Browse code
bb#10731 - Allow to specificy a group for the socket of which the user is not a member
Shawn Webb authored on 2014/08/01 00:50:23Showing 1 changed files
| ... | ... |
@@ -114,6 +114,104 @@ int main(int argc, char **argv) {
|
| 114 | 114 |
} |
| 115 | 115 |
} |
| 116 | 116 |
|
| 117 |
+ if(!(my_socket = optget(opts, "MilterSocket")->strarg)) {
|
|
| 118 |
+ logg("!Please configure the MilterSocket directive\n");
|
|
| 119 |
+ logg_close(); |
|
| 120 |
+ optfree(opts); |
|
| 121 |
+ return 1; |
|
| 122 |
+ } |
|
| 123 |
+ |
|
| 124 |
+ if(smfi_setconn(my_socket) == MI_FAILURE) {
|
|
| 125 |
+ logg("!smfi_setconn failed\n");
|
|
| 126 |
+ logg_close(); |
|
| 127 |
+ optfree(opts); |
|
| 128 |
+ return 1; |
|
| 129 |
+ } |
|
| 130 |
+ if(smfi_register(descr) == MI_FAILURE) {
|
|
| 131 |
+ logg("!smfi_register failed\n");
|
|
| 132 |
+ logg_close(); |
|
| 133 |
+ optfree(opts); |
|
| 134 |
+ return 1; |
|
| 135 |
+ } |
|
| 136 |
+ opt = optget(opts, "FixStaleSocket"); |
|
| 137 |
+ umsk = umask(0777); /* socket is created with 000 to avoid races */ |
|
| 138 |
+ if(smfi_opensocket(opt->enabled) == MI_FAILURE) {
|
|
| 139 |
+ logg("!Failed to create socket %s\n", my_socket);
|
|
| 140 |
+ logg_close(); |
|
| 141 |
+ optfree(opts); |
|
| 142 |
+ return 1; |
|
| 143 |
+ } |
|
| 144 |
+ umask(umsk); /* restore umask */ |
|
| 145 |
+ if(strncmp(my_socket, "inet:", 5) && strncmp(my_socket, "inet6:", 6)) {
|
|
| 146 |
+ /* set group ownership and perms on the local socket */ |
|
| 147 |
+ char *sock_name = my_socket; |
|
| 148 |
+ mode_t sock_mode; |
|
| 149 |
+ if(!strncmp(my_socket, "unix:", 5)) |
|
| 150 |
+ sock_name += 5; |
|
| 151 |
+ if(!strncmp(my_socket, "local:", 6)) |
|
| 152 |
+ sock_name += 6; |
|
| 153 |
+ if(*my_socket == ':') |
|
| 154 |
+ sock_name ++; |
|
| 155 |
+ |
|
| 156 |
+ if(optget(opts, "MilterSocketGroup")->enabled) {
|
|
| 157 |
+ char *gname = optget(opts, "MilterSocketGroup")->strarg, *end; |
|
| 158 |
+ gid_t sock_gid = strtol(gname, &end, 10); |
|
| 159 |
+ if(*end) {
|
|
| 160 |
+ struct group *pgrp = getgrnam(gname); |
|
| 161 |
+ if(!pgrp) {
|
|
| 162 |
+ logg("!Unknown group %s\n", gname);
|
|
| 163 |
+ logg_close(); |
|
| 164 |
+ optfree(opts); |
|
| 165 |
+ return 1; |
|
| 166 |
+ } |
|
| 167 |
+ sock_gid = pgrp->gr_gid; |
|
| 168 |
+ } |
|
| 169 |
+ if(chown(sock_name, -1, sock_gid)) {
|
|
| 170 |
+ logg("!Failed to change socket ownership to group %s\n", gname);
|
|
| 171 |
+ logg_close(); |
|
| 172 |
+ optfree(opts); |
|
| 173 |
+ return 1; |
|
| 174 |
+ } |
|
| 175 |
+ } |
|
| 176 |
+ |
|
| 177 |
+ if ((opt = optget(opts, "User"))->enabled) {
|
|
| 178 |
+ struct passwd *user; |
|
| 179 |
+ if ((user = getpwnam(opt->strarg)) == NULL) {
|
|
| 180 |
+ logg("ERROR: Can't get information about user %s.\n",
|
|
| 181 |
+ opt->strarg); |
|
| 182 |
+ logg_close(); |
|
| 183 |
+ optfree(opts); |
|
| 184 |
+ return 1; |
|
| 185 |
+ } |
|
| 186 |
+ |
|
| 187 |
+ if(chown(sock_name, user->pw_uid, -1)) {
|
|
| 188 |
+ logg("!Failed to change socket ownership to user %s\n", user->pw_name);
|
|
| 189 |
+ optfree(opts); |
|
| 190 |
+ logg_close(); |
|
| 191 |
+ return 1; |
|
| 192 |
+ } |
|
| 193 |
+ } |
|
| 194 |
+ |
|
| 195 |
+ if(optget(opts, "MilterSocketMode")->enabled) {
|
|
| 196 |
+ char *end; |
|
| 197 |
+ sock_mode = strtol(optget(opts, "MilterSocketMode")->strarg, &end, 8); |
|
| 198 |
+ if(*end) {
|
|
| 199 |
+ logg("!Invalid MilterSocketMode %s\n", optget(opts, "MilterSocketMode")->strarg);
|
|
| 200 |
+ logg_close(); |
|
| 201 |
+ optfree(opts); |
|
| 202 |
+ return 1; |
|
| 203 |
+ } |
|
| 204 |
+ } else |
|
| 205 |
+ sock_mode = 0777 & ~umsk; |
|
| 206 |
+ |
|
| 207 |
+ if(chmod(sock_name, sock_mode & 0666)) {
|
|
| 208 |
+ logg("!Cannot set milter socket permission to %s\n", optget(opts, "MilterSocketMode")->strarg);
|
|
| 209 |
+ logg_close(); |
|
| 210 |
+ optfree(opts); |
|
| 211 |
+ return 1; |
|
| 212 |
+ } |
|
| 213 |
+ } |
|
| 214 |
+ |
|
| 117 | 215 |
if(geteuid() == 0 && (opt = optget(opts, "User"))->enabled) {
|
| 118 | 216 |
struct passwd *user = NULL; |
| 119 | 217 |
if((user = getpwnam(opt->strarg)) == NULL) {
|
| ... | ... |
@@ -246,15 +344,6 @@ int main(int argc, char **argv) {
|
| 246 | 246 |
|
| 247 | 247 |
multircpt = optget(opts, "SupportMultipleRecipients")->enabled; |
| 248 | 248 |
|
| 249 |
- if(!(my_socket = optget(opts, "MilterSocket")->strarg)) {
|
|
| 250 |
- logg("!Please configure the MilterSocket directive\n");
|
|
| 251 |
- localnets_free(); |
|
| 252 |
- whitelist_free(); |
|
| 253 |
- logg_close(); |
|
| 254 |
- optfree(opts); |
|
| 255 |
- return 1; |
|
| 256 |
- } |
|
| 257 |
- |
|
| 258 | 249 |
if(!optget(opts, "Foreground")->enabled) {
|
| 259 | 250 |
if(daemonize() == -1) {
|
| 260 | 251 |
logg("!daemonize() failed\n");
|
| ... | ... |
@@ -269,92 +358,6 @@ int main(int argc, char **argv) {
|
| 269 | 269 |
logg("^Can't change current working directory to root\n");
|
| 270 | 270 |
} |
| 271 | 271 |
|
| 272 |
- if(smfi_setconn(my_socket) == MI_FAILURE) {
|
|
| 273 |
- logg("!smfi_setconn failed\n");
|
|
| 274 |
- localnets_free(); |
|
| 275 |
- whitelist_free(); |
|
| 276 |
- logg_close(); |
|
| 277 |
- optfree(opts); |
|
| 278 |
- return 1; |
|
| 279 |
- } |
|
| 280 |
- if(smfi_register(descr) == MI_FAILURE) {
|
|
| 281 |
- logg("!smfi_register failed\n");
|
|
| 282 |
- localnets_free(); |
|
| 283 |
- whitelist_free(); |
|
| 284 |
- logg_close(); |
|
| 285 |
- optfree(opts); |
|
| 286 |
- return 1; |
|
| 287 |
- } |
|
| 288 |
- opt = optget(opts, "FixStaleSocket"); |
|
| 289 |
- umsk = umask(0777); /* socket is created with 000 to avoid races */ |
|
| 290 |
- if(smfi_opensocket(opt->enabled) == MI_FAILURE) {
|
|
| 291 |
- logg("!Failed to create socket %s\n", my_socket);
|
|
| 292 |
- localnets_free(); |
|
| 293 |
- whitelist_free(); |
|
| 294 |
- logg_close(); |
|
| 295 |
- optfree(opts); |
|
| 296 |
- return 1; |
|
| 297 |
- } |
|
| 298 |
- umask(umsk); /* restore umask */ |
|
| 299 |
- if(strncmp(my_socket, "inet:", 5) && strncmp(my_socket, "inet6:", 6)) {
|
|
| 300 |
- /* set group ownership and perms on the local socket */ |
|
| 301 |
- char *sock_name = my_socket; |
|
| 302 |
- mode_t sock_mode; |
|
| 303 |
- if(!strncmp(my_socket, "unix:", 5)) |
|
| 304 |
- sock_name += 5; |
|
| 305 |
- if(!strncmp(my_socket, "local:", 6)) |
|
| 306 |
- sock_name += 6; |
|
| 307 |
- if(*my_socket == ':') |
|
| 308 |
- sock_name ++; |
|
| 309 |
- |
|
| 310 |
- if(optget(opts, "MilterSocketGroup")->enabled) {
|
|
| 311 |
- char *gname = optget(opts, "MilterSocketGroup")->strarg, *end; |
|
| 312 |
- gid_t sock_gid = strtol(gname, &end, 10); |
|
| 313 |
- if(*end) {
|
|
| 314 |
- struct group *pgrp = getgrnam(gname); |
|
| 315 |
- if(!pgrp) {
|
|
| 316 |
- logg("!Unknown group %s\n", gname);
|
|
| 317 |
- localnets_free(); |
|
| 318 |
- whitelist_free(); |
|
| 319 |
- logg_close(); |
|
| 320 |
- optfree(opts); |
|
| 321 |
- return 1; |
|
| 322 |
- } |
|
| 323 |
- sock_gid = pgrp->gr_gid; |
|
| 324 |
- } |
|
| 325 |
- if(chown(sock_name, -1, sock_gid)) {
|
|
| 326 |
- logg("!Failed to change socket ownership to group %s\n", gname);
|
|
| 327 |
- localnets_free(); |
|
| 328 |
- whitelist_free(); |
|
| 329 |
- logg_close(); |
|
| 330 |
- optfree(opts); |
|
| 331 |
- return 1; |
|
| 332 |
- } |
|
| 333 |
- } |
|
| 334 |
- if(optget(opts, "MilterSocketMode")->enabled) {
|
|
| 335 |
- char *end; |
|
| 336 |
- sock_mode = strtol(optget(opts, "MilterSocketMode")->strarg, &end, 8); |
|
| 337 |
- if(*end) {
|
|
| 338 |
- logg("!Invalid MilterSocketMode %s\n", optget(opts, "MilterSocketMode")->strarg);
|
|
| 339 |
- localnets_free(); |
|
| 340 |
- whitelist_free(); |
|
| 341 |
- logg_close(); |
|
| 342 |
- optfree(opts); |
|
| 343 |
- return 1; |
|
| 344 |
- } |
|
| 345 |
- } else |
|
| 346 |
- sock_mode = 0777 & ~umsk; |
|
| 347 |
- |
|
| 348 |
- if(chmod(sock_name, sock_mode & 0666)) {
|
|
| 349 |
- logg("!Cannot set milter socket permission to %s\n", optget(opts, "MilterSocketMode")->strarg);
|
|
| 350 |
- localnets_free(); |
|
| 351 |
- whitelist_free(); |
|
| 352 |
- logg_close(); |
|
| 353 |
- optfree(opts); |
|
| 354 |
- return 1; |
|
| 355 |
- } |
|
| 356 |
- } |
|
| 357 |
- |
|
| 358 | 272 |
maxfilesize = optget(opts, "MaxFileSize")->numarg; |
| 359 | 273 |
if(!maxfilesize) {
|
| 360 | 274 |
logg("^Invalid MaxFileSize, using default (%d)\n", CLI_DEFAULT_MAXFILESIZE);
|