Lines 200-205
Link Here
|
200 |
'username|u=s' => \$opt{'username'}, |
200 |
'username|u=s' => \$opt{'username'}, |
201 |
'version|V' => \$opt{'version'}, |
201 |
'version|V' => \$opt{'version'}, |
202 |
'virtual-config-dir=s' => \$opt{'virtual-config-dir'}, |
202 |
'virtual-config-dir=s' => \$opt{'virtual-config-dir'}, |
|
|
203 |
'virtual-setuid-separator=s' => \$opt{'virtual-setuid-separator'}, |
203 |
'v' => \$opt{'vpopmail'}, |
204 |
'v' => \$opt{'vpopmail'}, |
204 |
'vpopmail!' => \$opt{'vpopmail'}, |
205 |
'vpopmail!' => \$opt{'vpopmail'}, |
205 |
|
206 |
|
Lines 413-419
Link Here
|
413 |
$opt{'username'} || |
414 |
$opt{'username'} || |
414 |
$> != 0 || |
415 |
$> != 0 || |
415 |
$opt{'vpopmail'} || |
416 |
$opt{'vpopmail'} || |
416 |
(!$opt{'user-config'} && !($opt{'setuid-with-sql'}||$opt{'setuid-with-ldap'})) |
417 |
(!$opt{'user-config'} && !($opt{'setuid-with-sql'}||$opt{'setuid-with-ldap'}||($opt{'virtual-config-dir'}&&$opt{'virtual-setuid-separator'}))) |
417 |
) ? 0 : 1; |
418 |
) ? 0 : 1; |
418 |
|
419 |
|
419 |
# always copy the config, later code may disable |
420 |
# always copy the config, later code may disable |
Lines 1768-1773
Link Here
|
1768 |
sub handle_virtual_config_dir { |
1769 |
sub handle_virtual_config_dir { |
1769 |
my ($username) = @_; |
1770 |
my ($username) = @_; |
1770 |
|
1771 |
|
|
|
1772 |
if ($opt{'virtual-setuid-separator'} and $username =~ s/^([\x20-\xff]+?)\Q$opt{'virtual-setuid-separator'}\E//) { |
1773 |
my $userid = $1; |
1774 |
my ( $name, $pwd, $uid, $gid, $quota, $comment, $gcos, $dir, $etc ) = |
1775 |
getpwnam($userid); |
1776 |
|
1777 |
if ( !$spamtest->{'paranoid'} && !defined($uid) ) { |
1778 |
|
1779 |
#if we are given a username, but can't look it up, |
1780 |
#Maybe NIS is down? lets break out here to allow |
1781 |
#them to get 'defaults' when we are not running paranoid. |
1782 |
logmsg("handle_user: unable to find user '$userid'!"); |
1783 |
return 0; |
1784 |
} |
1785 |
|
1786 |
if ($setuid_to_user) { |
1787 |
$) = "$gid $gid"; # change eGID |
1788 |
$> = $uid; # change eUID |
1789 |
if ( !defined($uid) || ( $> != $uid and $> != ( $uid - 2**32 ) ) ) { |
1790 |
logmsg("fatal: setuid to $uid:$gid failed"); |
1791 |
die; # make it fatal to avoid security breaches |
1792 |
} |
1793 |
else { |
1794 |
logmsg("info: setuid to $uid:$gid succeeded"); |
1795 |
} |
1796 |
} |
1797 |
} |
1798 |
|
1771 |
my $dir = $opt{'virtual-config-dir'}; |
1799 |
my $dir = $opt{'virtual-config-dir'}; |
1772 |
my $userdir; |
1800 |
my $userdir; |
1773 |
my $prefsfile; |
1801 |
my $prefsfile; |
Lines 1778-1787
Link Here
|
1778 |
my $localpart = ''; |
1806 |
my $localpart = ''; |
1779 |
my $domain = ''; |
1807 |
my $domain = ''; |
1780 |
if ( $safename =~ /^(.*)\@(.*)$/ ) { $localpart = $1; $domain = $2; } |
1808 |
if ( $safename =~ /^(.*)\@(.*)$/ ) { $localpart = $1; $domain = $2; } |
|
|
1809 |
my $homedir = (getpwuid($>))[7]; |
1781 |
|
1810 |
|
1782 |
$dir =~ s/\%u/${safename}/g; |
1811 |
$dir =~ s/\%u/${safename}/g; |
1783 |
$dir =~ s/\%l/${localpart}/g; |
1812 |
$dir =~ s/\%l/${localpart}/g; |
1784 |
$dir =~ s/\%d/${domain}/g; |
1813 |
$dir =~ s/\%d/${domain}/g; |
|
|
1814 |
$dir =~ s/\%h/${homedir}/g; |
1785 |
$dir =~ s/\%\%/\%/g; |
1815 |
$dir =~ s/\%\%/\%/g; |
1786 |
|
1816 |
|
1787 |
$userdir = $dir; |
1817 |
$userdir = $dir; |
Lines 2162-2167
Link Here
|
2162 |
enables use of -H) |
2192 |
enables use of -H) |
2163 |
--virtual-config-dir=dir Enable pattern based Virtual configs |
2193 |
--virtual-config-dir=dir Enable pattern based Virtual configs |
2164 |
(needs -x) |
2194 |
(needs -x) |
|
|
2195 |
--virtual-config-separator=chars Allows setuid operation of virtual configs |
2196 |
by prefixing email with setuid username |
2165 |
-r pidfile, --pidfile Write the process id to pidfile |
2197 |
-r pidfile, --pidfile Write the process id to pidfile |
2166 |
-s facility, --syslog=facility Specify the syslog facility |
2198 |
-s facility, --syslog=facility Specify the syslog facility |
2167 |
--syslog-socket=type How to connect to syslogd |
2199 |
--syslog-socket=type How to connect to syslogd |
Lines 2293-2298
Link Here
|
2293 |
words, if the username is an email address, this is the part after the C<@> |
2325 |
words, if the username is an email address, this is the part after the C<@> |
2294 |
sign. |
2326 |
sign. |
2295 |
|
2327 |
|
|
|
2328 |
=item %h -- replaced with the home directory of the current user. This is |
2329 |
particularly useful when using the B<--virtual-setuid-separator> option). |
2330 |
|
2296 |
=item %% -- replaced with a single percent sign (%). |
2331 |
=item %% -- replaced with a single percent sign (%). |
2297 |
|
2332 |
|
2298 |
=back |
2333 |
=back |
Lines 2319-2324
Link Here
|
2319 |
The pattern B<must> expand to an absolute directory when spamd is running |
2354 |
The pattern B<must> expand to an absolute directory when spamd is running |
2320 |
daemonized (B<-d>). |
2355 |
daemonized (B<-d>). |
2321 |
|
2356 |
|
|
|
2357 |
=item B<--virtual-setuid-separator>=I<string> |
2358 |
|
2359 |
Interprets a setuid username from spamc followed by the value followed by the |
2360 |
real virtual username. For example, if set to C<::>, spamc could send a |
2361 |
virtual username of C<example::jm@example.com> which would instruct spamd to |
2362 |
setuid() to the C<example> user before continuing. |
2363 |
|
2364 |
This setting has no effect without B<--virtual-config-dir>. |
2365 |
|
2322 |
=item B<-r> I<pidfile>, B<--pidfile>=I<pidfile> |
2366 |
=item B<-r> I<pidfile>, B<--pidfile>=I<pidfile> |
2323 |
|
2367 |
|
2324 |
Write the process ID of the spamd parent to the file specified by I<pidfile>. |
2368 |
Write the process ID of the spamd parent to the file specified by I<pidfile>. |