qmail-1.03 port almost finished; still ntsec problem

qmail-1.03 port almost finished; still ntsec problem

[Stipe Tolj]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 4167 bytes --]

Hi list,

I habe build a running version of qmail-1.03, the SMTP and POP3 daemon
of DJ Bernstein.

Seems everything is working ok and concurrent mailing is also
supported. But there is still a minor problem I'm having while the
POP3 session.

To allow NT passwords of Cygwin users (like in login or sshd) I have
addopted the necessary code to Bernstein's checkpassword.c which is
something similar to login.c. But I never get a successfull reply from
the system!

What am I missing here?!

Any help would be great, so that I may package qmail for Cygwin for
distribution.

Regards,
Stipe


Stipe Tolj
Department Management
Technology Center & Research Lab

tolj@wapme-systems.de
-------------------------------------------------------------------
Wapme Systems AG

Münsterstr. 248
40470 Düsseldorf

Tel: +49-211-74845-0
Fax: +49-211-74845-299

E-Mail: info@wapme-systems.de
Internet: http://www.wapme-systems.de
-------------------------------------------------------------------
wapme.net - wherever you are
#include "error.h"
#include "pathexec.h"
#include "prot.h"

#include <stdio.h>
#include <stdlib.h>
#include <strings.h>

#ifdef __CYGWIN__
#include <unistd.h>
#include <sys/param.h>
#include <windows.h>
#include <sys/cygwin.h>
#include <process.h>
#define is_winnt        (GetVersion() < 0x80000000)
#endif

extern char *crypt();
#include <pwd.h>
static struct passwd *pw;

#include "hasspnam.h"
#ifdef HASGETSPNAM
#include <shadow.h>
static struct spwd *spw;
#endif

#include "hasuserpw.h"
#ifdef HASUSERPW
#include <userpw.h>
static struct userpw *upw;
#endif

static char up[513];
static int uplen;

main(int argc,char **argv)
{
  char tbuf[MAXPATHLEN + 2];
  char *login;
  char *password;
  char *encrypted;
  char *stored;
  char *p;
  int r;
  int i;
 
  if (!argv[1]) exit(2);
  //fprintf(stderr, "__argv ok\n");

  uplen = 0;
  for (;;) {
    do
      r = read(3,up + uplen,sizeof(up) - uplen);
    while ((r == -1) && (errno == error_intr));
    if (r == -1) exit(111);
    if (r == 0) break;
    uplen += r;
    if (uplen >= sizeof(up)) exit(1);
  }
  close(3);

  i = 0;
  if (i >= uplen) exit(2);
  login = up + i;
  while (up[i++]) if (i >= uplen) exit(2);
  password = up + i;
  if (i >= uplen) exit(2);
  while (up[i++]) if (i >= uplen) exit(2);

  //login = argv[1];
  //fprintf(stderr, "__login=%s\n", login);

  pw = getpwnam(login);
  if (pw)
    stored = pw->pw_passwd;
  else {
    if (errno == error_txtbsy) exit(111);
    exit(1);
  }
  //fprintf(stderr, "__getpwnam ok\n");

#ifdef HASUSERPW
  upw = getuserpw(login);
  if (upw)
    stored = upw->upw_passwd;
  else
    if (errno == error_txtbsy) exit(111);
#endif
#ifdef HASGETSPNAM
  spw = getspnam(login);
  if (spw)
    stored = spw->sp_pwdp;
  else
    if (errno == error_txtbsy) exit(111);
#endif
  if (!stored) exit(1);

  //password = argv[2];
  //fprintf(stderr, "__stored=%s\n", stored);
  //fprintf(stderr, "__password=%s\n", password);

#ifdef __CYGWIN__
  if (is_winnt) {
    HANDLE hToken = cygwin_logon_user (pw, password);
    if (hToken != INVALID_HANDLE_VALUE) {
        cygwin_set_impersonation_token (hToken);
        fprintf(stderr, "__pass ok!\n");
    } else {
        //exit(1);
    }
  } else
#endif
  {
    encrypted = crypt(password,stored);
    if (pw && !strcmp(encrypted, pw->pw_passwd)) {
            fprintf(stderr, "__pass ok!\n");
    } else {
        //exit(1);
    }
  }
 
  //if (prot_gid((int) pw->pw_gid) == -1) exit(1);
  //if (prot_uid((int) pw->pw_uid) == -1) exit(1);
  if (setegid(pw->pw_gid) == -1) exit(1);
  if (seteuid(pw->pw_uid) == -1) exit(1);
  //fprintf(stderr, "__setexxx ok!\n");
      
  if (chdir(pw->pw_dir) == -1) exit(111);
  //fprintf(stderr, "__chdir ok!\n");

  if (!pathexec_env("USER",pw->pw_name)) exit(111);
  if (!pathexec_env("HOME",pw->pw_dir)) exit(111);
  if (!pathexec_env("SHELL",pw->pw_shell)) exit(111);
  //(void)setenv("USER", pw->pw_name, 1);
  //(void)setenv("HOME", pw->pw_dir, 1);
  //(void)setenv("SHELL", pw->pw_shell, 1);
  //fprintf(stderr, "__env ok!\n");

  tbuf[0] = '-';
  strcpy(tbuf + 1, (p = rindex(argv[1], '/')) ?
	    p + 1 : argv[1]);
  execlp(argv[1], tbuf, 0);
	
  exit(111);
}

Re: qmail-1.03 port almost finished; still ntsec problem

[Corinna Vinschen]

On Sun, Sep 23, 2001 at 02:53:05PM +0200, Stipe Tolj wrote:
> Hi list,
> 
> I habe build a running version of qmail-1.03, the SMTP and POP3 daemon
> of DJ Bernstein.
> 
> Seems everything is working ok and concurrent mailing is also
> supported. But there is still a minor problem I'm having while the
> POP3 session.
> 
> To allow NT passwords of Cygwin users (like in login or sshd) I have
> addopted the necessary code to Bernstein's checkpassword.c which is
> something similar to login.c. But I never get a successfull reply from
> the system!
> 
> What am I missing here?!

The correct NT user rights which are only given to SYSTEM
be default, probably.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: qmail-1.03 port almost finished; still ntsec problem

[Stipe Tolj]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1114 bytes --]

> > To allow NT passwords of Cygwin users (like in login or sshd) I have
> > addopted the necessary code to Bernstein's checkpassword.c which is
> > something similar to login.c. But I never get a successfull reply from
> > the system!
> >
> > What am I missing here?!
> 
> The correct NT user rights which are only given to SYSTEM
> be default, probably.

ok, sound familiar. At least login is invoked by inetd running as
SYSTEM and sshd is also running as SYSTEM.

Now how can I try this out without having to setup a NT service?

Stipe

tolj@wapme-systems.de
-------------------------------------------------------------------
Wapme Systems AG

Münsterstr. 248
40470 Düsseldorf

Tel: +49-211-74845-0
Fax: +49-211-74845-299

E-Mail: info@wapme-systems.de
Internet: http://www.wapme-systems.de
-------------------------------------------------------------------
wapme.net - wherever you are

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: qmail-1.03 port almost finished; still ntsec problem

[Corinna Vinschen]

On Sun, Sep 23, 2001 at 05:19:11PM +0200, Stipe Tolj wrote:
> > > To allow NT passwords of Cygwin users (like in login or sshd) I have
> > > addopted the necessary code to Bernstein's checkpassword.c which is
> > > something similar to login.c. But I never get a successfull reply from
> > > the system!
> > >
> > > What am I missing here?!
> > 
> > The correct NT user rights which are only given to SYSTEM
> > be default, probably.
> 
> ok, sound familiar. At least login is invoked by inetd running as
> SYSTEM and sshd is also running as SYSTEM.
> 
> Now how can I try this out without having to setup a NT service?

Give the permissions to a test account as described in
/usr/doc/Cygwin/inetutils.README.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/