Menu
▾
▴
Re: [SM-USERS] vacation_local error
|
From: Paul L. <pa...@sq...> - 2005-10-25 09:11:05
|
Sorry for the delay and the top-post. I have changed some of the code
that does the initialization and made initialization available if you
are using the FTP backend as well (thanks to Trevor Cullingsworth for
the idea). I will send it to you offlist and you should let me know if
it helps your problem.
Thanks,
Paul
>>>Then you might want to insert some debugging in the vacation binary
>>>itself -- perhaps output the UID/GID right before the init is executed,
>>>to make sure it is executed as the right user. Or maybe there is a
>>>problem with the location from which it is run. I don't have time ATM
>>>to help, so you are encouraged to dig on your own if you know some C.
>>>Let me know either way.
>>>
>>
>>
>>stracing gave me a clue:
>>
>>Invalid user
>
>
> I am curious why you only see this with strace. Are you executing it on
> the command line? Printf should go to the console if so.
>
>
>>In stracereport:
>>open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied)
>>
>>I think this happens when next code is hit:
>>
>>#ifdef USESHADOW
>> if ((spw=getspnam(puid))==NULL)
>> {
>> printf("Invalid user\n "); <<--------
>> exit(1);
>> }
>> testpwd = crypt(argv[PSWD], spw->sp_pwdp);
>> if (strcmp(testpwd, spw->sp_pwdp) != 0)
>> {
>> printf("Bad password\n ");
>> exit(1);
>> }
>>#else
>> testpwd = crypt(argv[PSWD], pw->pw_passwd);
>> if (strcmp(testpwd, pw->pw_passwd) != 0)
>> {
>> printf("Bad password\n ");
>> exit(1);
>> }
>>#endif /* USESHADOW */
>>
>>(lines 185-204)
>
>
> These lines are not very similar to what I have. Not sure why. You
> might have an out of date version. Attached is a newer version that you
> might try (of at least the vacation_binary files).
>
>
>>I checked /etc/shadow:
>>
>>mail:/etc # l shadow
>>-rw-r----- 1 root shadow 832 2005-09-12 17:38 shadow
>>
>>I chmod 644 shadow, but that does not help. shadow is read alright then,
>
>
> Again, bad idea IMO.
>
>
>>but it halts on:
>> setuid(0);
>>
>>open("/etc/shadow", O_RDONLY) = 3
>>fcntl64(3, F_GETFD) = 0
>>fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
>>_llseek(3, 0, [0], SEEK_CUR) = 0
>>fstat64(3, {st_mode=S_IFREG|0644, st_size=832, ...}) = 0
>>mmap2(NULL, 832, PROT_READ, MAP_SHARED, 3, 0) = 0x40018000
>>_llseek(3, 832, [832], SEEK_SET) = 0
>>munmap(0x40018000, 832) = 0
>>close(3) = 0
>>setuid32(0) = -1 EPERM (Operation not permitted)
>>getcwd("/srv/www/htdocs/squirrelmail/plugins/vacation_local", 512) = 52
>>clone(child_stack=0,
>>flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, chil
>>d_tidptr=0x40050868) = 1798
>>waitpid(1798, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 1798
>>--- SIGCHLD (Child exited) @ 0 (0) ---
>>exit_group(0) = ?
>>
>>In the strace-report it says "setuid32(0)". As I cannot find this call in
>>your src-code, I said it halted on setuid(0), but as said before, I am not
>>much of a programmer, so I am not sure of this.
>>Besides changing mod of shadow-file, I also added wwwrun user to grp
>>shadow, and changed shadow to grp root. This made no difference.
>>
>>Furthermore I compiled squirrelmail_vacation_proxy without USE_SHADOW, but
>>then I get error "Bad password".
>>
>>I do not exactly understand what is going on, maybe if you can find the
>>time, you could think about it.
>
>
> I looked thru the code briefly and I don't see any reason why it'd work
> for all actions except the init. There might be a problem if the init
> has to be executed as the user in question, but it doesn't even seem
> like you are getting that far. The shadow check and setuid() call all
> happen before any action is processed. So maybe you should strace
> another action too.
>
> - paul
__________________________
Open Guild, LLC
http://openguild.net/
Software.Systems.Solutions
|