Mercurial > dnsbl

diff src/dnsbl.cpp @ 42:afcf403709ef
updates for 3.2, try to drop root privileges
author: carl
date: Mon, 05 Jul 2004 13:09:44 -0700
parents: d95af8129dfa
children: acbe44bbba22
--- a/src/dnsbl.cpp	Mon Jul 05 10:52:02 2004 -0700
+++ b/src/dnsbl.cpp	Mon Jul 05 13:09:44 2004 -0700
@@ -43,6 +43,7 @@
 #include <netinet/tcp.h>
 #include <netdb.h>
 #include <sys/socket.h>
+#include <sys/un.h>
 
 // needed for thread
 #include <pthread.h>
@@ -61,6 +62,7 @@
 #include <ctype.h>
 #include <fstream>
 #include <syslog.h>
+#include <pwd.h>
 
 static char* dnsbl_version="$Id$";
 
@@ -306,7 +308,7 @@
 static void my_syslog(mlfiPriv *priv, char *text) {
     char buf[1000];
     if (priv) {
-        snprintf(buf, sizeof(buf), "%s %s", priv->queueid, text);
+        snprintf(buf, sizeof(buf), "%s: %s", priv->queueid, text);
         text = buf;
     }
     pthread_mutex_lock(&syslog_mutex);
@@ -689,7 +691,7 @@
     status st = oksofar;
     mlfiPriv &priv = *MLFIPRIV;
     CONFIG &dc = *priv.pc;
-    if (!priv.queueid) priv.queueid = strdup(smfi_getsymval(ctx, "i");
+    if (!priv.queueid) priv.queueid = strdup(smfi_getsymval(ctx, "i"));
     char *rcptaddr = rcpt[0];
     char *dnsname  = lookup(rcptaddr, dc.env_to_dnsbll);
     char *fromname = lookup(rcptaddr, dc.env_to_chkfrom);
@@ -1283,6 +1285,20 @@
 }
 
 
+
+static void setup_socket(char *sock);
+static void setup_socket(char *sock) {
+    unlink(sock);
+    sockaddr_un addr;
+    memset(&addr, '\0', sizeof addr);
+    addr.sun_family = AF_UNIX;
+    strncpy(addr.sun_path, sock, sizeof(addr.sun_path)-1);
+    int s = socket(AF_UNIX, SOCK_STREAM, 0);
+    bind(s, (sockaddr*)&addr, sizeof(addr));
+    close(s);
+}
+
+
 int main(int argc, char**argv)
 {
     bool check   = false;
@@ -1304,8 +1320,8 @@
                     exit(EX_SOFTWARE);
                 }
 
-                     if (strncasecmp(optarg, "unix:", 5) == 0)  unlink(optarg + 5);
-                else if (strncasecmp(optarg, "local:", 6) == 0) unlink(optarg + 6);
+                     if (strncasecmp(optarg, "unix:", 5) == 0)  setup_socket(optarg + 5);
+                else if (strncasecmp(optarg, "local:", 6) == 0) setup_socket(optarg + 6);
                 setconn = true;
                 break;
 
@@ -1394,6 +1410,15 @@
         fclose(f);
     }
 
+
+    // drop root privs
+    struct passwd *pw = getpwnam("dnsbl");
+    if (pw) {
+        if (setuid(pw->pw_uid) == -1) {
+            my_syslog("failed to switch to user dnsbl");
+        }
+    }
+
     time_t starting = time(NULL);
     int rc = smfi_main();
     if ((rc != MI_SUCCESS) && (time(NULL) > starting+5*60)) {
author	carl
date	Mon, 05 Jul 2004 13:09:44 -0700
parents	d95af8129dfa
children	acbe44bbba22