Browse code
Revert "bb#10731 - Allow to specificy a group for the socket of which the user is not a member"
This reverts commit 3e0b86d05c5a68664b2202c23316a0b75d5bd6ec.
Shawn Webb authored on 2014/10/21 01:33:18Showing 1 changed files
| ... | ... |
@@ -116,104 +116,6 @@ int main(int argc, char **argv) {
|
| 116 | 116 |
} |
| 117 | 117 |
} |
| 118 | 118 |
|
| 119 |
- if(!(my_socket = optget(opts, "MilterSocket")->strarg)) {
|
|
| 120 |
- logg("!Please configure the MilterSocket directive\n");
|
|
| 121 |
- logg_close(); |
|
| 122 |
- optfree(opts); |
|
| 123 |
- return 1; |
|
| 124 |
- } |
|
| 125 |
- |
|
| 126 |
- if(smfi_setconn(my_socket) == MI_FAILURE) {
|
|
| 127 |
- logg("!smfi_setconn failed\n");
|
|
| 128 |
- logg_close(); |
|
| 129 |
- optfree(opts); |
|
| 130 |
- return 1; |
|
| 131 |
- } |
|
| 132 |
- if(smfi_register(descr) == MI_FAILURE) {
|
|
| 133 |
- logg("!smfi_register failed\n");
|
|
| 134 |
- logg_close(); |
|
| 135 |
- optfree(opts); |
|
| 136 |
- return 1; |
|
| 137 |
- } |
|
| 138 |
- opt = optget(opts, "FixStaleSocket"); |
|
| 139 |
- umsk = umask(0777); /* socket is created with 000 to avoid races */ |
|
| 140 |
- if(smfi_opensocket(opt->enabled) == MI_FAILURE) {
|
|
| 141 |
- logg("!Failed to create socket %s\n", my_socket);
|
|
| 142 |
- logg_close(); |
|
| 143 |
- optfree(opts); |
|
| 144 |
- return 1; |
|
| 145 |
- } |
|
| 146 |
- umask(umsk); /* restore umask */ |
|
| 147 |
- if(strncmp(my_socket, "inet:", 5) && strncmp(my_socket, "inet6:", 6)) {
|
|
| 148 |
- /* set group ownership and perms on the local socket */ |
|
| 149 |
- char *sock_name = my_socket; |
|
| 150 |
- mode_t sock_mode; |
|
| 151 |
- if(!strncmp(my_socket, "unix:", 5)) |
|
| 152 |
- sock_name += 5; |
|
| 153 |
- if(!strncmp(my_socket, "local:", 6)) |
|
| 154 |
- sock_name += 6; |
|
| 155 |
- if(*my_socket == ':') |
|
| 156 |
- sock_name ++; |
|
| 157 |
- |
|
| 158 |
- if(optget(opts, "MilterSocketGroup")->enabled) {
|
|
| 159 |
- char *gname = optget(opts, "MilterSocketGroup")->strarg, *end; |
|
| 160 |
- gid_t sock_gid = strtol(gname, &end, 10); |
|
| 161 |
- if(*end) {
|
|
| 162 |
- struct group *pgrp = getgrnam(gname); |
|
| 163 |
- if(!pgrp) {
|
|
| 164 |
- logg("!Unknown group %s\n", gname);
|
|
| 165 |
- logg_close(); |
|
| 166 |
- optfree(opts); |
|
| 167 |
- return 1; |
|
| 168 |
- } |
|
| 169 |
- sock_gid = pgrp->gr_gid; |
|
| 170 |
- } |
|
| 171 |
- if(chown(sock_name, -1, sock_gid)) {
|
|
| 172 |
- logg("!Failed to change socket ownership to group %s\n", gname);
|
|
| 173 |
- logg_close(); |
|
| 174 |
- optfree(opts); |
|
| 175 |
- return 1; |
|
| 176 |
- } |
|
| 177 |
- } |
|
| 178 |
- |
|
| 179 |
- if ((opt = optget(opts, "User"))->enabled) {
|
|
| 180 |
- struct passwd *user; |
|
| 181 |
- if ((user = getpwnam(opt->strarg)) == NULL) {
|
|
| 182 |
- logg("ERROR: Can't get information about user %s.\n",
|
|
| 183 |
- opt->strarg); |
|
| 184 |
- logg_close(); |
|
| 185 |
- optfree(opts); |
|
| 186 |
- return 1; |
|
| 187 |
- } |
|
| 188 |
- |
|
| 189 |
- if(chown(sock_name, user->pw_uid, -1)) {
|
|
| 190 |
- logg("!Failed to change socket ownership to user %s\n", user->pw_name);
|
|
| 191 |
- optfree(opts); |
|
| 192 |
- logg_close(); |
|
| 193 |
- return 1; |
|
| 194 |
- } |
|
| 195 |
- } |
|
| 196 |
- |
|
| 197 |
- if(optget(opts, "MilterSocketMode")->enabled) {
|
|
| 198 |
- char *end; |
|
| 199 |
- sock_mode = strtol(optget(opts, "MilterSocketMode")->strarg, &end, 8); |
|
| 200 |
- if(*end) {
|
|
| 201 |
- logg("!Invalid MilterSocketMode %s\n", optget(opts, "MilterSocketMode")->strarg);
|
|
| 202 |
- logg_close(); |
|
| 203 |
- optfree(opts); |
|
| 204 |
- return 1; |
|
| 205 |
- } |
|
| 206 |
- } else |
|
| 207 |
- sock_mode = 0777 & ~umsk; |
|
| 208 |
- |
|
| 209 |
- if(chmod(sock_name, sock_mode & 0666)) {
|
|
| 210 |
- logg("!Cannot set milter socket permission to %s\n", optget(opts, "MilterSocketMode")->strarg);
|
|
| 211 |
- logg_close(); |
|
| 212 |
- optfree(opts); |
|
| 213 |
- return 1; |
|
| 214 |
- } |
|
| 215 |
- } |
|
| 216 |
- |
|
| 217 | 119 |
if(geteuid() == 0 && (opt = optget(opts, "User"))->enabled) {
|
| 218 | 120 |
struct passwd *user = NULL; |
| 219 | 121 |
if((user = getpwnam(opt->strarg)) == NULL) {
|
| ... | ... |
@@ -346,6 +248,15 @@ int main(int argc, char **argv) {
|
| 346 | 346 |
|
| 347 | 347 |
multircpt = optget(opts, "SupportMultipleRecipients")->enabled; |
| 348 | 348 |
|
| 349 |
+ if(!(my_socket = optget(opts, "MilterSocket")->strarg)) {
|
|
| 350 |
+ logg("!Please configure the MilterSocket directive\n");
|
|
| 351 |
+ localnets_free(); |
|
| 352 |
+ whitelist_free(); |
|
| 353 |
+ logg_close(); |
|
| 354 |
+ optfree(opts); |
|
| 355 |
+ return 1; |
|
| 356 |
+ } |
|
| 357 |
+ |
|
| 349 | 358 |
if(!optget(opts, "Foreground")->enabled) {
|
| 350 | 359 |
if(daemonize() == -1) {
|
| 351 | 360 |
logg("!daemonize() failed\n");
|
| ... | ... |
@@ -360,6 +271,92 @@ int main(int argc, char **argv) {
|
| 360 | 360 |
logg("^Can't change current working directory to root\n");
|
| 361 | 361 |
} |
| 362 | 362 |
|
| 363 |
+ if(smfi_setconn(my_socket) == MI_FAILURE) {
|
|
| 364 |
+ logg("!smfi_setconn failed\n");
|
|
| 365 |
+ localnets_free(); |
|
| 366 |
+ whitelist_free(); |
|
| 367 |
+ logg_close(); |
|
| 368 |
+ optfree(opts); |
|
| 369 |
+ return 1; |
|
| 370 |
+ } |
|
| 371 |
+ if(smfi_register(descr) == MI_FAILURE) {
|
|
| 372 |
+ logg("!smfi_register failed\n");
|
|
| 373 |
+ localnets_free(); |
|
| 374 |
+ whitelist_free(); |
|
| 375 |
+ logg_close(); |
|
| 376 |
+ optfree(opts); |
|
| 377 |
+ return 1; |
|
| 378 |
+ } |
|
| 379 |
+ opt = optget(opts, "FixStaleSocket"); |
|
| 380 |
+ umsk = umask(0777); /* socket is created with 000 to avoid races */ |
|
| 381 |
+ if(smfi_opensocket(opt->enabled) == MI_FAILURE) {
|
|
| 382 |
+ logg("!Failed to create socket %s\n", my_socket);
|
|
| 383 |
+ localnets_free(); |
|
| 384 |
+ whitelist_free(); |
|
| 385 |
+ logg_close(); |
|
| 386 |
+ optfree(opts); |
|
| 387 |
+ return 1; |
|
| 388 |
+ } |
|
| 389 |
+ umask(umsk); /* restore umask */ |
|
| 390 |
+ if(strncmp(my_socket, "inet:", 5) && strncmp(my_socket, "inet6:", 6)) {
|
|
| 391 |
+ /* set group ownership and perms on the local socket */ |
|
| 392 |
+ char *sock_name = my_socket; |
|
| 393 |
+ mode_t sock_mode; |
|
| 394 |
+ if(!strncmp(my_socket, "unix:", 5)) |
|
| 395 |
+ sock_name += 5; |
|
| 396 |
+ if(!strncmp(my_socket, "local:", 6)) |
|
| 397 |
+ sock_name += 6; |
|
| 398 |
+ if(*my_socket == ':') |
|
| 399 |
+ sock_name ++; |
|
| 400 |
+ |
|
| 401 |
+ if(optget(opts, "MilterSocketGroup")->enabled) {
|
|
| 402 |
+ char *gname = optget(opts, "MilterSocketGroup")->strarg, *end; |
|
| 403 |
+ gid_t sock_gid = strtol(gname, &end, 10); |
|
| 404 |
+ if(*end) {
|
|
| 405 |
+ struct group *pgrp = getgrnam(gname); |
|
| 406 |
+ if(!pgrp) {
|
|
| 407 |
+ logg("!Unknown group %s\n", gname);
|
|
| 408 |
+ localnets_free(); |
|
| 409 |
+ whitelist_free(); |
|
| 410 |
+ logg_close(); |
|
| 411 |
+ optfree(opts); |
|
| 412 |
+ return 1; |
|
| 413 |
+ } |
|
| 414 |
+ sock_gid = pgrp->gr_gid; |
|
| 415 |
+ } |
|
| 416 |
+ if(chown(sock_name, -1, sock_gid)) {
|
|
| 417 |
+ logg("!Failed to change socket ownership to group %s\n", gname);
|
|
| 418 |
+ localnets_free(); |
|
| 419 |
+ whitelist_free(); |
|
| 420 |
+ logg_close(); |
|
| 421 |
+ optfree(opts); |
|
| 422 |
+ return 1; |
|
| 423 |
+ } |
|
| 424 |
+ } |
|
| 425 |
+ if(optget(opts, "MilterSocketMode")->enabled) {
|
|
| 426 |
+ char *end; |
|
| 427 |
+ sock_mode = strtol(optget(opts, "MilterSocketMode")->strarg, &end, 8); |
|
| 428 |
+ if(*end) {
|
|
| 429 |
+ logg("!Invalid MilterSocketMode %s\n", optget(opts, "MilterSocketMode")->strarg);
|
|
| 430 |
+ localnets_free(); |
|
| 431 |
+ whitelist_free(); |
|
| 432 |
+ logg_close(); |
|
| 433 |
+ optfree(opts); |
|
| 434 |
+ return 1; |
|
| 435 |
+ } |
|
| 436 |
+ } else |
|
| 437 |
+ sock_mode = 0777 & ~umsk; |
|
| 438 |
+ |
|
| 439 |
+ if(chmod(sock_name, sock_mode & 0666)) {
|
|
| 440 |
+ logg("!Cannot set milter socket permission to %s\n", optget(opts, "MilterSocketMode")->strarg);
|
|
| 441 |
+ localnets_free(); |
|
| 442 |
+ whitelist_free(); |
|
| 443 |
+ logg_close(); |
|
| 444 |
+ optfree(opts); |
|
| 445 |
+ return 1; |
|
| 446 |
+ } |
|
| 447 |
+ } |
|
| 448 |
+ |
|
| 363 | 449 |
maxfilesize = optget(opts, "MaxFileSize")->numarg; |
| 364 | 450 |
if(!maxfilesize) {
|
| 365 | 451 |
logg("^Invalid MaxFileSize, using default (%d)\n", CLI_DEFAULT_MAXFILESIZE);
|