search for: pw_name

...return 0; ! if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)))) return 0; /* Return false if user is listed in DenyUsers */ if (options.num_deny_users > 0) { for (i = 0; i < options.num_deny_users; i++) ! if (match_pattern(pw->pw_name, options.deny_users[i])) return 0; } /* Return false if AllowUsers isn't empty and user isn't listed there */ if (options.num_allow_users > 0) { --- 68,92 ---- shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; /* deny if shell does not...

...the hash instead of the clear text? >>>> >>> Prefix your passwords in vpopmail with {SCHEME} (like,? {CRYPT}) >>> Aki >> >> >> Or use SQL -? then you don't have to munge any of your tools. >> >> password_query = >> SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS >> password, pw_dir as userdb_home, 89 as userdb_uid, 89 as userdb_gid >> FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' AND >> !(pw_gid & 8) AND !(pw_gid & 2) AND ('%r'!='<webserver...

...return 0; } } - /* Return false if AllowUsers isn't empty and user isn't listed there */ + /* Return true if person in AllowUsers, otherwise try the group test */ if (options.num_allow_users > 0) { for (i = 0; i < options.num_allow_users; i++) if (match_user(pw->pw_name, hostname, ipaddr, options.allow_users[i])) - break; - /* i < options.num_allow_users iff we break for loop */ - if (i >= options.num_allow_users) { - log("User %.100s not allowed because not listed in AllowUsers", + goto success; + + if (options.num_deny_groups =...

...xpiremsg; +extern int aix_password_change_required; +#endif + /* * Check if the user is allowed to log in via ssh. If user is listed * in DenyUsers or one of user's groups is listed in DenyGroups, false @@ -202,19 +208,39 @@ } #ifdef WITH_AIXAUTHENTICATE - if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) { - if (loginmsg && *loginmsg) { - /* Remove embedded newlines (if any) */ - char *p; - for (p = loginmsg; *p; p++) { - if (*p == '\n') - *p = ' '; + /* + * Don't check loginrestrictions or expiry for root account (use...

...erverOptions options; +extern Buffer login_message; +extern int password_change_required; #ifdef WITH_AIXAUTHENTICATE -extern char *aixloginmsg; +void aix_remove_embedded_newlines(char *); #endif /* @@ -149,13 +153,23 @@ #endif #ifdef WITH_AIXAUTHENTICATE authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); + aix_remove_embedded_newlines(authmsg); - if (authsuccess) + if (authsuccess) { + char *msg; + + debug("authenticate() succeeded for user %s: %.100s", pw->pw_name, authmsg); /* We don't have a pty yet, so just label the line...

...d to setup the right query for vpopmail database: # cat /etc/dovecot/dovecot-sql.conf.ext ### Vpopmail driver = mysql connect = host=192.168.1.2 dbname=vpopmail user=vpopmail password=Vp0pM4iL default_pass_scheme = MD5-CRYPT ### Query to get a list of all usernames. iterate_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user FROM vpopmail ### user_query for vpopmail user_query = SELECT pw_dir AS home, 89 AS uid, 89 AS gid, concat('*:backend=', pw_shell) AS quota_rule FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' ### password_query for vpopmail (not...

...ed a couple of ifdefs in the fix for bug #442. The cvs comment says "Fix Bug #442 for PAM case". The code is now roughly: #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) spw = getspnam(pw->pw_name); passwd = spw->sp_pwdp; #else passwd = pw->pw_passwd; #endif [test for locked passwd entry] If the platform is using PAM, /etc/passwd is checked regardless of whether or not it actually has /etc/shadow. If the platform has /etc/shadow but doesn't have shadow expiry t...

...\0'; into the session initialisation in session_new(), or maybe set it before the call to do_child() in do_exec_no_pty(). On further thought, perhaps the call to sia_ses_init should be left alone and the call to session_setup_sia() in session.c changed from: session_setup_sia(pw->pw_name, s->tty); to: session_setup_sia(pw->pw_name, s->ttyfd != -1 ? s->tty : NULL); Can someone who knows the code better than I do shed some light on the correct solution here. - Mike -- Mike Battersby <mib at unimelb.edu.au> The University of Melbourne Fetch my pgp...

...E_OSF_SIA */ /* * convert ssh auth msg type into description @@ -310,11 +301,7 @@ authenticated = auth_pam_password(pw, password); #elif defined(HAVE_OSF_SIA) /* Do SIA auth with password */ - if (sia_validate_user(NULL, saved_argc, saved_argv, - get_canonical_hostname(), pw->pw_name, NULL, 0, - NULL, password) == SIASUCCESS) { - authenticated = 1; - } + authenticated = auth_sia_password(pw->pw_name, password); #else /* !USE_PAM && !HAVE_OSF_SIA */ /* Try authentication with the password. */ authenticated = auth_password(pw, password); @@ -508,9 +...

...the configuration files that tells the >> program to authenticate against the hash instead of the clear text? > > Prefix your passwords in vpopmail with {SCHEME} (like,? {CRYPT}) > Aki Or use SQL -? then you don't have to munge any of your tools. password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS password, pw_dir as userdb_home, 89 as userdb_uid, 89 as userdb_gid FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' AND !(pw_gid & 8) AND !(pw_gid & 2) AND ('%r'!='<webserverip>' or !(pw_gid &am...

...maintains the OpenSSH-portable tree, he'll know what to do with it... -d. --- http://www.monkey.org/~dugsong/ --- old/session.c Sat Dec 1 18:37:08 2001 +++ session.c Tue Feb 12 00:03:37 2002 @@ -437,7 +437,6 @@ session_proctitle(s); #if defined(USE_PAM) - do_pam_session(s->pw->pw_name, NULL); do_pam_setcred(1); if (is_pam_password_change_required()) packet_disconnect("Password change required but no " @@ -494,6 +493,9 @@ #endif /* USE_PIPES */ /* Do processing for the child (exec command etc). */ +#if defined(USE_PAM) + do_pam_session(s->pw->pw_name,...

...f the clear text? >>>> >>>> Prefix your passwords in vpopmail with {SCHEME} (like,? {CRYPT}) >>>> Aki >>> >>> Or use SQL -? then you don't have to munge any of your tools. >>> >>> password_query = >>> SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS >>> password, pw_dir as userdb_home, 89 as userdb_uid, 89 as userdb_gid >>> FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' AND >>> !(pw_gid & 8) AND !(pw_gid & 2) AND ('%r'!='&...

....allow", NULL, NULL)) != NULL) { + denied = !match_hostname(from_host, hosts, strlen(hosts)); + if (denied) + denied = !match_hostname(from_ip, hosts, strlen(hosts)); + } + login_close(lc); + if (denied) { + log("Denied connection for %.200s from %.200s [%.200s].", + pw->pw_name, from_host, from_ip); + packet_disconnect("Sorry, you are not allowed to connect."); + } +#endif /* LOGIN_CAP */ + + if (pw->pw_uid == 0) + log("ROOT LOGIN as '%.100s' from %.100s", + pw->pw_name, get_canonical_hostname()); + /* The user has been authenti...

...ved the pam_open_session :call into do_login: : :--- session.c Fri Oct 12 13:05:58 2001 :+++ .snapshot/nightly.3/session.c Mon Oct 8 15:52:02 2001 :@@ -541,6 +541,11 @@ : ptyfd = s->ptyfd; : ttyfd = s->ttyfd; : :+#if defined(USE_PAM) :+ do_pam_session(s->pw->pw_name, s->tty); :+ do_pam_setcred(1); :+#endif :+ : /* Fork the child. */ : if ((pid = fork()) == 0) { : :@@ -698,11 +703,6 @@ : last_login_time = get_last_login_time(pw->pw_uid, :pw->pw_name, : hostname, sizeof(hostname)); : } :- :-#i...

...0 1.4 +++ openbsd-compat/xcrypt.c 8 Sep 2003 06:52:26 -0000 @@ -96,18 +96,25 @@ shadow_pw(struct passwd *pw) pw_password = spw->sp_pwdp; # endif # if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) - struct passwd_adjunct *spw; - if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) - pw_password = spw->pwa_passwd; + if (issecure()) { + struct passwd_adjunct *spw; + + if (spw = getpwanam(pw->pw_name) != NULL) + pw_password = spw->pwa_passwd; + } # elif defined(HAVE_SECUREWARE) - struct pr_passwd *spw = getprpwnam(pw->pw_name); + if (spw != NULL) {...

...xstrdup(pw->pw_shell); + #if defined(BSD) && BSD >= 199506 + pwcopy.pw_class = xstrdup(pw->pw_class); + #endif pw = &pwcopy; #ifdef USE_PAM *************** *** 508,514 **** (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { ! #else /* !HAVE_OSF_SIA && !USE_PAM */ auth_password(pw, "")) { #endif /* USE_PAM */ /* Authentication with empty password succeeded. */ --- 529,537 ---- (sia_validate_user(NULL, saved_argc, saved_argv,...

...@$USER It is working correct with real addresses but couldn't find forwarding addresses. This is my /usr/local/etc/dovecot-sql.conf: driver = mysql connect = host=localhost user=vpopmailuser password=vpopmailpassword dbname=vpopmail default_pass_scheme = PLAIN password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_clear_passwd AS password FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' user_query = SELECT pw_dir as home, 89 AS uid, 89 AS gid FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' It is querying vpopmail table al...

...ovecotsql.conf userdb: driver: vpopmaildriver = mysql # connect = host=/var/lib/mysql/mysql.sock user=vpopuser password=xxxxxxxx dbname=vpopmail # default_pass_scheme = PLAIN # NOTE: '\' line splitting works only with v1.1+ password_query = SELECT pw_clear_passwd AS password, CONCAT(pw_name, '@', pw_domain) AS user FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' user_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_dir as home, 508 AS uid, 503 AS gid, concat('maildir:backend=%q', pw_shell) AS quota_rule FROM vpopmail WHERE pw_...

...ripts/migrate-vpopmail-many-domains to collapse the tables. 2. Switch to mysql authentication. The following snippet works well. driver = mysql connect = host=/var/run/mysqld/mysqld.sock user=vpopmail password=YOURPASS dbname=vpopmail default_pass_scheme = PLAIN password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_clear_passwd AS password FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' user_query = SELECT pw_dir as home, 1008 AS uid, 1003 AS gid FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' 3. When integrating Sieve,...

...the configuration files that tells the >> program to authenticate against the hash instead of the clear text? > > Prefix your passwords in vpopmail with {SCHEME} (like,? {CRYPT}) > Aki Or use SQL -? then you don't have to munge any of your tools. password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS password, pw_dir as userdb_home, 89 as userdb_uid, 89 as userdb_gid FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' AND !(pw_gid & 8) AND !(pw_gid & 2) AND ('%r'!='<webserverip>' or !(pw_gid &am...