Commit 1c33c145 authored by Sam Varshavchik's avatar Sam Varshavchik

couriertls: Add -user option.

Additional fixes to imap/pop3 startup scripts to have couriertls drop
root privileges.
parent 7b817f92
......@@ -2,6 +2,7 @@
/INSTALL.html
/INSTALL.txt
/NEWS
/authconfig
/config.cache
/courier-imap.spec
/couriertcpd
......
authmailuser=@authmailuser@
authmailgroup=@authmailgroup@
......@@ -4,7 +4,7 @@ dnl Copyright 1998 - 2016 Double Precision, Inc. See COPYING for
dnl distribution information.
AC_PREREQ(2.59)
AC_INIT(courier-imap, 4.18.2.20180622, [courier-imap@lists.sourceforge.net])
AC_INIT(courier-imap, 4.18.2.20180628, [courier-imap@lists.sourceforge.net])
AC_CONFIG_SRCDIR(libs/imap/imapd.c)
AC_CONFIG_HEADERS(config.h)
AM_INIT_AUTOMAKE
......@@ -273,6 +273,7 @@ AC_ARG_WITH(certsdir, [ --with-certsdir Directory where certs are created ],
AC_CONFIG_FILES(Makefile dbobj.h dbobj.config imapd.rc imapd-ssl.rc
pop3d.rc pop3d-ssl.rc makeimapaccess
authconfig
courier-imap.spec
INSTALL.html
packaging/suse/courier-imap.init
......
......@@ -15,7 +15,7 @@
%define courier_release .suse%{suse_version}
%else
%if %is_not_mandrake
%define courier_release %(release="`rpm -q --queryformat='.%{VERSION}' redhat-release 2>/dev/null`" ; if test $? != 0 ; then release="`rpm -q --queryformat='.%{VERSION}' fedora-release 2>/dev/null`" ; if test $? != 0 ; then release="" ; fi ; fi ; echo "$release")
%define courier_release %(release="`rpm -q --queryformat='.%''{VERSION}' redhat-release 2>/dev/null`" ; if test $? != 0 ; then release="`rpm -q --queryformat='.%''{VERSION}' fedora-release 2>/dev/null`" ; if test $? != 0 ; then release="" ; fi ; fi ; echo "$release")
%else
%define courier_release mdk
%endif
......@@ -288,6 +288,9 @@ touch $RPM_BUILD_ROOT%{_localstatedir}/pop3d-ssl.pid
touch $RPM_BUILD_ROOT%{_localstatedir}/pop3d.pid.lock
touch $RPM_BUILD_ROOT%{_localstatedir}/pop3d-ssl.pid.lock
. ./authconfig
echo "%attr(600, $authmailuser, $authmailgroup) %{_datadir}/dhparams.pem.dist" >filelist
%post
%if %using_systemd
if test -f %{initdir}/courier-imap
......@@ -308,11 +311,23 @@ fi
/sbin/chkconfig --add courier-imap
%{_datadir}/sysconftool `%{__cat} %{_datadir}/configlist` >/dev/null
%endif
# Fix up permissions
chown --reference=%{_datadir}/dhparams.pem.dist %{_datadir}/dhparams.pem
for f in %{_datadir}/imapd.pem %{_datadir}/pop3d.pem
do
if test -f "$f"
then
chown --reference=%{_datadir}/dhparams.pem.dist "$f"
fi
done
%preun
%if %using_systemd
if test "$1" = "0"
then
rm -f %{_localstatedir}/couriersslcache
rm -f %{_localstatedir}/couriersslpop3cache
rm -f %{_localstatedir}/couriersslimapcache
fi
%systemd_preun courier-imap.service
%else
......@@ -332,7 +347,7 @@ fi
%systemd_postun_with_restart courier-imap.service
%endif
%files
%files -f filelist
%defattr(-, bin, bin)
/etc/cron.monthly/*
%attr(644, root, root) %config(noreplace) %{pamconfdir}/imap
......@@ -370,7 +385,6 @@ fi
%{_datadir}/configlist
%{_datadir}/mk*
%{_datadir}/sysconftool
%attr(600, root, root) %{_datadir}/dhparams.pem.dist
%doc NEWS AUTHORS COPYING libs/imap/BUGS README README.imap README.maildirquota
%doc README.sharedfolders
......
......@@ -59,6 +59,7 @@ start)
-access=$IMAPACCESSFILE.dat \
$TCPDOPTS \
$SSLPORT $COURIERTLS -server -tcpd \
-user=@authmailuser@ \
@sbindir@/imaplogin \
@bindir@/imapd ${MAILDIRPATH}"
;;
......
......@@ -29,7 +29,11 @@ case $1 in
start)
if test "$TLS_CACHEFILE" != ""
then
rm -f $TLS_CACHEFILE
rm -f "$TLS_CACHEFILE"
touch "$TLS_CACHEFILE"
chown @authmailuser@ "$TLS_CACHEFILE"
chgrp @authmailgroup@ "$TLS_CACHEFILE"
chmod 600 "$TLS_CACHEFILE"
fi
if test ! -f "${IMAPACCESSFILE}.dat"
......
......@@ -53,6 +53,7 @@ start)
-maxprocs=$MAXDAEMONS -maxperip=$MAXPERIP \
$TCPDOPTS \
$SSLPORT $COURIERTLS -server -tcpd \
-user=@authmailuser@ \
@sbindir@/pop3login \
@bindir@/pop3d ${MAILDIRPATH}"
;;
......
......@@ -26,6 +26,15 @@ fi
case $1 in
start)
if test "$TLS_CACHEFILE" != ""
then
rm -f "$TLS_CACHEFILE"
touch "$TLS_CACHEFILE"
chown @authmailuser@ "$TLS_CACHEFILE"
chgrp @authmailgroup@ "$TLS_CACHEFILE"
chmod 600 "$TLS_CACHEFILE"
fi
@SETENV@ -i @SHELL@ -c " set -a ;
prefix=@prefix@ ;
exec_prefix=@exec_prefix@ ;
......
2018-06-28 Sam Varshavchik <mrsam@courier-mta.com>
* libs/tcpd/starttls.c (main): Add -user option. Additional fixes
to imap/pop3 startup scripts to have couriertls drop root privileges.
2018-06-25 Sam Varshavchik <mrsam@courier-mta.com>
* rfc2045/reformime.c (main2): fix crash if -x or -X is specified
without the corresponding -s option.
2018-06-21 Sam Varshavchik <mrsam@courier-mta.com>
* libs/tcpd/tlsclient.h: add username option, used in couriertls_start
......
......@@ -5,7 +5,7 @@ dnl distribution information.
AC_PREREQ(2.59)
AC_INIT(courier, 0.78.2.20180622, [courier-users@lists.sourceforge.net])
AC_INIT(courier, 0.78.2.20180628, [courier-users@lists.sourceforge.net])
version=$PACKAGE_VERSION
AC_CONFIG_SRCDIR(courier/courier.c)
AM_INIT_AUTOMAKE
......
......@@ -58,6 +58,7 @@ start)
-access=$IMAPACCESSFILE.dat \
$TCPDOPTS \
$SSLPORT $COURIERTLS -server -tcpd \
-user=@mailuser@ \
@libexecdir@/courier/imaplogin \
@bindir@/imapd ${MAILDIRPATH}"
;;
......
......@@ -26,6 +26,15 @@ fi
case $1 in
start)
if test "$TLS_CACHEFILE" != ""
then
rm -f "$TLS_CACHEFILE"
touch "$TLS_CACHEFILE"
chown @authmailuser@ "$TLS_CACHEFILE"
chgrp @authmailgroup@ "$TLS_CACHEFILE"
chmod 600 "$TLS_CACHEFILE"
fi
umask $IMAP_UMASK
if test ! -f "${IMAPACCESSFILE}.dat"
then
......
......@@ -55,6 +55,7 @@ start)
-maxprocs=$MAXDAEMONS -maxperip=$MAXPERIP \
$TCPDOPTS \
$SSLPORT $COURIERTLS -server -tcpd \
-user=@mailuser@ \
$libexecdir/courier/courierpop3login \
$libexecdir/courier/courierpop3d ${MAILDIRPATH}"
;;
......
......@@ -54,6 +54,15 @@ esac
cd @prefix@
if test "$TLS_CACHEFILE" != ""
then
rm -f "$TLS_CACHEFILE"
touch "$TLS_CACHEFILE"
chown @authmailuser@ "$TLS_CACHEFILE"
chgrp @authmailgroup@ "$TLS_CACHEFILE"
chmod 600 "$TLS_CACHEFILE"
fi
@SETENV@ -i @SHELL@ -c " set -a; \
prefix=@prefix@ ; \
exec_prefix=@exec_prefix@ ; \
......
2018-06-25 Sam Varshavchik <mrsam@courier-mta.com>
* rfc2045/reformime.c (main2): fix crash if -x or -X is specified
without the corresponding -s option.
2018-02-16 Sam Varshavchik <mrsam@courier-mta.com>
* libs/maildrop/search.C: ":H" pattern matching option, matching
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment