updated on Wed Jan 25 00:20:47 UTC 2012

[aur-mirror.git] / qmail / qmail-authentication-064.patch

diff -u --new-file qmail-1.03-orig/base64.c qmail-1.03/base64.c
--- qmail-1.03-orig/base64.c    1969-12-31 21:00:00.000000000 -0300
+++ qmail-1.03/base64.c 2006-03-21 18:40:50.000000000 -0300
@@ -0,0 +1,122 @@
+#include "base64.h"
+#include "stralloc.h"
+#include "substdio.h"
+#include "str.h"
+
+static char *b64alpha =
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+#define B64PAD '='
+
+/* returns 0 ok, 1 illegal, -1 problem */
+
+int b64decode(in,l,out)
+const unsigned char *in;
+int l;
+stralloc *out; /* not null terminated */
+{
+  int p = 0;
+  int n;
+  unsigned int x;
+  int i, j;
+  char *s;
+  unsigned char b[3];
+
+  if (l == 0)
+  {
+    if (!stralloc_copys(out,"")) return -1;
+    return 0;
+  }
+
+  while(in[l-1] == B64PAD) {
+    p ++;
+    l--;
+  }
+
+  n = (l + p) / 4;
+  out->len = (n * 3) - p;
+  if (!stralloc_ready(out,out->len)) return -1;
+  s = out->s;
+
+  for(i = 0; i < n - 1 ; i++) {
+    x = 0;
+    for(j = 0; j < 4; j++) {
+      if(in[j] >= 'A' && in[j] <= 'Z')
+        x = (x << 6) + (unsigned int)(in[j] - 'A' + 0);
+      else if(in[j] >= 'a' && in[j] <= 'z')
+        x = (x << 6) + (unsigned int)(in[j] - 'a' + 26);
+      else if(in[j] >= '0' && in[j] <= '9')
+        x = (x << 6) + (unsigned int)(in[j] - '0' + 52);
+      else if(in[j] == '+')
+        x = (x << 6) + 62;
+      else if(in[j] == '/')
+        x = (x << 6) + 63;
+      else if(in[j] == '=')
+        x = (x << 6);
+    }
+
+    s[2] = (unsigned char)(x & 255); x >>= 8;
+    s[1] = (unsigned char)(x & 255); x >>= 8;
+    s[0] = (unsigned char)(x & 255); x >>= 8;
+    s += 3; in += 4;
+  }
+
+  x = 0;
+  for(j = 0; j < 4; j++) {
+    if(in[j] >= 'A' && in[j] <= 'Z')
+      x = (x << 6) + (unsigned int)(in[j] - 'A' + 0);
+    else if(in[j] >= 'a' && in[j] <= 'z')
+      x = (x << 6) + (unsigned int)(in[j] - 'a' + 26);
+    else if(in[j] >= '0' && in[j] <= '9')
+      x = (x << 6) + (unsigned int)(in[j] - '0' + 52);
+    else if(in[j] == '+')
+      x = (x << 6) + 62;
+    else if(in[j] == '/')
+      x = (x << 6) + 63;
+    else if(in[j] == '=')
+      x = (x << 6);
+  }
+
+  b[2] = (unsigned char)(x & 255); x >>= 8;
+  b[1] = (unsigned char)(x & 255); x >>= 8;
+  b[0] = (unsigned char)(x & 255); x >>= 8;
+
+  for(i = 0; i < 3 - p; i++)
+    s[i] = b[i];
+
+  return 0;
+}
+
+int b64encode(in,out)
+stralloc *in;
+stralloc *out; /* not null terminated */
+{
+  unsigned char a, b, c;
+  int i;
+  char *s;
+
+  if (in->len == 0)
+  {
+    if (!stralloc_copys(out,"")) return -1;
+    return 0;
+  }
+
+  if (!stralloc_ready(out,in->len / 3 * 4 + 4)) return -1;
+  s = out->s;
+
+  for (i = 0;i < in->len;i += 3) {
+    a = in->s[i];
+    b = i + 1 < in->len ? in->s[i + 1] : 0;
+    c = i + 2 < in->len ? in->s[i + 2] : 0;
+
+    *s++ = b64alpha[a >> 2];
+    *s++ = b64alpha[((a & 3 ) << 4) | (b >> 4)];
+
+    if (i + 1 >= in->len) *s++ = B64PAD;
+    else *s++ = b64alpha[((b & 15) << 2) | (c >> 6)];
+
+    if (i + 2 >= in->len) *s++ = B64PAD;
+    else *s++ = b64alpha[c & 63];
+  }
+  out->len = s - out->s;
+  return 0;
+}
diff -u --new-file qmail-1.03-orig/base64.h qmail-1.03/base64.h
--- qmail-1.03-orig/base64.h    1969-12-31 21:00:00.000000000 -0300
+++ qmail-1.03/base64.h 2006-03-21 18:40:50.000000000 -0300
@@ -0,0 +1,7 @@
+#ifndef BASE64_H
+#define BASE64_H
+
+extern int b64decode();
+extern int b64encode();
+
+#endif
diff -u --new-file qmail-1.03-orig/case_startb.c qmail-1.03/case_startb.c
--- qmail-1.03-orig/case_startb.c       1969-12-31 21:00:00.000000000 -0300
+++ qmail-1.03/case_startb.c    2006-03-21 18:40:50.000000000 -0300
@@ -0,0 +1,21 @@
+#include "case.h"
+
+int case_startb(s,len,t)
+register char *s;
+unsigned int len;
+register char *t;
+{
+  register unsigned char x;
+  register unsigned char y;
+
+  for (;;) {
+    y = *t++ - 'A';
+    if (y <= 'Z' - 'A') y += 'a'; else y += 'A';
+    if (!y) return 1;
+    if (!len) return 0;
+    --len;
+    x = *s++ - 'A';
+    if (x <= 'Z' - 'A') x += 'a'; else x += 'A';
+    if (x != y) return 0;
+  }
+}
diff -u --new-file qmail-1.03-orig/FILES.auth qmail-1.03/FILES.auth
--- qmail-1.03-orig/FILES.auth  1969-12-31 21:00:00.000000000 -0300
+++ qmail-1.03/FILES.auth       2006-03-21 18:40:50.000000000 -0300
@@ -0,0 +1,24 @@
+The qmail-smtpd Auth patch modifies the following QMAIL 1.03 files:
+
+= TARGETS
+= Makefile
+= qmail-smtpd.c
+= qmail-smtpd.8
+= qmail-remote.c
+= qmail-remote.8
+= qmail-showctl.c
+= qmail-control.9
+
+Added files:
+
++ base64.c
++ base64.h
++ case_startb.c
+
+Informational files:
+
+% install_auth.sh  (Installation shell script)
+% LICENSE.authentication (some sort of ...)
+% README.auth
+% README.auth.old (old description of SMTP Auth)
+% README.qmail-remote-auth (ASCII version of Bjoern Kalkbrenner index.html) 
diff -u --new-file qmail-1.03-orig/install_authentication.sh qmail-1.03/install_authentication.sh
--- qmail-1.03-orig/install_authentication.sh   1969-12-31 21:00:00.000000000 -0300
+++ qmail-1.03/install_authentication.sh        2006-03-21 18:40:50.000000000 -0300
@@ -0,0 +1,100 @@
+#!/bin/sh
+#
+# qmail-smtpd AUTH (UN)INSTALL Script (install_auth.sh)
+# -----------------------------------------------------
+#
+# Purpose:      To install and uninstall the qmail-smtpd Authentication Patch
+#
+# Parameters:   -u (uninstall)
+#              VRF (Version to be uninstalled)
+#
+# Usage:        ./install_auth.sh [-u] [Version]
+#
+#              Installation:   ./install_auth.sh
+#              Uninstallation: ./install_auth.sh -u 105
+#
+# Return Codes: 0 - Patches applied successfully
+#              1 - Original QMAIL files not found (Patch not extracted in QMAIL source directory)
+#              2 - Patch files not found 
+#
+# Output:      install_auth.log
+#
+# History:      1.0.0 - Erwin Hoffmann - Initial release
+#              1.0.1 -                - grep fix; Gentoo fix
+#              1.0.2 -                  removed '-v' optio for cp
+#              1.0.3 -                  mods for 'qmail authentication'
+#
+#---------------------------------------------------------------------------------------
+#
+DATE=$(date)
+LOCDIR=${PWD}
+QMAILHOME=$(head -n 1 conf-qmail)
+SOLARIS=$(sh ./find-systype.sh | grep -ci "SunOS")
+LOGFILE=auth.log
+TARGETS=FILES.auth
+IFSKEEP=${IFS}
+REL=064 # Should be identical to qmail AUTH level
+BUILD=2005178232427
+
+
+if [ $# -eq 0 ] ; then
+
+       echo "Installing qmail-smtpd AUTH $REL (Build $BUILD) at $DATE <<<" | tee -a $LOGFILE 2>&1 
+
+       for FILE in $(grep "^= " ${TARGETS} | awk '{print $2}'); do
+               echo "Targeting file $FILE ..." | tee -a $LOGFILE 2>&1
+               if [ -s ${FILE} ] ; then
+                       cp ${FILE} ${FILE}.$REL | tee -a $LOGFILE 2>&1
+                       echo "--> ${FILE} copied to ${FILE}.$REL" | tee -a $LOGFILE 2>&1
+               else
+                       echo "${FILE} not found !"
+                       exit 1
+               fi
+               if [ -s ${FILE}.patch ] ; then
+                       if [ ${SOLARIS} -gt 0 ]; then
+                               echo "--> Patching qmail source file ${FILE} for Solaris ...." | tee -a $LOGFILE 2>&1
+                               patch -i ${FILE}.patch ${FILE} 2>&1 | tee -a $LOGFILE
+                       else
+                               echo "--> Patching qmail source file ${FILE}  ...." | tee -a $LOGFILE 2>&1
+                               patch ${FILE} ${FILE}.patch 2>&1 | tee -a $LOGFILE
+                       fi
+               else
+                       echo "!! ${FILE}.patch not found !"
+                       exit 2
+               fi
+       done 
+
+
+       echo "Copying documentation and samples to ${QMAILHOME}/doc/ ..." | tee -a $LOGFILE 2>&1 
+
+       cp README.auth* ${QMAILHOME}/doc/ | tee -a $LOGFILE 2>&1
+       echo ""
+       echo "If you dont wont CRAM-MD5 suport disable '#define CRAM_MD5' in qmail-smtpd !"
+       echo "Installation of qmail authentication $REL (Build $BUILD) finished at $DATE <<<" | tee -a $LOGFILE 2>&1 
+
+# Now go for the uninstallation....
+
+elif [ "$1" = "-u" ] ; then
+
+# Get the Version Number from INPUT 
+
+       if [ $# -eq 2 ] ; then
+               REL=$2
+       fi
+
+       echo "De-installing qmail authentication $REL (Build $BUILD) at $DATE <<<" | tee -a $LOGFILE 2>&1 
+
+       for FILE in $(grep "^= " ${TARGETS} | awk '{print $2}'); do
+               echo "Targeting file $FILE ..." | tee -a $LOGFILE 2>&1
+               if [ -s ${FILE}.$REL ] ; then
+                       mv ${FILE}.$REL ${FILE} | tee -a $LOGFILE 2>&1
+                       touch ${FILE}
+                       echo "--> ${FILE}.$REL moved to ${FILE}" | tee -a $LOGFILE 2>&1
+               else
+                       echo "!! ${FILE}.$REL not found !"
+               fi
+       done
+       echo "De-installation of qmail authentication $REL (Build $BUILD) finished at $DATE <<<" | tee -a $LOGFILE 2>&1 
+fi
+
+exit 0
diff -u --new-file qmail-1.03-orig/LICENSE.authentication qmail-1.03/LICENSE.authentication
--- qmail-1.03-orig/LICENSE.authentication      1969-12-31 21:00:00.000000000 -0300
+++ qmail-1.03/LICENSE.authentication   2006-03-21 18:40:50.000000000 -0300
@@ -0,0 +1,43 @@
+AUTHOR
+======
+
+Author:
+       Dr. Erwin Hoffmann - FEHCom Germany
+Web-Site:      
+       http://www.fehcom.de/qmail.html
+E-Mail:        
+       feh@fehcom.de
+
+
+LICENSE
+=======
+
+qmail AUTHENTICATION is free software.
+This includes:
+       You can download and use qmail AUTHENTICATION (and parts of it) as you like.
+       You can modify the source code without notification to or permission by the author.
+Please check:
+       http://www.cr.yp.to/softwarelaw.html
+
+
+DEPENDENCIES
+============
+
+qmail AUTHENTICATION patches (modifies) parts of the qmail-1.03 source files.
+It should only be applied against the source as supplied by D.J. Bernstein.
+
+
+FITNESS
+=======
+
+The Author does not guarantee a specific fitness of qmail AUTHENTICATION.
+If you use qmail AUTHENTICATION, it's on your own risk.
+
+
+DISTRIBUTION
+============
+
+qmail AUTHENTICATION may be included in ports and packages under the following conditions:
+       The port/package has to show the current version number of qmail AUTHENTICATION.
+       All files (namely this) have to be included.
+
diff -u --new-file qmail-1.03-orig/Makefile qmail-1.03/Makefile
--- qmail-1.03-orig/Makefile    2006-03-21 18:39:35.000000000 -0300
+++ qmail-1.03/Makefile 2006-03-21 18:44:49.000000000 -0300
@@ -106,6 +106,10 @@
 compile auto_usera.c
        ./compile auto_usera.c
 
+base64.o: \
+compile base64.c base64.h stralloc.h substdio.h str.h
+       ./compile base64.c
+
 binm1: \
 binm1.sh conf-qmail
        cat binm1.sh \
@@ -1456,12 +1460,12 @@
 load qmail-remote.o control.o timeoutread.o timeoutwrite.o \
 timeoutconn.o constmap.o tcpto.o now.o dns.o ip.o ipalloc.o ipme.o quote.o \
 ndelay.a case.a sig.a open.a lock.a seek.a getln.a stralloc.a alloc.a \
-substdio.a error.a str.a fs.a auto_qmail.o dns.lib socket.lib
+substdio.a error.a str.a fs.a auto_qmail.o dns.lib base64.o socket.lib
        ./load qmail-remote control.o timeoutread.o \
        timeoutwrite.o timeoutconn.o constmap.o tcpto.o now.o dns.o ip.o \
        ipalloc.o ipme.o quote.o ndelay.a case.a sig.a open.a \
        lock.a seek.a getln.a stralloc.a alloc.a substdio.a error.a \
-       str.a fs.a auto_qmail.o  `cat dns.lib` `cat socket.lib`
+       str.a fs.a auto_qmail.o base64.o `cat dns.lib` `cat socket.lib`
 
 qmail-remote.0: \
 qmail-remote.8
@@ -1551,13 +1555,13 @@
 ucspitls.o \
 date822fmt.o now.o qmail.o cdb.a fd.a wait.a datetime.a getln.a \
 open.a sig.a case.a env.a stralloc.a alloc.a substdio.a error.a str.a \
-fs.a auto_qmail.o socket.lib
+fs.a auto_qmail.o base64.o socket.lib
        ./load qmail-smtpd rcpthosts.o commands.o timeoutread.o \
        timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \
        ucspitls.o \
        received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \
        datetime.a getln.a open.a sig.a case.a env.a stralloc.a \
-       alloc.a substdio.a error.a str.a fs.a auto_qmail.o  `cat \
+       alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o `cat \
        socket.lib`
 
 qmail-smtpd.0: \
@@ -1569,7 +1573,7 @@
 substdio.h alloc.h auto_qmail.h control.h received.h constmap.h \
 error.h ipme.h ip.h ipalloc.h ip.h gen_alloc.h ip.h qmail.h \
 substdio.h str.h fmt.h scan.h byte.h case.h env.h now.h datetime.h \
-exit.h rcpthosts.h timeoutread.h timeoutwrite.h commands.h
+exit.h rcpthosts.h timeoutread.h timeoutwrite.h commands.h base64.h
        ./compile qmail-smtpd.c
 
 qmail-start: \
Subdirectorios comunes: qmail-1.03-orig/qmail-rhinit y qmail-1.03/qmail-rhinit
diff -u --new-file qmail-1.03-orig/qmail-smtpd.8 qmail-1.03/qmail-smtpd.8
--- qmail-1.03-orig/qmail-smtpd.8       2006-03-21 18:39:35.000000000 -0300
+++ qmail-1.03/qmail-smtpd.8    2006-03-21 18:46:16.000000000 -0300
@@ -23,7 +23,30 @@
 header fields.
 
 .B qmail-smtpd
-supports ESMTP, including the 8BITMIME and PIPELINING options.
+supports ESMTP, including the 8BITMIME, DATA, PIPELINING, SIZE, and AUTH options.
+.B qmail-smtpd
+includes a \'MAIL FROM:\' parameter parser and obeys \'Auth\' and \'Size\' advertisements.
+.B qmail-smtpd
+can accept LOGIN, PLAIN, and CRAM-MD5 AUTH types. It invokes
+.IR checkprogram ,
+which reads on file descriptor 3 the username, a 0 byte, the password
+or CRAM-MD5 digest/response derived from the SMTP client,
+another 0 byte, a CRAM-MD5 challenge (if applicable to the AUTH type),
+and a final 0 byte.
+.I checkprogram
+invokes
+.I subprogram
+upon successful authentication, which should in turn return 0 to
+.BR qmail-smtpd ,
+effectively setting the environment variables $RELAYCLIENT and $TCPREMOTEINFO
+(any supplied value replaced with the authenticated username).
+.B qmail-smtpd
+will reject the authentication attempt if it receives a nonzero return
+value from
+.I checkprogram
+or
+.IR subprogram .
+
 .SH TRANSPARENCY
 .B qmail-smtpd
 converts the SMTP newline convention into the UNIX newline convention
diff -u --new-file qmail-1.03-orig/qmail-smtpd.c qmail-1.03/qmail-smtpd.c
--- qmail-1.03-orig/qmail-smtpd.c       2006-03-21 18:39:35.000000000 -0300
+++ qmail-1.03/qmail-smtpd.c    2006-03-21 18:53:10.000000000 -0300
@@ -24,6 +24,10 @@
 #include "timeoutwrite.h"
 #include "commands.h"
 #include "ucspitls.h"
+#include "wait.h"
+
+#define CRAM_MD5
+#define AUTHSLEEP 5
 
 #define MAXHOPS 100
 unsigned int databytes = 0;
@@ -51,6 +55,7 @@
 void die_control() { out("421 unable to read controls (#4.3.0)\r\n"); flush(); _exit(1); }
 void die_ipme() { out("421 unable to figure out my IP addresses (#4.3.0)\r\n"); flush(); _exit(1); }
 void straynewline() { out("451 See http://pobox.com/~djb/docs/smtplf.html.\r\n"); flush(); _exit(1); }
+void err_size() { out("552 sorry, that message size exceeds my databytes limit (#5.3.4)\r\n"); }
 void die_syserr() { out("421 system error (#4.3.0)\r\n"); flush(); _exit(1); }
 
 void err_bmf() { out("553 sorry, your envelope sender is in my badmailfrom list (#5.7.1)\r\n"); }
@@ -63,6 +68,16 @@
 void err_vrfy() { out("252 send some mail, i'll try my best\r\n"); }
 void err_qqt() { out("451 qqt failure (#4.3.0)\r\n"); }
 
+int err_child() { out("454 oops, problem with child and I can't auth (#4.3.0)\r\n"); return -1; }
+int err_fork() { out("454 oops, child won't start and I can't auth (#4.3.0)\r\n"); return -1; }
+int err_pipe() { out("454 oops, unable to open pipe and I can't auth (#4.3.0)\r\n"); return -1; }
+int err_write() { out("454 oops, unable to write pipe and I can't auth (#4.3.0)\r\n"); return -1; }
+void err_authd() { out("503 you're already authenticated (#5.5.0)\r\n"); }
+void err_authmail() { out("503 no auth during mail transaction (#5.5.0)\r\n"); }
+int err_noauth() { out("504 auth type unimplemented (#5.5.1)\r\n"); return -1; }
+int err_authabrt() { out("501 auth exchange canceled (#5.0.0)\r\n"); return -1; }
+int err_input() { out("501 malformed auth input (#5.5.4)\r\n"); return -1; }
+void err_authfail() { out("535 authentication failed (#5.7.1)\r\n"); }
 
 stralloc greeting = {0};
 
@@ -80,6 +95,7 @@
   smtp_greet("221 "); out("\r\n"); flush(); _exit(0);
 }
 
+char *protocol;
 char *remoteip;
 char *remotehost;
 char *remoteinfo;
@@ -126,6 +142,7 @@
   if (x) { scan_ulong(x,&u); databytes = u; }
   if (!(databytes + 1)) --databytes;
  
+  protocol = "SMTP";
   remoteip = env_get("TCPREMOTEIP");
   if (!remoteip) remoteip = "unknown";
   local = env_get("TCPLOCALHOST");
@@ -223,8 +240,70 @@
 
 int seenmail = 0;
 int flagbarf; /* defined if seenmail */
+int flagsize;
 stralloc mailfrom = {0};
 stralloc rcptto = {0};
+stralloc fuser = {0};
+stralloc mfparms = {0};
+
+int mailfrom_size(arg) char *arg;
+{
+  long r;
+  unsigned long sizebytes = 0;
+
+  scan_ulong(arg,&r);
+  sizebytes = r;
+  if (databytes) if (sizebytes > databytes) return 1;
+  return 0;
+}
+
+void mailfrom_auth(arg,len) 
+char *arg; 
+int len;
+{
+  int j;
+
+  if (!stralloc_copys(&fuser,"")) die_nomem();
+  if (case_starts(arg,"<>")) { if (!stralloc_cats(&fuser,"unknown")) die_nomem(); }
+  else 
+    while (len) {
+      if (*arg == '+') {
+        if (case_starts(arg,"+3D")) { arg=arg+2; len=len-2; if (!stralloc_cats(&fuser,"=")) die_nomem(); }
+        if (case_starts(arg,"+2B")) { arg=arg+2; len=len-2; if (!stralloc_cats(&fuser,"+")) die_nomem(); }
+      }
+      else
+        if (!stralloc_catb(&fuser,arg,1)) die_nomem();
+      arg++; len--;
+    }
+  if(!stralloc_0(&fuser)) die_nomem();
+  if (!remoteinfo) {
+    remoteinfo = fuser.s;
+    if (!env_unset("TCPREMOTEINFO")) die_read();
+    if (!env_put2("TCPREMOTEINFO",remoteinfo)) die_nomem();
+  }
+}
+
+void mailfrom_parms(arg) char *arg;
+{
+  int i;
+  int len;
+
+    len = str_len(arg);
+    if (!stralloc_copys(&mfparms,"")) die_nomem;
+    i = byte_chr(arg,len,'>');
+    if (i > 4 && i < len) {
+      while (len) {
+        arg++; len--; 
+        if (*arg == ' ' || *arg == '\0' ) {
+           if (case_starts(mfparms.s,"SIZE=")) if (mailfrom_size(mfparms.s+5)) { flagsize = 1; return; }
+           if (case_starts(mfparms.s,"AUTH=")) mailfrom_auth(mfparms.s+5,mfparms.len-5);  
+           if (!stralloc_copys(&mfparms,"")) die_nomem;
+        }
+        else
+          if (!stralloc_catb(&mfparms,arg,1)) die_nomem; 
+      }
+    }
+}
 
 void smtp_helo(arg) char *arg;
 {
@@ -233,10 +312,21 @@
 }
 void smtp_ehlo(arg) char *arg;
 {
-  smtp_greet("250-");
+
+  char size[FMT_ULONG];
+  size[fmt_ulong(size,(unsigned int) databytes)] = 0;
+  smtp_greet("250-"); 
   if (tls_available && !tls_started)
     out("\r\n250-STARTTLS");
-  out("\r\n250-PIPELINING\r\n250 8BITMIME\r\n");
+  out("\r\n250-PIPELINING\r\n250-8BITMIME\r\n");
+  out("250-SIZE "); out(size); out("\r\n");
+#ifdef CRAM_MD5
+  out("250-AUTH=LOGIN PLAIN CRAM-MD5\r\n");
+  out("250 AUTH LOGIN PLAIN CRAM-MD5\r\n");
+#else
+  out("250-AUTH=LOGIN PLAIN\r\n");
+  out("250 AUTH LOGIN PLAIN\r\n");
+#endif
   seenmail = 0; dohelo(arg);
 }
 void smtp_rset()
@@ -247,6 +335,9 @@
 void smtp_mail(arg) char *arg;
 {
   if (!addrparse(arg)) { err_syntax(); return; }
+  flagsize = 0;
+  mailfrom_parms(arg);
+  if (flagsize) { err_size(); return; }
   flagbarf = bmfcheck();
   seenmail = 1;
   if (!stralloc_copys(&rcptto,"")) die_nomem();
@@ -401,7 +492,7 @@
   qp = qmail_qp(&qqt);
   out("354 go ahead\r\n");
  
-  received(&qqt,"SMTP",local,remoteip,remotehost,remoteinfo,fakehelo);
+  received(&qqt,protocol,local,remoteip,remotehost,remoteinfo,fakehelo);
   blast(&hops);
   hops = (hops >= MAXHOPS);
   if (hops) qmail_fail(&qqt);
@@ -411,16 +502,244 @@
   qqx = qmail_close(&qqt);
   if (!*qqx) { acceptmessage(qp); return; }
   if (hops) { out("554 too many hops, this message is looping (#5.4.6)\r\n"); return; }
-  if (databytes) if (!bytestooverflow) { out("552 sorry, that message size exceeds my databytes limit (#5.3.4)\r\n"); return; }
+  if (databytes) if (!bytestooverflow) { err_size(); return; }
   if (*qqx == 'D') out("554 "); else out("451 ");
   out(qqx + 1);
   out("\r\n");
 }
 
+/* this file is too long ----------------------------------------- SMTP AUTH */
+
+char unique[FMT_ULONG + FMT_ULONG + 3];
+static stralloc authin = {0};   /* input from SMTP client */
+static stralloc user = {0};
+static stralloc pass = {0};     /* plain passwd or digest */
+static stralloc resp = {0};     /* b64 response */
+#ifdef CRAM_MD5
+static stralloc chal = {0};     /* plain challenge */
+static stralloc slop = {0};     /* b64 challenge */
+#endif
+
+int flagauth = 0;
+char **childargs;
+char ssauthbuf[512];
+substdio ssauth = SUBSTDIO_FDBUF(safewrite,3,ssauthbuf,sizeof(ssauthbuf));
+
+int authgetl(void) {
+  int i;
+
+  if (!stralloc_copys(&authin,"")) die_nomem();
+  for (;;) {
+    if (!stralloc_readyplus(&authin,1)) die_nomem(); /* XXX */
+    i = substdio_get(&ssin,authin.s + authin.len,1);
+    if (i != 1) die_read();
+    if (authin.s[authin.len] == '\n') break;
+    ++authin.len;
+  }
+
+  if (authin.len > 0) if (authin.s[authin.len - 1] == '\r') --authin.len;
+  authin.s[authin.len] = 0;
+  if (*authin.s == '*' && *(authin.s + 1) == 0) { return err_authabrt(); }
+  if (authin.len == 0) { return err_input(); }
+  return authin.len;
+}
+
+int authenticate(void)
+{
+  int child;
+  int wstat;
+  int pi[2];
+
+  if (!stralloc_0(&user)) die_nomem();
+  if (!stralloc_0(&pass)) die_nomem();
+#ifdef CRAM_MD5
+  if (!stralloc_0(&chal)) die_nomem();
+#endif
+
+  if (pipe(pi) == -1) return err_pipe();
+  switch(child = fork()) {
+    case -1:
+      return err_fork();
+    case 0:
+      close(pi[1]);
+      if(fd_copy(3,pi[0]) == -1) return err_pipe();
+      sig_pipedefault();
+        execvp(*childargs, childargs);
+      _exit(1);
+  }
+  close(pi[0]);
+
+  substdio_fdbuf(&ssauth,write,pi[1],ssauthbuf,sizeof ssauthbuf);
+  if (substdio_put(&ssauth,user.s,user.len) == -1) return err_write();
+  if (substdio_put(&ssauth,pass.s,pass.len) == -1) return err_write();
+#ifdef CRAM_MD5
+  if (substdio_put(&ssauth,chal.s,chal.len) == -1) return err_write();
+#endif
+  if (substdio_flush(&ssauth) == -1) return err_write();
+
+  close(pi[1]);
+#ifdef CRAM_MD5
+  if (!stralloc_copys(&chal,"")) die_nomem();
+  if (!stralloc_copys(&slop,"")) die_nomem();
+#endif
+  byte_zero(ssauthbuf,sizeof ssauthbuf);
+  if (wait_pid(&wstat,child) == -1) return err_child();
+  if (wait_crashed(wstat)) return err_child();
+  if (wait_exitcode(wstat)) { sleep(AUTHSLEEP); return 1; } /* no */
+  return 0; /* yes */
+}
+
+int auth_login(arg) char *arg;
+{
+  int r;
+
+  if (*arg) {
+    if (r = b64decode(arg,str_len(arg),&user) == 1) return err_input();
+  }
+  else {
+    out("334 VXNlcm5hbWU6\r\n"); flush();       /* Username: */
+    if (authgetl() < 0) return -1;
+    if (r = b64decode(authin.s,authin.len,&user) == 1) return err_input();
+  }
+  if (r == -1) die_nomem();
+
+  out("334 UGFzc3dvcmQ6\r\n"); flush();         /* Password: */
+
+  if (authgetl() < 0) return -1;
+  if (r = b64decode(authin.s,authin.len,&pass) == 1) return err_input();
+  if (r == -1) die_nomem();
+
+  if (!user.len || !pass.len) return err_input();
+  return authenticate();
+}
+
+int auth_plain(arg) char *arg;
+{
+  int r, id = 0;
+
+  if (*arg) {
+    if (r = b64decode(arg,str_len(arg),&resp) == 1) return err_input();
+  }
+  else {
+    out("334 \r\n"); flush();
+    if (authgetl() < 0) return -1;
+    if (r = b64decode(authin.s,authin.len,&resp) == 1) return err_input();
+  }
+  if (r == -1 || !stralloc_0(&resp)) die_nomem();
+  while (resp.s[id]) id++;                       /* "authorize-id\0userid\0passwd\0" */
+
+  if (resp.len > id + 1)
+    if (!stralloc_copys(&user,resp.s + id + 1)) die_nomem();
+  if (resp.len > id + user.len + 2)
+    if (!stralloc_copys(&pass,resp.s + id + user.len + 2)) die_nomem();
+
+  if (!user.len || !pass.len) return err_input();
+  return authenticate();
+}
+
+#ifdef CRAM_MD5
+int auth_cram()
+{
+  int i, r;
+  char *s;
+
+  s = unique;                                           /* generate challenge */
+  s += fmt_uint(s,getpid());
+  *s++ = '.';
+  s += fmt_ulong(s,(unsigned long) now());
+  *s++ = '@';
+  *s++ = 0;
+  if (!stralloc_copys(&chal,"<")) die_nomem();
+  if (!stralloc_cats(&chal,unique)) die_nomem();
+  if (!stralloc_cats(&chal,local)) die_nomem();
+  if (!stralloc_cats(&chal,">")) die_nomem();
+  if (b64encode(&chal,&slop) < 0) die_nomem();
+  if (!stralloc_0(&slop)) die_nomem();
+
+  out("334 ");                                          /* "334 base64_challenge \r\n" */
+  out(slop.s);
+  out("\r\n");
+  flush();
+
+  if (authgetl() < 0) return -1;                        /* got response */
+  if (r = b64decode(authin.s,authin.len,&resp) == 1) return err_input();
+  if (r == -1 || !stralloc_0(&resp)) die_nomem();
+
+  i = str_chr(resp.s,' ');
+  s = resp.s + i;
+  while (*s == ' ') ++s;
+  resp.s[i] = 0;
+  if (!stralloc_copys(&user,resp.s)) die_nomem();       /* userid */
+  if (!stralloc_copys(&pass,s)) die_nomem();            /* digest */
+
+  if (!user.len || !pass.len) return err_input();
+  return authenticate();
+}
+#endif
+
+struct authcmd {
+  char *text;
+  int (*fun)();
+} authcmds[] = {
+  { "login",auth_login }
+,  { "plain",auth_plain }
+#ifdef CRAM_MD5
+, { "cram-md5",auth_cram }
+#endif
+, { 0,err_noauth }
+};
+
+void smtp_auth(arg)
+char *arg;
+{
+  int i;
+  char *cmd = arg;
+
+  if (!*childargs) { out("503 auth not available (#5.3.3)\r\n"); return; }
+  if (flagauth) { err_authd(); return; }
+  if (seenmail) { err_authmail(); return; }
+
+  if (!stralloc_copys(&user,"")) die_nomem();
+  if (!stralloc_copys(&pass,"")) die_nomem();
+  if (!stralloc_copys(&resp,"")) die_nomem();
+#ifdef CRAM_MD5
+  if (!stralloc_copys(&chal,"")) die_nomem();
+#endif
+
+  i = str_chr(cmd,' ');
+  arg = cmd + i;
+  while (*arg == ' ') ++arg;
+  cmd[i] = 0;
+
+  for (i = 0;authcmds[i].text;++i)
+    if (case_equals(authcmds[i].text,cmd)) break;
+
+  switch (authcmds[i].fun(arg)) {
+    case 0:
+      flagauth = 1;
+      protocol = "ESMTPA";
+      relayclient = "";
+      remoteinfo = user.s;
+      if (!env_unset("TCPREMOTEINFO")) die_read();
+      if (!env_put2("TCPREMOTEINFO",remoteinfo)) die_nomem();
+      if (!env_put2("RELAYCLIENT",relayclient)) die_nomem();
+      out("235 ok, go ahead (#2.0.0)\r\n");
+      break;
+    case 1:
+      err_authfail(user.s,authcmds[i].text);
+  }
+}
+
+
+/* this file is too long --------------------------------------------- GO ON */
+
+
+
 struct commands smtpcommands[] = {
   { "rcpt", smtp_rcpt, 0 }
 , { "mail", smtp_mail, 0 }
 , { "data", smtp_data, flush }
+, { "auth", smtp_auth, flush }
 , { "quit", smtp_quit, flush }
 , { "helo", smtp_helo, flush }
 , { "ehlo", smtp_ehlo, flush }
@@ -432,8 +751,11 @@
 , { 0, err_unimpl, flush }
 } ;
 
-void main()
+void main(argc,argv)
+int argc;
+char **argv;
 {
+  childargs = argv + 1;
   sig_pipeignore();
   if (chdir(auto_qmail) == -1) die_control();
   setup();
diff -u --new-file qmail-1.03-orig/README.auth qmail-1.03/README.auth
--- qmail-1.03-orig/README.auth 1969-12-31 21:00:00.000000000 -0300
+++ qmail-1.03/README.auth      2006-03-21 18:40:50.000000000 -0300
@@ -0,0 +1,104 @@
+README qmail Authentication
+===========================
+
+
+Scope:
+------
+
+This patch supports RFC 2554 "SMTP Service Extension for Authentication" for 
+
+- qmail-smtpd (AUTH types LOGIN, PLAIN, and CRAM-MD5) and
+- qmail-remote (AUTH types LOGIN, PLAIN).
+
+Additionally, RFC 1870 is honoured ("SMTP Service Extension for Message Size Declaration").
+For more technical details see: http://www.fehcom.de/qmail/docu/smtpauth.html.
+
+
+History:
+--------
+
+This patch was based on Krzysztof Dabrowski's qmail-smtpd-auth-0.31 patch 
+which itself uses "Mrs. Brisby's" initial code. 
+Version 0.41 of this patch fixes the "CAPS-LOCK" typo announcing
+'CRAM_MD5' instead of 'CRAM-MD5' (german keyboard) - tx to Mike Garrison.
+Version 0.42 fixes the '421 unable to read controls (#4.3.0)' problem
+(can't read control/morercpthosts.cdb) because FD 3 was already closed - tx Richard Lyons.
+Version 0.43 fixes the ba64decode() failure in case CRAM_MD5 is not enabled - tx Vladimir Zidar.
+Version 0.51 includes the evaluation of the 'Auth' and the 'Size' parameter in the 'Mail From:' command.
+Version 0.52 uses DJB functions to copy FDs.
+Version 0.56 corrects some minor mistakes displaying the 'Auth' userid.
+Version 0.57 uses keyword "ESMTPA" in Received header in case of authentication to comply with RFC 3848.
+
+Starting with version 0.60 the patch includes the qmail-smtp-auth-send enhancement
+from Bjoern Kalkbrenner to support SMTP autentication for qmail-remote.
+
+
+Installation:
+-------------
+
+* Untar the source in the qmail-1.03 home directory.
+* Run ./install_authentication.
+* Modify the compile time option "#define CRAM_MD5" to your needs.
+* Re-make qmail.
+
+
+Setup for qmail-smtpd:
+----------------------
+
+In order to use SMTP Authentication you have to use a 'Pluggable Authentication Module'
+PAM to be called by qmail-smtpd; typically
+
+       /var/qmail/bin/qmail-smtpd /bin/checkpassword true 2>&1
+
+Since qmail-smtpd does not run as root, checkpassword has to be made sticky.
+There is no need to include additionally the hostname in the call.
+In order to compute the CRAM-MD5 challenge, qmail-smtpd uses the 'tcplocalhost' information.
+
+
+Setup for qmail-remote:
+-----------------------
+
+See man page qmail-remote.
+
+A control file control/authsenders has to be generated and populated accordingly.
+
+
+Changes wrt. Krysztof Dabrowski's patch:
+----------------------------------------
+
+* Avoid the 'hostname' in the call of the PAM.
+* Confirm to Dan Bernstein's checkpassword interface even for CRAM-MD5.
+* Doesn't close FD 2; thus not inhibiting logging to STDERR.
+* Fixed bugs in base64.c.
+* Modified unconditional close of FD 3 in order to sustain reading of 'control/morecpthosts.cdb'.
+* Evaluation of the (informational) Mail From: < > Auth=username.
+* Additional support for the advertised "Size" via 'Mail From: <return-path> SIZE=123456780' (RFC 1870).
+* RFC 3848 conformance for Received header in case of SMTP Auth.
+
+
+Changes wrt. Bjoern Kalkbrenner's patch:
+----------------------------------------
+
+* Included AUTH PLAIN support.
+* Fixed wrong use of 'MAIL FROM: <return-path> AUTH=user'.
+* Modular design.
+* Renamed "smtproutes_user" to "authsenders".
+* Added man page for qmail-remote including AUTH behaviour.
+* Modified qmail-control man page to include "authsenders".
+* Modified qmail-showctl to parse "authsenders".
+
+
+History
+-------
+
+0.6.0  includes SMTP authentication for qmail-remote.
+0.6.1  Initial Version: Transmitts 'user' in Mail From: as xtext; flexible AUTH recognition.
+0.6.2  Auth plain: mailfrom\0user-id\0password; thus authorization-id is the Return-Path.
+0.6.3  Compliance with RFC 3848 (synced with qmail-auth-smtpd.057).
+0.6.4  FIXED a bug in PLAIN checking for the wrong SMTP Reply code
+        FIXED a bug in the evaluation of the SENDER (tx. Benjamin Meyer). 
+
+
+Erwin Hoffmann - Cologne 2005-06-27 (www.fehcom.de)
+
+
diff -u --new-file qmail-1.03-orig/README.qmail-remote-auth qmail-1.03/README.qmail-remote-auth
--- qmail-1.03-orig/README.qmail-remote-auth    1969-12-31 21:00:00.000000000 -0300
+++ qmail-1.03/README.qmail-remote-auth 2006-03-21 18:40:50.000000000 -0300
@@ -0,0 +1,58 @@
++++++++++++++++++++++++++++
++                         +
++  THIS FILE IS OBSOLETE  +
++                         +
++++++++++++++++++++++++++++
+
+
+Qmail 1.03 qmail-remote.c SMTP-AUTH send patch
+
+   * Date: 20020715
+   * Version: 0.0.1 ;)
+   * Author: Bjoern Kalkbrenner
+   * Location: Home | Download
+
+Quick install:
+
+  1. Copy the base64.c and base64.h to your qmail source and chdir into it.
+  2. Patch the source with patch -p1 <smtp-auth-send.patch
+  3. make setup check
+  4. ...follow the qmail-installation or copy your new qmail-remote to
+     /var/qmail/bin
+  5. create your /var/qmail/control/smtproutes_users
+
+Quick info:
+
+This patch is based on Robert Sander's AUTH LOGIN patch which is based on
+the qmail-smtpd-auth patch which itself is based on the patch from Mrs.
+Brisby...
+Confusing ;)
+
+I made this patch because my ISP also switched to AUTH LOGIN on his SMTP
+relay and we are using an internal linux qmail server in our company, but
+the patch Robert wrote was only working for 1 user. . Several users use
+this ISP for outgoing mail, mails are fetched with fetchmail, (scanned for
+viruses) and send to the local mailaccounts which is used as relay. Now it
+is easy for us to internal mailaccounts mapped to the external mailservers.
+You can even select the outgoing mailserver with the smtproutes_users file.
+
+The username and password for the remote smtp relay are stored in
+/var/qmail/control/smtproutes_users (new controlfile!) separated with pipes
+after the entry for the relay server.
+For example:
+
+#mailuser-example
+mail@example.com:smtp.example.com|example.com1|examplePasswd
+info@example.com:smtp.example.com|example.com2|anotherPasswd
+
+mailuser-examples sending to port 26
+anotherport@example.com:smtp.example.com:26|example.com3|justfoobar
+
+#default, not sure if this entry is used, untested!!!!!! Maybe i had to
+code this.
+:relay.provider.com|username|password
+
+Password has to be stored in cleartext. This is maybe not bug-free, but
+like Robert said:
+
+It works for me, no guarantee...
diff -u --new-file qmail-1.03-orig/TARGETS qmail-1.03/TARGETS
--- qmail-1.03-orig/TARGETS     2006-03-21 18:39:35.000000000 -0300
+++ qmail-1.03/TARGETS  2006-03-21 18:53:38.000000000 -0300
@@ -10,6 +10,7 @@
 qmail.o
 quote.o
 now.o
+base64.o
 gfrom.o
 myctime.o
 slurpclose.o