496
496
# doing --vpopmail or --virtual-config-dir
497
# we disable user-config
497
# using --sql-config or --ldap-config
498
# (unless we're also using --setuid-with-sql or --setuid-with-ldap)
498
499
my $setuid_to_user = (
502
$opt{'virtual-config-dir'}
503
$opt{'virtual-config-dir'} ||
504
($opt{'sql-config'} && !$opt{'setuid-with-sql'}) ||
505
($opt{'ldap-config'} && !$opt{'setuid-with-ldap'})
505
508
dbg("spamd: will perform setuids? $setuid_to_user");
522
if ($opt{'sql-config'} && !$opt{'setuid-with-sql'}) {
523
if ( !$opt{'username'} ) {
524
die "spamd: cannot use --sql-config without -u\n";
528
if ($opt{'ldap-config'} && !$opt{'setuid-with-ldap'}) {
529
if ( !$opt{'username'} ) {
530
die "spamd: cannot use --ldap-config without -u\n";
519
534
# always copy the config, later code may disable
520
535
my $copy_config_p = 1;
876
$spamtest->init_learner({
877
opportunistic_expire_check_only => 1,
880
891
# if $clients_per_child == 1, there's no point in copying configs around
881
892
unless ($clients_per_child > 1) {
882
893
# unset $copy_config_p so we don't bother trying to copy things back
898
909
# process are written with the right ownership and everything.
899
910
preload_modules_with_tmp_homedir();
912
# this must be after preload_modules_with_tmp_homedir(), for bug 5606
913
$spamtest->init_learner({
914
opportunistic_expire_check_only => 1,
901
917
# bayes DBs may still be tied() at this point, so untie them and such.
902
918
$spamtest->finish_learner();
2023
2039
# If $opt{'username'} in use, then look up userinfo for that uid;
2024
2040
# otherwise use what was passed via $username
2042
my $suidto = $username;
2027
2043
if ( $opt{'username'} ) {
2028
$userid = $opt{'username'};
2031
$userid = $username;
2033
my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $dir, $etc) =
2044
$suidto = $opt{'username'};
2046
my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $suiddir, $etc) =
2036
2049
if (!defined $uid) {
2037
my $errmsg = "spamd: handle_user unable to find user: '$userid'\n";
2050
my $errmsg = "spamd: handle_user unable to find user: '$suidto'\n";
2038
2051
die $errmsg if $spamtest->{'paranoid'};
2039
2052
# if we are given a username, but can't look it up, maybe name
2040
2053
# services are down? let's break out here to allow them to get
2048
2061
$> = $uid; # change eUID
2049
2062
if ( !defined($uid) || ( $> != $uid and $> != ( $uid - 2**32 ) ) ) {
2050
2063
# make it fatal to avoid security breaches
2051
die("spamd: fatal error: setuid to $username failed");
2064
die("spamd: fatal error: setuid to $suidto failed");
2054
info("spamd: setuid to $username succeeded");
2058
if ($opt{'user-config'}) {
2059
handle_user_set_user_prefs($dir, $username);
2067
info("spamd: setuid to $suidto succeeded");
2073
# if $opt{'user-config'} is in use, read user prefs from the remote
2074
# username's home dir (if it exists): bug 5611
2075
if ( $opt{'user-config'} ) {
2076
my $prefsfrom = $username; # the one passed, NOT $opt{username}
2078
if ($prefsfrom eq $suidto) {
2079
$userdir = $suiddir; # reuse the already-looked-up info
2081
$userdir = (getpwnam($prefsfrom))[7];
2084
# we *still* die if this can't be found
2085
if (!defined $userdir) {
2086
my $errmsg = "spamd: handle_user unable to find user: '$prefsfrom'\n";
2087
die $errmsg if $spamtest->{'paranoid'};
2088
# if we are given a username, but can't look it up, maybe name
2089
# services are down? let's break out here to allow them to get
2090
# 'defaults' when we are not running paranoid
2096
# call this anyway, regardless of --user-config, so that
2097
# signal_user_changed() is called
2098
handle_user_set_user_prefs($userdir, $username);
2063
2101
sub handle_user_set_user_prefs {
2064
2102
my ($dir, $username) = @_;
2067
2104
# If vpopmail config enabled then set $dir to virtual homedir
2069
2106
if ( $opt{'vpopmail'} ) {
2085
my $cf_file = $dir . "/.spamassassin/user_prefs";
2087
create_default_cf_if_needed( $cf_file, $username, $dir );
2088
$spamtest->read_scoreonly_config($cf_file);
2123
# don't do this if we weren't passed a directory
2125
my $cf_file = $dir . "/.spamassassin/user_prefs";
2126
create_default_cf_if_needed( $cf_file, $username, $dir );
2127
$spamtest->read_scoreonly_config($cf_file);
2130
# signal_user_changed will ignore undef user_dirs, so this is ok
2089
2131
$spamtest->signal_user_changed(
2091
2133
username => $username,
2749
2791
connections will be accepted on the B<--port> at the same time as encrypted
2750
2792
connections are accepted at B<--ssl-port>.
2753
2794
=item B<-q>, B<--sql-config>
2755
2796
Turn on SQL lookups even when per-user config files have been disabled
2760
2801
If your spamc client does not support sending the C<User:> header,
2761
2802
like C<exiscan>, then the SQL username used will always be B<nobody>.
2804
This inhibits the setuid() behavior, so the C<-u> option is
2805
required. If you want the setuid() behaviour, use C<-Q> or
2806
C<--setuid-with-sql> instead.
2763
2808
=item B<--ldap-config>
2765
2810
Turn on LDAP lookups. This is completely analog to C<--sql-config>,
2766
2811
only it is using an LDAP server.
2813
Like C<--sql-config>, this disables the setuid behavior, and requires
2814
C<-u>. If you want it, use C<--setuid-with-ldap> instead.
2768
2816
=item B<-Q>, B<--setuid-with-sql>
2770
2818
Turn on SQL lookups even when per-user config files have been disabled
2901
2949
=item B<-x>, B<--nouser-config>, B<--user-config>
2903
Turn off(on) reading of per-user configuration files (user_prefs) from the
2951
Turn off (on) reading of per-user configuration files (user_prefs) from the
2904
2952
user's home directory. The default behaviour is to read per-user
2905
configuration from the user's home directory.
2953
configuration from the user's home directory (B<--user-config>).
2907
2955
This option does not disable or otherwise influence the SQL, LDAP or
2908
2956
Virtual Config Dir settings.