[tpop3d-discuss]Some conditions may lead getpwuid to fail

[Giampaolo Tomassoni]

Dears,

I see that in many auth_ modules in tpop3d (at least auth_pgsql) user 
authentication involves the invoking of parse_uid() from util.c, followed by a 
getpwuid() to obtain the user's struct passwd.

The purpose seems to me to obtain the struct passwd by allowing the user 
database back-ends to return either a username or a uid.

Unfortunately, this causes some troubles to me. When it is difficult to assign 
a unique id to each user, mailbox users are often given a single uid and the 
user itself is identified only by its name, not by its uid. So, the chain 
parse_uid() -> getpwuid() may give wrong results and should be avoided. Also, 
it is inefficient when a username is involved, since basicly parse_uid() must 
already obtain the passwd structure in order to convert the username to its uid.

The basic idea for a fix which doesn't impact on other cases, would be to use 
getpwuid() only when the user field contains numbers, while relaying on 
getpwnam() when a username is instead involved.

A attach a small patch which fixes this for the auth_pgsql module, since this 
is the only one I can actually test. The patch adds the new function 
get_pw_by_name_or_uid() to util.c, which basicly mimes the work of parse_uid(), 
but gives back a struct passwd* by mean of getpwuid() or getpwnam(). In 
auth_pgsql.c, a call to this function replaces the parse_uid() -> getpwuid() 
chain.

I hope to see it in the main branch soon or later: it really seems to fix my 
problem.

Regards,

-----------------------------------
Giampaolo Tomassoni - IT Consultant
Piazza VIII Aprile 1948, 4
I-53044 Chiusi (SI) - Italy
Ph: +39-0578-21100

tpop3d-1.5.3+pgsql-nogetpwuid.patch
Description: Binary data