httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian J. France" <>
Subject mod_smtpd_auth and mod_smtpd_auth_dbd
Date Tue, 27 Sep 2005 13:33:37 GMT
Here are two modules I worked on last week while on a trip and ready 
for some discussion.


mod_smtpd.patch will be needed which adds the auth hooks and info into 
the smtp rec.  This patch also does a dns look up of the remote_addr 
because some auth methods need it and I figured it would be a good idea 
to do it anyways.

mod_smtpd_auth currently has support for PLAIN, LOGIN, CRAM-MD5 and 
DIGEST-MD5, but after finishing it I think whole auth stuff needs a 
little rethinking/reworking.

The way I did the mod_smtpd_auth module was to add the command AUTH to 
mod_smtpd and then mod_smtpd_auth hooks that and has a big if/else if 
block for all the auth methods.  I think a better way to do it is to 
have the auth stuff in the mod_smtpd server define two hooks, one for 
methods and one for validating/getting passwords.  Then in 
smtp_protocol the command auth hook will just get the function to call 
from the method hook list (just like command hooks are done) and run 
that function.  The big if/else if block that is currently in 
mod_smtpd_auth will be turned into multiple modules that will use the 
passwords hooks get get validate/get passwords.  This means 
mod_smtpd_auth will then go away and be replaced with two types of 
modules, method (mod_smtpd_authm_*) and validate/getting 
(mod_smtpd_authv_*) modules:



The other thing that will need to change would be the AUTH ehlo 
response.  It would need pull the method names from the method hook 
list, which I don't know if it is possible or not.

I think somebody with a little more hook experience could use the 
current code and make the changes pretty quick, but I don't know enough 
about the hook stuff to get it all setup with out getting a big 

There are a few issue that might be a problem with this setup.  If 
somebody wants to enable/disable auth methods based on server or 
virtual hosts could be a problem, but I think that can be handled by 
having the method modules delay hooking the method hook until the 
connect phases to make sure they are enabled in that server.  Not sure 
if this is a problem or not, but if you look at the smtpd_protocol auth 
function, it is pretty plain  compared to the other ones.  This goes 
back to my original request to be able to set the response code from 
the module (mod_smtpd_auth sets 6 different codes).  Not sure how I did 
this was the best way, but it got it working until we talk about this 

On a side note, has there been some bugs fixed recently in apreq for 
header parsing?  I am trying to do final testing of mod_smtpd_clamd and 
mod_smtpd_spamd, but I am failing on a assert in the parser header 
function when I use real emails (vs real simple stuff).  Need to svn 
update and try it again when I get a chance, but figure I would ask.


View raw message