Re: [vchkpw] skel
hmm, not shure, but i think, download a copy of the CVS, make a copy of it, in one of the copies you edit the source, after that, you do diff -ruN edited-source... original-source... skel.patch¨ as i said, I think... i'm not realy "that" in to it - Original Message - From: David Winkler To: vpopmail list Sent: Tuesday, December 16, 2003 7:03 AM Subject: Re: [vchkpw] skel I have this done already actually. Tom sent me a link to some great copy code. I'm having some problems with the diff however, but I'll get it uploaded to the patch system on sourceforge as soon as I am able. If someone could tell me the best way to do a diff against CVS I would be greatfull. Thanks! David - Original Message - From: X-Istence To: David Winkler Cc: vpopmail list Sent: Monday, December 15, 2003 5:50 PM Subject: Re: [vchkpw] skel David Winkler wrote: I'm planning on rewriting it correctly. At the time I really hadn't considered the implications of how it worked, and the fact that it isn't really cross platform. I'll submit another with a more secure, cross platform diff, as soon as I am able against whatever is current in cvs at the time. Thanks! David - Original Message - From: "Raboo Treed" [EMAIL PROTECTED] To: "vpopmail list" [EMAIL PROTECTED] Sent: Thursday, November 06, 2003 6:25 PM Subject: Re: [vchkpw] skel A root compromise of the system isn't the only thing one has to worry about. I'd be pretty pissed if someone inserted something into my skel that resulted in all of my email being duplicated and sent to someone else. Using cp when you could just copy the files in C in a secure manner is just silly. Its also less efficient, as an added bonus. Exploitable just isn't safe enough. I've disagreed with Tom about the level of paranoia required (see the password/salt generation thread), but in this case he's absolutely right about requiring more than the current patch supplies. Who will be our saviour and take on the task to make the patch secure and worthy to be a part of vpopmail future releases ( P.S. sorry Nick if you've recived the message twice I pressed the wrong reply button at first ) I hate to bring old messages back up, but i would like such an option. Seeing as using it with spamassassin to auto add some standard settings would make a really good way to get users acustomed to spamassassin and how it can help them with their spam problem, also it would help out administrators.About other people editing it, well just be smart about it, chmod the files correctly, and dont allow any user other than vpopmail/root to write/edit files in the directory.X-Istence
Re: [vchkpw] skel
On Monday, December 15, 2003, at 11:03 PM, David Winkler wrote: I have this done already actually. Tom sent me a link to some great copy code. I'm having some problems with the diff however, but I'll get it uploaded to the patch system on sourceforge as soon as I am able. If someone could tell me the best way to do a diff against CVS I would be greatfull. You can probably just diff against a download of 5.4.0-pre1 (or 5.4.0-pre2 when it's released later this week). diff -ruN vpopmail-5.4.0-pre2/ vpopmail-withskel/ -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] skel
David Winkler wrote: I'm planning on rewriting it correctly. At the time I really hadn't considered the implications of how it worked, and the fact that it isn't really cross platform. I'll submit another with a more secure, cross platform diff, as soon as I am able against whatever is current in cvs at the time. Thanks! David - Original Message - From: "Raboo Treed" [EMAIL PROTECTED] To: "vpopmail list" [EMAIL PROTECTED] Sent: Thursday, November 06, 2003 6:25 PM Subject: Re: [vchkpw] skel A root compromise of the system isn't the only thing one has to worry about. I'd be pretty pissed if someone inserted something into my skel that resulted in all of my email being duplicated and sent to someone else. Using cp when you could just copy the files in C in a secure manner is just silly. Its also less efficient, as an added bonus. Exploitable just isn't safe enough. I've disagreed with Tom about the level of paranoia required (see the password/salt generation thread), but in this case he's absolutely right about requiring more than the current patch supplies. Who will be our saviour and take on the task to make the patch secure and worthy to be a part of vpopmail future releases ( P.S. sorry Nick if you've recived the message twice I pressed the wrong reply button at first ) I hate to bring old messages back up, but i would like such an option. Seeing as using it with spamassassin to auto add some standard settings would make a really good way to get users acustomed to spamassassin and how it can help them with their spam problem, also it would help out administrators. About other people editing it, well just be smart about it, chmod the files correctly, and dont allow any user other than vpopmail/root to write/edit files in the directory. X-Istence
Re: [vchkpw] skel
I have this done already actually. Tom sent me a link to some great copy code. I'm having some problems with the diff however, but I'll get it uploaded to the patch system on sourceforge as soon as I am able. If someone could tell me the best way to do a diff against CVS I would be greatfull. Thanks! David - Original Message - From: X-Istence To: David Winkler Cc: vpopmail list Sent: Monday, December 15, 2003 5:50 PM Subject: Re: [vchkpw] skel David Winkler wrote: I'm planning on rewriting it correctly. At the time I really hadn't considered the implications of how it worked, and the fact that it isn't really cross platform. I'll submit another with a more secure, cross platform diff, as soon as I am able against whatever is current in cvs at the time. Thanks! David - Original Message - From: "Raboo Treed" [EMAIL PROTECTED] To: "vpopmail list" [EMAIL PROTECTED] Sent: Thursday, November 06, 2003 6:25 PM Subject: Re: [vchkpw] skel A root compromise of the system isn't the only thing one has to worry about. I'd be pretty pissed if someone inserted something into my skel that resulted in all of my email being duplicated and sent to someone else. Using cp when you could just copy the files in C in a secure manner is just silly. Its also less efficient, as an added bonus. Exploitable just isn't safe enough. I've disagreed with Tom about the level of paranoia required (see the password/salt generation thread), but in this case he's absolutely right about requiring more than the current patch supplies. Who will be our saviour and take on the task to make the patch secure and worthy to be a part of vpopmail future releases ( P.S. sorry Nick if you've recived the message twice I pressed the wrong reply button at first ) I hate to bring old messages back up, but i would like such an option. Seeing as using it with spamassassin to auto add some standard settings would make a really good way to get users acustomed to spamassassin and how it can help them with their spam problem, also it would help out administrators.About other people editing it, well just be smart about it, chmod the files correctly, and dont allow any user other than vpopmail/root to write/edit files in the directory.X-Istence
[vchkpw] skel
Isn't there a way to have like a /etc/skel but for vpopmail users like a skel with a dot qmail file and some extra imap folders and such? if not that would be a great feutre request.. /R
Re: [vchkpw] skel
On Thu, 2003-11-06 at 04:34, Raboo Treed wrote: Isn't there a way to have like a /etc/skel but for vpopmail users like a skel with a dot qmail file and some extra imap folders and such? if not that would be a great feutre request.. Below is a copy of an email and patch submitted by David Winkler back in September to handle just that. --enable-vpopmail-skel=y Hello again, I seem to have answered my own question. Here is my unified diff against cvs if anyone is interested. Enjoy! David Index: vpopmail.c === RCS file: /cvsroot/vpopmail/vpopmail/vpopmail.c,v retrieving revision 1.2 diff -u -r1.2 vpopmail.c --- vpopmail.c 14 Sep 2003 22:17:30 - 1.2 +++ vpopmail.c 23 Sep 2003 19:12:45 - @@ -1655,6 +1655,7 @@ struct vqpasswd *mypw; char calling_dir[MAX_BUFF]; char domain_dir[MAX_BUFF]; + char tmpbuf[MAX_BUFF]; verrori = 0; /* record the dir where the command was run from */ @@ -1701,6 +1702,7 @@ return(NULL); } +#ifndef ENABLE_VPOPMAIL_SKEL if (mkdir(Maildir,VPOPMAIL_DIR_MODE) == -1){ /* back out of changes made above */ chdir(domain_dir); chdir(user_hash); vdelfiles(username); @@ -1743,6 +1745,12 @@ /* set permissions on the user's dir */ chdir(../..); +#else + sprintf(tmpbuf, cp -rf %s/etc/skel/* %s/%s, VPOPMAILDIR,domain_dir,username); + system(tmpbuf); + chdir(../); +#endif + r_chown(username, uid, gid); /* see if the user already exists in the auth backend */ Index: acconfig.h === RCS file: /cvsroot/vpopmail/vpopmail/acconfig.h,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 acconfig.h --- acconfig.h 10 Sep 2003 20:43:14 - 1.1.1.1 +++ acconfig.h 23 Sep 2003 19:12:45 - @@ -1,3 +1,5 @@ +#undef ENABLE_VPOPMAIL_SKEL + #undef PS_COMMAND #undef ENABLE_PASSWD Index: Makefile.am === RCS file: /cvsroot/vpopmail/vpopmail/Makefile.am,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 Makefile.am --- Makefile.am 10 Sep 2003 20:43:12 - 1.1.1.1 +++ Makefile.am 23 Sep 2003 19:12:45 - @@ -94,6 +94,12 @@ $(DESTDIR)@vpopmaildir@/@domains_dir@ $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc + $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc/skel + $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc/skel/Maildir + $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc/skel/Maildir/new + $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc/skel/Maildir/cur + $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc/skel/Maildir/tmp + echo [EMAIL PROTECTED]@/include @vpopmaildir@/etc/inc_deps echo [EMAIL PROTECTED]@/lib -lvpopmail @auth_libs@ @vpopmaildir@/etc/lib_deps Index: configure.in === RCS file: /cvsroot/vpopmail/vpopmail/configure.in,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 configure.in --- configure.in10 Sep 2003 20:43:11 - 1.1.1.1 +++ configure.in23 Sep 2003 19:12:45 - @@ -342,6 +342,23 @@ ;; esac +AC_ARG_ENABLE(vpopmail-skel, + [ --enable-vpopmail-skel=y|nTurn on (y) or off (n, default) to use +vpopmail skeleton for new users.], + ENABLE_VPOPMAIL_SKEL=$enableval, + [ + ENABLE_VPOPMAIL_SKEL=n + ]) + +case $ENABLE_VPOPMAIL_SKEL in +1*|y*|Y*) + ENABLE_VPOPMAIL_SKEL=1 + AC_DEFINE_UNQUOTED(ENABLE_VPOPMAIL_SKEL,$ENABLE_VPOPMAIL_SKEL) + ;; +*) + ;; +esac + AC_ARG_ENABLE(md5-passwords, [ --enable-md5-passwords=y|n Turn on (y default ) or off (n) to store encrypted passwords as md5.], ENABLE_MD5_PASSWORDS=$enableval, @@ -1315,6 +1332,15 @@ ;; esac +case $ENABLE_VPOPMAIL_SKEL in +1*|y*|Y*) +echo vpop skel = ON --enable-vpopmail-skel=y +echo --enable-vpopmail-skel=y \\ vpopmail.config.sh + ;; +*) +echo vpop skel = OFF --enable-vpopmail-skel=n (default) + ;; +esac case $ENABLE_LOGGING in 1*|y*|Y*)
Re: [vchkpw] skel
Tom, Ken Can't anyone of you guys add this to the vpopmail code? I think it's a great feautre, and I also think that many would agree with me about this.. - Original Message - From: Jay Tortorelli [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, November 06, 2003 7:52 PM Subject: Re: [vchkpw] skel On Thu, 2003-11-06 at 04:34, Raboo Treed wrote: Isn't there a way to have like a /etc/skel but for vpopmail users like a skel with a dot qmail file and some extra imap folders and such? if not that would be a great feutre request.. Below is a copy of an email and patch submitted by David Winkler back in September to handle just that. --enable-vpopmail-skel=y Hello again, I seem to have answered my own question. Here is my unified diff against cvs if anyone is interested. Enjoy! David Index: vpopmail.c === RCS file: /cvsroot/vpopmail/vpopmail/vpopmail.c,v retrieving revision 1.2 diff -u -r1.2 vpopmail.c --- vpopmail.c 14 Sep 2003 22:17:30 - 1.2 +++ vpopmail.c 23 Sep 2003 19:12:45 - @@ -1655,6 +1655,7 @@ struct vqpasswd *mypw; char calling_dir[MAX_BUFF]; char domain_dir[MAX_BUFF]; + char tmpbuf[MAX_BUFF]; verrori = 0; /* record the dir where the command was run from */ @@ -1701,6 +1702,7 @@ return(NULL); } +#ifndef ENABLE_VPOPMAIL_SKEL if (mkdir(Maildir,VPOPMAIL_DIR_MODE) == -1){ /* back out of changes made above */ chdir(domain_dir); chdir(user_hash); vdelfiles(username); @@ -1743,6 +1745,12 @@ /* set permissions on the user's dir */ chdir(../..); +#else + sprintf(tmpbuf, cp -rf %s/etc/skel/* %s/%s, VPOPMAILDIR,domain_dir,username); + system(tmpbuf); + chdir(../); +#endif + r_chown(username, uid, gid); /* see if the user already exists in the auth backend */ Index: acconfig.h === RCS file: /cvsroot/vpopmail/vpopmail/acconfig.h,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 acconfig.h --- acconfig.h 10 Sep 2003 20:43:14 - 1.1.1.1 +++ acconfig.h 23 Sep 2003 19:12:45 - @@ -1,3 +1,5 @@ +#undef ENABLE_VPOPMAIL_SKEL + #undef PS_COMMAND #undef ENABLE_PASSWD Index: Makefile.am === RCS file: /cvsroot/vpopmail/vpopmail/Makefile.am,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 Makefile.am --- Makefile.am 10 Sep 2003 20:43:12 - 1.1.1.1 +++ Makefile.am 23 Sep 2003 19:12:45 - @@ -94,6 +94,12 @@ $(DESTDIR)@vpopmaildir@/@domains_dir@ $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc + $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc/skel + $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc/skel/Maildir + $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc/skel/Maildir/new + $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc/skel/Maildir/cur + $(INSTALL) -d $(DESTDIR)@vpopmaildir@/etc/skel/Maildir/tmp + echo [EMAIL PROTECTED]@/include @vpopmaildir@/etc/inc_deps echo [EMAIL PROTECTED]@/lib -lvpopmail @auth_libs@ @vpopmaildir@/etc/lib_deps Index: configure.in === RCS file: /cvsroot/vpopmail/vpopmail/configure.in,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 configure.in --- configure.in10 Sep 2003 20:43:11 - 1.1.1.1 +++ configure.in23 Sep 2003 19:12:45 - @@ -342,6 +342,23 @@ ;; esac +AC_ARG_ENABLE(vpopmail-skel, + [ --enable-vpopmail-skel=y|nTurn on (y) or off (n, default) to use +vpopmail skeleton for new users.], + ENABLE_VPOPMAIL_SKEL=$enableval, + [ + ENABLE_VPOPMAIL_SKEL=n + ]) + +case $ENABLE_VPOPMAIL_SKEL in +1*|y*|Y*) + ENABLE_VPOPMAIL_SKEL=1 + AC_DEFINE_UNQUOTED(ENABLE_VPOPMAIL_SKEL,$ENABLE_VPOPMAIL_SKEL) + ;; +*) + ;; +esac + AC_ARG_ENABLE(md5-passwords, [ --enable-md5-passwords=y|n Turn on (y default ) or off (n) to store encrypted passwords as md5.], ENABLE_MD5_PASSWORDS=$enableval, @@ -1315,6 +1332,15 @@ ;; esac +case $ENABLE_VPOPMAIL_SKEL in +1*|y*|Y*) +echo vpop skel = ON --enable-vpopmail-skel=y +echo --enable-vpopmail-skel=y \\ vpopmail.config.sh + ;; +*) +echo vpop skel = OFF --enable-vpopmail-skel=n (default) + ;; +esac case $ENABLE_LOGGING in 1*|y*|Y*)
Re: [vchkpw] skel
Raboo Treed wrote: Tom, Ken Can't anyone of you guys add this to the vpopmail code? I think it's a great feautre, and I also think that many would agree with me about this.. snip Personally i have to disagree. It works fine the standard way it currently is, and i dont see a need for this. It would only add more confusion. Unless its a compile time configurable argument, in which case it would be okay. X
Re: [vchkpw] skel
On Friday, November 7, 2003, at 10:02 AM, Raboo Treed wrote: Tom, Ken Can't anyone of you guys add this to the vpopmail code? I think it's a great feautre, and I also think that many would agree with me about this.. It's a good feature, but not ready for the release version of vpopmail. It makes use of a system call to copy the files. I emailed the original author with code to handle the copying within vpopmail. If that gets integrated, replacing the system call to cp, then I'll consider adding it. -- Tom Collins - [EMAIL PROTECTED] Note: The Tom Logic offices will be closed October 23 to November 18. QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] skel
hmm well this patch was bad, cause it had some text-wrapping... I fixed that... but still that patch doesn't work with the latest devel of vpopmail Does anyone have a working one with 5.3.29? It's a good feature, but not ready for the release version of vpopmail. I think I'm gonna have to dissagree, thats exactly what many ppl are looking for in a new stable release, some new useful feautres, and this feautre is good for anti-spam, anti-virus setup's It makes use of a system call to copy the files. I emailed the original author with code to handle the copying within vpopmail. If that gets integrated, replacing the system call to cp, then I'll consider adding it. David Winkler would you fix that Tom just said if you by any chance are reading this or anyone else that got the times and knowdlege to do it? And seriously, I'm not a coder, but I think like this, the code is probibly(I would think) applied to the vadduser part of the code? So that would mean you must be either vpopmail or root to run it,, hence it isn't suid.. So if a intruder would get access as root or vpopmail user they wouldn't use some vadduser binary to insecure your system...?? Or just maybe someone would be able in some difficult way thru qmailadmin be able to haxx0r your system just cause of the vadduser code is using system?? I think it's safe enough.. I don't know about this for sure, but for me it sounds pretty hard??? /Raboo
Re: [vchkpw] skel
Raboo Treed wrote: hmm well this patch was bad, cause it had some text-wrapping... I fixed that... but still that patch doesn't work with the latest devel of vpopmail Does anyone have a working one with 5.3.29? So if a intruder would get access as root or vpopmail user they wouldn't use some vadduser binary to insecure your system...?? Or just maybe someone would be able in some difficult way thru qmailadmin be able to haxx0r your system just cause of the vadduser code is using system?? A root compromise of the system isn't the only thing one has to worry about. I'd be pretty pissed if someone inserted something into my skel that resulted in all of my email being duplicated and sent to someone else. Using cp when you could just copy the files in C in a secure manner is just silly. Its also less efficient, as an added bonus. I think it's safe enough.. I don't know about this for sure, but for me it sounds pretty hard??? /Raboo Exploitable just isn't safe enough. I've disagreed with Tom about the level of paranoia required (see the password/salt generation thread), but in this case he's absolutely right about requiring more than the current patch supplies. Cheers, Nick Harring Webley Systems
Re: [vchkpw] skel
X-Istence wrote: Raboo Treed wrote: Tom, Ken Can't anyone of you guys add this to the vpopmail code? I think it's a great feautre, and I also think that many would agree with me about this.. snip Personally i have to disagree. It works fine the standard way it currently is, and i dont see a need for this. It would only add more confusion. Unless its a compile time configurable argument, in which case it would be okay. X Notice the --enable-feature part of the description of the patch? By default this would suck, as an option its perfect. Cheers, Nick Harring Webley Systems
Re: [vchkpw] skel
A root compromise of the system isn't the only thing one has to worry about. I'd be pretty pissed if someone inserted something into my skel that resulted in all of my email being duplicated and sent to someone else. Using cp when you could just copy the files in C in a secure manner is just silly. Its also less efficient, as an added bonus. Exploitable just isn't safe enough. I've disagreed with Tom about the level of paranoia required (see the password/salt generation thread), but in this case he's absolutely right about requiring more than the current patch supplies. Who will be our saviour and take on the task to make the patch secure and worthy to be a part of vpopmail future releases ( P.S. sorry Nick if you've recived the message twice I pressed the wrong reply button at first )
Re: [vchkpw] skel
I'm planning on rewriting it correctly. At the time I really hadn't considered the implications of how it worked, and the fact that it isn't really cross platform. I'll submit another with a more secure, cross platform diff, as soon as I am able against whatever is current in cvs at the time. Thanks! David - Original Message - From: Raboo Treed [EMAIL PROTECTED] To: vpopmail list [EMAIL PROTECTED] Sent: Thursday, November 06, 2003 6:25 PM Subject: Re: [vchkpw] skel A root compromise of the system isn't the only thing one has to worry about. I'd be pretty pissed if someone inserted something into my skel that resulted in all of my email being duplicated and sent to someone else. Using cp when you could just copy the files in C in a secure manner is just silly. Its also less efficient, as an added bonus. Exploitable just isn't safe enough. I've disagreed with Tom about the level of paranoia required (see the password/salt generation thread), but in this case he's absolutely right about requiring more than the current patch supplies. Who will be our saviour and take on the task to make the patch secure and worthy to be a part of vpopmail future releases ( P.S. sorry Nick if you've recived the message twice I pressed the wrong reply button at first )