similar to: Socket forwarding with non existent remote directories

Hi folks, (3rd time I am sending this message, none of the other appear to have made it through!) Using "OpenSSH_6.9p1 Ubuntu-2ubuntu0.1, OpenSSL 1.0.2d 9 Jul 2015" on the server, "OpenSSH_7.2p2, OpenSSL 1.0.2g 1 Mar 2016" on the client. I am trying to use sshtunnel with StreamLocal forwarding to enable me to connect back to the client's ssh port, without having to

Hi, The code definitely attempts to unlink any old listener beforehand (see misc.c:unix_listener()) so I don't understand why that isn't being called. You might try simulating your configuration using sshd's -T and -C to make sure the flag is correctly being set. Could chroot be interfering? Some platforms implement additional restrictions on devices and sockets inside chroot. -d

https://bugzilla.mindrot.org/show_bug.cgi?id=3140 Bug ID: 3140 Summary: support a token for XDG_RUNTIME_DIR Product: Portable OpenSSH Version: 8.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

Hi *, The problem is most noticeable when a user shares his INBOX[0][1] with others: User A sets his INBOX acls to "eilprwtsd" Now User B can see _all_ sub mailboxes and sub sub [...] mailboxes and their contents of User A: User A: g getacl INBOX * ACL "INBOX" "A at example.com" akxeilprwtscd "B at example.com" eilprwtsd "A at example.com"

The attached patch should solve the following problem: ssh-agent creates a temporary directory under /tmp with '600' permissions. The actual socket file is created in that dir using the default umask. That's no problem in U*X systems since nobody but the owner of the directory can read the socket file. Unfortunately, Windows has a user privilege called "Bypass traverse

Hi Timo, checking my new userdb-checkpassword back end is stumbled across the fact, that the new shared namespace definitions possible in dovecot stop deliver from working. The log says: Oct 15 14:37:43 burlywood3 <info> deliver(2 at burlywood3.rgb)[24502]: Namespace: type=shared, prefix=users/%%u/, sep=/, inbox=no, hidden=no, list=no, subscriptions=no Oct 15 14:37:43 burlywood3

Hi *, I stumbled across a small bug (missing feature?) in the new shared name space stuff: a001 list "" "*" * LIST (\Noselect \HasChildren) "/" "user" * LIST (\Noselect \HasChildren) "/" "user/bob at example.com" * LIST (\HasChildren) "/" "INBOX" * LIST (\HasNoChildren) "/" "INBOX/bar" * LIST

Hi Timo, there is a bug in the acl plugin (in head, _without_ our acl changes), which causes an segfault on selecting a shared folder. * OK [CAPABILITY ...] Dovecot ready. x login 1 at example.com secret x OK [CAPABILITY ...] Logged in y select "users/2 at example.com/INBOX/bla" - Peer has closed the GNUTLS connection The dovecot.log shows a segfault: [...] child 4507

Hi Timo, Hi *, in 1.2 the dict server (tested with sqlite backend) is somewhat broken. It bails out regularly with "Fatal: dict: Socket already exists: ..." (looks like a race condition as it doesn't fail always). We discovered that this new code in dict-server.c seems to be the problem: server->fd = net_listen_unix_unlink_stale(path, 64); if (server->fd == -1) { if

The idea behind this change is to add support for different "ssh-agents" being able to run at the same time. It does not change the current behaviour of the ssh-agent (which will set SSH_AUTH_SOCK just for itself). Neither does it change the behaviour of SSH_AGENT_PID (which still supports only one pid). The new implementation will go through the list of sockets (which are separated by a

Hi Timo, Hi *, was written the other day we started to use Dovecot 1.2 for our Kolab with Dovecot project, but it turned out that there are quite a bunch of issues with 1.2 (which is ok, as it hasn't even been announced as beta till now). We have a customer who should get a first test installation of Kolab with Dovecot in the first week of September and for that we need the features

Hi *, according to RfC4314 the rights argument to the setacl command might be an empty string ("zero right characters"): The third argument is a string containing an optional plus ("+") or minus ("-") prefix, followed by zero or more rights characters. existing clients (horde in particular) actually use this to remove all rights from an user. Currently

In dovecot 1.2 I can create a shared name space like this: namespace shared { separator = / prefix = users/%%u/ location = Maildir:/PATH/TO/spool/%%u/maildir:INDEX=/PATH/TO/spool/%u/maildir/shared_idx subscriptions = no } now, when I subscribe to a shared mailbox of another user with an dot in the users id, like: users/2 at example.com/INBOX/foo and I list my subscribed mailboxes I get:

Hi Timo, when logging out like a001 logout the imap child dies from signal 11. The back trace looks like this: Program received signal SIGSEGV, Segmentation fault. 0xb7ed4991 in strcasecmp () from /lib/tls/i686/cmov/libc.so.6 (gdb) bt #0 0xb7ed4991 in strcasecmp () from /lib/tls/i686/cmov/libc.so.6 #1 0x0806ab6c in command_unregister (name=0x815b9ab "LOGOUT") at commands.c:83 #2

Hi Timo, Hi list, I finally got along to test the current dovecot 1.2 with our Kolab Server. And I'm very excited to see all the cool ACL and shared name spaces stuff upstream, thanks a lot Timo! Anyway I just stumbled across a new bug using our metadata-plugin (which in turn uses the dict back end): Making a few annotations requests after another it stops working. dovecot.log sais

Hi Timo, Hi *, I just recognized that the new imap-acl plugin in dovecot 1.2 does not know the obsolete rights 'd' and 'c' when setting. According to RFC 4314 section 2.1.1.: If a client includes the "d" right in a rights list, then it MUST be treated as if the client had included every member of the "delete" right. and If a client includes

Hi, In dovecot 1.1, I could use DICT_ITERATE_FLAG_RECURSE when iterating over a dict to retrieve all entries that start with a given prefix. This doesn't seem to work anymore in the new dict implementation in dovecot 1.2. Looking at the SQL queries actually generated, it seems as if dovecot 1.1 used to generate queries that use pattern matching (key LIKE "my/prefix/%") whereas

Hi *, and yet another ACL problem. ;-) User A allows User B to access his mailbox foobar: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN] Dovecot ready. l login userA secret l OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT THREAD=REFERENCES MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE

Hi *, when a user A shares his INBOX with another user B, the user B can't access its content: User A: g getacl INBOX * ACL INBOX A at example.com lrswipkxtecda B at example.com lrswipkxtecd g OK Completed User B: l list "" "*" * LIST (\Noselect \HasChildren) "/" "user" * LIST (\Noselect \HasChildren) "/" "user/A at

Specifying a RemoteForward of 0:example.com:1234 dynamically allocates the listen port on the server, and then reports it to ... the client! Where it is practically useless. Was this someone's idea of a joke? Presumably not--there are some technical obstacles to reporting it to the remote process. I'd like to help solve that problem. The natural way to me would be to extend the syntax