On 2006-11-30, at 1639, Michael Richardson wrote:

I thought I might drop in and bug you with a problem. I recently upgraded my linux packages (including mysql) and now my qmail/vpopmail/imap- courier
setup has stopped working.

When I check my mail, the email client reports "Login Failed". The server
Dec 2 14:13:56 mydomain pop3d-ssl: Connection, ip=[::ffff:]
Dec  2 14:13:59 mydomain pop3d-ssl: LOGIN FAILED, user=
[EMAIL PROTECTED], ip=[::ffff:]
Dec 2 14:13:59 mydomain authdaemond: received auth request, service=pop3,
Dec  2 14:13:59 mydomain authdaemond: authvchkpw: trying this module
Dec  2 14:13:59 mydomain authdaemond: vchkpw: user does not exist
Dec 2 14:13:59 mydomain authdaemond: authvchkpw: REJECT - try next module
Dec  2 14:13:59 mydomain authdaemond: FAIL, all modules rejected

what userid is authdaemond running as?

does this userid have read access to ~vpopmail/domains/*/vpasswd.cdb ?

if it can't read the files, then EVERYTHING will

However, if I run vchkpw manually, it works great:

that's nice, but it has nothing to do with the problem at hand.

authdaemond doesn't work by running vchkpw. when you compile courier- authlib, it uses the vpopmail headers and libraries, and in fact calls the same internal functions that vchkpw does (i.e. vauth_getpw () and friends) which means that those functions are running, and the files they read are accessed, as whatever userid that authdaemond itself is running as.

and if authdaemond isn't running as either root or the vpopmail user, this is what happens.

when i first ran into this, i wanted to fix authdaemond so that it has different error messages for "unable to access the vpasswd.cdb file" and "userid does not exist".

however, the vauth_getpw() function isn't written with a way for the caller to tell the difference. the way it was written, if the userid is found, it returns a pointer to their information in memory. otherwise (and this word "otherwise" is a very big term- it could mean "user not found", it could mean "file not found", it could mean "can't read the file because the permissions are wrong", it could mean "the file is corrupt", it could mean "low-level disk I/O error"...) it returns a NULL pointer (i.e. the number zero.)

this isn't something which can be fixed with a quick patch- it's a fundamental error in how the vpopmail API was originally designed. it's something that people (myself included) have been dealing with for several years. if somebody seriously wanted to fix it, they would basically have to start over and write a new generation of vpopmail from scratch... certainly a bigger project than i want to tackle on my own.

| John M. Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/           <[EMAIL PROTECTED]> |
| Mac OS X proves that it's easier to make UNIX  |
| pretty than it is to make Windows secure.      |

Attachment: PGP.sig
Description: This is a digitally signed message part

Reply via email to