Hi Ken (et al),
I've found another place where the multiple UID/GID feature isn't quite
completely implemented. I've built another mail toaster with
qmail/vpopmail/qmailadmin and each domain is a unique UID/GID. The main
difference is that I am using MySQL authentication on this one. I've got the
server up and running happily but users can't change passwords in
qmailadmin. Whenever they attempt to they get a "Failed to change password.
user domain.com newpass -22" error.
A little legwork tracked that back to error 140 in the html files. I tracked
that back to the function modusergo in qmailadmin/user.c which makes a call
to vpasswd (which of course is linked against the vpopmail library. So, back
in the vpopmail/vpopmail.c we find our vpasswd function which calles
vauth_vpasswd which is in the vmysql.c file. In there, we end the chase and
find the offending code:
myuid = geteuid();
if ( myuid != VPOPMAILUID && myuid != 0 ) {
return(VA_BAD_UID);
}
Note of course that this does work just fine from the command line because
the commands are being run as root. However, when run from qmailadmin via
HTTPS we call qmailadmin (which is suid root.vchkpw) which ends up running
as the UID/GID of the domains owner. In this case, test.com is owned by user
test so qmailadmin is then running as test. We can confirm this by adding
the line: printf("my effective uid is: %d\n", myuid); to the C code and
recompiling. Sure enough, it adds a line to the HTML page reflecting the uid
of test. The end result is that anytime a user tries to change their
password, they get the error message I indicated earlier.
If I simply comment out the if statement, everything works just fine but I'm
wondering if that's a good idea or not. Is there some error and
authentication checking in there somewhere so that [EMAIL PROTECTED] can't
forge a HTTP request for [EMAIL PROTECTED] and change his password?
Matt
