diff options
Diffstat (limited to 'recipes-security/clamav/clamav-0.98.5/0015-bb-10731-Allow-to-specificy-a-group-for-the-socket-o.patch')
-rw-r--r-- | recipes-security/clamav/clamav-0.98.5/0015-bb-10731-Allow-to-specificy-a-group-for-the-socket-o.patch | 229 |
1 files changed, 0 insertions, 229 deletions
diff --git a/recipes-security/clamav/clamav-0.98.5/0015-bb-10731-Allow-to-specificy-a-group-for-the-socket-o.patch b/recipes-security/clamav/clamav-0.98.5/0015-bb-10731-Allow-to-specificy-a-group-for-the-socket-o.patch deleted file mode 100644 index 8619a51..0000000 --- a/recipes-security/clamav/clamav-0.98.5/0015-bb-10731-Allow-to-specificy-a-group-for-the-socket-o.patch +++ /dev/null | |||
@@ -1,229 +0,0 @@ | |||
1 | From 9ba0bd8840f8be4cccaf8134b65a012dffdd8ae0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Shawn Webb <swebb@sourcefire.com> | ||
3 | Date: Thu, 31 Jul 2014 11:50:23 -0400 | ||
4 | Subject: bb#10731 - Allow to specificy a group for the socket of which the | ||
5 | user is not a member | ||
6 | |||
7 | Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> | ||
8 | --- | ||
9 | clamav-milter/clamav-milter.c | 193 +++++++++++++++++++++--------------------- | ||
10 | 1 file changed, 98 insertions(+), 95 deletions(-) | ||
11 | |||
12 | diff --git a/clamav-milter/clamav-milter.c b/clamav-milter/clamav-milter.c | ||
13 | index 2c7a4d7d3414..99e7fe7fac04 100644 | ||
14 | --- a/clamav-milter/clamav-milter.c | ||
15 | +++ b/clamav-milter/clamav-milter.c | ||
16 | @@ -116,6 +116,104 @@ int main(int argc, char **argv) { | ||
17 | } | ||
18 | } | ||
19 | |||
20 | + if(!(my_socket = optget(opts, "MilterSocket")->strarg)) { | ||
21 | + logg("!Please configure the MilterSocket directive\n"); | ||
22 | + logg_close(); | ||
23 | + optfree(opts); | ||
24 | + return 1; | ||
25 | + } | ||
26 | + | ||
27 | + if(smfi_setconn(my_socket) == MI_FAILURE) { | ||
28 | + logg("!smfi_setconn failed\n"); | ||
29 | + logg_close(); | ||
30 | + optfree(opts); | ||
31 | + return 1; | ||
32 | + } | ||
33 | + if(smfi_register(descr) == MI_FAILURE) { | ||
34 | + logg("!smfi_register failed\n"); | ||
35 | + logg_close(); | ||
36 | + optfree(opts); | ||
37 | + return 1; | ||
38 | + } | ||
39 | + opt = optget(opts, "FixStaleSocket"); | ||
40 | + umsk = umask(0777); /* socket is created with 000 to avoid races */ | ||
41 | + if(smfi_opensocket(opt->enabled) == MI_FAILURE) { | ||
42 | + logg("!Failed to create socket %s\n", my_socket); | ||
43 | + logg_close(); | ||
44 | + optfree(opts); | ||
45 | + return 1; | ||
46 | + } | ||
47 | + umask(umsk); /* restore umask */ | ||
48 | + if(strncmp(my_socket, "inet:", 5) && strncmp(my_socket, "inet6:", 6)) { | ||
49 | + /* set group ownership and perms on the local socket */ | ||
50 | + char *sock_name = my_socket; | ||
51 | + mode_t sock_mode; | ||
52 | + if(!strncmp(my_socket, "unix:", 5)) | ||
53 | + sock_name += 5; | ||
54 | + if(!strncmp(my_socket, "local:", 6)) | ||
55 | + sock_name += 6; | ||
56 | + if(*my_socket == ':') | ||
57 | + sock_name ++; | ||
58 | + | ||
59 | + if(optget(opts, "MilterSocketGroup")->enabled) { | ||
60 | + char *gname = optget(opts, "MilterSocketGroup")->strarg, *end; | ||
61 | + gid_t sock_gid = strtol(gname, &end, 10); | ||
62 | + if(*end) { | ||
63 | + struct group *pgrp = getgrnam(gname); | ||
64 | + if(!pgrp) { | ||
65 | + logg("!Unknown group %s\n", gname); | ||
66 | + logg_close(); | ||
67 | + optfree(opts); | ||
68 | + return 1; | ||
69 | + } | ||
70 | + sock_gid = pgrp->gr_gid; | ||
71 | + } | ||
72 | + if(chown(sock_name, -1, sock_gid)) { | ||
73 | + logg("!Failed to change socket ownership to group %s\n", gname); | ||
74 | + logg_close(); | ||
75 | + optfree(opts); | ||
76 | + return 1; | ||
77 | + } | ||
78 | + } | ||
79 | + | ||
80 | + if ((opt = optget(opts, "User"))->enabled) { | ||
81 | + struct passwd *user; | ||
82 | + if ((user = getpwnam(opt->strarg)) == NULL) { | ||
83 | + logg("ERROR: Can't get information about user %s.\n", | ||
84 | + opt->strarg); | ||
85 | + logg_close(); | ||
86 | + optfree(opts); | ||
87 | + return 1; | ||
88 | + } | ||
89 | + | ||
90 | + if(chown(sock_name, user->pw_uid, -1)) { | ||
91 | + logg("!Failed to change socket ownership to user %s\n", user->pw_name); | ||
92 | + optfree(opts); | ||
93 | + logg_close(); | ||
94 | + return 1; | ||
95 | + } | ||
96 | + } | ||
97 | + | ||
98 | + if(optget(opts, "MilterSocketMode")->enabled) { | ||
99 | + char *end; | ||
100 | + sock_mode = strtol(optget(opts, "MilterSocketMode")->strarg, &end, 8); | ||
101 | + if(*end) { | ||
102 | + logg("!Invalid MilterSocketMode %s\n", optget(opts, "MilterSocketMode")->strarg); | ||
103 | + logg_close(); | ||
104 | + optfree(opts); | ||
105 | + return 1; | ||
106 | + } | ||
107 | + } else | ||
108 | + sock_mode = 0777 & ~umsk; | ||
109 | + | ||
110 | + if(chmod(sock_name, sock_mode & 0666)) { | ||
111 | + logg("!Cannot set milter socket permission to %s\n", optget(opts, "MilterSocketMode")->strarg); | ||
112 | + logg_close(); | ||
113 | + optfree(opts); | ||
114 | + return 1; | ||
115 | + } | ||
116 | + } | ||
117 | + | ||
118 | if(geteuid() == 0 && (opt = optget(opts, "User"))->enabled) { | ||
119 | struct passwd *user = NULL; | ||
120 | if((user = getpwnam(opt->strarg)) == NULL) { | ||
121 | @@ -248,15 +346,6 @@ int main(int argc, char **argv) { | ||
122 | |||
123 | multircpt = optget(opts, "SupportMultipleRecipients")->enabled; | ||
124 | |||
125 | - if(!(my_socket = optget(opts, "MilterSocket")->strarg)) { | ||
126 | - logg("!Please configure the MilterSocket directive\n"); | ||
127 | - localnets_free(); | ||
128 | - whitelist_free(); | ||
129 | - logg_close(); | ||
130 | - optfree(opts); | ||
131 | - return 1; | ||
132 | - } | ||
133 | - | ||
134 | if(!optget(opts, "Foreground")->enabled) { | ||
135 | if(daemonize() == -1) { | ||
136 | logg("!daemonize() failed\n"); | ||
137 | @@ -271,92 +360,6 @@ int main(int argc, char **argv) { | ||
138 | logg("^Can't change current working directory to root\n"); | ||
139 | } | ||
140 | |||
141 | - if(smfi_setconn(my_socket) == MI_FAILURE) { | ||
142 | - logg("!smfi_setconn failed\n"); | ||
143 | - localnets_free(); | ||
144 | - whitelist_free(); | ||
145 | - logg_close(); | ||
146 | - optfree(opts); | ||
147 | - return 1; | ||
148 | - } | ||
149 | - if(smfi_register(descr) == MI_FAILURE) { | ||
150 | - logg("!smfi_register failed\n"); | ||
151 | - localnets_free(); | ||
152 | - whitelist_free(); | ||
153 | - logg_close(); | ||
154 | - optfree(opts); | ||
155 | - return 1; | ||
156 | - } | ||
157 | - opt = optget(opts, "FixStaleSocket"); | ||
158 | - umsk = umask(0777); /* socket is created with 000 to avoid races */ | ||
159 | - if(smfi_opensocket(opt->enabled) == MI_FAILURE) { | ||
160 | - logg("!Failed to create socket %s\n", my_socket); | ||
161 | - localnets_free(); | ||
162 | - whitelist_free(); | ||
163 | - logg_close(); | ||
164 | - optfree(opts); | ||
165 | - return 1; | ||
166 | - } | ||
167 | - umask(umsk); /* restore umask */ | ||
168 | - if(strncmp(my_socket, "inet:", 5) && strncmp(my_socket, "inet6:", 6)) { | ||
169 | - /* set group ownership and perms on the local socket */ | ||
170 | - char *sock_name = my_socket; | ||
171 | - mode_t sock_mode; | ||
172 | - if(!strncmp(my_socket, "unix:", 5)) | ||
173 | - sock_name += 5; | ||
174 | - if(!strncmp(my_socket, "local:", 6)) | ||
175 | - sock_name += 6; | ||
176 | - if(*my_socket == ':') | ||
177 | - sock_name ++; | ||
178 | - | ||
179 | - if(optget(opts, "MilterSocketGroup")->enabled) { | ||
180 | - char *gname = optget(opts, "MilterSocketGroup")->strarg, *end; | ||
181 | - gid_t sock_gid = strtol(gname, &end, 10); | ||
182 | - if(*end) { | ||
183 | - struct group *pgrp = getgrnam(gname); | ||
184 | - if(!pgrp) { | ||
185 | - logg("!Unknown group %s\n", gname); | ||
186 | - localnets_free(); | ||
187 | - whitelist_free(); | ||
188 | - logg_close(); | ||
189 | - optfree(opts); | ||
190 | - return 1; | ||
191 | - } | ||
192 | - sock_gid = pgrp->gr_gid; | ||
193 | - } | ||
194 | - if(chown(sock_name, -1, sock_gid)) { | ||
195 | - logg("!Failed to change socket ownership to group %s\n", gname); | ||
196 | - localnets_free(); | ||
197 | - whitelist_free(); | ||
198 | - logg_close(); | ||
199 | - optfree(opts); | ||
200 | - return 1; | ||
201 | - } | ||
202 | - } | ||
203 | - if(optget(opts, "MilterSocketMode")->enabled) { | ||
204 | - char *end; | ||
205 | - sock_mode = strtol(optget(opts, "MilterSocketMode")->strarg, &end, 8); | ||
206 | - if(*end) { | ||
207 | - logg("!Invalid MilterSocketMode %s\n", optget(opts, "MilterSocketMode")->strarg); | ||
208 | - localnets_free(); | ||
209 | - whitelist_free(); | ||
210 | - logg_close(); | ||
211 | - optfree(opts); | ||
212 | - return 1; | ||
213 | - } | ||
214 | - } else | ||
215 | - sock_mode = 0777 & ~umsk; | ||
216 | - | ||
217 | - if(chmod(sock_name, sock_mode & 0666)) { | ||
218 | - logg("!Cannot set milter socket permission to %s\n", optget(opts, "MilterSocketMode")->strarg); | ||
219 | - localnets_free(); | ||
220 | - whitelist_free(); | ||
221 | - logg_close(); | ||
222 | - optfree(opts); | ||
223 | - return 1; | ||
224 | - } | ||
225 | - } | ||
226 | - | ||
227 | maxfilesize = optget(opts, "MaxFileSize")->numarg; | ||
228 | if(!maxfilesize) { | ||
229 | logg("^Invalid MaxFileSize, using default (%d)\n", CLI_DEFAULT_MAXFILESIZE); | ||