Commits


Add BINDIR and MANDIR to Makefile to install in /usr/local add my name to the manpage sections AUTHORS and HISTORY and add on CAVEATS a little.


after (trying to) read of the libc's pw routines, I made the educated guess that endpwent() is not needed here.


remove a crash condition if the user is root remove a timeing a attack against users in the password database ie. if the user exists but is locked in some form the timing is longest for the strlen(pw->pw_passwd), for normal users the timing is medium near longest and for completely locked users (with passwd *) the timing is shortest...


select and write (with return value 0) were spinning, this should fix this (and reduce cpu cycles)


do some CPU accounting for the TLS multiplexer, there is a setitimer that I disabled in this commit that would cause a SIGVTALRM to go into a signal handler when a threshold of cpu time was used. May 14 10:37:31 orange popa3d[82360]: TLS multiplexer: parent of pid 35643 time used 8924 microseconds On my vps a session timeout uses arond 8 ms os CPU time, but this value is CPU dependent and not for all. I still think it's a worthy log.


set new timeout of 2 minutes set new auth dummy salt make the server really close everything after 2 minutes (alarm)


wrap tls_read() with an alarm()


do close the TCP descriptor (new) as well


for POP_MAILDIR we forgot a unveil()... here it is!


the maildir is in /home/%user/Maildir/{new,cur} adjust appropriately.


embed maildir support, in case of maildir the daemon chroot's to /home


maildir support from patch found at: http://hhg.to/popa3d/popa3d-0.5.9-maildir-2.diff fixed strcpy() -> strlcpy(), strcat() -> strlcat() and fixed a return value of strdup().


take out dead code, transplant standalone.c's sessions to tls_server but it doesn't work so I have it ifdef'ed out move struct sess to config.h


raise the idle timeout from 240 seconds to 60 * 10 seconds (POP_TIMEOUT) update the DESIGN to what it is today


also check for uid == 0, if that's the case show them the door!


never let root pop his mail. The password will fail, spwd.db will never get opened, there is a certain timing problem here right?


I never understood if you're using mbox why you can't just chroot /var/mail and then open the mailbox. popa3d doesn't use temporary files so I'm going to do this. chroot + pledge... even safer


disassociate the shadow root password imsg child with the setproctitle: authentication root shadow stage This way it's found easy in a ps


this imsg filedescriptor was hangin' around. I close it when it's not needed anymore.


fix the plumbing a little, the imsg forked child that only reads the spwd.db and reports back whether a password was right or not is disassociated from the socketpair that writes back to the tls multiplexer, for this I use close, close, open, open, dup2...these calls have to succeed if not I don't care.


use daemon() to go into the background instead of a home-roll, this needs unveil()'ed of read-write to /dev/null otherwise the pty terminal is still open


tls_read checks for TLS_WANT_POLLIN et co. pledge needs a flock here


-a pledged and unveil'ed, privsep'ing, chroot'ing and best of all TLS'ing implementation of popa3d


forgot this


cafile -> certfile, for consistency