool directory [default: %s]\n",
+ ssl_certfile, ssl_keyfile, group_name
);
printf(
" -l <address> listen on <address> [default: any]\n"
" -a <authfile> use text file <authfile> for authentication\n"
" -m <spooldir> use directory <spooldir> as mail spool\n"
- " -D use /etc/pop3.{allow,deny} files\n"
+ " -D use " SYSCONFDIR "/pop3.{allow,deny} files\n"
" -L <mbox> use ~/<mbox> as mail spool\n"
" -t <timeout> use <timeout> seconds as r/w timeout\n"
#ifdef HAVE_LIBMYSQLCLIENT
@@ -107,21 +116,25 @@ static void delete_pid(void) {
}
int main(int argc, char * argv[]) {
- int listenfd, connfd;
+ int connfd, maxfd;
+ int *socks;
+ fd_set fds;
pid_t childpid;
struct stat sbuf;
- socklen_t addrlen;
#ifdef HAVE_LIBMYSQLCLIENT
- const char * optstring = "df:sp:c:k:l:a:m:hvDL:MH:U:P:I:T:t:x:";
+ const char * optstring = "df:sp:c:k:l:a:m:hvDL:MH:U:P:I:T:t:x:g:";
int len = 0;
#else
- const char * optstring = "df:sp:c:k:l:a:m:hvDL:t:x:";
+ const char * optstring = "df:sp:c:k:l:a:m:hvDL:t:x:g:";
#endif
char * listenhost = NULL;
char * progname;
- int c;
+ int c,i;
+ struct sockaddr_storage client;
socklen_t clen;
- struct sockaddr_in client;
+ uint16_t sin_port_number;
+ const char *sin_addr_text;
+ char sin_addr_text_buffer[64];
#ifdef HAVE_LIBMYSQLCLIENT
struct rlimit memlim, cpulim;
@@ -159,6 +172,7 @@ int main(int argc, char * argv[]) {
case 'k': ssl_keyfile = optarg; break;
case 'l': listenhost = optarg; break;
case 'a': authfile = optarg; break;
+ case 'g': group_name = optarg; break;
case 't': sscanf(optarg,"%u",&timeout); break;
case 'x': tmp_dir = optarg; break;
case 'm': if (stat(optarg,&sbuf)!=0) {
@@ -253,8 +267,13 @@ int main(int argc, char * argv[]) {
}
openlog(progname, LOG_PID, LOG_MAIL);
- listenfd = Tcp_listen(listenhost, port, &addrlen);
-
+ socks = Tcp_listen(listenhost, port);
+ for (maxfd = -1, i=0; i<maxs; i++) {
+ if (maxfd < socks[i])
+ maxfd = socks[i];
+ }
+ clen = sizeof(client);
+
Signal(SIGCHLD,sig_chld);
Signal(SIGTERM,sig_term);
@@ -263,9 +282,21 @@ int main(int argc, char * argv[]) {
Signal(SIGQUIT,sig_term);
for (;;) {
- clen = sizeof(struct sockaddr *);
-
- if ((connfd = accept(listenfd,(struct sockaddr *) &client,&clen)) < 0) {
+#ifdef FD_COPY
+ FD_COPY(&deffds, &fds);
+#else
+ fds = deffds;
+#endif
+ if (select(maxfd+1, &fds, NULL, NULL, NULL) != 1)
+ continue;
+ connfd = -1;
+ for (i=0; i<maxs; i++) {
+ if (FD_ISSET(socks[i], &fds)) {
+ connfd = accept(socks[i],(struct sockaddr *) &client,&clen);
+ break;
+ }
+ }
+ if (connfd < 0) {
if (errno == EINTR) {
continue;
} else {
@@ -275,11 +306,20 @@ int main(int argc, char * argv[]) {
}
getpeername( connfd, (struct sockaddr *) &client, &clen );
+ if (client.ss_family==AF_INET6)
+ {
+ sin_addr_text=inet_ntop(((struct sockaddr_in6 *)&client)->sin6_family,&(((struct sockaddr_in6 *)&client)->sin6_addr),sin_addr_text_buffer,64);
+ sin_port_number=ntohs(((struct sockaddr_in6 *)&client)->sin6_port);
+ }
+ else
+ {
+ sin_addr_text=inet_ntoa(((struct sockaddr_in *)&client)->sin_addr); // IPv4
+ sin_port_number=ntohs(((struct sockaddr_in *)&client)->sin_port);
+ }
+ syslog( LOG_INFO, "Connection from %s:%u",sin_addr_text,sin_port_number);
- syslog( LOG_INFO, "Connection from %s:%u", inet_ntoa( client.sin_addr ), ntohs( client.sin_port ) );
-
if ((childpid = fork()) == 0) {
- close(listenfd);
+/* close(listenfd); */
pop3_session(connfd);
syslog( LOG_INFO, "Connection closed" );
exit(0);

View File

@ -0,0 +1,109 @@
$OpenBSD: patch-pop3_session_c,v 1.1.1.1 2004/11/08 21:57:05 naddy Exp $
--- pop3_session.c.orig Sun Aug 17 19:44:55 2003
+++ pop3_session.c Fri Aug 27 01:45:07 2004
@@ -35,6 +35,7 @@
extern const char * ssl_certfile;
extern const char * ssl_keyfile;
+extern const char * group_name;
extern const char * local_mbox;
extern char real_username[MAXLINE+1];
extern char real_maildrop[MAXLINE+1];
@@ -45,8 +46,17 @@ extern const char * mailspool;
int authenticate(char * username, char * password);
void show_uidl(int fd, char * line);
-static void do_remove_lock(void) {
+static void do_remove_lock(int fd) {
do_cleanup();
+ if (remove_lock(mdl)) {
+ syslog(LOG_ERR,"unable to unlink lock file %s : %m",mdl);
+ write_line(fd,"unable to unlink lock file - see syslog\r\n");
+ exit(EXIT_FAILURE);
+ }
+}
+
+static void cleanup_before_exit(void) {
+ do_cleanup();
remove_lock(mdl);
}
@@ -64,8 +74,9 @@ static void print_capa(int fd) {
static void sig_handler(int signo) {
- remove_lock(mdl);
syslog(LOG_INFO,"%s: %u", "caught signal",signo);
+ if (remove_lock(mdl))
+ syslog(LOG_ERR,"unable to unlink lock file for user %s : %m",mdl);
exit(EXIT_FAILURE);
}
@@ -227,21 +238,21 @@ void pop3_session(int fd) {
mdl = maildrop;
- g_inf = getgrnam("mail");
+ g_inf = getgrnam(group_name);
if (g_inf==NULL) {
- syslog(LOG_ERR,"%s","group 'mail' not found");
- write_line(fd,"-ERR [SYS/TEMP] group 'mail' not found\r\n");
+ syslog(LOG_ERR,"group '%s' not found",group_name);
+ write_line(fd,"-ERR [SYS/TEMP] group not found\r\n");
exit(EXIT_FAILURE);
}
if (setegid(g_inf->gr_gid)!=0 && real_username[0] == 0) {
syslog(LOG_ERR,"%s: %u: %s","setegid() failed",g_inf->gr_gid,strerror(errno));
- write_line(fd,"-ERR [SYS/TEMP] failed to join 'mail' group (setegid)\r\n");
+ write_line(fd,"-ERR [SYS/TEMP] failed to join group (setegid)\r\n");
exit(EXIT_FAILURE);
}
if (setgid(g_inf->gr_gid)!=0 && real_username[0] == 0) {
syslog(LOG_ERR,"%s: %u: %s","setgid() failed",g_inf->gr_gid,strerror(errno));
- write_line(fd,"-ERR [SYS/TEMP] failed to join 'mail' group (setgid)\r\n");
+ write_line(fd,"-ERR [SYS/TEMP] failed to join group (setgid)\r\n");
exit(EXIT_FAILURE);
}
@@ -258,18 +269,18 @@ void pop3_session(int fd) {
if (setuid(u_inf->pw_uid)!=0) {
syslog(LOG_ERR,"%s: %u: %s","setuid() failed",u_inf->pw_uid,strerror(errno));
write_line(fd,"-ERR [SYS/TEMP] failed to set user identity\r\n");
- do_remove_lock();
+ do_remove_lock(fd);
exit(EXIT_FAILURE);
}
if (seteuid(u_inf->pw_uid)!=0) {
syslog(LOG_ERR,"%s: %u: %s","seteuid() failed",u_inf->pw_uid,strerror(errno));
write_line(fd,"-ERR [SYS/TEMP] failed to set effective user identity\r\n");
- do_remove_lock();
+ do_remove_lock(fd);
exit(EXIT_FAILURE);
}
- if (atexit(do_remove_lock)!=0) {
+ if (atexit(cleanup_before_exit)!=0) {
syslog(LOG_WARNING,"%s: %s","atexit() failed; lock files may fail to expire",strerror(errno));
}
@@ -278,7 +289,7 @@ void pop3_session(int fd) {
if (process_mails(maildrop)==0) {
write_line(fd,"-ERR [SYS/PERM] failed to scan maildrop contents\r\n");
do_cleanup();
- do_remove_lock();
+ do_remove_lock(fd);
exit(EXIT_FAILURE);
}
@@ -334,5 +345,8 @@ void pop3_session(int fd) {
do_update(maildrop);
}
do_cleanup();
- remove_lock(maildrop);
+ if (remove_lock(maildrop)) {
+ syslog(LOG_ERR,"unable to unlink lock file %s : %m",maildrop);
+ exit(EXIT_FAILURE);
+ }
}

View File

@ -0,0 +1,85 @@
$OpenBSD: patch-tcp_listen_c,v 1.1.1.1 2004/11/08 21:57:05 naddy Exp $
--- tcp_listen.c.orig Sun May 4 10:26:14 2003
+++ tcp_listen.c Fri Aug 27 01:45:07 2004
@@ -10,6 +10,11 @@
#include <unistd.h>
#include <errno.h>
+#define MAX_SOCKETS 10
+int socket_array[MAX_SOCKETS], maxs;
+int *socks=socket_array;
+fd_set deffds;
+
static void Setsockopt(int fd, int level, int optname, const void * optval, socklen_t optlen) {
if (setsockopt(fd,level,optname,optval,optlen) < 0) {
syslog(LOG_WARNING,"%s: %s","setsockopt failed",strerror(errno));
@@ -29,8 +34,8 @@ static void Listen(int fd, int backlog)
}
}
-static int tcp_listen(const char * host, const char * serv, socklen_t * addrlenp) {
- int listenfd, n;
+static int* tcp_listen(const char * host, const char * serv) {
+ int n, *s;
const int on = 1;
struct addrinfo hints, * res, * ressave;
struct linger sl = { 1, 5 };
@@ -39,37 +44,37 @@ static int tcp_listen(const char * host,
hints.ai_flags = AI_PASSIVE;
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
+ FD_ZERO(&deffds);
- if ((n = getaddrinfo(host,serv,&hints,&res)) != 0) {
+ if ((n = getaddrinfo(host,serv,&hints,&ressave)) != 0) {
syslog(LOG_ERR,"%s: %s, %s: %s","getaddrinfo failed",host?host:"(any)",serv,strerror(errno));
perror("getaddrinfo");
exit(EXIT_FAILURE);
}
- ressave = res;
- do {
- listenfd = socket(res->ai_family,res->ai_socktype,res->ai_protocol);
- if (listenfd < 0)
+ for (s=socks, res=ressave, maxs=0; res; res = res->ai_next) {
+ *s = socket(res->ai_family, res->ai_socktype,res->ai_protocol);
+ if (*s < 0)
continue;
- Setsockopt(listenfd,SOL_SOCKET,SO_REUSEADDR,&on,sizeof(on));
- Setsockopt(listenfd,SOL_SOCKET,SO_LINGER,&sl,sizeof(sl));
- if (bind(listenfd,res->ai_addr,res->ai_addrlen) == 0)
- break;
- close(listenfd);
- } while ((res = res->ai_next) != NULL);
- if (res == NULL) {
- syslog(LOG_ERR,"%s: %s, %s: %s","failed to bind socket",host?host:"(any)",serv,strerror(errno));
- perror("tcp_listen");
- exit(EXIT_FAILURE);
+ if (maxs==MAX_SOCKETS) {
+ syslog(LOG_ERR,"limiting socket number to %d",MAX_SOCKETS);
+ continue;
+ }
+ Setsockopt(*s,SOL_SOCKET,SO_REUSEADDR,&on,sizeof(on));
+ Setsockopt(*s,SOL_SOCKET,SO_LINGER,&sl,sizeof(sl));
+ if (bind(*s,res->ai_addr,res->ai_addrlen) != 0) {
+ close(*s);
+ continue;
+ }
+ Listen(*s,LISTENQ);
+ FD_SET(*s, &deffds);
+ s++; maxs++;
}
- Listen(listenfd,LISTENQ);
- if (addrlenp)
- *addrlenp = res->ai_addrlen;
freeaddrinfo(ressave);
- return listenfd;
+ return socks;
}
-int Tcp_listen(const char * host, const char * serv, socklen_t * addrlenp) {
- return tcp_listen(host,serv,addrlenp);
+int* Tcp_listen(const char * host, const char * serv) {
+ return tcp_listen(host,serv);
}

View File

@ -0,0 +1,11 @@
$OpenBSD: patch-tcp_listen_h,v 1.1.1.1 2004/11/08 21:57:05 naddy Exp $
--- tcp_listen.h.orig Tue Jan 21 19:04:46 2003
+++ tcp_listen.h Fri Aug 27 01:45:07 2004
@@ -10,6 +10,6 @@
#define LISTENQ 1024
-int Tcp_listen(const char * host, const char * serv, socklen_t * addrlenp);
+int* Tcp_listen(const char * host, const char * serv);
#endif

6
mail/akpop3d/pkg/DESCR Normal file
View File

@ -0,0 +1,6 @@
akpop3d is a POP3 daemon aimed to be small and secure. It is
stand-alone, very small, easy to modify. Despite its small size, it
offers a lot of features. It is completely RFC 1939 compliant. It
features POP3-over-SSL (based on OpenSSL), and can use a separate
authfile (enabling authentication of virtual users who do not have an
entry in /etc/passwd).

3
mail/akpop3d/pkg/PLIST Normal file
View File

@ -0,0 +1,3 @@
@comment $OpenBSD: PLIST,v 1.1.1.1 2004/11/08 21:57:05 naddy Exp $
@man man/man8/akpop3d.8
sbin/akpop3d