search for: pw_gid

...ur tools. >> >> password_query = >> SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS >> password, pw_dir as userdb_home, 89 as userdb_uid, 89 as userdb_gid >> FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' AND >> !(pw_gid & 8) AND !(pw_gid & 2) AND ('%r'!='<webserverip>' or >> !(pw_gid & 4)) >> >> pw_gid refers to the the binary vpopmail flags for disable POP, >> IMAP, Webmail. >> >> Rick >> > >> When configuring vpopmail for ou...

All, Could someone explain the purpose of the uidswap functions with respect to ssh ( the client ). From what I gathered , ssh installs as setuid root and swaps ids when reading potential key files that may be read only by root. Also , I think when binding to a privileged port ssh swaps id. Is that so? What are the consequnences if you do not install ssh setuid root? ( As far I as know no uid

...r use SQL -? then you don't have to munge any of your tools. password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS password, pw_dir as userdb_home, 89 as userdb_uid, 89 as userdb_gid FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' AND !(pw_gid & 8) AND !(pw_gid & 2) AND ('%r'!='<webserverip>' or !(pw_gid & 4)) pw_gid refers to the the binary vpopmail flags for disable POP, IMAP, Webmail. Rick When configuring vpopmail for our purposes we use (now) the configuration option: --disable-many-domains...

...gt;>> password_query = >>> SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS >>> password, pw_dir as userdb_home, 89 as userdb_uid, 89 as userdb_gid >>> FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' AND >>> !(pw_gid & 8) AND !(pw_gid & 2) AND ('%r'!='<webserverip>' or >>> !(pw_gid & 4)) >>> >>> pw_gid refers to the the binary vpopmail flags for disable POP, >>> IMAP, Webmail. >>> >>> Rick >> >>> When conf...

...r use SQL -? then you don't have to munge any of your tools. password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS password, pw_dir as userdb_home, 89 as userdb_uid, 89 as userdb_gid FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' AND !(pw_gid & 8) AND !(pw_gid & 2) AND ('%r'!='<webserverip>' or !(pw_gid & 4)) pw_gid refers to the the binary vpopmail flags for disable POP, IMAP, Webmail. Rick -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/piper...

...user * id is not root, this does nothing. This call cannot be nested. @@ -44,42 +48,57 @@ void temporarily_use_uid(struct passwd *pw) { - /* Save the current euid, and egroups. */ - saved_euid = geteuid(); - debug("temporarily_use_uid: %d/%d (e=%d)", - pw->pw_uid, pw->pw_gid, saved_euid); - if (saved_euid != 0) { - privileged = 0; - return; - } - privileged = 1; - temporarily_use_uid_effective = 1; + /* Save the current euid, and egroups. */ +#ifdef SAVED_IDS_WORK_WITH_SETEUID + saved_euid = geteuid(); saved_egid = getegid(); - saved_egroupslen = getgroups(NG...

...\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); if (chdir("/") == -1) fatal("chdir(\"/\"): %s", strerror(errno)); /* Drop our privileges */ debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); +#if 0 + /* XXX not ready, to heavy after chroot */ do_setusercontext(pw); +#else + { + gid_t gidset[2]; + + gidset[0] = pw->pw_gid; + if (setgid(pw->pw_gid) < 0) + fatal("setgid failed for %u", pw->pw_gid ); + if (setgroups(1, gidset) < 0) + fatal("setgrou...

...on't have to munge any of your tools. > > password_query = > SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS password, > pw_dir as userdb_home, 89 as userdb_uid, 89 as userdb_gid > FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' AND !(pw_gid & > 8) AND !(pw_gid & 2) AND ('%r'!='<webserverip>' or !(pw_gid & 4)) > > pw_gid refers to the the binary vpopmail flags for disable POP, IMAP, > Webmail. > > Rick > Rick, I'm not sure what you're saying. Vpopmail's DB can be co...

...t;, (u_int) getegid(), strerror(errno)); /* Propagate the privileged uid to all of our uids. */ if (setuid(geteuid()) < 0) debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno)); #endif /* SAVED_IDS_WORK_WITH_SETEUID */ if (setegid(pw->pw_gid) < 0) fatal("setegid %u: %.100s", (u_int) pw->pw_gid, strerror(errno)); if (seteuid(pw->pw_uid) == -1) fatal("seteuid %u: %.100s", (u_int) pw->pw_uid, strerror(errno)); ----- It now loo...

...wap.c 22 Sep 2004 18:17:44 -0000 @@ -200,10 +200,12 @@ permanently_set_uid(struct passwd *pw) fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); #endif +#ifndef HAVE_CYGWIN /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); +#endif /* Verify GID drop was successful */ if (getgid() != pw->pw_gid || getegid() != pw->pw_gid) { -- Corinna Vinschen Cygwin Project Co-Leader R...

Hello list, I run Dovecot with the vpopmail driver and have found that it authenticates against the clear text password in the vpopmail database. Is there a configuration option either at compile time, link time, or a setting in one of the configuration files that tells the program to authenticate against the hash instead of the clear text? -- Eric Broch White Horse Technical Consulting

...on't have to munge any of your tools. > > password_query = > SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS password, > pw_dir as userdb_home, 89 as userdb_uid, 89 as userdb_gid > FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' AND !(pw_gid & > 8) AND !(pw_gid & 2) AND ('%r'!='<webserverip>' or !(pw_gid & 4)) > > pw_gid refers to the the binary vpopmail flags for disable POP, IMAP, > Webmail. > > Rick > When configuring vpopmail for our purposes we use (now) the configuration o...

...;cannot stat chroot directory %s: %s", pw->pw_dir, strerror(errno)); + + if (!S_ISDIR(st.st_mode)) + fatal("%s is not a directory: %s", pw->pw_dir, strerror(errno)); + + /* Drop our privileges */ + debug3("chroot user:group %u:%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); + + /* Change our root directory */ + if (chroot(pw->pw_dir) == -1) + fatal("chroot(\"%s\"): %s", pw->pw_dir, strerror(errno)); + + /* Change dir to prevent chroot break */ + if (chdir("/") == -1) + fatal("chdir(\"/\"): %s", strerror(errno...

...we need to strip */ + { + char *p; + bsduser = xstrdup(user); + if ((p = strchr(user, ':')) != NULL) + *p = '\0'; + } + #endif pw = getpwnam(user); if (!pw || !allowed_user(pw)) do_fake_authloop1(user); *************** *** 482,487 **** --- 500,508 ---- pwcopy.pw_gid = pw->pw_gid; pwcopy.pw_dir = xstrdup(pw->pw_dir); pwcopy.pw_shell = xstrdup(pw->pw_shell); + #if defined(BSD) && BSD >= 199506 + pwcopy.pw_class = xstrdup(pw->pw_class); + #endif pw = &pwcopy; #ifdef USE_PAM *************** *** 508,514 **** (sia_val...

...t;setgid %u: %.100s", (u_int) getegid(), strerror(errno)); --- 85,98 ---- if (setgroups(user_groupslen, user_groups) < 0) fatal("setgroups: %.100s", strerror(errno)); #endif /* !HAVE_CYWIN */ ! #ifdef SAVED_IDS_WORK_WITH_SETEUID ! if (setegid(pw->pw_gid) < 0) ! fatal("setegid %u: %.100s", (u_int) pw->pw_gid, ! strerror(errno)); ! if (seteuid(pw->pw_uid) == -1) ! fatal("seteuid %u: %.100s", (u_int) pw->pw_uid, ! strerror(errno)); ! #else /* SAVED_I...

I downloaded openssh-2.5.1p1 as soon as it was on the ftp servers just to get the setluid patch. After compiling and installing on 5.0.5 I saw that the luid still wasn't being set correctly whether sshd was run from inetd or as a daemon from /etc/rc2.d/. I fiddled around and moved the setluid() stuff up higher in session.c and now luid is now being set correctly. I provided a regular diff

...s: %s", pw->pw_dir, strerror(errno)); + + if (!S_ISDIR(st.st_mode)) + fatal("%s is not a directory: %s", pw->pw_dir, strerror(errno)); + + /* Drop our privileges */ + debug3("chroot user:group %u:%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); + + /* Change our root directory */ + if (chroot(pw->pw_dir) == -1) + fatal("chroot(\"%s\"): %s", pw->pw_dir, strerror(errno)); + + /* Change dir to prevent chroot break */ + if (chdir("/") == -1) + fatal(&quo...

...on to this problem and i found one working for me in dovecot sources edit src/auth/passdb-vpopmail.c than add char *remotehost = net_ip2addr(&auth_request->remote_ip); auth_request_log_info(auth_request, "vpopmail", "remote ip is: %s", remotehost); before if (((vpw->pw_gid & NO_IMAP) != 0 && line than modify the condition line to look like: if (((vpw->pw_gid & NO_IMAP) != 0 && ? ? ? ? ? ? ?strcmp(auth_request->service, "IMAP") == 0 *&& strcmp(remotehost, "127.0.0.1") != 0*) || ? ? ? ? ? ? ((vpw->pw_gid &a...

...password, concat('*:backend=', pw_shell) as userdb_quota_rule, 89 AS userdb_uid, 89 AS userdb_gid, pw_dir AS userdb_home FROM vpopmail LEFT JOIN limits ON vpopmail.pw_domain = limits.domain WHERE pw_name = '%n' AND pw_domain='%d' AND (( '%s' = 'smtp' AND (pw_gid & 2048)<>2048 AND COALESCE(disable_smtp,0)!=1) OR ('%s' = 'pop3' AND (pw_gid & 2)<>2 AND COALESCE(disable_pop,0) != 1 ) OR ('%s' = 'imap' AND ('%r'='192.168.100.1' OR '%r'='192.168.100.2') AND (pw_gid & 4)&lt...

...= NULL) { if (s == 0) printf("Not found\n"); else { errno = s; perror("getpwnam_r"); } exit(EXIT_FAILURE); } printf("Name: %s; UID: %ld GID: %ld\n", pwd.pw_gecos, (long) pwd.pw_uid, (long) pwd.pw_gid); /* process is running as root, drop privileges */ if (getuid() == 0) { if (setgid(pwd.pw_gid) != 0) { perror("setgid: Unable to drop group privileges"); exit(EXIT_FAILURE); } if (setuid(pwd.pw_uid) != 0) { perror(&quo...