home *** CD-ROM | disk | FTP | other *** search
- From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
- Newsgroups: alt.sources
- Subject: Unofficial patches to sendmail for RFC 931 support
- Message-ID: <28897:Feb809:32:5491@kramden.acf.nyu.edu>
- Date: 8 Feb 91 09:32:54 GMT
-
- These are unofficial patches to sendmail 5.65 to stop forgeries. After
- you apply these patches and reinstall sendmail, you can use $F in
- sendmail.cf for the real user name as determined by RFC 931 (or
- ``unauthenticated'' in case the sending host doesn't support RFC 931).
- I recommend changing the second line of HReceived from
-
- id $i; $b
- to
- id $i; $b, auth $F
-
- These patches should work on sendmail 5.65 (on ucbarpa), sendmail 5.61
- (as on gatekeeper), and possibly earlier versions. You must have the
- authuser library, part of the authd package posted here recently. Make
- sure to add -lauthuser to sendmail's Makefile.
-
- ---Dan
-
- *** sendmail.h.old Thu Nov 17 13:35:08 1988
- --- sendmail.h Thu Feb 7 05:59:32 1991
- ***************
- *** 521,526 ****
- --- 521,527 ----
- EXTERN char *SmtpPhase; /* current phase in SMTP processing */
- EXTERN char *MyHostName; /* name of this host for SMTP messages */
- EXTERN char *RealHostName; /* name of host we are talking to */
- + EXTERN char *RealUser; /* name of user we're talking to, given by RFC 931 */
- EXTERN struct sockaddr_in RealHostAddr;/* address of host we are talking to */
- EXTERN char *CurHostName; /* current host we are dealing with */
- EXTERN jmp_buf TopFrame; /* branch-to-top-of-loop-on-error frame */
- *** srvrsmtp.c.old Thu Jan 19 18:03:48 1989
- --- srvrsmtp.c Thu Feb 7 06:07:20 1991
- ***************
- *** 240,245 ****
- --- 240,249 ----
- break;
- define('s', sendinghost, CurEnv);
- define('r', "SMTP", CurEnv);
- + /* RFC 931 sender name---2/7/91 DJB */
- + if (RealUser)
- + define('F', RealUser, CurEnv);
- +
- initsys();
- setproctitle("%s %s: %s", CurEnv->e_id,
- CurHostName, inp);
- *** daemon.c.old Thu Jan 19 18:56:33 1989
- --- daemon.c Thu Feb 7 06:04:49 1991
- ***************
- *** 34,39 ****
- --- 34,41 ----
- # include <sys/wait.h>
- # include <sys/time.h>
- # include <sys/resource.h>
- + extern int auth_fd();
- + extern char *auth_tcpuser();
-
- /*
- ** DAEMON.C -- routines to use when running as a daemon.
- ***************
- *** 94,99 ****
- --- 96,105 ----
- register struct servent *sp;
- int on = 1;
- extern reapchild();
- + unsigned long in;
- + unsigned short local;
- + unsigned short remote;
- + char *user;
-
- /*
- ** Set up the address for the mailer.
- ***************
- *** 211,216 ****
- --- 217,223 ----
- ** Collect verified idea of sending host.
- ** Verify calling user id if possible here.
- */
- + /* You got it. ---DJB, 2/7/91 */
-
- (void) signal(SIGCHLD, SIG_DFL);
-
- ***************
- *** 230,235 ****
- --- 237,255 ----
- /* should we check for illegal connection here? XXX */
-
- RealHostName = newstr(buf);
- +
- + /* RFC 931 support added 2/7/91 by DJB */
- + /* We could just use auth_xline but we don't */
- + /* know the supposed username yet. */
- + if (auth_fd(t,&in,&local,&remote) == -1)
- + user = "unauthenticated"; /* no point in worrying */
- + else
- + {
- + user = auth_tcpuser(in,local,remote);
- + if (!user)
- + user = "unauthenticated";
- + }
- + RealUser = newstr(user);
-
- (void) close(DaemonSocket);
- InChannel = fdopen(t, "r");
-
