[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-181-gd3beb8f

Mon Jun 15 22:11:41 UTC 2009

The following commit has been merged in the debian/unstable branch:
commit c3145f86ef304ec9e20f23c2fa0f011442aadc39
Author: martin f. krafft <madduck at madduck.net>
Date:   Mon Jun 15 11:21:00 2009 +0200

    Rewrite socket group changing for milter
    
    I recreated /etc/default/clamav-milter.conf with a single variable:
    
      SOCKET_RWGROUP     the name of a group to get g+w access on the socket
    
    This should make integration with postfix work again, while also being
    sufficiently generic.
    
    I initially considered SOCKET_PERMS=clamav:postfix:775 but then noticed
    that $User comes from the clamav configuration already, and couldn't
    imagine any other use cases.
    
    Signed-off-by: martin f. krafft <madduck at madduck.net>

diff --git a/debian/clamav-milter.default b/debian/clamav-milter.default
new file mode 100644
index 0000000..68b2d1e
--- /dev/null
+++ b/debian/clamav-milter.default
@@ -0,0 +1,13 @@
+#
+# clamav-milter init options
+#
+
+## SOCKET_RWGROUP
+# by default, the socket created by the milter has permissions
+# clamav:clamav:755. SOCKET_RWGROUP changes the group and changes the
+# permissions to 775 to give read-write access to that group.
+#
+# If you are using postfix to speak to the milter, you have to give permission
+# to the postfix group to write 
+#
+#SOCKET_RWGROUP=postfix
diff --git a/debian/clamav-milter.init.in b/debian/clamav-milter.init.in
index 5bbd991..e1f526f 100644
--- a/debian/clamav-milter.init.in
+++ b/debian/clamav-milter.init.in
@@ -37,6 +37,8 @@ if [ ! -f "$CLAMAVCONF" ]; then
   exit 0
 fi
 
+[ -f /etc/default/clamav-milter ] && . /etc/default/clamav-milter
+
 slurp_config "$CLAMAVCONF"
 [ -n "$User" ] || User=clamav
 
@@ -58,16 +60,47 @@ else
   SOCKET="$MilterSocket"
 fi
 
+wait_for_socket()
+{
+  local socket; socket="$1"
+  local retries; retries=${2:-15}
+  local sleeptime; sleeptime=${3:-1}
+  while [ $retries -gt 0 ]; do
+    retries=$(($retries - 1))
+    [ -S "$socket" ] && break
+    sleep $sleeptime
+  done
+  test $retries -ne 0
+}
+
+change_socket_group()
+{
+  local socket; socket="$1"
+  local group; group="$2"
+  local retries; retries=${3:-15}
+  local sleeptime; sleeptime=${4:-1}
+
+  [ -n "$group" ] || return 0
+
+  if wait_for_socket "$socket" $retries $sleeptime; then
+    chmod g+w "$SOCKET_PATH"
+    chgrp "$SOCKET_RWGROUP" "$SOCKET_PATH"
+  else
+    log_warning_msg "Tried to change socket group, but socket did not appear."
+  fi
+}
+
 case "$SOCKET" in
   /*)
   SOCKET_PATH="$SOCKET"
-  SOCKET="local:$SOCKET"
+  SOCKET_TYPE="local"
   ;;
   *)
-  SOCKET_PATH=`echo $SOCKET | sed -e s/local\://`
-  # If the socket is type inet: we don't care - we can't rm -f that later :)
+  SOCKET_PATH="${SOCKET#*:}"
+  SOCKET_TYPE="${SOCKET%%:*}"
   ;;
 esac
+SOCKET="${SOCKET_TYPE:-local}:${SOCKET_PATH}"
 
 if is_true "$Foreground"; then
   if [ ! -x "$SUPERVISOR" ] ; then
@@ -128,22 +161,10 @@ case "$1" in
     $SUPERVISOR $SUPERVISORARGS -X "$SUPERVISOR_EXEC"
     ret=$?
   fi
-  if [ $ret = 0 ] && [ "$USE_POSTFIX" = 'yes' ] && [ "${SOCKET_PATH#inet}" = "${SOCKET_PATH}" ]; then
-    cnt=0
-    until [ -e "$SOCKET_PATH" ] ; do
-      cnt=`expr "$cnt" + 1`
-      if [ "$cnt" -gt 15 ]; then
-        break
-      fi
-      sleep 2
-    done
-    if [ -e "$SOCKET_PATH" ]; then
-      chmod g+w $SOCKET_PATH
-      chgrp postfix $SOCKET_PATH
-    else
-      log_warning_msg "Socket not created.  Investigate"
-    fi
-  fi
+
+  # try 15*1 seconds to change the socket group
+  change_socket_group "$SOCKET_PATH" "$SOCKET_RWGROUP" 15 1
+
   log_end_msg $ret
   ;;
   stop)

-- 
Debian repository for ClamAV

