From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Sep 20 07:10:24 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6CDAC16A4E5 for ; Wed, 20 Sep 2006 07:10:24 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A486043D68 for ; Wed, 20 Sep 2006 07:10:19 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k8K7AJcs002854 for ; Wed, 20 Sep 2006 07:10:19 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k8K7AJVN002853; Wed, 20 Sep 2006 07:10:19 GMT (envelope-from gnats) Resent-Date: Wed, 20 Sep 2006 07:10:19 GMT Resent-Message-Id: <200609200710.k8K7AJVN002853@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Hirohisa Yamaguchi Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1AFF16A403 for ; Wed, 20 Sep 2006 07:06:56 +0000 (UTC) (envelope-from umq@ueo.co.jp) Received: from mvs9tmp.plala.or.jp (mvs9.plala.or.jp [58.93.247.209]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F4B743D45 for ; Wed, 20 Sep 2006 07:06:55 +0000 (GMT) (envelope-from umq@ueo.co.jp) Received: from eupheme.kaumoge.org ([125.205.176.135]) by mvs9tmp.plala.or.jp with ESMTP id <20060920070654.ECEV19942.mvs9tmp.plala.or.jp@eupheme.kaumoge.org>; Wed, 20 Sep 2006 16:06:54 +0900 Received: from calliope.kaumoge.org (calliope.kaumoge.org [192.168.24.120]) by eupheme.kaumoge.org (8.12.11/8.12.11/20030713) with ESMTP id k8K77Fi4029004; Wed, 20 Sep 2006 16:07:16 +0900 (JST) (envelope-from umq@ueo.co.jp) Message-Id: <86k63zggoi.wl%umq@ueo.co.jp> Date: Wed, 20 Sep 2006 16:06:53 +0900 From: Hirohisa Yamaguchi To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/103417: [maintainer] mail/dkim-milter to run as a non-privileged user X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2006 07:10:24 -0000 >Number: 103417 >Category: ports >Synopsis: [maintainer] mail/dkim-milter to run as a non-privileged user >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed Sep 20 07:10:19 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Hirohisa Yamaguchi >Release: FreeBSD 7.0-CURRENT amd64 >Organization: >Environment: System: FreeBSD calliope.****.org 7.0-CURRENT FreeBSD 7.0-CURRENT #2: Fri Sep 1 13:15:27 JST 2006 root@calliope.****.org:/usr/obj/usr/src/sys/CALLIOPE64 amd64 >Description: for some reasons, milter processes are recommended to run as non-privileged users. And mail/dkim-milter does not. >How-To-Repeat: N/A >Fix: The patch follows. Changes in this patch: + add new file pkg-install to create a user "dkimfilter" + make a directory under /var/run owned by the user to run and the default file and sock have moved into the directory + fix multiple-instantiation failure in recent OSVERSION ports/103404 is also open for now. diff -Npru ports.orig/mail/dkim-milter/Makefile ports/mail/dkim-milter/Makefile --- ports.orig/mail/dkim-milter/Makefile Wed Aug 2 11:47:05 2006 +++ ports/mail/dkim-milter/Makefile Wed Sep 20 12:35:28 2006 @@ -74,6 +74,7 @@ post-install: ${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR} .endfor .endif + @${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL @${CAT} ${PKGMESSAGE} .include diff -Npru ports.orig/mail/dkim-milter/files/milter-dkim.sh.in ports/mail/dkim-milter/files/milter-dkim.sh.in --- ports.orig/mail/dkim-milter/files/milter-dkim.sh.in Tue May 2 00:05:44 2006 +++ ports/mail/dkim-milter/files/milter-dkim.sh.in Wed Sep 20 15:35:59 2006 @@ -15,6 +15,7 @@ # # milterdkim_enable (bool): Set to "NO" by default. # Set it to "YES" to enable dkim-milter +# milterdkim_uid (str): Set username to run milter. # milterdkim_profiles (list): Set to "" by default. # Define your profiles here. # milterdkim_socket (str): Path to the milter socket. @@ -30,6 +31,7 @@ # DO NOT CHANGE THESE DEFAULT VALUES HERE # milterdkim_enable=${milterdkim_enable:-"NO"} +milterdkim_uid=${milterdkim_uid:-"dkimfilter"} milterdkim_profiles=${milterdkim_profiles:-} milterdkim_socket=${milterdkim_socket:-"local:/var/run/milterdkim/filter.sock"} milterdkim_domain=${milterdkim_domain:-"example.com"} @@ -45,17 +47,17 @@ name="milterdkim" rcvar=`set_rcvar` start_precmd="dkim_prepcmd" -stop_postcmd="dkim_prepcmd" +stop_postcmd="dkim_postcmd" command="%%PREFIX%%/libexec/dkim-filter" -_pidprefix="/var/run/dkim-filter" -pidfile="${_pidprefix}.pid" +_piddir="/var/run/milterdkim" +pidfile="${_piddir}/pid" load_rc_config $name if [ -n "$2" ]; then profile="$2" if [ "x${milterdkim_profiles}" != "x" ]; then - pidfile="${_pidprefix}.${profile}.pid" + pidfile="${_piddir}/${profile}.pid" eval milterdkim_enable="\${milterdkim_${profile}_enable:-${milterdkim_enable}}" eval milterdkim_socket="\${milterdkim_${profile}_socket:-}" if [ "x${milterdkim_socket}" = "x" ];then @@ -65,7 +67,7 @@ if [ -n "$2" ]; then eval milterdkim_domain="\${milterdkim_${profile}_domain:-${milterdkim_domain}}" eval milterdkim_key="\${milterdkim_${profile}_key:-${milterdkim_key}}" eval milterdkim_flags="\${milterdkim_${profile}_flags:-${milterdkim_flags}}" - command_args="-l -p ${milterdkim_socket} -P ${pidfile}" + command_args="-l -p ${milterdkim_socket} -u ${milterdkim_uid} -P ${pidfile}" else echo "$0: extra argument ignored" fi @@ -74,7 +76,7 @@ else if [ "x$1" != "xrestart" ]; then for profile in ${milterdkim_profiles}; do echo "===> milterdkim profile: ${profile}" - %%PREFIX%%/etc/rc.d/milter-dkim.sh $1 ${profile} + $0 $1 ${profile} retcode="$?" if [ "0${retcode}" -ne 0 ]; then failed="${profile} (${retcode}) ${failed:-}" @@ -88,7 +90,7 @@ else fi else milterdkim_flags=${milterdkim_flags} - command_args="-l -p ${milterdkim_socket} -P ${pidfile}" + command_args="-l -p ${milterdkim_socket} -u ${milterdkim_uid} -P ${pidfile}" fi fi @@ -99,6 +101,24 @@ dkim_prepcmd () elif [ -S ${milterdkim_socket##unix:} ] ; then rm -f ${milterdkim_socket##unix:} fi + if [ -d ${_piddir} ] ; then + return; + fi + mkdir -p ${_piddir} + if [ -n "${milterdkim_uid}" ] ; then + chown ${milterdkim_uid} ${_piddir} + fi +} + +dkim_postcmd() +{ + if [ -S ${milterdkim_socket##local:} ] ; then + rm -f ${milterdkim_socket##local:} + elif [ -S ${milterdkim_socket##unix:} ] ; then + rm -f ${milterdkim_socket##unix:} + fi + # just if the directory is empty + rmdir ${_piddir} > /dev/null 2>&1 } run_rc_command "$1" diff -Npru ports.orig/mail/dkim-milter/pkg-install ports/mail/dkim-milter/pkg-install --- ports.orig/mail/dkim-milter/pkg-install Thu Jan 1 09:00:00 1970 +++ ports/mail/dkim-milter/pkg-install Wed Sep 20 11:32:54 2006 @@ -0,0 +1,18 @@ +#!/bin/sh + +if [ "$2" != "POST-INSTALL" ] +then + exit 0; +fi + +# check if dkimfilter user exists +pw user show dkimfilter > /dev/null 2>&1 + +if [ $? != 0 ] +then + echo "===> Adding user dkimfilter" + pw useradd dkimfilter -c "milter-dkim" -s /sbin/nologin \ + -d /nonexistent +else + echo "===> Using existing user dkimfilter" +fi >Release-Note: >Audit-Trail: >Unformatted: