From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Apr 29 08:50:08 2003 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 616B437B401 for ; Tue, 29 Apr 2003 08:50:08 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id BACC243FAF for ; Tue, 29 Apr 2003 08:50:06 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h3TFo6Up047707 for ; Tue, 29 Apr 2003 08:50:06 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h3TFo6dg047706; Tue, 29 Apr 2003 08:50:06 -0700 (PDT) Resent-Date: Tue, 29 Apr 2003 08:50:06 -0700 (PDT) Resent-Message-Id: <200304291550.h3TFo6dg047706@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Dominic Marks Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B60637B401 for ; Tue, 29 Apr 2003 08:48:01 -0700 (PDT) Received: from cus.org.uk (host213-106-240-81.no-dns-yet.ntli.net [213.106.240.81]) by mx1.FreeBSD.org (Postfix) with ESMTP id B55B643FAF for ; Tue, 29 Apr 2003 08:47:59 -0700 (PDT) (envelope-from dom@cus.org.uk) Received: from cus.org.uk (localhost.cus.org.uk [127.0.0.1]) by cus.org.uk (8.12.6/8.12.6) with ESMTP id h3TFlw5h075392 for ; Tue, 29 Apr 2003 16:47:58 +0100 (BST) (envelope-from dom@cus.org.uk) Received: (from dom@localhost) by cus.org.uk (8.12.6/8.12.6/Submit) id h3TFlwUf075391; Tue, 29 Apr 2003 16:47:58 +0100 (BST) Message-Id: <200304291547.h3TFlwUf075391@cus.org.uk> Date: Tue, 29 Apr 2003 16:47:58 +0100 (BST) From: Dominic Marks To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/51593: Maintainer Update: mail/dovecot X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Dominic Marks List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Apr 2003 15:50:08 -0000 >Number: 51593 >Category: ports >Synopsis: Maintainer Update: mail/dovecot >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Apr 29 08:50:06 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Dominic Marks >Release: FreeBSD 4.7-STABLE i386 >Organization: UMIST >Environment: System: FreeBSD moo.cus.org.uk 4.7-STABLE FreeBSD 4.7-STABLE #4: Wed Apr 16 15:13:46 BST 2003 root@moo.cus.org.uk:/usr/obj/usr/src/sys/BAA i386 >Description: mail/dovecot 0.98.8.1 -> 0.99.9 o Many Dovecot fixes o Many port corrections and fixes o OpenLDAP support o PostgreSQL support o Added additional port Documentation o Added some FreeBSD-specific patches >How-To-Repeat: NA. >Fix: 1. Rename dovecot-imapd.sh to dovecot.sh.sample - This file has been changed also, see below. 2. Apply the following diff 3. Add the new patch files and documentation Index: Makefile =================================================================== RCS file: /home/ncvs/ports/mail/dovecot/Makefile,v retrieving revision 1.10 diff -u -3 -p -r1.10 Makefile --- Makefile 31 Mar 2003 09:18:00 -0000 1.10 +++ Makefile 29 Apr 2003 15:37:28 -0000 @@ -6,19 +6,42 @@ # PORTNAME= dovecot -PORTVERSION= 0.99.8.1 +PORTVERSION= 0.99.9 CATEGORIES= mail ipv6 MASTER_SITES= http://dovecot.procontrol.fi/ MAINTAINER= d.marks@student.umist.ac.uk COMMENT= Secure and compact IMAP and POP3 servers +LIB_DEPENDS= iconv.3:${PORTSDIR}/converters/libiconv + USE_REINPLACE= yes GNU_CONFIGURE= yes CONFIGURE_ARGS+= --without-shadow --enable-ipv6 \ - --localstatedir=/var/dovecot --with-ssl=openssl \ + --localstatedir=/var --with-ssl=openssl \ --with-ssldir=/var/dovecot/ssl --with-pop3d \ - --with-ldap --with-pam + --with-pam +CONFIGURE_ENV+= CPPFLAGS=-I${LOCALBASE}/include \ + LDFLAGS=-L${LOCALBASE}/lib + +# +# Feature Autodetection +# +.if exists(${LOCALBASE}/lib/libsasl.so.2) +WITH_SASL2= yes +.endif + +.if exists(${LOCALBASE}/vpopmail/bin/vckpw) +WITH_VPOPMAIL= yes +.endif + +.if exists(${LOCALBASE}/lib/libldap.so.2) +WITH_LDAP2= yes +.endif + +.if exists(${LOCALBASE}/lib/libpq.so.3) +WITH_PGSQL= yes +.endif # # SASL2 support @@ -45,7 +68,48 @@ BUILD_DEPENDS+= ${VPOPMAIL}:${PORTSDIR}/ CONFIGURE_ARGS+= --with-vpopmail .endif +# +# OpenLDAP Support +# +# LDAP is the light-weight directory access +# protocol and can be used by Dovecot for its +# user database. +# +.if WITH_LDAP2 +LIB_DEPENDS+= ldap.2:${PORTSDIR}/net/openldap20 +CONFIGURE_ARGS+= --with-ldap +.endif + +# +# PostgreSQL Support +# +# PostgreSQL is a powerful SQL database which +# can be used to store user tables. +# +.if WITH_PGSQL +LIB_DEPENDS+= pq.3:${PORTSDIR}/databases/postgresql +CONFIGURE_ARGS+= --with-pgsql +.endif + +pre-everything: + @${ECHO_MSG} "==> Dovecot Options" + @${ECHO_MSG} "==> See the Makefile for descriptions." + @${ECHO_MSG} "==> ------------------------------------------" + @${ECHO_MSG} "==> o SASL2 Support + WITH_SASL2" + @${ECHO_MSG} "==> o VPoPMail SUpport + WITH_VPOPMAIL" + @${ECHO_MSG} "==> o OpenLDAP2 Support + WITH_LDAP2" + @${ECHO_MSG} "==> o PostgreSQL Support + WITH_PGSQL" + @${ECHO_MSG} "==> ------------------------------------------" + +post-patch: + @${REINPLACE_CMD} -e 's,^LIBS.*,& -liconv,' \ + ${WRKSRC}/src/imap/Makefile.in \ + ${WRKSRC}/src/pop3/Makefile.in + pre-build: + @${REINPLACE_CMD} -e 's,%%SSLDIR%%,/var/dovecot/ssl,' \ + ${WRKSRC}/doc/mkcert.sh \ + ${WRKSRC}/dovecot-example.conf @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' \ ${WRKSRC}/dovecot-example.conf @@ -54,28 +118,31 @@ pre-install: ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL do-install: - @${MKDIR} ${PREFIX}/lib/dovecot + @${MKDIR} ${PREFIX}/libexec/dovecot ${INSTALL_PROGRAM} \ ${WRKSRC}/src/imap/imap \ ${WRKSRC}/src/pop3/pop3 \ ${WRKSRC}/src/auth/dovecot-auth \ ${WRKSRC}/src/imap-login/imap-login \ ${WRKSRC}/src/pop3-login/pop3-login \ - ${PREFIX}/lib/dovecot/ + ${PREFIX}/libexec/dovecot/ ${INSTALL_DATA} ${WRKSRC}/dovecot-example.conf ${PREFIX}/etc/ ${INSTALL_PROGRAM} ${WRKSRC}/src/master/dovecot ${PREFIX}/sbin/ post-install: @${MKDIR} /var/dovecot @${MKDIR} /var/dovecot/ssl + @${MKDIR} /var/dovecot/ssl/certs + @${MKDIR} /var/dovecot/ssl/private @${MKDIR} /var/dovecot/auth + @${CHOWN} -R dovecot:dovecot /var/dovecot @${MKDIR} /var/dovecot/login - @${CHOWN} -R imapd:imapd /var/dovecot - @if [ ! -f ${PREFIX}/etc/rc.d/dovecot-imapd.sh ]; then \ - ${ECHO} "Installing dovecot-imapd.sh startup file."; \ - ${INSTALL_SCRIPT} -m 751 ${FILESDIR}/dovecot-imapd.sh \ - ${PREFIX}/etc/rc.d/dovecot-imapd.sh; \ - fi + @${CHOWN} root:dovecot /var/dovecot/login + @${MKDIR} /var/run/dovecot + @${CHMOD} 0700 /var/run/dovecot + @${CHOWN} root:dovecot /var/run/dovecot + ${INSTALL_SCRIPT} -m 751 ${FILESDIR}/dovecot.sh.sample \ + ${PREFIX}/etc/rc.d/dovecot.sh.sample .if !defined(NOPORTDOCS) @${MKDIR} ${PREFIX}/share/doc/dovecot @${INSTALL_DATA} \ @@ -87,9 +154,15 @@ post-install: ${WRKSRC}/doc/configuration.txt \ ${WRKSRC}/doc/mail-storages.txt \ ${WRKSRC}/doc/dovecot-ldap.conf \ + ${WRKSRC}/doc/dovecot-pgsql.conf \ ${WRKSRC}/doc/dovecot-openssl.cnf \ ${WRKSRC}/doc/mkcert.sh \ + ${FILESDIR}/README.FreeBSD \ ${PREFIX}/share/doc/dovecot .endif + @${CP} ${PKGMESSAGE} ${WRKDIR}/pkg-message + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},g' \ + ${WRKDIR}/pkg-message + @${CAT} ${WRKDIR}/pkg-message .include Index: distinfo =================================================================== RCS file: /home/ncvs/ports/mail/dovecot/distinfo,v retrieving revision 1.5 diff -u -3 -p -r1.5 distinfo --- distinfo 31 Mar 2003 09:18:00 -0000 1.5 +++ distinfo 29 Apr 2003 15:37:28 -0000 @@ -1 +1 @@ -MD5 (dovecot-0.99.8.1.tar.gz) = eea63172310a0d154f32b03ed5127657 +MD5 (dovecot-0.99.9.tar.gz) = 37b5c3fffcaa704bf2f4c373b5735b62 Index: pkg-install =================================================================== RCS file: /home/ncvs/ports/mail/dovecot/pkg-install,v retrieving revision 1.1 diff -u -3 -p -r1.1 pkg-install --- pkg-install 1 Sep 2002 14:17:04 -0000 1.1 +++ pkg-install 29 Apr 2003 15:37:28 -0000 @@ -36,8 +36,8 @@ yesno() { } if [ x"$2" = xPRE-INSTALL ]; then - USER=imapd - GROUP=imapd + USER=dovecot + GROUP=dovecot if /usr/sbin/pw groupshow "${GROUP}" 2>/dev/null; then echo "You already have a group \"${GROUP}\", so I will use it." @@ -57,7 +57,7 @@ if [ x"$2" = xPRE-INSTALL ]; then else if /usr/sbin/pw useradd ${USER} -g ${GROUP} -h - \ -s /sbin/nologin \ - -c "Imap Daemon" + -c "Dovecot" then echo "Added user \"${USER}\"." else Index: pkg-plist =================================================================== RCS file: /home/ncvs/ports/mail/dovecot/pkg-plist,v retrieving revision 1.5 diff -u -3 -p -r1.5 pkg-plist --- pkg-plist 31 Mar 2003 09:18:00 -0000 1.5 +++ pkg-plist 29 Apr 2003 15:37:28 -0000 @@ -1,10 +1,10 @@ etc/dovecot-example.conf -etc/rc.d/dovecot-imapd.sh -lib/dovecot/imap -lib/dovecot/imap-login -lib/dovecot/pop3 -lib/dovecot/pop3-login -lib/dovecot/dovecot-auth +etc/rc.d/dovecot.sh.sample +libexec/dovecot/imap +libexec/dovecot/imap-login +libexec/dovecot/pop3 +libexec/dovecot/pop3-login +libexec/dovecot/dovecot-auth sbin/dovecot %%PORTDOCS%%share/doc/dovecot/auth.txt %%PORTDOCS%%share/doc/dovecot/design.txt @@ -14,7 +14,9 @@ sbin/dovecot %%PORTDOCS%%share/doc/dovecot/configuration.txt %%PORTDOCS%%share/doc/dovecot/mail-storages.txt %%PORTDOCS%%share/doc/dovecot/dovecot-ldap.conf +%%PORTDOCS%%share/doc/dovecot/dovecot-pgsql.conf %%PORTDOCS%%share/doc/dovecot/dovecot-openssl.cnf %%PORTDOCS%%share/doc/dovecot/mkcert.sh +%%PORTDOCS%%share/doc/dovecot/README.FreeBSD %%PORTDOCS%%@dirrm share/doc/dovecot -@dirrm lib/dovecot +@dirrm libexec/dovecot Index: files/patch-dovecot-example.conf =================================================================== RCS file: /home/ncvs/ports/mail/dovecot/files/patch-dovecot-example.conf,v retrieving revision 1.3 diff -u -3 -p -r1.3 patch-dovecot-example.conf --- files/patch-dovecot-example.conf 15 Feb 2003 23:13:10 -0000 1.3 +++ files/patch-dovecot-example.conf 29 Apr 2003 15:37:28 -0000 @@ -1,6 +1,6 @@ ---- dovecot-example.conf Tue Feb 11 19:35:49 2003 -+++ dovecot-example.conf Thu Feb 13 21:23:56 2003 -@@ -7,7 +7,7 @@ +--- dovecot-example.conf.orig Fri Apr 4 13:17:25 2003 ++++ dovecot-example.conf Sat Apr 19 14:11:40 2003 +@@ -7,11 +7,11 @@ # --with-ssldir=/etc/ssl # Base directory where to store runtime data. @@ -9,16 +9,35 @@ # Protocols we want to be serving: # imap imaps pop3 pop3s -@@ -38,7 +38,7 @@ +-#protocols = imap imaps ++protocols = imap pop3 + + # IP or host address where to listen in for connections. It's not currently + # possible to specify multiple addresses. "*" listens in all IPv4 interfaces. +@@ -27,18 +27,18 @@ + #pop3s_listen = + + # Disable SSL/TLS support. +-#ssl_disable = no ++ssl_disable = yes + + # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before + # dropping root privileges, so keep the key file unreadable by anyone but + # root. Included doc/mkcert.sh can be used to easily generate self-signed + # certificate, just make sure to update the domains in dovecot-openssl.cnf +-#ssl_cert_file = /etc/ssl/certs/dovecot.pem +-#ssl_key_file = /etc/ssl/private/dovecot.pem ++ssl_cert_file = %%SSLDIR%%/certs/imapd.pem ++ssl_key_file = %%SSLDIR%%/private/imapd.pem # SSL parameter file. Master process generates this file for login processes. # It contains Diffie Hellman and RSA parameters. -#ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat -+#ssl_parameters_file = /var/dovecot/ssl/parameters.dat ++ssl_parameters_file = %%SSLDIR%%/parameters.dat # How often to regenerate the SSL parameters file. Generation is quite CPU # intensive operation. The value is in hours, 0 disables regeneration -@@ -67,7 +67,7 @@ +@@ -67,11 +67,11 @@ # Directory where authentication process places authentication UNIX sockets # which login needs to be able to connect to. The sockets are created when # running as root, so you don't have to worry about permissions. @@ -27,57 +46,148 @@ # chroot login process to the login_dir. Only reason not to do this is if you # wish to run the whole Dovecot without roots. -@@ -81,7 +81,7 @@ +-#login_chroot = yes ++login_chroot = yes + + + ## +@@ -81,12 +81,12 @@ login = imap # Executable location. -#login_executable = /usr/libexec/dovecot/imap-login -+login_executable = %%PREFIX%%/lib/dovecot/imap-login ++login_executable = %%PREFIX%%/libexec/dovecot/imap-login # User to use for the login process. The user must belong to a group where # only it has access, it's used to control access for authentication process + # named sockets. +-#login_user = dovecot ++login_user = dovecot + + # Set max. process size in megabytes. If you don't use + # login_process_per_connection you might need to grow this. +@@ -100,7 +100,7 @@ + + # Number of login processes to create. If login_process_per_user is + # yes, this is the number of extra processes waiting for users to log in. +-#login_processes_count = 3 ++login_processes_count = 1 + + # Maximum number of extra login processes to create. The extra process count + # usually stays at login_processes_count, but when multiple users start logging @@ -126,7 +126,7 @@ login = pop3 # Exception to above rule being the executable location. -#login_executable = /usr/libexec/dovecot/pop3-login -+login_executable = %%PREFIX%%/lib/dovecot/pop3-login ++login_executable = %%PREFIX%%/libexec/dovecot/pop3-login ## ## Mail processes -@@ -292,7 +292,7 @@ +@@ -139,10 +139,10 @@ + # Show more verbose process titles (in ps). Currently shows user name and + # IP address. Useful for seeing who are actually using the IMAP processes + # (eg. shared mailboxes or if same uid is used for multiple accounts). +-#verbose_proctitle = no ++verbose_proctitle = yes + + # Show protocol level SSL errors. +-#verbose_ssl = no ++verbose_ssl = yes + + # Valid UID/GID ranges for users, defaults to 500 and above. This is mostly + # to make sure that users can't log in as daemons or other system users. +@@ -160,7 +160,7 @@ + # WARNING: Never add directories here which local users can modify, that + # may lead to root exploit. Usually this should be done only if you don't + # allow shell access for users. See doc/configuration.txt for more information. +-#valid_chroot_dirs = ++valid_chroot_dirs = /var/mail + + # Default MAIL environment to use when it's not set. By leaving this empty + # dovecot tries to do some automatic detection as described in +@@ -179,7 +179,7 @@ + # mbox:~/mail/:INBOX=/var/mail/%u + # mbox:/var/mail/%d/%n/:INDEX=/var/indexes/%d/%n + # +-#default_mail_env = ++default_mail_env = mbox:/var/mail/%u + + # Space-separated list of fields to cache for all mails. Currently these + # fields are allowed followed by a list of commands they speed up: +@@ -224,7 +224,7 @@ + # arrives in half a hour, Dovecot closes the connection. This is still + # fine, except Outlook doesn't connect back so you don't see if new mail + # arrives. +-#client_workarounds = ++client_workarounds = oe6-fetch-no-newmail outlook-idle + + # Dovecot can notify client of new mail in selected mailbox soon after it's + # received. This setting specifies the minimum interval in seconds between +@@ -249,7 +249,7 @@ + # Save mails with CR+LF instead of plain LF. This makes sending those mails + # take less CPU, especially with sendfile() syscall with Linux and FreeBSD. + # But it also creates a bit more disk I/O which may just make it slower. +-#mail_save_crlf = no ++mail_save_crlf = yes + + # Use mmap() instead of read() to read mail files. read() seems to be a bit + # faster with my Linux/x86 and it's better with NFS, so that's the default. +@@ -261,7 +261,7 @@ + # know any MUA which would modify mail files directly. IMAP protocol also + # requires that the mails don't change, so it would be problematic in any case. + # If you care about performance, enable it. +-#maildir_copy_with_hardlinks = no ++maildir_copy_with_hardlinks = yes + + # Check if mails' content has been changed by external programs. This slows + # down things as extra stat() needs to be called for each file. If changes are +@@ -280,7 +280,7 @@ + # with is important to avoid deadlocks if other MTAs/MUAs are using both fcntl + # and flock. Some operating systems don't allow using both of them + # simultaneously, eg. BSDs. If dotlock is used, it's always created first. +-#mbox_locks = dotlock fcntl ++mbox_locks = fcntl + + # Should we create dotlock file even when we want only a read-lock? Setting + # this to yes hurts the performance when the mailbox is accessed simultaneously +@@ -310,7 +310,7 @@ ## # Executable location -#imap_executable = /usr/libexec/dovecot/imap -+#imap_executable = %%PREFIX%%/lib/dovecot/imap ++imap_executable = %%PREFIX%%/libexec/dovecot/imap # Set max. process size in megabytes. Most of the memory goes to mmap()ing # files, so it shouldn't harm much even if this limit is set pretty high. -@@ -303,7 +303,7 @@ +@@ -321,7 +321,7 @@ ## # Executable location -#pop3_executable = /usr/libexec/dovecot/pop3 -+#pop3_executable = %%PREFIX%%/lib/dovecot/pop3 ++pop3_executable = %%PREFIX%%/libexec/dovecot/pop3 # Set max. process size in megabytes. Most of the memory goes to mmap()ing # files, so it shouldn't harm much even if this limit is set pretty high. -@@ -357,7 +357,7 @@ - auth_passdb = pam +@@ -374,10 +374,10 @@ + # vpopmail: vpopmail authentication + # ldap : LDAP, see doc/dovecot-ldap.conf + # pgsql : a PostgreSQL database, see doc/dovecot-pgsql.conf +-auth_passdb = pam ++auth_passdb = passwd # Executable location -#auth_executable = /usr/libexec/dovecot/dovecot-auth -+#auth_executable = %%PREFIX%%/lib/dovecot/dovecot-auth ++auth_executable = %%PREFIX%%/libexec/dovecot/dovecot-auth # Set max. process size in megabytes. #auth_process_size = 256 -@@ -388,7 +388,7 @@ - #auth_userdb = passwd-file /etc/passwd.imap - #auth_passdb = passwd-file /etc/passwd.imap - #auth_user = imapauth --#auth_chroot = /var/run/dovecot/auth -+#auth_chroot = /var/dovecot/auth +@@ -402,7 +402,7 @@ + + # More verbose logging. Useful for figuring out why authentication isn't + # working. +-#auth_verbose = no ++auth_verbose = yes - # if you plan to use only passwd-file, you don't need the two auth processes, - # simply set "auth_methods = plain digest-md5" + # digest-md5 authentication process. It requires special MD5 passwords which + # /etc/shadow and PAM doesn't support, so we never need roots to handle it. This patch: o Allows users in the wheel group to read their mail with Dovecot. Index: src/lib/restrict-access.c =================================================================== RCS file: /home/cvs/dovecot/src/lib/restrict-access.c,v retrieving revision 1.10 diff -u -3 -p -r1.10 restrict-access.c --- src/lib/restrict-access.c 4 Mar 2003 04:00:13 -0000 1.10 +++ src/lib/restrict-access.c 15 Apr 2003 17:37:26 -0000 @@ -31,12 +31,14 @@ #include void restrict_access_set_env(const char *user, uid_t uid, gid_t gid, - const char *chroot_dir) + const char *chroot_dir, int allow_zg) { if (user != NULL && *user != '\0') env_put(t_strconcat("RESTRICT_USER=", user, NULL)); if (chroot_dir != NULL && *chroot_dir != '\0') env_put(t_strconcat("RESTRICT_CHROOT=", chroot_dir, NULL)); + if (allow_zg == TRUE) + env_put(t_strdup("ALLOW_ZERO_GID=TRUE")); env_put(t_strdup_printf("RESTRICT_SETUID=%s", dec2str(uid))); env_put(t_strdup_printf("RESTRICT_SETGID=%s", dec2str(gid))); @@ -45,6 +47,7 @@ void restrict_access_set_env(const char void restrict_access_by_env(int disallow_root) { const char *env; + int allow_zero_gid; gid_t gid; uid_t uid; @@ -97,8 +100,14 @@ void restrict_access_by_env(int disallow i_fatal("We couldn't drop root privileges"); } - if ((gid != 0 && uid != 0) || disallow_root) { + /* allow users with zero group id permission for BSD */ + env = getenv("ALLOW_ZERO_GID"); + allow_zero_gid = env == NULL ? FALSE : TRUE; + + if (allow_zero_gid == FALSE && + ((gid != 0 && uid != 0) || disallow_root)) { if (getgid() == 0 || getegid() == 0 || setgid(0) == 0) i_fatal("We couldn't drop root group privileges"); } + } Index: src/lib/restrict-access.h =================================================================== RCS file: /home/cvs/dovecot/src/lib/restrict-access.h,v retrieving revision 1.4 diff -u -3 -p -r1.4 restrict-access.h --- src/lib/restrict-access.h 4 Mar 2003 04:00:13 -0000 1.4 +++ src/lib/restrict-access.h 15 Apr 2003 17:37:26 -0000 @@ -4,7 +4,7 @@ /* set environment variables so they can be read with restrict_access_by_env() */ void restrict_access_set_env(const char *user, uid_t uid, gid_t gid, - const char *chroot_dir); + const char *chroot_dir, int allow_zg); /* chroot, setuid() and setgid() based on environment variables. If disallow_roots is TRUE, we'll kill ourself if we didn't have the Index: src/master/auth-process.c =================================================================== RCS file: /home/cvs/dovecot/src/master/auth-process.c,v retrieving revision 1.41 diff -u -3 -p -r1.41 auth-process.c --- src/master/auth-process.c 2 Apr 2003 02:09:41 -0000 1.41 +++ src/master/auth-process.c 15 Apr 2003 17:37:27 -0000 @@ -307,7 +307,7 @@ static pid_t create_auth_process(struct /* setup access environment */ restrict_access_set_env(group->set->user, pwd->pw_uid, pwd->pw_gid, - group->set->chroot); + group->set->chroot, set->allow_zero_gid); /* set other environment */ env_put(t_strconcat("AUTH_PROCESS=", dec2str(getpid()), NULL)); Index: src/master/login-process.c =================================================================== RCS file: /home/cvs/dovecot/src/master/login-process.c,v retrieving revision 1.40 diff -u -3 -p -r1.40 login-process.c --- src/master/login-process.c 15 Apr 2003 16:58:48 -0000 1.40 +++ src/master/login-process.c 15 Apr 2003 17:37:27 -0000 @@ -384,7 +384,8 @@ static void login_process_init_env(struc clean_child_process() since it clears environment */ restrict_access_set_env(group->set->user, group->set->uid, set->login_gid, - set->login_chroot ? set->login_dir : NULL); + set->login_chroot ? set->login_dir : NULL, + FALSE); env_put("DOVECOT_MASTER=1"); Index: src/master/mail-process.c =================================================================== RCS file: /home/cvs/dovecot/src/master/mail-process.c,v retrieving revision 1.13 diff -u -3 -p -r1.13 mail-process.c --- src/master/mail-process.c 15 Apr 2003 16:58:48 -0000 1.13 +++ src/master/mail-process.c 15 Apr 2003 17:37:28 -0000 @@ -25,7 +25,7 @@ static int validate_uid_gid(uid_t uid, g return FALSE; } - if (uid != 0 && gid == 0) { + if (set->allow_zero_gid == FALSE && uid != 0 && gid == 0) { i_error("mail process isn't allowed to be in group 0"); return FALSE; } @@ -38,8 +38,9 @@ static int validate_uid_gid(uid_t uid, g return FALSE; } - if (gid < (gid_t)set->first_valid_gid || - (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid)) { + if (set->allow_zero_gid == FALSE && + (gid < (gid_t)set->first_valid_gid || + (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid))) { i_error("mail process isn't allowed to use " "GID %s (UID is %s)", dec2str(gid), dec2str(uid)); return FALSE; @@ -150,7 +151,8 @@ int create_mail_process(int socket, stru (paranoia about filling up environment without noticing) */ restrict_access_set_env(data + reply->system_user_idx, reply->uid, reply->gid, - reply->chroot ? data + reply->home_idx : NULL); + reply->chroot ? data + reply->home_idx : NULL, + set->allow_zero_gid); restrict_process_size(process_size, (unsigned int)-1); Index: src/master/master-settings.c =================================================================== RCS file: /home/cvs/dovecot/src/master/master-settings.c,v retrieving revision 1.16 diff -u -3 -p -r1.16 master-settings.c --- src/master/master-settings.c 2 Apr 2003 02:09:41 -0000 1.16 +++ src/master/master-settings.c 15 Apr 2003 17:37:28 -0000 @@ -46,6 +46,7 @@ static struct setting_def setting_defs[] DEF(SET_INT, max_mail_processes), DEF(SET_BOOL, verbose_proctitle), + DEF(SET_BOOL, allow_zero_gid), DEF(SET_INT, first_valid_uid), DEF(SET_INT, last_valid_uid), DEF(SET_INT, first_valid_gid), @@ -153,6 +154,7 @@ struct settings default_settings = { MEMBER(max_mail_processes) 1024, MEMBER(verbose_proctitle) FALSE, + MEMBER(allow_zero_gid) FALSE, MEMBER(first_valid_uid) 500, MEMBER(last_valid_uid) 0, MEMBER(first_valid_gid) 1, Index: src/master/master-settings.h =================================================================== RCS file: /home/cvs/dovecot/src/master/master-settings.h,v retrieving revision 1.10 diff -u -3 -p -r1.10 master-settings.h --- src/master/master-settings.h 2 Apr 2003 02:09:41 -0000 1.10 +++ src/master/master-settings.h 15 Apr 2003 17:37:29 -0000 @@ -32,6 +32,7 @@ struct settings { unsigned int max_mail_processes; int verbose_proctitle; + int allow_zero_gid; unsigned int first_valid_uid, last_valid_uid; unsigned int first_valid_gid, last_valid_gid; This patch: o Prepares mkcert.sh for updates: --- doc/mkcert.sh Tue Apr 15 14:28:24 2003 +++ mkcert.sh.new Tue Apr 15 14:28:52 2003 @@ -4,7 +4,7 @@ # Edit dovecot-openssl.cnf before running this. OPENSSL=${OPENSSL-openssl} -SSLDIR=${SSLDIR-/etc/ssl} +SSLDIR=${SSLDIR-%%SSLDIR%%} OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} CERTFILE=$SSLDIR/certs/imapd.pem o The new startup script #!/bin/sh if ! PREFIX=$(expr $0 : "\(/.*\)/etc/rc\.d/$(basename $0)\$"); then echo "$0: Cannot determine the PREFIX" >&2 exit 1 fi case "$1" in start) [ -x ${PREFIX}/sbin/dovecot ] && \ ${PREFIX}/sbin/dovecot && echo -n ' dovecot' ;; stop) /usr/bin/killall dovecot && echo -n ' dovecot' ;; *) echo "Usage: `basename $0` { start | stop }" >&2 ;; esac exit 0 o This file is FreeBSD specific documentation # # README.FreeBSD # # $FreeBSD$ # o Dovecot currently will not allow users with a user or group id of 0 to login. Because of this you will not be able to open root's mailbox, or any of the mailboxes of users in the wheel group. This is intended as a security feature, and isn't an issue on Linux because the concept of wheel is not enforced by GNU su. + 2003/04/15 It is now possible to change this behavior to allow wheel users to check their mailboxes with Dovecot. Add the following line to your dovecot.conf: allow_zero_gid = yes o The configuration which is supplied with this port is installed into PREFIX/etc/dovecot-example.conf and PREFIX defaults to /usr/local. I have attempted to choose what appears to be the best mixture of performance and compatibility and set Dovecot up to start POP3 and IMAP services for all the local users of the machine. This should be enough for the simplest sites to get up and running straight away. o Enabling SSL services should be easy, the Dovecot port is configured by default to keep its SSL information under /var/dovecot/ssl, if you already have certificates you wish to use then you can override this in the configuration. If you don't have a certificate and wish to make your own it should be as simple as: # cd PREFIX/share/doc/dovecot/ # vi dovecot-openssl.conf Add information which describes your enivironment. # sh mkcert.sh Execute the certificate generator. This will put a new certificate and private key under /var/dovecot/ssl. # cd PREFIX/etc/ # vi dovecot.conf Reconfigure Dovecot to use SSL. The variables you will want to set in dovecot.conf to allow a SSL secured POP3 and IMAP service are: + protocols = imap imaps pop3 pop3s + ssl_disable = no You may wish to also change the following variables to reflect the location of SSL certificates on your system. + ssl_cert_file = /var/dovecot/ssl/certs/imapd.pem + ssl_key_file = /var/dovecot/ssl/private/imapd.pem I've also provided the complete port in archive form here for reference: http://cus.org.uk/~dom/dovecot-0.99.9.shar.gz Thanks >Release-Note: >Audit-Trail: >Unformatted: