Lines 489-503
Link Here
|
489 |
# support setuid() to user unless: |
489 |
# support setuid() to user unless: |
490 |
# run with -u |
490 |
# run with -u |
491 |
# we're not root |
491 |
# we're not root |
492 |
# doing --vpopmail |
492 |
# doing --vpopmail or --virtual-config-dir |
493 |
# we disable user-config |
493 |
# we disable user-config |
494 |
my $setuid_to_user = ( |
494 |
my $setuid_to_user = ( |
495 |
$opt{'username'} || |
495 |
$opt{'username'} || |
496 |
$> != 0 || |
496 |
$> != 0 || |
497 |
$opt{'vpopmail'} || |
497 |
$opt{'vpopmail'} || |
498 |
(!$opt{'user-config'} && !($opt{'setuid-with-sql'}||$opt{'setuid-with-ldap'})) |
498 |
$opt{'virtual-config-dir'} |
499 |
) ? 0 : 1; |
499 |
) ? 0 : 1; |
500 |
|
500 |
|
|
|
501 |
dbg("spamd: will perform setuids? $setuid_to_user"); |
502 |
|
503 |
if ( $opt{'vpopmail'} ) { |
504 |
if ( !$opt{'username'} ) { |
505 |
die "spamd: cannot use --vpopmail without -u\n"; |
506 |
} |
507 |
} |
508 |
|
509 |
if ( $opt{'virtual-config-dir'} ) { |
510 |
if ( !$opt{'username'} ) { |
511 |
die "spamd: cannot use --virtual-config-dir without -u\n"; |
512 |
} |
513 |
} |
514 |
|
501 |
# always copy the config, later code may disable |
515 |
# always copy the config, later code may disable |
502 |
my $copy_config_p = 1; |
516 |
my $copy_config_p = 1; |
503 |
|
517 |
|
Lines 1463-1481
Link Here
|
1463 |
$compress_zlib = $hdrs->{compress_zlib}; |
1477 |
$compress_zlib = $hdrs->{compress_zlib}; |
1464 |
} |
1478 |
} |
1465 |
|
1479 |
|
1466 |
handle_setuid_to_user if ($setuid_to_user && $> == 0); |
1480 |
return 0 unless do_user_handling(); |
|
|
1481 |
if ($> == 0) { die "spamd: still running as root! dying"; } |
1467 |
|
1482 |
|
1468 |
if ( $opt{'sql-config'} && !defined($current_user) ) { |
|
|
1469 |
unless ( handle_user_sql('nobody') ) { |
1470 |
service_unavailable_error("Error fetching user preferences via SQL"); |
1471 |
return 0; |
1472 |
} |
1473 |
} |
1474 |
|
1475 |
if ( $opt{'ldap-config'} && !defined($current_user) ) { |
1476 |
handle_user_ldap('nobody'); |
1477 |
} |
1478 |
|
1479 |
my $resp = "EX_OK"; |
1483 |
my $resp = "EX_OK"; |
1480 |
|
1484 |
|
1481 |
# generate mail object from input |
1485 |
# generate mail object from input |
Lines 1669-1674
Link Here
|
1669 |
my $expected_length = $hdrs->{expected_length}; |
1673 |
my $expected_length = $hdrs->{expected_length}; |
1670 |
my $compress_zlib = $hdrs->{compress_zlib}; |
1674 |
my $compress_zlib = $hdrs->{compress_zlib}; |
1671 |
|
1675 |
|
|
|
1676 |
return 0 unless do_user_handling(); |
1677 |
if ($> == 0) { die "spamd: still running as root! dying"; } |
1678 |
|
1672 |
if (!$opt{tell}) { |
1679 |
if (!$opt{tell}) { |
1673 |
service_unavailable_error("TELL commands have not been enabled."); |
1680 |
service_unavailable_error("TELL commands have not been enabled."); |
1674 |
return 0; |
1681 |
return 0; |
Lines 1684-1691
Link Here
|
1684 |
return 0; |
1691 |
return 0; |
1685 |
} |
1692 |
} |
1686 |
|
1693 |
|
1687 |
&handle_setuid_to_user if ($setuid_to_user && $> == 0); |
|
|
1688 |
|
1689 |
if ($opt{'sql-config'} && !defined($current_user)) { |
1694 |
if ($opt{'sql-config'} && !defined($current_user)) { |
1690 |
unless (handle_user_sql('nobody')) { |
1695 |
unless (handle_user_sql('nobody')) { |
1691 |
service_unavailable_error("Error fetching user preferences via SQL"); |
1696 |
service_unavailable_error("Error fetching user preferences via SQL"); |
Lines 1789-1794
Link Here
|
1789 |
|
1794 |
|
1790 |
########################################################################### |
1795 |
########################################################################### |
1791 |
|
1796 |
|
|
|
1797 |
sub do_user_handling { |
1798 |
if ($setuid_to_user && $> == 0) { |
1799 |
handle_setuid_to_user(); |
1800 |
} |
1801 |
|
1802 |
if ( $opt{'sql-config'} && !defined($current_user) ) { |
1803 |
unless ( handle_user_sql('nobody') ) { |
1804 |
service_unavailable_error("Error fetching user preferences via SQL"); |
1805 |
return 0; |
1806 |
} |
1807 |
} |
1808 |
|
1809 |
if ( $opt{'ldap-config'} && !defined($current_user) ) { |
1810 |
handle_user_ldap('nobody'); |
1811 |
} |
1812 |
|
1813 |
dbg ("spamd: running as uid $>"); |
1814 |
return 1; |
1815 |
} |
1816 |
|
1792 |
# generalised header parser. |
1817 |
# generalised header parser. |
1793 |
sub parse_headers { |
1818 |
sub parse_headers { |
1794 |
my ($hdrs, $client) = @_; |
1819 |
my ($hdrs, $client) = @_; |
Lines 1891-1899
Link Here
|
1891 |
handle_user_setuid_with_ldap($current_user); |
1916 |
handle_user_setuid_with_ldap($current_user); |
1892 |
$setuid_to_user = 1; # as above |
1917 |
$setuid_to_user = 1; # as above |
1893 |
} |
1918 |
} |
|
|
1919 |
else { |
1920 |
handle_user_setuid_basic($current_user); |
1921 |
} |
1894 |
} |
1922 |
} |
1895 |
else { |
1923 |
else { |
1896 |
handle_user($current_user); |
1924 |
handle_user_setuid_basic($current_user); |
1897 |
if ( $opt{'sql-config'} ) { |
1925 |
if ( $opt{'sql-config'} ) { |
1898 |
unless ( handle_user_sql($current_user) ) { |
1926 |
unless ( handle_user_sql($current_user) ) { |
1899 |
service_unavailable_error("Error fetching user preferences via SQL"); |
1927 |
service_unavailable_error("Error fetching user preferences via SQL"); |
Lines 2016-2022
Link Here
|
2016 |
return 1; |
2044 |
return 1; |
2017 |
} |
2045 |
} |
2018 |
|
2046 |
|
2019 |
sub handle_user { |
2047 |
sub handle_user_setuid_basic { |
2020 |
my $username = shift; |
2048 |
my $username = shift; |
2021 |
|
2049 |
|
2022 |
# |
2050 |
# |
Lines 2055-2060
Link Here
|
2055 |
} |
2083 |
} |
2056 |
} |
2084 |
} |
2057 |
|
2085 |
|
|
|
2086 |
if ($opt{'user-config'}) { |
2087 |
handle_user_set_user_prefs($dir, $username); |
2088 |
} |
2089 |
} |
2090 |
|
2091 |
sub handle_user_set_user_prefs { |
2092 |
my ($dir, $username) = @_; |
2093 |
|
2058 |
# |
2094 |
# |
2059 |
# If vpopmail config enabled then set $dir to virtual homedir |
2095 |
# If vpopmail config enabled then set $dir to virtual homedir |
2060 |
# |
2096 |
# |
Lines 2076-2109
Link Here
|
2076 |
} |
2112 |
} |
2077 |
my $cf_file = $dir . "/.spamassassin/user_prefs"; |
2113 |
my $cf_file = $dir . "/.spamassassin/user_prefs"; |
2078 |
|
2114 |
|
2079 |
# |
2115 |
create_default_cf_if_needed( $cf_file, $username, $dir ); |
2080 |
# If vpopmail config enabled then pass virtual homedir onto create_default_cf_needed |
2116 |
$spamtest->read_scoreonly_config($cf_file); |
2081 |
# |
2117 |
$spamtest->signal_user_changed( |
2082 |
if ( $opt{'vpopmail'} ) { |
2118 |
{ |
2083 |
if ( !$opt{'username'} ) { |
2119 |
username => $username, |
2084 |
warn "spamd: cannot use vpopmail without -u\n"; |
2120 |
user_dir => $dir |
2085 |
} |
2121 |
} |
2086 |
create_default_cf_if_needed( $cf_file, $username, $dir ); |
2122 |
); |
2087 |
$spamtest->read_scoreonly_config($cf_file); |
|
|
2088 |
$spamtest->signal_user_changed( |
2089 |
{ |
2090 |
username => $username, |
2091 |
user_dir => $dir |
2092 |
} |
2093 |
); |
2094 |
|
2123 |
|
2095 |
} |
|
|
2096 |
else { |
2097 |
create_default_cf_if_needed( $cf_file, $username, $dir ); |
2098 |
$spamtest->read_scoreonly_config($cf_file); |
2099 |
$spamtest->signal_user_changed( |
2100 |
{ |
2101 |
username => $username, |
2102 |
user_dir => $dir |
2103 |
} |
2104 |
); |
2105 |
} |
2106 |
|
2107 |
return 1; |
2124 |
return 1; |
2108 |
} |
2125 |
} |
2109 |
|
2126 |
|
Lines 2780-2785
Link Here
|
2780 |
The pattern B<must> expand to an absolute directory when spamd is running |
2797 |
The pattern B<must> expand to an absolute directory when spamd is running |
2781 |
daemonized (B<-d>). |
2798 |
daemonized (B<-d>). |
2782 |
|
2799 |
|
|
|
2800 |
Currently, use of this without B<-u> is not supported. This inhibits setuid. |
2801 |
|
2783 |
=item B<-r> I<pidfile>, B<--pidfile>=I<pidfile> |
2802 |
=item B<-r> I<pidfile>, B<--pidfile>=I<pidfile> |
2784 |
|
2803 |
|
2785 |
Write the process ID of the spamd parent to the file specified by I<pidfile>. |
2804 |
Write the process ID of the spamd parent to the file specified by I<pidfile>. |
Lines 2793-2799
Link Here
|
2793 |
maildir. This option is useful for vpopmail virtual users who do not have an |
2812 |
maildir. This option is useful for vpopmail virtual users who do not have an |
2794 |
entry in the system /etc/passwd file. |
2813 |
entry in the system /etc/passwd file. |
2795 |
|
2814 |
|
2796 |
Currently, use of this without B<-u> is not supported. |
2815 |
Currently, use of this without B<-u> is not supported. This inhibits setuid. |
2797 |
|
2816 |
|
2798 |
=item B<-s> I<facility>, B<--syslog>=I<facility> |
2817 |
=item B<-s> I<facility>, B<--syslog>=I<facility> |
2799 |
|
2818 |
|