View | Details | Raw Unified | Return to bug 3256
Collapse All | Expand All

(-)spamd.bak (-12 / +86 lines)
Lines 128-133 Link Here
128
  'setuid-with-ldap'            => \$opt{'setuid-with-ldap'},
128
  'setuid-with-ldap'            => \$opt{'setuid-with-ldap'},
129
    'Q'                         => \$opt{'setuid-with-sql'},
129
    'Q'                         => \$opt{'setuid-with-sql'},
130
  'virtual-config-dir=s'        => \$opt{'virtual-config-dir'},
130
  'virtual-config-dir=s'        => \$opt{'virtual-config-dir'},
131
  'virtual-config-account=s'	=> \$opt{'virtual-config-account'},
131
  'pidfile|r=s'                 => \$opt{'pidfile'},
132
  'pidfile|r=s'                 => \$opt{'pidfile'},
132
  'syslog|s=s'                  => \$opt{'syslog'},
133
  'syslog|s=s'                  => \$opt{'syslog'},
133
  'syslog-socket=s'             => \$opt{'syslog-socket'},
134
  'syslog-socket=s'             => \$opt{'syslog-socket'},
Lines 1189-1220 Link Here
1189
{
1190
{
1190
  my ($username) = @_;
1191
  my ($username) = @_;
1191
1192
1192
  my $dir=$opt{'virtual-config-dir'};
1193
  my $vdir=$opt{'virtual-config-dir'};
1193
  my $userdir;
1194
  my $userdir;
1194
  my $prefsfile;
1195
  my $prefsfile;
1195
1196
1196
  if (defined $dir) {
1197
  my ($name,$pwd,$uid,$gid,$quota,$comment,$gcos,$dir,$etc) = getpwnam($username);
1198
1199
  # If this is a real user, handle as if not virtual
1200
  if ((defined $dir) && ($opt{'virtual-config-account'})) {
1201
    $setuid_to_user = 1;
1202
    my $retcd = handle_user ($username);
1203
    return $retcd;
1204
  }
1205
1206
  if (defined $vdir) {
1197
    my $safename = $username;
1207
    my $safename = $username;
1198
    $safename =~ s/[^-A-Za-z0-9\+_\.\,\@\=]/_/gs;
1208
    $safename =~ s/[^-A-Za-z0-9\+_\.\,\@\=]/_/gs;
1199
    my $localpart = '';
1209
    my $localpart = '';
1200
    my $domain = '';
1210
    my $domain = '';
1201
    if ($safename =~ /^(.*)\@(.*)$/) { $localpart = $1; $domain = $2; }
1211
    if ($safename =~ /^(.*)\@(.*)$/) { $localpart = $1; $domain = $2; }
1202
1212
1203
    $dir =~ s/\%u/${safename}/g;
1213
    $vdir =~ s/\%u/${safename}/g;
1204
    $dir =~ s/\%l/${localpart}/g;
1214
    $vdir =~ s/\%l/${localpart}/g;
1205
    $dir =~ s/\%d/${domain}/g;
1215
    $vdir =~ s/\%d/${domain}/g;
1206
    $dir =~ s/\%\%/\%/g;
1216
    $vdir =~ s/\%\%/\%/g;
1207
1217
1208
    $userdir = $dir;
1218
    $userdir = $vdir;
1209
    $prefsfile = $dir.'/user_prefs';
1219
    $prefsfile = $vdir.'/user_prefs';
1210
    # Log that the default configuration is being used for a user.
1220
#    # Log that the default configuration is being used for a user.
1211
    logmsg("Using default config for $username: $prefsfile");
1221
#    logmsg("Using default config for $username: $prefsfile");
1222
  }
1223
1224
  my $msg = "checking for " . $prefsfile;
1225
  if ($opt{'virtual-config-account'}) {
1226
    handle_setuid_change ($opt{'virtual-config-account'},
1227
				$msg, $userdir);
1212
  }
1228
  }
1213
1229
1214
  if (-f $prefsfile) {
1230
  if (-f $prefsfile) {
1215
    # Found a config, load it.
1231
    # Found a config, load it.
1216
    $spamtest->read_scoreonly_config($prefsfile);
1232
    $spamtest->read_scoreonly_config($prefsfile);
1217
  }
1233
  } elsif ($opt{'create-prefs'}) {
1234
    if ((! -d $userdir) && (! mkdir $userdir, 0700)) {
1235
      logmsg "info: failed to create $userdir for $username.";
1236
    } else {
1237
      create_default_cf_if_needed ($prefsfile,
1238
			$opt{'virtual-config-account'}, $userdir);
1239
      $spamtest->read_scoreonly_config($prefsfile);        
1240
    }
1241
  }    
1218
1242
1219
  # assume that $userdir will be a writable directory we can
1243
  # assume that $userdir will be a writable directory we can
1220
  # use for AWL, Bayes dbs etc.
1244
  # use for AWL, Bayes dbs etc.
Lines 1561-1566 Link Here
1561
  # note: do not do 'return if linux'; for some reason, it doesn't work
1585
  # note: do not do 'return if linux'; for some reason, it doesn't work
1562
}
1586
}
1563
1587
1588
sub handle_setuid_change {
1589
    my $username = shift;
1590
    my $msg = shift;
1591
    my $newdir = shift;
1592
    my ($name,$pwd,$uid,$gid,$quota,$comment,$gcos,$dir,$etc) = getpwnam($username);
1593
1594
    if (defined($newdir)) { $dir = $newdir;}
1595
1596
    if ( !$spamtest->{'paranoid'} && !defined($uid) ) {
1597
       #if we are given a username, but can't look it up,
1598
       #Maybe NIS is down? lets break out here to allow
1599
       #them to get 'defaults' when we are not running paranoid.
1600
       logmsg "handle_user() -> unable to find user [$username]!\n";
1601
       return 0;
1602
    }
1603
1604
    $uid =~ /^(\d+)$/ and $uid = $1;	# de-taint
1605
    $gid =~ /^(\d+)$/ and $gid = $1;	# de-taint
1606
1607
    $) = "$gid $gid";			# change eGID
1608
    $> = $uid;				# change eUID
1609
    if ( !defined($uid) || ($> != $uid and $> != ($uid-2**32))) {
1610
        logmsg "fatal: setuid to $username failed";
1611
        die;         # make it fatal to avoid security breaches
1612
    }
1613
    else {
1614
        if (defined($newdir)) {
1615
            $spamtest->signal_user_changed ({ username => $username,
1616
						user_dir => $newdir });
1617
        } else {
1618
            $spamtest->signal_user_changed ({ username => $username});
1619
        }
1620
	if (defined($msg)) {
1621
            logmsg "info: setuid to $username succeeded, ". $msg;
1622
	} else {
1623
	    logmsg "info: setuid to $username succeeded.";
1624
	}
1625
    }
1626
}
1627
1564
__DATA__
1628
__DATA__
1565
1629
1566
=head1 NAME
1630
=head1 NAME
Lines 1740-1745 Link Here
1740
The pattern B<must> expand to an absolute directory when spamd is running
1804
The pattern B<must> expand to an absolute directory when spamd is running
1741
daemonized (B<-d>).
1805
daemonized (B<-d>).
1742
1806
1807
=item B<--virtual-config-account>=I<username>
1808
When this option is used in conjunction with then B<--virtual-config-dir>
1809
and spamc sends a virtual username (i.e. jm@example.com), spamd will change
1810
to this account id to access/create the user preferences directory.
1811
1812
If a username is passed to spamd that is in the /etc/passwd file, then
1813
spamd processes that user as if B<--virtual-config-dir> had not been
1814
specified.  This is useful when some accounts are real and some are
1815
virtual.
1816
1743
=item B<-r> I<pidfile>, B<--pidfile>=I<pidfile>
1817
=item B<-r> I<pidfile>, B<--pidfile>=I<pidfile>
1744
1818
1745
Write the process ID of the spamd parent to the file specified by I<pidfile>.
1819
Write the process ID of the spamd parent to the file specified by I<pidfile>.

Return to bug 3256