Henry Baragar wrote:Right now I am confused by a number of things (any or all of which might not be related):
Two questions...
1. Have you tried running checkvpw from the command line to see what it says? Maybe you'll get a bit more information.
Great suggestion. I have a tendency to overlook the obvious, like reading the man pages and testing from the command line.
I setup some environment variables:
export TCPLOCALHOST=10.200.1.2;export USER=zackynet;export HOME=/var/vmail/zackynet/
checkvpw tests okay:
[EMAIL PROTECTED] root]# printf "zackynet-jztest\0testpass\0Y123456\0" | /usr/local/bin/checkvpw echo SUCCESS maildir 3<&0; echo $?
SUCCESS ./users/jztest
0
checkvpw and pop3d test okay:
[EMAIL PROTECTED] root]# printf "zackynet-jztest\0testpass\0Y123456\0" | /usr/local/bin/checkvpw /var/qmail/bin/qmail-pop3d maildir 3<&0; echo $?
+OK
0
No luck with bincimap though (The +lines are from bincauthwrap - I have debug turned on):
[EMAIL PROTECTED] root]# printf "zackynet-jztest\0testpass\0Y123456\0" | /usr/local/bin/checkvpw /var/qmail/bin/bincauthwrap /var/qmail/bin/bincimapd maildir 3<&0; echo $?
+ export MAILDIR=./users/jztest
+ MAILDIR=./users/jztest
+ cd /var/vmail/zackynet/./users/jztest
+ exec /var/qmail/bin/bincimapd ./users/jztest
111
1. What is the purpose of bincauthwrap? What does 'printf "zackynet-jztest\0testpass\0Y123456\0" | /usr/local/bin/checkvpw /var/qmail/bin/bincauthwrap echo "WRAP TRUE" 3<&0; echo $?' give?
2. Why do you 'cd "$HOME"/"$2"'? Does checkvpw not already do this? Then, why do you tell bincimapd to use '$2' as the maildir? And don't you need to use an option letter (I can't tell from a quick glance at the source)? If it is ignoring the overide, then binc might be looking for a "Maildir" subdirectory which was specified in the config file (I have not done any research to confirm this).
3. While trying to investigate whats really going on, I went back and looked at the strace file you posted. Contrary to what was posted before, it seems that checkvpw did succeed for process 11013. The thing I find strange is that checkvpw was called three times as indicated by processes 10976, 10999, 11013. The 11013 process actually calls /var/qmail/bin/bincauthwrap which calls (process 11014) which calls /var/qmail/bin/bincimapd (later in 11014). bincimapd does not seem to do much (a buch of memory allocations) before exiting. So, now I am really confused!-)
However, bincimap-up does a suid from root to nobody (your "jail user" in the config file).2. Is checkvpw suid root? Note that DJB's checkpassword needs to be suid root for Binc, which is fine because it takes great care to ensure the user has authenticated before executing a command. I haven't looked at checkvpw to see what it does to ensure that it can not be used to gain arbitrary access to your system.
Regards, Henry
Neither of them are suid root. But I'm testing them as root and tcpserver is running as root and bincimap works fine with non-virtual domains.
Thanks for the suggestions, they've pointed me in a good direction.
Cheers, Joe
This time to the mailing list, so Joe I appologize for you getting this message twice.
Henry:-)
-- Henry Baragar Principal, Technical Architecture 416-453-5626 Instantiated Software Inc. http://www.instantiated.ca
