From 0841617aca5e75e33fa050b29c4a0e3ae8339f63 Mon Sep 17 00:00:00 2001
From: CdRom1 <r.maliach@live.fr>
Date: Thu, 3 Jan 2019 12:59:33 +0100
Subject: [PATCH] Suppression de auth_plaintext
---
pica-mail-mda/auth_plaintext/Dockerfile | 23 ---
pica-mail-mda/auth_plaintext/README.md | 5 -
.../auth_plaintext/conf.d/10-auth.conf | 133 ------------------
.../auth_plaintext/conf.d/10-logging.conf | 85 -----------
.../auth_plaintext/conf.d/10-master.conf | 133 ------------------
.../conf.d/auth-passwdfile.conf.ext | 26 ----
pica-mail-mda/auth_plaintext/entrypoint.sh | 41 ------
7 files changed, 446 deletions(-)
delete mode 100644 pica-mail-mda/auth_plaintext/Dockerfile
delete mode 100644 pica-mail-mda/auth_plaintext/README.md
delete mode 100644 pica-mail-mda/auth_plaintext/conf.d/10-auth.conf
delete mode 100644 pica-mail-mda/auth_plaintext/conf.d/10-logging.conf
delete mode 100644 pica-mail-mda/auth_plaintext/conf.d/10-master.conf
delete mode 100644 pica-mail-mda/auth_plaintext/conf.d/auth-passwdfile.conf.ext
delete mode 100755 pica-mail-mda/auth_plaintext/entrypoint.sh
diff --git a/pica-mail-mda/auth_plaintext/Dockerfile b/pica-mail-mda/auth_plaintext/Dockerfile
deleted file mode 100644
index bd162ba7..00000000
--- a/pica-mail-mda/auth_plaintext/Dockerfile
+++ /dev/null
@@ -1,23 +0,0 @@
-#Dockerfile pour le MDA de Picasoft
-#actuellement basé sur dovecot
-From debian
-
-#lors de l'installation de dovecot, par défaut, il y a des "fenêtres dans la console", ceci les désactive et utilise des réponses par défaut
-ENV DEBIAN_FRONTEND noninteractive
-
-#installation des paquets debian
-RUN apt-get update -y \
- && apt-get install -y \
- dovecot-common dovecot-imapd dovecot-lmtpd nano telnet \
- && rm -rf /var/lib/apt/lists/*
-
-
-#configuration de dovecot
-
-COPY ./conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf
-COPY ./conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf
-COPY ./conf.d/auth-passwdfile.conf.ext /etc/dovecot/conf.d/auth-passwdfile.conf.ext
-COPY ./conf.d/10-logging.conf /etc/dovecot/conf.d/10-logging.conf
-COPY entrypoint.sh /
-
-ENTRYPOINT ["/entrypoint.sh"]
diff --git a/pica-mail-mda/auth_plaintext/README.md b/pica-mail-mda/auth_plaintext/README.md
deleted file mode 100644
index c287594d..00000000
--- a/pica-mail-mda/auth_plaintext/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-Pour construire l'image :
-
-```
-docker build -t pica-mail-mda:1 .
-```
diff --git a/pica-mail-mda/auth_plaintext/conf.d/10-auth.conf b/pica-mail-mda/auth_plaintext/conf.d/10-auth.conf
deleted file mode 100644
index 32fe3f5b..00000000
--- a/pica-mail-mda/auth_plaintext/conf.d/10-auth.conf
+++ /dev/null
@@ -1,133 +0,0 @@
-#dovecot 10-auth.conf default file modified in order to allow plaintext authentication (ONLY FOR TESTING)
-#all Pica alterations are commented with a #/!\pica label
-
-##
-## Authentication processes
-##
-
-# Disable LOGIN command and all other plaintext authentications unless
-# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
-# matches the local IP (ie. you're connecting from the same computer), the
-# connection is considered secure and plaintext authentication is allowed.
-# See also ssl=required setting.
-#/!\pica
-disable_plaintext_auth = no
-
-# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
-# bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
-#auth_cache_size = 0
-# Time to live for cached data. After TTL expires the cached record is no
-# longer used, *except* if the main database lookup returns internal failure.
-# We also try to handle password changes automatically: If user's previous
-# authentication was successful, but this one wasn't, the cache isn't used.
-# For now this works only with plaintext authentication.
-#auth_cache_ttl = 1 hour
-# TTL for negative hits (user not found, password mismatch).
-# 0 disables caching them completely.
-#auth_cache_negative_ttl = 1 hour
-
-# Space separated list of realms for SASL authentication mechanisms that need
-# them. You can leave it empty if you don't want to support multiple realms.
-# Many clients simply use the first one listed here, so keep the default realm
-# first.
-#auth_realms =
-
-# Default realm/domain to use if none was specified. This is used for both
-# SASL realms and appending @domain to username in plaintext logins.
-#auth_default_realm =
-
-# List of allowed characters in username. If the user-given username contains
-# a character not listed in here, the login automatically fails. This is just
-# an extra check to make sure user can't exploit any potential quote escaping
-# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
-# set this value to empty.
-#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
-
-# Username character translations before it's looked up from databases. The
-# value contains series of from -> to characters. For example "#@/@" means
-# that '#' and '/' characters are translated to '@'.
-#auth_username_translation =
-
-# Username formatting before it's looked up from databases. You can use
-# the standard variables here, eg. %Lu would lowercase the username, %n would
-# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
-# "-AT-". This translation is done after auth_username_translation changes.
-#auth_username_format = %Lu
-
-# If you want to allow master users to log in by specifying the master
-# username within the normal username string (ie. not using SASL mechanism's
-# support for it), you can specify the separator character here. The format
-# is then <username><separator><master username>. UW-IMAP uses "*" as the
-# separator, so that could be a good choice.
-#auth_master_user_separator =
-
-# Username to use for users logging in with ANONYMOUS SASL mechanism
-#auth_anonymous_username = anonymous
-
-# Maximum number of dovecot-auth worker processes. They're used to execute
-# blocking passdb and userdb queries (eg. MySQL and PAM). They're
-# automatically created and destroyed as needed.
-#auth_worker_max_count = 30
-
-# Host name to use in GSSAPI principal names. The default is to use the
-# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
-# entries.
-#auth_gssapi_hostname =
-
-# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
-# default (usually /etc/krb5.keytab) if not specified. You may need to change
-# the auth service to run as root to be able to read this file.
-#auth_krb5_keytab =
-
-# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
-# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
-#auth_use_winbind = no
-
-# Path for Samba's ntlm_auth helper binary.
-#auth_winbind_helper_path = /usr/bin/ntlm_auth
-
-# Time to delay before replying to failed authentications.
-#auth_failure_delay = 2 secs
-
-# Require a valid SSL client certificate or the authentication fails.
-#auth_ssl_require_client_cert = no
-
-# Take the username from client's SSL certificate, using
-# X509_NAME_get_text_by_NID() which returns the subject's DN's
-# CommonName.
-#auth_ssl_username_from_cert = no
-
-# Space separated list of wanted authentication mechanisms:
-# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
-# gss-spnego
-# NOTE: See also disable_plaintext_auth setting.
-auth_mechanisms = plain
-
-##
-## Password and user databases
-##
-
-#
-# Password database is used to verify user's password (and nothing more).
-# You can have multiple passdbs and userdbs. This is useful if you want to
-# allow both system users (/etc/passwd) and virtual users to login without
-# duplicating the system users into virtual database.
-#
-# <doc/wiki/PasswordDatabase.txt>
-#
-# User database specifies where mails are located and what user/group IDs
-# own them. For single-UID configuration use "static" userdb.
-#
-# <doc/wiki/UserDatabase.txt>
-
-#!include auth-deny.conf.ext
-#!include auth-master.conf.ext
-
-#/!\pica comment 1st line (default) and uncomment 4th
-#!include auth-system.conf.ext
-#!include auth-sql.conf.ext
-#!include auth-ldap.conf.ext
-!include auth-passwdfile.conf.ext
-#!include auth-checkpassword.conf.ext
-#!include auth-vpopmail.conf.ext
-#!include auth-static.conf.ext
diff --git a/pica-mail-mda/auth_plaintext/conf.d/10-logging.conf b/pica-mail-mda/auth_plaintext/conf.d/10-logging.conf
deleted file mode 100644
index 20539501..00000000
--- a/pica-mail-mda/auth_plaintext/conf.d/10-logging.conf
+++ /dev/null
@@ -1,85 +0,0 @@
-##
-## Log destination.
-##
-
-# Log file to use for error messages. "syslog" logs to syslog,
-# /dev/stderr logs to stderr.
-log_path = /var/log/dovecot.log
-
-# Log file to use for informational messages. Defaults to log_path.
-#info_log_path =
-# Log file to use for debug messages. Defaults to info_log_path.
-#debug_log_path =
-
-# Syslog facility to use if you're logging to syslog. Usually if you don't
-# want to use "mail", you'll use local0..local7. Also other standard
-# facilities are supported.
-#syslog_facility = mail
-
-##
-## Logging verbosity and debugging.
-##
-
-# Log unsuccessful authentication attempts and the reasons why they failed.
-#auth_verbose = no
-
-# In case of password mismatches, log the attempted password. Valid values are
-# no, plain and sha1. sha1 can be useful for detecting brute force password
-# attempts vs. user simply trying the same password over and over again.
-# You can also truncate the value to n chars by appending ":n" (e.g. sha1:6).
-#auth_verbose_passwords = no
-
-# Even more verbose logging for debugging purposes. Shows for example SQL
-# queries.
-#auth_debug = no
-
-# In case of password mismatches, log the passwords and used scheme so the
-# problem can be debugged. Enabling this also enables auth_debug.
-#auth_debug_passwords = no
-
-# Enable mail process debugging. This can help you figure out why Dovecot
-# isn't finding your mails.
-#mail_debug = no
-
-# Show protocol level SSL errors.
-#verbose_ssl = no
-
-# mail_log plugin provides more event logging for mail processes.
-plugin {
- # Events to log. Also available: flag_change append
- #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
- # Available fields: uid, box, msgid, from, subject, size, vsize, flags
- # size and vsize are available only for expunge and copy events.
- #mail_log_fields = uid box msgid size
-}
-
-##
-## Log formatting.
-##
-
-# Prefix for each line written to log file. % codes are in strftime(3)
-# format.
-#log_timestamp = "%b %d %H:%M:%S "
-
-# Space-separated list of elements we want to log. The elements which have
-# a non-empty variable value are joined together to form a comma-separated
-# string.
-#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
-
-# Login log format. %s contains login_log_format_elements string, %$ contains
-# the data we want to log.
-#login_log_format = %$: %s
-
-# Log prefix for mail processes. See doc/wiki/Variables.txt for list of
-# possible variables you can use.
-#mail_log_prefix = "%s(%u): "
-
-# Format to use for logging mail deliveries. See doc/wiki/Variables.txt for
-# list of all variables you can use. Some of the common ones include:
-# %$ - Delivery status message (e.g. "saved to INBOX")
-# %m - Message-ID
-# %s - Subject
-# %f - From address
-# %p - Physical size
-# %w - Virtual size
-#deliver_log_format = msgid=%m: %$
diff --git a/pica-mail-mda/auth_plaintext/conf.d/10-master.conf b/pica-mail-mda/auth_plaintext/conf.d/10-master.conf
deleted file mode 100644
index 02ef0ba8..00000000
--- a/pica-mail-mda/auth_plaintext/conf.d/10-master.conf
+++ /dev/null
@@ -1,133 +0,0 @@
-#dovecot 10-master.conf default file modified in order to allow lmtp connections via tcp/ip
-#all Pica alterations are commented with a #pica label
-
-#default_process_limit = 100
-#default_client_limit = 1000
-
-# Default VSZ (virtual memory size) limit for service processes. This is mainly
-# intended to catch and kill processes that leak memory before they eat up
-# everything.
-#default_vsz_limit = 256M
-
-# Login user is internally used by login processes. This is the most untrusted
-# user in Dovecot system. It shouldn't have access to anything at all.
-#default_login_user = dovenull
-
-# Internal user is used by unprivileged processes. It should be separate from
-# login user, so that login processes can't disturb other processes.
-#default_internal_user = dovecot
-
-service imap-login {
- inet_listener imap {
- #port = 143
- }
- inet_listener imaps {
- #port = 993
- #ssl = yes
- }
-
- # Number of connections to handle before starting a new process. Typically
- # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
- # is faster. <doc/wiki/LoginProcess.txt>
- #service_count = 1
-
- # Number of processes to always keep waiting for more connections.
- #process_min_avail = 0
-
- # If you set service_count=0, you probably need to grow this.
- #vsz_limit = $default_vsz_limit
-}
-
-service pop3-login {
- inet_listener pop3 {
- #port = 110
- }
- inet_listener pop3s {
- #port = 995
- #ssl = yes
- }
-}
-
-#pica
-#service lmtp {
-# unix_listener lmtp {
-# #mode = 0666
-# }
-#
-# # Create inet listener only if you can't use the above UNIX socket
-# #inet_listener lmtp {
-# # Avoid making LMTP visible for the entire internet
-# #address =
-# #port =
-# #}
-#}
-
-#pica: lmtp (local delivery agent) via tcp, in order to allow connections from hosts on local network (i.e. VMs on Alice & Bob)
-#a config block like this will be added at compilation:
-#service lmtp {
-# inet_listener lmtp {
-# address = 192.168.0.24 127.0.0.1 ::1
-# port = 24
-# }
-#}
-
-service imap {
- # Most of the memory goes to mmap()ing files. You may need to increase this
- # limit if you have huge mailboxes.
- #vsz_limit = $default_vsz_limit
-
- # Max. number of IMAP processes (connections)
- #process_limit = 1024
-}
-
-#pica : no pop
-#service pop3 {
-# # Max. number of POP3 processes (connections)
-# #process_limit = 1024
-#}
-
-service auth {
- # auth_socket_path points to this userdb socket by default. It's typically
- # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
- # full permissions to this socket are able to get a list of all usernames and
- # get the results of everyone's userdb lookups.
- #
- # The default 0666 mode allows anyone to connect to the socket, but the
- # userdb lookups will succeed only if the userdb returns an "uid" field that
- # matches the caller process's UID. Also if caller's uid or gid matches the
- # socket's uid or gid the lookup succeeds. Anything else causes a failure.
- #
- # To give the caller full permissions to lookup all users, set the mode to
- # something else than 0666 and Dovecot lets the kernel enforce the
- # permissions (e.g. 0777 allows everyone full permissions).
- unix_listener auth-userdb {
- #mode = 0666
- #user =
- #group =
- }
-
- # Postfix smtp-auth
- #unix_listener /var/spool/postfix/private/auth {
- # mode = 0666
- #}
-
- # Auth process is run as this user.
- #user = $default_internal_user
-}
-
-service auth-worker {
- # Auth worker process is run as root by default, so that it can access
- # /etc/shadow. If this isn't necessary, the user should be changed to
- # $default_internal_user.
- #user = root
-}
-
-service dict {
- # If dict proxy is used, mail processes should have access to its socket.
- # For example: mode=0660, group=vmail and global mail_access_groups=vmail
- unix_listener dict {
- #mode = 0600
- #user =
- #group =
- }
-}
diff --git a/pica-mail-mda/auth_plaintext/conf.d/auth-passwdfile.conf.ext b/pica-mail-mda/auth_plaintext/conf.d/auth-passwdfile.conf.ext
deleted file mode 100644
index c14db30d..00000000
--- a/pica-mail-mda/auth_plaintext/conf.d/auth-passwdfile.conf.ext
+++ /dev/null
@@ -1,26 +0,0 @@
-#dovecot auth-passwdfile.conf.ext default file modified in order to associate a domain name to users (picasoft)
-#all Pica alterations are commented with a #/!\pica label
-
-# Authentication for passwd-file users. Included from 10-auth.conf.
-#
-# passwd-like file with specified location.
-# <doc/wiki/AuthDatabase.PasswdFile.txt>
-
-passdb {
- driver = passwd-file
- args = scheme=CRYPT username_format=%u /etc/dovecot/users
-}
-
-userdb {
- driver = passwd-file
- args = username_format=%n /etc/dovecot/users
-
- # Default fields that can be overridden by passwd-file
- #default_fields = quota_rule=*:storage=1G
-#/!\pica ajout d'une valeur par défaut pour le champ "domaine"
- default_fields = domaine=picasoft
-
- # Override fields from passwd-file
- #override_fields = home=/home/virtual/%u
-}
-
diff --git a/pica-mail-mda/auth_plaintext/entrypoint.sh b/pica-mail-mda/auth_plaintext/entrypoint.sh
deleted file mode 100755
index e5e8d1d3..00000000
--- a/pica-mail-mda/auth_plaintext/entrypoint.sh
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/bash
-
-#ajout utilisateurs
-adduser --disabled-password mail1
-adduser --disabled-password mail2
-
-#insertion des utilisateurs mail1 et mail2 dans la BD des password.
-echo "mail1:{PLAIN}mail1pwd:1000:1000::/home/mail1" > /etc/dovecot/users
-echo "mail2:{PLAIN}mail2pwd:1001:1001::/home/mail2" >> /etc/dovecot/users
-
-#désactiver l'utilisation du protocole ssl
-cat <<EOF >> /etc/dovecot/conf.d/10-ssl.conf
-ssl = no
-EOF
-
-#définir l'emplacement et le format des mails
-cat <<EOF >> /etc/dovecot/conf.d/10-mail.conf
-mail_location = maildir:~/Maildir
-EOF
-
-#protocoles supportés par le mda
-#lmtp est le protocole permettant de faire du lda
-cat <<EOF >> /etc/dovecot/dovecot.conf
-protocols = imap lmtp
-EOF
-
-#on enlève la communication lmtp en socket unix...
-#il faut récupérer l'adresse IP par laquelle le conteneur communique avec son hôte
-ETH0_ADRESS=$(ip address show eth0 | grep inet | cut -b 10-19)
-
-cat <<EOF >> /etc/dovecot/conf.d/10-master.conf
-service lmtp {
- inet_listener lmtp {
- address = ${ETH0_ADRESS} 127.0.0.1
- port = 24
- }
-}
-EOF
-
-#lancer dovecot au premier plan
-dovecot -F
--
GitLab