1
From a45c4053ddf3956bf5d811c00cc5dea09514c05b Mon Sep 17 00:00:00 2001
2
From: Shawn Webb <swebb@sourcefire.com>
3
Date: Thu, 31 Jul 2014 11:50:23 -0400
4
Subject: bb#10731 - Allow to specificy a group for the socket of which the
7
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
9
clamav-milter/clamav-milter.c | 193 +++++++++++++++++++++---------------------
10
1 file changed, 98 insertions(+), 95 deletions(-)
12
diff --git a/clamav-milter/clamav-milter.c b/clamav-milter/clamav-milter.c
13
index 2c7a4d7..99e7fe7 100644
14
--- a/clamav-milter/clamav-milter.c
15
+++ b/clamav-milter/clamav-milter.c
16
@@ -116,6 +116,104 @@ int main(int argc, char **argv) {
20
+ if(!(my_socket = optget(opts, "MilterSocket")->strarg)) {
21
+ logg("!Please configure the MilterSocket directive\n");
27
+ if(smfi_setconn(my_socket) == MI_FAILURE) {
28
+ logg("!smfi_setconn failed\n");
33
+ if(smfi_register(descr) == MI_FAILURE) {
34
+ logg("!smfi_register failed\n");
39
+ opt = optget(opts, "FixStaleSocket");
40
+ umsk = umask(0777); /* socket is created with 000 to avoid races */
41
+ if(smfi_opensocket(opt->enabled) == MI_FAILURE) {
42
+ logg("!Failed to create socket %s\n", my_socket);
47
+ umask(umsk); /* restore umask */
48
+ if(strncmp(my_socket, "inet:", 5) && strncmp(my_socket, "inet6:", 6)) {
49
+ /* set group ownership and perms on the local socket */
50
+ char *sock_name = my_socket;
52
+ if(!strncmp(my_socket, "unix:", 5))
54
+ if(!strncmp(my_socket, "local:", 6))
56
+ if(*my_socket == ':')
59
+ if(optget(opts, "MilterSocketGroup")->enabled) {
60
+ char *gname = optget(opts, "MilterSocketGroup")->strarg, *end;
61
+ gid_t sock_gid = strtol(gname, &end, 10);
63
+ struct group *pgrp = getgrnam(gname);
65
+ logg("!Unknown group %s\n", gname);
70
+ sock_gid = pgrp->gr_gid;
72
+ if(chown(sock_name, -1, sock_gid)) {
73
+ logg("!Failed to change socket ownership to group %s\n", gname);
80
+ if ((opt = optget(opts, "User"))->enabled) {
81
+ struct passwd *user;
82
+ if ((user = getpwnam(opt->strarg)) == NULL) {
83
+ logg("ERROR: Can't get information about user %s.\n",
90
+ if(chown(sock_name, user->pw_uid, -1)) {
91
+ logg("!Failed to change socket ownership to user %s\n", user->pw_name);
98
+ if(optget(opts, "MilterSocketMode")->enabled) {
100
+ sock_mode = strtol(optget(opts, "MilterSocketMode")->strarg, &end, 8);
102
+ logg("!Invalid MilterSocketMode %s\n", optget(opts, "MilterSocketMode")->strarg);
108
+ sock_mode = 0777 & ~umsk;
110
+ if(chmod(sock_name, sock_mode & 0666)) {
111
+ logg("!Cannot set milter socket permission to %s\n", optget(opts, "MilterSocketMode")->strarg);
118
if(geteuid() == 0 && (opt = optget(opts, "User"))->enabled) {
119
struct passwd *user = NULL;
120
if((user = getpwnam(opt->strarg)) == NULL) {
121
@@ -248,15 +346,6 @@ int main(int argc, char **argv) {
123
multircpt = optget(opts, "SupportMultipleRecipients")->enabled;
125
- if(!(my_socket = optget(opts, "MilterSocket")->strarg)) {
126
- logg("!Please configure the MilterSocket directive\n");
134
if(!optget(opts, "Foreground")->enabled) {
135
if(daemonize() == -1) {
136
logg("!daemonize() failed\n");
137
@@ -271,92 +360,6 @@ int main(int argc, char **argv) {
138
logg("^Can't change current working directory to root\n");
141
- if(smfi_setconn(my_socket) == MI_FAILURE) {
142
- logg("!smfi_setconn failed\n");
149
- if(smfi_register(descr) == MI_FAILURE) {
150
- logg("!smfi_register failed\n");
157
- opt = optget(opts, "FixStaleSocket");
158
- umsk = umask(0777); /* socket is created with 000 to avoid races */
159
- if(smfi_opensocket(opt->enabled) == MI_FAILURE) {
160
- logg("!Failed to create socket %s\n", my_socket);
167
- umask(umsk); /* restore umask */
168
- if(strncmp(my_socket, "inet:", 5) && strncmp(my_socket, "inet6:", 6)) {
169
- /* set group ownership and perms on the local socket */
170
- char *sock_name = my_socket;
172
- if(!strncmp(my_socket, "unix:", 5))
174
- if(!strncmp(my_socket, "local:", 6))
176
- if(*my_socket == ':')
179
- if(optget(opts, "MilterSocketGroup")->enabled) {
180
- char *gname = optget(opts, "MilterSocketGroup")->strarg, *end;
181
- gid_t sock_gid = strtol(gname, &end, 10);
183
- struct group *pgrp = getgrnam(gname);
185
- logg("!Unknown group %s\n", gname);
192
- sock_gid = pgrp->gr_gid;
194
- if(chown(sock_name, -1, sock_gid)) {
195
- logg("!Failed to change socket ownership to group %s\n", gname);
203
- if(optget(opts, "MilterSocketMode")->enabled) {
205
- sock_mode = strtol(optget(opts, "MilterSocketMode")->strarg, &end, 8);
207
- logg("!Invalid MilterSocketMode %s\n", optget(opts, "MilterSocketMode")->strarg);
215
- sock_mode = 0777 & ~umsk;
217
- if(chmod(sock_name, sock_mode & 0666)) {
218
- logg("!Cannot set milter socket permission to %s\n", optget(opts, "MilterSocketMode")->strarg);
227
maxfilesize = optget(opts, "MaxFileSize")->numarg;
229
logg("^Invalid MaxFileSize, using default (%d)\n", CLI_DEFAULT_MAXFILESIZE);