- Fold added authres header fields
- Fix pidfile permissions - Fix socket setup sequence so Unix sockets work
This commit is contained in:
Scott Kitterman
@@ -1,8 +1,11 @@
|
|||||||
0.9.3 UNRELEASED
|
0.9.3 2018-03-02
|
||||||
- Fixup csl dataset processing for single item lists
|
- Fixup csl dataset processing for single item lists
|
||||||
- file: dataset support
|
- file: dataset support
|
||||||
- Bump minimum authres version to 1.1.0 due to known issues with 1.0.2
|
- Bump minimum authres version to 1.1.0 due to known issues with 1.0.2
|
||||||
- Ignore errors parsing broken authres header fields
|
- Ignore errors parsing broken authres header fields
|
||||||
|
- Fold added authres header fields
|
||||||
|
- Fix pidfile permissions
|
||||||
|
- Fix socket setup sequence so Unix sockets work
|
||||||
|
|
||||||
0.9.2 2018-02-19
|
0.9.2 2018-02-19
|
||||||
- Improved package requirements definition
|
- Improved package requirements definition
|
||||||
|
|||||||
@@ -39,6 +39,7 @@ from dkimpy_milter.util import drop_privileges
|
|||||||
from dkimpy_milter.util import setExceptHook
|
from dkimpy_milter.util import setExceptHook
|
||||||
from dkimpy_milter.util import write_pid
|
from dkimpy_milter.util import write_pid
|
||||||
from dkimpy_milter.util import read_keyfile
|
from dkimpy_milter.util import read_keyfile
|
||||||
|
from dkimpy_milter.util import own_socketfile
|
||||||
|
|
||||||
__version__ = "0.9.3"
|
__version__ = "0.9.3"
|
||||||
FWS = re.compile(r'\r?\n[ \t]+')
|
FWS = re.compile(r'\r?\n[ \t]+')
|
||||||
@@ -171,6 +172,7 @@ class dkimMilter(Milter.Base):
|
|||||||
if self.arresults:
|
if self.arresults:
|
||||||
h = authres.AuthenticationResultsHeader(authserv_id = self.receiver,
|
h = authres.AuthenticationResultsHeader(authserv_id = self.receiver,
|
||||||
results=self.arresults)
|
results=self.arresults)
|
||||||
|
h = dkim.fold(str(h))
|
||||||
if milterconfig.get('Syslog'):
|
if milterconfig.get('Syslog'):
|
||||||
syslog.syslog(str(h))
|
syslog.syslog(str(h))
|
||||||
name,val = str(h).split(': ',1)
|
name,val = str(h).split(': ',1)
|
||||||
@@ -273,15 +275,16 @@ def main():
|
|||||||
privateRSA = read_keyfile(milterconfig, 'RSA')
|
privateRSA = read_keyfile(milterconfig, 'RSA')
|
||||||
if milterconfig.get('KeyFileEd25519'):
|
if milterconfig.get('KeyFileEd25519'):
|
||||||
privateEd25519 = read_keyfile(milterconfig, 'Ed25519')
|
privateEd25519 = read_keyfile(milterconfig, 'Ed25519')
|
||||||
drop_privileges(milterconfig)
|
|
||||||
if milterconfig.get('Syslog'):
|
|
||||||
syslog.syslog('dkimpy-milter started:{0} user:{1}'.format(pid,milterconfig.get('UserID')))
|
|
||||||
Milter.factory = dkimMilter
|
Milter.factory = dkimMilter
|
||||||
Milter.set_flags(Milter.CHGHDRS + Milter.ADDHDRS)
|
Milter.set_flags(Milter.CHGHDRS + Milter.ADDHDRS)
|
||||||
miltername = 'dkimpy-filter'
|
miltername = 'dkimpy-filter'
|
||||||
socketname = milterconfig.get('Socket')
|
socketname = milterconfig.get('Socket')
|
||||||
|
if milterconfig.get('Syslog'):
|
||||||
|
syslog.syslog('dkimpy-milter started:{0} user:{1}'.format(pid,milterconfig.get('UserID')))
|
||||||
sys.stdout.flush()
|
sys.stdout.flush()
|
||||||
Milter.runmilter(miltername,socketname,240)
|
Milter.runmilter(miltername,socketname,240)
|
||||||
|
own_socketfile(milterconfig)
|
||||||
|
drop_privileges(milterconfig)
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
main()
|
main()
|
||||||
|
|||||||
+30
-16
@@ -16,10 +16,23 @@
|
|||||||
# with this program; if not, write to the Free Software Foundation, Inc.,
|
# with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
|
||||||
def drop_privileges(milterconfig):
|
def user_group(userid):
|
||||||
import os
|
"""Return user and group from UserID"""
|
||||||
import grp
|
import grp
|
||||||
import pwd
|
import pwd
|
||||||
|
|
||||||
|
userlist = userid.split(':')
|
||||||
|
if len(userlist) == 1:
|
||||||
|
gidname = userlist[0]
|
||||||
|
else:
|
||||||
|
gidname = userlist[1]
|
||||||
|
# Get the uid/gid from the name
|
||||||
|
running_uid = pwd.getpwnam(userlist[0]).pw_uid
|
||||||
|
running_gid = grp.getgrnam(gidname).gr_gid
|
||||||
|
return running_uid, running_gid
|
||||||
|
|
||||||
|
def drop_privileges(milterconfig):
|
||||||
|
import os
|
||||||
import syslog
|
import syslog
|
||||||
|
|
||||||
if os.getuid() != 0:
|
if os.getuid() != 0:
|
||||||
@@ -27,25 +40,15 @@ def drop_privileges(milterconfig):
|
|||||||
syslog.syslog('drop_privileges: Not running as root. Cannot drop permissions.')
|
syslog.syslog('drop_privileges: Not running as root. Cannot drop permissions.')
|
||||||
return
|
return
|
||||||
|
|
||||||
# Figure out if user and group are specified
|
# Get user and group
|
||||||
userstr = milterconfig.get('UserID')
|
uid, gid = user_group(milterconfig.get('UserID'))
|
||||||
userlist = userstr.split(':')
|
|
||||||
if len(userlist) == 1:
|
|
||||||
gidname = userlist[0]
|
|
||||||
else:
|
|
||||||
gidname = userlist[1]
|
|
||||||
uidname = userlist[0]
|
|
||||||
|
|
||||||
# Get the uid/gid from the name
|
|
||||||
running_uid = pwd.getpwnam(uidname).pw_uid
|
|
||||||
running_gid = grp.getgrnam(gidname).gr_gid
|
|
||||||
|
|
||||||
# Remove group privileges
|
# Remove group privileges
|
||||||
os.setgroups([])
|
os.setgroups([])
|
||||||
|
|
||||||
# Try setting the new uid/gid
|
# Try setting the new uid/gid
|
||||||
os.setgid(running_gid)
|
os.setgid(gid)
|
||||||
os.setuid(running_uid)
|
os.setuid(uid)
|
||||||
|
|
||||||
# Set umask
|
# Set umask
|
||||||
old_umask = os.umask(milterconfig.get('UMask'))
|
old_umask = os.umask(milterconfig.get('UMask'))
|
||||||
@@ -88,12 +91,23 @@ def write_pid(milterconfig):
|
|||||||
raise
|
raise
|
||||||
f.write(pid)
|
f.write(pid)
|
||||||
f.close()
|
f.close()
|
||||||
|
user, group = user_group(milterconfig.get('UserID'))
|
||||||
|
os.chown(milterconfig.get('PidFile'), user, group)
|
||||||
else:
|
else:
|
||||||
if milterconfig.get('Syslog'):
|
if milterconfig.get('Syslog'):
|
||||||
syslog.syslog('Unable to write pidfle {0}. File exists.'.format(milterconfig.get('PidFile')))
|
syslog.syslog('Unable to write pidfle {0}. File exists.'.format(milterconfig.get('PidFile')))
|
||||||
raise RuntimeError('Unable to write pidfle {0}. File exists.'.format(milterconfig.get('PidFile')))
|
raise RuntimeError('Unable to write pidfle {0}. File exists.'.format(milterconfig.get('PidFile')))
|
||||||
return pid
|
return pid
|
||||||
|
|
||||||
|
def own_socketfile(milterconfig):
|
||||||
|
"""If socket is Unix socket, chown to UserID before dropping privileges"""
|
||||||
|
import os
|
||||||
|
user, group = user_group(milterconfig.get('UserID'))
|
||||||
|
if milterconfig.get('Socket')[:1] == '/':
|
||||||
|
os.chown(milterconfig.get('Socket')[1:], user, group)
|
||||||
|
if milterconfig.get('Socket')[:6] == "local:":
|
||||||
|
os.chown(milterconfig.get('Socket')[6:], user, group)
|
||||||
|
|
||||||
####################
|
####################
|
||||||
def read_keyfile(milterconfig, keytype):
|
def read_keyfile(milterconfig, keytype):
|
||||||
"""Read private key from file."""
|
"""Read private key from file."""
|
||||||
|
|||||||
Reference in New Issue
Block a user