upgrade to popa3d 0.4; From: maintainer
This commit is contained in:
parent
bd0e50fbb0
commit
ade0760a17
@ -1,11 +1,12 @@
|
||||
# $OpenBSD: Makefile,v 1.2 1999/09/12 15:04:40 brad Exp $
|
||||
# $OpenBSD: Makefile,v 1.3 2000/02/03 18:45:38 brad Exp $
|
||||
|
||||
DISTNAME= popa3d-0.3
|
||||
DISTNAME= popa3d-0.4
|
||||
CATEGORIES= net mail
|
||||
MASTER_SITES= ftp://ftp.dataforce.net/pub/solar/ \
|
||||
ftp://ftp.dqc.org/archive/
|
||||
MASTER_SITES= http://www.openwall.com/popa3d/ \
|
||||
ftp://ftp.openwall.com/popa3d \
|
||||
ftp://ftp.dataforce.net/pub/solar/
|
||||
|
||||
MAINTAINER= dobbe@xs4all.nl
|
||||
MAINTAINER= cd@sentia.nl
|
||||
|
||||
NO_CONFIGURE= yes
|
||||
ALL_TARGET= popa3d
|
||||
@ -14,6 +15,6 @@ do-install:
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/popa3d ${PREFIX}/libexec
|
||||
|
||||
post-install:
|
||||
@${SH} ${PKGDIR}/INSTALL ${DISTNAME} POST-INSTALL
|
||||
@PKG_PREFIX="${PREFIX}" sh ${PKGDIR}/INSTALL ${DISTNAME} POST-INSTALL
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
@ -1,3 +1,3 @@
|
||||
MD5 (popa3d-0.3.tar.gz) = 53770ad90b763e2ba7721316e2da590f
|
||||
RMD160 (popa3d-0.3.tar.gz) = c2cf6c16d9399987b7d478d273e5bc51bac099d8
|
||||
SHA1 (popa3d-0.3.tar.gz) = 4025f549a4aa9e04768835b2ef1dfc6a3adf0990
|
||||
MD5 (popa3d-0.4.tar.gz) = 4ce2ed209abeaeaae7724d8d24bb7dbf
|
||||
RMD160 (popa3d-0.4.tar.gz) = 869ea1d25a626ce9248061894c47c1b1aacfdd9c
|
||||
SHA1 (popa3d-0.4.tar.gz) = 47df1be78048b68b6ce7b552cccd76579d576710
|
||||
|
@ -1,5 +1,5 @@
|
||||
--- params.h.orig Thu Mar 25 05:25:55 1999
|
||||
+++ params.h Fri Sep 10 21:11:11 1999
|
||||
--- params.h.orig Thu Feb 3 15:45:32 2000
|
||||
+++ params.h Thu Feb 3 15:59:36 2000
|
||||
@@ -33,7 +33,7 @@
|
||||
* An unprivileged dummy user to run as before authentication. The user
|
||||
* and its UID must not be used for any other purpose.
|
||||
@ -9,22 +9,26 @@
|
||||
|
||||
/*
|
||||
* Sessions will be closed if idle for longer than POP_TIMEOUT seconds.
|
||||
@@ -58,19 +58,19 @@
|
||||
/*
|
||||
* Do we have shadow passwords? Note: password aging is not supported.
|
||||
@@ -62,14 +62,15 @@
|
||||
* Do we have shadow passwords? (Not for *BSD.)
|
||||
* Note: password aging is not supported.
|
||||
*/
|
||||
-#define AUTH_SHADOW 1
|
||||
+#define AUTH_SHADOW 0
|
||||
|
||||
/*
|
||||
* A salt used to waste some CPU time on dummy crypt(3) calls and make
|
||||
* it harder to check for valid usernames. Adjust it for your crypt(3).
|
||||
* it harder (but still far from impossible, on most systems) to check
|
||||
* for valid usernames. Adjust it for your crypt(3).
|
||||
*/
|
||||
-#define AUTH_DUMMY_SALT "xx"
|
||||
+#define AUTH_DUMMY_SALT "$2a$07$DummyBlowfishSalt"
|
||||
+/* echo -n "dummyblowfishsalt" | encrypt -b 7 */
|
||||
+#define AUTH_DUMMY_SALT "$2a$07$.SZB2Z1e3w0fyDRiRd8k/eHANXfEMcuNLZNva1iUFCzjVF0CzHbkq"
|
||||
|
||||
/*
|
||||
* Your mail spool directory. Note: only local (non-NFS) mode 755 mail
|
||||
* Message to return to the client when authentication fails. You can
|
||||
@@ -81,7 +82,7 @@
|
||||
* Your mail spool directory. Note: only local (non-NFS) mode 775 mail
|
||||
* spools are currently supported.
|
||||
*/
|
||||
-#define MAIL_SPOOL_PATH "/var/spool/mail"
|
||||
|
@ -1,17 +0,0 @@
|
||||
--- pop_root.c.orig Thu Mar 25 05:25:55 1999
|
||||
+++ pop_root.c Fri Sep 10 21:20:11 1999
|
||||
@@ -140,8 +140,13 @@
|
||||
*pw->pw_passwd == '*' || *pw->pw_passwd == '!')
|
||||
crypt(pass, AUTH_DUMMY_SALT);
|
||||
else
|
||||
- if (!strcmp(crypt(pass, pw->pw_passwd), pw->pw_passwd))
|
||||
+ if (!strcmp(crypt(pass, pw->pw_passwd), pw->pw_passwd)) {
|
||||
+#if defined(__OpenBSD__)
|
||||
+ /* zero out the password, obsd getpwnam cleaned up the rest */
|
||||
+ bzero(pw->pw_passwd, strlen(pw->pw_passwd));
|
||||
+#endif
|
||||
return pw;
|
||||
+ }
|
||||
|
||||
return NULL;
|
||||
}
|
@ -1,19 +1,17 @@
|
||||
Security issues:
|
||||
|
||||
This port does not use "shadow" password authentication, because things
|
||||
work a bit differently on BSD systems. The 'normal' authentication function
|
||||
is patched to zero-out the password after authentication. Because OpenBSD's
|
||||
getpwnam takes great care to cleanup, I'm fairly positive this patch achieves
|
||||
the same level of security as all the trickery in function do_shadow_auth.
|
||||
|
||||
The author recommends that a seperate user 'popa3d' is created. However,
|
||||
for ease of installation this port uses 'nobody'. Don't use 'nobody' for
|
||||
anything else, or recompile popa3d to use 'popa3d' and create that user
|
||||
yourself.
|
||||
|
||||
The onetime use of strcmp seems correct. One parameter is 'pw->passwd',
|
||||
obtained from a call to getpwnam. The other parameter is 'pass', which is
|
||||
derived from an input-buffer of which apop3d takes care not to overrun.
|
||||
derived from an input-buffer of which popa3d takes care not to overrun.
|
||||
|
||||
sprintf is used once. Its parameters are 'MAIL_SPOOL_PATH', which is a
|
||||
compile-time constant and 'mailbox', which is the username, derived from
|
||||
the password-file.
|
||||
|
||||
One more time: POP3 is inherently insecure. Passwords are sent in cleartext,
|
||||
everytime a user checks his mailbox. apop3d does not have APOP support.
|
||||
everytime a user checks his mailbox. popa3d does not have APOP support.
|
||||
|
Loading…
Reference in New Issue
Block a user