offering limited pop access

Wesley Craig wes at umich.edu
Thu Oct 30 13:51:23 EDT 2008 

On 30 Oct 2008, at 12:54, Andreas Winkelmann wrote:
> Service-Name itself is the given name of the Daemon from  
> cyrus.conf. It is not
> the service Name from Cyrus-SASL. Separating Options between the  
> Daemons is
> not a Cyrus-SASL Feature it is a Cyrus-IMAP Feature. You can use it  
> for other
> Options than Cyrus-SASL Options in imapd.conf, too.


I notice that pop3d.c doesn't seem to use the sasl_service from  
pop3_protocol.  Instead, it appears to be hard coded in imap/pop3d.c  
service_main() around line 510:

     if (sasl_server_new("pop", config_servername, NULL, NULL, NULL,
                         NULL, 0, &popd_saslconn) != SASL_OK)

I believe that first argument is the one that's passed to the  
callbacks below as plugin_name.  I could be wrong, I haven't tested  
this at all, I've only been looking over the code, in order to answer  
the earlier question of "how could I know about this hard to find  
option".

Again, looking at the code, I see two places when the config option  
is not constant, i.e., it's built from components.  The first is in  
imap/global.c:

/* this is a wrapper to call the cyrus configuration from SASL */
int mysasl_config(void *context __attribute__((unused)),
                   const char *plugin_name,
                   const char *option,
                   const char **result,
                   unsigned *len)
{
...
         if (plugin_name) {
             /* first try it with the plugin name */
             strlcpy(opt, "sasl_", sizeof(opt));
             strlcat(opt, plugin_name, sizeof(opt));
             strlcat(opt, "_", sizeof(opt));
             strlcat(opt, option, sizeof(opt));
             *result = config_getoverflowstring(opt, NULL);
         }

         if (*result == NULL) {
             /* try without the plugin name */
             strlcpy(opt, "sasl_", sizeof(opt));
             strlcat(opt, option, sizeof(opt));
             *result = config_getoverflowstring(opt, NULL);
         }
...

The sasl_<someoption> seems to be pretty well described in the man  
page for imapd.conf.  The method with the plugin_name  
(sasl_<plugin_name>_<someoption>) wasn't in the documentation that I  
could find.  The second place is in imap/backend.c:

static int backend_authenticate(struct backend *s, struct protocol_t  
*prot,
                                 char **mechlist, const char *userid,
                                 sasl_callback_t *cb, const char  
**status)
{
...
         strlcpy(optstr, s->hostname, sizeof(optstr));
         p = strchr(optstr, '.');
         if (p) *p = '\0';
         strlcat(optstr, "_password", sizeof(optstr));
         pass = config_getoverflowstring(optstr, NULL);
         if(!pass) pass = config_getstring(IMAPOPT_PROXY_PASSWORD);
...
     /* Get SASL mechanism list.  We can force a particular
        mechanism using a <shorthost>_mechs option */
     strcpy(buf, s->hostname);
     p = strchr(buf, '.');
     if (p) *p = '\0';
     strcat(buf, "_mechs");
     mech_conf = config_getoverflowstring(buf, NULL);
...

Using <hostname>_mech and <hostname>_password both seem to be pretty  
well documented, tho there was a discussion two weeks ago that the  
short hostname is not well defined and that perhaps the configured  
hostname should also be tried.

:wes

More information about the Info-cyrus mailing list