Permalink
Browse files

merge 'security password' branch

  • Loading branch information...
pjstevns committed Aug 19, 2013
1 parent ff924a2 commit b92182c46c2ba12ea5efb0881d843ebc6ec43a0e
View
@@ -689,4 +689,12 @@ AC_DEFUN([DM_UPGRADE_STEPS], [dnl
AC_SUBST(MYSQL_32003)
AC_SUBST(SQLITE_32003)
PGSQL_32004=`sed -e 's/\"/\\\"/g' -e 's/^/\"/' -e 's/$/\\\n\"/' -e '$!s/$/ \\\\/' sql/postgresql/upgrades/32004.psql`
MYSQL_32004=`sed -e 's/\"/\\\"/g' -e 's/^/\"/' -e 's/$/\\\n\"/' -e '$!s/$/ \\\\/' sql/mysql/upgrades/32004.mysql`
SQLITE_32004=`sed -e 's/\"/\\\"/g' -e 's/^/\"/' -e 's/$/\\\n\"/' -e '$!s/$/ \\\\/' sql/sqlite/upgrades/32004.sqlite`
AC_SUBST(PGSQL_32004)
AC_SUBST(MYSQL_32004)
AC_SUBST(SQLITE_32004)
])
View
@@ -1,7 +1,8 @@
# Copyright (C) 1999-2004 IC & S dbmail@ic-s.nl
# Copyright (C) 2004-2013 NFG Net Facilities Group support@nfg.nl
AC_INIT([dbmail], [3.1.1], [dbmail@dbmail.org])
<<<<<<< HEAD
AC_INIT([dbmail], [3.1.3.1], [dbmail@dbmail.org])
AC_CONFIG_AUX_DIR(config)
AM_CONFIG_HEADER(config.h:config.in)
AC_CONFIG_MACRO_DIR([m4])
@@ -0,0 +1,71 @@
Security Password
=================
DBMail now supports a special, separate password.
This separate password allows you to specify behavior when users log into one
of the DBMail servers using this password.
The use-case for this feature is when you want to provide your users with an
unobtrusive way to delete all sensitive messages from their accounts, even when
under duress or active observation. When a lot of messages are affected the
login delay will be somewhat greater, but other than that, it is impossible to
tell that anything out of the ordinary has happpened.
Changes
-------
A small schema-migration is required and provided in
sql/DRIVER/upgrades/31202.xxx. If you run a version prior to 3.2.0 you will
have to apply it manually.
The password can be specified with the --security-password argument of
dbmail-users. The same encryption as for the regular password is used.
The behavior after logging in using this password can be set per user using the
--security-action argument of dbmail-users. Currently two actions are
hard-coded, but you can expand them as needed.
Security-action:
----------------
0: do nothing. This is also the default behavior.
1: delete everything. In this case all mailboxes owned by the authenticated
user are deleted immediately and irretrievably.
2 and higher: these can be configured through the security_action setting
in dbmail.conf:
The first two are hard-coded, as said. It is not possible to override them in
dbmail.conf. Trying to do so will invalidate the entry in dbmail.conf.
An example:
security_action = 2:\Deleted;3:\Flagged \Deleted Important $Important
In this case two additional behaviors are defined. When a user has
security-action 2, and logs on using the security-password all messages that
have the \Deleted system-flag set are queued for later deletion by dbmail-util,
and are immediately inaccessible to the user.
For users with security-action 3, all messages that have the \Flagged or
\Deleted system flags, or have a user labels 'Important' or '$Important' are
queued for deletion and are also immediately inaccessible to the user.
Please Note:
------------
This feature is not without risks if used casually. Instruct your users
carefully! Also make sure the security password can never be the same as the
regular password because in that case it just won't work.
Messages that have been queued for deletion *can*, if required, be restored to
visibility by a system adminitrator by setting the status field. If the
security action was set to '1' however, only a restore from backup of the
database will bring back the deleted mail.
LDAP support is currently not available. Please contact support@nfg.nl if you
required this feature and need LDAP authentication.
#EOF
@@ -384,6 +384,9 @@ CREATE TABLE `dbmail_users` (
`cursieve_size` bigint(20) NOT NULL default '0',
`encryption_type` varchar(255) NOT NULL default '',
`last_login` datetime NOT NULL default '1979-11-03 22:05:58',
`spasswd` varchar(255) NOT NULL default '',
`saction` smallint NOT NULL default '0',
`active` smallint NOT NULL default '1',
PRIMARY KEY (`user_idnr`),
UNIQUE KEY `userid_index` (`userid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
@@ -0,0 +1,8 @@
BEGIN;
ALTER TABLE dbmail_users ADD COLUMN spasswd VARCHAR(130) DEFAULT '' NOT NULL;
ALTER TABLE dbmail_users ADD COLUMN saction SMALLINT DEFAULT '0' NOT NULL;
ALTER TABLE dbmail_users ADD COLUMN active SMALLINT DEFAULT '1' NOT NULL;
INSERT INTO dbmail_upgrade_steps (from_version, to_version, applied) values (32001, 32004, now());
COMMIT;
@@ -514,6 +514,9 @@ CREATE TABLE dbmail_users (
cursieve_size number(20) default '0' NOT NULL,
encryption_type varchar2(255) default NULL,
last_login timestamp default TO_TIMESTAMP('1979-11-03 22:05:58','YYYY-MM-DD HH24:MI:SS') NOT NULL
spasswd varchar2(255) default NULL,
saction number(1) default '0' NOT NULL,
active number(1) default '1' NOT NULL
);
CREATE UNIQUE INDEX dbmail_users_idx ON dbmail_users (user_idnr) TABLESPACE DBMAIL_TS_IDX;
ALTER TABLE dbmail_users ADD CONSTRAINT dbmail_users_pk PRIMARY KEY (user_idnr) USING INDEX dbmail_users_idx;
@@ -62,6 +62,9 @@ CREATE TABLE dbmail_users (
cursieve_size INT8 DEFAULT '0' NOT NULL,
encryption_type VARCHAR(20) DEFAULT '' NOT NULL,
last_login TIMESTAMP DEFAULT '1979-11-03 22:05:58' NOT NULL,
spasswd VARCHAR(130) DEFAULT '' NOT NULL,
saction SMALLINT DEFAULT '0' NOT NULL,
active SMALLINT DEFAULT '1' NOT NULL
PRIMARY KEY (user_idnr)
);
@@ -0,0 +1,8 @@
BEGIN;
ALTER TABLE dbmail_users ADD COLUMN spasswd VARCHAR(130) DEFAULT '' NOT NULL;
ALTER TABLE dbmail_users ADD COLUMN saction SMALLINT DEFAULT '0' NOT NULL;
ALTER TABLE dbmail_users ADD COLUMN active SMALLINT DEFAULT '1' NOT NULL;
INSERT INTO dbmail_upgrade_steps (from_version, to_version) values (32001, 32004);
COMMIT;
@@ -53,7 +53,10 @@ CREATE TABLE dbmail_users (
maxmail_size INTEGER DEFAULT '0' NOT NULL,
curmail_size INTEGER DEFAULT '0' NOT NULL,
encryption_type TEXT DEFAULT '' NOT NULL,
last_login DATETIME DEFAULT '1979-11-03 22:05:58' NOT NULL
last_login DATETIME DEFAULT '1979-11-03 22:05:58' NOT NULL,
spasswd TEXT NOT NULL DEFAULT '',
saction SMALLINT NOT NULL DEFAULT '0',
active BOOLEAN NOT NULL DEFAULT '1'
);
CREATE UNIQUE INDEX dbmail_users_1 ON dbmail_users(userid);
@@ -0,0 +1,8 @@
BEGIN;
ALTER TABLE dbmail_users ADD COLUMN spasswd VARCHAR(130) DEFAULT '' NOT NULL;
ALTER TABLE dbmail_users ADD COLUMN saction SMALLINT DEFAULT '0' NOT NULL;
ALTER TABLE dbmail_users ADD COLUMN active SMALLINT DEFAULT '1' NOT NULL;
INSERT INTO dbmail_upgrade_steps (from_version, to_version) values (32001, 32004);
COMMIT;
View
@@ -1314,13 +1314,11 @@ int dbmail_imap_session_handle_auth(ImapSession * self, const char * username, c
{
uint64_t userid = 0;
TRACE(TRACE_DEBUG, "[%p] trying to validate user [%s]", self, username);
int valid = auth_validate(self->ci, username, password, &userid);
if (self->ci->auth)
username = Cram_getUsername(self->ci->auth);
TRACE(TRACE_DEBUG, "[%p] trying to validate user [%s]", self, username);
switch(valid) {
case -1: /* a db-error occurred */
View
@@ -428,18 +428,18 @@ int do_aliases(const uint64_t useridnr,
GList *current_aliases, *matching_aliases, *matching_alias_del;
if (no_to_all) {
qprintf("Pretending to remove aliases for user id number [%" PRIu64 "]\n",
useridnr);
if (alias_del) {
qprintf("Pretending to remove aliases for user id number [%" PRIu64 "]\n",
useridnr);
alias_del = g_list_first(alias_del);
while (alias_del) {
qprintf(" [%s]\n", (char *)alias_del->data);
alias_del = g_list_next(alias_del);
}
}
qprintf("Pretending to add aliases for user id number [%" PRIu64 "]\n",
useridnr);
if (alias_add) {
qprintf("Pretending to add aliases for user id number [%" PRIu64 "]\n",
useridnr);
alias_add = g_list_first(alias_add);
while (alias_add) {
qprintf(" [%s]\n", (char *)alias_add->data);
@@ -521,6 +521,32 @@ int do_aliases(const uint64_t useridnr,
return result;
}
int do_spasswd(const uint64_t useridnr, const char * const spasswd)
{
if (no_to_all) {
qprintf("Pretending to set security password for user [%" PRIu64 "] to [%s]\n", useridnr, spasswd);
return 1;
}
return db_user_set_security_password(useridnr, spasswd);
}
int do_saction(const uint64_t useridnr, long int saction)
{
if (no_to_all) {
qprintf("Pretending to set security action for user [%" PRIu64 "] to [%ld]\n", useridnr, saction);
return 1;
}
return db_user_set_security_action(useridnr, saction);
}
int do_enable(const uint64_t useridnr, bool enable)
{
if (no_to_all) {
qprintf("Pretending to %s authentication for user [%" PRIu64 "]\n", enable?"enable":"disable", useridnr);
return 1;
}
return db_user_set_active(useridnr, enable);
}
int do_delete(const uint64_t useridnr, const char * const name)
{
@@ -708,7 +734,7 @@ int do_empty(uint64_t useridnr)
qprintf("Emptying mailbox... ");
fflush(stdout);
result = db_empty_mailbox(useridnr);
result = db_empty_mailbox(useridnr, 1);
if (result != 0) {
qerrorf("Error. Please check the log.\n");
} else {
View
@@ -43,16 +43,6 @@ int mkpassword(const char * const user, const char * const passwd,
const char * const passwdtype, const char * const passwdfile,
char ** password, char ** enctype);
struct change_flags {
unsigned int newuser : 1;
unsigned int newmaxmail : 1;
unsigned int newclientid : 1;
unsigned int newpasswd : 1;
unsigned int newpasswdfile : 1;
unsigned int newpasswdstdin : 1;
unsigned int newpasswdshadow : 1;
};
/* The prodigious use of const ensures that programming
* mistakes inside of these functions don't cause us to
* use incorrect values when calling auth_ and db_ internals.
@@ -75,6 +65,9 @@ int do_clientid(const uint64_t useridnr, const uint64_t clientid);
int do_password(const uint64_t useridnr,
const char * const password,
const char * const enctype);
int do_spasswd(const uint64_t useridnr, const char * const password);
int do_saction(const uint64_t useridnr, long int saction);
int do_enable(const uint64_t useridnr, bool enable);
int do_aliases(const uint64_t useridnr,
GList * alias_add,
GList * alias_del);
View
@@ -205,6 +205,9 @@
#define DM_PGSQL_32003 @PGSQL_32003@
#define DM_SQLITE_32003 @SQLITE_32003@
#define DM_MYSQL_32004 @MYSQL_32004@
#define DM_PGSQL_32004 @PGSQL_32004@
#define DM_SQLITE_32004 @SQLITE_32004@
/* include dbmail.conf for autocreation */
#define DM_DEFAULT_CONFIGURATION @DM_DEFAULT_CONFIGURATION@
View
@@ -408,6 +408,7 @@ typedef struct {
Field_T tls_ciphers;
int (*ClientHandler) (client_sock *);
void (*cb) (struct evhttp_request *, void *);
GTree *security_actions;
} ServerConfig_T;
@@ -494,6 +495,7 @@ typedef struct {
gchar *hdrplist;
GList *names;
GTree *headers;
GList *names;
} body_fetch;
View
@@ -496,3 +496,53 @@ char * config_get_pidfile(ServerConfig_T *config, const char *name)
return res;
}
void config_get_security_actions(ServerConfig_T *config)
{
Field_T var;
char **values;
uint64_t *key;
char *value;
if (config->security_actions)
return;
GTree *actions = g_tree_new_full((GCompareDataFunc)ucmp, NULL, g_free, g_free);
memset(var, '\0', sizeof(var));
GETCONFIGVALUE("security_action", "DBMAIL", var);
key = g_new0(uint64_t, 1);
*key = 0;
g_tree_insert(actions, key, g_strdup("NONE"));
key = g_new0(uint64_t, 1);
*key = 1;
g_tree_insert(actions, key, g_strdup("ALL"));
if (strlen(var) > 2) { // 2:a;3:b
int i = 0;
values = g_strsplit(var, ";", 0);
while (values[i]) {
uint64_t tmp = dm_strtoull(values[i], &value, 10);
if ((tmp == 0) || (value == NULL) || (value[0] != ':')) {
TRACE(TRACE_NOTICE, "error parsing security action");
break;
}
if (g_tree_lookup(actions, &tmp)) {
TRACE(TRACE_ERR, "duplicate security action specified [%" PRIu64 "]",
tmp);
TRACE(TRACE_ERR, "ignoring security_action configuration. using defaults.");
break;
}
value++;
key = g_new0(uint64_t, 1);
*key = tmp;
g_tree_insert(actions, key, g_strdup(value));
i++;
}
i = 0;
g_strfreev(values);
}
config->security_actions = actions;
}
View
@@ -71,6 +71,7 @@ void pidfile_create(const char *pidFile, pid_t pid);
void config_get_timeout(ServerConfig_T *config, const char * const service);
void config_get_logfiles(ServerConfig_T *config, const char * const service);
void config_get_security_actions(ServerConfig_T *config);
char * config_get_pidfile(ServerConfig_T *config, const char *name);
char * config_get_statefile(ServerConfig_T *config, const char *name);
Oops, something went wrong.

0 comments on commit b92182c

Please sign in to comment.