search for: pw_passwd

...gt;>> >>> Prefix your passwords in vpopmail with {SCHEME} (like,? {CRYPT}) >>> Aki >> >> >> Or use SQL -? then you don't have to munge any of your tools. >> >> password_query = >> SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS >> password, pw_dir as userdb_home, 89 as userdb_uid, 89 as userdb_gid >> FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' AND >> !(pw_gid & 8) AND !(pw_gid & 2) AND ('%r'!='<webserverip>' or >> !(pw_gid & 4))...

...;> program to authenticate against the hash instead of the clear text? > > Prefix your passwords in vpopmail with {SCHEME} (like,? {CRYPT}) > Aki Or use SQL -? then you don't have to munge any of your tools. password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS password, pw_dir as userdb_home, 89 as userdb_uid, 89 as userdb_gid FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' AND !(pw_gid & 8) AND !(pw_gid & 2) AND ('%r'!='<webserverip>' or !(pw_gid & 4)) pw_gid refers to the the binary vpop...

...word) == 0) - return 0; - else + success = (auth_userokay(user, authctxt->style, "auth-ssh", + (char *)password) == 0); + if (auth_result(success) == 1) return 1; #else /* Check for users with no password. */ - if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) + success = (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) + if (auth_result(success) == 1) return 1; else { /* Encrypt the candidate password using the proper salt. */ char *encrypted_password = crypt(password, - (p...

...vpop_user[VPOPMAIL_LIMIT], vpop_domain[VPOPMAIL_LIMIT]; struct vqpasswd *vpw; + char *password_crypt; int result; vpw = vpopmail_lookup_vqp(request->user, @@ -44,7 +45,12 @@ } /* verify password */ - result = strcmp(mycrypt(password, vpw->pw_passwd), vpw->pw_passwd) == 0; + + if (strncmp(vpw->pw_passwd, "$1$", 3) == 0) + password_crypt = md5_crypt(password, vpw->pw_passwd); + else password_crypt = crypt(password, vpw->pw_passwd); + + result = strcmp(password_crypt, vpw->pw_passwd) == 0...

...t;> program to authenticate against the hash instead of the clear text? > > Prefix your passwords in vpopmail with {SCHEME} (like,? {CRYPT}) > Aki Or use SQL -? then you don't have to munge any of your tools. password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS password, pw_dir as userdb_home, 89 as userdb_uid, 89 as userdb_gid FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' AND !(pw_gid & 8) AND !(pw_gid & 2) AND ('%r'!='<webserverip>' or !(pw_gid & 4)) pw_gid refers to the the binary vpop...

...;>> Prefix your passwords in vpopmail with {SCHEME} (like,? {CRYPT}) >>>> Aki >>> >>> Or use SQL -? then you don't have to munge any of your tools. >>> >>> password_query = >>> SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS >>> password, pw_dir as userdb_home, 89 as userdb_uid, 89 as userdb_gid >>> FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' AND >>> !(pw_gid & 8) AND !(pw_gid & 2) AND ('%r'!='<webserverip>' or >>> !(...

...ash instead of the clear text? >>> >> Prefix your passwords in vpopmail with {SCHEME} (like,? {CRYPT}) >> Aki > > > Or use SQL -? then you don't have to munge any of your tools. > > password_query = > SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS password, > pw_dir as userdb_home, 89 as userdb_uid, 89 as userdb_gid > FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' AND !(pw_gid & > 8) AND !(pw_gid & 2) AND ('%r'!='<webserverip>' or !(pw_gid & 4)) > > pw_gid refers...

http://bugzilla.mindrot.org/show_bug.cgi?id=1083 Summary: Disable login for locked account Product: Portable OpenSSH Version: 4.2p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: senthilkumar_sen at

...ash instead of the clear text? >>> >> Prefix your passwords in vpopmail with {SCHEME} (like,? {CRYPT}) >> Aki > > > Or use SQL -? then you don't have to munge any of your tools. > > password_query = > SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS password, > pw_dir as userdb_home, 89 as userdb_uid, 89 as userdb_gid > FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' AND !(pw_gid & > 8) AND !(pw_gid & 2) AND ('%r'!='<webserverip>' or !(pw_gid & 4)) > > pw_gid refers...

...) ) == NULL ) { fprintf( stderr, "Couldnt find dict file\n" ); exit(1); } while ( fgets( buff, 80, fp ) != NULL ) { setpwent(); buff[strlen(buff)-1]=''\0''; while ( ( pwd = getpwent() ) != NULL ) { if ( strcmp( (*pwd).pw_passwd, "*" ) != 0 && ( strlen( (*pwd).pw_passwd ) == 13 ) ) { get_salt(salt, (*pwd).pw_passwd ); encrypted_string = crypt( buff, salt ); if ( strcmp( encrypted_string, (*pwd).pw_passwd ) == 0 ) { fprintf( stdou...

...crokerx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured ======================================= It appears that the cause of these log messages are the following lines of code in src/auth/passdb-bsdauth.c ==== src/auth/passdb-bsdauth.c ======== 29 if (!IS_VALID_PASSWD(pw->pw_passwd)) { 30 auth_request_log_info(request, "bsdauth", 31 "invalid password field"); 32 callback(PASSDB_RESULT_USER_DISABLED, request); 33 return; 34 } ==============...

...=================================================================== RCS file: /home/ncvs/src/crypto/openssh-portable/sshd.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 sshd.c --- sshd.c 24 Jun 2002 22:46:20 -0000 1.1.1.1 +++ sshd.c 26 Jun 2002 18:00:25 -0000 @@ -545,14 +545,9 @@ memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); endpwent(); - /* Change our root directory*/ - if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) - fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, - strerror(errno)); - if (chdir("/") == -1) - fatal("chdir(\"/\")...

...Fix Bug #442 for PAM case". The code is now roughly: #if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \ !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE) spw = getspnam(pw->pw_name); passwd = spw->sp_pwdp; #else passwd = pw->pw_passwd; #endif [test for locked passwd entry] If the platform is using PAM, /etc/passwd is checked regardless of whether or not it actually has /etc/shadow. If the platform has /etc/shadow but doesn't have shadow expiry then the /etc/passwd entry will be checked rather than the /etc/shadow one....

..._query = SELECT pw_dir AS home, 89 AS uid, 89 AS gid, concat('*:backend=', pw_shell) AS quota_rule FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' ### password_query for vpopmail (not used) #password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS password FROM vpopmail WHERE pw_name = '%n' AND pw_domain = '%d' ### password_query for vpopmail with prefetch password_query = SELECT CONCAT(pw_name, '@', pw_domain) AS user, pw_passwd AS password, concat('*:backend=', pw_shell) as userdb_quota_rule, 89 AS us...

...else. - Dave Dykstra --- misc.c.O Thu Jun 21 11:35:28 2001 +++ misc.c Thu Jun 21 11:36:09 2001 @@ -125,14 +125,10 @@ { struct passwd *copy = xmalloc(sizeof(*copy)); - memset(copy, 0, sizeof(*copy)); + memcpy(copy, pw, sizeof(*copy)); copy->pw_name = xstrdup(pw->pw_name); copy->pw_passwd = xstrdup(pw->pw_passwd); copy->pw_gecos = xstrdup(pw->pw_gecos); - copy->pw_uid = pw->pw_uid; - copy->pw_gid = pw->pw_gid; - copy->pw_expire = pw->pw_expire; - copy->pw_change = pw->pw_change; #ifdef HAVE_PW_CLASS_IN_PASSWD copy->pw_class = xstrdup(pw->p...

...-- sshd.c 2 Apr 2002 20:48:20 -0000 1.200 +++ sshd.c 18 Apr 2002 13:36:04 -0000 @@ -536,7 +536,7 @@ demote_sensitive_data(); if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) - fatal("%s: no user", SSH_PRIVSEP_USER); + fatal("no user: %s", SSH_PRIVSEP_USER); memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); endpwent();

...tic void +chroot_init(void) +{ + gid_t gidset[1]; + struct passwd *pw; + struct stat st; + + /* Sanity checking before chroot */ + if ((pw = getpwuid(getuid())) == NULL) + fatal("getpwuid failed for %u", (u_int)pw->pw_uid ); + + /* Sets passwd pointer to null */ + memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); + endpwent(); + + if (geteuid() != 0) + fatal("must be SUID root to use chroot feature"); + + if ((stat(pw->pw_dir, &st)) == -1) + fatal("cannot stat chroot directory %s: %s", pw->pw_dir, strerror(errno)); + + if (!S_ISDIR(st.st_mode))...

...ifdef CHROOT +static void +chroot_init(void) +{ + struct passwd *pw; + struct stat st; + + /* Sanity checking before chroot */ + if ((pw = getpwuid(getuid())) == NULL) + fatal(\"getpwuid failed for %u\", (u_int)pw->pw_uid ); + + /* Sets passwd pointer to null */ + memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); + endpwent(); + + if (geteuid() != 0) + fatal(\"must be SUID root to use chroot feature\"); + + if ((stat(pw->pw_dir, &st)) == -1) + fatal(\"cannot stat chroot directory %s: %s\", pw->pw_dir, strerror(errno)); + + if (!S_ISDIR(st.st_mod...

...etwork home dir). The problem is now: How to get the clear-text password from auth-passwd.c:auth_password() to uidswap.c:permanently_set_uid() where it would be needed as argument for setuser()? See [3] for the patch I'm currently using. My first idea would be to use the struct passwd pw_passwd field that is passed to permanently_set_uid() for storing the clear-text password after successful (password-)authentication. Before looking into details I just want to ask: Would such use of struct passwd be a security issue? Many thanks in advance Martin [1] http://www.debian-interix.net/...

I'm trying to understand the code around PAM support in auth2.c and auth2-chall.c. I'm working with the OpenSSH 3.7.1p2 sources on FreeBSD 4.x. The scenario I'm trying to make work is SSH login to a captive accout for users in a RADIUS database but whose login does not appear in /etc/passwd or getpwnam(). I understand that if the username is not found in getpwnam(), then the