平安夜礼物，让 qmail+vpopmail 禁止弱密码发送邮件的patch

大麻

详细安装操作请见下面的地址：

http://bbs.igenus.org/discuz/vie ... &extra=page%3D1

1. --- vpopmail-5.4.17/vchkpw.c        2006-05-08 01:07:13.000000000 +0800
   
2. +++ vpopmail-5.4.17_new/vchkpw.c        2010-12-24 20:16:34.000000000 +0800
   
3. @@ -89,6 +89,7 @@
   
4. void login_virtual_user();
   
5. void login_system_user();
   
6. void read_user_pass();
   
7. +void check_weak_passwd();
   
8. void vlog(int verror, char *TheUser, char *TheDomain, char *ThePass, char *TheName, char *IpAddr, char *LogLine);
   
9. void vchkpw_exit(int err);
   
10. void run_command(char *prog);
    
11. @@ -200,6 +201,7 @@
    
12.     */
    
13.    if ( (vpw = vauth_getpw(TheUser, TheDomain)) != NULL ) {
    
14.      vget_assign(TheDomain,NULL,0,&pw_uid,&pw_gid);
    
15. +    if (ConnType == SMTP_CONN) check_weak_passwd();
    
16.      login_virtual_user();
    
17. 
    
18. #ifdef ENABLE_PASSWD
    
19. @@ -218,7 +220,6 @@
    
20.      vchkpw_exit(3);
    
21.    }
    
22.    vclose();
    
23. -
    
24.    /* The user is authenticated, now setup the environment */
    
25. 
    
26.    /* Set the programs effective group id */
    
27. @@ -330,6 +331,46 @@
    
28. 
    
29. }
    
30. 
    
31. +void check_weak_passwd()
    
32. +{
    
33. +  char weak[MAX_PW_PASS+1];
    
34. +  char path[MAX_BUFF];
    
35. +  int dlen, eof, i, weak_flag;
    
36. +  FILE *fs;
    
37. +
    
38. +  weak_flag = 0;
    
39. +  dlen = strlen(ThePass);
    
40. +  for (i = 1; i < dlen; i++) {
    
41. +    if (ThePass[0] != ThePass[i]) {weak_flag++; };
    
42. +  }
    
43. +
    
44. +  if (weak_flag == 0 || strcmp(ThePass, TheUser) == 0) {
    
45. +    snprintf(LogLine, sizeof(LogLine), "%s: weak password (pass: '%s') %s@%s:%s",
    
46. +      VchkpwLogName, ThePass, TheUser, TheDomain, IpAddr);
    
47. +    vlog(VLOG_ERROR_PASSWD, TheUser, TheDomain, ThePass, TheName, IpAddr, LogLine);
    
48. +    vchkpw_exit(20);
    
49. +  }
    
50. +
    
51. +  weak[0] = '\0';
    
52. +  snprintf (path, sizeof(path), "%s/etc/weakpasswd", VPOPMAILDIR);
    
53. +
    
54. +  fs = fopen (path, "r");
    
55. +  if (fs == NULL) return 0;
    
56. +  do {
    
57. +    eof = (fgets (weak, sizeof(weak), fs) == NULL);
    
58. +    dlen = strlen(weak) - 1;
    
59. +    if (weak[dlen] == '\n') { weak[dlen] = '\0'; }
    
60. +    if (strcmp(ThePass, weak) == 0) {
    
61. +      fclose (fs);
    
62. +      snprintf(LogLine, sizeof(LogLine), "%s: weak password (pass: '%s') %s@%s:%s",
    
63. +        VchkpwLogName, ThePass, TheUser, TheDomain, IpAddr);
    
64. +      vlog(VLOG_ERROR_PASSWD, TheUser, TheDomain, ThePass, TheName, IpAddr, LogLine);
    
65. +      vchkpw_exit(20);
    
66. +    }
    
67. +  }while (!eof);
    
68. +  fclose (fs);
    
69. +}
    
70. +
    
71. void read_user_pass()
    
72. {
    
73.   int i,j,l;

复制代码