Juerd said the following on 24/11/2005 12:03:
> Robin Bowes skribis 2005-11-24 11:50 (+0000):
>
>>$ perl -e 'printf "%s\0%s\0Y123456\0","[EMAIL PROTECTED]","password"'
>>robin.compasswordY123456
>>i.e. the @ sign causes something funny to happen and truncate the email
>>address. Note that the full email address is required for vpopmail.
>
>
> Taking into account that it's perl you're using, there's nothing funny
> going on.
I know, I used "funny" to mean "I'm sure this is correct but I can't
explain it at the present time.
>
> @robinbowes is interpreted as an array, and interpolated as such. The
> array doesn't exist, so it is expanded to an empty string.
Ah, of course.
> The solution is to escape the @:
>
> perl -e'..., "[EMAIL PROTECTED]", ...'
>
> or to use single quotes:
>
> perl -e'..., [EMAIL PROTECTED], ...'
> # q[] is an alternative single quote, used because '' would break
> # the shell quoting
I tried escaping, and whilst that works on the command line, it didn't
work in the auth_checkpassword plugin. Specifically, I tried the
following code:
my $binary = $self->qp->config("smtpauth-checkpassword")
or return (DECLINED);
return (DECLINED) if ( !-x $binary );
my ($untainted) = $binary =~ /^(.*)$/;
warn "binary: $binary\n";
warn "untainted: $untainted\n";
warn "user: $user\n";
warn "passClear: $passClear\n";
# quote any @ char in the login
$user =~ s/([EMAIL PROTECTED])/\\$1/g;
warn "modified user: $user\n";
open( CPW, "|$untainted 3<&0" );
printf( CPW "%s\0%s\0Y123456\0", $user, $passClear );
close(CPW);
And I get the following output in the debug log:
2005-11-24 12:13:54.830430500 27331 running plugin (auth-login):
auth::auth_vchkpw
2005-11-24 12:13:54.830795500 27331 trying to get config for
smtpauth-checkpassword
2005-11-24 12:13:54.831011500 binary: /home/vpopmail/bin/vchkpw
2005-11-24 12:13:54.831060500 untainted: /home/vpopmail/bin/vchkpw
2005-11-24 12:13:54.831103500 user: [EMAIL PROTECTED]
2005-11-24 12:13:54.831207500 passClear: password
2005-11-24 12:13:54.831285500 modified user: [EMAIL PROTECTED]
2005-11-24 12:13:54.839295500 user invalid robin\
So, somewhere along the way the login name is getting checked and
failing because of the backslash.
I tried modifying the print line to:
print CPW $user . "\0" . $passClear . "\0" . 'Y123456' . "\0";
But still no joy.
> The warning mechanism (-w) would have warned you:
>
> Possible unintended interpolation of @robinbowes in string at -e line 1.
> Name "main::robinbowes" used only once: possible typo at -e line 1.
auth_checkpassword has perl -w in the shebang but i didn't see any
warnings in the logs.
R.
--
http://robinbowes.com
If a man speaks in a forest,
and his wife's not there,
is he still wrong?
