Date: Mon, 23 Sep 2002 16:09:01 +0200 (CEST) From: Martin Matuska <matuska@wu-wien.ac.at> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/43286: Non-Maintainer Update: mail/poppassd Message-ID: <200209231409.g8NE91VX085005@tradex.sk>
next in thread | raw e-mail | index | archive | help
>Number: 43286
>Category: ports
>Synopsis: Non-Maintainer Update: mail/poppassd
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Mon Sep 23 07:10:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Martin Matuska
>Release: FreeBSD 4.6.2-RELEASE i386
>Organization:
>Environment:
System: FreeBSD tradex.sk 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE #0: Mon Sep 2 16:58:43 CEST 2002 root@s1.serverdock.net:/usr/src/sys/compile/SERVERDOCK i386
>Description:
The poppassd does not understand the current passwd reply format on
success. Problem is in files/patch-ab, line 50 - the current passwd
reply is not "\npasswd: rebuilding the database...\npasswd: done\n"
but "\npasswd: updating the database...\npasswd: done\n"
To remain compatibility a new line wiht the new reply is added to
files/patch-ab (see Fix).
>How-To-Repeat:
If changing password via poppassd, the current reply on success is:
"500 Unable to change password."
>Fix:
--- poppassd.orig/files/patch-ab Sat Jul 28 09:20:49 2001
+++ poppassd/files/patch-ab Sat Sep 21 09:57:25 2002
@@ -1,79 +1,139 @@
---- poppassd.c.orig Mon Jun 7 19:34:23 1999
-+++ poppassd.c Mon Jun 7 19:40:00 1999
-@@ -13,11 +13,11 @@
+*** poppassd.c.orig Sat Sep 21 02:03:18 2002
+--- poppassd.c Sat Sep 21 02:04:10 2002
+***************
+*** 13,23 ****
*
* Doesn't actually change any passwords itself. It simply listens for
* incoming requests, gathers the required information (user name, old
-- * password, new password) and executes /bin/passwd, talking to it over
-+ * password, new password) and executes /usr/bin/passwd, talking to it over
+! * password, new password) and executes /bin/passwd, talking to it over
* a pseudo-terminal pair. The advantage of this is that we don't need
* to have any knowledge of either the password file format (which may
* include dbx files that need to be rebuilt) or of any file locking
-- * protocol /bin/passwd and cohorts may use (and which isn't documented).
-+ * protocol /usr/bin/passwd and cohorts may use (and which isn't documented).
+! * protocol /bin/passwd and cohorts may use (and which isn't documented).
*
* The current version has been tested at NU under SunOS release 4.1.2
* and 4.1.3, and under HP-UX 8.02 and 9.01. We have tested the server
-@@ -29,7 +29,7 @@
+--- 13,23 ----
+ *
+ * Doesn't actually change any passwords itself. It simply listens for
+ * incoming requests, gathers the required information (user name, old
+! * password, new password) and executes /usr/bin/passwd, talking to it over
+ * a pseudo-terminal pair. The advantage of this is that we don't need
+ * to have any knowledge of either the password file format (which may
+ * include dbx files that need to be rebuilt) or of any file locking
+! * protocol /usr/bin/passwd and cohorts may use (and which isn't documented).
+ *
+ * The current version has been tested at NU under SunOS release 4.1.2
+ * and 4.1.3, and under HP-UX 8.02 and 9.01. We have tested the server
+***************
+*** 29,35 ****
+ * Note that unencrypted passwords are transmitted over the network. If
+ * this bothers you, think hard about whether you want to implement the
+ * password changing feature. On the other hand, it's no worse than what
+! * happens when you run /bin/passwd while connected via telnet or rlogin.
+ * Well, maybe it is, since the use of a dedicated port makes it slightly
+ * easier for a network snooper to snarf passwords off the wire.
+ *
+--- 29,35 ----
* Note that unencrypted passwords are transmitted over the network. If
* this bothers you, think hard about whether you want to implement the
* password changing feature. On the other hand, it's no worse than what
-- * happens when you run /bin/passwd while connected via telnet or rlogin.
-+ * happens when you run /usr/bin/passwd while connected via telnet or rlogin.
+! * happens when you run /usr/bin/passwd while connected via telnet or rlogin.
* Well, maybe it is, since the use of a dedicated port makes it slightly
* easier for a network snooper to snarf passwords off the wire.
*
-@@ -47,7 +47,7 @@
+***************
+*** 47,53 ****
* (which talks to /bin/password) is directly descended from Smith's
* version, with changes for SunOS and HP-UX by Norstad (with help from
* sample code in "Advanced Programming in the UNIX Environment"
-- * by W. Richard Stevens). The code to report /bin/passwd error messages
-+ * by W. Richard Stevens). The code to report /usr/bin/passwd error messages
+! * by W. Richard Stevens). The code to report /bin/passwd error messages
* back to the client in the final 500 response, and a new version of the
* code to find the next free pty, is by Norstad.
*
-@@ -145,8 +145,9 @@
+--- 47,53 ----
+ * (which talks to /bin/password) is directly descended from Smith's
+ * version, with changes for SunOS and HP-UX by Norstad (with help from
+ * sample code in "Advanced Programming in the UNIX Environment"
+! * by W. Richard Stevens). The code to report /usr/bin/passwd error messages
+ * back to the client in the final 500 response, and a new version of the
+ * code to find the next free pty, is by Norstad.
+ *
+***************
+*** 145,152 ****
+ static char *P1[] =
+ {"Old password:",
+ "Changing password for *.\nOld password:",
+ "Changing password for * on *.\nOld password:",
+! "Changing NIS password for * on *.\nOld password:",
+ "Changing password for *\n*'s Old password:",
+ ""};
+
+--- 145,153 ----
static char *P1[] =
{"Old password:",
"Changing password for *.\nOld password:",
+ "Changing local password for *.\nOld password:",
"Changing password for * on *.\nOld password:",
-- "Changing NIS password for * on *.\nOld password:",
-+ "Changing NIS password for * on *.\nOld Password: ",
+! "Changing NIS password for * on *.\nOld Password: ",
"Changing password for *\n*'s Old password:",
""};
-@@ -165,7 +166,9 @@
+***************
+*** 165,171 ****
+--- 166,175 ----
static char *P4[] =
{"\n",
++ "\npasswd: updating the database...\npasswd: done\n",
+ "\npasswd: rebuilding the database...\npasswd: done\n",
"NIS entry changed on *\n",
+ "\n\nNIS password has been changed on *.\n",
""};
-@@ -186,11 +189,7 @@
+***************
+*** 186,196 ****
*user = *oldpass = *newpass = 0;
-- if (openlog ("poppassd", LOG_PID, LOG_LOCAL2) < 0)
-- {
-- WriteToClient ("500 Can't open syslog.");
-- exit (1);
-- }
-+ openlog ("poppassd", LOG_PID, LOG_LOCAL2);
+! if (openlog ("poppassd", LOG_PID, LOG_LOCAL2) < 0)
+! {
+! WriteToClient ("500 Can't open syslog.");
+! exit (1);
+! }
WriteToClient ("200 poppassd v%s hello, who are you?", VERSION);
ReadFromClient (line);
-@@ -212,12 +211,16 @@
+--- 190,196 ----
+
+ *user = *oldpass = *newpass = 0;
+
+! openlog ("poppassd", LOG_PID, LOG_LOCAL2);
+
+ WriteToClient ("200 poppassd v%s hello, who are you?", VERSION);
+ ReadFromClient (line);
+***************
+*** 212,223 ****
if ((pw = getpwnam (user)) == NULL)
{
-- WriteToClient ("500 Unknown user, %s.", user);
-+ syslog (LOG_ERR, "Unknown user, %s", user);
-+ sleep (5);
-+ WriteToClient ("500 Old password is incorrect.");
+! WriteToClient ("500 Unknown user, %s.", user);
+ exit(1);
+ }
+
+ if (chkPass (user, oldpass, pw) == FAILURE)
+ {
+ WriteToClient ("500 Old password is incorrect.");
+ exit(1);
+ }
+--- 212,227 ----
+
+ if ((pw = getpwnam (user)) == NULL)
+ {
+! syslog (LOG_ERR, "Unknown user, %s", user);
+! sleep (5);
+! WriteToClient ("500 Old password is incorrect.");
exit(1);
}
@@ -84,80 +144,123 @@
WriteToClient ("500 Old password is incorrect.");
exit(1);
}
-@@ -264,28 +267,28 @@
+***************
+*** 264,291 ****
+
+ if ((wpid = waitpid (pid, &wstat, 0)) < 0)
+ {
+! syslog (LOG_ERR, "wait for /bin/passwd child failed: %m");
+ WriteToClient ("500 Server error (wait failed), get help!");
+ exit (1);
+ }
+
+ if (pid != wpid)
+ {
+! syslog (LOG_ERR, "wrong child (/bin/passwd waited for!");
+ WriteToClient ("500 Server error (wrong child), get help!");
+ exit (1);
+ }
+
+ if (WIFEXITED (wstat) == 0)
+ {
+! syslog (LOG_ERR, "child (/bin/passwd) killed?");
+ WriteToClient ("500 Server error (funny wstat), get help!");
+ exit (1);
+ }
+
+ if (WEXITSTATUS (wstat) != 0)
+ {
+! syslog (LOG_ERR, "child (/bin/passwd) exited abnormally");
+ WriteToClient ("500 Server error (abnormal exit), get help!");
+ exit (1);
+ }
+--- 268,295 ----
if ((wpid = waitpid (pid, &wstat, 0)) < 0)
{
-- syslog (LOG_ERR, "wait for /bin/passwd child failed: %m");
-+ syslog (LOG_ERR, "wait for /usr/bin/passwd child failed: %m");
+! syslog (LOG_ERR, "wait for /usr/bin/passwd child failed: %m");
WriteToClient ("500 Server error (wait failed), get help!");
exit (1);
}
if (pid != wpid)
{
-- syslog (LOG_ERR, "wrong child (/bin/passwd waited for!");
-+ syslog (LOG_ERR, "wrong child (/usr/bin/passwd) waited for!");
+! syslog (LOG_ERR, "wrong child (/usr/bin/passwd) waited for!");
WriteToClient ("500 Server error (wrong child), get help!");
exit (1);
}
if (WIFEXITED (wstat) == 0)
{
-- syslog (LOG_ERR, "child (/bin/passwd) killed?");
-+ syslog (LOG_ERR, "child (/usr/bin/passwd) killed?");
+! syslog (LOG_ERR, "child (/usr/bin/passwd) killed?");
WriteToClient ("500 Server error (funny wstat), get help!");
exit (1);
}
if (WEXITSTATUS (wstat) != 0)
{
-- syslog (LOG_ERR, "child (/bin/passwd) exited abnormally");
-+ syslog (LOG_ERR, "child (/usr/bin/passwd) exited abnormally");
+! syslog (LOG_ERR, "child (/usr/bin/passwd) exited abnormally");
WriteToClient ("500 Server error (abnormal exit), get help!");
exit (1);
}
-@@ -304,17 +307,19 @@
+***************
+*** 304,320 ****
}
else /* Child */
{
-- /*
-- * Become the user trying who's password is being changed. We're
-- * about to exec /bin/passwd with is setuid root anyway, but this
-- * way it looks to the child completely like it's being run by
-- * the normal user, which makes it do its own password verification
-- * before doing any thing. In theory, we've already verified the
-- * password, but this extra level of checking doesn't hurt. Besides,
-- * the way I do it here, if somebody manages to change somebody
-- * else's password, you can complain to your vendor about security
-- * holes, not to me!
-- */
-+ /* Start new session - gets rid of controlling terminal. */
-+
-+ if (setsid() < 0) {
-+ syslog(LOG_ERR, "setsid failed: %m");
-+ return(0);
-+ }
-+
-+ /* Set login name */
-+
-+ if (setlogin(user) < 0) {
-+ syslog(LOG_ERR, "setlogin failed: %m");
-+ return(0);
-+ }
+! /*
+! * Become the user trying who's password is being changed. We're
+! * about to exec /bin/passwd with is setuid root anyway, but this
+! * way it looks to the child completely like it's being run by
+! * the normal user, which makes it do its own password verification
+! * before doing any thing. In theory, we've already verified the
+! * password, but this extra level of checking doesn't hurt. Besides,
+! * the way I do it here, if somebody manages to change somebody
+! * else's password, you can complain to your vendor about security
+! * holes, not to me!
+! */
+ setuid (pw->pw_uid);
+ setgid (pw->pw_gid);
+ dochild (master, slavedev, user);
+--- 308,326 ----
+ }
+ else /* Child */
+ {
+! /* Start new session - gets rid of controlling terminal. */
+!
+! if (setsid() < 0) {
+! syslog(LOG_ERR, "setsid failed: %m");
+! return(0);
+! }
+!
+! /* Set login name */
+!
+! if (setlogin(user) < 0) {
+! syslog(LOG_ERR, "setlogin failed: %m");
+! return(0);
+! }
setuid (pw->pw_uid);
setgid (pw->pw_gid);
dochild (master, slavedev, user);
-@@ -324,7 +329,7 @@
+***************
+*** 324,330 ****
/*
* dochild
*
-- * Do child stuff - set up slave pty and execl /bin/passwd.
-+ * Do child stuff - set up slave pty and execl /usr/bin/passwd.
+! * Do child stuff - set up slave pty and execl /bin/passwd.
*
* Code adapted from "Advanced Programming in the UNIX Environment"
* by W. Richard Stevens.
-@@ -338,13 +343,6 @@
+--- 330,336 ----
+ /*
+ * dochild
+ *
+! * Do child stuff - set up slave pty and execl /usr/bin/passwd.
+ *
+ * Code adapted from "Advanced Programming in the UNIX Environment"
+ * by W. Richard Stevens.
+***************
+*** 338,350 ****
int slave;
struct termios stermios;
@@ -171,21 +274,48 @@
/* Open slave pty and acquire as new controlling terminal. */
if ((slave = open(slavedev, O_RDWR)) < 0) {
-@@ -387,10 +385,10 @@
+--- 344,349 ----
+***************
+*** 387,396 ****
+ return(0);
+ }
+
+! /* Fork /bin/passwd. */
+
+! if (execl("/bin/passwd", "passwd", user, (char*)0) < 0) {
+! syslog(LOG_ERR, "can't exec /bin/passwd: %m");
+ return(0);
+ }
+ }
+--- 386,395 ----
return(0);
}
-- /* Fork /bin/passwd. */
-+ /* Fork /usr/bin/passwd. */
+! /* Fork /usr/bin/passwd. */
-- if (execl("/bin/passwd", "passwd", user, (char*)0) < 0) {
-- syslog(LOG_ERR, "can't exec /bin/passwd: %m");
-+ if (execl("/usr/bin/passwd", "passwd", user, (char*)0) < 0) {
-+ syslog(LOG_ERR, "can't exec /usr/bin/passwd: %m");
+! if (execl("/usr/bin/passwd", "passwd", user, (char*)0) < 0) {
+! syslog(LOG_ERR, "can't exec /usr/bin/passwd: %m");
return(0);
}
}
-@@ -408,15 +406,20 @@
+***************
+*** 408,422 ****
+ *
+ * Modified by Norstad to remove assumptions about number of pty's allocated
+ * on this UNIX box.
+ */
+ findpty (slave)
+ char **slave;
+ {
+ int master;
+! static char *line = "/dev/ptyXX";
+ DIR *dirp;
+ struct dirent *dp;
+
+ dirp = opendir("/dev");
+ while ((dp = readdir(dirp)) != NULL) {
+ if (strncmp(dp->d_name, "pty", 3) == 0 && strlen(dp->d_name) == 5) {
+--- 407,426 ----
*
* Modified by Norstad to remove assumptions about number of pty's allocated
* on this UNIX box.
@@ -198,8 +328,7 @@
char **slave;
{
int master;
-- static char *line = "/dev/ptyXX";
-+ static char line[11];
+! static char line[11];
DIR *dirp;
struct dirent *dp;
@@ -207,12 +336,22 @@
dirp = opendir("/dev");
while ((dp = readdir(dirp)) != NULL) {
if (strncmp(dp->d_name, "pty", 3) == 0 && strlen(dp->d_name) == 5) {
-@@ -485,9 +488,11 @@
+***************
+*** 485,493 ****
}
writestring(master, pswd);
--
-+ sleep(2);
+!
+ if (!expect(master, P4, buf)) return FAILURE;
+
+ return SUCCESS;
+ }
+
+--- 489,499 ----
+ }
+
+ writestring(master, pswd);
+! sleep(2);
if (!expect(master, P4, buf)) return FAILURE;
+ close(master);
@@ -220,11 +359,13 @@
return SUCCESS;
}
-@@ -566,6 +571,7 @@
+***************
+*** 566,571 ****
+--- 572,578 ----
}
n += m;
buf[n] = 0;
-+/* syslog(LOG_ERR, "read from child: %s",buf); */
++ /* syslog(LOG_ERR, "read from child: %s",buf); */
initialSegment = 0;
for (s = expected; **s != 0; s++) {
result = match(buf, *s);
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209231409.g8NE91VX085005>