Hello all!
What you think about external (by apache) identification for access
qmailadmin? It's less secure or what?
I create this option, patch included... may be it will be useful.
--- qmailadmin-1.2.3.orig/qmailadmin.c 2004-04-24 05:06:40.000000000 +0400
+++ qmailadmin-1.2.3/qmailadmin.c 2004-11-17 01:03:27.000000000 +0300
@@ -195,6 +195,10 @@
} else {
char *rm;
struct vqpasswd *pw;
+#ifdef REMOTE_USER
+ int trust = 0;
+ char *ru, *ruch;
+#endif
FILE *fs;
@@ -213,6 +217,19 @@
GetValue(TmpCGI, Domain, "domain=", sizeof(Domain));
GetValue(TmpCGI, Password, "password=", sizeof(Password));
+#ifdef REMOTE_USER
+ if ( !( Password && strlen(Password) > 0 ) ) {
+ ru = getenv("REMOTE_USER");
+ if ( ru ) ru = strdup(ru);
+ if ( ru && ( ruch = strchr(ru,'@') ) ) {
+ *ruch = 0;
+ strncpy(Username, ru, sizeof(Username));
+ strncpy(Domain, ruch+1, sizeof(Domain));
+ trust = 1;
+ }
+ }
+#endif
+
vget_assign(Domain,RealDir,sizeof(RealDir),&Uid,&Gid);
if ( geteuid() == 0 ) {
if ( setgid(Gid) != 0 ) perror("setgid");
@@ -224,7 +241,15 @@
chdir(RealDir);
load_limits();
+#ifdef REMOTE_USER
+ if ( trust ) {
+ pw = vauth_getpw( Username, Domain );
+ } else {
+ pw = vauth_user( Username, Domain, Password, "" );
+ }
+#else
pw = vauth_user( Username, Domain, Password, "" );
+#endif
if ( pw == NULL ) {
sprintf(StatusMessage, "%s\n", get_html_text("198"));
show_login();
