Please reply on-list
>>Then you might want to insert some debugging in the vacation binary
>>itself -- perhaps output the UID/GID right before the init is executed,
>>to make sure it is executed as the right user. Or maybe there is a
>>problem with the location from which it is run. I don't have time ATM
>>to help, so you are encouraged to dig on your own if you know some C.
>>Let me know either way.
>>
>
>
> stracing gave me a clue:
>
> Invalid user
>
> In stracereport:
> open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied)
>
> I think this happens when next code is hit:
>
> #ifdef USESHADOW
> if ((spw=getspnam(puid))==NULL)
> {
> printf("Invalid user\n "); <<--------
<snip>
> I checked /etc/shadow:
>
> mail:/etc # l shadow
> -rw-r----- 1 root shadow 832 2005-09-12 17:38 shadow
>
> I chmod 644 shadow, but that does not help. shadow is read alright then,
Well, that code should be being used for other actions too. So changing
permissions should not be the issue. Do you see if there is a
difference in how the user is looked up for actions other than init?
Try to see why it'd work in any case beside init.
> but it halts on:
> setuid(0);
>
> open("/etc/shadow", O_RDONLY) = 3
> fcntl64(3, F_GETFD) = 0
> fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
> _llseek(3, 0, [0], SEEK_CUR) = 0
> fstat64(3, {st_mode=S_IFREG|0644, st_size=832, ...}) = 0
> mmap2(NULL, 832, PROT_READ, MAP_SHARED, 3, 0) = 0x40018000
> _llseek(3, 832, [832], SEEK_SET) = 0
> munmap(0x40018000, 832) = 0
> close(3) = 0
> setuid32(0) = -1 EPERM (Operation not permitted)
> getcwd("/srv/www/htdocs/squirrelmail/plugins/vacation_local", 512) = 52
> clone(child_stack=0,
> flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, chil
> d_tidptr=0x40050868) = 1798
> waitpid(1798, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 1798
> --- SIGCHLD (Child exited) @ 0 (0) ---
> exit_group(0) = ?
>
> In the strace-report it says "setuid32(0)". As I cannot find this call in
> your src-code, I said it halted on setuid(0), but as said before, I am not
> much of a programmer, so I am not sure of this.
Somewhere there should be a setuid call. I will look later if you don't
find it.
> Besides changing mod of shadow-file, I also added wwwrun user to grp
> shadow, and changed shadow to grp root. This made no difference.
I would recommend strongly against this. If the plugin works for other
actions, it presumably had been successfully using the shadow database
already -- something is just afowl with the init action.
> Furthermore I compiled squirrelmail_vacation_proxy without USE_SHADOW, but
> then I get error "Bad password".
>
> I do not exactly understand what is going on, maybe if you can find the
> time, you could think about it.
Thanks, I might try much later tonight, but am pretty busy ATM. Thanks
for your good help!
-paul
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
--
squirrelmail-users mailing list
Posting Guidelines:
http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines
List Address: squirrelmail-users@lists.sourceforge.net
List Archives:
http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
