git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@346 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/02/27 18:25:20... | ... |
@@ -1,3 +1,9 @@ |
1 |
+Fri Feb 27 09:30:20 GMT 2004 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * clamav-milter: Only use TCPwrappers when using TCP/IP to establish |
|
4 |
+ communications with the milter |
|
5 |
+ Dropping priv message now same as clamd |
|
6 |
+ |
|
1 | 7 |
Thu Feb 26 16:22:59 CET 2004 (tk) |
2 | 8 |
--------------------------------- |
3 | 9 |
* libclamav: detect "From: " (Exim) mail files |
... | ... |
@@ -252,6 +252,9 @@ Changes |
252 | 252 |
received just as the milter is starting but isn't ready to |
253 | 253 |
handle it causing the milter to go to an error state |
254 | 254 |
Hardend umask |
255 |
+0.67i 27/2/04 Dropping priv message now same as clamd |
|
256 |
+ Only use TCPwrappers when using TCP/IP to establish |
|
257 |
+ communications with the milter |
|
255 | 258 |
|
256 | 259 |
BUG REPORTS |
257 | 260 |
|
... | ... |
@@ -252,9 +252,15 @@ |
252 | 252 |
* but isn't ready to handle it causing the milter to |
253 | 253 |
* go to an error state |
254 | 254 |
* Hardend umask |
255 |
+ * 0.67i 27/2/04 Dropping priv message now same as clamd |
|
256 |
+ * Only use TCPwrappers when using TCP/IP to establish |
|
257 |
+ * communications with the milter |
|
255 | 258 |
* |
256 | 259 |
* Change History: |
257 | 260 |
* $Log: clamav-milter.c,v $ |
261 |
+ * Revision 1.56 2004/02/27 09:23:56 nigelhorne |
|
262 |
+ * Don't use TCP wrappers when UNIX domain sockets are used |
|
263 |
+ * |
|
258 | 264 |
* Revision 1.55 2004/02/22 22:53:50 nigelhorne |
259 | 265 |
* Handle ERROR message from clamd |
260 | 266 |
* |
... | ... |
@@ -405,9 +411,9 @@ |
405 | 405 |
* Revision 1.6 2003/09/28 16:37:23 nigelhorne |
406 | 406 |
* Added -f flag use MaxThreads if --max-children not set |
407 | 407 |
*/ |
408 |
-static char const rcsid[] = "$Id: clamav-milter.c,v 1.55 2004/02/22 22:53:50 nigelhorne Exp $"; |
|
408 |
+static char const rcsid[] = "$Id: clamav-milter.c,v 1.56 2004/02/27 09:23:56 nigelhorne Exp $"; |
|
409 | 409 |
|
410 |
-#define CM_VERSION "0.67h" |
|
410 |
+#define CM_VERSION "0.67i" |
|
411 | 411 |
|
412 | 412 |
/*#define CONFDIR "/usr/local/etc"*/ |
413 | 413 |
|
... | ... |
@@ -624,8 +630,9 @@ short use_syslog = 0; |
624 | 624 |
static const char *pidFile; |
625 | 625 |
static int logVerbose = 0; |
626 | 626 |
static struct cfgstruct *copt; |
627 |
-static const char *localSocket; |
|
628 |
-static in_port_t tcpSocket; |
|
627 |
+static const char *localSocket; /* milter->clamd comms */ |
|
628 |
+static in_port_t tcpSocket; /* milter->clamd comms */ |
|
629 |
+static char *port = NULL; /* sendmail->milter comms */ |
|
629 | 630 |
static const char *serverHostNames = "127.0.0.1"; |
630 | 631 |
static long *serverIPs; /* IPv4 only */ |
631 | 632 |
static int numServers; /* numer of elements in serverIPs */ |
... | ... |
@@ -677,7 +684,6 @@ int |
677 | 677 |
main(int argc, char **argv) |
678 | 678 |
{ |
679 | 679 |
extern char *optarg; |
680 |
- char *port = NULL; |
|
681 | 680 |
const char *cfgfile = CL_DEFAULT_CFG; |
682 | 681 |
struct cfgstruct *cpt; |
683 | 682 |
struct passwd *user; |
... | ... |
@@ -920,10 +926,11 @@ main(int argc, char **argv) |
920 | 920 |
else |
921 | 921 |
setgroups(1, &user->pw_gid); |
922 | 922 |
|
923 |
- cli_dbgmsg("Dropping user privileges\n"); |
|
924 |
- |
|
925 | 923 |
setgid(user->pw_gid); |
926 | 924 |
setuid(user->pw_uid); |
925 |
+ |
|
926 |
+ cli_dbgmsg("Running as user %s (UID %d, GID %d)\n", |
|
927 |
+ cpt->strarg, user->pw_uid, user->pw_gid); |
|
927 | 928 |
} else |
928 | 929 |
fprintf(stderr, "%s: running as root is not recommended\n", argv[0]); |
929 | 930 |
} |
... | ... |
@@ -1370,11 +1377,6 @@ clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr) |
1370 | 1370 |
char ip[INET_ADDRSTRLEN]; /* IPv4 only */ |
1371 | 1371 |
char *remoteIP; |
1372 | 1372 |
|
1373 |
-#ifdef WITH_TCPWRAP |
|
1374 |
- const char *hostmail; |
|
1375 |
- const struct hostent *hp = NULL; |
|
1376 |
-#endif |
|
1377 |
- |
|
1378 | 1373 |
if(hostname == NULL) { |
1379 | 1374 |
if(use_syslog) |
1380 | 1375 |
syslog(LOG_ERR, "clamfi_connect: hostname is null"); |
... | ... |
@@ -1406,27 +1408,36 @@ clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr) |
1406 | 1406 |
/* |
1407 | 1407 |
* Support /etc/hosts.allow and /etc/hosts.deny |
1408 | 1408 |
*/ |
1409 |
- if((hostmail = smfi_getsymval(ctx, "{if_name}")) == NULL) { |
|
1410 |
- if(use_syslog) |
|
1411 |
- syslog(LOG_WARNING, "Can't get sendmail hostname"); |
|
1412 |
- hostmail = "unknown"; |
|
1413 |
- } |
|
1409 |
+ if((strncasecmp(port, "unix:", 5) != 0) && |
|
1410 |
+ (strncasecmp(port, "local:", 6) != 0)) { |
|
1411 |
+ const char *hostmail; |
|
1412 |
+ const struct hostent *hp = NULL; |
|
1414 | 1413 |
|
1415 |
- if((hp = gethostbyname(hostmail)) == NULL) { |
|
1416 |
- if(use_syslog) |
|
1417 |
- syslog(LOG_WARNING, "Access Denied: Host Unknown (%s)", hostname); |
|
1418 |
- return SMFIS_TEMPFAIL; |
|
1419 |
- } |
|
1414 |
+ /* |
|
1415 |
+ * Using TCP/IP for the sendmail->clamav-milter connection |
|
1416 |
+ */ |
|
1417 |
+ if((hostmail = smfi_getsymval(ctx, "{if_name}")) == NULL) { |
|
1418 |
+ if(use_syslog) |
|
1419 |
+ syslog(LOG_WARNING, "Can't get sendmail hostname"); |
|
1420 |
+ hostmail = "unknown"; |
|
1421 |
+ } |
|
1420 | 1422 |
|
1421 |
- strcpy(ip, (char *)inet_ntoa(*(struct in_addr *)hp->h_addr)); |
|
1423 |
+ if((hp = gethostbyname(hostmail)) == NULL) { |
|
1424 |
+ if(use_syslog) |
|
1425 |
+ syslog(LOG_WARNING, "Access Denied: Host Unknown (%s)", hostname); |
|
1426 |
+ return SMFIS_TEMPFAIL; |
|
1427 |
+ } |
|
1422 | 1428 |
|
1423 |
- /* |
|
1424 |
- * Ask is this is a allowed name or IP number |
|
1425 |
- */ |
|
1426 |
- if(!hosts_ctl("clamav-milter", hp->h_name, ip, STRING_UNKNOWN)) { |
|
1427 |
- if(use_syslog) |
|
1428 |
- syslog(LOG_WARNING, "Access Denied for %s[%s]", hp->h_name, ip); |
|
1429 |
- return SMFIS_TEMPFAIL; |
|
1429 |
+ strcpy(ip, (char *)inet_ntoa(*(struct in_addr *)hp->h_addr)); |
|
1430 |
+ |
|
1431 |
+ /* |
|
1432 |
+ * Ask is this is a allowed name or IP number |
|
1433 |
+ */ |
|
1434 |
+ if(!hosts_ctl("clamav-milter", hp->h_name, ip, STRING_UNKNOWN)) { |
|
1435 |
+ if(use_syslog) |
|
1436 |
+ syslog(LOG_WARNING, "Access Denied for %s[%s]", hp->h_name, ip); |
|
1437 |
+ return SMFIS_TEMPFAIL; |
|
1438 |
+ } |
|
1430 | 1439 |
} |
1431 | 1440 |
#endif |
1432 | 1441 |
|