Unofficial patches to sendmail for RFC 931 support

Dan Bernstein brnstnd at kramden.acf.nyu.edu
Fri Feb 8 16:11:56 AEST 1991


These are unofficial patches to sendmail 5.65 to stop forgeries. After
you apply these patches and reinstall sendmail, you can use $F in
sendmail.cf for the real user name as determined by RFC 931 (or
``unauthenticated'' in case the sending host doesn't support RFC 931).
I recommend changing the second line of HReceived from

	id $i; $b
to
	id $i; $b, auth $F

These patches should work on sendmail 5.65 (on ucbarpa), sendmail 5.61
(as on gatekeeper), and possibly earlier versions. You must have the
authuser library, part of the authd package posted here recently. Make
sure to add -lauthuser to sendmail's Makefile.

---Dan

*** sendmail.h.old	Thu Nov 17 13:35:08 1988
--- sendmail.h	Thu Feb  7 05:59:32 1991
***************
*** 521,526 ****
--- 521,527 ----
  EXTERN char	*SmtpPhase;	/* current phase in SMTP processing */
  EXTERN char	*MyHostName;	/* name of this host for SMTP messages */
  EXTERN char	*RealHostName;	/* name of host we are talking to */
+ EXTERN char *RealUser; /* name of user we're talking to, given by RFC 931 */
  EXTERN struct	sockaddr_in RealHostAddr;/* address of host we are talking to */
  EXTERN char	*CurHostName;	/* current host we are dealing with */
  EXTERN jmp_buf	TopFrame;	/* branch-to-top-of-loop-on-error frame */
*** srvrsmtp.c.old	Thu Jan 19 18:03:48 1989
--- srvrsmtp.c	Thu Feb  7 06:07:20 1991
***************
*** 240,245 ****
--- 240,249 ----
  				break;
  			define('s', sendinghost, CurEnv);
  			define('r', "SMTP", CurEnv);
+ 			/* RFC 931 sender name---2/7/91 DJB */
+ 			if (RealUser)
+ 			  define('F', RealUser, CurEnv);
+ 
  			initsys();
  			setproctitle("%s %s: %s", CurEnv->e_id,
  				CurHostName, inp);
*** daemon.c.old	Thu Jan 19 18:56:33 1989
--- daemon.c	Thu Feb  7 06:04:49 1991
***************
*** 34,39 ****
--- 34,41 ----
  # include <sys/wait.h>
  # include <sys/time.h>
  # include <sys/resource.h>
+ extern int auth_fd();
+ extern char *auth_tcpuser();
  
  /*
  **  DAEMON.C -- routines to use when running as a daemon.
***************
*** 94,99 ****
--- 96,105 ----
  	register struct servent *sp;
  	int on = 1;
  	extern reapchild();
+ 	unsigned long in;
+ 	unsigned short local;
+ 	unsigned short remote;
+ 	char *user;
  
  	/*
  	**  Set up the address for the mailer.
***************
*** 211,216 ****
--- 217,223 ----
  			**	Collect verified idea of sending host.
  			**	Verify calling user id if possible here.
  			*/
+ 			/* You got it. ---DJB, 2/7/91 */
  
  			(void) signal(SIGCHLD, SIG_DFL);
  
***************
*** 230,235 ****
--- 237,255 ----
  			/* should we check for illegal connection here? XXX */
  
  			RealHostName = newstr(buf);
+ 
+ 			/* RFC 931 support added 2/7/91 by DJB */
+ 			/* We could just use auth_xline but we don't */
+ 			/* know the supposed username yet. */
+ 			if (auth_fd(t,&in,&local,&remote) == -1)
+ 			  user = "unauthenticated"; /* no point in worrying */
+ 			else
+ 			 {
+ 			  user = auth_tcpuser(in,local,remote);
+ 			  if (!user)
+ 			    user = "unauthenticated";
+ 			 }
+ 			RealUser = newstr(user);
  
  			(void) close(DaemonSocket);
  			InChannel = fdopen(t, "r");



More information about the Alt.sources mailing list