From eae5e6cfe2625830fca8b19b00318ed7354a0e56 Mon Sep 17 00:00:00 2001 From: Camiel Dobbelaar Date: Wed, 27 Mar 2002 14:08:44 +0000 Subject: Mostly cosmetic update so we can call it 0.5. ok millert@, fgsch@ --- usr.sbin/popa3d/DESIGN | 6 +++--- usr.sbin/popa3d/mailbox.c | 4 ++-- usr.sbin/popa3d/params.h | 6 ++++-- usr.sbin/popa3d/popa3d.8 | 17 +++++++++-------- usr.sbin/popa3d/virtual.c | 6 +++++- usr.sbin/popa3d/virtual.h | 4 ++-- 6 files changed, 25 insertions(+), 18 deletions(-) (limited to 'usr.sbin/popa3d') diff --git a/usr.sbin/popa3d/DESIGN b/usr.sbin/popa3d/DESIGN index 1d03aad76aa..a137ffa44c3 100644 --- a/usr.sbin/popa3d/DESIGN +++ b/usr.sbin/popa3d/DESIGN @@ -33,15 +33,15 @@ completely, and balanced decisions need to be made. First, it is important that none of the popa3d users get a false sense of security just because it was the primary design goal. The POP3 -protocol transmits passwords in plaintext, and thus, if you care about +protocol transmits passwords in plaintext and thus, if you care about the security of your individual user accounts, should only be used -either in trusted networks, or tunneled over encrypted channels. +either in trusted networks or tunneled over encrypted channels. There exist extensions to the protocol that are supposed to fix this problem. I am not supporting them yet, partly because this isn't going to fully fix the problem. In fact, APOP and the weaker defined SASL mechanisms such as CRAM-MD5 may potentially be even less secure than transmission of plaintext passwords because of the requirement -that plaintext equivalents are stored on the server. +that plaintext equivalents be stored on the server. It is also important to understand that nothing can be perfectly secure. I can make mistakes. While the design of popa3d makes it diff --git a/usr.sbin/popa3d/mailbox.c b/usr.sbin/popa3d/mailbox.c index b67f2655838..a4e4027ee2b 100644 --- a/usr.sbin/popa3d/mailbox.c +++ b/usr.sbin/popa3d/mailbox.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mailbox.c,v 1.2 2001/09/21 20:22:06 camield Exp $ */ +/* $OpenBSD: mailbox.c,v 1.3 2002/03/27 14:08:43 camield Exp $ */ /* * Mailbox access. @@ -313,7 +313,7 @@ int mailbox_open(char *spool, char *mailbox) return 0; } - mailbox_fd = open(pathname, O_RDWR | O_NOCTTY); + mailbox_fd = open(pathname, O_RDWR | O_NOCTTY | O_NONBLOCK); free(pathname); diff --git a/usr.sbin/popa3d/params.h b/usr.sbin/popa3d/params.h index 46855bba265..1260ef3f3cc 100644 --- a/usr.sbin/popa3d/params.h +++ b/usr.sbin/popa3d/params.h @@ -1,4 +1,4 @@ -/* $OpenBSD: params.h,v 1.6 2001/09/25 01:01:12 deraadt Exp $ */ +/* $OpenBSD: params.h,v 1.7 2002/03/27 14:08:43 camield Exp $ */ /* * Global POP daemon parameters. @@ -36,7 +36,7 @@ * Should libwrap be used? * * This may make things slower and also adds to code running as root, - * so it is recommended that you use a packet filter instead. This + * so it is recommended that you use a packet filter instead. This * option is provided primarily as a way to meet conventions of certain * systems where all services obey libwrap access controls. */ @@ -189,6 +189,8 @@ /* * Locking method your system uses for user mailboxes. It is important * that you set this correctly. + * + * *BSD's use flock(2), others typically use fcntl(2). */ #define LOCK_FCNTL 0 #define LOCK_FLOCK 1 diff --git a/usr.sbin/popa3d/popa3d.8 b/usr.sbin/popa3d/popa3d.8 index 5f3b208f67d..78cd9968146 100644 --- a/usr.sbin/popa3d/popa3d.8 +++ b/usr.sbin/popa3d/popa3d.8 @@ -1,10 +1,10 @@ -.\" $OpenBSD: popa3d.8,v 1.4 2001/09/24 19:08:01 camield Exp $ +.\" $OpenBSD: popa3d.8,v 1.5 2002/03/27 14:08:43 camield Exp $ .Dd August 15, 2001 .Dt POPA3D 8 .Os .Sh NAME .Nm popa3d -.Nd "Post Office Protocol server" +.Nd "Post Office Protocol (POP3) server" .Sh SYNOPSIS .Nm .Op Fl D @@ -25,7 +25,7 @@ users. Users can connect at any time to check their mailbox and fetch the mail that has accumulated. The advantage of this ``pull'' approach is that any user with a simple -POP3-capable mailreader program can receive mail, eschewing the need +POP3-capable mail reader program can receive mail, eschewing the need for a full-fledged Mail Transfer Agent (MTA) and a permanent network connection. .Pp @@ -57,7 +57,7 @@ Alternatively, .Nm can be used through .Xr inetd 8 . -This requires the following entry to be added to +This requires the following entry to be activated in .Pa /etc/inetd.conf : .Pp .Pa pop3 stream tcp nowait root /usr/sbin/popa3d popa3d @@ -69,10 +69,11 @@ for TCP-wrappers access control: .Pa pop3 stream tcp nowait root /usr/libexec/tcpd /usr/sbin/popa3d .Pp For access to a mailbox through the POP3 service, the username must -be in the password database and the password field must not be -empty. -Authentication for super-users like root will always fail, even if the -password is correct. +be in the password database. +Additionally, +.Nm +does not permit null passwords and will refuse to serve mail for +root (uid 0) users. .Sh COMMANDS A normal POP3 session progresses through three states: authorization, transaction and update. diff --git a/usr.sbin/popa3d/virtual.c b/usr.sbin/popa3d/virtual.c index 2202f8409f3..11091d0e038 100644 --- a/usr.sbin/popa3d/virtual.c +++ b/usr.sbin/popa3d/virtual.c @@ -1,4 +1,4 @@ -/* $OpenBSD: virtual.c,v 1.2 2001/09/21 20:22:06 camield Exp $ */ +/* $OpenBSD: virtual.c,v 1.3 2002/03/27 14:08:43 camield Exp $ */ /* * Virtual domain support. @@ -26,6 +26,10 @@ #include #include +#ifndef NAME_MAX +#define NAME_MAX 255 +#endif + extern int log_error(char *s); char *virtual_domain; diff --git a/usr.sbin/popa3d/virtual.h b/usr.sbin/popa3d/virtual.h index baa8e3b6d8d..307c21a05df 100644 --- a/usr.sbin/popa3d/virtual.h +++ b/usr.sbin/popa3d/virtual.h @@ -1,4 +1,4 @@ -/* $OpenBSD: virtual.h,v 1.2 2001/09/21 20:22:06 camield Exp $ */ +/* $OpenBSD: virtual.h,v 1.3 2002/03/27 14:08:43 camield Exp $ */ /* * Virtual domain support. @@ -29,7 +29,7 @@ extern int virtual_startup(void); * on fd 0), or as a part of the username. If the virtual domain is known, * virtual_domain and virtual_spool are set appropriately. If the username * is known as well, known is set. Returns the template user to run as if - * authentication is succeeds, or NULL otherwise. + * authentication succeeds, or NULL otherwise. */ extern struct passwd *virtual_userpass(char *user, char *pass, int *known); -- cgit v1.2.3