[Pkg-dspam-misc] Bug#498434: dspam.cgi's handling of opt in/out broken
Roderick Schertler
roderick at argon.org
Wed Sep 10 00:01:02 UTC 2008
Package: dspam
Version: 3.6.8-8
Severity: important
Tags: patch
I've set up dspam on a system on which users have accounts but don't have
shell access. I'd planned on letting them opt in to dspam via dspam.cgi,
but I found that it's handling of this (while it looks like it's present)
is completely broken.
Here is a patch.
--- dspam.cgi.distrib 2008-02-17 08:51:01.000000000 -0500
+++ dspam.cgi 2008-09-09 19:49:00.000000000 -0400
@@ -625,7 +625,9 @@
} else {
- open(FILE, ">$FILE") || do { &error("Unable to write preferences: $!"); };
+ (my $dir = $FILE) =~ s|/[^/]+\z||;
+ -d $dir || mkdir($dir, 0770) || do { &error("Unable to mkdir $dir: $!"); };
+ open(FILE, ">$FILE") || do { &error("Unable to write preferences to $FILE: $!"); };
print FILE <<_END;
trainingMode=$FORM{'trainingMode'}
spamAction=$FORM{'spamAction'}
@@ -640,6 +642,7 @@
_END
close(FILE);
}
+ OptInOut($FORM{'optIn'}, $FORM{'optOut'});
redirect("$CONFIG{'ME'}?user=$FORM{'user'}&template=preferences");
}
@@ -666,10 +669,13 @@
$DATA{"C_WHITELIST"} = "CHECKED";
}
+ # Check opt in/out status based on files, even when the preferences
+ # extension is in use, as this looks to be the way dspam does it.
+
if ($CONFIG{'OPTMODE'} eq "OUT") {
- $DATA{"OPTION"} = "<INPUT TYPE=CHECKBOX NAME=optOut " . $DATA{'C_OPTOUT'} . ">Disable DSPAM filtering<br>";
+ $DATA{"OPTION"} = "<INPUT TYPE=CHECKBOX NAME=optOut " . (OptedOut() ? "CHECKED" : "") . ">Disable DSPAM filtering<br>";
} elsif ($CONFIG{'OPTMODE'} eq "IN") {
- $DATA{"OPTION"} = "<INPUT TYPE=CHECKBOX NAME=optIn " . $DATA{'C_OPTIN'} . ">Enable DSPAM filtering<br>";
+ $DATA{"OPTION"} = "<INPUT TYPE=CHECKBOX NAME=optIn " . (OptedIn() ? "CHECKED" : "") . ">Enable DSPAM filtering<br>";
} else {
$DATA{"OPTION"} = "";
}
@@ -677,6 +683,56 @@
&output(%DATA);
}
+sub OptInOutPath {
+ my ($type) = @_;
+ return "$CONFIG{'DSPAM_HOME'}/opt-$type/" . GetSubPath($CURRENT_USER)
+ . ".dspam";
+}
+
+sub OptedInOut {
+ my ($type) = @_;
+ return -f OptInOutPath $type;
+}
+
+sub OptedIn {
+ return OptedInOut 'in';
+}
+
+sub OptedOut {
+ return OptedInOut 'out';
+}
+
+# Create or remove the opt-in or opt-out file as appropriate.
+
+sub OptInOut {
+ my ($optIn, $optOut) = @_;
+
+ my $default_opt_in = ($CONFIG{'OPTMODE'} eq "IN");
+
+ for (["in" , $optIn , $default_opt_in],
+ ["out", $optOut, !$default_opt_in]) {
+ my ($type, $raw_val, $is_default) = @$_;
+ my $bool_val = ($raw_val eq 'on');
+ my $path = OptInOutPath $type;
+ my $want_file = $is_default && $bool_val;
+ my $have_file = stat $path;
+ #warn "path=$path want_file=$want_file have_file=$have_file\n";
+ if ($want_file xor $have_file) {
+ if ($want_file) {
+ if (!open my $fh, ">>", $path) {
+ &error("Unable to create $path: $!");
+ } else {
+ close $fh;
+ }
+ } else {
+ if (!unlink $path) {
+ &error("Unable to remove $path: $!");
+ }
+ }
+ }
+ }
+}
+
#
# Quarantine Functions
#
@@ -1523,7 +1579,7 @@
return $h;
}
-sub GetPath {
+sub GetSubPath {
my($USER) = @_;
my($PATH);
@@ -1535,22 +1591,20 @@
$VPOPDOMAIN = (split(/@/, $USER))[1];
$VPOPDOMAIN = "local" if ($VPOPDOMAIN eq "");
- $PATH = "$CONFIG{'DSPAM_HOME'}/data/$VPOPDOMAIN/$VPOPUSERNAME/" .
- "$VPOPUSERNAME";
+ $PATH = "$VPOPDOMAIN/$VPOPUSERNAME";
return $PATH;
# Normal scale
} elsif ($CONFIG{'LARGE_SCALE'} == 0) {
- $PATH = "$CONFIG{'DSPAM_HOME'}/data/$USER/$USER";
+ $PATH = $USER;
return $PATH;
# Large-scale
} else {
if (length($USER)>1) {
- $PATH = "$CONFIG{'DSPAM_HOME'}/data/" . substr($USER, 0, 1) .
- "/". substr($USER, 1, 1) . "/$USER/$USER";
+ $PATH = substr($USER, 0, 1) . "/". substr($USER, 1, 1) . "/$USER";
} else {
- $PATH = "$CONFIG{'DSPAM_HOME'}/data/$USER/$USER";
+ $PATH = $USER;
}
return $PATH;
}
@@ -1558,6 +1612,11 @@
&error("Unable to determine filesystem scale");
}
+sub GetPath {
+ my($USER) = @_;
+
+ return "$CONFIG{'DSPAM_HOME'}/data/" . GetSubPath($USER) . "/$USER";
+}
sub GetPrefs {
my(%PREFS);
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (870, 'stable'), (700, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686-bigmem
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages dspam depends on:
ii libc6 2.7-10 GNU C Library: Shared libraries
ii libdspam7 3.6.8-5etch1 DSPAM is a scalable and statistica
ii libldap-2.4-2 2.4.7-6.1 OpenLDAP libraries
ii procmail 3.22-16 Versatile e-mail processor
Versions of packages dspam recommends:
ii clamav-daemon 0.93.1.dfsg-volatile1 anti-virus utility for Unix - scan
ii dspam-doc 3.6.8-5etch1 Documentation for dspam
-- no debconf information
--
Roderick Schertler
roderick at argon.org
More information about the Pkg-dspam-misc
mailing list