Re: [qmailadmin] htmllibdir permissions
On Jan 17, 2004, at 2:33 AM, Rick Widmer wrote: I _think_ I am now using your latest build code. All the HTML template files are being installed with permissions of 755. I don't believe they need execute, so 644 would probably be better. I can use 600 here, if I chown them to vpopmail:vchkpw, but all my domains are owned by vpopmail:vchkpw and I run Apache as vpopmail. I think having different user IDs for different domains will force you to use 644. Thanks, I've updated CVS to use the new permissions. Keeping the files owned by root and world readable is fine -- I don't think there's anything in them that needs to be protected from prying eyes. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
[qmailadmin] Qmail Admin Missing Graphics
Hi, I installed Qmailadmin the other day and it was working just fine. Since installing VQAdmin I no longer have my graphics in QMailAdmin. QmailAdmin still works, I just don't have the any of the graphics. I am running QmailAdmin Version 1.2.0-rc2. I did recomplile - reinstall QmailAdmin but have the same results. I searched the Mail Archives and couldn't find anything either. Any help would be appreciated. Thanks, Stephen Harmon
[qmailadmin] Changing Servers IP Address Prevents Qmail Images To Come Up
Hello, I recently emailed the mailing list describing my problem. Although I thought it was VQAdmin that caused the problem, it was not. On my test box I confirmed that after changing my IP Address that I started having the problem. Can anyone tell me why changing the IP Address affects this? Is there a way to fix it? I am using Name-based Virtual Hosts if that matters. Any help is welcome. Thanks, Stephen Harmon
[qmailadmin] qmailadmin-rww -- md5 session ID
QUESTION: Is there a better way to 'touch' the session file to extend the session than opening it for append, then closing it? The goal is to update the mtime without altering the file contents. Anyway, I have been working on session handling. I found this MD5 library on SourceForge, and it appears to me that we can add the md5.c and md5.h files to our distribution (unchanged) and add a note where they came from, and how to get the entire package in our docs. http://sourceforge.net/projects/libmd5-rfc/ I have added three defines in qmailadmin.h, that should actually be set by ./configure options: SESSION_PATH - Where to store the session files. SESSION_LIFETIME - How long (in seconds) until a session expires. SESSION_SECRET- A string that should be different at each site that is mixed into the MD5 hash. This should make it harder for an outsider to guess session ID values. The session ID is currently the MD5 hash of the SESSION_SECRET and the current time. If anyone has a portable suggestion on increasing the randomness, please let me know. If cookies are available I store the MD5 hash there, if not I pass it either in the URL of a link, or in a hidden field for forms. I no longer pass user, dom and time in any URLs. (But you can still set the fields on the login page by passing them.) I am currently storing the IP address of the client, returntext, returnhttp, AdminType, LoginUserName, and LoginDomainName in the session. It is very easy to add additional items, but I want to restrict session use to things that identify the current user, leaving info on what they are doing to the URL. That will allow you to have more than one QmailAdmin window open into different parts of your mail system. All your windows will have the same access rights. Are returntext and returnhttp documented anywhere? If not I'll write something... Logging in and logging out are working, but I have a problem if you logout and want to log back in. I want to delete the cookie from your browser when you logout, but if I do that then drop you into the login page things get confused and the login does not work. Right now I am working around it by dropping you into a page that tells you that you are logged out, and providing a link back to login - but that does not currently maintain any user= and dom= passed when QmailAdmin was first run. I guess I can store them in the session file when you first login. Anyone have a better idea? I am also continuing my attack on global variables, and increasing the use of function parms. Currently everything but the login/logout functions are very broken. When I am done the following global variables will be gone: Password, Gecos, Quota, Time, Action, Newu, Password1, Password2, Crypted, Alias, AliasType, LineData, Message, SearchUser, Mytime and possibly others. TmpCGI has been renamed to Request, and I have added Cookie and PathInfo. All are dynamic strings allocated after I know their actual lengths, and will be kept around for the entire run so you can call GetValue() on them to retrieve data. I will be moving the GetValue calls closer to where they are used, and store the result in function locals. It will be a few days before I post updated code... Rick
[qmailadmin] Re: Changing Servers IP Address Prevents Qmail Images To Come Up
Stephen Harmon writes: Hello, I recently emailed the mailing list describing my problem. Although I thought it was VQAdmin that caused the problem, it was not. On my test box I confirmed that after changing my IP Address that I started having the problem. Can anyone tell me why changing the IP Address affects this? Is there a way to fix it? I am using Name-based Virtual Hosts if that matters. Check out your config file where you define your Virtual Hosts and check out the IP there. -Jonathan
Re: [qmailadmin] Qmail Admin Missing Graphics
On Sun, 2004-01-18 at 10:58, Stephen Harmon wrote: Hi, I installed Qmailadmin the other day and it was working just fine. Since installing VQAdmin I no longer have my graphics in QMailAdmin. QmailAdmin still works, I just don't have the any of the graphics. I am running QmailAdmin Version 1.2.0-rc2. I did recomplile - reinstall QmailAdmin but have the same results. I searched the Mail Archives and couldn't find anything either. Any help would be appreciated. Thanks, Stephen Harmon Hi Stephen, check your apache log file error_httpd.log or something like that and it will tell you where qmailadmin is looking for the images. Once found, just move the images over to the directory where the logs are looking for them. Jon
Re: [qmailadmin] Qmail Admin Missing Graphics
Hi Jon, That worked great. Thanks for the help. Stephen - Original Message - From: Jon Reynolds [EMAIL PROTECTED] To: Stephen Harmon [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, January 18, 2004 8:46 PM Subject: Re: [qmailadmin] Qmail Admin Missing Graphics On Sun, 2004-01-18 at 10:58, Stephen Harmon wrote: Hi, I installed Qmailadmin the other day and it was working just fine. Since installing VQAdmin I no longer have my graphics in QMailAdmin. QmailAdmin still works, I just don't have the any of the graphics. I am running QmailAdmin Version 1.2.0-rc2. I did recomplile - reinstall QmailAdmin but have the same results. I searched the Mail Archives and couldn't find anything either. Any help would be appreciated. Thanks, Stephen Harmon Hi Stephen, check your apache log file error_httpd.log or something like that and it will tell you where qmailadmin is looking for the images. Once found, just move the images over to the directory where the logs are looking for them. Jon
Re: [qmailadmin] qmailadmin-rww -- md5 session ID
Rick Widmer wrote: QUESTION: Is there a better way to 'touch' the session file to extend the session than opening it for append, then closing it? The goal is to update the mtime without altering the file contents. hmm, interesting question. I don't see no other way then the one you described at the moment. [...] I have added three defines in qmailadmin.h, that should actually be set by ./configure options: SESSION_PATH - Where to store the session files. SESSION_LIFETIME - How long (in seconds) until a session expires. SESSION_SECRET- A string that should be different at each site that is mixed into the MD5 hash. This should make it harder for an outsider to guess session ID values. I think it would be good if we could make SESSION_SECRET independent from the configure-line. It should IMO be possible to run only ./configure without any options. I think we should also add a probability how often the garbage collector is executed and deletes the expired session files. Executing it every time QmailAdmin is executed is IMO to much and slows it only down. The session ID is currently the MD5 hash of the SESSION_SECRET and the current time. If anyone has a portable suggestion on increasing the randomness, please let me know. Random numbers are more or less always generated out of the current time, but I think we perhaps could generate the SESSION_SECRET string randomly, too. Or repeat the hashing a random time (1-10 for example). [...] Logging in and logging out are working, but I have a problem if you logout and want to log back in. I want to delete the cookie from your browser when you logout, but if I do that then drop you into the login page things get confused and the login does not work. Right now I am working around it by dropping you into a page that tells you that you are logged out, and providing a link back to login - but that does not currently maintain any user= and dom= passed when QmailAdmin was first run. I guess I can store them in the session file when you first login. Anyone have a better idea? Why get the things messed up? I would do a logout like 1) Delete the cookie/no more sids in the urls 2) Delete the session file on the server On a relogin you create everything new as it would be the first login. [...] It will be a few days before I post updated code... You are really doing a great job! Thanks. Rick Philipp
Re: [qmailadmin] qmailadmin-rww -- md5 session ID
On Jan 18, 2004, at 8:29 PM, Rick Widmer wrote: QUESTION: Is there a better way to 'touch' the session file to extend the session than opening it for append, then closing it? The goal is to update the mtime without altering the file contents. That's probably the best method. I googled for the source to touch.c, and found one version that actually read the first byte, rewound the file, and wrote it back. Anyway, I have been working on session handling. I found this MD5 library on SourceForge, and it appears to me that we can add the md5.c and md5.h files to our distribution (unchanged) and add a note where they came from, and how to get the entire package in our docs. http://sourceforge.net/projects/libmd5-rfc/ You might be able to piggy-back off the md5 code in vpopmail... I have added three defines in qmailadmin.h, that should actually be set by ./configure options: SESSION_PATH - Where to store the session files. SESSION_LIFETIME - How long (in seconds) until a session expires. SESSION_SECRET- A string that should be different at each site that is mixed into the MD5 hash. This should make it harder for an outsider to guess session ID values. I'm sure we can add these to the configure.in script. It might even be possible to randomly build SESSION_SECRET. The session ID is currently the MD5 hash of the SESSION_SECRET and the current time. If anyone has a portable suggestion on increasing the randomness, please let me know. You could read from /dev/random or /dev/urandom, if present. There's a patch pending for vpopmail that uses that device for random data. If cookies are available I store the MD5 hash there, if not I pass it either in the URL of a link, or in a hidden field for forms. I no longer pass user, dom and time in any URLs. (But you can still set the fields on the login page by passing them.) Excellent. Logging in and logging out are working, but I have a problem if you logout and want to log back in. I want to delete the cookie from your browser when you logout, but if I do that then drop you into the login page things get confused and the login does not work. Why doesn't it work? Are you drawing the page before you have a chance to send a blank cookie in the header? Right now I am working around it by dropping you into a page that tells you that you are logged out, and providing a link back to login - but that does not currently maintain any user= and dom= passed when QmailAdmin was first run. I guess I can store them in the session file when you first login. Anyone have a better idea? I am also continuing my attack on global variables, and increasing the use of function parms. Currently everything but the login/logout functions are very broken. When I am done the following global variables will be gone: Password, Gecos, Quota, Time, Action, Newu, Password1, Password2, Crypted, Alias, AliasType, LineData, Message, SearchUser, Mytime and possibly others. This is wonderful. Thanks for putting in the time and effort to clean this up. It will be a few days before I post updated code... Once 1.2.0 is released as final, I'll add you to SourceForge, branch CVS off for the 1.2 series, and you can take control of the development series with your work. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
