Commits
Commit:
79d85c203f9853e8370c0703605358325f51a2da (master)
Author:
Peter J. Philipp <pjp@localhost>
Committer:
Peter J. Philipp <pjp@localhost>
Date:
Wed Dec 2 16:34:48 2020 UTC
Add BINDIR and MANDIR to Makefile to install in /usr/local add my name to the manpage sections AUTHORS and HISTORY and add on CAVEATS a little.
Commit:
0029f86072d629cfaeba446b0a716716479c065b
Author:
Peter J. Philipp <pjp@localhost>
Committer:
Peter J. Philipp <pjp@localhost>
Date:
Tue Dec 1 10:25:38 2020 UTC
after (trying to) read of the libc's pw routines, I made the educated guess that endpwent() is not needed here.
Commit:
11e368b7d470d02ccfc6e7bb7b0d4a780c82d9be
Author:
Peter J. Philipp <pjp@delphinusdns.org>
Committer:
Peter J. Philipp <pjp@delphinusdns.org>
Date:
Tue Dec 1 09:46:25 2020 UTC
remove a crash condition if the user is root remove a timeing a attack against users in the password database ie. if the user exists but is locked in some form the timing is longest for the strlen(pw->pw_passwd), for normal users the timing is medium near longest and for completely locked users (with passwd *) the timing is shortest...
Commit:
ef0e9155490d88eae73301ba1177d9e149008247
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Tue Jun 4 19:04:38 2019 UTC
select and write (with return value 0) were spinning, this should fix this (and reduce cpu cycles)
Commit:
6037502a332b364176def31bf941f3e175a9dd10
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Tue May 14 08:44:56 2019 UTC
do some CPU accounting for the TLS multiplexer, there is a setitimer that I disabled in this commit that would cause a SIGVTALRM to go into a signal handler when a threshold of cpu time was used. May 14 10:37:31 orange popa3d[82360]: TLS multiplexer: parent of pid 35643 time used 8924 microseconds On my vps a session timeout uses arond 8 ms os CPU time, but this value is CPU dependent and not for all. I still think it's a worthy log.
Commit:
2ee6eb0050fcf32af49b226f5d801bea40993e4a
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Sat May 11 06:52:14 2019 UTC
set new timeout of 2 minutes set new auth dummy salt make the server really close everything after 2 minutes (alarm)
Commit:
8bb1590144b1f9e60a0b1a3270c95560f5789ee3
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Mon Jan 14 19:00:44 2019 UTC
wrap tls_read() with an alarm()
Commit:
d863307e0ee67fb8409ab0317922acab5eabd5f7
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Mon Jan 14 18:47:27 2019 UTC
do close the TCP descriptor (new) as well
Commit:
f35d7b718ef3f3c24837d0f32f8caec5b6f6692f
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Wed Dec 19 12:25:07 2018 UTC
for POP_MAILDIR we forgot a unveil()... here it is!
Commit:
b3cbbbc29b540334a1c38b00b2944787a39a8cb6
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Wed Dec 19 11:53:12 2018 UTC
the maildir is in /home/%user/Maildir/{new,cur} adjust appropriately.
Commit:
d10280ba41e30d5f6736958abab1f49a44bbd01e
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Wed Dec 19 10:52:16 2018 UTC
embed maildir support, in case of maildir the daemon chroot's to /home
Commit:
309356bb722e90d6418fb8499a4dca85e8ee8b10
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Wed Dec 19 10:39:07 2018 UTC
maildir support from patch found at: http://hhg.to/popa3d/popa3d-0.5.9-maildir-2.diff fixed strcpy() -> strlcpy(), strcat() -> strlcat() and fixed a return value of strdup().
Commit:
88a32412f3ba02fbc6b3a1db8261987e2a0a232b
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Tue Dec 18 19:58:06 2018 UTC
take out dead code, transplant standalone.c's sessions to tls_server but it doesn't work so I have it ifdef'ed out move struct sess to config.h
Commit:
e50557b846a220d144e930cebc59a6458cccb2a7
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Tue Dec 18 18:40:20 2018 UTC
raise the idle timeout from 240 seconds to 60 * 10 seconds (POP_TIMEOUT) update the DESIGN to what it is today
Commit:
1dbcbfda2f97e92abfd12e3253176abc90a860b5
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Tue Dec 18 18:20:21 2018 UTC
also check for uid == 0, if that's the case show them the door!
Commit:
36a15d58c6dc028f40ef6e258bc4fa1060a791b2
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Tue Dec 18 17:41:00 2018 UTC
never let root pop his mail. The password will fail, spwd.db will never get opened, there is a certain timing problem here right?
Commit:
c8de6c8ca81eec24805fcbed346a2f6880046ae0
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Tue Dec 18 17:33:58 2018 UTC
I never understood if you're using mbox why you can't just chroot /var/mail and then open the mailbox. popa3d doesn't use temporary files so I'm going to do this. chroot + pledge... even safer
Commit:
b4a3a8cc286f6d1683e1a3f6b33329a6bd626cbb
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Tue Dec 18 17:14:54 2018 UTC
disassociate the shadow root password imsg child with the setproctitle: authentication root shadow stage This way it's found easy in a ps
Commit:
f85fe979dc41d32aacea6e2f54ca31babe854ba5
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Tue Dec 18 16:50:18 2018 UTC
this imsg filedescriptor was hangin' around. I close it when it's not needed anymore.
Commit:
c69984a68be16d21029ee3ecf65995e4e9e15300
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Tue Dec 18 16:31:33 2018 UTC
fix the plumbing a little, the imsg forked child that only reads the spwd.db and reports back whether a password was right or not is disassociated from the socketpair that writes back to the tls multiplexer, for this I use close, close, open, open, dup2...these calls have to succeed if not I don't care.
Commit:
cc02b89c633cd6b4610f6e2ba016d95d3f42bcbe
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Tue Dec 18 15:57:56 2018 UTC
use daemon() to go into the background instead of a home-roll, this needs unveil()'ed of read-write to /dev/null otherwise the pty terminal is still open
Commit:
e50cf799677ed276bc8091aad23e454b8e5f5237
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Tue Dec 18 10:07:47 2018 UTC
tls_read checks for TLS_WANT_POLLIN et co. pledge needs a flock here
Commit:
4d83d22cab8cb22634d6f420266c0f2be0a3ed29
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Mon Dec 17 20:15:20 2018 UTC
-a pledged and unveil'ed, privsep'ing, chroot'ing and best of all TLS'ing implementation of popa3d
Commit:
b867ddea75bd205e3e6850b225f81c118d0d4f1a
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Mon Dec 17 18:03:31 2018 UTC
forgot this
Commit:
bb4dfce8cc03d4134c07645234425f2e0509d937
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Mon Dec 17 15:22:21 2018 UTC
cafile -> certfile, for consistency
Commit:
59d625103425e1d547c7f44d0fb0388da9f66e2c
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Thu Dec 13 02:45:30 2018 UTC
make popa3d standalone only add a config file with yacc parser, gotten and changed from lpd(8) update license The getaddrinfo logic had to be changed, for the worst, but this part will be pulled out anyhow once we speak TLS.
Commit:
9972c3f48433ae3e29b7c16265981375746e29c0
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Wed Dec 12 08:40:42 2018 UTC
remove -D flag, we're only a standalone server now
Commit:
1a5c60849074e67486aa336f5428be2dccd54ed6
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Wed Dec 12 08:31:32 2018 UTC
Remove tcp wrappers support
Commit:
6a80895d48b1daf2f849b2b210b2ab84ced8e46d
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Wed Dec 12 08:18:48 2018 UTC
take out tcp wrappers
Commit:
63500789e1887350ba134d13502b49fadc98c1e1
Author:
pjp <pjp@localhost>
Committer:
pjp <pjp@localhost>
Date:
Wed Dec 12 08:15:35 2018 UTC
initial import of popa3d from OpenBSD repo dated 20131214 (just before it was put in attic there)
repomaster@centroid.eu