Menu
▾
▴
serverfilters-commit — CVS Commits
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(33) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
(2) |
Feb
(21) |
Mar
(34) |
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(11) |
Jun
(12) |
Jul
(6) |
Aug
(1) |
Sep
|
Oct
|
Nov
(4) |
Dec
(11) |
| 2009 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(7) |
Nov
|
Dec
(1) |
| 2011 |
Jan
(18) |
Feb
|
Mar
|
Apr
(2) |
May
(8) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2013 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(5) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <ton...@us...> - 2003-12-25 02:11:48
|
Update of /cvsroot/serverfilters/script In directory sc8-pr-cvs1:/tmp/cvs-serv29520 Modified Files: test.sh Log Message: test.sh demonstrates getting, modifying, then uploading, a filter file. Index: test.sh =================================================================== RCS file: /cvsroot/serverfilters/script/test.sh,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** test.sh 14 Dec 2003 20:55:27 -0000 1.2 --- test.sh 25 Dec 2003 02:11:45 -0000 1.3 *************** *** 1,2 **** ! (echo someuser; echo somepassword) | ./filtercmd getrc /home/tony/.procmailrc /tmp/test; echo "RESULT:" $? --- 1,6 ---- ! (echo tony; echo somepassword) | ./filtercmd getrc /home/tony/.procmailrc > filter; echo "RESULT:" $? ! echo '# hello world ' >> filter ! (echo tony; echo somepassword; cat filter) | ./filtercmd putrc /home/tony/.procmailrc; echo "RESULT:" $? ! (echo to...@so...; echo somepassword) | ./filtercmd getrc /home/tony/.procmailrc /tmp/test; echo "RESULT:" $? ! |
|
From: <ton...@us...> - 2003-12-25 02:09:06
|
Update of /cvsroot/serverfilters/script
In directory sc8-pr-cvs1:/tmp/cvs-serv29250
Modified Files:
filtercmd.h
Log Message:
New error definitions
Index: filtercmd.h
===================================================================
RCS file: /cvsroot/serverfilters/script/filtercmd.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** filtercmd.h 14 Dec 2003 20:55:27 -0000 1.1
--- filtercmd.h 25 Dec 2003 02:09:03 -0000 1.2
***************
*** 16,19 ****
--- 16,21 ----
#define ERR_BAD_CREDENTIALS 13
#define ERR_BAD_LIBRARY 14
+ #define ERR_CANT_FIND_VIRTUAL_DOMAIN 15
+ #define ERR_CANT_TRUST_FILE 16
static char *err_strings[] = {
***************
*** 51,54 ****
--- 53,60 ----
"Can't verify credentials, IMAP not supported by library\n",
+
+ "Can't look up virtual user\n",
+
+ "Can't trust config file -- make sure they are all owned by root\n",
};
|
|
From: <ton...@us...> - 2003-12-25 02:08:35
|
Update of /cvsroot/serverfilters/script
In directory sc8-pr-cvs1:/tmp/cvs-serv29178
Modified Files:
filtercmd.c
Log Message:
Virtual user lookup; stdin/stdout used instead of filter files; checks ownership of trusted files.
Index: filtercmd.c
===================================================================
RCS file: /cvsroot/serverfilters/script/filtercmd.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** filtercmd.c 14 Dec 2003 20:55:27 -0000 1.5
--- filtercmd.c 25 Dec 2003 02:08:32 -0000 1.6
***************
*** 7,10 ****
--- 7,11 ----
/* define DEBUG for debugging output */
+ #define DEBUG
#include <stdio.h>
***************
*** 18,24 ****
void eperror(register char *);
int rcexists(char *);
! int getrc(char*, char*, uid_t, gid_t);
! int putrc(char*, char*, char*);
! int copy_file(char*, char*);
int validrcpath(char*);
int validtmppath(char*);
--- 19,25 ----
void eperror(register char *);
int rcexists(char *);
! int getrc(char*);
! int putrc(char*, uid_t, gid_t);
! int copy_file(char*, FILE*, char*, FILE*);
int validrcpath(char*);
int validtmppath(char*);
***************
*** 34,40 ****
Thiago Melo de Paula - th...@fa...
*/
! int i, ok;
char cmd[STR_MAX];
char user[STR_MAX];
char passwd[STR_MAX];
char filter_file[STR_MAX];
--- 35,42 ----
Thiago Melo de Paula - th...@fa...
*/
! int err, ok;
char cmd[STR_MAX];
char user[STR_MAX];
+ char real_user[STR_MAX];
char passwd[STR_MAX];
char filter_file[STR_MAX];
***************
*** 44,65 ****
gid_t GID;
! if (!readcredentials(user, passwd, STR_MAX)) {
! return inerror(ERR_NEED_CREDENTIALS);
! }
! if (!readimapserver(imap_server, STR_MAX)) {
! return inerror(ERR_CANT_READ_IMAP_SERVER);
! }
! if (!finduidgid(user, &UID, &GID)) {
! return inerror(ERR_BAD_UID_GID);
! }
if((setgid(GID)) < 0) eperror("setgid");
if((setuid(UID)) < 0) eperror("setuid");
! if (i = checkcredentials(imap_server, user, passwd)) {
! return inerror(i);
! }
strncpy(cmd,argv[1],STR_MAX);
--- 46,66 ----
gid_t GID;
! err = readcredentials(user, passwd, STR_MAX);
! if (err) return inerror(err);
! err = readimapserver(imap_server, STR_MAX);
! if (err) return inerror(err);
! err = readvirtualdomain(user, real_user, STR_MAX);
! if (err) return inerror(err);
!
! err = finduidgid(real_user, &UID, &GID);
! if (err) return inerror(err);
if((setgid(GID)) < 0) eperror("setgid");
if((setuid(UID)) < 0) eperror("setuid");
! err = checkcredentials(imap_server, user, passwd);
! if (err) return inerror(err);
strncpy(cmd,argv[1],STR_MAX);
***************
*** 69,91 ****
} else {
if (!strcmp("getrc",cmd)) {
! if (argc < 4) {
! printf("Usage: filtercmd getrc filter_file temp_file\n");
return ERR_USAGE;
}
strncpy(filter_file, argv[2], STR_MAX);
! strncpy(temp_file, argv[3], STR_MAX);
! return getrc(filter_file, temp_file, UID, GID);
} else if (!strcmp("putrc", cmd)) {
! if (argc < 5) {
! printf("Usage: filtercmd putrc owner temp_file filter_file\n");
return ERR_USAGE;
}
! strncpy(user, argv[2], STR_MAX);
! if(!strcmp(user,"root") && !strcmp(user, "0")){
! return inerror(ERR_USER_IS_ROOT);
! }
! strncpy(temp_file, argv[3], STR_MAX);
! strncpy(filter_file, argv[4], STR_MAX);
! return putrc(user, temp_file, filter_file);
} else if (!strcmp("rcexists",cmd)) {
if (argc < 3) {
--- 70,86 ----
} else {
if (!strcmp("getrc",cmd)) {
! if (argc < 3) {
! printf("Usage: filtercmd getrc filter_file\n");
return ERR_USAGE;
}
strncpy(filter_file, argv[2], STR_MAX);
! return getrc(filter_file);
} else if (!strcmp("putrc", cmd)) {
! if (argc < 3) {
! printf("Usage: filtercmd putrc filter_file\n");
return ERR_USAGE;
}
! strncpy(filter_file, argv[2], STR_MAX);
! return putrc(filter_file, UID, GID);
} else if (!strcmp("rcexists",cmd)) {
if (argc < 3) {
***************
*** 128,150 ****
}
! /* Read credentials from stdin; user and passwd should each be on a line
* user may not include spaces. FIXME: password may not include
* spaces either, currently.
*/
! int readcredentials(user, passwd, n)
char *user;
char *passwd;
! int n;
{
! int result;
! /* we limit credentials to 100 characters in the scanf string.
! make sure we were passed big enough buffers (including room for NUL) */
! if (n <= 100) return 0;
! result = scanf("%100s%100s", user, passwd);
! if (result == EOF || result < 2) return 0;
! return 1;
}
#define CONFIGFILE "/etc/squirrelmail/config.php"
int readimapserver(server, serverlen)
char *server;
--- 123,179 ----
}
!
! /*
! * Read credentials from stdin; user and passwd should each be on a line
* user may not include spaces. FIXME: password may not include
* spaces either, currently.
+ *
+ * Parameters:
+ * user - OUT. The buffer is filled with username read from stdin.
+ * passwd - OUT. The buffer is filled with password read from stdin.
+ * buflen - IN. The buffer size for both buffers.
+ * Returns:
+ * ERR_OK if the credentials were read successfully, non-zero error code
+ * if not.
*/
! int readcredentials(user, passwd, buflen)
char *user;
char *passwd;
! int buflen;
{
! int n;
! if (fgets(user, buflen, stdin) == NULL)
! return ERR_NEED_CREDENTIALS;
! n = strlen(user);
! if (n < 2)
! return ERR_NEED_CREDENTIALS;
! if (user[n-1] == '\n')
! user[n-1] = '\0'; /* remove \n */
!
! if (fgets(passwd, buflen, stdin) == NULL)
! return ERR_NEED_CREDENTIALS;
! n = strlen(passwd);
! if (n < 2)
! return ERR_NEED_CREDENTIALS;
! if (passwd[n-1] == '\n')
! passwd[n-1] = '\0'; /* remove \n */
!
! return ERR_OK;
}
+ #ifndef CONFIGFILE
#define CONFIGFILE "/etc/squirrelmail/config.php"
+ #endif
+
+ /*
+ * Reads IMAP server information from CONFIGFILE.
+ *
+ * Parameters:
+ * server - OUT. the servername read from config.php
+ * serverlen - IN. buffer size of the server buffer.
+ * Returns:
+ * ERR_OK if it found all the parameters, an error code if not.
+ */
+
int readimapserver(server, serverlen)
char *server;
***************
*** 153,167 ****
FILE *f;
char line[STR_MAX];
! int foundserver = 0;
! f = fopen(CONFIGFILE, "r");
! if (!f) return 0;
while (fgets(line, STR_MAX, f)) {
if (!foundserver)
foundserver = parsephpstring("$imapServerAddress", line, server, serverlen);
}
! return foundserver;
}
int finduidgid(user, uid, gid)
char *user;
--- 182,208 ----
FILE *f;
char line[STR_MAX];
! int err, foundserver = 0;
! err = trusted_open(&f, CONFIGFILE, "r");
! if (err) return err;
while (fgets(line, STR_MAX, f)) {
if (!foundserver)
foundserver = parsephpstring("$imapServerAddress", line, server, serverlen);
}
! return foundserver ? ERR_OK : ERR_CANT_READ_IMAP_SERVER;
}
+ /*
+ * Determines uid and gid given a "real" username. A UID or
+ * GID of 0 is considered invalid.
+ *
+ * Parameters:
+ * user - IN. A UNIX username.
+ * uid - OUT. The UID of the UNIX username.
+ * gid - OUT. The GID of the UNIX username.
+ * Returns:
+ * ERR_OK if it found a valid uid/gid, an error code if not
+ */
+
int finduidgid(user, uid, gid)
char *user;
***************
*** 172,181 ****
p = getpwnam(user);
! if (!p) return 0;
*uid = p->pw_uid;
*gid = p->pw_gid;
! return 1;
}
int parsephpstring(varname, line, dest, destlen)
char *varname;
--- 213,242 ----
p = getpwnam(user);
! if (!p) return ERR_BAD_UID_GID;
! if (p->pw_uid == 0 || p->pw_gid == 0) {
! /* refuse to allow root's uid/gid to be used */
! return ERR_USER_IS_ROOT;
! }
*uid = p->pw_uid;
*gid = p->pw_gid;
! return ERR_OK;
}
+ /*
+ * Looks for a given varname in a line of PHP code; if it is found, the
+ * code will try to parse out the value between quotes. This funtion is
+ * easily confused and when it returns 1 it means the variable was found,
+ * not necessarily that the string contents were successfully passed.
+ *
+ * Parameters:
+ * varname - IN. The PHP variable to search for. SHould include $
+ * line - IN. A line of text. May end with \n.
+ * dest - OUT. Where the string contents will be placed if there is a match.
+ * destlen - IN. Size of the dest buffer.
+ *
+ * Returns:
+ * 1 if the varname was found, 0 if not.
+ */
+
int parsephpstring(varname, line, dest, destlen)
char *varname;
***************
*** 214,218 ****
! int getrc(char* filter_file, char* temp_file, uid_t UID, gid_t GID)
{
int result;
--- 275,279 ----
! int getrc(char* filter_file)
{
int result;
***************
*** 221,236 ****
return inerror(ERR_BAD_RC_PATH);
}
! if (!validtmppath(temp_file)) {
! return inerror(ERR_BAD_TEMP_PATH);
! }
! result = copy_file(filter_file, temp_file);
! if (result) return result;
! chown(temp_file, UID, GID);
! return 0;
}
! int putrc(char* user, char* temp_file, char* filter_file)
{
- struct passwd* user_pass;
int result;
--- 282,292 ----
return inerror(ERR_BAD_RC_PATH);
}
!
! result = copy_file(filter_file, NULL, NULL, stdout);
! return result;
}
! int putrc(char* filter_file, uid_t uid, gid_t gid)
{
int result;
***************
*** 238,268 ****
return inerror(ERR_BAD_RC_PATH);
}
- if (!validtmppath(temp_file)) {
- return inerror(ERR_BAD_TEMP_PATH);
- }
! user_pass = getpwnam(user);
!
! if (result = copy_file(temp_file, filter_file)) {
return result;
}
! chown(filter_file, user_pass->pw_uid, user_pass->pw_gid);
chmod(filter_file, (S_IRUSR|S_IWUSR));
- unlink(temp_file);
return 0;
}
! int copy_file(char* old_file, char* new_file)
{
- FILE *infile, *outfile;
char buf[MAXLEN];
!
! if (!(infile=fopen(old_file,"r"))) {
! fprintf(stderr, "Could not open %s\n", old_file);
! return ERR_COPY_CANT_OPEN_SRC;
}
! if (!(outfile=fopen(new_file,"w"))) {
! fprintf(stderr, "Could not open %s\n", new_file);
! return ERR_COPY_CANT_OPEN_DEST;
}
--- 294,322 ----
return inerror(ERR_BAD_RC_PATH);
}
! result = copy_file(NULL, stdin, filter_file, NULL);
! if (result) {
return result;
}
! chown(filter_file, uid, gid);
chmod(filter_file, (S_IRUSR|S_IWUSR));
return 0;
}
! int copy_file(char* old_file, FILE* infile, char* new_file, FILE* outfile)
{
char buf[MAXLEN];
!
! if (old_file) {
! if (!(infile=fopen(old_file,"r"))) {
! fprintf(stderr, "Could not open %s\n", old_file);
! return ERR_COPY_CANT_OPEN_SRC;
! }
}
! if (new_file) {
! if (!(outfile=fopen(new_file,"w"))) {
! fprintf(stderr, "Could not open %s\n", new_file);
! return ERR_COPY_CANT_OPEN_DEST;
! }
}
***************
*** 270,275 ****
fputs(buf, outfile);
}
! fclose(outfile);
! fclose(infile);
return 0;
}
--- 324,329 ----
fputs(buf, outfile);
}
! if (old_file) fclose(outfile);
! if (new_file) fclose(infile);
return 0;
}
***************
*** 350,352 ****
--- 404,488 ----
}
+ #ifndef SERVERSIDEFILTERHOME
+ #define SERVERSIDEFILTERHOME "/usr/share/squirrelmail/plugins/serversidefilter/"
+ #endif
+ int readvirtualdomain(char *user, char *real_user, int buflen) {
+ char *domain;
+ FILE *f;
+ char line[STR_MAX];
+ char *colon, *s;
+ int err;
+
+ domain = strchr(user, '@');
+ if (domain == NULL) {
+ /* no at sign in username implies no virtual domain -- not necessarily correct */
+ strncpy(real_user, user, buflen);
+ return ERR_OK;
+ }
+ domain++;
+
+ /* find the first line with a colon that matches the domain up to the colon.
+ * copy the rest of the line (or up to another colon) into the real_user
+ * buffer.
+ */
+ err = trusted_open(&f, SERVERSIDEFILTERHOME "virtualdomains", "r");
+ if (err) return err;
+ s = NULL; /* if s is set we know the domain was found */
+ while (fgets(line, STR_MAX, f)) {
+ colon = strchr(line, ':');
+ if (!colon) continue;
+ *colon = '\0';
+ if (strcmp(domain, line)) continue;
+ s = colon + 1;
+ colon = strpbrk(s, ":\n");
+ if (colon) *colon = '\0';
+ strncpy(real_user, s, buflen);
+ break;
+ }
+ fclose(f);
+ if (s) return ERR_OK;
+
+ return ERR_CANT_FIND_VIRTUAL_DOMAIN;
+ }
+
+ /* open a file while verifying that it is sufficiently protected so that
+ * we can trust its contents. That means the file must be owned by root,
+ * and either not group readable or be in root's group. The same test is
+ * applied to all the files, all the way up the tree.
+ */
+ int trusted_open(FILE** f, char *filepath, char *mode) {
+ char curpath[STR_MAX];
+ int err;
+
+ strncpy(curpath, filepath, STR_MAX);
+ err = trusted_check(filepath, curpath);
+ if (err) return err;
+ *f = fopen(filepath, mode);
+ return ERR_OK;
+ }
+ int trusted_check(char *filepath, char *curpath) {
+ struct stat buf;
+ char *ix = NULL;
+
+ do {
+ if (stat(filepath, &buf))
+ eperror(filepath);
+ if (buf.st_mode & S_IWOTH)
+ return trusted_error("writable by others", curpath, filepath);
+ if ((buf.st_mode & S_IWGRP) && (buf.st_gid != 0))
+ return trusted_error("writable by non-root group", curpath, filepath);
+ if ((buf.st_mode & S_IWUSR) && (buf.st_uid != 0))
+ return trusted_error("writable by non-root user", curpath, filepath);
+
+ /* find parent directory */
+ ix = rindex(curpath, '/');
+ if (!ix) return ERR_OK;
+ *ix = '\0';
+ } while (1);
+ }
+
+ int trusted_error(char *err, char *path, char *file) {
+ fprintf(stderr, "trust error on %s while checking %s\n %s\n", path, file, err);
+ return ERR_CANT_TRUST_FILE;
+ }
|
|
From: <ton...@us...> - 2003-12-14 20:55:31
|
Update of /cvsroot/serverfilters/script
In directory sc8-pr-cvs1:/tmp/cvs-serv19158
Modified Files:
Makefile filtercmd.c test.sh
Added Files:
checkcreds_cclient.c filtercmd.h
Log Message:
Working credential checking using UW IMAP library
--- NEW FILE: checkcreds_cclient.c ---
/* Credential checking using UW c-client library
*
*
*/
// error definitions
#include "filtercmd.h"
// c-client library
#include MAIL_H
static char *callback_user, *callback_passwd;
int checkcredentials(imapserver, user, passwd)
char *imapserver;
char *user;
char *passwd;
{
char mailboxname[MAILTMPLEN];
MAILSTREAM *stream;
NETMBX mb;
DRIVER *d;
/* we expect these to be accessed before this function returns */
callback_user = user;
callback_passwd = passwd;
/* initialize all of the c-client drivers */
#include LINKAGE_C
/* ensure the c-client library supports IMAP */
d = (DRIVER*) mail_parameters(NIL, GET_DRIVER, (void*)"imap");
if (!d) {
return ERR_BAD_LIBRARY;
}
/* reduce timeout/retries */
#ifdef IMAP_TIMEOUT
mail_parameters(NIL, SET_OPENTIMEOUT, (void*)IMAP_TIMEOUT);
mail_parameters(NIL, SET_READTIMEOUT, (void*)IMAP_TIMEOUT);
mail_parameters(NIL, SET_WRITETIMEOUT, (void*)IMAP_TIMEOUT);
mail_parameters(NIL, SET_CLOSETIMEOUT, (void*)IMAP_TIMEOUT);
mail_parameters(NIL, SET_RSHTIMEOUT, (void*)IMAP_TIMEOUT);
#endif
mail_parameters(NIL, SET_MAXLOGINTRIALS, (void*)1);
snprintf(mailboxname, MAILTMPLEN, "{%s/norsh/service=imap/user=\"%s\"}INBOX", imapserver, user);
stream = mail_open(NIL, mailboxname, NIL);
if (stream != NIL) {
mail_close(stream);
return ERR_OK;
} else {
return ERR_BAD_CREDENTIALS;
}
}
/* we must store user and password when this is called */
void mm_login (NETMBX *mb,char *user,char *pwd,long trial) {
#ifdef DEBUG
printf("mm_login: {%s/%s/user=\"%s\"}\n",mb->host,mb->service,mb->user);
printf("mm_login -> %s %s\n", callback_user, callback_passwd);
#endif
strncpy(user, callback_user, MAILTMPLEN);
strncpy(pwd, callback_passwd, MAILTMPLEN);
}
void mm_log (char *string,long errflg) {
#ifdef DEBUG
char *errflgname;
switch ((short) errflg) {
case NIL: errflgname = "NIL"; break;
case PARSE: errflgname = "PARSE"; break;
case WARN: errflgname = "WARN"; break;
case ERROR: errflgname = "ERROR"; break;
default: errflgname = "?"; break;
};
printf("mm_log: %s: %s\n", errflgname, string);
#endif
}
void mm_notify (MAILSTREAM *stream,char *string,long errflg) {
mm_log(string, errflg);
}
/* c-client callbacks we don't need to implement*/
void mm_flags (MAILSTREAM *stream,unsigned long number){}
void mm_status (MAILSTREAM *stream,char *mailbox,MAILSTATUS *status){}
void mm_searched (MAILSTREAM *stream,unsigned long number){}
void mm_exists (MAILSTREAM *stream,unsigned long number){}
void mm_expunged (MAILSTREAM *stream,unsigned long number){}
void mm_list (MAILSTREAM *stream,int delimiter,char *name,long attributes) {}
void mm_lsub (MAILSTREAM *stream,int delimiter,char *name,long attributes) {}
void mm_dlog (char *string){}
void mm_critical (MAILSTREAM *stream) {}
void mm_nocritical (MAILSTREAM *stream) {}
long mm_diskerror (MAILSTREAM *stream,long errcode,long serious) {}
void mm_fatal (char *string) {}
--- NEW FILE: filtercmd.h ---
/* error definitions */
#define ERR_OK 0
#define ERR_NO_RC_FILE 1
#define ERR_NO_CMD 2
#define ERR_USAGE 3
#define ERR_INVALID_COMMAND 4
#define ERR_USER_IS_ROOT 5
#define ERR_BAD_RC_PATH 6
#define ERR_BAD_TEMP_PATH 7
#define ERR_COPY_CANT_OPEN_SRC 8
#define ERR_COPY_CANT_OPEN_DEST 9
#define ERR_NEED_CREDENTIALS 10
#define ERR_CANT_READ_IMAP_SERVER 11
#define ERR_BAD_UID_GID 12
#define ERR_BAD_CREDENTIALS 13
#define ERR_BAD_LIBRARY 14
static char *err_strings[] = {
/* non error (error index 0) */
"",
/* silent error -- rcexists false result */
"",
"You forgot to provide a command.\n",
/* placeholder - usage errors are expected to be printed directly */
"Usage error - consult filtercmd.c\n",
"Invalid command specified.\n",
/* this command will refuse to handles root's filter files */
"The root user cannot be edited for security reasons\n",
"rc file path fails checks\n",
"temp file path fails checks\n",
"Can't open source file\n",
"Can't open destination file\n",
"Credentials not passed correctly\n",
"Can't read imap server from configfile\n",
"Can't find uid/gid for user\n",
"Bad credentials\n",
"Can't verify credentials, IMAP not supported by library\n",
};
Index: Makefile
===================================================================
RCS file: /cvsroot/serverfilters/script/Makefile,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** Makefile 13 Dec 2003 23:42:30 -0000 1.2
--- Makefile 14 Dec 2003 20:55:27 -0000 1.3
***************
*** 1,11 ****
! LIBS=-lc-client -lssl -lpam -L/usr/kerberos/lib/ -lgssapi_krb5
all: filtercmd
! filtercmd: filtercmd.c filtercmd.opts
! gcc -o filtercmd filtercmd.c `cat filtercmd.opts` $(LIBS)
chmod 4750 filtercmd
! chown root:http filtercmd
test: test.sh filtercmd
sh test.sh
--- 1,28 ----
! HTTPD_GROUP=apache
! CFLAGS=
! #CFLAGS=-DDEBUG
!
! # c-client credentials checking
! CHECKCREDS=checkcreds_cclient.o
! LIBS=/usr/src/local/pine4.58/imap/c-client/c-client.a -lssl -lpam -L/usr/kerberos/lib/ -lgssapi_krb5 -lcrypt
! I=/usr/src/local/pine4.58/imap/c-client/
! CCLIENT_CFLAGS=-I$I '-DMAIL_H="mail.h"' '-DLINKAGE_C="linkage.c"' -DIMAP_TIMEOUT=2
all: filtercmd
! filtercmd: filtercmd.o $(CHECKCREDS)
! gcc -o filtercmd filtercmd.o $(CHECKCREDS) $(LIBS)
chmod 4750 filtercmd
! chown root:$(HTTPD_GROUP) filtercmd
!
! filtercmd.o: filtercmd.c filtercmd.opts
! gcc -c filtercmd.c $(CFLAGS) `cat filtercmd.opts`
!
! checkcreds_cclient.o: checkcreds_cclient.c
! gcc -c checkcreds_cclient.c $(CFLAGS) $(CCLIENT_CFLAGS)
test: test.sh filtercmd
sh test.sh
+
+ clean:
+ rm *.o *~
Index: filtercmd.c
===================================================================
RCS file: /cvsroot/serverfilters/script/filtercmd.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** filtercmd.c 13 Dec 2003 23:42:30 -0000 1.4
--- filtercmd.c 14 Dec 2003 20:55:27 -0000 1.5
***************
*** 6,10 ****
#define MAXLEN 1024
!
#include <stdio.h>
--- 6,10 ----
#define MAXLEN 1024
! /* define DEBUG for debugging output */
#include <stdio.h>
***************
*** 14,20 ****
#include <sys/stat.h>
#include <pwd.h>
!
! // c-client library
! #include <imap/mail.h>
void eperror(register char *);
--- 14,18 ----
#include <sys/stat.h>
#include <pwd.h>
! #include "filtercmd.h"
void eperror(register char *);
***************
*** 27,80 ****
int checkpath(char*, char*);
int validpath(char*, char**);
!
! /* error definitions */
! #define ERR_NO_RC_FILE 1
! #define ERR_NO_CMD 2
! #define ERR_USAGE 3
! #define ERR_INVALID_COMMAND 4
! #define ERR_USER_IS_ROOT 5
! #define ERR_BAD_RC_PATH 6
! #define ERR_BAD_TEMP_PATH 7
! #define ERR_COPY_CANT_OPEN_SRC 8
! #define ERR_COPY_CANT_OPEN_DEST 9
! #define ERR_NEED_CREDENTIALS 10
! #define ERR_CANT_READ_IMAP_SERVER 11
! #define ERR_BAD_UID_GID 12
! #define ERR_BAD_CREDENTIALS 13
!
! static char *err_strings[] = {
! /* non error (error index 0) */
! "",
!
! /* silent error -- rcexists false result */
! "",
!
! "You forgot to provide a command.\n",
!
! /* placeholder - usage errors are expected to be printed directly */
! "Usage error - consult filtercmd.c\n",
!
! "Invalid command specified.\n",
!
! /* this command will refuse to handles root's filter files */
! "The root user cannot be edited for security reasons\n",
!
! "rc file path fails checks\n",
!
! "temp file path fails checks\n",
!
! "Can't open source file\n",
!
! "Can't open destination file\n",
!
! "Credentials not passed correctly\n",
!
! "Can't read imap server from configfile\n",
!
! "Can't find uid/gid for user\n",
!
! "Bad credentials\n",
!
! };
int main(int argc, char *argv[]){
--- 25,29 ----
int checkpath(char*, char*);
int validpath(char*, char**);
! int checkcredentials(char*, char*, char*);
int main(int argc, char *argv[]){
***************
*** 110,115 ****
if((setuid(UID)) < 0) eperror("setuid");
! if (!checkcredentials(imap_server, user, passwd)) {
! return inerror(ERR_BAD_CREDENTIALS);
}
--- 59,64 ----
if((setuid(UID)) < 0) eperror("setuid");
! if (i = checkcredentials(imap_server, user, passwd)) {
! return inerror(i);
}
***************
*** 228,283 ****
return 1;
}
-
- static char *callback_user, *callback_passwd;
-
- int checkcredentials(imapserver, user, passwd)
- char *imapserver;
- char *user;
- char *passwd;
- {
- char mailboxname[STR_MAX];
- int result, debug = 1;
- MAILSTREAM *stream;
-
- /*DEBUG*/
- printf("checkcredentials: imap://%s:%s@%s\n", user, passwd, imapserver);
-
- /* we expect these to be accessed before this function returns */
- callback_user = user;
- callback_passwd = passwd;
-
- snprintf(mailboxname, STR_MAX, "{%s/service=imap}", imapserver);
-
- stream = mail_open(NIL, mailboxname, debug);
-
- return stream != NIL;
- }
-
- /* we must store user and password when this is called */
- void mm_login (NETMBX *mb,char *user,char *pwd,long trial) {
- /* we hope the buffers are big enough */
- strcpy(user, callback_user);
- strcpy(pwd, callback_passwd);
- }
- void mm_log (char *string,long errflg) {
- /*DEBUG*/
- printf("mm_log: %s\n", string);
- }
-
-
- /* c-client callbacks */
- void mm_flags (MAILSTREAM *stream,unsigned long number){}
- void mm_status (MAILSTREAM *stream,char *mailbox,MAILSTATUS *status){}
- void mm_searched (MAILSTREAM *stream,unsigned long number){}
- void mm_exists (MAILSTREAM *stream,unsigned long number){}
- void mm_expunged (MAILSTREAM *stream,unsigned long number){}
- void mm_list (MAILSTREAM *stream,int delimiter,char *name,long attributes) {}
- void mm_lsub (MAILSTREAM *stream,int delimiter,char *name,long attributes) {}
- void mm_notify (MAILSTREAM *stream,char *string,long errflg){}
- void mm_dlog (char *string){}
- void mm_critical (MAILSTREAM *stream) {}
- void mm_nocritical (MAILSTREAM *stream) {}
- long mm_diskerror (MAILSTREAM *stream,long errcode,long serious) {}
- void mm_fatal (char *string) {}
int parsephpstring(varname, line, dest, destlen)
--- 177,180 ----
Index: test.sh
===================================================================
RCS file: /cvsroot/serverfilters/script/test.sh,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** test.sh 13 Dec 2003 19:47:39 -0000 1.1
--- test.sh 14 Dec 2003 20:55:27 -0000 1.2
***************
*** 1,2 ****
! (echo $USER; echo a_password) | ./filtercmd getrc /home/$USER/.procmailrc /tmp/test || echo "RESULT:" $?
--- 1,2 ----
! (echo someuser; echo somepassword) | ./filtercmd getrc /home/tony/.procmailrc /tmp/test; echo "RESULT:" $?
|
|
From: <ton...@us...> - 2003-12-14 10:51:37
|
Update of /cvsroot/serverfilters/script
In directory sc8-pr-cvs1:/tmp/cvs-serv31087
Modified Files:
filtercmd.c
Added Files:
Makefile filtercmd.opts test.sh
Log Message:
Progress on filtercmd credential checking.
filtercmd now reads a username and password from stdin; uses the username
to drop priviledges; reads the IMAP server from a file; but does not yet
actually try log in to the server. Path checking is in place. More
file owner checking needs to be done.
--- NEW FILE: Makefile ---
all: filtercmd
filtercmd: filtercmd.c filtercmd.opts
gcc -o filtercmd filtercmd.c `cat filtercmd.opts`
chmod 4750 filtercmd
chown root:apache filtercmd
test: test.sh filtercmd
sh test.sh
--- NEW FILE: filtercmd.opts ---
-DRCCHECK1="/home/*/.procmailrc"
-DTMPCHECK1="/tmp/*"
--- NEW FILE: test.sh ---
(echo $USER; echo a_password) | ./filtercmd getrc /home/$USER/.procmailrc /tmp/test || echo "RESULT:" $?
Index: filtercmd.c
===================================================================
RCS file: /cvsroot/serverfilters/script/filtercmd.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** filtercmd.c 9 Dec 2003 19:01:28 -0000 1.2
--- filtercmd.c 13 Dec 2003 19:47:39 -0000 1.3
***************
*** 1,10 ****
/*
! how-to compile:
! # gcc -o filtercmd filtercmd.c; chmod 4750 filtercmd; chown root:apache filtercmd
! */
#define STR_MAX 1024
#define MAXLEN 1024
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
--- 1,13 ----
/*
! * filtercmd -- installs/reads filter files (.procmailrc, etc) for squirrelmail
! *
! */
#define STR_MAX 1024
#define MAXLEN 1024
+
+
#include <stdio.h>
+ #include <string.h>
#include <unistd.h>
#include <sys/types.h>
***************
*** 17,21 ****
--- 20,77 ----
int putrc(char*, char*, char*);
int copy_file(char*, char*);
+ int validrcpath(char*);
+ int validtmppath(char*);
+ int checkpath(char*, char*);
+ int validpath(char*, char**);
+
+ /* error definitions */
+ #define ERR_NO_RC_FILE 1
+ #define ERR_NO_CMD 2
+ #define ERR_USAGE 3
+ #define ERR_INVALID_COMMAND 4
+ #define ERR_USER_IS_ROOT 5
+ #define ERR_BAD_RC_PATH 6
+ #define ERR_BAD_TEMP_PATH 7
+ #define ERR_COPY_CANT_OPEN_SRC 8
+ #define ERR_COPY_CANT_OPEN_DEST 9
+ #define ERR_NEED_CREDENTIALS 10
+ #define ERR_CANT_READ_IMAP_SERVER 11
+ #define ERR_BAD_UID_GID 12
+ #define ERR_BAD_CREDENTIALS 13
+ static char *err_strings[] = {
+ /* non error (error index 0) */
+ "",
+
+ /* silent error -- rcexists false result */
+ "",
+
+ "You forgot to provide a command.\n",
+
+ /* placeholder - usage errors are expected to be printed directly */
+ "Usage error - consult filtercmd.c\n",
+
+ "Invalid command specified.\n",
+
+ /* this command will refuse to handles root's filter files */
+ "The root user cannot be edited for security reasons\n",
+
+ "rc file path fails checks\n",
+
+ "temp file path fails checks\n",
+
+ "Can't open source file\n",
+
+ "Can't open destination file\n",
+
+ "Credentials not passed correctly\n",
+
+ "Can't read imap server from configfile\n",
+
+ "Can't find uid/gid for user\n",
+
+ "Bad credentials\n",
+
+ };
int main(int argc, char *argv[]){
***************
*** 29,83 ****
char cmd[STR_MAX];
char user[STR_MAX];
char filter_file[STR_MAX];
char temp_file[STR_MAX];
uid_t UID;
gid_t GID;
! UID = getuid();
! GID = getgid();
!
! if((setuid(0)) < 0) eperror("setuid");
! if((setgid(3)) < 0) eperror("setgid");
! sprintf(cmd,"%s",argv[1]);
if(!strlen(cmd)){
! printf("You forgot to provide a command.\n");
! return 1;
} else {
if (!strcmp("getrc",cmd)) {
if (argc < 4) {
printf("Usage: filtercmd getrc filter_file temp_file\n");
! return 2;
}
! sprintf(filter_file, "%s", argv[2]);
! sprintf(temp_file, "%s", argv[3]);
return getrc(filter_file, temp_file, UID, GID);
} else if (!strcmp("putrc", cmd)) {
if (argc < 5) {
printf("Usage: filtercmd putrc owner temp_file filter_file\n");
! return 3;
}
! sprintf(user, "%s", argv[2]);
if(!strcmp(user,"root") && !strcmp(user, "0")){
! printf("The file cannot have root ownership for security reasons.\n");
! return 6; //the root user cannot be edited for security reasons
}
! sprintf(temp_file, "%s", argv[3]);
! sprintf(filter_file, "%s", argv[4]);
return putrc(user, temp_file, filter_file);
} else if (!strcmp("rcexists",cmd)) {
if (argc < 3) {
printf("Usage: filtercmd rcexists filter_file\n");
! return 4;
}
! sprintf(filter_file, "%s", argv[2]);
return rcexists(filter_file);
} else if (argc > 1) {
! printf("Invalid command specified.\n");
! return 5;
} else {
printf("Usage: filtercmd [getrc|putrc|rcexists]\n");
! return 7;
}
}
--- 85,151 ----
char cmd[STR_MAX];
char user[STR_MAX];
+ char passwd[STR_MAX];
char filter_file[STR_MAX];
char temp_file[STR_MAX];
+ char imap_server[STR_MAX];
uid_t UID;
gid_t GID;
! if (!readcredentials(user, passwd, STR_MAX)) {
! return inerror(ERR_NEED_CREDENTIALS);
! }
! if (!readimapserver(imap_server, STR_MAX)) {
! return inerror(ERR_CANT_READ_IMAP_SERVER);
! }
!
! if (!finduidgid(user, &UID, &GID)) {
! return inerror(ERR_BAD_UID_GID);
! }
!
! if((setgid(GID)) < 0) eperror("setgid");
! if((setuid(UID)) < 0) eperror("setuid");
!
! if (!checkcredentials(imap_server, user, passwd)) {
! return inerror(ERR_BAD_CREDENTIALS);
! }
!
! strncpy(cmd,argv[1],STR_MAX);
if(!strlen(cmd)){
! return inerror(ERR_NO_CMD);
} else {
if (!strcmp("getrc",cmd)) {
if (argc < 4) {
printf("Usage: filtercmd getrc filter_file temp_file\n");
! return ERR_USAGE;
}
! strncpy(filter_file, argv[2], STR_MAX);
! strncpy(temp_file, argv[3], STR_MAX);
return getrc(filter_file, temp_file, UID, GID);
} else if (!strcmp("putrc", cmd)) {
if (argc < 5) {
printf("Usage: filtercmd putrc owner temp_file filter_file\n");
! return ERR_USAGE;
}
! strncpy(user, argv[2], STR_MAX);
if(!strcmp(user,"root") && !strcmp(user, "0")){
! return inerror(ERR_USER_IS_ROOT);
}
! strncpy(temp_file, argv[3], STR_MAX);
! strncpy(filter_file, argv[4], STR_MAX);
return putrc(user, temp_file, filter_file);
} else if (!strcmp("rcexists",cmd)) {
if (argc < 3) {
printf("Usage: filtercmd rcexists filter_file\n");
! return ERR_USAGE;
}
! strncpy(filter_file, argv[2], STR_MAX);
return rcexists(filter_file);
} else if (argc > 1) {
! return inerror(ERR_INVALID_COMMAND);
} else {
printf("Usage: filtercmd [getrc|putrc|rcexists]\n");
! return ERR_USAGE;
}
}
***************
*** 94,109 ****
Thiago Melo de Paula - th...@fa...
*/
! char str[50];
! sprintf(str,"filtercmd - %s",s);
perror(str);
exit(1);
}
int rcexists(char* filter_file)
{
FILE *filter;
if(!(filter=fopen(filter_file,"r"))){
! return 7;
} else {
fclose(filter);
--- 162,271 ----
Thiago Melo de Paula - th...@fa...
*/
! char str[STR_MAX];
! snprintf(str,STR_MAX,"filtercmd - %s",s);
perror(str);
exit(1);
}
+ int inerror(errnum)
+ int errnum;
+ {
+ fprintf(stderr, "%s", err_strings[errnum]);
+ return errnum;
+ }
+
+ /* Read credentials from stdin; user and passwd should each be on a line
+ * user may not include spaces. FIXME: password may not include
+ * spaces either, currently.
+ */
+ int readcredentials(user, passwd, n)
+ char *user;
+ char *passwd;
+ int n;
+ {
+ int result;
+ /* we limit credentials to 100 characters in the scanf string.
+ make sure we were passed big enough buffers (including room for NUL) */
+ if (n <= 100) return 0;
+ result = scanf("%100s%100s", user, passwd);
+ if (result == EOF || result < 2) return 0;
+ return 1;
+ }
+
+ #define CONFIGFILE "/etc/squirrelmail/config.php"
+ int readimapserver(server, serverlen)
+ char *server;
+ int serverlen;
+ {
+ FILE *f;
+ char line[STR_MAX];
+ int foundserver = 0;
+
+ f = fopen(CONFIGFILE, "r");
+ if (!f) return 0;
+ while (fgets(line, STR_MAX, f)) {
+ if (!foundserver)
+ foundserver = parsephpstring("$imapServerAddress", line, server, serverlen);
+ }
+ return foundserver;
+ }
+
+ int finduidgid(user, uid, gid)
+ char *user;
+ uid_t *uid;
+ gid_t *gid;
+ {
+ struct passwd *p;
+
+ p = getpwnam(user);
+ if (!p) return 0;
+ *uid = p->pw_uid;
+ *gid = p->pw_gid;
+ return 1;
+ }
+
+ int checkcredentials(imapserver, user, passwd)
+ char *imapserver;
+ char *user;
+ char *passwd;
+ {
+ /*DEBUG*/
+ printf("checkcredentials: imap://%s:%s@%s\n", user, passwd, imapserver);
+
+ /*FIXME*/
+ printf("WARNING: credentials not checked\n");
+ return 1;
+ }
+
+ int parsephpstring(varname, line, dest, destlen)
+ char *varname;
+ char *line;
+ char *dest;
+ int destlen;
+ {
+ char *s;
+ int n;
+
+ s = strstr(line, varname);
+ if (s == NULL) return 0;
+
+ /* skip ahead to either ' or " */
+ s += strcspn(line, "\"'\0\n") + 1;
+ n = strcspn(s, "\"'\0\n");
+ if (n > destlen) n = destlen;
+ strncpy(dest, s, n);
+ return 1;
+ }
+
int rcexists(char* filter_file)
{
FILE *filter;
+ if (!validrcpath(filter_file)) {
+ return inerror(ERR_BAD_RC_PATH);
+ }
+
if(!(filter=fopen(filter_file,"r"))){
! return ERR_NO_RC_FILE; /* silent */
} else {
fclose(filter);
***************
*** 115,119 ****
int getrc(char* filter_file, char* temp_file, uid_t UID, gid_t GID)
{
! copy_file(filter_file, temp_file);
chown(temp_file, UID, GID);
return 0;
--- 277,290 ----
int getrc(char* filter_file, char* temp_file, uid_t UID, gid_t GID)
{
! int result;
!
! if (!validrcpath(filter_file)) {
! return inerror(ERR_BAD_RC_PATH);
! }
! if (!validtmppath(temp_file)) {
! return inerror(ERR_BAD_TEMP_PATH);
! }
! result = copy_file(filter_file, temp_file);
! if (result) return result;
chown(temp_file, UID, GID);
return 0;
***************
*** 123,130 ****
{
struct passwd* user_pass;
! user_pass = getpwnam(user);
! if (copy_file(temp_file, filter_file)) {
! return 10;
}
chown(filter_file, user_pass->pw_uid, user_pass->pw_gid);
--- 294,310 ----
{
struct passwd* user_pass;
! int result;
! if (!validrcpath(filter_file)) {
! return inerror(ERR_BAD_RC_PATH);
! }
! if (!validtmppath(temp_file)) {
! return inerror(ERR_BAD_TEMP_PATH);
! }
!
! user_pass = getpwnam(user);
!
! if (result = copy_file(temp_file, filter_file)) {
! return result;
}
chown(filter_file, user_pass->pw_uid, user_pass->pw_gid);
***************
*** 140,149 ****
if (!(infile=fopen(old_file,"r"))) {
! printf("Could not open %s", old_file);
! return 8;
}
if (!(outfile=fopen(new_file,"w"))) {
! printf("Could not open %s", new_file);
! return 9;
}
--- 320,329 ----
if (!(infile=fopen(old_file,"r"))) {
! fprintf(stderr, "Could not open %s\n", old_file);
! return ERR_COPY_CANT_OPEN_SRC;
}
if (!(outfile=fopen(new_file,"w"))) {
! fprintf(stderr, "Could not open %s\n", new_file);
! return ERR_COPY_CANT_OPEN_DEST;
}
***************
*** 155,156 ****
--- 335,413 ----
return 0;
}
+
+ /* Path checking code. To limit the files that this command will touch,
+ * define RCHECK1,2,3 to be a path with a single '*',
+ * e.g. "/home/ * /.procmailrc" (take spaces out)
+ *
+ * At least one check must pass for a given file to be touched.
+ */
+
+ #ifndef RCCHECK1
+ #define RCCHECK1 "*"
+ #endif
+ #ifndef RCCHECK2
+ #define RCCHECK2 NULL
+ #endif
+ #ifndef RCCHECK3
+ #define RCCHECK3 NULL
+ #endif
+
+ static char *rcpathchecks[] = {
+ RCCHECK1,
+ RCCHECK2,
+ RCCHECK3,
+ NULL,
+ };
+
+ #ifndef TMPCHECK1
+ #define TMPCHECK1 "*"
+ #endif
+ #ifndef TMPCHECK2
+ #define TMPCHECK2 NULL
+ #endif
+ #ifndef TMPCHECK3
+ #define TMPCHECK3 NULL
+ #endif
+
+ static char *tmppathchecks[] = {
+ TMPCHECK1,
+ TMPCHECK2,
+ TMPCHECK3,
+ NULL,
+ };
+
+ int validrcpath(char* file) {
+ return validpath(file, rcpathchecks);
+ }
+
+ int validtmppath(char* file) {
+ return validpath(file, tmppathchecks);
+ }
+
+ int validpath(char *file, char **p) {
+ for (; *p; p++) {
+ if (checkpath(file, *p))
+ return 1;
+ }
+ return 0;
+ }
+
+ int checkpath(char* file, char* check) {
+ char *starpos, *suffix;
+ int filelen, starlen, minlen, suffixlen;
+
+ starpos = strchr(check, '*');
+ if (starpos == NULL)
+ starpos = strchr(check, '\0');
+ starlen = starpos - check;
+ filelen = strlen(file);
+ minlen = starlen < filelen ? starlen : filelen;
+ suffix = starpos + 1;
+ suffixlen = strlen(suffix);
+
+ return filelen >= suffixlen \
+ && strncmp(file, check, minlen) == 0 \
+ && strcmp(file+(filelen-suffixlen), suffix) == 0;
+ }
+
+
|
|
From: <ton...@us...> - 2003-12-14 09:47:51
|
Update of /cvsroot/serverfilters/script
In directory sc8-pr-cvs1:/tmp/cvs-serv4444
Modified Files:
Makefile filtercmd.c
Log Message:
Use c-client library for authentication (not fully working)
Index: Makefile
===================================================================
RCS file: /cvsroot/serverfilters/script/Makefile,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** Makefile 13 Dec 2003 19:47:38 -0000 1.1
--- Makefile 13 Dec 2003 23:42:30 -0000 1.2
***************
*** 1,8 ****
all: filtercmd
filtercmd: filtercmd.c filtercmd.opts
! gcc -o filtercmd filtercmd.c `cat filtercmd.opts`
chmod 4750 filtercmd
! chown root:apache filtercmd
test: test.sh filtercmd
--- 1,10 ----
+ LIBS=-lc-client -lssl -lpam -L/usr/kerberos/lib/ -lgssapi_krb5
+
all: filtercmd
filtercmd: filtercmd.c filtercmd.opts
! gcc -o filtercmd filtercmd.c `cat filtercmd.opts` $(LIBS)
chmod 4750 filtercmd
! chown root:http filtercmd
test: test.sh filtercmd
Index: filtercmd.c
===================================================================
RCS file: /cvsroot/serverfilters/script/filtercmd.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** filtercmd.c 13 Dec 2003 19:47:39 -0000 1.3
--- filtercmd.c 13 Dec 2003 23:42:30 -0000 1.4
***************
*** 15,18 ****
--- 15,21 ----
#include <pwd.h>
+ // c-client library
+ #include <imap/mail.h>
+
void eperror(register char *);
int rcexists(char *);
***************
*** 226,229 ****
--- 229,234 ----
}
+ static char *callback_user, *callback_passwd;
+
int checkcredentials(imapserver, user, passwd)
char *imapserver;
***************
*** 231,242 ****
char *passwd;
{
/*DEBUG*/
printf("checkcredentials: imap://%s:%s@%s\n", user, passwd, imapserver);
! /*FIXME*/
! printf("WARNING: credentials not checked\n");
! return 1;
}
int parsephpstring(varname, line, dest, destlen)
char *varname;
--- 236,284 ----
char *passwd;
{
+ char mailboxname[STR_MAX];
+ int result, debug = 1;
+ MAILSTREAM *stream;
+
/*DEBUG*/
printf("checkcredentials: imap://%s:%s@%s\n", user, passwd, imapserver);
! /* we expect these to be accessed before this function returns */
! callback_user = user;
! callback_passwd = passwd;
!
! snprintf(mailboxname, STR_MAX, "{%s/service=imap}", imapserver);
!
! stream = mail_open(NIL, mailboxname, debug);
!
! return stream != NIL;
! }
!
! /* we must store user and password when this is called */
! void mm_login (NETMBX *mb,char *user,char *pwd,long trial) {
! /* we hope the buffers are big enough */
! strcpy(user, callback_user);
! strcpy(pwd, callback_passwd);
! }
! void mm_log (char *string,long errflg) {
! /*DEBUG*/
! printf("mm_log: %s\n", string);
}
+
+ /* c-client callbacks */
+ void mm_flags (MAILSTREAM *stream,unsigned long number){}
+ void mm_status (MAILSTREAM *stream,char *mailbox,MAILSTATUS *status){}
+ void mm_searched (MAILSTREAM *stream,unsigned long number){}
+ void mm_exists (MAILSTREAM *stream,unsigned long number){}
+ void mm_expunged (MAILSTREAM *stream,unsigned long number){}
+ void mm_list (MAILSTREAM *stream,int delimiter,char *name,long attributes) {}
+ void mm_lsub (MAILSTREAM *stream,int delimiter,char *name,long attributes) {}
+ void mm_notify (MAILSTREAM *stream,char *string,long errflg){}
+ void mm_dlog (char *string){}
+ void mm_critical (MAILSTREAM *stream) {}
+ void mm_nocritical (MAILSTREAM *stream) {}
+ long mm_diskerror (MAILSTREAM *stream,long errcode,long serious) {}
+ void mm_fatal (char *string) {}
+
int parsephpstring(varname, line, dest, destlen)
char *varname;
***************
*** 338,342 ****
/* Path checking code. To limit the files that this command will touch,
* define RCHECK1,2,3 to be a path with a single '*',
! * e.g. "/home/ * /.procmailrc" (take spaces out)
*
* At least one check must pass for a given file to be touched.
--- 380,384 ----
/* Path checking code. To limit the files that this command will touch,
* define RCHECK1,2,3 to be a path with a single '*',
! * e.g. "/home/ * /.procmailrc" (without the spaces)
*
* At least one check must pass for a given file to be touched.
|
|
From: <ton...@us...> - 2003-12-14 08:44:32
|
Update of /cvsroot/serverfilters In directory sc8-pr-cvs1:/tmp/cvs-serv4718 Modified Files: functions.php Log Message: Workaround for unlink errors on getrc /tmp file |
|
From: <ton...@us...> - 2003-12-14 08:38:29
|
Update of /cvsroot/serverfilters
In directory sc8-pr-cvs1:/tmp/cvs-serv3720
Modified Files:
backend.php functions.php
Log Message:
Invoke filtercmd with credentials
Index: functions.php
===================================================================
RCS file: /cvsroot/serverfilters/functions.php,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** functions.php 11 Dec 2003 16:28:51 -0000 1.7
--- functions.php 13 Dec 2003 22:03:40 -0000 1.8
***************
*** 30,35 ****
$localfile = "/tmp/$FILTERFILE.$username";
if (filter_exists($file)) {
! $command = escapeshellcmd("../plugins/serversidefilter/script/filtercmd getrc $file $localfile");
! system($command);
} else
touch($localfile);
--- 30,34 ----
$localfile = "/tmp/$FILTERFILE.$username";
if (filter_exists($file)) {
! $result = invoke_filtercmd("getrc $file $localfile");
} else
touch($localfile);
***************
*** 45,50 ****
$file = "$path/$FILTERFILE";
! $command = escapeshellcmd("../plugins/serversidefilter/script/filtercmd rcexists $file");
! system($command, $exists);
if ($exists == 0) {
return true;
--- 44,48 ----
$file = "$path/$FILTERFILE";
! $exists = invoke_filtercmd("rcexists $file");
if ($exists == 0) {
return true;
***************
*** 69,74 ****
$user = $username;
! $command = escapeshellcmd("../plugins/serversidefilter/script/filtercmd putrc $user $file $newfile");
! system($command);
}
--- 67,71 ----
$user = $username;
! $result = invoke_filtercmd("putrc $user $file $newfile");
}
***************
*** 95,100 ****
fclose($fd);
! $command = escapeshellcmd("../plugins/serversidefilter/script/filtercmd putrc $user $tmpfile $dot_qmail");
! system($command);
}
--- 92,96 ----
fclose($fd);
! $result = invoke_filtercmd("putrc $user $tmpfile $dot_qmail");
}
***************
*** 117,122 ****
fclose($fd);
! $command = escapeshellcmd("../plugins/serversidefilter/script/filtercmd putrc $username $tmpfile $dot_forward");
! system($command);
}
--- 113,117 ----
fclose($fd);
! $result = invoke_filtercmd("putrc $username $tmpfile $dot_forward");
}
|
|
From: <ton...@us...> - 2003-12-14 08:38:29
|
Update of /cvsroot/serverfilters/script In directory sc8-pr-cvs1:/tmp/cvs-serv3902/script Modified Files: filtercmd.opts Log Message: Additional default RCCHECKs Index: filtercmd.opts =================================================================== RCS file: /cvsroot/serverfilters/script/filtercmd.opts,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** filtercmd.opts 13 Dec 2003 19:47:39 -0000 1.1 --- filtercmd.opts 13 Dec 2003 22:04:20 -0000 1.2 *************** *** 1,2 **** --- 1,4 ---- -DRCCHECK1="/home/*/.procmailrc" + -DRCCHECK2="/home/*/.mailfilter" + -DRCCHECK3="/home/*/.qmail" -DTMPCHECK1="/tmp/*" |
|
From: <jgs...@us...> - 2003-12-11 16:28:54
|
Update of /cvsroot/serverfilters
In directory sc8-pr-cvs1:/tmp/cvs-serv3576
Modified Files:
ChangeLog config.php functions.php recipie_functions.php
Log Message:
Added option to create dot forward files.
Index: config.php
===================================================================
RCS file: /cvsroot/serverfilters/config.php,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** config.php 11 Dec 2003 15:51:40 -0000 1.7
--- config.php 11 Dec 2003 16:28:51 -0000 1.8
***************
*** 28,31 ****
--- 28,33 ----
* you may put [DOMAIN] and [USERNAME] in this entry
* and the appropriate domain name and username will be entered.
+ * Additionally for virtual domains you can use [DOMUSER] which will be replaced
+ * with the username that owns the domain.
*/
//$FILTERDIR = '/var/lib/squirrelmail/home/[DOMAIN]/[USERNAME]';
***************
*** 108,118 ****
$SEPERATOR = '@';
! // Plugin will creat appropriate .qmail file for your filter
! // filter application if you set this to 1.
! // Set this to 0 if you do not use qmail or you want to create the
// files yourself
! // Currently only works if FTP method is selected
! $CREATE_DOT_QMAIL = 1;
$DOT_QMAIL_DIR = "/home/email/[DOMUSER]/";
?>
--- 110,125 ----
$SEPERATOR = '@';
! // Plugin will creat appropriate .qmail or .forward file for your filter
! // filter application if you set this to true.
! // Set this to false if you do not use qmail or you want to create the
// files yourself
! // .forward files don't really make sense for virtual domains, so this
! // option will be ignored if virtual domains are enabled. If you really
! // want this capability try adding a "| forward" to the default delivery
! $CREATE_DOT_QMAIL = true;
$DOT_QMAIL_DIR = "/home/email/[DOMUSER]/";
+
+ $CREATE_DOT_FORWARD = false;
+ $DOT_FORWARD_DIR = "/home/[USERNAME]/";
?>
Index: functions.php
===================================================================
RCS file: /cvsroot/serverfilters/functions.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** functions.php 11 Dec 2003 15:51:40 -0000 1.6
--- functions.php 11 Dec 2003 16:28:51 -0000 1.7
***************
*** 77,88 ****
$tmpfile = "/tmp/.qmail-$username";
if ($VIRTUAL_DOMAINS) {
list($user, $domain) = split($SEPERATOR,$username);
$user = my_virtual_domain_user($domain);
! $dot_qmail = "$DOT_QMAIL_DIR/.qmail-$user";
} else {
$user = $username;
! $dot_qmail = "$DOT_QMAIL_DIR/.qmail";
}
$fd = fopen($tmpfile,"w");
$filterpath = vd_replace($FILTERDIR);
--- 77,91 ----
$tmpfile = "/tmp/.qmail-$username";
+ $qmail_dir = vd_replace($DOT_QMAIL_DIR);
+
if ($VIRTUAL_DOMAINS) {
list($user, $domain) = split($SEPERATOR,$username);
$user = my_virtual_domain_user($domain);
! $dot_qmail = "$qmail_dir/.qmail-$user";
} else {
$user = $username;
! $dot_qmail = "$qmail_dir/.qmail";
}
+
$fd = fopen($tmpfile,"w");
$filterpath = vd_replace($FILTERDIR);
***************
*** 92,98 ****
fclose($fd);
! $command = escapeshellcmd("sudo ../plugins/serversidefilter/script/putrc $user $tmpfile $dot_qmail");
! system($command, $exists);
}
--- 95,122 ----
fclose($fd);
! $command = escapeshellcmd("../plugins/serversidefilter/script/filtercmd putrc $user $tmpfile $dot_qmail");
! system($command);
! }
!
! function write_dot_forward() {
! global $username, $VIRTUAL_DOMAINS, $FILTERDIR, $FILTERFILE, $FILTER_APP_PATH, $DOT_FORWARD_DIR;
!
! if ($VIRTUAL_DOMAINS) {
! return;
! }
!
! $tmpfile = "/tmp/.forward-$username";
! $forward_dir = vd_replace($DOT_FORWARD_DIR);
! $dot_forward = "$forward_dir/.forward";
!
! $fd = fopen($tmpfile,"w");
! $filterpath = vd_replace($FILTERDIR);
! $filterfile = "$filterpath/$FILTERFILE";
! $contents = "|$FILTER_APP_PATH $filterfile\n";
! fwrite($fd, $contents);
! fclose($fd);
+ $command = escapeshellcmd("../plugins/serversidefilter/script/filtercmd putrc $username $tmpfile $dot_forward");
+ system($command);
}
Index: recipie_functions.php
===================================================================
RCS file: /cvsroot/serverfilters/recipie_functions.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** recipie_functions.php 9 Dec 2003 06:50:12 -0000 1.3
--- recipie_functions.php 11 Dec 2003 16:28:51 -0000 1.4
***************
*** 97,101 ****
function write_recipies($oldfile, $newfile) {
global $username, $recipies, $SEPERATOR, $SPAMFILTER, $SPAMHEADER, $UNSUREVALUE, $SPAMVALUE,
! $VIRTUAL_DOMAINS, $LOCAL_MAILDIR, $FILE_BACKEND, $CREATE_DOT_QMAIL;
if (isset($VIRTUAL_DOMAINS) && $VIRTUAL_DOMAINS==1)
--- 97,101 ----
function write_recipies($oldfile, $newfile) {
global $username, $recipies, $SEPERATOR, $SPAMFILTER, $SPAMHEADER, $UNSUREVALUE, $SPAMVALUE,
! $VIRTUAL_DOMAINS, $LOCAL_MAILDIR, $FILE_BACKEND, $CREATE_DOT_QMAIL, $CREATE_DOT_FORWARD;
if (isset($VIRTUAL_DOMAINS) && $VIRTUAL_DOMAINS==1)
***************
*** 162,172 ****
fclose($nf);
! if (isset($CREATE_DOT_QMAIL) && $CREATE_DOT_QMAIL == 1)
write_dot_qmail();
}
function create_filter() {
global $username, $SEPERATOR, $SPAMFILTER, $FILTERFILE,
! $VIRTUAL_DOMAINS, $LOCAL_MAILDIR, $FILE_BACKEND, $CREATE_DOT_QMAIL;
if (isset($VIRTUAL_DOMAINS) && $VIRTUAL_DOMAINS==1)
--- 162,175 ----
fclose($nf);
! if (isset($CREATE_DOT_QMAIL) && $CREATE_DOT_QMAIL)
write_dot_qmail();
+ if (isset($CREATE_DOT_FORWARD) && $CREATE_DOT_FORWARD)
+ write_dot_forward();
+
}
function create_filter() {
global $username, $SEPERATOR, $SPAMFILTER, $FILTERFILE,
! $VIRTUAL_DOMAINS, $LOCAL_MAILDIR, $FILE_BACKEND, $CREATE_DOT_QMAIL, $CREATE_DOT_FORWARD;
if (isset($VIRTUAL_DOMAINS) && $VIRTUAL_DOMAINS==1)
***************
*** 193,199 ****
filter_put($file);
unlink($file);
! if (isset($CREATE_DOT_QMAIL) && $CREATE_DOT_QMAIL == 1 &&
! $FILE_BACKEND != 'local')
write_dot_qmail();
}
--- 196,203 ----
filter_put($file);
unlink($file);
! if (isset($CREATE_DOT_QMAIL) && $CREATE_DOT_QMAIL)
write_dot_qmail();
+ if (isset($CREATE_DOT_FORWARD) && $CREATE_DOT_FORWARD)
+ write_dot_forward();
}
|
|
From: <jgs...@us...> - 2003-12-11 15:51:43
|
Update of /cvsroot/serverfilters
In directory sc8-pr-cvs1:/tmp/cvs-serv27402
Modified Files:
backend.php config.php functions.php options.php
Log Message:
Removed FILTERFILE variable from config file. The plugin now assumes:
.mailfilter for maildrop and
.procmailrc for procmail
Index: config.php
===================================================================
RCS file: /cvsroot/serverfilters/config.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** config.php 11 Dec 2003 15:33:25 -0000 1.6
--- config.php 11 Dec 2003 15:51:40 -0000 1.7
***************
*** 7,15 ****
! global $ALWAYS_CREATE, $FILTERDIR, $FILTERFILE, $FILTER_APP_PATH,
! $DEFAULT_DELIVERY, $ALLOW_UNSUBSCRIBED, $SPAMFILTER, $SPAMHEADER,
! $SPAMFILTERMAXKB, $SPAMVALUE, $UNSUREVALUE, $VIRTUAL_DOMAINS,
! $LOCAL_MAILDIR, $USE_MAILDIRS, $SEPERATOR, $CREATE_DOT_QMAIL,
! $DOT_QMAIL_DIR;
/**
--- 7,14 ----
! global $ALWAYS_CREATE, $FILTERDIR, $FILTER_APP_PATH, $DEFAULT_DELIVERY,
! $ALLOW_UNSUBSCRIBED, $SPAMFILTER, $SPAMHEADER, $SPAMFILTERMAXKB,
! $SPAMVALUE, $UNSUREVALUE, $VIRTUAL_DOMAINS, $LOCAL_MAILDIR,
! $USE_MAILDIRS, $SEPERATOR, $CREATE_DOT_QMAIL, $DOT_QMAIL_DIR;
/**
***************
*** 32,42 ****
//$FILTERDIR = '/var/lib/squirrelmail/home/[DOMAIN]/[USERNAME]';
$FILTERDIR = '/home/email/[DOMUSER]/users/[USERNAME]';
-
- /*
- * FILTERFILE
- * Name of the filter file
- */
- //$FILTERFILE = '.procmailrc';
- $FILTERFILE = '.mailfilter';
/*
--- 31,34 ----
Index: functions.php
===================================================================
RCS file: /cvsroot/serverfilters/functions.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** functions.php 9 Dec 2003 20:05:52 -0000 1.5
--- functions.php 11 Dec 2003 15:51:40 -0000 1.6
***************
*** 107,110 ****
--- 107,112 ----
$FILTER_ARRY = explode("/", $FILTER_APP_PATH);
$FILTER_APP = $FILTER_ARRY[count($FILTER_ARRY)-1];
+ $set_filterfile = $FILTER_APP.'_set_filterfile';
+ $set_filterfile();
}
Index: options.php
===================================================================
RCS file: /cvsroot/serverfilters/options.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** options.php 11 Dec 2003 15:33:25 -0000 1.6
--- options.php 11 Dec 2003 15:51:40 -0000 1.7
***************
*** 90,95 ****
$recipies = array();
- $file = filter_get();
set_filter_app();
read_recipies($file);
--- 90,95 ----
$recipies = array();
set_filter_app();
+ $file = filter_get();
read_recipies($file);
|
|
From: <jgs...@us...> - 2003-12-11 15:34:20
|
Update of /cvsroot/serverfilters In directory sc8-pr-cvs1:/tmp/cvs-serv24384 Modified Files: ChangeLog Log Message: Added feature to optionally allow filtering to unsubscribed mailboxes. |
|
From: <jgs...@us...> - 2003-12-11 15:33:32
|
Update of /cvsroot/serverfilters In directory sc8-pr-cvs1:/tmp/cvs-serv24223 Modified Files: config.php options.php Log Message: Added feature to optionally allow filtering to unsubscribed mailboxes. Index: options.php =================================================================== RCS file: /cvsroot/serverfilters/options.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** options.php 11 Dec 2003 15:17:02 -0000 1.5 --- options.php 11 Dec 2003 15:33:25 -0000 1.6 *************** *** 75,79 **** } ! $boxes = sqimap_mailbox_list($imapConnection); if (!$previously_connected) --- 75,82 ---- } ! if (isset($ALLOW_UNSUBSCRIBED) and $ALLOW_UNSUBSCRIBED) ! $boxes = sqimap_mailbox_list_all ($imapConnection); ! else ! $boxes = sqimap_mailbox_list($imapConnection); if (!$previously_connected) |
|
From: <jgs...@us...> - 2003-12-11 15:17:05
|
Update of /cvsroot/serverfilters In directory sc8-pr-cvs1:/tmp/cvs-serv20411 Modified Files: options.php Log Message: Removed extra "unlink" statements. |
|
From: <ton...@us...> - 2003-12-09 21:13:20
|
Update of /cvsroot/serverfilters
In directory sc8-pr-cvs1:/tmp/cvs-serv20508
Modified Files:
config.php backend.php
Log Message:
SPAMFILTERMAXKB setting -- limits size of messages passed through spam filters
Index: backend.php
===================================================================
RCS file: /cvsroot/serverfilters/backend.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** backend.php 9 Dec 2003 19:34:17 -0000 1.4
--- backend.php 9 Dec 2003 21:13:17 -0000 1.5
***************
*** 123,129 ****
function procmail_write_spam_filter($fd) {
! global $username, $SPAMFILTER;
$spamfiltercmd = vd_replace($SPAMFILTER);
! fputs($fd, "\n:0wf\n| ${spamfiltercmd}\n");
}
--- 123,136 ----
function procmail_write_spam_filter($fd) {
! global $username, $SPAMFILTER, $SPAMFILTERMAXKB;
!
$spamfiltercmd = vd_replace($SPAMFILTER);
! if (isset($SPAMFILTERMAXKB) && $SPAMFILTERMAXKB > 0) {
! $bytes = $SPAMFILTERMAXKB * 1024;
! $rules = "* < $bytes\n";
! } else {
! $rules = "";
! }
! fputs($fd, "\n:0wf$rules\n| ${spamfiltercmd}\n");
}
***************
*** 181,187 ****
function maildrop_write_spam_filter($fd) {
! global $username, $SPAMFILTER;
! fputs($fd, "\nxfilter \"${SPAMFILTER} -u ${username} -f\"\n");
}
--- 188,200 ----
function maildrop_write_spam_filter($fd) {
! global $username, $SPAMFILTER, $SPAMFILTERMAXKB;
! $spamfiltercmd = vd_replace($SPAMFILTER);
! $maildropcmd = "\nxfilter \"${spamfiltercmd}\"\n";
! if (isset($SPAMFILTERMAXKB) && $SPAMFILTERMAXKB > 0) {
! $bytes = $SPAMFILTERMAXKB * 1024;
! $maildropcmd = "\n".'if ($SIZE < '.$bytes.")\n{".$maildropcmd."}\n";
! }
! fputs($fd, $maildropcmd);
}
|
|
From: <jgs...@us...> - 2003-12-09 20:06:02
|
Update of /cvsroot/serverfilters
In directory sc8-pr-cvs1:/tmp/cvs-serv7521
Modified Files:
config.php functions.php options.php package
Log Message:
Got rid of redundant $FILTER_APP in config file. $FILTER_APP_PATH is sufficient
Index: functions.php
===================================================================
RCS file: /cvsroot/serverfilters/functions.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** functions.php 9 Dec 2003 19:34:17 -0000 1.4
--- functions.php 9 Dec 2003 20:05:52 -0000 1.5
***************
*** 102,105 ****
--- 102,112 ----
*/
+ function set_filter_app () {
+ global $FILTER_APP_PATH, $FILTER_APP;
+
+ $FILTER_ARRY = explode("/", $FILTER_APP_PATH);
+ $FILTER_APP = $FILTER_ARRY[count($FILTER_ARRY)-1];
+ }
+
function write_filter_recipie($fd, $action, $field, $string, $folder,
$toFolder, $toAddress, $add_string) {
Index: options.php
===================================================================
RCS file: /cvsroot/serverfilters/options.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** options.php 9 Dec 2003 06:50:12 -0000 1.3
--- options.php 9 Dec 2003 20:05:53 -0000 1.4
***************
*** 88,91 ****
--- 88,92 ----
$file = filter_get();
+ set_filter_app();
read_recipies($file);
Index: package
===================================================================
RCS file: /cvsroot/serverfilters/package,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** package 9 Dec 2003 19:34:17 -0000 1.5
--- package 9 Dec 2003 20:05:53 -0000 1.6
***************
*** 19,23 ****
cp config.php serversidefilter/config.php.sample
! cp setup.php options.php functions.php backend.php ChangeLog index.php README virtauldomains.sample recipie_functions.php version serversidefilter/
cp images/*.gif serversidefilter/images
cp script/filtercmd.c serversidefilter/script/
--- 19,23 ----
cp config.php serversidefilter/config.php.sample
! cp setup.php options.php functions.php backend.php ChangeLog index.php README virtualdomains.sample recipie_functions.php version serversidefilter/
cp images/*.gif serversidefilter/images
cp script/filtercmd.c serversidefilter/script/
|
|
From: <jgs...@us...> - 2003-12-09 19:42:16
|
Update of /cvsroot/serverfilters In directory sc8-pr-cvs1:/tmp/cvs-serv3215 Modified Files: ChangeLog Log Message: Fixed change log. I was adding my changes to an already realeased version. |
|
From: <jgs...@us...> - 2003-12-09 19:38:49
|
Update of /cvsroot/serverfilters In directory sc8-pr-cvs1:/tmp/cvs-serv2469 Modified Files: README Log Message: Added note to previous users, that they should reconfigure their config file. |
|
From: <jgs...@us...> - 2003-12-09 19:34:22
|
Update of /cvsroot/serverfilters
In directory sc8-pr-cvs1:/tmp/cvs-serv1550
Modified Files:
README backend.php functions.php package
Added Files:
virtualdomains.sample
Log Message:
Made changes to make plugin more independent of virtual domain/ mail server configurations.
Index: README
===================================================================
RCS file: /cvsroot/serverfilters/README,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** README 9 Dec 2003 06:50:12 -0000 1.3
--- README 9 Dec 2003 19:34:17 -0000 1.4
***************
*** 20,25 ****
Compatibility plugin
Maildrop or procmail
- ftp support in php if using ftp backend
- libmcrypt support if mcrypt is used for encryption
INSTALLATION
--- 20,23 ----
***************
*** 32,35 ****
--- 30,53 ----
4) reconfigure SquirrelMail to enable the ServerSideFilter plugin.
+
+ 5) If your webserver runs as a user OTHER than apache:
+ chown root:webuser script/filtercmd
+ where webuser is the user that Apache runs as.
+
+ Virtual Domain users:
+ 6) If you use qmail:
+ ln -s /var/qmail/control/virtualdomains .
+
+ If you use another mail server:
+ cp ./virtualdomains.sample ./virtualdomains
+
+ edit the virtualdomains file.
+ The format is:
+ domain:domain_user
+
+ Where domain is the domain of each of your virtual domains
+ and domain_user is the unix name of the user that owns the
+ directory containing the mail folders for that domain.
+
Index: backend.php
===================================================================
RCS file: /cvsroot/serverfilters/backend.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** backend.php 9 Dec 2003 06:50:12 -0000 1.3
--- backend.php 9 Dec 2003 19:34:17 -0000 1.4
***************
*** 199,223 ****
}
- function qmail_virtual_domain_user($domain){
- $control = '/var/qmail/control';
- $vfile = "$control/virtualdomains";
- if (!file_exists($vfile) || !is_readable($vfile)){
- return false;
- }
- $fd = fopen($vfile, 'r');
- $contents = fread($fd, filesize($vfile));
- $contents = rtrim($contents);
- if (strlen($contents) > 0){
- $domuary = explode("\n", $contents);
- foreach ($domuary as $domu){
- list($dom,$user) = split(':', $domu);
- if ($dom == $domain) break;
- }
- if ($dom == $domain) return $user;
- else return false;
- } else {
- return false;
- }
- }
-
?>
--- 199,201 ----
Index: functions.php
===================================================================
RCS file: /cvsroot/serverfilters/functions.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** functions.php 9 Dec 2003 18:45:47 -0000 1.3
--- functions.php 9 Dec 2003 19:34:17 -0000 1.4
***************
*** 137,142 ****
// get the owner of a virtual domain
function my_virtual_domain_user($domain) {
! $vd_user = 'qmail_virtual_domain_user';
! return $vd_user($domain);
}
--- 137,158 ----
// get the owner of a virtual domain
function my_virtual_domain_user($domain) {
! $vfile = "../plugins/serversidefilter/virtualdomains";
! if (!file_exists($vfile) || !is_readable($vfile)){
! return false;
! }
! $fd = fopen($vfile, 'r');
! $contents = fread($fd, filesize($vfile));
! $contents = rtrim($contents);
! if (strlen($contents) > 0){
! $domuary = explode("\n", $contents);
! foreach ($domuary as $domu){
! list($dom,$user) = split(':', $domu);
! if ($dom == $domain) break;
! }
! if ($dom == $domain) return $user;
! else return false;
! } else {
! return false;
! }
}
Index: package
===================================================================
RCS file: /cvsroot/serverfilters/package,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** package 9 Dec 2003 19:01:27 -0000 1.4
--- package 9 Dec 2003 19:34:17 -0000 1.5
***************
*** 19,23 ****
cp config.php serversidefilter/config.php.sample
! cp setup.php options.php functions.php backend.php ChangeLog index.php README recipie_functions.php version serversidefilter/
cp images/*.gif serversidefilter/images
cp script/filtercmd.c serversidefilter/script/
--- 19,23 ----
cp config.php serversidefilter/config.php.sample
! cp setup.php options.php functions.php backend.php ChangeLog index.php README virtauldomains.sample recipie_functions.php version serversidefilter/
cp images/*.gif serversidefilter/images
cp script/filtercmd.c serversidefilter/script/
|
|
From: <jgs...@us...> - 2003-12-09 19:01:36
|
Update of /cvsroot/serverfilters/script
In directory sc8-pr-cvs1:/tmp/cvs-serv27200/script
Modified Files:
filtercmd.c
Log Message:
Changed package script to suppor the suid file
Index: filtercmd.c
===================================================================
RCS file: /cvsroot/serverfilters/script/filtercmd.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** filtercmd.c 9 Dec 2003 18:45:47 -0000 1.1
--- filtercmd.c 9 Dec 2003 19:01:28 -0000 1.2
***************
*** 105,109 ****
FILE *filter;
if(!(filter=fopen(filter_file,"r"))){
- echo "File not found";
return 7;
} else {
--- 105,108 ----
|
|
From: <jgs...@us...> - 2003-12-09 19:01:32
|
Update of /cvsroot/serverfilters In directory sc8-pr-cvs1:/tmp/cvs-serv27200 Modified Files: package Log Message: Changed package script to suppor the suid file |
|
From: <jgs...@us...> - 2003-12-09 18:45:51
|
Update of /cvsroot/serverfilters/script
In directory sc8-pr-cvs1:/tmp/cvs-serv22637/script
Added Files:
filtercmd.c
Removed Files:
getrc putrc rcexists
Log Message:
Changed setuid functions to use a C wrapper instead of sudo command.
--- NEW FILE: filtercmd.c ---
/*
how-to compile:
# gcc -o filtercmd filtercmd.c; chmod 4750 filtercmd; chown root:apache filtercmd
*/
#define STR_MAX 1024
#define MAXLEN 1024
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <pwd.h>
void eperror(register char *);
int rcexists(char *);
int getrc(char*, char*, uid_t, gid_t);
int putrc(char*, char*, char*);
int copy_file(char*, char*);
int main(int argc, char *argv[]){
/*
Developed by
Pedro L Orso - or...@on...
Changed by
Thiago Melo de Paula - th...@fa...
*/
int i, ok;
char cmd[STR_MAX];
char user[STR_MAX];
char filter_file[STR_MAX];
char temp_file[STR_MAX];
uid_t UID;
gid_t GID;
UID = getuid();
GID = getgid();
if((setuid(0)) < 0) eperror("setuid");
if((setgid(3)) < 0) eperror("setgid");
sprintf(cmd,"%s",argv[1]);
if(!strlen(cmd)){
printf("You forgot to provide a command.\n");
return 1;
} else {
if (!strcmp("getrc",cmd)) {
if (argc < 4) {
printf("Usage: filtercmd getrc filter_file temp_file\n");
return 2;
}
sprintf(filter_file, "%s", argv[2]);
sprintf(temp_file, "%s", argv[3]);
return getrc(filter_file, temp_file, UID, GID);
} else if (!strcmp("putrc", cmd)) {
if (argc < 5) {
printf("Usage: filtercmd putrc owner temp_file filter_file\n");
return 3;
}
sprintf(user, "%s", argv[2]);
if(!strcmp(user,"root") && !strcmp(user, "0")){
printf("The file cannot have root ownership for security reasons.\n");
return 6; //the root user cannot be edited for security reasons
}
sprintf(temp_file, "%s", argv[3]);
sprintf(filter_file, "%s", argv[4]);
return putrc(user, temp_file, filter_file);
} else if (!strcmp("rcexists",cmd)) {
if (argc < 3) {
printf("Usage: filtercmd rcexists filter_file\n");
return 4;
}
sprintf(filter_file, "%s", argv[2]);
return rcexists(filter_file);
} else if (argc > 1) {
printf("Invalid command specified.\n");
return 5;
} else {
printf("Usage: filtercmd [getrc|putrc|rcexists]\n");
return 7;
}
}
}
void eperror(s)
register char *s;
{
/*
Developed by
Pedro L Orso - or...@on...
Changed by
Thiago Melo de Paula - th...@fa...
*/
char str[50];
sprintf(str,"filtercmd - %s",s);
perror(str);
exit(1);
}
int rcexists(char* filter_file)
{
FILE *filter;
if(!(filter=fopen(filter_file,"r"))){
echo "File not found";
return 7;
} else {
fclose(filter);
return 0;
}
}
int getrc(char* filter_file, char* temp_file, uid_t UID, gid_t GID)
{
copy_file(filter_file, temp_file);
chown(temp_file, UID, GID);
return 0;
}
int putrc(char* user, char* temp_file, char* filter_file)
{
struct passwd* user_pass;
user_pass = getpwnam(user);
if (copy_file(temp_file, filter_file)) {
return 10;
}
chown(filter_file, user_pass->pw_uid, user_pass->pw_gid);
chmod(filter_file, (S_IRUSR|S_IWUSR));
unlink(temp_file);
return 0;
}
int copy_file(char* old_file, char* new_file)
{
FILE *infile, *outfile;
char buf[MAXLEN];
if (!(infile=fopen(old_file,"r"))) {
printf("Could not open %s", old_file);
return 8;
}
if (!(outfile=fopen(new_file,"w"))) {
printf("Could not open %s", new_file);
return 9;
}
while(fgets(buf,MAXLEN,infile)!=NULL){
fputs(buf, outfile);
}
fclose(outfile);
fclose(infile);
return 0;
}
--- getrc DELETED ---
--- putrc DELETED ---
--- rcexists DELETED ---
|
|
From: <jgs...@us...> - 2003-12-09 18:45:51
|
Update of /cvsroot/serverfilters
In directory sc8-pr-cvs1:/tmp/cvs-serv22637
Modified Files:
ChangeLog functions.php
Log Message:
Changed setuid functions to use a C wrapper instead of sudo command.
Index: functions.php
===================================================================
RCS file: /cvsroot/serverfilters/functions.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** functions.php 9 Dec 2003 06:50:12 -0000 1.2
--- functions.php 9 Dec 2003 18:45:47 -0000 1.3
***************
*** 30,34 ****
$localfile = "/tmp/$FILTERFILE.$username";
if (filter_exists($file)) {
! $command = escapeshellcmd("sudo ../plugins/serversidefilter/script/getrc $file $localfile");
system($command);
} else
--- 30,34 ----
$localfile = "/tmp/$FILTERFILE.$username";
if (filter_exists($file)) {
! $command = escapeshellcmd("../plugins/serversidefilter/script/filtercmd getrc $file $localfile");
system($command);
} else
***************
*** 45,49 ****
$file = "$path/$FILTERFILE";
! $command = escapeshellcmd("sudo ../plugins/serversidefilter/script/rcexists $file");
system($command, $exists);
if ($exists == 0) {
--- 45,49 ----
$file = "$path/$FILTERFILE";
! $command = escapeshellcmd("../plugins/serversidefilter/script/filtercmd rcexists $file");
system($command, $exists);
if ($exists == 0) {
***************
*** 69,73 ****
$user = $username;
! $command = escapeshellcmd("sudo ../plugins/serversidefilter/script/putrc $user $file $newfile");
system($command);
}
--- 69,73 ----
$user = $username;
! $command = escapeshellcmd("../plugins/serversidefilter/script/filtercmd putrc $user $file $newfile");
system($command);
}
|
|
From: <jgs...@us...> - 2003-12-09 07:12:18
|
Update of /cvsroot/serverfilters In directory sc8-pr-cvs1:/tmp/cvs-serv31607 Modified Files: config.php.sample package Removed Files: admin.php apache.conf Log Message: Index: package =================================================================== RCS file: /cvsroot/serverfilters/package,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** package 9 Dec 2003 06:54:33 -0000 1.2 --- package 9 Dec 2003 07:12:15 -0000 1.3 *************** *** 17,19 **** cd .. ! tar czvf serversidefilter-$VERSION.tar.gz `for file in \`ls serversidefilter/\` ; do if [ "$file" != "config.php" ] && [ "$file" != "package" ] ; then echo serversidefilter/$file; fi; done` --- 17,20 ---- cd .. ! tar czvf serversidefilter-$VERSION.tar.gz serversidefilter/config.php.sample serversidefilter/setup.php serversidefilter/options.php serversidefilter/functions.php serversidefilter/backend.php serversidefilter/ChangeLog serversidefilter/index.php serversidefilter/README serversidefilter/recipie_functions.php serversidefilter/version serversidefilter/script/putrc serversidefilter/script/getrc serversidefilter/script/rcexists serversidefilter/images/delete.gif serversidefilter/images/down.gif serversidefilter/images/save.gif serversidefilter/images/saveas.gif serversidefilter/images/up.gif ! --- admin.php DELETED --- --- apache.conf DELETED --- |
|
From: <jgs...@us...> - 2003-12-09 06:54:36
|
Update of /cvsroot/serverfilters In directory sc8-pr-cvs1:/tmp/cvs-serv29249 Modified Files: package Log Message: Modified package script |
