* libcfg/acl.c (getword): Bugfix.
* maidag/lmtp.c, maidag/maidag.c, maidag/maidag.h: Use ACLs. * pop3d/pop3d.c (pop3d_cfg_param): Add acl section.
Showing
6 changed files
with
51 additions
and
5 deletions
| 1 | 2007-12-15 Sergey Poznyakoff <gray@gnu.org.ua> | ||
| 2 | |||
| 3 | * libcfg/acl.c (getword): Bugfix. | ||
| 4 | * maidag/lmtp.c, maidag/maidag.c, maidag/maidag.h: Use ACLs. | ||
| 5 | * pop3d/pop3d.c (pop3d_cfg_param): Add acl section. | ||
| 6 | |||
| 1 | 2007-12-13 Sergey Poznyakoff <gray@gnu.org.ua> | 7 | 2007-12-13 Sergey Poznyakoff <gray@gnu.org.ua> |
| 2 | 8 | ||
| 3 | * examples/aclck.c, examples/addr.c, examples/base64.c, | 9 | * examples/aclck.c, examples/addr.c, examples/base64.c, | ... | ... |
| ... | @@ -47,7 +47,8 @@ getword (char **parg) | ... | @@ -47,7 +47,8 @@ getword (char **parg) |
| 47 | { | 47 | { |
| 48 | while (*arg && !ISSPACE (*arg)) | 48 | while (*arg && !ISSPACE (*arg)) |
| 49 | arg++; | 49 | arg++; |
| 50 | *arg++ = 0; | 50 | if (*arg) |
| 51 | *arg++ = 0; | ||
| 51 | } | 52 | } |
| 52 | *parg = arg; | 53 | *parg = arg; |
| 53 | return word; | 54 | return word; | ... | ... |
| ... | @@ -771,14 +771,41 @@ check_connection (int fd, all_addr_t *addr, socklen_t addrlen) | ... | @@ -771,14 +771,41 @@ check_connection (int fd, all_addr_t *addr, socklen_t addrlen) |
| 771 | break; | 771 | break; |
| 772 | 772 | ||
| 773 | case PF_INET: | 773 | case PF_INET: |
| 774 | if (maidag_acl) | ||
| 775 | { | ||
| 776 | mu_acl_result_t res; | ||
| 777 | int rc = mu_acl_check_sockaddr (maidag_acl, &addr->sa, addrlen, | ||
| 778 | &res); | ||
| 779 | if (rc) | ||
| 780 | { | ||
| 781 | mu_error (_("Access from %s blocked: cannot check ACLs: %s"), | ||
| 782 | inet_ntoa (addr->s_in.sin_addr), mu_strerror (rc)); | ||
| 783 | return 1; | ||
| 784 | } | ||
| 785 | switch (res) | ||
| 786 | { | ||
| 787 | case mu_acl_result_undefined: | ||
| 788 | mu_diag_output (MU_DIAG_INFO, | ||
| 789 | _("%s: undefined ACL result; access allowed"), | ||
| 790 | inet_ntoa (addr->s_in.sin_addr)); | ||
| 791 | break; | ||
| 792 | |||
| 793 | case mu_acl_result_accept: | ||
| 794 | break; | ||
| 795 | |||
| 796 | case mu_acl_result_deny: | ||
| 797 | mu_error (_("Access from %s blocked."), | ||
| 798 | inet_ntoa (addr->s_in.sin_addr)); | ||
| 799 | return 1; | ||
| 800 | } | ||
| 801 | } | ||
| 802 | |||
| 774 | if (!mu_tcpwrapper_access (fd)) | 803 | if (!mu_tcpwrapper_access (fd)) |
| 775 | { | 804 | { |
| 776 | mu_error (_("Access from %s blocked."), | 805 | mu_error (_("Access from %s blocked by tcp wrappers."), |
| 777 | inet_ntoa (addr->s_in.sin_addr)); | 806 | inet_ntoa (addr->s_in.sin_addr)); |
| 778 | return 1; | 807 | return 1; |
| 779 | } | 808 | } |
| 780 | mu_diag_output (MU_DIAG_INFO, _("connect from %s"), | ||
| 781 | inet_ntoa (addr->s_in.sin_addr)); | ||
| 782 | } | 809 | } |
| 783 | return 0; | 810 | return 0; |
| 784 | } | 811 | } | ... | ... |
| ... | @@ -47,6 +47,7 @@ int lmtp_mode; | ... | @@ -47,6 +47,7 @@ int lmtp_mode; |
| 47 | char *lmtp_url_string; | 47 | char *lmtp_url_string; |
| 48 | int reuse_lmtp_address = 1; | 48 | int reuse_lmtp_address = 1; |
| 49 | char *lmtp_group = "mail"; | 49 | char *lmtp_group = "mail"; |
| 50 | mu_acl_t maidag_acl; /* ACLs for LMTP mode */ | ||
| 50 | 51 | ||
| 51 | struct mu_gocs_daemon daemon_param = { | 52 | struct mu_gocs_daemon daemon_param = { |
| 52 | MODE_INTERACTIVE, /* Start in interactive (inetd) mode */ | 53 | MODE_INTERACTIVE, /* Start in interactive (inetd) mode */ |
| ... | @@ -290,6 +291,7 @@ struct mu_cfg_param maidag_cfg_param[] = { | ... | @@ -290,6 +291,7 @@ struct mu_cfg_param maidag_cfg_param[] = { |
| 290 | N_("url") }, | 291 | N_("url") }, |
| 291 | { "reuse-address", mu_cfg_bool, &reuse_lmtp_address, 0, NULL, | 292 | { "reuse-address", mu_cfg_bool, &reuse_lmtp_address, 0, NULL, |
| 292 | N_("Reuse existing address (LMTP mode). Default is \"yes\".") }, | 293 | N_("Reuse existing address (LMTP mode). Default is \"yes\".") }, |
| 294 | { "acl", mu_cfg_section, }, | ||
| 293 | TCP_WRAPPERS_CONFIG | 295 | TCP_WRAPPERS_CONFIG |
| 294 | { NULL } | 296 | { NULL } |
| 295 | }; | 297 | }; |
| ... | @@ -459,11 +461,12 @@ main (int argc, char *argv[]) | ... | @@ -459,11 +461,12 @@ main (int argc, char *argv[]) |
| 459 | mu_gocs_daemon = daemon_param; | 461 | mu_gocs_daemon = daemon_param; |
| 460 | 462 | ||
| 461 | mu_tcpwrapper_cfg_init (); | 463 | mu_tcpwrapper_cfg_init (); |
| 464 | mu_acl_cfg_init (); | ||
| 462 | 465 | ||
| 463 | /* Parse command line */ | 466 | /* Parse command line */ |
| 464 | mu_argp_init (program_version, NULL); | 467 | mu_argp_init (program_version, NULL); |
| 465 | if (mu_app_init (&argp, maidag_argp_capa, maidag_cfg_param, | 468 | if (mu_app_init (&argp, maidag_argp_capa, maidag_cfg_param, |
| 466 | argc, argv, 0, &arg_index, NULL)) | 469 | argc, argv, 0, &arg_index, &maidag_acl)) |
| 467 | exit (EX_CONFIG); | 470 | exit (EX_CONFIG); |
| 468 | 471 | ||
| 469 | current_uid = getuid (); | 472 | current_uid = getuid (); |
| ... | @@ -478,6 +481,12 @@ main (int argc, char *argv[]) | ... | @@ -478,6 +481,12 @@ main (int argc, char *argv[]) |
| 478 | openlog ("maidag", LOG_PID, log_facility); | 481 | openlog ("maidag", LOG_PID, log_facility); |
| 479 | mu_diag_get_debug (&debug); | 482 | mu_diag_get_debug (&debug); |
| 480 | mu_debug_set_print (debug, mu_diag_syslog_printer, NULL); | 483 | mu_debug_set_print (debug, mu_diag_syslog_printer, NULL); |
| 484 | /* FIXME: this should be done automatically by cfg */ | ||
| 485 | if (maidag_acl) | ||
| 486 | { | ||
| 487 | mu_acl_get_debug (maidag_acl, &debug); | ||
| 488 | mu_debug_set_print (debug, mu_debug_syslog_printer, NULL); | ||
| 489 | } | ||
| 481 | } | 490 | } |
| 482 | 491 | ||
| 483 | argc -= arg_index; | 492 | argc -= arg_index; | ... | ... |
| ... | @@ -83,6 +83,7 @@ | ... | @@ -83,6 +83,7 @@ |
| 83 | #include <mailutils/libsieve.h> | 83 | #include <mailutils/libsieve.h> |
| 84 | #include <mailutils/nls.h> | 84 | #include <mailutils/nls.h> |
| 85 | #include <mailutils/daemon.h> | 85 | #include <mailutils/daemon.h> |
| 86 | #include <mailutils/acl.h> | ||
| 86 | 87 | ||
| 87 | #include <mu_dbm.h> | 88 | #include <mu_dbm.h> |
| 88 | #include <mu_asprintf.h> | 89 | #include <mu_asprintf.h> |
| ... | @@ -123,6 +124,7 @@ extern int lmtp_mode; | ... | @@ -123,6 +124,7 @@ extern int lmtp_mode; |
| 123 | extern char *lmtp_url_string; | 124 | extern char *lmtp_url_string; |
| 124 | extern int reuse_lmtp_address; | 125 | extern int reuse_lmtp_address; |
| 125 | extern char *lmtp_group; | 126 | extern char *lmtp_group; |
| 127 | extern mu_acl_t maidag_acl; | ||
| 126 | 128 | ||
| 127 | void close_fds (void); | 129 | void close_fds (void); |
| 128 | int switch_user_id (struct mu_auth_data *auth, int user); | 130 | int switch_user_id (struct mu_auth_data *auth, int user); | ... | ... |
| ... | @@ -161,6 +161,7 @@ static struct mu_cfg_param pop3d_cfg_param[] = { | ... | @@ -161,6 +161,7 @@ static struct mu_cfg_param pop3d_cfg_param[] = { |
| 161 | N_("Set the bulletin database file name."), | 161 | N_("Set the bulletin database file name."), |
| 162 | N_("file") }, | 162 | N_("file") }, |
| 163 | #endif | 163 | #endif |
| 164 | { "acl", mu_cfg_section, }, | ||
| 164 | TCP_WRAPPERS_CONFIG | 165 | TCP_WRAPPERS_CONFIG |
| 165 | { NULL } | 166 | { NULL } |
| 166 | }; | 167 | }; | ... | ... |
-
Please register or sign in to post a comment