inn.conf: Support for `newsuser', `newsgrp' options (patch is, hopefully, included)

Julien ÉLIE julien at trigofacile.com
Fri Dec 14 14:18:26 UTC 2007 

Hi Ivan,

>> Ecartis does all sorts of fascinating things to messages for no
>> particularly good reasons.
>
> Oh, now I see, it strips MIME attachments, too!

Yes, that's true.  I think it is the ml inn-patches [A.T.] isc.org
which does not strip such attachments.


> I've actually have written some code already.  Could you take a
> look at it?

That looks like a very good start.

But shouldn't ensure_news_user_grp() also be factorised
in frontends/rnews.c, innd/innd.c, nnrpd/nnrpd.c, storage/ovdb/ovdb.c
and storage/tradindexed/tdx-util.c?  I see the same patterns in these files.


> There's an issue with get_news_uid_gid () -- it assumes innconf
> != NULL (i. e., `inn.conf' was read.)  However, when `inndstart'
> is started ``setuid root'', it's way more secure to read
> `inn.conf' /after/ dropping privileges (as it's done now.)  So,
> get_news_uid_gid () should contain a fallback, like:
>
>   const char *newsuser = innconf != 0 ? innconf->newsuser : NEWSUSER;
>   const char *newsgrp  = innconf != 0 ? innconf->newsgrp  : NEWSGRP;
>
> to be used in `inndstart'.

It is a bit different in INN 2.5 since inndstart is no longer used:
backends/innbind is now starting everything and it will not change
users.  So perhaps get_news_uid_gid() should not be used there and
the code kept intact (?)

    /* If we're running privileged (effective and real UIDs are different),
       convert NEWSUSER to a UID and exit if run by another user.  Don't do
       this if we're not running privileged to make installations that don't
       need privileged ports easier and to make testing easier. */
    real_uid = getuid();
    if (real_uid != geteuid()) {
        pwd = getpwnam(NEWSUSER);
        if (pwd == NULL)
            die("cannot get UID for %s", NEWSUSER);
        if (real_uid != pwd->pw_uid)
            die("must be run by user %s (%lu), not %lu", NEWSUSER,
                (unsigned long) pwd->pw_uid, (unsigned long) real_uid);
    }


> There may be other issues with the code, so I'd ask not to apply
> these patches right now.  However, I'll appreciate any comments
> on them.

Well, I am not an expert so I do not have many comments on that
(I believe other people here will provide you with wise remarks).


> diff -drHu inn2-2.4.3+20070806-debian-1/include/inn/innconf.h inn2-2.4.3+20070806-debian-1-newsuser/include/inn/innconf.h
> --- inn2-2.4.3+20070806-debian-1/include/inn/innconf.h 2007-08-06 16:07:29.000000000 +0700
> +++ inn2-2.4.3+20070806-debian-1-newsuser/include/inn/innconf.h 2007-12-11 22:23:57.000000000 +0600
> @@ -26,6 +26,8 @@
>     char *mta;                  /* MTA for mailing to moderators, innmail */
>     char *pathhost;             /* Entry for the Path line */
>     char *server;               /* Default server to connect to */
> +    char *newsuser; /* User to run under */
> +    char *newsgrp; /* Group to run under */

It should be detabify for INN's coding style ;-)
But it does not matter much.


Well, here are a few remaining and easy patches (and doc/pod/inn.conf.pod
should also be updated):

Index: scripts/innshellvars.pl.in
===================================================================
--- scripts/innshellvars.pl.in  (révision 7701)
+++ scripts/innshellvars.pl.in  (copie de travail)
@@ -101,8 +101,8 @@
 ($tempsockdir = "${innddir}/ctlinndXXXXXX") =~ s!/[^/]*$!! ;

 $newsmaster = '@NEWSMASTER@' ;
-$newsuser = '@NEWSUSER@' ;
-$newsgroup = '@NEWSGRP@' ;
+$newsuser = $newsuser ;
+$newsgroup = $newsgrp ;

 $do_dbz_tagged_hash = '@DO_DBZ_TAGGED_HASH@' ;

Index: scripts/innshellvars.tcl.in
===================================================================
--- scripts/innshellvars.tcl.in (révision 7701)
+++ scripts/innshellvars.tcl.in (copie de travail)
@@ -92,8 +92,8 @@
 set inn_tempsockdir [ exec echo ${inn_innddir}/ctlinndXXXXXX | $inn_sed -e {s@/[^/]*$@@} ]

 set inn_newsmaster "@NEWSMASTER@"
-set inn_newsuser "@NEWSUSER@"
-set inn_newsgroup "@NEWSGRP@"
+set inn_newsuser "$newsuser"
+set inn_newsgroup "$newsgrp"

 set do_dbz_tagged_hash "@DO_DBZ_TAGGED_HASH@"

Index: scripts/innshellvars.in
===================================================================
--- scripts/innshellvars.in     (révision 7701)
+++ scripts/innshellvars.in     (copie de travail)
@@ -97,8 +97,8 @@
 TEMPSOCKDIR=`echo ${INNDDIR}/ctlinndXXXXXX | ${SED} -e 's@/[^/]*$@@'`

 NEWSMASTER=@NEWSMASTER@
-NEWSUSER=@NEWSUSER@
-NEWSGROUP=@NEWSGRP@
+NEWSUSER=${NEWSUSER}
+NEWSGROUP=${NEWSGRP}

 FILEMODE=@FILEMODE@
 INEWSMODE=@INEWSMODE@
Index: perl/INN/Config.pm.in
===================================================================
--- perl/INN/Config.pm.in       (révision 7701)
+++ perl/INN/Config.pm.in       (copie de travail)
@@ -139,8 +139,8 @@
 my @SYSVAR = qw($newsmaster $newsuser $newsgroup
 $filemode $inewsmode $rnewsmode $umask $syslog_facility);
 our $newsmaster = '@NEWSMASTER@';
-our $newsuser = '@NEWSUSER@';
-our $newsgroup = '@NEWSGRP@';
+our $newsuser = $newsuser;
+our $newsgroup = $newsgrp;
 our $filemode = @FILEMODE@;      # It is a number.
 our $inewsmode = @INEWSMODE@;
 our $rnewsmode = @RNEWSMODE@;
Index: samples/inn.conf.in
===================================================================
--- samples/inn.conf.in (révision 7701)
+++ samples/inn.conf.in (copie de travail)
@@ -29,6 +29,8 @@
 #domain:
 #innflags:
 mailcmd:                @bindir@/innmail
+#newsuser:
+#newsgrp:
 #server:

 # Feed Configuration




Regards,

-- 
Julien ÉLIE

« -- C'est un drôle de nom, HCL.
  -- C'est son immatriculation d'espion. Son vrai nom,
  c'est Acidcloridrix... » (Astérix)

More information about the inn-workers mailing list