You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2007/09/27 14:37:02 UTC
svn commit: r579988 - /spamassassin/trunk/spamd/spamd.raw
Author: jm
Date: Thu Sep 27 05:37:01 2007
New Revision: 579988
URL: http://svn.apache.org/viewvc?rev=579988&view=rev
Log:
bug 5611: support 'spamd --nouser-config -u username', which setuids to 'username' but does not read user_prefs files from anywhere
Modified:
spamassassin/trunk/spamd/spamd.raw
Modified: spamassassin/trunk/spamd/spamd.raw
URL: http://svn.apache.org/viewvc/spamassassin/trunk/spamd/spamd.raw?rev=579988&r1=579987&r2=579988&view=diff
==============================================================================
--- spamassassin/trunk/spamd/spamd.raw (original)
+++ spamassassin/trunk/spamd/spamd.raw Thu Sep 27 05:37:01 2007
@@ -2027,18 +2027,15 @@
# If $opt{'username'} in use, then look up userinfo for that uid;
# otherwise use what was passed via $username
#
- my $userid = '';
+ my $suidto = $username;
if ( $opt{'username'} ) {
- $userid = $opt{'username'};
+ $suidto = $opt{'username'};
}
- else {
- $userid = $username;
- }
- my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $dir, $etc) =
- getpwnam($userid);
+ my ($name, $pwd, $uid, $gid, $quota, $comment, $gcos, $suiddir, $etc) =
+ getpwnam($suidto);
if (!defined $uid) {
- my $errmsg = "spamd: handle_user unable to find user: '$userid'\n";
+ my $errmsg = "spamd: handle_user unable to find user: '$suidto'\n";
die $errmsg if $spamtest->{'paranoid'};
# if we are given a username, but can't look it up, maybe name
# services are down? let's break out here to allow them to get
@@ -2052,22 +2049,46 @@
$> = $uid; # change eUID
if ( !defined($uid) || ( $> != $uid and $> != ( $uid - 2**32 ) ) ) {
# make it fatal to avoid security breaches
- die("spamd: fatal error: setuid to $username failed");
+ die("spamd: fatal error: setuid to $suidto failed");
}
else {
- info("spamd: setuid to $username succeeded");
+ info("spamd: setuid to $suidto succeeded");
}
}
- if ($opt{'user-config'}) {
- handle_user_set_user_prefs($dir, $username);
+ my $userdir;
+
+ # if $opt{'user-config'} is in use, read user prefs from the remote
+ # username's home dir (if it exists): bug 5611
+ if ( $opt{'user-config'} ) {
+ my $prefsfrom = $username; # the one passed, NOT $opt{username}
+
+ if ($prefsfrom eq $suidto) {
+ $userdir = $suiddir; # reuse the already-looked-up info
+ } else {
+ $userdir = (getpwnam($prefsfrom))[7];
+ }
+
+ # we *still* die if this can't be found
+ if (!defined $userdir) {
+ my $errmsg = "spamd: handle_user unable to find user: '$prefsfrom'\n";
+ die $errmsg if $spamtest->{'paranoid'};
+ # if we are given a username, but can't look it up, maybe name
+ # services are down? let's break out here to allow them to get
+ # 'defaults' when we are not running paranoid
+ info($errmsg);
+ return 0;
+ }
}
+
+ # call this anyway, regardless of --user-config, so that
+ # signal_user_changed() is called
+ handle_user_set_user_prefs($userdir, $username);
}
sub handle_user_set_user_prefs {
my ($dir, $username) = @_;
- #
# If vpopmail config enabled then set $dir to virtual homedir
#
if ( $opt{'vpopmail'} ) {
@@ -2086,10 +2107,15 @@
}
chomp($dir);
}
- my $cf_file = $dir . "/.spamassassin/user_prefs";
- create_default_cf_if_needed( $cf_file, $username, $dir );
- $spamtest->read_scoreonly_config($cf_file);
+ # don't do this if we weren't passed a directory
+ if ($dir) {
+ my $cf_file = $dir . "/.spamassassin/user_prefs";
+ create_default_cf_if_needed( $cf_file, $username, $dir );
+ $spamtest->read_scoreonly_config($cf_file);
+ }
+
+ # signal_user_changed will ignore undef user_dirs, so this is ok
$spamtest->signal_user_changed(
{
username => $username,
@@ -2904,9 +2930,9 @@
=item B<-x>, B<--nouser-config>, B<--user-config>
-Turn off(on) reading of per-user configuration files (user_prefs) from the
+Turn off (on) reading of per-user configuration files (user_prefs) from the
user's home directory. The default behaviour is to read per-user
-configuration from the user's home directory.
+configuration from the user's home directory (B<--user-config>).
This option does not disable or otherwise influence the SQL, LDAP or
Virtual Config Dir settings.