 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
75 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Re: webmail doesn...| From | Sent On | Attachments |
|---|---|---|
| M.B. | Feb 15, 2002 8:25 pm | |
| Sam Varshavchik | Feb 15, 2002 9:00 pm | |
| Juha Saarinen | Feb 15, 2002 9:13 pm | |
| M.B. | Feb 16, 2002 12:37 am | |
| M.B. | Feb 16, 2002 12:51 am | |
| Juha Saarinen | Feb 16, 2002 1:34 am | |
| M.B. | Feb 16, 2002 1:37 am | |
| Juha Saarinen | Feb 16, 2002 1:41 am | |
| M.B. | Feb 16, 2002 2:28 am | |
| M.B. | Feb 16, 2002 2:30 am | |
| Sam Varshavchik | Feb 16, 2002 6:38 am | |
| William Rowden | Feb 16, 2002 9:31 am | |
| M.B. | Feb 16, 2002 4:05 pm | |
| Sam Varshavchik | Feb 16, 2002 4:39 pm | |
| M.B. | Feb 16, 2002 7:11 pm | |
| M.B. | Feb 16, 2002 7:29 pm | |
| Tucker | Feb 16, 2002 7:42 pm | |
| Sam Varshavchik | Feb 16, 2002 7:49 pm | |
| M.B. | Feb 16, 2002 7:55 pm | |
| M.B. | Feb 16, 2002 7:57 pm | |
| Sam Varshavchik | Feb 16, 2002 8:06 pm | |
| M.B. | Feb 17, 2002 8:57 am | |
| M.B. | Feb 17, 2002 9:02 am | |
| M.B. | Feb 17, 2002 10:23 am | |
| Sam Varshavchik | Feb 17, 2002 12:32 pm | |
| M.B. | Feb 17, 2002 3:23 pm | |
| M.B. | Feb 17, 2002 3:53 pm | |
| M.B. | Feb 17, 2002 7:53 pm | |
| Juha Saarinen | Feb 17, 2002 8:09 pm | |
| M.B. | Feb 17, 2002 8:28 pm | |
| M.B. | Feb 17, 2002 8:44 pm | |
| David M. Stowell | Feb 17, 2002 9:07 pm | |
| Sam Varshavchik | Feb 17, 2002 9:19 pm | |
| Juha Saarinen | Feb 17, 2002 10:21 pm | |
| Juha Saarinen | Feb 17, 2002 10:24 pm | |
| David M. Stowell | Feb 17, 2002 10:29 pm | |
| David M. Stowell | Feb 17, 2002 10:32 pm | |
| M.B. | Feb 17, 2002 11:17 pm | |
| M.B. | Feb 17, 2002 11:22 pm | |
| M.B. | Feb 18, 2002 12:53 am | |
| Sysop | Feb 18, 2002 8:28 am | |
| William Rowden | Feb 18, 2002 11:34 am | |
| M.B. | Feb 18, 2002 3:42 pm | |
| David M. Stowell | Feb 18, 2002 4:49 pm | |
| M.B. | Feb 18, 2002 5:15 pm | |
| David M. Stowell | Feb 18, 2002 5:26 pm | |
| M.B. | Feb 18, 2002 7:21 pm | |
| David M. Stowell | Feb 18, 2002 7:45 pm | |
| Juha Saarinen | Feb 18, 2002 8:09 pm | |
| Sam Varshavchik | Feb 18, 2002 8:41 pm | |
| marc lindahl | Feb 20, 2002 12:19 am | |
| marc lindahl | Feb 22, 2002 6:16 am | |
| Anand Buddhdev | Feb 22, 2002 6:28 am | |
| marc lindahl | Feb 22, 2002 8:23 am | |
| marc lindahl | Feb 22, 2002 8:44 am | |
| Juha Saarinen | Feb 22, 2002 11:36 am | |
| M.B. | Feb 23, 2002 11:55 pm | |
| Jan Lange | Feb 24, 2002 5:06 am | |
| marc lindahl | Feb 24, 2002 10:10 am | |
| marc lindahl | Feb 24, 2002 10:16 am | |
| marc lindahl | Feb 24, 2002 1:38 pm | |
| Sam Varshavchik | Feb 24, 2002 1:46 pm | |
| Anand Buddhdev | Feb 24, 2002 2:07 pm | |
| marc lindahl | Feb 24, 2002 2:31 pm | |
| Sam Varshavchik | Feb 24, 2002 2:45 pm | |
| Juha Saarinen | Feb 24, 2002 2:53 pm | |
| marc lindahl | Feb 24, 2002 2:59 pm | |
| Anand Buddhdev | Feb 24, 2002 5:40 pm | |
| marc lindahl | Feb 24, 2002 6:13 pm | |
| Francois PHILIPPO | Feb 24, 2002 11:59 pm | |
| Sam Varshavchik | Feb 25, 2002 4:35 am | |
| Robert L Mathews | Feb 25, 2002 12:03 pm | |
| marc lindahl | Feb 25, 2002 2:14 pm | |
| Robert L Mathews | Feb 25, 2002 3:23 pm | |
| marc lindahl | Mar 4, 2002 3:11 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [courier-users] Re: webmail doesn't like asterisk in password? | Actions... |
|---|---|---|
| From: | marc lindahl (ma...@bowery.com) | |
| Date: | Mar 4, 2002 3:11:46 am | |
| List: | net.sourceforge.lists.courier-users | |
From: Robert L Mathews <lis...@tigertech.com> Date: Mon, 25 Feb 2002 15:23:34 -0800 To: <cour...@lists.sourceforge.net> Cc: <ma...@bowery.com> Subject: Re: [courier-users] Re: webmail doesn't like asterisk in password?
At 2/25/02 2:14 PM, marc lindahl wrote:
Strange.... I did that and it still doesn't work. Here's my change in webmail/auth.c::login:
if (badstr(uid)) /* || badstr(pass))*/ return (NULL);
I just commented out checking the password only.
That's the exact change I made (at line 259) and it solved the problem, so it should work for you. Check that you've recompiled/reinstalled properly.
I have checked thoroughly. After digging around some more (and I do mean DIGGING, for DAYS), and debugging, I've found there's some weird bug only with the '*' character in passwords. Did you actually try a password with that? For some reason, it has the effect (in cgi()) of truncating the username two characters for each '*' in the password.
But during password *changing* (the second badstr call in auth.c), there's a whole different code path I didn't check, and I can only repeat the warning Sam gave me that some modules can potentially make those characters available to the shell.
I should point out that distributing the same function (e.g. filtering passwords) into multiple places in a program is bad practice, regardless of the security issues. I found no less than four different password filter code segments - instead of referencing one function.
Also, at least in PAM, password changing is checked pretty well within the module - where it should be.