Re: [vchkpw] [SPAM] Password strength bug
Il 15/09/2015 15:03, Drew Wells ha scritto: On 09/15/2015 11:00 AM, Tonix - Antonio Nati wrote: Il 15/09/2015 11:03, Drew Wells ha scritto: In vpopmail-5.5.0 there seems to be a bug in vpopmail.c where the password strength is checked even if a password isn't used (such as when -e is used to add the encrypted password). Patch attached. I do not understand the problem. Of course password strenght is checked every time, and if it founds a null/empty password it gives error back if password must have a minimum lenght. Your patch instead permit to have null password even if strenght policy would not allow it. Regards, Tonino The problem is is that vadduser.c can call vadduser() (in vpopmail.c) without a password. It does this in the situation where vadduser.c has had the options "-e" or "-n" passed to it, so if this is the case the password can't be checked againts the password strength rules. The underlying function vadduser() needs to be able to add a user with no password. I realize additional controls are done before calling vadduser(); but I personally would prefer an explicit parameter added to vadduser for avoiding password check (it may be a further parameter having default = "check"). It would make developers more protected against unwanted security bugs. Regards, Tonino -- Inter@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it !DSPAM:55f82abc41552085678254!
Re: [vchkpw] [SPAM] valias remove alias
On 09/15/2015 02:26 PM, Alessio Cecchi wrote: Il 15/09/2015 15:10, Drew Wells ha scritto: On 09/15/2015 11:06 AM, Alessio Cecchi wrote: Il 15/09/2015 11:22, Drew Wells ha scritto: In vpopmail-5.5.0 (and I think all 5.4.x) Hi Drew, I suggest to install (and debug) vpopmail-5.4.33 that is more stable, reliable (and recent) than 5.5.0. Whan I try to use 5.5.0 I found many bug and problems tha new features. Why you need vpopmail-5.5.0 ? I have been using vpopmail-5.4.x (currently vpopmail-5.4.33) for years and have always added this patch, so in an attempt get 5.5.0 towards stable I thought I'd send this patch. This patch is also applicable to the 5.4.x branch. The reason I want to use 5.5.0 is the shared library support which means I don't need to recompile netqmail and dovecot (and others) each time I make changes to vpopmail. I've not found that many bugs with vpopmail-5.5.0 to be honest. I remember some problems with vpopmaild (that I'm using for password change via webmail), with large quota size, and a missing flag in MySQL limits for disable_maildrop. Vpomail-5.5.0 was started from 5.4.28 so change from 5.4.29 to 5.4.33 are missing (please correct me if I'm wrong). If you have others useful patch for vpopmail-5.4 you are welcome :-) Thanks If that is the case (the missing 5.4.29 -> 5.4.33 changes) I'll have a look and get those changes into 5.5.0, I'd really like to use the shared library support. !DSPAM:55f81f7741555484815027!
Re: [vchkpw] [SPAM] valias remove alias
Il 15/09/2015 15:10, Drew Wells ha scritto: On 09/15/2015 11:06 AM, Alessio Cecchi wrote: Il 15/09/2015 11:22, Drew Wells ha scritto: In vpopmail-5.5.0 (and I think all 5.4.x) Hi Drew, I suggest to install (and debug) vpopmail-5.4.33 that is more stable, reliable (and recent) than 5.5.0. Whan I try to use 5.5.0 I found many bug and problems tha new features. Why you need vpopmail-5.5.0 ? I have been using vpopmail-5.4.x (currently vpopmail-5.4.33) for years and have always added this patch, so in an attempt get 5.5.0 towards stable I thought I'd send this patch. This patch is also applicable to the 5.4.x branch. The reason I want to use 5.5.0 is the shared library support which means I don't need to recompile netqmail and dovecot (and others) each time I make changes to vpopmail. I've not found that many bugs with vpopmail-5.5.0 to be honest. I remember some problems with vpopmaild (that I'm using for password change via webmail), with large quota size, and a missing flag in MySQL limits for disable_maildrop. Vpomail-5.5.0 was started from 5.4.28 so change from 5.4.29 to 5.4.33 are missing (please correct me if I'm wrong). If you have others useful patch for vpopmail-5.4 you are welcome :-) Thanks -- Alessio Cecchi https://www.linkedin.com/in/alessice !DSPAM:55f81c8341552100219033!
Re: [vchkpw] [SPAM] valias remove alias
On 09/15/2015 11:06 AM, Alessio Cecchi wrote: Il 15/09/2015 11:22, Drew Wells ha scritto: In vpopmail-5.5.0 (and I think all 5.4.x) Hi Drew, I suggest to install (and debug) vpopmail-5.4.33 that is more stable, reliable (and recent) than 5.5.0. Whan I try to use 5.5.0 I found many bug and problems tha new features. Why you need vpopmail-5.5.0 ? I have been using vpopmail-5.4.x (currently vpopmail-5.4.33) for years and have always added this patch, so in an attempt get 5.5.0 towards stable I thought I'd send this patch. This patch is also applicable to the 5.4.x branch. The reason I want to use 5.5.0 is the shared library support which means I don't need to recompile netqmail and dovecot (and others) each time I make changes to vpopmail. I've not found that many bugs with vpopmail-5.5.0 to be honest. !DSPAM:55f818ba41551449159681!
Re: [vchkpw] [SPAM] Password strength bug
On 09/15/2015 11:00 AM, Tonix - Antonio Nati wrote: Il 15/09/2015 11:03, Drew Wells ha scritto: In vpopmail-5.5.0 there seems to be a bug in vpopmail.c where the password strength is checked even if a password isn't used (such as when -e is used to add the encrypted password). Patch attached. I do not understand the problem. Of course password strenght is checked every time, and if it founds a null/empty password it gives error back if password must have a minimum lenght. Your patch instead permit to have null password even if strenght policy would not allow it. Regards, Tonino The problem is is that vadduser.c can call vadduser() (in vpopmail.c) without a password. It does this in the situation where vadduser.c has had the options "-e" or "-n" passed to it, so if this is the case the password can't be checked againts the password strength rules. The underlying function vadduser() needs to be able to add a user with no password. !DSPAM:55f8173d41558919512318!
Re: [vchkpw] [SPAM] Segmentation fault in vadduser
Yes, I know - that's I did some work on 5.5.0 and fixed the segmentation fault to try and get it closer to stable. On 09/15/2015 10:39 AM, Thibault Richard wrote: This is probably why the 5.4.0 is still not considered as stable (the latest stable version is still 5.4.33) -Original Message- From: Drew Wells [mailto:drew-vpopm...@elysium.ltd.uk] Sent: Tuesday 15 September 2015 11:19 To: vchkpw@inter7.com Subject: [vchkpw] [SPAM] Segmentation fault in vadduser In vpopmail-5.5.0 there seems to be a bug in vadduser that causes a segmentation fault when a password does not pass the password_strength rules. Patch attached. !DSPAM:55f8140941551047816349!
Re: [vchkpw] [SPAM] valias remove alias
Il 15/09/2015 11:22, Drew Wells ha scritto: In vpopmail-5.5.0 (and I think all 5.4.x) Hi Drew, I suggest to install (and debug) vpopmail-5.4.33 that is more stable, reliable (and recent) than 5.5.0. Whan I try to use 5.5.0 I found many bug and problems tha new features. Why you need vpopmail-5.5.0 ? -- Alessio Cecchi https://www.linkedin.com/in/alessice !DSPAM:55f7edb641552122517293!
Re: [vchkpw] [SPAM] Password strength bug
Il 15/09/2015 11:03, Drew Wells ha scritto: In vpopmail-5.5.0 there seems to be a bug in vpopmail.c where the password strength is checked even if a password isn't used (such as when -e is used to add the encrypted password). Patch attached. I do not understand the problem. Of course password strenght is checked every time, and if it founds a null/empty password it gives error back if password must have a minimum lenght. Your patch instead permit to have null password even if strenght policy would not allow it. Regards, Tonino -- Inter@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it !DSPAM:55f7ec4641551939410840!
RE: [vchkpw] [SPAM] Segmentation fault in vadduser
This is probably why the 5.4.0 is still not considered as stable (the latest stable version is still 5.4.33) -Original Message- From: Drew Wells [mailto:drew-vpopm...@elysium.ltd.uk] Sent: Tuesday 15 September 2015 11:19 To: vchkpw@inter7.com Subject: [vchkpw] [SPAM] Segmentation fault in vadduser In vpopmail-5.5.0 there seems to be a bug in vadduser that causes a segmentation fault when a password does not pass the password_strength rules. Patch attached. !DSPAM:55f7e75c41551355020703!
[vchkpw] Auto-Re: [vchkpw] [SPAM] vdominfo quota bug
尊敬的同学:您好! 您的求职简历已经收到,我们会尽快进行阅评,之后再决定是否与您面谈! 中信泰富(中国)投资有限公司 人力资源部 !DSPAM:55f7e55641551049011877!
[vchkpw] [SPAM] vdominfo quota bug
In vpopmail-5.5.0 there is a bug in vdominfo that means option 'q' does not work, there is a missing break after the 'q' case. Additionally vdominfo's output differs from vuserinfo's output in that in vuserinfo the quota and the quota usage are treated seperatly, I have changed vdominfo to fix the bug and make it similar to vuserinfo. Patch attached. !DSPAM:55f7e54541556238488843! diff -uPr vpopmail-5.5.0.orig/vdominfo.c vpopmail-5.5.0/vdominfo.c --- vpopmail-5.5.0.orig/vdominfo.c 2010-11-05 18:37:23.0 + +++ vpopmail-5.5.0/vdominfo.c 2015-09-07 10:51:22.215095738 +0100 @@ -43,6 +43,7 @@ int DisplayTotalUsers; int DisplayRealDomain; int DisplayQuota; +int DisplayQuotaUsage; void usage(); void get_options(int argc, char **argv); @@ -60,7 +61,7 @@ ret = vauth_load_module(NULL); if (!ret) - vexiterror(stderr, "could not load authentication module"); + vexiterror(stderr, "could not load authentication module"); if( vauth_open( 0 )) { vexiterror( stderr, "Initial open." ); @@ -89,7 +90,8 @@ printf(" -d (display domain directory)\n"); printf(" -t (display total users)\n"); printf(" -r (display real domain)\n"); - printf(" -q (display quota usage)\n"); +printf(" -q (display quota field)\n"); +printf(" -Q (display quota usage)\n"); } void get_options(int argc, char **argv) @@ -104,13 +106,14 @@ DisplayDir = 0; DisplayTotalUsers = 0; DisplayAll = 1; - DisplayRealDomain = 0; - DisplayQuota = 0; +DisplayRealDomain = 0; +DisplayQuota = 0; +DisplayQuotaUsage = 0; memset(Domain, 0, sizeof(Domain)); errflag = 0; -while( !errflag && (c=getopt(argc,argv,"vanugdtrq")) != -1 ) { +while( !errflag && (c=getopt(argc,argv,"vanugdtrqQ")) != -1 ) { switch(c) { case 'v': printf("version: %s\n", VERSION); @@ -140,11 +143,16 @@ break; case 'r': DisplayRealDomain = 1; - DisplayAll = 0; +DisplayAll = 0; +break; +case 'q': +DisplayQuota = 1; +DisplayAll = 0; +break; +case 'Q': +DisplayQuotaUsage = 1; +DisplayAll = 0; break; - case 'q': - DisplayQuota = 1; - DisplayAll = 0; default: errflag = 1; break; @@ -157,18 +165,47 @@ } if ( optind < argc ) { - snprintf(Domain, sizeof(Domain), "%s", argv[optind]); +snprintf(Domain, sizeof(Domain), "%s", argv[optind]); ++optind; } } -void display_domain(char *domain, char *dir, uid_t uid, gid_t gid, char *realdomain) +void display_quota(char *realdomain) { int ret = 0; struct vlimits vl; + +ret = vget_limits(realdomain, &vl); +if (!ret) +printf("S=%llu,C=%llu\n", (storage_t)(((storage_t)vl.diskquota)*((storage_t)100)), (storage_t)(vl.maxmsgcount)); +else +printf("NOQUOTA\n"); +} + +void display_quota_usage(char *realdomain) +{ + int ret = 0, len = 0; + struct vlimits vl; storage_t bytes = 0, count = 0; char b[256] = { 0 }; +ret = vget_limits(realdomain, &vl); +len = strlen(realdomain); +if (len <= (sizeof(b) - 2)) { +memcpy((b + 1), realdomain, len); +*b = '@'; +*(b + len + 1) = '\0'; + +quota_get_usage(b, &bytes, &count); +} + +printf("%d%% (%llu byte(s) in %llu file(s))\n", +quota_percent(bytes, count, (storage_t)((storage_t)vl.diskquota * ((storage_t)100)), vl.maxmsgcount), +bytes, count); +} + +void display_domain(char *domain, char *dir, uid_t uid, gid_t gid, char *realdomain) +{ if ( DisplayAll ) { if(strcmp(domain, realdomain)==0) printf("domain: %s\n", domain); @@ -180,27 +217,10 @@ open_big_dir(realdomain, uid, gid); printf("users: %lu\n", vdir.cur_users); close_big_dir(realdomain,uid,gid); - - ret = vget_limits(realdomain, &vl); - if (!ret) - printf("quota: S=%llu,C=%llu\n", (storage_t)(((storage_t)vl.diskquota)*((storage_t)100)), (storage_t)(vl.maxmsgcount)); - -else - printf("quota: NOQUOTA\n"); - -ret = strlen(realdomain); -if (ret <= (sizeof(b) - 2)) { - memcpy((b + 1), realdomain, ret); - *b = '@'; - *(b + ret + 1) = '\0'; - - quota_get_usage(b, &bytes, &count); -} - -printf("usage: %d%% (%llu byte(s) in %llu file(s))\n", - quota_percent(bytes, count, (storage_t)((storage_t)vl.diskquota
[vchkpw] [SPAM] valias remove alias
In vpopmail-5.5.0 (and I think all 5.4.x) there seems to be no way of removing an alias_line using valias, I've added this functionality. Patch attached. !DSPAM:55f7e35241555071313485! diff -uPr vpopmail-5.5.0.orig/valias.c vpopmail-5.5.0/valias.c --- vpopmail-5.5.0.orig/valias.c2010-11-05 18:37:22.0 + +++ vpopmail-5.5.0/valias.c 2015-09-04 12:39:34.999094668 +0100 @@ -38,8 +38,9 @@ #define VALIAS_SELECT 0 #define VALIAS_INSERT 1 -#define VALIAS_DELETE 2 -#define VALIAS_NAMES 3 +#define VALIAS_REMOVE 2 +#define VALIAS_DELETE 3 +#define VALIAS_NAMES 4 int AliasAction; int AliasExists; @@ -119,6 +120,23 @@ } break; + case VALIAS_REMOVE: + /* check to see if it already exists */ + AliasExists = 0; + tmpalias = valias_select( Alias, Domain ); + while (tmpalias != NULL ) { + if (strcmp (tmpalias, AliasLine) == 0) AliasExists = 1; + tmpalias = valias_select_next(); + } + if (AliasExists) { + valias_remove( Alias, Domain, AliasLine ); + } else { + fprintf (stderr, "Error: alias %s -> %s does not exist.\n", + Email, AliasLine); + vexit(-1); + } + break; + case VALIAS_DELETE: valias_delete( Alias, Domain ); break; @@ -139,6 +157,7 @@ printf(" -s ( show aliases, can use just domain )\n"); printf(" -d ( delete alias )\n"); printf(" -i alias_line (insert alias line)\n"); + printf(" -r alias_line (remove alias line)\n"); printf("\n"); printf("Example: valias -i f...@inter7.com b...@inter7.com\n"); printf(" (adds alias from b...@inter7.com to f...@inter7.com\n"); @@ -157,7 +176,7 @@ memset(AliasLine, 0, sizeof(AliasLine)); AliasAction = VALIAS_SELECT; - while( (c=getopt(argc,argv,"vnsdi:")) != -1 ) { + while( (c=getopt(argc,argv,"vnsr:di:")) != -1 ) { switch(c) { case 'v': printf("version: %s\n", VERSION); @@ -168,6 +187,10 @@ case 's': AliasAction = VALIAS_SELECT; break; + case 'r': + AliasAction = VALIAS_REMOVE; + snprintf(AliasLine, sizeof(AliasLine), "%s", optarg); + break; case 'd': AliasAction = VALIAS_DELETE; break;
[vchkpw] Auto-Re: [vchkpw] [SPAM] valias remove alias
尊敬的同学:您好! 您的求职简历已经收到,我们会尽快进行阅评,之后再决定是否与您面谈! 中信泰富(中国)投资有限公司 人力资源部 !DSPAM:55f7e35941551360728760!
[vchkpw] [SPAM] Segmentation fault in vadduser
In vpopmail-5.5.0 there seems to be a bug in vadduser that causes a segmentation fault when a password does not pass the password_strength rules. Patch attached. !DSPAM:55f7e27341551399513616! diff -uPr vpopmail-5.5.0.orig/vadduser.c vpopmail-5.5.0/vadduser.c --- vpopmail-5.5.0.orig/vadduser.c 2010-11-05 18:37:22.0 + +++ vpopmail-5.5.0/vadduser.c 2015-09-14 12:49:23.957094657 +0100 @@ -28,16 +28,19 @@ #include #include "config.h" #include "vpopmail.h" -#include "vauth.h" #include "vauthmodule.h" +#include "vauth.h" +#include "pwstr.h" char Email[MAX_BUFF]; +char User[MAX_BUFF]; +char Domain[MAX_BUFF]; char Passwd[MAX_BUFF]; char Quota[MAX_BUFF]; char Gecos[MAX_BUFF]; char Crypted[MAX_BUFF]; -int apop; +int apop = USE_POP; int RandomPw; int NoPassword = 0; @@ -47,8 +50,6 @@ int main(int argc,char **argv) { int i; - char User[MAX_BUFF]; - char Domain[MAX_BUFF]; struct vqpasswd *vpw; i = vauth_load_module(NULL);
[vchkpw] Auto-Re: [vchkpw] [SPAM] Segmentation fault in vadduser
尊敬的同学:您好! 您的求职简历已经收到,我们会尽快进行阅评,之后再决定是否与您面谈! 中信泰富(中国)投资有限公司 人力资源部 !DSPAM:55f7e27941558004510909!
[vchkpw] [SPAM] Onchange script
I use the onchange functionality in vpopmail-5.5.0 but find it awkward that the script is only called once for "add_domain", instead of calling the script with "add_domain", "add_user" then "mod_user" so have written a patch to allow this. One side affect is that the order of calls in vadduser() has changed. Patch attached. !DSPAM:55f7e1c341551875619181! diff -uPr vpopmail-5.5.0.orig/backends/cdb/vcdb.c vpopmail-5.5.0/backends/cdb/vcdb.c --- vpopmail-5.5.0.orig/backends/cdb/vcdb.c 2010-11-05 18:37:23.0 + +++ vpopmail-5.5.0/backends/cdb/vcdb.c 2015-09-04 12:42:00.306095822 +0100 @@ -664,12 +664,16 @@ #endif #ifdef ONCHANGE_SCRIPT +#ifdef ONCHANGE_SCRIPT_ALLOW if( allow_onchange ) { +#endif /* tell other programs that data has changed */ snprintf ( onchange_buf, MAX_BUFF, "%s@%s", inpw->pw_name, domain ) ; call_onchange ( "mod_user" ) ; +#ifdef ONCHANGE_SCRIPT_ALLOW } #endif +#endif if (!(strcasecmp(inpw->pw_shell, "NOQUOTA"))) remove_maildirsize(inpw->pw_dir); diff -uPr vpopmail-5.5.0.orig/backends/ldap/vldap.c vpopmail-5.5.0/backends/ldap/vldap.c --- vpopmail-5.5.0.orig/backends/ldap/vldap.c 2010-11-05 18:37:24.0 + +++ vpopmail-5.5.0/backends/ldap/vldap.c2015-09-04 12:42:00.307095769 +0100 @@ -972,12 +972,16 @@ #endif #ifdef ONCHANGE_SCRIPT +#ifdef ONCHANGE_SCRIPT_ALLOW if( allow_onchange ) { +#endif /* tell other programs that data has changed */ snprintf ( onchange_buf, MAX_BUFF, "%s@%s", inpw->pw_name, domain ); call_onchange ( "mod_user" ); +#ifdef ONCHANGE_SCRIPT_ALLOW } #endif +#endif if (!(strcasecmp(inpw->pw_shell, "NOQUOTA"))) remove_maildirsize(inpw->pw_dir); @@ -1733,12 +1737,16 @@ } #ifdef ONCHANGE_SCRIPT +#ifdef ONCHANGE_SCRIPT_ALLOW if( allow_onchange ) { +#endif /* tell other programs that data has changed */ snprintf ( onchange_buf, MAX_BUFF, "%s@%s - %s", alias, domain, alias_line ); call_onchange ( "alias_insert" ); +#ifdef ONCHANGE_SCRIPT_ALLOW } #endif +#endif return(0); } @@ -1756,12 +1764,16 @@ if ( (err=ldap_connect()) != 0 ) return(err); #ifdef ONCHANGE_SCRIPT +#ifdef ONCHANGE_SCRIPT_ALLOW if( allow_onchange ) { +#endif /* tell other programs that data has changed */ snprintf ( onchange_buf, MAX_BUFF, "%s@%s - %s", alias, domain, alias_line ); call_onchange ( "alias_remove" ); +#ifdef ONCHANGE_SCRIPT_ALLOW } #endif +#endif memset(ud, 0, sizeof(ud)); snprintf(ud, sizeof(ud), "%s@%s", alias, domain); @@ -1863,12 +1875,16 @@ if ( (err=ldap_connect()) != 0 ) return(err); #ifdef ONCHANGE_SCRIPT +#ifdef ONCHANGE_SCRIPT_ALLOW if( allow_onchange ) { +#endif /* tell other programs that data has changed */ snprintf ( onchange_buf, MAX_BUFF, "%s@%s", alias, domain ); call_onchange ( "alias_delete" ); +#ifdef ONCHANGE_SCRIPT_ALLOW } #endif +#endif memset(ud, 0, sizeof(ud)); snprintf(ud, sizeof(ud), "%s@%s", alias, domain); diff -uPr vpopmail-5.5.0.orig/backends/mysql/vmysql.c vpopmail-5.5.0/backends/mysql/vmysql.c --- vpopmail-5.5.0.orig/backends/mysql/vmysql.c 2010-11-05 18:37:23.0 + +++ vpopmail-5.5.0/backends/mysql/vmysql.c 2015-09-04 12:42:00.308095716 +0100 @@ -875,12 +875,16 @@ #endif #ifdef ONCHANGE_SCRIPT +#ifdef ONCHANGE_SCRIPT_ALLOW if( allow_onchange ) { +#endif /* tell other programs that data has changed */ snprintf ( onchange_buf, MAX_BUFF, "%s@%s", inpw->pw_name, domain ); call_onchange ( "mod_user" ); +#ifdef ONCHANGE_SCRIPT_ALLOW } #endif +#endif if (!(strcasecmp(inpw->pw_shell, "NOQUOTA"))) remove_maildirsize(inpw->pw_dir); @@ -1459,12 +1463,16 @@ } #ifdef ONCHANGE_SCRIPT +#ifdef ONCHANGE_SCRIPT_ALLOW if( allow_onchange ) { +#endif /* tell other programs that data has changed */ snprintf ( onchange_buf, MAX_BUFF, "%s@%s - %s", alias, domain, alias_line ); call_onchange ( "valias_insert" ); +#ifdef ONCHANGE_SCRIPT_ALLOW } #endif +#endif return(0); } @@ -1478,12 +1486,16 @@ if ( (err=vauth_open_update()) != 0 ) return(err); #ifdef ONCHANGE_SCRIPT +#ifdef ONCHANGE_SCRIPT_ALLOW if( allow_onchange ) { +#endif /* tell other programs that data has changed */ snprintf ( onchange_buf, MAX_BUFF, "%s@%s - %s", alias, domain, alias_line ); call_onchange ( "valias_remove" ); +#ifdef ONCHANGE_SCRIPT_ALLOW } #endif +#endif qnprintf( SqlBufUpdate, SQL_BUF_SIZE, "DELETE FROM valias WHERE alias = '%s' \ @@ -1508,12 +1520,16 @@ if ( (err=vauth_open_update()) != 0 ) return(err); #ifdef ONCHANGE_SCRIPT +#ifdef ONCHANGE_SCRIPT_ALLOW if( allow_onchange ) { +#endif /* tell other programs that data has changed */ snpri
[vchkpw] Auto-Re: [vchkpw] [SPAM] Onchange script
尊敬的同学:您好! 您的求职简历已经收到,我们会尽快进行阅评,之后再决定是否与您面谈! 中信泰富(中国)投资有限公司 人力资源部 !DSPAM:55f7e1cc41551654711741!
[vchkpw] Auto-Re: [vchkpw] [SPAM] Password strength bug
尊敬的同学:您好! 您的求职简历已经收到,我们会尽快进行阅评,之后再决定是否与您面谈! 中信泰富(中国)投资有限公司 人力资源部 !DSPAM:55f7e0eb41551555158803!
[vchkpw] [SPAM] Password strength bug
In vpopmail-5.5.0 there seems to be a bug in vpopmail.c where the password strength is checked even if a password isn't used (such as when -e is used to add the encrypted password). Patch attached. !DSPAM:55f7df0641553245911066! diff -uPr vpopmail-5.5.0.orig/vpopmail.c vpopmail-5.5.0/vpopmail.c --- vpopmail-5.5.0.orig/vpopmail.c 2015-09-08 11:33:44.818094999 +0100 +++ vpopmail-5.5.0/vpopmail.c 2015-09-08 11:39:56.791096019 +0100 @@ -686,13 +686,11 @@ if ( vauth_getpw( username, domain ) != NULL ) return(VA_USERNAME_EXISTS); - /* - Check password strength - */ - - ret = pw_strength(password); - if (ret != 1) -return ret; + /* Check password strength */ + if ( password[0] != '\0' ) { +ret = pw_strength(password); +if (ret != 1) return ret; + } /* record the dir where the vadduser command was run from */ getcwd(calling_dir, sizeof(calling_dir));