On Thu, Apr 29, 2004 at 09:30:30AM -0700, Joe Zacky wrote: > >..so.. it just can't verify the password for some reason, although the > >setgid(), setuid() and chdir() to zackynet's home directory succeeds. > > > >A suggestion is to strace -fFp the pop3 tcpserver and compare the > >corresponding part of checkvpw there. > > Yes, I did do a full trace of both bincimap and pop3d with full 4096 > character strings. What I found was the pop3d read the cdb database > until it found the correct user entry - 3 reads. The bincimap trace > showed the correct entry was never read from the cdb. It stopped before > it found the entry after 2 reads as shown above. I tried to gdb debug it > but got completely confused.
Ok. Hm. gdb could've helped, but only if source files were readily available and set up in the proper directories, otherwise it wouldn't give much, but confusion. :) pop3d itself doesn't read passwd.cdb, instead it's of course checkvpw doing the work of authenticating the user. Deduction gives that the only other real error source is input to checkvpw - what does the timestamp look like in the popup and bincimap-up cases, respectively? Does either of them send any "more data" after the timestamp which is terminated by \0 ? //Peter
