Re: [vchkpw] skel
I have this done already actually. Tom sent me a link to some great copy code. I'm having some problems with the diff however, but I'll get it uploaded to the patch system on sourceforge as soon as I am able. If someone could tell me the best way to do a diff against CVS I would be greatfull. Thanks! David - Original Message - From: X-Istence To: David Winkler Cc: vpopmail list Sent: Monday, December 15, 2003 5:50 PM Subject: Re: [vchkpw] skel David Winkler wrote: I'm planning on rewriting it correctly. At the time I really hadn't considered the implications of how it worked, and the fact that it isn't really cross platform. I'll submit another with a more secure, cross platform diff, as soon as I am able against whatever is current in cvs at the time. Thanks! David - Original Message - From: "Raboo Treed" [EMAIL PROTECTED] To: "vpopmail list" [EMAIL PROTECTED] Sent: Thursday, November 06, 2003 6:25 PM Subject: Re: [vchkpw] skel A root compromise of the system isn't the only thing one has to worry about. I'd be pretty pissed if someone inserted something into my skel that resulted in all of my email being duplicated and sent to someone else. Using cp when you could just copy the files in C in a secure manner is just silly. Its also less efficient, as an added bonus. Exploitable just isn't safe enough. I've disagreed with Tom about the level of paranoia required (see the password/salt generation thread), but in this case he's absolutely right about requiring more than the current patch supplies. Who will be our saviour and take on the task to make the patch secure and worthy to be a part of vpopmail future releases ( P.S. sorry Nick if you've recived the message twice I pressed the wrong reply button at first ) I hate to bring old messages back up, but i would like such an option. Seeing as using it with spamassassin to auto add some standard settings would make a really good way to get users acustomed to spamassassin and how it can help them with their spam problem, also it would help out administrators.About other people editing it, well just be smart about it, chmod the files correctly, and dont allow any user other than vpopmail/root to write/edit files in the directory.X-Istence
Re: [vchkpw] skel
I'm planning on rewriting it correctly. At the time I really hadn't considered the implications of how it worked, and the fact that it isn't really cross platform. I'll submit another with a more secure, cross platform diff, as soon as I am able against whatever is current in cvs at the time. Thanks! David - Original Message - From: Raboo Treed [EMAIL PROTECTED] To: vpopmail list [EMAIL PROTECTED] Sent: Thursday, November 06, 2003 6:25 PM Subject: Re: [vchkpw] skel A root compromise of the system isn't the only thing one has to worry about. I'd be pretty pissed if someone inserted something into my skel that resulted in all of my email being duplicated and sent to someone else. Using cp when you could just copy the files in C in a secure manner is just silly. Its also less efficient, as an added bonus. Exploitable just isn't safe enough. I've disagreed with Tom about the level of paranoia required (see the password/salt generation thread), but in this case he's absolutely right about requiring more than the current patch supplies. Who will be our saviour and take on the task to make the patch secure and worthy to be a part of vpopmail future releases ( P.S. sorry Nick if you've recived the message twice I pressed the wrong reply button at first )
[vchkpw] skeleton directory support
Hello, I am new to this list but have been using vpopmail across various versions for the last few years. Today I grabbed the latest source from CVS and added in support for a skeleton directory for user accounts. I tried to do a diff against CVS so that I could post my changes but because I modified the Makefile.am, acconfig.h and configure.in files, my diff is really huge because the automake utilities ran when I compiled. Evening doing a distclean doesn't seem to help. Can someone give me a suggestion as to how to properly create and submit my diff so that it can be reviewed for addition into the cvs source? David Email: [EMAIL PROTECTED]
RE: [vchkpw] skeleton directory support
Hello again,
I seem to have answered my own question. Here
is my unified diff against cvs if anyone is interested.
Enjoy!
David
Index: vpopmail.c
===
RCS file: /cvsroot/vpopmail/vpopmail/vpopmail.c,v
retrieving revision 1.2
diff -u -r1.2 vpopmail.c
--- vpopmail.c 14 Sep 2003 22:17:30 - 1.2
+++ vpopmail.c 23 Sep 2003 19:12:45 -
@@ -1655,6 +1655,7 @@
struct vqpasswd *mypw;
char calling_dir[MAX_BUFF];
char domain_dir[MAX_BUFF];
+ char tmpbuf[MAX_BUFF];
verrori = 0;
/* record the dir where the command was run from */
@@ -1701,6 +1702,7 @@
return(NULL);
}
+#ifndef ENABLE_VPOPMAIL_SKEL
if (mkdir(Maildir,VPOPMAIL_DIR_MODE) == -1){
/* back out of changes made above */
chdir(domain_dir); chdir(user_hash); vdelfiles(username);
@@ -1743,6 +1745,12 @@
/* set permissions on the user's dir */
chdir(../..);
+#else
+ sprintf(tmpbuf, cp -rf %s/etc/skel/* %s/%s,
VPOPMAILDIR,domain_dir,username);
+ system(tmpbuf);
+ chdir(../);
+#endif
+
r_chown(username, uid, gid);
/* see if the user already exists in the auth backend */
Index: acconfig.h
===
RCS file: /cvsroot/vpopmail/vpopmail/acconfig.h,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 acconfig.h
--- acconfig.h 10 Sep 2003 20:43:14 - 1.1.1.1
+++ acconfig.h 23 Sep 2003 19:12:45 -
@@ -1,3 +1,5 @@
+#undef ENABLE_VPOPMAIL_SKEL
+
#undef PS_COMMAND
#undef ENABLE_PASSWD
Index: Makefile.am
===
RCS file: /cvsroot/vpopmail/vpopmail/Makefile.am,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 Makefile.am
--- Makefile.am 10 Sep 2003 20:43:12 - 1.1.1.1
+++ Makefile.am 23 Sep 2003 19:12:45 -
@@ -94,6 +94,12 @@
$(DESTDIR)@vpopmaildir@/@domains_dir@
$(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc
+ $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc/skel
+ $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc/skel/Maildir
+ $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc/skel/Maildir/new
+ $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc/skel/Maildir/cur
+ $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc/skel/Maildir/tmp
+
echo [EMAIL PROTECTED]@/include @vpopmaildir@/etc/inc_deps
echo [EMAIL PROTECTED]@/lib -lvpopmail @auth_libs@
@vpopmaildir@/etc/lib_deps
Index: configure.in
===
RCS file: /cvsroot/vpopmail/vpopmail/configure.in,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 configure.in
--- configure.in10 Sep 2003 20:43:11 - 1.1.1.1
+++ configure.in23 Sep 2003 19:12:45 -
@@ -342,6 +342,23 @@
;;
esac
+AC_ARG_ENABLE(vpopmail-skel,
+ [ --enable-vpopmail-skel=y|nTurn on (y) or off (n,
default) to use
+vpopmail skeleton for new users.],
+ ENABLE_VPOPMAIL_SKEL=$enableval,
+ [
+ ENABLE_VPOPMAIL_SKEL=n
+ ])
+
+case $ENABLE_VPOPMAIL_SKEL in
+1*|y*|Y*)
+ ENABLE_VPOPMAIL_SKEL=1
+
AC_DEFINE_UNQUOTED(ENABLE_VPOPMAIL_SKEL,$ENABLE_VPOPMAIL_SKEL)
+ ;;
+*)
+ ;;
+esac
+
AC_ARG_ENABLE(md5-passwords,
[ --enable-md5-passwords=y|n Turn on (y default ) or off (n)
to store encrypted passwords as md5.],
ENABLE_MD5_PASSWORDS=$enableval,
@@ -1315,6 +1332,15 @@
;;
esac
+case $ENABLE_VPOPMAIL_SKEL in
+1*|y*|Y*)
+echo vpop skel = ON --enable-vpopmail-skel=y
+echo --enable-vpopmail-skel=y \\ vpopmail.config.sh
+ ;;
+*)
+echo vpop skel = OFF --enable-vpopmail-skel=n (default)
+ ;;
+esac
case $ENABLE_LOGGING in
1*|y*|Y*)
-Original Message-
From: David Winkler [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 23, 2003 2:04 PM
To: [EMAIL PROTECTED]
Subject: [vchkpw] skeleton directory support
Hello,
I am new to this list but have been using vpopmail
across various versions for the last few years. Today I
grabbed the latest source from CVS and added in support
for a skeleton directory for user accounts. I tried to
do a diff against CVS so that I could post my changes
but because I modified the Makefile.am, acconfig.h and configure.in
files, my diff is really huge because the automake utilities ran when I
compiled. Evening doing a distclean doesn't seem to help.
Can someone give me a suggestion as to how to
properly create and submit my diff so that it can be
reviewed for addition into the cvs source?
David
Email: [EMAIL PROTECTED]
