Re: [hylafax-users] Want to Authenticate the caller before accepting fax!

To: Godfrey Lawrence <godfrey_lawrence@xxxxxxxxx>
Subject: Re: [hylafax-users] Want to Authenticate the caller before accepting fax!
From: Lee Howard <faxguy@xxxxxxxxxxxxxxxx>
Cc: hylafax-users@xxxxxxxxxxx
Date: Mon, 1 Mar 2004 10:03:00 -0800

On 2004.03.01 05:03 Godfrey Lawrence wrote:

I am able to send and receive faxes without any problem.But i want to
setup an authentication mechanism.I will assign individual passwords
to my customers.Irrespective of the number from where they send the
fax i must be able to authenticate each one of  them individually
using their respective passwords.

for this should i look in to the hylafax source code and modify it are
should i  make changes only in the configuration file.In both cases
where should i make the changes.

Try the attached patch against CVS HEAD and then configure QualifyPWD as you would QualifyTSI.

Lee.

diff -Nru hylafax-4.2.0/faxd/FaxRecv.c++ hylafax-4.2.0.new/faxd/FaxRecv.c++
--- hylafax-4.2.0/faxd/FaxRecv.c++	Sat Feb 28 10:57:32 2004
+++ hylafax-4.2.0.new/faxd/FaxRecv.c++	Mon Mar  1 09:44:40 2004
@@ -154,32 +154,43 @@
     u_int ppm = PPM_EOP;
     pageStart = Sys::now();
     for (;;) {
+	bool okToRecv = true;
+	fxStr reason;
 	modem->getRecvSUB(info.subaddr);		// optional subaddress
+	/*
+	 * Check a received TSI/PWD against the list of acceptable
+	 * patterns defined for the server.  This form of access
+	 * control depends on the sender passing a valid TSI/PWD.
+	 * Note that to accept/reject unspecified values one
+	 * should match "<UNSPECIFIED>".
+	 *
+	 * NB: Caller-ID access control is done elsewhere; prior
+	 *     to answering a call.
+	 */
 	if (!modem->getRecvTSI(info.sender))		// optional TSI
 	    info.sender = "<UNSPECIFIED>";
 	if (qualifyTSI != "") {
-	    /*
-	     * Check a received TSI against the list of acceptable
-	     * TSI patterns defined for the server.  This form of
-	     * access control depends on the sender passing a valid
-	     * TSI.  Note that to accept/reject an unspecified TSI
-	     * one should match "<UNSPECIFIED>".
-	     *
-	     * NB: Caller-ID access control is done elsewhere; prior
-	     *     to answering a call.
-	     */
-	    bool okToRecv = isTSIOk(info.sender);
+	    okToRecv = isTSIOk(info.sender);
+	    reason = "Permission denied (unnacceptable client TSI)";
 	    traceServer("%s TSI \"%s\"", okToRecv ? "ACCEPT" : "REJECT",
 		(const char*) info.sender);
-	    if (!okToRecv) {
-		emsg = "Permission denied (unacceptable client TSI)";
-		info.time = (u_int) getFileTransferTime();
-		info.reason = emsg;
-		docs[docs.length()-1] = info;
-		notifyDocumentRecvd(info);
-		TIFFClose(tif);
-		return (false);
-	    }
+	}
+	if (!modem->getRecvPWD(info.passwd))		// optional PWD
+	    info.passwd = "<UNSPECIFIED>";
+	if (qualifyPWD != "") {
+	    okToRecv = isPWDOk(info.passwd);
+	    reason = "Permission denied (unnacceptable client PWD)";
+	    traceServer("%s PWD \"%s\"", okToRecv ? "ACCEPT" : "REJECT",
+		(const char*) info.passwd);
+	}
+	if (!okToRecv) {
+	    emsg = reason;
+	    info.time = (u_int) getFileTransferTime();
+	    info.reason = emsg;
+	    docs[docs.length()-1] = info;
+	    notifyDocumentRecvd(info);
+	    TIFFClose(tif);
+	    return (false);
 	}
 	setServerStatus("Receiving from \"%s\"", (const char*) info.sender);
 	recvOK = recvFaxPhaseD(tif, info, ppm, emsg);
diff -Nru hylafax-4.2.0/faxd/ServerConfig.c++ hylafax-4.2.0.new/faxd/ServerConfig.c++
--- hylafax-4.2.0/faxd/ServerConfig.c++	Sat Feb 28 10:57:32 2004
+++ hylafax-4.2.0.new/faxd/ServerConfig.c++	Mon Mar  1 09:44:40 2004
@@ -39,8 +39,11 @@
 ServerConfig::ServerConfig()
 {
     lastTSIModTime = 0;
+    lastPWDModTime = 0;
     tsiPats = NULL;
+    pwdPats = NULL;
     acceptTSI = NULL;
+    acceptPWD = NULL;
     dialRules = NULL;
     setupConfig();
 }
@@ -49,7 +52,9 @@
 {
     delete dialRules;
     delete acceptTSI;
+    delete acceptPWD;
     delete tsiPats;
+    delete pwdPats;
 }
 
 void
@@ -80,6 +85,7 @@
 { "longdistanceprefix",	&ServerConfig::longDistancePrefix },
 { "internationalprefix",&ServerConfig::internationalPrefix },
 { "qualifytsi",		&ServerConfig::qualifyTSI },
+{ "qualifypwd",		&ServerConfig::qualifyPWD },
 { "uucplockdir",	&ServerConfig::uucpLockDir,	UUCP_LOCKDIR },
 { "uucplocktype",	&ServerConfig::uucpLockType,	UUCP_LOCKTYPE },
 };
@@ -299,6 +305,13 @@
 {
     updatePatterns(qualifyTSI, tsiPats, acceptTSI, lastTSIModTime);
     return (qualifyTSI == "" ? true : checkACL(tsi, tsiPats, *acceptTSI));
+}
+
+bool
+ServerConfig::isPWDOk(const fxStr& pwd)
+{
+    updatePatterns(qualifyPWD, pwdPats, acceptPWD, lastPWDModTime);
+    return (qualifyPWD == "" ? true : checkACL(pwd, pwdPats, *acceptPWD));
 }
 
 /*
diff -Nru hylafax-4.2.0/faxd/ServerConfig.h hylafax-4.2.0.new/faxd/ServerConfig.h
--- hylafax-4.2.0/faxd/ServerConfig.h	Sat Feb 28 10:57:32 2004
+++ hylafax-4.2.0.new/faxd/ServerConfig.h	Mon Mar  1 09:44:40 2004
@@ -66,8 +66,11 @@
     mode_t	uucpLockMode;		// UUCP lock file creation mode
     u_int	uucpLockTimeout;	// UUCP stale lock file timeout
     time_t	lastTSIModTime;		// last mod time of TSI patterns file
+    time_t	lastPWDModTime;		// last mod time of PWD patterns file
     REArray*	tsiPats;		// recv tsi patterns
+    REArray*	pwdPats;		// recv PWD patterns
     fxBoolArray* acceptTSI;		// accept/reject matched tsi
+    fxBoolArray* acceptPWD;		// accept/reject matched PWD
     fxStr	logFacility;		// syslog facility to direct trace msgs
 
     static S_stringtag strings[];
@@ -94,6 +97,7 @@
 public:
     SpeakerVolume speakerVolume;	// volume control
     fxStr	qualifyTSI;		// if set, no recv w/o acceptable tsi
+    fxStr	qualifyPWD;		// if set, no recv w/o acceptable PWD
     u_int	noCarrierRetrys;	// # times to retry on no carrier
     mode_t	recvFileMode;		// protection mode for received files
     mode_t	deviceMode;		// protection mode for modem device
@@ -124,6 +128,7 @@
     UUCPLock*	getUUCPLock(const fxStr& deviceName);
 
     bool	isTSIOk(const fxStr& tsi);
+    bool	isPWDOk(const fxStr& pwd);
 
     virtual void vconfigError(const char* fmt, va_list ap) = 0;
     virtual void vconfigTrace(const char* fmt, va_list ap) = 0;
diff -Nru hylafax-4.2.0/man/hylafax-config.4f hylafax-4.2.0.new/man/hylafax-config.4f
--- hylafax-4.2.0/man/hylafax-config.4f	Mon Mar  1 09:44:52 2004
+++ hylafax-4.2.0.new/man/hylafax-config.4f	Mon Mar  1 09:44:41 2004
@@ -171,6 +171,7 @@
 PriorityScheduling	boolean	\s-1\fIsee below\fP\s+1	use available priority job scheduling mechanism
 PS2FaxCmd\(S1	string	\s-1bin/ps2fax\s+1	\*(Ps \s-1RIP\s+1 command script
 QualifyCID	string	\-	file of Caller-ID or DNIS patterns for checking inbound calls
+QualifyPWD	string	\-	file of \s-1PWD\s+1 patterns for qualifying senders
 QualifyTSI	string	\-	file of \s-1TSI\s+1 patterns for qualifying senders
 RecvDataFormat	string	\s-1adaptive\s+1	format for received facsimile data
 RecvFileMode	octal	\s-10600\s+1	protection mode to use for received facsimile files
@@ -1029,6 +1030,17 @@
 .B CIDName
 parameters must also be setup to reflect the manner in which
 the modem returns Caller-ID status or DNIS data information to the host.
+.TP
+.B QualifyPWD
+A string that specifies whether or not the identity of 
+calling facsimile machines should be checked against an access
+control list before receiving facsimile.
+If 
+.B QualifyPWD
+is non-null, then only messages from facsimile machines identified
+in the file specified by the string (typically \fBetc/passwd\fP)
+will be accepted; similar to
+.B QualifyTSI.
 .TP
 .B QualifyTSI
 A string that specifies whether or not the identity of 
diff -Nru hylafax-4.2.0/util/FaxRecvInfo.c++ hylafax-4.2.0.new/util/FaxRecvInfo.c++
--- hylafax-4.2.0/util/FaxRecvInfo.c++	Sat Feb 28 10:57:32 2004
+++ hylafax-4.2.0.new/util/FaxRecvInfo.c++	Mon Mar  1 09:44:41 2004
@@ -35,6 +35,7 @@
     , qfile(other.qfile)
     , commid(other.commid)
     , sender(other.sender)
+    , passwd(other.passwd)
     , subaddr(other.subaddr)
     , params(other.params)
     , reason(other.reason)
@@ -49,13 +50,14 @@
 fxStr
 FaxRecvInfo::encode() const
 {
-    return fxStr::format("%x,%x,%x,%s,%s,\"%s\",\"%s\",\"%s\",\"%s\",\"%s\""
+    return fxStr::format("%x,%x,%x,%s,%s,\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\""
 	, time
 	, npages
 	, params.encode()
 	, (const char*) qfile
 	, (const char*) commid
 	, (const char*) sender
+	, (const char*) passwd
 	, (const char*) subaddr
 	, (const char*) reason
 	, (const char*) cidname
@@ -91,7 +93,12 @@
     cp = strchr(cp+1, '"');
     if (cp == NULL || cp[1] != ',' || cp[2] != '"')
 	return (false);
-    subaddr = cp+1;
+    passwd = cp+1;
+    passwd.resize(sender.next(0,'"'));
+    cp = strchr(cp+1, '"');
+    if (cp == NULL || cp[1] != ',' || cp[2] != '"')
+	return (false);
+    reason = cp+3;			// +1 for "/+1 for ,/+1 for "
     subaddr.resize(subaddr.next(0,'"'));
     cp = strchr(cp+1, '"');
     if (cp == NULL || cp[1] != ',' || cp[2] != '"')
diff -Nru hylafax-4.2.0/util/FaxRecvInfo.h hylafax-4.2.0.new/util/FaxRecvInfo.h
--- hylafax-4.2.0/util/FaxRecvInfo.h	Sat Feb 28 10:57:32 2004
+++ hylafax-4.2.0.new/util/FaxRecvInfo.h	Mon Mar  1 09:44:41 2004
@@ -38,6 +38,7 @@
     u_short	npages;		// total number of pages/page number
     fxStr	commid;		// communication identifier
     fxStr	sender;		// sender's TSI
+    fxStr	passwd;		// sender's PWD
     fxStr	subaddr;	// subaddressing information
     u_int	time;		// time on the phone
     Class2Params params;	// transfer parameters

References:
- [hylafax-users] Want to Authenticate the caller before accepting fax!
  - From: Godfrey Lawrence

Prev by Date: Re: [hylafax-users] fax unreadable
Next by Date: Re: [hylafax-users] Last Page of Multi-Page Fax is Garbage
Previous by thread: Re: [hylafax-users] Want to Authenticate the caller before accepting fax!
Next by thread: [hylafax-users] Problems sending faxes with 1496E+
Index(es):
- Main
- Thread

Project hosted by iFAX Solutions