Mercurial > dnsbl

comparison src/dnsbl.cpp @ 42:afcf403709ef

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
updates for 3.2, try to drop root privileges
author carl
date Mon, 05 Jul 2004 13:09:44 -0700
parents d95af8129dfa
children acbe44bbba22
comparison
equal deleted inserted replaced
41:d95af8129dfa 42:afcf403709ef
41 #include <arpa/inet.h> 41 #include <arpa/inet.h>
42 #include <netinet/in.h> 42 #include <netinet/in.h>
43 #include <netinet/tcp.h> 43 #include <netinet/tcp.h>
44 #include <netdb.h> 44 #include <netdb.h>
45 #include <sys/socket.h> 45 #include <sys/socket.h>
46 #include <sys/un.h>
46 47
47 // needed for thread 48 // needed for thread
48 #include <pthread.h> 49 #include <pthread.h>
49 50
50 // needed for std c++ collections 51 // needed for std c++ collections
59 60
60 // misc stuff needed here 61 // misc stuff needed here
61 #include <ctype.h> 62 #include <ctype.h>
62 #include <fstream> 63 #include <fstream>
63 #include <syslog.h> 64 #include <syslog.h>
65 #include <pwd.h>
64 66
65 static char* dnsbl_version="$Id$"; 67 static char* dnsbl_version="$Id$";
66 68
67 #define DEFAULT "default" 69 #define DEFAULT "default"
68 #define WHITE "white" 70 #define WHITE "white"
304 // syslog a message 306 // syslog a message
305 // 307 //
306 static void my_syslog(mlfiPriv *priv, char *text) { 308 static void my_syslog(mlfiPriv *priv, char *text) {
307 char buf[1000]; 309 char buf[1000];
308 if (priv) { 310 if (priv) {
309 snprintf(buf, sizeof(buf), "%s %s", priv->queueid, text); 311 snprintf(buf, sizeof(buf), "%s: %s", priv->queueid, text);
310 text = buf; 312 text = buf;
311 } 313 }
312 pthread_mutex_lock(&syslog_mutex); 314 pthread_mutex_lock(&syslog_mutex);
313 openlog("dnsbl", LOG_PID, LOG_MAIL); 315 openlog("dnsbl", LOG_PID, LOG_MAIL);
314 syslog(LOG_NOTICE, "%s", text); 316 syslog(LOG_NOTICE, "%s", text);
687 { 689 {
688 DNSBLP rejectlist = NULL; // list that caused the reject 690 DNSBLP rejectlist = NULL; // list that caused the reject
689 status st = oksofar; 691 status st = oksofar;
690 mlfiPriv &priv = *MLFIPRIV; 692 mlfiPriv &priv = *MLFIPRIV;
691 CONFIG &dc = *priv.pc; 693 CONFIG &dc = *priv.pc;
692 if (!priv.queueid) priv.queueid = strdup(smfi_getsymval(ctx, "i"); 694 if (!priv.queueid) priv.queueid = strdup(smfi_getsymval(ctx, "i"));
693 char *rcptaddr = rcpt[0]; 695 char *rcptaddr = rcpt[0];
694 char *dnsname = lookup(rcptaddr, dc.env_to_dnsbll); 696 char *dnsname = lookup(rcptaddr, dc.env_to_dnsbll);
695 char *fromname = lookup(rcptaddr, dc.env_to_chkfrom); 697 char *fromname = lookup(rcptaddr, dc.env_to_chkfrom);
696 if ((strcmp(dnsname, BLACK) == 0) || 698 if ((strcmp(dnsname, BLACK) == 0) ||
697 (strcmp(fromname, BLACK) == 0)) { 699 (strcmp(fromname, BLACK) == 0)) {
1281 fprintf(stderr, "-c will load and dump the config to stdout\n"); 1283 fprintf(stderr, "-c will load and dump the config to stdout\n");
1282 fprintf(stderr, "-d will add some syslog debug messages\n"); 1284 fprintf(stderr, "-d will add some syslog debug messages\n");
1283 } 1285 }
1284 1286
1285 1287
1288
1289 static void setup_socket(char *sock);
1290 static void setup_socket(char *sock) {
1291 unlink(sock);
1292 sockaddr_un addr;
1293 memset(&addr, '\0', sizeof addr);
1294 addr.sun_family = AF_UNIX;
1295 strncpy(addr.sun_path, sock, sizeof(addr.sun_path)-1);
1296 int s = socket(AF_UNIX, SOCK_STREAM, 0);
1297 bind(s, (sockaddr*)&addr, sizeof(addr));
1298 close(s);
1299 }
1300
1301
1286 int main(int argc, char**argv) 1302 int main(int argc, char**argv)
1287 { 1303 {
1288 bool check = false; 1304 bool check = false;
1289 bool setconn = false; 1305 bool setconn = false;
1290 int c; 1306 int c;
1302 if (smfi_setconn(optarg) == MI_FAILURE) { 1318 if (smfi_setconn(optarg) == MI_FAILURE) {
1303 fprintf(stderr, "smfi_setconn failed\n"); 1319 fprintf(stderr, "smfi_setconn failed\n");
1304 exit(EX_SOFTWARE); 1320 exit(EX_SOFTWARE);
1305 } 1321 }
1306 1322
1307 if (strncasecmp(optarg, "unix:", 5) == 0) unlink(optarg + 5); 1323 if (strncasecmp(optarg, "unix:", 5) == 0) setup_socket(optarg + 5);
1308 else if (strncasecmp(optarg, "local:", 6) == 0) unlink(optarg + 6); 1324 else if (strncasecmp(optarg, "local:", 6) == 0) setup_socket(optarg + 6);
1309 setconn = true; 1325 setconn = true;
1310 break; 1326 break;
1311 1327
1312 case 't': 1328 case 't':
1313 if (optarg == NULL || *optarg == '\0') { 1329 if (optarg == NULL || *optarg == '\0') {
1392 fprintf(f, "%d\n", (u_int)getpid()); 1408 fprintf(f, "%d\n", (u_int)getpid());
1393 #endif 1409 #endif
1394 fclose(f); 1410 fclose(f);
1395 } 1411 }
1396 1412
1413
1414 // drop root privs
1415 struct passwd *pw = getpwnam("dnsbl");
1416 if (pw) {
1417 if (setuid(pw->pw_uid) == -1) {
1418 my_syslog("failed to switch to user dnsbl");
1419 }
1420 }
1421
1397 time_t starting = time(NULL); 1422 time_t starting = time(NULL);
1398 int rc = smfi_main(); 1423 int rc = smfi_main();
1399 if ((rc != MI_SUCCESS) && (time(NULL) > starting+5*60)) { 1424 if ((rc != MI_SUCCESS) && (time(NULL) > starting+5*60)) {
1400 my_syslog("trying to restart after smfi_main()"); 1425 my_syslog("trying to restart after smfi_main()");
1401 loader_run = false; // eventually the config loader thread will terminate 1426 loader_run = false; // eventually the config loader thread will terminate