Lines 128-133
Link Here
|
128 |
'setuid-with-ldap' => \$opt{'setuid-with-ldap'}, |
128 |
'setuid-with-ldap' => \$opt{'setuid-with-ldap'}, |
129 |
'Q' => \$opt{'setuid-with-sql'}, |
129 |
'Q' => \$opt{'setuid-with-sql'}, |
130 |
'virtual-config-dir=s' => \$opt{'virtual-config-dir'}, |
130 |
'virtual-config-dir=s' => \$opt{'virtual-config-dir'}, |
|
|
131 |
'virtual-config-account=s' => \$opt{'virtual-config-account'}, |
131 |
'pidfile|r=s' => \$opt{'pidfile'}, |
132 |
'pidfile|r=s' => \$opt{'pidfile'}, |
132 |
'syslog|s=s' => \$opt{'syslog'}, |
133 |
'syslog|s=s' => \$opt{'syslog'}, |
133 |
'syslog-socket=s' => \$opt{'syslog-socket'}, |
134 |
'syslog-socket=s' => \$opt{'syslog-socket'}, |
Lines 1189-1220
Link Here
|
1189 |
{ |
1190 |
{ |
1190 |
my ($username) = @_; |
1191 |
my ($username) = @_; |
1191 |
|
1192 |
|
1192 |
my $dir=$opt{'virtual-config-dir'}; |
1193 |
my $vdir=$opt{'virtual-config-dir'}; |
1193 |
my $userdir; |
1194 |
my $userdir; |
1194 |
my $prefsfile; |
1195 |
my $prefsfile; |
1195 |
|
1196 |
|
1196 |
if (defined $dir) { |
1197 |
my ($name,$pwd,$uid,$gid,$quota,$comment,$gcos,$dir,$etc) = getpwnam($username); |
|
|
1198 |
|
1199 |
# If this is a real user, handle as if not virtual |
1200 |
if ((defined $dir) && ($opt{'virtual-config-account'})) { |
1201 |
$setuid_to_user = 1; |
1202 |
my $retcd = handle_user ($username); |
1203 |
return $retcd; |
1204 |
} |
1205 |
|
1206 |
if (defined $vdir) { |
1197 |
my $safename = $username; |
1207 |
my $safename = $username; |
1198 |
$safename =~ s/[^-A-Za-z0-9\+_\.\,\@\=]/_/gs; |
1208 |
$safename =~ s/[^-A-Za-z0-9\+_\.\,\@\=]/_/gs; |
1199 |
my $localpart = ''; |
1209 |
my $localpart = ''; |
1200 |
my $domain = ''; |
1210 |
my $domain = ''; |
1201 |
if ($safename =~ /^(.*)\@(.*)$/) { $localpart = $1; $domain = $2; } |
1211 |
if ($safename =~ /^(.*)\@(.*)$/) { $localpart = $1; $domain = $2; } |
1202 |
|
1212 |
|
1203 |
$dir =~ s/\%u/${safename}/g; |
1213 |
$vdir =~ s/\%u/${safename}/g; |
1204 |
$dir =~ s/\%l/${localpart}/g; |
1214 |
$vdir =~ s/\%l/${localpart}/g; |
1205 |
$dir =~ s/\%d/${domain}/g; |
1215 |
$vdir =~ s/\%d/${domain}/g; |
1206 |
$dir =~ s/\%\%/\%/g; |
1216 |
$vdir =~ s/\%\%/\%/g; |
1207 |
|
1217 |
|
1208 |
$userdir = $dir; |
1218 |
$userdir = $vdir; |
1209 |
$prefsfile = $dir.'/user_prefs'; |
1219 |
$prefsfile = $vdir.'/user_prefs'; |
1210 |
# Log that the default configuration is being used for a user. |
1220 |
# # Log that the default configuration is being used for a user. |
1211 |
logmsg("Using default config for $username: $prefsfile"); |
1221 |
# logmsg("Using default config for $username: $prefsfile"); |
|
|
1222 |
} |
1223 |
|
1224 |
my $msg = "checking for " . $prefsfile; |
1225 |
if ($opt{'virtual-config-account'}) { |
1226 |
handle_setuid_change ($opt{'virtual-config-account'}, |
1227 |
$msg, $userdir); |
1212 |
} |
1228 |
} |
1213 |
|
1229 |
|
1214 |
if (-f $prefsfile) { |
1230 |
if (-f $prefsfile) { |
1215 |
# Found a config, load it. |
1231 |
# Found a config, load it. |
1216 |
$spamtest->read_scoreonly_config($prefsfile); |
1232 |
$spamtest->read_scoreonly_config($prefsfile); |
1217 |
} |
1233 |
} elsif ($opt{'create-prefs'}) { |
|
|
1234 |
if ((! -d $userdir) && (! mkdir $userdir, 0700)) { |
1235 |
logmsg "info: failed to create $userdir for $username."; |
1236 |
} else { |
1237 |
create_default_cf_if_needed ($prefsfile, |
1238 |
$opt{'virtual-config-account'}, $userdir); |
1239 |
$spamtest->read_scoreonly_config($prefsfile); |
1240 |
} |
1241 |
} |
1218 |
|
1242 |
|
1219 |
# assume that $userdir will be a writable directory we can |
1243 |
# assume that $userdir will be a writable directory we can |
1220 |
# use for AWL, Bayes dbs etc. |
1244 |
# use for AWL, Bayes dbs etc. |
Lines 1561-1566
Link Here
|
1561 |
# note: do not do 'return if linux'; for some reason, it doesn't work |
1585 |
# note: do not do 'return if linux'; for some reason, it doesn't work |
1562 |
} |
1586 |
} |
1563 |
|
1587 |
|
|
|
1588 |
sub handle_setuid_change { |
1589 |
my $username = shift; |
1590 |
my $msg = shift; |
1591 |
my $newdir = shift; |
1592 |
my ($name,$pwd,$uid,$gid,$quota,$comment,$gcos,$dir,$etc) = getpwnam($username); |
1593 |
|
1594 |
if (defined($newdir)) { $dir = $newdir;} |
1595 |
|
1596 |
if ( !$spamtest->{'paranoid'} && !defined($uid) ) { |
1597 |
#if we are given a username, but can't look it up, |
1598 |
#Maybe NIS is down? lets break out here to allow |
1599 |
#them to get 'defaults' when we are not running paranoid. |
1600 |
logmsg "handle_user() -> unable to find user [$username]!\n"; |
1601 |
return 0; |
1602 |
} |
1603 |
|
1604 |
$uid =~ /^(\d+)$/ and $uid = $1; # de-taint |
1605 |
$gid =~ /^(\d+)$/ and $gid = $1; # de-taint |
1606 |
|
1607 |
$) = "$gid $gid"; # change eGID |
1608 |
$> = $uid; # change eUID |
1609 |
if ( !defined($uid) || ($> != $uid and $> != ($uid-2**32))) { |
1610 |
logmsg "fatal: setuid to $username failed"; |
1611 |
die; # make it fatal to avoid security breaches |
1612 |
} |
1613 |
else { |
1614 |
if (defined($newdir)) { |
1615 |
$spamtest->signal_user_changed ({ username => $username, |
1616 |
user_dir => $newdir }); |
1617 |
} else { |
1618 |
$spamtest->signal_user_changed ({ username => $username}); |
1619 |
} |
1620 |
if (defined($msg)) { |
1621 |
logmsg "info: setuid to $username succeeded, ". $msg; |
1622 |
} else { |
1623 |
logmsg "info: setuid to $username succeeded."; |
1624 |
} |
1625 |
} |
1626 |
} |
1627 |
|
1564 |
__DATA__ |
1628 |
__DATA__ |
1565 |
|
1629 |
|
1566 |
=head1 NAME |
1630 |
=head1 NAME |
Lines 1740-1745
Link Here
|
1740 |
The pattern B<must> expand to an absolute directory when spamd is running |
1804 |
The pattern B<must> expand to an absolute directory when spamd is running |
1741 |
daemonized (B<-d>). |
1805 |
daemonized (B<-d>). |
1742 |
|
1806 |
|
|
|
1807 |
=item B<--virtual-config-account>=I<username> |
1808 |
When this option is used in conjunction with then B<--virtual-config-dir> |
1809 |
and spamc sends a virtual username (i.e. jm@example.com), spamd will change |
1810 |
to this account id to access/create the user preferences directory. |
1811 |
|
1812 |
If a username is passed to spamd that is in the /etc/passwd file, then |
1813 |
spamd processes that user as if B<--virtual-config-dir> had not been |
1814 |
specified. This is useful when some accounts are real and some are |
1815 |
virtual. |
1816 |
|
1743 |
=item B<-r> I<pidfile>, B<--pidfile>=I<pidfile> |
1817 |
=item B<-r> I<pidfile>, B<--pidfile>=I<pidfile> |
1744 |
|
1818 |
|
1745 |
Write the process ID of the spamd parent to the file specified by I<pidfile>. |
1819 |
Write the process ID of the spamd parent to the file specified by I<pidfile>. |