Allow sysadmin to set the default policy.

Instead of assuming the empty allow database as a default allow policy,
let the sysadmin pick up the default policy in the configuration file.

diff --git a/popproxy.c b/popproxy.c
index f5f88bd..c69b455 100644 (file)
--- a/popproxy.c
+++ b/popproxy.c
@@ -32,6 +32,8 @@
 #include "hcconn_ssl.h"
 #include "tcp_connect.h"
 
+#include "usermap.h"
+
 #define CONFFILE SYSCONFDIR "/popproxy.conf"
 
 struct pop_address
@@ -187,6 +189,7 @@ int main (int argc, char **argv)
   int server_ssl;
   gchar *certfile;
   gchar *ssl_keyfile;
+  gchar *policy;
   struct pop_address pop_address;
 
   gnutls_global_init ();
@@ -277,6 +280,19 @@ int main (int argc, char **argv)
       g_error_free (error);
     }
 
+  error = NULL;
+  policy = g_key_file_get_string (keyfile, "global", "policy",
+                                  &error);
+  if (policy == NULL && error != NULL)
+    {
+      policy = g_strdup ("deny");
+      g_error_free (error);
+    }
+
+  if (!strcmp (policy, "allow"))
+    ACCESS_DEFAULT = ACCESS_ALLOW;
+  g_free (policy);
+
 
   pop_address.server = server_address;
   pop_address.port = server_port;
@@ -293,6 +309,8 @@ int main (int argc, char **argv)
   pop_log_init ();
 
   g_message ("Listening at %s:%s.", conf_address, port);
+  if (ACCESS_DEFAULT == ACCESS_ALLOW)
+    g_message ("Authorizing users by default.");
 
   if (!foreground)
     daemon (0, 0);

diff --git a/popproxy.conf b/popproxy.conf
index fc558ca..54675f2 100644 (file)
--- a/popproxy.conf
+++ b/popproxy.conf
@@ -7,3 +7,4 @@ server_port = 995
 server_ssl = 1
 certfile = cert.pem
 keyfile = key.pem
+policy = allow

diff --git a/usermap.c b/usermap.c
index 40e0aab..9b8cb62 100644 (file)
--- a/usermap.c
+++ b/usermap.c
@@ -20,9 +20,10 @@
 
 #include <string.h>
 #include <gdbm.h>
-#include <stdlib.h>
 #include "usermap.h"
 
+int ACCESS_DEFAULT = ACCESS_DENY;
+
 int
 usermap_perm (char *user)
 {
@@ -33,21 +34,13 @@ usermap_perm (char *user)
   datum key;
   key.dptr = user;
   key.dsize = strlen (user);
-  int allow_users = 0;
   allow_db = gdbm_open ("/var/lib/popproxy/allow.db",
                         0, GDBM_READER, 0, NULL);
   deny_db = gdbm_open ("/var/lib/popproxy/deny.db",
                        0, GDBM_READER, 0, NULL);
   if (allow_db)
     {
-      datum allow_fk;
       allow = gdbm_exists (allow_db, key);
-      allow_fk = gdbm_firstkey (allow_db);
-      if (allow_fk.dptr)
-        {
-          allow_users = 1;
-          free (allow_fk.dptr);
-        }
       gdbm_close (allow_db);
     }
   if (deny_db)
@@ -59,7 +52,5 @@ usermap_perm (char *user)
     return ACCESS_DENY;
   if (allow)
     return ACCESS_ALLOW;
-  if (allow_users == 0)
-    return ACCESS_ALLOW;
-  return ACCESS_DENY;
+  return ACCESS_DEFAULT;
 }

diff --git a/usermap.h b/usermap.h
index 836efe1..363a778 100644 (file)
--- a/usermap.h
+++ b/usermap.h
@@ -29,4 +29,6 @@ enum
 
 int usermap_perm (char *);
 
+extern int ACCESS_DEFAULT;
+
 #endif