[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] Neomail domains?

Subject: RE: [cobalt-developers] Neomail domains?
From: "Ian" <ian@xxxxxxxxxxxxxxxxxxxx>
Date: Fri Mar 15 17:13:21 2002
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

That seems to have done the job perfectly.

Thanks for your help Matt - That old old book of yours and your
interpretation of this lot have done me and I should imagine and hope
others, the world of good in securing this neomail from potential easy
harmful use.

You are a diamond...

Thanks Ian

-----Original Message-----
From: cobalt-developers-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Matthew
Nuzum
Sent: 16 March 2002 04:23
To: cobalt-developers@xxxxxxxxxxxxxxx; Ian
Subject: Re: [cobalt-developers] Neomail domains?


OK, I think I figured it out.

Try adding a slash before the ..
so:
$homedir = $ENV{DOCUMENT_ROOT} . '/../users/'.$username;

A nifty little script I found somehwere:
#!/usr/bin/perl
print "Content-type: text/html\n\n";
foreach $key (keys %ENV) {
 print "$key --> $ENV{$key}<br>";
}

displays all CGI variables, which is cool.  It shows document root being:
DOCUMENT_ROOT --> /home/sites/site42/web
notice it's missing the / at the end, so with my previous script, the
$homedir variable would have been:
/home/sites/site42/web../users/$USER
which of course doesn't exist.

Matt Nuzum

----- Original Message -----
From: "Ian" <ian@xxxxxxxxxxxxxxxxxxxx>
To: <cobalt-developers@xxxxxxxxxxxxxxx>
Sent: Friday, March 15, 2002 6:18 PM
Subject: RE: [cobalt-developers] Neomail domains?


> Hi Matt,
>
> Thanks for the help, I gave your code a go, but it didnt work out I am
> afraid. I kept getting failed logins.
>
> I placed the:
>
> if($passcorrect == 0){
>     $homedir = $ENV{DOCUMENT_ROOT} . '../users/'.$username;
>     if(-d $homedir){
>         $passcorrect = 0;
>         # home dir exists
>     }else{
>         $passcorect =1;
>         # home dir not exist
>     }
> }
>
> directly above the last "exit $passcorrect;" statement.
>
> I changed the passcorrect 0 and 1 around and it obviously worked, which
> means that so long as info held within the $homedir did not match then it
> allowed access, so I think it means their was a problem with the
> $ENV{DOCUMENT_ROOT} . '../users/'.$username; part. I tried different
> combinations of just ../, ../../ etc
>
> Thinking about this, isnt the neomail - webmail folder a reference as
> opposed to a physical folder to go in and out off?
>
> Anyone got any ideas....
>
> Ian
>
>
> -----Original Message-----
> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Matthew
> Nuzum
> Sent: 15 March 2002 20:43
> To: cobalt-developers@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-developers] Neomail domains?
>
>
> Here is a possible solution to the problem of user's logging into webmail
> using the wrong domain.
>
> I've been looking through the neomail sources, and honestly, I have a hard
> time making sense of it.  This is probably because I don't use perl for
the
> web.   However I have some code at the bottom of this message for someone
to
> try out.
>
> Because the Cobalt Raq servers are so standardized, we can make some
> assumptions about the configuration.  For example, the location of certain
> files, etc.
>
> The cgi variable, DOCUMENT_ROOT should always point to the path of the
> current virtual domain's document root.  For example, the primary site on
> the raq should say:
> DOCUMENT_ROOT --> /home/sites/home/web
>
> That means that if a user wants to log in, and their user name is $USER,
we
> should be able to check if the folder $DOCUMENT_ROOT/../users/$USER exists
> before we check to see if their password is correct.  We could do it
> afterwards, that part doesn't really matter.  Which ever is more resource
> intensive should be done last.
>
> So what we're doing is creating two tests that the user must pass to
login.
> Pass only one, and you're out.  Pass both and you're in.
>
> So here is my attempt to help.  First, I'll include the original text of
> checklogin.pl:
> #!/usr/bin/perl -T
>
> my ($username, $password, $usr, $pswd, $passwdfile);
> my $passcorrect = 0; # default to correct, set incorrect when determined
> my $line;
> chomp($passwdfile = <STDIN>);
> chomp($username = <STDIN>);
> chomp($password = <STDIN>);
>
> if ( $passwdfile && $username && $password ) {
>    open (PASSWD, $passwdfile) or exit 1;
>    while (defined($line = <PASSWD>)) {
>       chomp($line);
>       ($usr,$pswd) = (split(/:/, $line))[0,1];
>       last if ($usr eq $username); # We've found the user in /etc/passwd
>    }
>    close (PASSWD);
>    if (($usr ne $username) or (crypt($password, $pswd) ne $pswd)) {
>       $passcorrect = 1; # User/Pass combo is WRONG!
>    }
> } else {
>    $passcorrect = 1;
> }
> exit $passcorrect;
> -------<END>------
>
> $passcorrect is set to 0 by default, and 0 indicates a successful login.
The
> variables $username contains the username entered by the user (vs. $usr
> which is the username as specified by the /etc/passwd file).  So, we can
> build a path for the user's supposed home directory with the command:
> $homedir = $ENV{DOCUMENT_ROOT} . '../users/'.$username;
>
> Then, I **think** we can check to see if that directory exists by using
the
> following:
> if(-d $homedir){
>     $passcorrect = 0;
>     # home dir exists
> }else{
>     $passcorect =1;
>     # home dir not exist
> }
>
> SO, to bring it all together, we might end up with something like this at
> the end of the file:
>
> if($passcorrect == 0){
>     $homedir = $ENV{DOCUMENT_ROOT} . '../users/'.$username;
>     if(-d $homedir){
>         $passcorrect = 0;
>         # home dir exists
>     }else{
>         $passcorect =1;
>         # home dir not exist
>     }
> }
> exit $passcorrect;
>
> Now, keep in mind that most of this code came out of my Learning Perl book
> dated August 1994, so it may be somewhat outdated. (they haven't changed
> that much since perl 4, right?)
>
> Maybe this will help, maybe not.  Let me know if it works and I'll post it
> on my website.
>
> Matt
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>
>
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>

_______________________________________________
cobalt-developers mailing list
cobalt-developers@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-developers

Follow-Ups:
- Re: [cobalt-developers] Neomail domains?
  - From: Matthew Nuzum

References:
- Re: [cobalt-developers] Neomail domains?
  - From: Matthew Nuzum

Prev by Date: Re: [cobalt-developers] deleting dns entries from with a Perl or PHP script
Next by Date: [cobalt-developers] phpMyAdmin Error
Previous by thread: Re: [cobalt-developers] Neomail domains?
Next by thread: Re: [cobalt-developers] Neomail domains?

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index