From: Paul L. <pa...@sq...> - 2005-10-25 09:11:05
|
Sorry for the delay and the top-post. I have changed some of the code that does the initialization and made initialization available if you are using the FTP backend as well (thanks to Trevor Cullingsworth for the idea). I will send it to you offlist and you should let me know if it helps your problem. Thanks, Paul >>>Then you might want to insert some debugging in the vacation binary >>>itself -- perhaps output the UID/GID right before the init is executed, >>>to make sure it is executed as the right user. Or maybe there is a >>>problem with the location from which it is run. I don't have time ATM >>>to help, so you are encouraged to dig on your own if you know some C. >>>Let me know either way. >>> >> >> >>stracing gave me a clue: >> >>Invalid user > > > I am curious why you only see this with strace. Are you executing it on > the command line? Printf should go to the console if so. > > >>In stracereport: >>open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied) >> >>I think this happens when next code is hit: >> >>#ifdef USESHADOW >> if ((spw=getspnam(puid))==NULL) >> { >> printf("Invalid user\n "); <<-------- >> exit(1); >> } >> testpwd = crypt(argv[PSWD], spw->sp_pwdp); >> if (strcmp(testpwd, spw->sp_pwdp) != 0) >> { >> printf("Bad password\n "); >> exit(1); >> } >>#else >> testpwd = crypt(argv[PSWD], pw->pw_passwd); >> if (strcmp(testpwd, pw->pw_passwd) != 0) >> { >> printf("Bad password\n "); >> exit(1); >> } >>#endif /* USESHADOW */ >> >>(lines 185-204) > > > These lines are not very similar to what I have. Not sure why. You > might have an out of date version. Attached is a newer version that you > might try (of at least the vacation_binary files). > > >>I checked /etc/shadow: >> >>mail:/etc # l shadow >>-rw-r----- 1 root shadow 832 2005-09-12 17:38 shadow >> >>I chmod 644 shadow, but that does not help. shadow is read alright then, > > > Again, bad idea IMO. > > >>but it halts on: >> setuid(0); >> >>open("/etc/shadow", O_RDONLY) = 3 >>fcntl64(3, F_GETFD) = 0 >>fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 >>_llseek(3, 0, [0], SEEK_CUR) = 0 >>fstat64(3, {st_mode=S_IFREG|0644, st_size=832, ...}) = 0 >>mmap2(NULL, 832, PROT_READ, MAP_SHARED, 3, 0) = 0x40018000 >>_llseek(3, 832, [832], SEEK_SET) = 0 >>munmap(0x40018000, 832) = 0 >>close(3) = 0 >>setuid32(0) = -1 EPERM (Operation not permitted) >>getcwd("/srv/www/htdocs/squirrelmail/plugins/vacation_local", 512) = 52 >>clone(child_stack=0, >>flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, chil >>d_tidptr=0x40050868) = 1798 >>waitpid(1798, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 1798 >>--- SIGCHLD (Child exited) @ 0 (0) --- >>exit_group(0) = ? >> >>In the strace-report it says "setuid32(0)". As I cannot find this call in >>your src-code, I said it halted on setuid(0), but as said before, I am not >>much of a programmer, so I am not sure of this. >>Besides changing mod of shadow-file, I also added wwwrun user to grp >>shadow, and changed shadow to grp root. This made no difference. >> >>Furthermore I compiled squirrelmail_vacation_proxy without USE_SHADOW, but >>then I get error "Bad password". >> >>I do not exactly understand what is going on, maybe if you can find the >>time, you could think about it. > > > I looked thru the code briefly and I don't see any reason why it'd work > for all actions except the init. There might be a problem if the init > has to be executed as the user in question, but it doesn't even seem > like you are getting that far. The shadow check and setuid() call all > happen before any action is processed. So maybe you should strace > another action too. > > - paul __________________________ Open Guild, LLC http://openguild.net/ Software.Systems.Solutions |