Instead of assuming the empty allow database as a default allow policy,
let the sysadmin pick up the default policy in the configuration file.
#include "hcconn_ssl.h"
#include "tcp_connect.h"
#include "hcconn_ssl.h"
#include "tcp_connect.h"
#define CONFFILE SYSCONFDIR "/popproxy.conf"
struct pop_address
#define CONFFILE SYSCONFDIR "/popproxy.conf"
struct pop_address
int server_ssl;
gchar *certfile;
gchar *ssl_keyfile;
int server_ssl;
gchar *certfile;
gchar *ssl_keyfile;
struct pop_address pop_address;
gnutls_global_init ();
struct pop_address pop_address;
gnutls_global_init ();
+ error = NULL;
+ policy = g_key_file_get_string (keyfile, "global", "policy",
+ &error);
+ if (policy == NULL && error != NULL)
+ {
+ policy = g_strdup ("deny");
+ g_error_free (error);
+ }
+
+ if (!strcmp (policy, "allow"))
+ ACCESS_DEFAULT = ACCESS_ALLOW;
+ g_free (policy);
+
pop_address.server = server_address;
pop_address.port = server_port;
pop_address.server = server_address;
pop_address.port = server_port;
pop_log_init ();
g_message ("Listening at %s:%s.", conf_address, port);
pop_log_init ();
g_message ("Listening at %s:%s.", conf_address, port);
+ if (ACCESS_DEFAULT == ACCESS_ALLOW)
+ g_message ("Authorizing users by default.");
if (!foreground)
daemon (0, 0);
if (!foreground)
daemon (0, 0);
server_ssl = 1
certfile = cert.pem
keyfile = key.pem
server_ssl = 1
certfile = cert.pem
keyfile = key.pem
#include <string.h>
#include <gdbm.h>
#include <string.h>
#include <gdbm.h>
+int ACCESS_DEFAULT = ACCESS_DENY;
+
int
usermap_perm (char *user)
{
int
usermap_perm (char *user)
{
datum key;
key.dptr = user;
key.dsize = strlen (user);
datum key;
key.dptr = user;
key.dsize = strlen (user);
allow_db = gdbm_open ("/var/lib/popproxy/allow.db",
0, GDBM_READER, 0, NULL);
deny_db = gdbm_open ("/var/lib/popproxy/deny.db",
0, GDBM_READER, 0, NULL);
if (allow_db)
{
allow_db = gdbm_open ("/var/lib/popproxy/allow.db",
0, GDBM_READER, 0, NULL);
deny_db = gdbm_open ("/var/lib/popproxy/deny.db",
0, GDBM_READER, 0, NULL);
if (allow_db)
{
allow = gdbm_exists (allow_db, key);
allow = gdbm_exists (allow_db, key);
- allow_fk = gdbm_firstkey (allow_db);
- if (allow_fk.dptr)
- {
- allow_users = 1;
- free (allow_fk.dptr);
- }
gdbm_close (allow_db);
}
if (deny_db)
gdbm_close (allow_db);
}
if (deny_db)
return ACCESS_DENY;
if (allow)
return ACCESS_ALLOW;
return ACCESS_DENY;
if (allow)
return ACCESS_ALLOW;
- if (allow_users == 0)
- return ACCESS_ALLOW;
- return ACCESS_DENY;
int usermap_perm (char *);
int usermap_perm (char *);
+extern int ACCESS_DEFAULT;
+