Hi all,
I noticed a conversation on the recent thread releasing 2.1.26, but
wanted to start a new thread that'll hopefully stay on-topic.
Because the mailman configure requires the user and group to exist prior
to running, as well as hard coding the actual values once run, it
becomes very hard for porters/packagers when trying to support multiple
mail servers and their respective user/group configurations (sendmail,
postfix, exim, openstmpd, etc); and additionally the various web
servers. Either we have to create a package for every combination or
come up with another solution.
What I did for the OpenBSD ports tree was to rewrite check_caller() in
src/common.c (with src/common.h addition). It allows one to set the
username, groupname, cgi-gid and mail-gid all via configure without
these having to be setup beforehand. From the log message:
- Rewrite src/common.c:check_caller() for the cgi/mail wrapper to now
look at the defined group membership instead, _mailmanq (a new group).
This allows the administrator to switch mail servers and web servers
without requiring a FLAVOR for each combination; but rather, by simply
adding the cgi/mail user to the _mailmanq group. This is a diversion
from upstream, but will be proposed. At least sthen@ and dlg@ agree to
go in this general direction.
Here as well:
https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/mail/mailman/patches/patch-src_common_c
https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/mail/mailman/patches/patch-src_common_h
In the OpenBSD ports tree, configure is now run with:
--with-username=_mailman \
--with-groupname=_mailman \
--with-cgi-gid=_mailmanq \
--with-mail-gid=_mailmanq
and the admin can change/migrate mail servers as well as web servers by
just mucking with group memberships; no need to rebuild - allows mailman
to be packaged basically.
I realize now I never sent this upstream, so better late than never :)
Inline patch to src/common.[ch] to follow, hopefully in the same style
as the original.
Considerations, thoughts?
Thanks,
Okan
$OpenBSD: patch-src_common_h,v 1.1 2016/04/22 16:42:14 okan Exp $
--- src/common.h.orig Sun Mar 20 13:48:18 2016
+++ src/common.h Sun Mar 20 13:53:00 2016
@@ -27,6 +27,7 @@
#include <errno.h>
#include <sys/types.h>
#include <grp.h>
+#include <pwd.h>
#include <unistd.h>
/* GETGROUPS_T gets set in the makefile by configure */
@@ -52,6 +53,7 @@ extern const char* logident;
#define MAIL_ILLEGAL_COMMAND 6
#define ADDALIAS_USAGE_ERROR 7
#define GROUP_NAME_NOT_FOUND 8
+#define USER_NAME_NOT_FOUND 9
�
/*
$OpenBSD: patch-src_common_c,v 1.1 2016/04/22 16:42:14 okan Exp $
--- src/common.c.orig Sun Feb 28 15:47:44 2016
+++ src/common.c Sun Mar 20 16:22:35 2016
@@ -119,45 +119,39 @@ fatal(const char* ident, int exitcode, char* format, .
void
check_caller(const char* ident, const char* parentgroup)
{
- GID_T mygid = getgid();
- struct group *mygroup = getgrgid(mygid);
- char* option;
- char* server;
+ struct passwd *pw;
+ struct group *gr;
+ char **g;
+ int ok = 0;
char* wrapper;
- if (running_as_cgi) {
- option = "--with-cgi-gid";
- server = "web";
- wrapper = "CGI";
- }
- else {
- option = "--with-mail-gid";
- server = "mail";
- wrapper = "mail";
- }
+ pw = getpwuid(getuid());
+ if (pw == NULL)
+ fatal(ident, USER_NAME_NOT_FOUND,
+ "Failure to find username");
- if (!mygroup)
- fatal(ident, GROUP_NAME_NOT_FOUND,
- "Failure to find group name for GID %d. Mailman\n"
- "expected the %s wrapper to be executed as group\n"
- "\"%s\", but the system's %s server executed the\n"
- "wrapper as GID %d for which the name could not be\n"
- "found. Try adding GID %d to your system as \"%s\",\n"
- "or tweak your %s server to run the wrapper as group\n"
- "\"%s\".",
- mygid, wrapper, parentgroup, server, mygid, mygid,
- parentgroup, server, parentgroup);
+ gr = getgrnam(parentgroup);
+ if (gr == NULL)
+ fatal(ident, GROUP_NAME_NOT_FOUND,
+ "Failure to find \"%s\" group", parentgroup);
- if (strcmp(parentgroup, mygroup->gr_name))
- fatal(ident, GROUP_MISMATCH,
- "Group mismatch error. Mailman expected the %s\n"
- "wrapper script to be executed as group \"%s\", but\n"
- "the system's %s server executed the %s script as\n"
- "group \"%s\". Try tweaking the %s server to run the\n"
- "script as group \"%s\", or re-run configure, \n"
- "providing the command line option `%s=%s'.",
- wrapper, parentgroup, server, wrapper, mygroup->gr_name,
- server, parentgroup, option, mygroup->gr_name);
+ for (g = gr->gr_mem; *g; g++) {
+ if (strcmp(pw->pw_name, *g) == 0) {
+ ok = 1;
+ break;
+ }
+ }
+
+ if (running_as_cgi)
+ wrapper = "CGI";
+ else
+ wrapper = "mail";
+
+ if (ok == 0)
+ fatal(ident, GROUP_MISMATCH,
+ "Group mismatch error. Mailman expected the %s\n"
+ "wrapper script to be executed by a member of\n"
+ "\"%s\" group.", wrapper, parentgroup);
}
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9
