inn.conf: Support for `newsuser', `newsgrp' options (patch is, hopefully, included)
Julien ÉLIE
julien at trigofacile.com
Fri Dec 14 14:18:26 UTC 2007
Hi Ivan,
>> Ecartis does all sorts of fascinating things to messages for no
>> particularly good reasons.
>
> Oh, now I see, it strips MIME attachments, too!
Yes, that's true. I think it is the ml inn-patches [A.T.] isc.org
which does not strip such attachments.
> I've actually have written some code already. Could you take a
> look at it?
That looks like a very good start.
But shouldn't ensure_news_user_grp() also be factorised
in frontends/rnews.c, innd/innd.c, nnrpd/nnrpd.c, storage/ovdb/ovdb.c
and storage/tradindexed/tdx-util.c? I see the same patterns in these files.
> There's an issue with get_news_uid_gid () -- it assumes innconf
> != NULL (i. e., `inn.conf' was read.) However, when `inndstart'
> is started ``setuid root'', it's way more secure to read
> `inn.conf' /after/ dropping privileges (as it's done now.) So,
> get_news_uid_gid () should contain a fallback, like:
>
> const char *newsuser = innconf != 0 ? innconf->newsuser : NEWSUSER;
> const char *newsgrp = innconf != 0 ? innconf->newsgrp : NEWSGRP;
>
> to be used in `inndstart'.
It is a bit different in INN 2.5 since inndstart is no longer used:
backends/innbind is now starting everything and it will not change
users. So perhaps get_news_uid_gid() should not be used there and
the code kept intact (?)
/* If we're running privileged (effective and real UIDs are different),
convert NEWSUSER to a UID and exit if run by another user. Don't do
this if we're not running privileged to make installations that don't
need privileged ports easier and to make testing easier. */
real_uid = getuid();
if (real_uid != geteuid()) {
pwd = getpwnam(NEWSUSER);
if (pwd == NULL)
die("cannot get UID for %s", NEWSUSER);
if (real_uid != pwd->pw_uid)
die("must be run by user %s (%lu), not %lu", NEWSUSER,
(unsigned long) pwd->pw_uid, (unsigned long) real_uid);
}
> There may be other issues with the code, so I'd ask not to apply
> these patches right now. However, I'll appreciate any comments
> on them.
Well, I am not an expert so I do not have many comments on that
(I believe other people here will provide you with wise remarks).
> diff -drHu inn2-2.4.3+20070806-debian-1/include/inn/innconf.h inn2-2.4.3+20070806-debian-1-newsuser/include/inn/innconf.h
> --- inn2-2.4.3+20070806-debian-1/include/inn/innconf.h 2007-08-06 16:07:29.000000000 +0700
> +++ inn2-2.4.3+20070806-debian-1-newsuser/include/inn/innconf.h 2007-12-11 22:23:57.000000000 +0600
> @@ -26,6 +26,8 @@
> char *mta; /* MTA for mailing to moderators, innmail */
> char *pathhost; /* Entry for the Path line */
> char *server; /* Default server to connect to */
> + char *newsuser; /* User to run under */
> + char *newsgrp; /* Group to run under */
It should be detabify for INN's coding style ;-)
But it does not matter much.
Well, here are a few remaining and easy patches (and doc/pod/inn.conf.pod
should also be updated):
Index: scripts/innshellvars.pl.in
===================================================================
--- scripts/innshellvars.pl.in (révision 7701)
+++ scripts/innshellvars.pl.in (copie de travail)
@@ -101,8 +101,8 @@
($tempsockdir = "${innddir}/ctlinndXXXXXX") =~ s!/[^/]*$!! ;
$newsmaster = '@NEWSMASTER@' ;
-$newsuser = '@NEWSUSER@' ;
-$newsgroup = '@NEWSGRP@' ;
+$newsuser = $newsuser ;
+$newsgroup = $newsgrp ;
$do_dbz_tagged_hash = '@DO_DBZ_TAGGED_HASH@' ;
Index: scripts/innshellvars.tcl.in
===================================================================
--- scripts/innshellvars.tcl.in (révision 7701)
+++ scripts/innshellvars.tcl.in (copie de travail)
@@ -92,8 +92,8 @@
set inn_tempsockdir [ exec echo ${inn_innddir}/ctlinndXXXXXX | $inn_sed -e {s@/[^/]*$@@} ]
set inn_newsmaster "@NEWSMASTER@"
-set inn_newsuser "@NEWSUSER@"
-set inn_newsgroup "@NEWSGRP@"
+set inn_newsuser "$newsuser"
+set inn_newsgroup "$newsgrp"
set do_dbz_tagged_hash "@DO_DBZ_TAGGED_HASH@"
Index: scripts/innshellvars.in
===================================================================
--- scripts/innshellvars.in (révision 7701)
+++ scripts/innshellvars.in (copie de travail)
@@ -97,8 +97,8 @@
TEMPSOCKDIR=`echo ${INNDDIR}/ctlinndXXXXXX | ${SED} -e 's@/[^/]*$@@'`
NEWSMASTER=@NEWSMASTER@
-NEWSUSER=@NEWSUSER@
-NEWSGROUP=@NEWSGRP@
+NEWSUSER=${NEWSUSER}
+NEWSGROUP=${NEWSGRP}
FILEMODE=@FILEMODE@
INEWSMODE=@INEWSMODE@
Index: perl/INN/Config.pm.in
===================================================================
--- perl/INN/Config.pm.in (révision 7701)
+++ perl/INN/Config.pm.in (copie de travail)
@@ -139,8 +139,8 @@
my @SYSVAR = qw($newsmaster $newsuser $newsgroup
$filemode $inewsmode $rnewsmode $umask $syslog_facility);
our $newsmaster = '@NEWSMASTER@';
-our $newsuser = '@NEWSUSER@';
-our $newsgroup = '@NEWSGRP@';
+our $newsuser = $newsuser;
+our $newsgroup = $newsgrp;
our $filemode = @FILEMODE@; # It is a number.
our $inewsmode = @INEWSMODE@;
our $rnewsmode = @RNEWSMODE@;
Index: samples/inn.conf.in
===================================================================
--- samples/inn.conf.in (révision 7701)
+++ samples/inn.conf.in (copie de travail)
@@ -29,6 +29,8 @@
#domain:
#innflags:
mailcmd: @bindir@/innmail
+#newsuser:
+#newsgrp:
#server:
# Feed Configuration
Regards,
--
Julien ÉLIE
« -- C'est un drôle de nom, HCL.
-- C'est son immatriculation d'espion. Son vrai nom,
c'est Acidcloridrix... » (Astérix)
More information about the inn-workers
mailing list