You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2007/09/27 14:37:02 UTC
svn commit: r579988 - /spamassassin/trunk/spamd/spamd.raw

Author: jm
Date: Thu Sep 27 05:37:01 2007
New Revision: 579988

URL: http://svn.apache.org/viewvc?rev=579988&view=rev
Log:
bug 5611: support 'spamd --nouser-config -u username', which setuids to 'username' but does not read user_prefs files from anywhere

Modified:
    spamassassin/trunk/spamd/spamd.raw

Modified: spamassassin/trunk/spamd/spamd.raw
URL: http://svn.apache.org/viewvc/spamassassin/trunk/spamd/spamd.raw?rev=579988&r1=579987&r2=579988&view=diff
==============================================================================
--- spamassassin/trunk/spamd/spamd.raw (original)
+++ spamassassin/trunk/spamd/spamd.raw Thu Sep 27 05:37:01 2007
@@ -2027,18 +2027,15 @@
   # If $opt{'username'} in use, then look up userinfo for that uid;
   # otherwise use what was passed via $username
   #
-  my $userid = '';
+  my $suidto = $username;
   if ( $opt{'username'} ) {
-    $userid = $opt{'username'};
+    $suidto = $opt{'username'};
   }
-  else {
-    $userid = $username;
-  }
-  my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $dir, $etc) =
-      getpwnam($userid);
+  my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $suiddir, $etc) =
+      getpwnam($suidto);
 
   if (!defined $uid) {
-      my $errmsg = "spamd: handle_user unable to find user: '$userid'\n";
+      my $errmsg = "spamd: handle_user unable to find user: '$suidto'\n";
       die $errmsg if $spamtest->{'paranoid'};
       # if we are given a username, but can't look it up, maybe name
       # services are down?  let's break out here to allow them to get
@@ -2052,22 +2049,46 @@
     $> = $uid;                        # change eUID
     if ( !defined($uid) || ( $> != $uid and $> != ( $uid - 2**32 ) ) ) {
       # make it fatal to avoid security breaches
-      die("spamd: fatal error: setuid to $username failed");
+      die("spamd: fatal error: setuid to $suidto failed");
     }
     else {
-      info("spamd: setuid to $username succeeded");
+      info("spamd: setuid to $suidto succeeded");
     }
   }
 
-  if ($opt{'user-config'}) {
-    handle_user_set_user_prefs($dir, $username);
+  my $userdir;
+
+  # if $opt{'user-config'} is in use, read user prefs from the remote
+  # username's home dir (if it exists): bug 5611
+  if ( $opt{'user-config'} ) {
+    my $prefsfrom = $username;  # the one passed, NOT $opt{username}
+
+    if ($prefsfrom eq $suidto) {
+      $userdir = $suiddir;      # reuse the already-looked-up info
+    } else {
+      $userdir = (getpwnam($prefsfrom))[7];
+    }
+
+    # we *still* die if this can't be found
+    if (!defined $userdir) {
+        my $errmsg = "spamd: handle_user unable to find user: '$prefsfrom'\n";
+        die $errmsg if $spamtest->{'paranoid'};
+        # if we are given a username, but can't look it up, maybe name
+        # services are down?  let's break out here to allow them to get
+        # 'defaults' when we are not running paranoid
+        info($errmsg);
+        return 0;
+    }
   }
+
+  # call this anyway, regardless of --user-config, so that
+  # signal_user_changed() is called
+  handle_user_set_user_prefs($userdir, $username);
 }
 
 sub handle_user_set_user_prefs {
   my ($dir, $username) = @_;
 
-  #
   # If vpopmail config enabled then set $dir to virtual homedir
   #
   if ( $opt{'vpopmail'} ) {
@@ -2086,10 +2107,15 @@
     }
     chomp($dir);
   }
-  my $cf_file = $dir . "/.spamassassin/user_prefs";
 
-  create_default_cf_if_needed( $cf_file, $username, $dir );
-  $spamtest->read_scoreonly_config($cf_file);
+  # don't do this if we weren't passed a directory
+  if ($dir) {
+    my $cf_file = $dir . "/.spamassassin/user_prefs";
+    create_default_cf_if_needed( $cf_file, $username, $dir );
+    $spamtest->read_scoreonly_config($cf_file);
+  }
+
+  # signal_user_changed will ignore undef user_dirs, so this is ok
   $spamtest->signal_user_changed(
     {
       username => $username,
@@ -2904,9 +2930,9 @@
 
 =item B<-x>, B<--nouser-config>, B<--user-config>
 
-Turn off(on) reading of per-user configuration files (user_prefs) from the
+Turn off (on) reading of per-user configuration files (user_prefs) from the
 user's home directory.  The default behaviour is to read per-user
-configuration from the user's home directory.
+configuration from the user's home directory (B<--user-config>).
 
 This option does not disable or otherwise influence the SQL, LDAP or
 Virtual Config Dir settings.