$Id: drac_auth.patch,v 1.8 2001/06/02 02:41:43 ken3 Exp $

Patch to add support for Dynamic Relay Authorization Control

For more information about DRAC, see:
	http://mail.cc.umanitoba.ca/drac/index.html


Installation
------------

1.  Apply this patch in the toplevel directory using the following command:

	# patch -b -p0 < contrib/drac_auth.patch

2.  Cleanup any previous builds:

	# make distclean

3a. If you DO NOT have 'smake' and 'autoconf' installed on your system, goto
    step 3b.

    Perform the following to reconfigure your build:

	# rm aclocal.m4 configure
	# sh SMakefile
	# ./configure ... --with-drac=<location of libdrac>

    NOTE: you can find your original configure command in config.status

    Proceed to step 4.

3b. Edit imap/Makefile and modify the following three variables:

	DEFS = ... -DDRAC_AUTH
	LIBS = ... -ldrac
	LDFLAGS = ... -L<location of libdrac>

4.  Build and install the software:

	# make
	# make install

5.  If dracd is not running on the same system as Cyrus (localhost),
    use the 'drachost' option in imapd.conf(5) to specify the hostname of
    the dracd server.

6.  Installation is complete!


Operation
---------

The behavior of DRAC is controlled by the value of the 'dracinterval' option
in imapd.conf(5).  If 'dracinterval' is 0 (zero), DRAC support is disabled.
Otherwise, DRAC support is enabled and has the following behavior:

pop3d: Whenever a client opens a user's INBOX, drac_auth() is called.

imapd: Once a client is logged in (via LOGIN or AUTHENTICATE),
       drac_send() will be once called every 'dracinterval' minutes.





Index: acconfig.h
===================================================================
RCS file: /afs/andrew/system/cvs/src/cyrus/acconfig.h,v
retrieving revision 1.17
diff -c -r1.17 acconfig.h
*** acconfig.h	2001/03/28 16:11:49	1.17
--- acconfig.h	2001/06/02 02:33:50
***************
*** 81,86 ****
--- 81,89 ----
  /* do we have SASL support for APOP? */
  #undef HAVE_APOP
  
+ /* the Dynamic Relay Authorization Control package */
+ #undef DRAC_AUTH
+ 
  /* do we have OpenSSL? */
  #undef HAVE_SSL
  
Index: configure.in
===================================================================
RCS file: /afs/andrew/system/cvs/src/cyrus/configure.in,v
retrieving revision 1.197
diff -c -r1.197 configure.in
*** configure.in	2001/05/17 17:33:29	1.197
--- configure.in	2001/06/02 02:33:51
***************
*** 730,735 ****
--- 730,750 ----
  SNMP_SUBDIRS=""
  AC_SUBST(SNMP_SUBDIRS)
  
+ 
+ 
+ dnl
+ dnl Test for DRAC
+ dnl
+ AC_ARG_WITH(drac, [  --with-drac=DIR         use DRAC library in <DIR> [no] ],
+ 	if test -d "$withval"; then
+ 		LDFLAGS="$LDFLAGS -L${withval}"
+ 		AC_CHECK_LIB(drac, dracauth,
+ 			AC_DEFINE(DRAC_AUTH)
+ 			LIBS="${LIBS} -ldrac")
+ 	fi)
+ 
+ 
+ 
  CMU_SOCKETS
  CMU_LIBWRAP
  CMU_UCDSNMP
Index: imap/imapd.c
===================================================================
RCS file: /afs/andrew/system/cvs/src/cyrus/imap/imapd.c,v
retrieving revision 1.307
diff -c -r1.307 imapd.c
*** imap/imapd.c	2001/05/21 18:27:10	1.307
--- imap/imapd.c	2001/06/02 02:33:54
***************
*** 117,122 ****
--- 117,130 ----
  static SSL *tls_conn = NULL;
  #endif /* HAVE_SSL */
  
+ #ifdef DRAC_AUTH
+ static struct {
+     int interval;		/* dracd "ping" interval; 0 = disabled */
+     unsigned long clientaddr;
+     struct prot_waitevent *event;
+ } drac;
+ #endif /* DRAC_AUTH */
+ 
  /* current sub-user state */
  static struct mailbox mboxstruct;
  static struct mailbox *imapd_mailbox;
***************
*** 436,441 ****
--- 444,467 ----
      /* setup for sending IMAP IDLE notifications */
      idle_enabled();
  
+ #ifdef DRAC_AUTH
+     /* setup for sending DRAC "pings" */
+     drac.event = NULL;
+     drac.interval = config_getint("dracinterval", 5);
+     if (drac.interval < 0) drac.interval = 0;
+ 
+     if (drac.interval) {
+ 	char *err;
+ 
+ 	if (dracconn(config_getstring("drachost", "localhost"), &err) != 0) {
+ 	    /* disable DRAC */
+ 	    drac.interval = 0;
+ 	    syslog(LOG_NOTICE, "dracconn: %s", err);
+ 	    syslog(LOG_NOTICE, "DRAC DISABLED");
+ 	}
+     }
+ #endif /* DRAC_AUTH */
+ 
      /* create connection to the SNMP listener, if available. */
      snmp_connect(); /* ignore return code */
      snmp_set_str(SERVER_NAME_VERSION,CYRUS_VERSION);
***************
*** 508,513 ****
--- 534,545 ----
  	if (getsockname(0, (struct sockaddr *)&imapd_localaddr, &salen) == 0) {
  	    imapd_haveaddr = 1;
  	}
+ 
+ #ifdef DRAC_AUTH
+ 	drac.clientaddr = imapd_remoteaddr.sin_addr.s_addr;
+     } else {
+ 	drac.clientaddr = 0;
+ #endif /* DRAC_AUTH */
      }
  
      /* create the SASL connection */
***************
*** 548,553 ****
--- 580,590 ----
      prot_flush(imapd_out);
      snmp_increment(ACTIVE_CONNECTIONS, -1);
  
+ #ifdef DRAC_AUTH
+     if (drac.event) prot_removewaitevent(imapd_in, drac.event);
+     drac.event = NULL;
+ #endif /* DRAC_AUTH */
+ 
      /* cleanup */
      imapd_reset();
  
***************
*** 620,625 ****
--- 657,667 ----
      prot_flush(imapd_out);
      /* one less active connection */
      snmp_increment(ACTIVE_CONNECTIONS, -1);
+ 
+ #ifdef DRAC_AUTH
+     if (drac.interval) (void) dracdisc((char **)NULL);
+ #endif /* DRAC_AUTH */
+ 
      exit(code);
  }
  
***************
*** 640,645 ****
--- 682,716 ----
  
  }
  
+ #ifdef DRAC_AUTH
+ /*
+  * Ping dracd every 'drac.interval' minutes
+  * to let it know that we are still connected
+  */
+ struct prot_waitevent *drac_ping(struct protstream *s,
+ 				 struct prot_waitevent *ev, void *rock)
+ {
+     char *err;
+     static int nfailure = 0;
+ 
+     if (dracsend(drac.clientaddr, &err) != 0) {
+ 	syslog(LOG_NOTICE, "dracsend: %s", err);
+ 	if (++nfailure >= 3) {
+ 	    /* can't contact dracd for 3 consecutive tries - disable DRAC */
+ 	    prot_removewaitevent(s, ev);
+ 	    drac.event = NULL;
+ 	    syslog(LOG_NOTICE, "DRAC DISABLED");
+ 	    return NULL;
+ 	}
+     }
+     else
+ 	nfailure = 0;
+ 
+     ev->mark = time(NULL) + (drac.interval * 60);
+     return ev;
+ }
+ #endif /* DRAC_AUTH */
+ 
  /*
   * Top-level command loop parsing
   */
***************
*** 1485,1490 ****
--- 1556,1566 ----
  
      if (!reply) reply = "User logged in";
  
+ #ifdef DRAC_AUTH
+     if (drac.interval && drac.clientaddr)
+ 	drac.event = prot_addwaitevent(imapd_in, 0 /* now */, drac_ping, NULL);
+ #endif /* DRAC_AUTH */
+ 
      /* Create telemetry log */
      imapd_logfd = telemetry_log(imapd_userid, imapd_in, imapd_out);
  
***************
*** 1628,1633 ****
--- 1704,1714 ----
  
      prot_setsasl(imapd_in,  imapd_saslconn);
      prot_setsasl(imapd_out, imapd_saslconn);
+ 
+ #ifdef DRAC_AUTH
+     if (drac.interval && drac.clientaddr)
+ 	drac.event = prot_addwaitevent(imapd_in, 0 /* now */, drac_ping, NULL);
+ #endif /* DRAC_AUTH */
  
      /* Create telemetry log */
      imapd_logfd = telemetry_log(imapd_userid, imapd_in, imapd_out);
Index: imap/pop3d.c
===================================================================
RCS file: /afs/andrew/system/cvs/src/cyrus/imap/pop3d.c,v
retrieving revision 1.94
diff -c -r1.94 pop3d.c
*** imap/pop3d.c	2001/06/01 02:59:02	1.94
--- imap/pop3d.c	2001/06/02 02:33:55
***************
*** 100,105 ****
--- 100,108 ----
  
  extern int errno;
  
+ #ifdef DRAC_AUTH
+ static int drac_enabled;
+ #endif /* DRAC_AUTH */
  
  
  #ifdef HAVE_SSL
***************
*** 284,289 ****
--- 287,296 ----
         TLS negotiation immediatly */
      if (pop3s == 1) cmd_starttls(1);
  
+ #ifdef DRAC_AUTH
+     drac_enabled = (config_getint("dracinterval", 5) > 0);
+ #endif /* DRAC_AUTH */
+ 
      prot_printf(popd_out, "+OK %s Cyrus POP3 %s server ready\r\n",
  		apop_enabled() ? popd_apop_chal : config_servername,
  		CYRUS_VERSION);
***************
*** 1233,1238 ****
--- 1240,1258 ----
      }
      popd_mailbox = &mboxstruct;
      proc_register("pop3d", popd_clienthost, popd_userid, popd_mailbox->name);
+ 
+ #ifdef DRAC_AUTH
+     if (drac_enabled) {
+ 	char *err;
+ 
+ 	if (dracauth(config_getstring("drachost", "localhost"),
+ 		     popd_remoteaddr.sin_addr.s_addr, &err) != 0) {
+ 	    /* disable DRAC */
+ 	    drac_enabled = 0;
+ 	    syslog(LOG_NOTICE, "dracauth: %s (DISABLED)", err);
+ 	}
+     }
+ #endif /* DRAC_AUTH */
  
      /* Create telemetry log */
      telemetry_log(popd_userid, popd_in, popd_out);
Index: man/imapd.conf.5
===================================================================
RCS file: /afs/andrew/system/cvs/src/cyrus/man/imapd.conf.5,v
retrieving revision 1.41
diff -c -r1.41 imapd.conf.5
*** man/imapd.conf.5	2001/03/07 15:52:59	1.41
--- man/imapd.conf.5	2001/06/02 02:33:55
***************
*** 224,230 ****
  Unix domain socket that lmtpd listens on.
  .IP "\fBidlesocket:\fR /var/imap/socket/idle" 5
  Unix domain socket that idled listens on.
  .SH SEE ALSO
  .PP
  \fBimapd(8)\fR, \fBpop3d(8)\fR, \fBlmtpd(8)\fR, \fBtimsieved(8)\fR,
! \fBidled(8)\fR, \fBdeliver(8)\fR, \fBmaster(8)\fR
--- 224,236 ----
  Unix domain socket that lmtpd listens on.
  .IP "\fBidlesocket:\fR /var/imap/socket/idle" 5
  Unix domain socket that idled listens on.
+ .IP "\fBdracinterval:\fR 5" 5
+ If nonzero, enables the use of DRAC (Dynamic Relay Authorization Control)
+ by the pop3d and imapd daemons.  Also sets the interval (in minutes) between 
+ re-authorization requests made by imapd.
+ .IP "\fBdrachost:\fR localhost" 5
+ Hostname of the dracd server.
  .SH SEE ALSO
  .PP
  \fBimapd(8)\fR, \fBpop3d(8)\fR, \fBlmtpd(8)\fR, \fBtimsieved(8)\fR,
! \fBidled(8)\fR, \fBdeliver(8)\fR, \fBmaster(8)\fR, \fBrpc.dracd(1m)\fR