Re: Disconnecting users from mailbox (due to a password change, for instance)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Dave :) :) !!


Very very thankful for your help. Yep I have been looking at cyrus code (in master at least) and it seems that if the users don't send any command, the connection keeps alive at least, until the next command. When the user sends the next command and that one is, logout or another any command it seems to check almost at the beggining of the loop (in imapd.c at least):


    /* Check for shutdown file */
        if ( !imapd_userisadmin && imapd_userid &&
             (shutdown_file(shut, sizeof(shut)) ||
              userdeny(imapd_userid, config_ident, shut, sizeof(shut)))) {
            for (p = shut; *p == '['; p++); /* can't have [ be first char */
            prot_printf(imapd_out, "* BYE [ALERT] %s\r\n", p);
            telemetry_rusage(imapd_userid);
            shut_down(0);
        }


So it seems it works this way. Anyway would be nice if we could have the confirmation about how this should be handled properly. I mean... if this is just the way or... if TERM could sent....


I'm going to check this feature too and try to get my bests for doing this appropriately.


Thanks a lot really Dave!!!!


Cheers!!



El 2021-10-19 12:04, Dave McMurtrie escribió:


Hi,

user_deny was intentionally implemented as a check near the top of the
server's command loop.  The idea was to accomplish exactly what you're
looking for.  It was to immediately affect all active connections as
well as prevent new ones.

full disclosure: I'm no longer actively involved in the Cyrus Project,
so it's possible this bit of code has changed.  Perhaps have a look at
the code, or maybe some kind person who is actively involved can
confirm this behavior still exists.

On Tue, Oct 19, 2021 at 6:00 AM Egoitz Aurrekoetxea <egoitz@xxxxxxxxxx> wrote:

Good morning,

Thank you so much for your answer. For avoid new logins we can just modify the user auth database, for avoiding, you know, new logins.

The problem is, how to disconnect appropriately an already connected user which for instance, gets connected with IDLE or whatever way of keeping connection alive. Does user_deny.db handle, already logged in users too or just new logins?. The issue we are suffering is with already logged users.

Thanks a lot again :) :) . Any help very appreciated.

Cheers!!

El 2021-10-19 11:50, Dave McMurtrie escribió:

Hi,

You probably want to use the user_deny.db for this.  This is the exact
use case for which it was implemented.

https://www.cyrusimap.org/imap/reference/admin/sop/userdeny.html

hth,

Dave

On Mon, Oct 18, 2021 at 3:44 AM Egoitz Aurrekoetxea <egoitz@xxxxxxxxxx> wrote:

Good morning,

We have a feature that allows a user to kill all it's sessions. Imagine a cellphone gets stolen. The user could disconnect it's sessions from our interface.

It normally works fine. We just launch a kill TERM to the user's imap/pop processes mainly. But I have seen a couple of times, that after doing that, no user can later connect to it's mailbox. It's like, if something  important would become locked... some important database or similar, by that killed processes that obviously as have become killed, won't unlock that hypothetical important database. Have you ever seen a behavior like the commented?.

Perhaps, does Cyrus have another "more elegant" way of logging out a user?.

Best regards,

Cyrus / Info / see discussions + participants + delivery options Permalink

------------------------------------------
Cyrus: Info
Permalink: https://cyrus.topicbox.com/groups/info/Tdfb46db342104c8f-Md8870133a0db864a12c9d620
Delivery options: https://cyrus.topicbox.com/groups/info/subscription

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux