diff options
Diffstat (limited to 'net-mail/cmd5checkpw/files')
| -rw-r--r-- | net-mail/cmd5checkpw/files/euid_030.diff | 49 | ||||
| -rw-r--r-- | net-mail/cmd5checkpw/files/poppasswd | 3 | ||||
| -rw-r--r-- | net-mail/cmd5checkpw/files/reloc.diff | 63 |
3 files changed, 115 insertions, 0 deletions
diff --git a/net-mail/cmd5checkpw/files/euid_030.diff b/net-mail/cmd5checkpw/files/euid_030.diff new file mode 100644 index 000000000000..12fa9ecc2e5d --- /dev/null +++ b/net-mail/cmd5checkpw/files/euid_030.diff @@ -0,0 +1,49 @@ +diff -upr cmd5checkpw-0.30.orig/main.c cmd5checkpw-0.30/main.c +--- cmd5checkpw-0.30.orig/main.c 2003-09-18 16:34:01.000000000 +0300 ++++ cmd5checkpw-0.30/main.c 2005-07-31 13:19:25.000000000 +0300 +@@ -5,6 +5,7 @@ + #include <pwd.h> + #include <stdio.h> + #include <unistd.h> ++#include <sys/types.h> + + #define LINE_MAX 256 + #define SASLUSERFILE "/var/qmail/users/authuser" +@@ -23,10 +24,26 @@ int doit(unsigned char *testlogin, unsig + unsigned char h; + FILE *fp; + int j; +- ++ uid_t uid; ++ gid_t gid; + char *linepnt; + + if ((fp = fopen(SASLUSERFILE, READONLY)) == NULL) _exit(2); ++ ++ uid = getuid(); ++ gid = getgid(); ++ ++ if (gid != getegid()) { ++ if (setegid(gid)) ++ _exit(2); ++ } ++ ++ ++ if (uid && (uid != geteuid())) { ++ if (seteuid(uid)) ++ _exit(2); ++ } ++ + while (fgets(line, LINE_MAX, fp) != NULL) { + if ((linepnt = strchr(line, '\n')) != NULL) { + *linepnt = 0; +@@ -39,7 +56,8 @@ int doit(unsigned char *testlogin, unsig + break; + } + } +- fclose(fp); ++ ++ if (EOF == fclose(fp)) _exit(2); + + if (!found_user) return(1); + diff --git a/net-mail/cmd5checkpw/files/poppasswd b/net-mail/cmd5checkpw/files/poppasswd new file mode 100644 index 000000000000..8fc1d4275ecd --- /dev/null +++ b/net-mail/cmd5checkpw/files/poppasswd @@ -0,0 +1,3 @@ +# Format of this file is one user:pass per line +# Like so... +# joedogger:sm311yf33t diff --git a/net-mail/cmd5checkpw/files/reloc.diff b/net-mail/cmd5checkpw/files/reloc.diff new file mode 100644 index 000000000000..7472436bf469 --- /dev/null +++ b/net-mail/cmd5checkpw/files/reloc.diff @@ -0,0 +1,63 @@ +diff -upr cmd5checkpw-0.30.orig/Makefile cmd5checkpw-0.30/Makefile +--- cmd5checkpw-0.30.orig/Makefile 2003-09-18 16:34:01.000000000 +0300 ++++ cmd5checkpw-0.30/Makefile 2005-07-31 14:41:16.000000000 +0300 +@@ -14,7 +14,7 @@ CFLAGS=-c -g -Wall -O3 + LD=gcc + LDFLAGS=-g -o ${TARGET} + +-default: main man cmd5checkpw ++default: cmd5checkpw + + main: cmd5checkpw.c conf-qmail + sed s}QMAILHOME}"`head -1 conf-qmail`"}g cmd5checkpw.c > main.c +diff -upr cmd5checkpw-0.30.orig/cmd5checkpw.8 cmd5checkpw-0.30/cmd5checkpw.8 +--- cmd5checkpw-0.30.orig/cmd5checkpw.8 2003-09-18 16:34:01.000000000 +0300 ++++ cmd5checkpw-0.30/cmd5checkpw.8 2005-07-31 14:43:20.000000000 +0300 +@@ -26,7 +26,7 @@ and a cram-md5 challenge terminated by \ + .B cmd5checkpw + recalcuates a MD5 digest using the provided plain challenge + and the passwords from +-.IR /var/qmail/users/authuser ++.IR /etc/poppasswd + and compares it with response (2nd parameter). If they are the same + then + .B cmd5checkpw +@@ -50,7 +50,7 @@ exits 111. + + .B cmd5checkpw + additionally compares the supplied password with the password in the +-.IR /var/qmail/user/authuser ++.IR /etc/poppasswd + file. Thus it can be used as a plain-text checkpassword + for PLAIN & LOGIN authtype (but we recommend using a crypted version for + security reasons). To use it, simply provide it with clear text password +@@ -68,7 +68,7 @@ interface. + Before invoking + .BR subprogram , + .B cmd5checkpw +-does not set up anything. Just because users from /var/qmail/user/authuser does not ++does not set up anything. Just because users from /etc/poppasswd does not + have to exist in the system so setting their uid,gid etc is not possible. + + Other +@@ -78,7 +78,7 @@ These effects must be documented; + applications will differ in their requirements. + + .SH "FILES" +-.IR /var/qmail/users/authuser ++.IR /etc/poppasswd + - this file contains pairs of logins and clear text passwords + separated by ":". It looks like this: + +diff -upr cmd5checkpw-0.30.orig/main.c cmd5checkpw-0.30/main.c +--- cmd5checkpw-0.30.orig/main.c 2003-09-18 16:34:01.000000000 +0300 ++++ cmd5checkpw-0.30/main.c 2005-07-31 14:43:36.000000000 +0300 +@@ -7,7 +7,7 @@ + #include <unistd.h> + + #define LINE_MAX 256 +-#define SASLUSERFILE "/var/qmail/users/authuser" ++#define SASLUSERFILE "/etc/poppasswd" + #define READONLY "r" + char up[513]; + int uplen; |