[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Neomail domains?

Subject: Re: [cobalt-developers] Neomail domains?
From: "Matthew Nuzum" <cobalt@xxxxxxxxxxxxx>
Date: Sat Mar 16 01:03:26 2002
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

Yeah!
Matt Nuzum

----- Original Message -----
From: "Ian" <ian@xxxxxxxxxxxxxxxxxxxx>
To: <cobalt-developers@xxxxxxxxxxxxxxx>
Sent: Saturday, March 16, 2002 4:17 AM
Subject: RE: [cobalt-developers] Neomail domains?


> That seems to have done the job perfectly.
>
> Thanks for your help Matt - That old old book of yours and your
> interpretation of this lot have done me and I should imagine and hope
> others, the world of good in securing this neomail from potential easy
> harmful use.
>
> You are a diamond...
>
> Thanks Ian
>
> -----Original Message-----
> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Matthew
> Nuzum
> Sent: 16 March 2002 04:23
> To: cobalt-developers@xxxxxxxxxxxxxxx; Ian
> Subject: Re: [cobalt-developers] Neomail domains?
>
>
> OK, I think I figured it out.
>
> Try adding a slash before the ..
> so:
> $homedir = $ENV{DOCUMENT_ROOT} . '/../users/'.$username;
>
> A nifty little script I found somehwere:
> #!/usr/bin/perl
> print "Content-type: text/html\n\n";
> foreach $key (keys %ENV) {
>  print "$key --> $ENV{$key}<br>";
> }
>
> displays all CGI variables, which is cool.  It shows document root being:
> DOCUMENT_ROOT --> /home/sites/site42/web
> notice it's missing the / at the end, so with my previous script, the
> $homedir variable would have been:
> /home/sites/site42/web../users/$USER
> which of course doesn't exist.
>
> Matt Nuzum
>
> ----- Original Message -----
> From: "Ian" <ian@xxxxxxxxxxxxxxxxxxxx>
> To: <cobalt-developers@xxxxxxxxxxxxxxx>
> Sent: Friday, March 15, 2002 6:18 PM
> Subject: RE: [cobalt-developers] Neomail domains?
>
>
> > Hi Matt,
> >
> > Thanks for the help, I gave your code a go, but it didnt work out I am
> > afraid. I kept getting failed logins.
> >
> > I placed the:
> >
> > if($passcorrect == 0){
> >     $homedir = $ENV{DOCUMENT_ROOT} . '../users/'.$username;
> >     if(-d $homedir){
> >         $passcorrect = 0;
> >         # home dir exists
> >     }else{
> >         $passcorect =1;
> >         # home dir not exist
> >     }
> > }
> >
> > directly above the last "exit $passcorrect;" statement.
> >
> > I changed the passcorrect 0 and 1 around and it obviously worked, which
> > means that so long as info held within the $homedir did not match then
it
> > allowed access, so I think it means their was a problem with the
> > $ENV{DOCUMENT_ROOT} . '../users/'.$username; part. I tried different
> > combinations of just ../, ../../ etc
> >
> > Thinking about this, isnt the neomail - webmail folder a reference as
> > opposed to a physical folder to go in and out off?
> >
> > Anyone got any ideas....
> >
> > Ian
> >
> >
> > -----Original Message-----
> > From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> > [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Matthew
> > Nuzum
> > Sent: 15 March 2002 20:43
> > To: cobalt-developers@xxxxxxxxxxxxxxx
> > Subject: Re: [cobalt-developers] Neomail domains?
> >
> >
> > Here is a possible solution to the problem of user's logging into
webmail
> > using the wrong domain.
> >
> > I've been looking through the neomail sources, and honestly, I have a
hard
> > time making sense of it.  This is probably because I don't use perl for
> the
> > web.   However I have some code at the bottom of this message for
someone
> to
> > try out.
> >
> > Because the Cobalt Raq servers are so standardized, we can make some
> > assumptions about the configuration.  For example, the location of
certain
> > files, etc.
> >
> > The cgi variable, DOCUMENT_ROOT should always point to the path of the
> > current virtual domain's document root.  For example, the primary site
on
> > the raq should say:
> > DOCUMENT_ROOT --> /home/sites/home/web
> >
> > That means that if a user wants to log in, and their user name is $USER,
> we
> > should be able to check if the folder $DOCUMENT_ROOT/../users/$USER
exists
> > before we check to see if their password is correct.  We could do it
> > afterwards, that part doesn't really matter.  Which ever is more
resource
> > intensive should be done last.
> >
> > So what we're doing is creating two tests that the user must pass to
> login.
> > Pass only one, and you're out.  Pass both and you're in.
> >
> > So here is my attempt to help.  First, I'll include the original text of
> > checklogin.pl:
> > #!/usr/bin/perl -T
> >
> > my ($username, $password, $usr, $pswd, $passwdfile);
> > my $passcorrect = 0; # default to correct, set incorrect when determined
> > my $line;
> > chomp($passwdfile = <STDIN>);
> > chomp($username = <STDIN>);
> > chomp($password = <STDIN>);
> >
> > if ( $passwdfile && $username && $password ) {
> >    open (PASSWD, $passwdfile) or exit 1;
> >    while (defined($line = <PASSWD>)) {
> >       chomp($line);
> >       ($usr,$pswd) = (split(/:/, $line))[0,1];
> >       last if ($usr eq $username); # We've found the user in /etc/passwd
> >    }
> >    close (PASSWD);
> >    if (($usr ne $username) or (crypt($password, $pswd) ne $pswd)) {
> >       $passcorrect = 1; # User/Pass combo is WRONG!
> >    }
> > } else {
> >    $passcorrect = 1;
> > }
> > exit $passcorrect;
> > -------<END>------
> >
> > $passcorrect is set to 0 by default, and 0 indicates a successful login.
> The
> > variables $username contains the username entered by the user (vs. $usr
> > which is the username as specified by the /etc/passwd file).  So, we can
> > build a path for the user's supposed home directory with the command:
> > $homedir = $ENV{DOCUMENT_ROOT} . '../users/'.$username;
> >
> > Then, I **think** we can check to see if that directory exists by using
> the
> > following:
> > if(-d $homedir){
> >     $passcorrect = 0;
> >     # home dir exists
> > }else{
> >     $passcorect =1;
> >     # home dir not exist
> > }
> >
> > SO, to bring it all together, we might end up with something like this
at
> > the end of the file:
> >
> > if($passcorrect == 0){
> >     $homedir = $ENV{DOCUMENT_ROOT} . '../users/'.$username;
> >     if(-d $homedir){
> >         $passcorrect = 0;
> >         # home dir exists
> >     }else{
> >         $passcorect =1;
> >         # home dir not exist
> >     }
> > }
> > exit $passcorrect;
> >
> > Now, keep in mind that most of this code came out of my Learning Perl
book
> > dated August 1994, so it may be somewhat outdated. (they haven't changed
> > that much since perl 4, right?)
> >
> > Maybe this will help, maybe not.  Let me know if it works and I'll post
it
> > on my website.
> >
> > Matt
> >
> > _______________________________________________
> > cobalt-developers mailing list
> > cobalt-developers@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-developers
> >
> >
> >
> > _______________________________________________
> > cobalt-developers mailing list
> > cobalt-developers@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-developers
> >
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>
>
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>

Follow-Ups:
- [cobalt-developers] Raq 4i - Email alias - respons: user unknown
  - From: Martin Verstegen

References:
- RE: [cobalt-developers] Neomail domains?
  - From: Ian

Prev by Date: RE: [cobalt-developers] RE: 40GB in Qube3
Next by Date: Re: [cobalt-developers] RE: 40GB in Qube3
Previous by thread: RE: [cobalt-developers] Neomail domains?
Next by thread: [cobalt-developers] Raq 4i - Email alias - respons: user unknown

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index