VqAdmin

Hello Roberto,

In my organization, there are many people with mail boxes in qmail.
Our practice when someone leaves the company is to disable their email account without deleting it.
For qmail, there isn't a good tool that shows which users have restrictions imposed on them. At least I couldn't find one
I created this small patch for vqadmin-2.4.2 that does exactly that.
In the user list, I added an additional column called "Restrictions," which indicates whether a user has restrictions or not.
If a user has restrictions, I highlight the entire row in red.
All users with administrative accounts are highlighted in green.
If somebody consider this for useful can use it.

Here is the patch:

diff -ruN vqadmin-2.4.2/assets/style.css vqadmin-2.4.2-mod/assets/style.css
--- vqadmin-2.4.2/assets/style.css 2024-10-19 13:56:02.000000000 +0300
+++ vqadmin-2.4.2-mod/assets/style.css 2024-12-04 19:43:44.270895802 +0200
@@ -28,3 +28,19 @@
font-size: 0.8rem;
padding: .40rem;
}
+
+.trgreen > td {
+ background-color: #80FF00;
+ line-height: 140%;
+ font-weight: bold;
+}
+
+.trred > td {
+ background-color: #ff3333;
+ line-height: 140%;
+ font-weight: bold;
+}
+
+tr.trred a {
+ color: #fff933;
+}
diff -ruN vqadmin-2.4.2/user.c vqadmin-2.4.2-mod/user.c
--- vqadmin-2.4.2/user.c 2024-10-19 13:56:02.000000000 +0300
+++ vqadmin-2.4.2-mod/user.c 2024-12-04 19:28:49.599055970 +0200
@@ -358,16 +358,22 @@
printf("Forward\n");
printf("Vacation\n");
printf("Quota\n");
- printf("Domain Administrator\n");
- printf("Last Logon\n");
- printf("\n");
+ printf("Admin\n");
+ printf("Last Logon\n");
+ printf("Restrictions\n\n");
+ printf("\n\n");}

count = 0;
while(vpw != NULL && count < 128000 ){
++count;

- printf("");
+ if (vpw->pw_gid == 0) {
+ printf("");
+ }else if (vpw->pw_gid == 4096) {
+ printf("");
+ }else printf("");
+
printf("", vpw->pw_name, domain);
printf("%s\n", vpw->pw_name);
#ifdef CLEAR_PASS
@@ -422,11 +428,15 @@
#ifdef ENABLE_AUTH_LOGGING
mytime = vget_lastauth(vpw, domain);
- if ( mytime == 0 ) printf("NEVER LOGGED IN\n");
- else printf("%s\n", asctime(localtime(&mytime)));
+ if ( mytime == 0 ) printf("NEVER LOGGED IN\n");
+ else printf("%s\n", asctime(localtime(&mytime)));
#else
printf("* auth logging not enabled *\n");
#endif
+ 
+ if (vpw->pw_gid != 0 && vpw->pw_gid != 4096) {
+ printf("Yes\n\n");
+ } else printf("No\n\n");
vpw = vauth_getall(domain,0,0);
}

added to v 2.4.3

Thank you.  I'll check it out 

Hi Roberto,

there is a small bug in the new vqadmin v2.4.0.
when i try to list domains

List Domains -> Click on the domain
or
View Domain -> Search

Receive 500 Internal Server Error

this is from apache error log :
[cgi:error] AH01215: *** buffer overflow detected ***: terminated: /var/www/html/qmail/cgi-bin/vqadmin/vqadmin.cgi

I fixed this in this way:

VQ_VERSION=2.4.0
cd /usr/local/src
wget https://github.com/sagredo-dev/vqadmin/archive/refs/tags/v${VQ_VERSION=}.tar.gz
tar xzf v${VQ_VERSION}.tar.gz

cat <>vqadmin-2.4.0.patch
--- vqadmin-2.4.0/domain.c 2023-12-22 21:05:12.000000000 +0200
+++ vqadmin-2.4.0_mod/domain.c 2024-01-18 14:31:08.825379072 +0200
@@ -519,16 +519,16 @@
global_par("DN", domain);
global_par("DD", Dir);

- snprintf(cuid, sizeof(cuid)+1, "%lu", (long unsigned)uid);
+ sprintf(cuid,"%lu", (long unsigned)uid);
global_par("DU", cuid);

- snprintf(cgid, sizeof(cgid)+1, "%lu", (long unsigned)gid);
+ sprintf(cgid,"%lu", (long unsigned)gid);
global_par("DG", cgid);

open_big_dir(domain, uid, gid);
close_big_dir(domain,uid,gid);

- snprintf(cusers, sizeof(cusers)+1, "%lu", (long unsigned)vdir.cur_users);
+ sprintf(cusers,"%lu", (long unsigned)vdir.cur_users);
global_par("DS", cusers);

vpw = vauth_getpw("postmaster", domain);
EOF

cd vqadmin-${VQ_VERSION}
patch -p1 < ../vqadmin-2.4.0.patch
chown -R root:root .

QMAILROOT=/var/www/qmail
./configure \
--enable-qmaildir=${QMAILROOT} \
--enable-cgibindir=${QMAILROOT}/cgi-bin
make
make install-strip

Hi Bai, I see the issue in the code, even though I compile with no errors here. It is a buffer overflow of the original code (I didn't touch those lines).

If I apply your changes I get warnings like this that I would like to avoid

domain.c: In function ‘post_domain_info’: 
domain.c:522:21: warning: ‘sprintf’ may write a terminating nul past the end of the destination [-Wformat-overflow=] 
 522 |   sprintf(cuid, "%lu", (long unsigned)uid); 
     |                     ^ 
domain.c:522:3: note: ‘sprintf’ output between 2 and 11 bytes into a destination of size 10 
 522 |   sprintf(cuid, "%lu", (long unsigned)uid); 
     |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I just modified by creating room in cuid[11] (was cuid[10]) so that we don't need to declare a size bigger than the buffer here

snprintf(cuid, sizeof(cuid), "%lu", (long unsigned)uid);

the same for cgid and cusers.
Can you download the main tree and check if now it compiles cleanly for you?

Or better you can patch like this https://github.com/sagredo-dev/vqadmin/commit/602ff5e8b56cfa9733f2f4bfed97d4764247a1ba

Hi Roberto,

Your patch also is working good. Seems it is better than mine because of lack of warnings when compile.
Thank you for your work , now this tool VqAdmin looks and works much better!

Thank you. I'll check it out

Btw, why are you patching vqadmin? Now you have to download it from github

Hi Roberto,

If you are using vpopmail with mysql backend and enabled mysql limits option (--enable-mysql-limits), vqadmin is pretty much useless, because it is not aware of this this option. It creates ".qmailadmin-limits" in the domain folder, but vpopmail does not care at all (due to --enable-mysql-limits).

- That annoyed me a little bit, so I fixed it. Now vqadmin is aware of mysql-limits, and updates the database as necessary.

- I also fixed a core-dump due to SIGILL caused by memcpy. I changed it to memmove, as suggested on this link:

The memcpy() function shall copy the first n bytes pointed to by src to the buffer pointed to by dest.
Source and destination may not overlap. If source and destination might overlap, memmove() must be used instead.

- I added missing limits and permissions, changed the UI to be more user-friendly.

The patch is here. It can be applied cleanly on your "vqadmin-2.3.7_20200226.patch".

Feel free to share it on your website.

Ali, I had to include <stdint.h> to avoid a compilation break:

In file included from vqadmin.c:25: 
global.h:151:9: error: unknown type name ‘uint64_t’ 
 151 | typedef uint64_t storage_t;

Hi Roberto

Thanks a lot for having a look at the patch.

The vqadmin UI looks archaic, but it gets the job done anyway. We can replace it altogether with a fancy UI in the future, but for the time being I would like to dig deeper into vpopmail. I feel like there is a lot of room for improvement there. We may add sqlite or firebird support to vpopmail. Or we can enhance the existing functionality.

Anyway, thanks again for this wonderful website. It is the most complete qmail related site I've seen so far.

Concerning vpopmail, have you had a look to this fork? They have already added sqlite support and many other third parties patches (mine included) and improved a lot the program. I would like to use that version of vpopmail once they create a tag

Hi Roberto,

I wasn't aware of the vpopmail fork. I just checked their repo and they are on the right track.

Vpopmail is really a well-designed software, which we should all appreciate and not allow it to rot.

That was my main motivation to restore the abondoned vpopmail authentication support in dovecot, and I will try to contribute the new vpopmail fork as much as I can.

Great! Thanks a lot. I abandoned vqadmin years ago just when I switched everything to mysql, but now I'll give a chance again to it.

I'll certainly add this patch to my one. I'm also looking at your fixes to vpopmail.

Hi Mr Roberto,

i got this error message in my apache error.log file:

[Wed Sep 09 12:37:51.904875 2020]  /var/www/qmail/cgi-bin/vqadmin/.htaccess: Unknown Authz provider: valid-user

which area i need to look into?

thank you

did you enable mod_authz_user in your apache? look here https://serverfault.com/questions/737784/phpmyadmin-on-apache2-reload-unknown-authz-provider-valid-user-error

PS Can you take a look at the previous thread here?

Hi Mr Roberto,

thanks for the advise, it works now.

Hi Roberto

The following error occurred when apply the patch:

Hunk #1 FAILED at 32 (different line endings).
1 out of 1 hunk FAILED -- saving rejects to file html/mod_user.html.rej

It is found that files in source directory //html/ contain CTRL-M (^M) characters at the end of lines that lead to error when apply the patch.
You can run the command as underneath in that directory to remove the CTRL-M characters:

sed -i -e "s/\r//" //html/*

Afterthat, the patch can apply successfully without error.

Thank you, Tony. Corrected.

Hello Roberto

When I try to apply vQadmin patch, I got an error:

cd vqadmin-2.3.7
vqadmin-2.3.7]# chown -R root.root .
patch -p1 < ../vqadmin-2.3.7_20150829.patch
patching file Makefile.in
patching file config.guess
patching file config.sub
patching file domain.c
patching file html/mod_user.html
Hunk #1 FAILED at 12 (different line endings).
1 out of 1 hunk FAILED -- saving rejects to file html/mod_user.html.rej
patching file lang.c
patching file user.c

Could you help me ?

- varanda

This new patch should be fine now...

Hello again,

The problem changed:

patching file Makefile.in
patching file config.guess
patching file config.sub
patching file domain.c
patching file html/mod_user.html
Hunk #1 FAILED at 32 (different line endings).
1 out of 1 hunk FAILED -- saving rejects to file html/mod_user.html.rej
patching file lang.c
patching file user.c

Take your time

;-)

- varanda

try to download the source again and patch please, because I cleaned that file and uploaded it

Hi, there is a problem in my patch.

I'll fix it as soon as I can. In the meantime you can try to modify the file mod_user.html according to the html/mod_user.html.rej diff file, or compile as is, but the program will show the users' clear pwd.

Be aware that this program seems not work fine anymore. I don't remember what broke it at a certain point (perhaps it was the vpopmail upgrade to v. 5.4.33)

Be aware when using apache 2.4 with vqadmin will give the error "Authentication Failed Username unknown"

change your .htccess to

AuthType Basic
AuthBasicProvider file
AuthUserFile /var/www/cgi-bin/vqadmin/vqadmin.passwd
AuthName vQadmin
require valid-user

and the apache config to

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
        AddHandler cgi-script .cgi .pl
        <Directory "/var/www/cgi-bin/vqadmin">
            Options ExecCGI
            AllowOverride All
            Require all denied
        
        Alias /images/ "/var/www/cgi-bin/vqadmin/images/"
        
            Require all granted

Thank you. It's working again now.

Actually it was sufficient ro remove

satisfy any

from .htaccess. Infact AuthBasicProvider defaults to file while the AddHandler option is already inside the httpd.conf

vQadmin cgi and virtual host file are not seen in browser - color ? - only seen when marked text

before adding password - /usr/local/etc/httpdpwd dir does not exists - must be created and chown apache.apache

> vQadmin cgi and virtual host file are not seen in browser - color ? - only seen when marked text

Thank you. This is another issue caused by the migration from the old drupal CMS

> before adding password - /usr/local/etc/httpdpwd dir does not exists - must be created and chown apache.apache

ok, I'm going to correct it

I followed your instructions,everything goes well,but when I access from web broswer by http://www.domain.com/cgi-bin/vqadmin/vqadmin.cgi

I get the following errors:

vQadmin was unable to determine your username, which means your webserver is improperly configured to run with this CGI. For security reasons, this script will not run without Apache htaccess lists.

Can you help me to solve this problem,many thanks.

supposing that you actually have apache configured in this way

Options ExecCGI
AllowOverride AuthConfig

did you modified, for some reason, the .acl and .htaccess files under the vqadmin dir?

in my vhosts.conf file,I added the following code,just copied from your instructions:

       # VQADMIN
        <Directory "/www/htdocs/qmail/cgi-bin/vqadmin">
            deny from all
            Options ExecCGI
            AllowOverride AuthConfig
            Order deny,allow 
        </Directory>

        Alias /images/ "/www/htdocs/qmail/cgi-bin/vqadmin/images/"
        <Directory /www/htdocs/qmail/cgi-bin/vqadmin/images>
            Order allow,deny
            Allow from all
        </Directory>

my .htacces in /www/htdocs/qmail/cgi-bin/vqadmin:

AuthType Basic
AuthUserFile /usr/local/etc/httpdpwd/vqadmin.passwd
AuthName "Authentication required"
require valid-user
satisfy any

what about the .acl file? I would try to restore it as the original. Double check  /usr/local/etc/httpdpwd/vqadmin.passwd as well

i used the default vqadmin.acl,and didn't edit it ,just the original file:

#

# Default group contains permissions for all users
# not listed under any groups
#
# If the default group is not defined, users not
# listed under any other groups will have no
# permissions.
#
# Examples follow...
#

default - ...

#
# Access permissions:
#M Modify user information

# U Modify domain information
# C Create user
# A Create domain
# D Delete user
# X Delete domain
#
# These features will still appear in the HTML templates
# if the user doesn't have access to them, however, they will
# get a permission denied error if they try to make use of
# them.
#

tech VI tech1user
admin VIMUDCA admin1user

#
# An asterisk in the features field specifies that you
# want all users in this group to have access to
# all features.
#

senior * admin

your vqadmin seems ok, but deeper investigation is needed also in your apache. Let me know if you solve

I have not solve this problem,but there's another more important problem.When I enable CHKUSER by:

# This enables chkuser
export CHKUSER_START=ALWAYS

I can just send email,but I can't receive email,and if diabled it ,everthing is ok,I don't know why?

It's not easy to troubleshoot without details, but If you are strictly following my guide feel free to contact me in private; in that case post your tcp.smtp and run files

Hi,

Is it possible to use the "ln" command instead of "cp -p"?

I am worried about maintenance when upgrading vqadmin.

Thanks,

I think that's even better