Commit 7b817f92 authored by Sam Varshavchik's avatar Sam Varshavchik

Add option to drop root when starting couriertls for imap/pop3.

parent 3b60458e
......@@ -4,7 +4,7 @@ dnl Copyright 1998 - 2016 Double Precision, Inc. See COPYING for
dnl distribution information.
AC_PREREQ(2.59)
AC_INIT(courier-imap, 4.18.2.20180428, [courier-imap@lists.sourceforge.net])
AC_INIT(courier-imap, 4.18.2.20180622, [courier-imap@lists.sourceforge.net])
AC_CONFIG_SRCDIR(libs/imap/imapd.c)
AC_CONFIG_HEADERS(config.h)
AM_INIT_AUTOMAKE
......@@ -215,8 +215,10 @@ AC_SUBST(userdb)
AC_ARG_WITH(makedatprog, [], ,
ac_configure_args="$ac_configure_args --with-makedatprog='${libexecdir}/makedatprog'")
AC_ARG_WITH(mailuser, [], , ac_configure_args="$ac_configure_args --with-mailuser=root")
AC_ARG_WITH(mailuser, [], , ac_configure_args="$ac_configure_args --with-mailuser=$authmailuser")
AC_ARG_WITH(mailgroup, [], , ac_configure_args="$ac_configure_args --with-mailgroup=$authmailgroup")
AC_SUBST(authmailuser)
AC_SUBST(authmailgroup)
AC_CONFIG_SUBDIRS(libs/numlib libs/bdbobj libs/gdbmobj libs/soxwrap
libs/rfc822 libs/rfc1035 libs/rfc2045
......
......@@ -29,14 +29,19 @@ case $1 in
start)
if test "$TLS_CACHEFILE" != ""
then
rm -f $TLS_CACHEFILE
rm -f "$TLS_CACHEFILE"
touch "$TLS_CACHEFILE"
chown @authmailuser@ "$TLS_CACHEFILE"
chgrp @authmailgroup@ "$TLS_CACHEFILE"
chmod 600 "$TLS_CACHEFILE"
fi
umask $IMAP_UMASK
if test ! -f "${IMAPACCESSFILE}.dat"
then
@bindir@/makeimapaccess
fi
umask $IMAP_UMASK
@ULIMIT@ $IMAP_ULIMITD
@SETENV@ -i @SHELL@ -c " set -a ;
prefix=@prefix@ ;
......
......@@ -27,6 +27,15 @@ fi
case $1 in
start)
if test "$TLS_CACHEFILE" != ""
then
rm -f "$TLS_CACHEFILE"
touch "$TLS_CACHEFILE"
chown @authmailuser@ "$TLS_CACHEFILE"
chgrp @authmailgroup@ "$TLS_CACHEFILE"
chmod 600 "$TLS_CACHEFILE"
fi
@SETENV@ -i @SHELL@ -c " set -a ;
prefix=@prefix@ ;
exec_prefix=@exec_prefix@ ;
......
2018-06-21 Sam Varshavchik <mrsam@courier-mta.com>
* libs/tcpd/tlsclient.h: add username option, used in couriertls_start
to set the child process's uid and gid.
* libs/imap/imaplogin.c (starttls): Set username option for couriertls
* libs/imap/pop3login.c (starttls): Set username option for couriertls
* imapd-ssl.dist, pop3d-ssl.dist: Use separate imap and pop3 session
cache files. Startup script: remove/set ownership and permsission
on the imap and pop3 session cache files.
2018-06-10 Sam Varshavchik <mrsam@courier-mta.com>
* courier/filters/libfilter/libfilter.c: Use argv[0] to determine
......
......@@ -5,7 +5,7 @@ dnl distribution information.
AC_PREREQ(2.59)
AC_INIT(courier, 0.78.2.20180610, [courier-users@lists.sourceforge.net])
AC_INIT(courier, 0.78.2.20180622, [courier-users@lists.sourceforge.net])
version=$PACKAGE_VERSION
AC_CONFIG_SRCDIR(courier/courier.c)
AM_INIT_AUTOMAKE
......
......@@ -368,6 +368,9 @@ ESMTP_PREFER_IPV6_MX=1
# This setting must be set when Courier uses a smarthost that requires
# SMTP SSL certificates for authentication and relaying privileges.
#
# TLS_CERTFILE must be owned by the "@mailuser@" user, and must not be
# world-readable.
#
# TLS_CERTFILE=
......
......@@ -27,6 +27,15 @@ fi
case $1 in
start)
if test "$TLS_CACHEFILE" != ""
then
rm -f "$TLS_CACHEFILE"
touch "$TLS_CACHEFILE"
chown @mailuser@ "$TLS_CACHEFILE"
chgrp @mailgroup@ "$TLS_CACHEFILE"
chmod 600 "$TLS_CACHEFILE"
fi
umask $IMAP_UMASK
if test ! -f "${IMAPACCESSFILE}.dat"
then
......
......@@ -209,10 +209,8 @@ COURIERTLS=@bindir@/couriertls
##NAME: TLS_CERTFILE:0
#
# TLS_CERTFILE - certificate to use. TLS_CERTFILE is required for SSL/TLS
# servers, and is optional for SSL/TLS clients. TLS_CERTFILE is usually
# treated as confidential, and must not be world-readable. Set TLS_CERTFILE
# instead of TLS_DHCERTFILE if this is a garden-variety certificate
# TLS_CERTFILE - certificate to use. TLS_CERTFILE must be owned
# by the "@mailuser@" user, and must not be world-readable.
#
# VIRTUAL HOSTS ON THE SAME IP ADDRESS.
#
......
......@@ -28,6 +28,14 @@ fi
case $1 in
start)
if test "$TLS_CACHEFILE" != ""
then
rm -f "$TLS_CACHEFILE"
touch "$TLS_CACHEFILE"
chown @mailuser@ "$TLS_CACHEFILE"
chgrp @mailgroup@ "$TLS_CACHEFILE"
chmod 600 "$TLS_CACHEFILE"
fi
exec @SETENV@ -i PATH="$PATH" SHELL="$SHELL" \
@SHELL@ -c " set -a ; \
prefix=@prefix@ ; \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment