Re: ideas needed for password management

2020-09-23 Thread Mitchell Riedstra 


> However, I now have the problem of allowing users setting and
> modifying their own passwords (perhaps even their usernames) without
> giving them ssh access to the host.

It will be a bit more tricky if you want them to be able to change
their usernames and such, but it's possible to modify sshd to force a
command for a specific group.

For instance if you create a group 'passwdonly', add the users to it,
and place a:

Match Group passwdonly
ForceCommand /usr/bin/passwd

At the bottom of /etc/ssh/sshd_config it makes the only thing they can
do when they SSH is to be able to change their password.

If you have password authentication turned off you can turn it on for
that specific group as well.

You can also write a custom script to prompt them for what they wish to
do, change their username and such and force that to be the command.


> I set up a simple mail server on OpenBSD on a VPS, based on OpenSMTP
> and Dovecot. The users will be the Unix users on the VPS for
> simplicity.

In this instance, if you wish to expose a web interface for changing
of usernames and passwords, going with virtual users backed by
a SQL database may be easier and less likely to compromise the host.

I know you had mentioned not having a lot of experience in this area,
but if it's a hobby the bit of programming involved may be fun.

I hope this helps.

--
Mitch Riedstra

Re: ideas needed for password management

2020-09-23 Thread Hakan E. Duran 
Thank you Mitch for the ideas! Please see below:

On 20/09/23 10:30PM, Mitchell Riedstra wrote:
>
> > However, I now have the problem of allowing users setting and
> > modifying their own passwords (perhaps even their usernames) without
> > giving them ssh access to the host.
>
> It will be a bit more tricky if you want them to be able to change
> their usernames and such, but it's possible to modify sshd to force a
> command for a specific group.
>
> For instance if you create a group 'passwdonly', add the users to it,
> and place a:
>
> Match Group passwdonly
>   ForceCommand /usr/bin/passwd
>
> At the bottom of /etc/ssh/sshd_config it makes the only thing they can
> do when they SSH is to be able to change their password.
>
> If you have password authentication turned off you can turn it on for
> that specific group as well.
>
> You can also write a custom script to prompt them for what they wish to
> do, change their username and such and force that to be the command.
>
I learned a lot from these few lines and I appreciate that. The users of
this service will not know what ssh is and they will probably do most of
the tasks by their smartphones. That's why I am guessign the web interface
may be the most extreme they may tolerate, lol.
>
> > I set up a simple mail server on OpenBSD on a VPS, based on OpenSMTP
> > and Dovecot. The users will be the Unix users on the VPS for
> > simplicity.
>
> In this instance, if you wish to expose a web interface for changing
> of usernames and passwords, going with virtual users backed by
> a SQL database may be easier and less likely to compromise the host.
>
> I know you had mentioned not having a lot of experience in this area,
> but if it's a hobby the bit of programming involved may be fun.

It looks like I gotta do some reading to learn how to do this. I wonder
if Rainloop would be simpler or more work. I guess I am a lazy hobbyist,
lol!

Thanks again for the brainstorming, I truly appreciate it.

Hakan


signature.asc
Description: PGP signature

ideas needed for password management

2020-09-23 Thread Hakan E. Duran 
Dear all,

I set up a simple mail server on OpenBSD on a VPS, based on OpenSMTP and 
Dovecot. The users will be the Unix users on the VPS for simplicity. However, I 
now have the problem of allowing users setting and modifying their own 
passwords (perhaps even their usernames) without giving them ssh access to the 
host. I don't have technical background and training for this type of work; 
however, I love doing this, please be gentle with me. The mail server is a 
hobby that is intended for family and a few friends, and is not mission 
critical.

I thought something like Webmin could work for this purpose, but without root 
access of course. However, I am not sure if such a tool exists. Any other ideas 
are welcome.

Thank you so much in advance for your suggestions.

Hakan

Re: UTF-8 problem with php-7.4

2020-09-23 Thread Andrew Hewus Fresh 
On Wed, Sep 23, 2020 at 09:11:44AM +0200, Boudewijn Dijkstra wrote:
> Op Thu, 10 Sep 2020 04:01:30 +0200 schreef Bambero :
> > Hi,
> > 
> > It seems that perl regular expressions lost one polish letter (ą):
> > https://www.compart.com/en/unicode/U+0105
> > 
> > I can see this problem only under OpenBSD 6.7 with php-7.4 (same version
> > of php under linux is OK)
> > 
> > Ex.:
> > 
> > PHP 7.4.10 or 7.4.5
> >  > int(1) // OK
> > 
> > PHP 7.4.10 or 7.4.5
> >  > int(0) // UPS???
> > 
> > PHP 7.3.21
> >  > int(1) // OK
> > 
> > PHP 7.3.21
> >  > int(1) // OK
> > 
> > Any ideas how to fix that?
> > 
> > Regards,
> > Bambero
> 
> The same happens with any UTF-8 sequence that ends in 0x85.  I guess (a part
> of) PHP's PCRE code is not in UTF-8 mode, causing triggers on CHAR_NEL
> (=0x85).


I don't know a lot about PHP or the external PCRE library, but my guess
would be that php is treating the string as bytes not characters.  Can
you try using the "u" (PCRE_UTF8) modifier?

https://www.php.net/manual/en/reference.pcre.pattern.modifiers.php



> for ($i = 0x75; $i <= 0x825; $i++) {
> $u = mb_chr($i);
> $str = 'dasw' . $u . 'zdas';
> $r = preg_match('/^.{5,64}$/', $str);
> if ($r == 0) {
> printf("%04x:", $i);
> for ($j = 0; $j < strlen($u); $j++) {
> $b = ord(substr($str, 4 + $j));
> printf(" %02x", $b);
> }
> printf(": %s\n", $str);
> }
> }
> 
> 
> -- 
> Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
>

Re: webcam fixes and changes in -current

2020-09-23 Thread Jan Stary 
On Aug 29 18:06:32, lau...@tratt.net wrote:
> Lots of us have to use webcams more than we used to. There have been some
> recent changes in OpenBSD support for webcams that some might find useful.
> Most of the hard work was done by Marcus Glocker, with input from Ingo
> Feinerer, sc.dying, and myself.

Thanks to all! The uvideo on my old MacBook1,1
(dmesg below) is back, for instance.

It attaches in a strange way on boot:

uvideo0 at uhub0 port 4 configuration 1 interface 0 "Apple Computer Bluetooth" 
rev 2.00/0.0c addr 2
uvideo0 detached
uvideo0 at uhub0 port 4 configuration 1 interface 0 "Micron Built-in iSight" 
rev 2.00/1.84 addr 2
video0 at uvideo0

Does the device attach as bluetooth first,
and the kernel later decides it is a camera?

This is how it used to work on these macbooks for me,
and it got broken some weeks ago; now video(4) is back.


$ video -q
video device /dev/video:
  encodings: uyvy
  frame sizes (width x height, in pixels) and rates (in frames per second):
320x240: 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 
30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30
352x288: 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 
30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30
640x480: 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 
30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30
  controls: brightness, saturation, gamma, sharpness

The repetition of the 30 (fps) seems strange
- perhaps there is some quirk in getting the list
of the camera's supported frame rates.


$ video -c
video: VIDIOC_G_CTRL: Invalid argument
brightness=63
saturation=5
gamma=100
sharpness=3


Capturing doesn't work though:

$ video -v
video device /dev/video:
  encodings: uyvy
  frame sizes (width x height, in pixels) and rates (in frames per second):
320x240: 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 
30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30
352x288: 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 
30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30
640x480: 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 
30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30, 30
  controls: brightness, saturation, gamma, sharpness
Xv adaptor 0, Intel(R) Textured Video:
  encodings: yuy2, uyvy, yv12
  max size: 1280x800
using uyvy encoding
using frame size 640x480 (614400 bytes)
using default frame rate
video: VIDIOC_G_CTRL: Invalid argument
video: ioctl VIDIOC_DQBUF: Invalid argument


The first error shows immediately after start,
the camera led lights up, and a black rectangle is shown;
after a few seconds, video(1) emits the second message
and exits with an exit value of 1.

Jan


OpenBSD 6.8-beta (GENERIC.MP) #0: Wed Sep 23 13:07:51 CEST 2020
h...@mb32.stare.cz:/usr/src/sys/arch/i386/compile/GENERIC.MP
real mem  = 2113323008 (2015MB)
avail mem = 2058436608 (1963MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 07/29/05, SMBIOS rev. 2.4 @ 0xe7490 (36 entries)
bios0: vendor Apple Computer, Inc. version "MB11.88Z.0061.B03.0610121324" date 
10/12/06
bios0: Apple Computer, Inc. MacBook1,1
acpi0 at bios0: ACPI 3.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT
acpi0: wakeup devices ADP1(S3) LID0(S3) PXS1(S4) PXS2(S4) USB1(S3) USB2(S3) 
USB3(S3) USB4(S3) USB7(S3) EC__(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Genuine Intel(R) CPU T2500 @ 2.00GHz ("GenuineIntel" 686-class) 2 GHz, 
06-0e-08
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,NXE,PERF,SENSOR,MELTDOWN
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 166MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Genuine Intel(R) CPU T2500 @ 2.00GHz ("GenuineIntel" 686-class) 2 GHz, 
06-0e-08
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,NXE,PERF,SENSOR,MELTDOWN
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins, remapped
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (RP01)
acpiprt2 at acpi0: bus 2 (RP02)
acpiprt3 at acpi0: bus 3 (PCIB)
acpisbs0 at acpi0: SBS0 model "ASMB016" serial 35580 type LION oem "DP"
acpiac0 at acpi0: AC unit online
acpibtn0 at acpi0: LID0
"APP0002" at acpi0 not configured
acpibtn1 at acpi0: PWRB
acpibtn2 at acpi0: SLPB
"PNP0A08" at acpi0 not configured
asmc0 at acpi0:

Re: [www] OpenBGPD: wrong release date for 6.7p0

2020-09-23 Thread Stuart Henderson 
On 2020-09-23, Alex Naumov  wrote:
> Hi,
> there is a typo on the ftp.html page.
> OpenBGPD 6.7p0 was released in 2020, not 2019.
>
> Cheers,
> Alex
>

Thanks, fixed.

Re: UTF-8 problem with php-7.4

2020-09-23 Thread Boudewijn Dijkstra 

Op Thu, 10 Sep 2020 04:01:30 +0200 schreef Bambero :

Hi,

It seems that perl regular expressions lost one polish letter (ą):
https://www.compart.com/en/unicode/U+0105

I can see this problem only under OpenBSD 6.7 with php-7.4 (same version  
of php under linux is OK)


Ex.:

PHP 7.4.10 or 7.4.5


The same happens with any UTF-8 sequence that ends in 0x85.  I guess (a  
part of) PHP's PCRE code is not in UTF-8 mode, causing triggers on  
CHAR_NEL (=0x85).


for ($i = 0x75; $i <= 0x825; $i++) {
$u = mb_chr($i);
$str = 'dasw' . $u . 'zdas';
$r = preg_match('/^.{5,64}$/', $str);
if ($r == 0) {
printf("%04x:", $i);
for ($j = 0; $j < strlen($u); $j++) {
$b = ord(substr($str, 4 + $j));
printf(" %02x", $b);
}
printf(": %s\n", $str);
}
}


--
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/

Re: OpenDNSSEC signer engine: Bus error: How to get debug information?

2020-09-23 Thread Why 42? The lists account. 


Hi All,

By the way, I just wanted to say how great this is.
I have problem, I ask for help, I get (good) help. With relative easy I
can build the necessary debugging tool and use it to find out that the OS
has helped to identify a problem in the application.

Pretty nice and not necessarily my everyday experience in IT.

Thanks again.

Cheers,
Robb.

[www] OpenBGPD: wrong release date for 6.7p0

2020-09-23 Thread Alex Naumov 
Hi,
there is a typo on the ftp.html page.
OpenBGPD 6.7p0 was released in 2020, not 2019.

Cheers,
Alex

Re: Nextcloud large file downloads fail (httpd, postgresql, php7.3)

2020-09-23 Thread Stuart Henderson 
On 2020-09-22, Unicorn  wrote:
> Hello,
>
> I have been encoutering this issue on several machines and have not
> been able to locate the cause even after days worth of searching, let
> alone find a solution (although I tried many things).

It would be a good start to narrow down whether the problem occurs
in httpd or nextcloud/php - maybe try apache-httpd or nginx to do this?