[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b

aCaB acab at clamav.net
Sun Apr 4 01:19:00 UTC 2010 

The following commit has been merged in the debian/unstable branch:
commit e394c51305bf5657263f951aa7ca924037f14cf1
Author: aCaB <acab at clamav.net>
Date:   Thu Feb 4 22:01:05 2010 +0100

    bb#1789 - part two

diff --git a/clamav-milter/clamav-milter.c b/clamav-milter/clamav-milter.c
index 7f3df2f..4bc54e7 100644
--- a/clamav-milter/clamav-milter.c
+++ b/clamav-milter/clamav-milter.c
@@ -52,6 +52,7 @@ int main(int argc, char **argv) {
     const struct optstruct *opt;
     struct optstruct *opts;
     time_t currtime;
+    mode_t umsk;
     int ret;
 
     memset(&descr, 0, sizeof(struct smfiDesc));
@@ -280,6 +281,7 @@ int main(int argc, char **argv) {
 	return 1;
     }
     opt = optget(opts, "FixStaleSocket");
+    umsk = umask(0777); /* socket is created with 000 to avoid races */ 
     if(smfi_opensocket(opt->enabled) == MI_FAILURE) {
 	logg("!Failed to create socket %s\n", my_socket);
 	localnets_free();
@@ -288,6 +290,65 @@ int main(int argc, char **argv) {
 	optfree(opts);
 	return 1;
     }
+    umask(umsk); /* restore umask */
+    if(strncmp(my_socket, "inet:", 5) && strncmp(my_socket, "inet6:", 6)) {
+	/* set group ownership and perms on the local socket */
+	char *sock_name = my_socket;
+	mode_t sock_mode;
+	if(!strncmp(my_socket, "unix:", 5))
+	    sock_name += 5;
+	if(!strncmp(my_socket, "local:", 6))
+	    sock_name += 6;
+	if(*my_socket == ':')
+	    sock_name ++;
+
+	if(optget(opts, "MilterSocketGroup")->enabled) {
+	    char *gname = optget(opts, "MilterSocketGroup")->strarg, *end;
+	    gid_t sock_gid = strtol(gname, &end, 10);
+	    if(*end) {
+		struct group *pgrp = getgrnam(gname);
+		if(!pgrp) {
+		    logg("!Unknown group %s\n", gname);
+		    localnets_free();
+		    whitelist_free();
+		    logg_close();
+		    optfree(opts);
+		    return 1;
+		}
+		sock_gid = pgrp->gr_gid;
+	    }
+	    if(chown(sock_name, -1, sock_gid)) {
+		logg("!Failed to change socket ownership to group %s\n", gname);
+		localnets_free();
+		whitelist_free();
+		logg_close();
+		optfree(opts);
+		return 1;
+	    }
+	}
+	if(optget(opts, "MilterSocketMode")->enabled) {
+	    char *end;
+	    sock_mode = strtol(optget(opts, "MilterSocketMode")->strarg, &end, 8);
+	    if(*end) {
+		logg("!Invalid MilterSocketMode %s\n", optget(opts, "MilterSocketMode")->strarg);
+		localnets_free();
+		whitelist_free();
+		logg_close();
+		optfree(opts);
+		return 1;
+	    }
+	} else
+	    sock_mode = 0777 & ~umsk;
+
+	if(chmod(sock_name, sock_mode & 0666)) {
+	    logg("!Cannot set milter socket permission to %s\n", optget(opts, "MilterSocketMode")->strarg);
+	    localnets_free();
+	    whitelist_free();
+	    logg_close();
+	    optfree(opts);
+	    return 1;
+	}
+    }
 
     maxfilesize = optget(opts, "MaxFileSize")->numarg;
     readtimeout = optget(opts, "ReadTimeout")->numarg;
diff --git a/clamd/clamd.c b/clamd/clamd.c
index d2533e1..07fb9fe 100644
--- a/clamd/clamd.c
+++ b/clamd/clamd.c
@@ -487,11 +487,11 @@ int main(int argc, char **argv)
 		break;
 	    }
 	}
-	if(optget(opts, "LocalSocketPerms")->enabled) {
+	if(optget(opts, "LocalSocketMode")->enabled) {
 	    char *end;
-	    sock_mode = strtol(optget(opts, "LocalSocketPerms")->strarg, &end, 8);
+	    sock_mode = strtol(optget(opts, "LocalSocketMode")->strarg, &end, 8);
 	    if(*end) {
-		logg("!Invalid LocalSocketPerms %s\n", optget(opts, "LocalSocketPerms")->strarg);
+		logg("!Invalid LocalSocketMode %s\n", optget(opts, "LocalSocketMode")->strarg);
 		ret = 1;
 		break;
 	    }
@@ -499,7 +499,7 @@ int main(int argc, char **argv)
 	    sock_mode = 0777 /* & ~umsk*/; /* conservative default: umask was 0 in clamd < 0.96 */
 
 	if(chmod(optget(opts, "LocalSocket")->strarg, sock_mode & 0666)) {
-	    logg("!Cannot set socket permission to %s\n", optget(opts, "LocalSocketPerms")->strarg);
+	    logg("!Cannot set socket permission to %s\n", optget(opts, "LocalSocketMode")->strarg);
 	    ret = 1;
 	    break;
 	}
diff --git a/shared/optparser.c b/shared/optparser.c
index fc40bc1..f29cd94 100644
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -186,7 +186,7 @@ const struct clam_option __clam_options[] = {
 
     { "LocalSocketGroup", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Sets the group ownership on the unix socket.", "virusgroup" },
 
-    { "LocalSocketPerms", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Sets the permissions on the unix socket.", "660" },
+    { "LocalSocketMode", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD, "Sets the permissions on the unix socket to the specified mode.", "660" },
 
     { "FixStaleSocket", NULL, 0, TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_MILTER, "Remove a stale socket after unclean shutdown", "yes" },
 
@@ -395,6 +395,10 @@ const struct clam_option __clam_options[] = {
 
     { "MilterSocket",NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "Define the interface through which we communicate with sendmail.\nThis option is mandatory! Possible formats are:\n[[unix|local]:]/path/to/file - to specify a unix domain socket;\ninet:port@[hostname|ip-address] - to specify an ipv4 socket;\ninet6:port@[hostname|ip-address] - to specify an ipv6 socket.", "/tmp/clamav-milter.socket\ninet:7357" },
 
+    { "MilterSocketGroup", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "Define the group ownership for the (unix) milter socket.", "virusgroup" },
+
+    { "MilterSocketMode", NULL, 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_MILTER, "Sets the permissions on the (unix) milter socket to the specified mode.", "660" },
+
     { "LocalNet", NULL, 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_MILTER, "Messages originating from these hosts/networks will not be scanned\nThis option takes a host(name)/mask pair in CIRD notation and can be\nrepeated several times. If \"/mask\" is omitted, a host is assumed.\nTo specify a locally orignated, non-smtp, email use the keyword \"local\".", "local\n192.168.0.0/24\n1111:2222:3333::/48" },
 
     { "OnClean", NULL, 0, TYPE_STRING, "^(Accept|Reject|Defer|Blackhole|Quarantine)$", -1, "Accept", 0, OPT_MILTER, "Action to be performed on clean messages (mostly useful for testing).\nThe following actions are available:\nAccept: the message is accepted for delievery\nReject: immediately refuse delievery (a 5xx error is returned to the peer)\nDefer: return a temporary failure message (4xx) to the peer\nBlackhole: like Accept but the message is sent to oblivion\nQuarantine: like Accept but message is quarantined instead of being delivered", "Accept" },

-- 
Debian repository for ClamAV

More information about the Pkg-clamav-commits mailing list