/*}}}*/
};
static int
usage (const char *pgm) /*{{{*/
{
fprintf (stderr, "Usage: %s [-L <loglevel>] [-s <socket name>] [-s <reread in seconds>] [-c <config filename>] [-l]\n", pgm);
return 1;
}/*}}}*/
int
main (int argc, char **argv) /*{{{*/
{
int rc;
char *ptr;
char *sock_name;
int reread;
int n;
lock_t *lock;
if (ptr = strrchr (argv[0], '/'))
program = ptr + 1;
else
program = argv[0];
loglevel = "WARNING";
sock_name = NULL;
reread = 0;
cfgfile = NULL;
while ((n = getopt (argc, argv, "L:s:r:c:l")) != -1)
switch (n) {
case 'L':
loglevel = optarg;
break;
case 's':
if (sock_name)
free (sock_name);
if (! (sock_name = strdup (optarg))) {
fprintf (stderr, "Failed to allocate memory for socket name %s (%m).\n", optarg);
return 1;
}
break;
case 'r':
if ((reread = atoi (optarg)) < 1) {
fprintf (stderr, "Reread value must be at least 1.\n");
return 1;
}
break;
case 'c':
if (cfgfile)
free (cfgfile);
if (! (cfgfile = strdup (optarg))) {
fprintf (stderr, "Failed to allocate memory for config.filename %s (%m).\n", optarg);
return 1;
}
break;
case 'l':
break;
default:
return usage (argv[0]);
}
if (optind < argc)
return usage (argv[0]);
if (! (lock = lock_alloc (LOCK_PATH))) {
fprintf (stderr, "Failed to allocate memory for locking (%m).\n");
return 1;
}
if (! lock_lock (lock)) {
fprintf (stderr, "Instance seems already to run, aborting.\n");
return 1;
}
if ((! sock_name) || (! cfgfile)) {
const char *home;
if (! (home = getenv ("HOME")))
home = "";
if (! sock_name) {
if (! (sock_name = malloc (strlen (home) + sizeof (SOCK_PATH) + 16))) {
fprintf (stderr, "Failed to allocate socket name %s/%s (%m).\n", home, SOCK_PATH);
return 1;
}
sprintf (sock_name, "unix:%s/%s", home, SOCK_PATH);
}
if (! cfgfile) {
if (! (cfgfile = malloc (strlen (home) + sizeof (CFGFILE) + 1))) {
fprintf (stderr, "Failed to allocate config.filename %s/%s (%m).\n", home, CFGFILE);
return 1;
}
sprintf (cfgfile, "%s/%s", home, CFGFILE);
}
}
rc = 1;
umask (0);
if (smfi_register (bav) == MI_FAILURE)
fprintf (stderr, "Failed to register filter.\n");
else if (smfi_setconn (sock_name) == MI_FAILURE)
fprintf (stderr, "Failed to register socket name \"%s\".\n", sock_name);
else if (smfi_opensocket (1) == MI_FAILURE)
fprintf (stderr, "Failed to open socket socket \"%s\".\n", sock_name);
else {
if (smfi_main () == MI_FAILURE)
fprintf (stderr, "Failed to hand over control to milter.\n");
else
rc = 0;
}
unlink (sock_name);
lock_unlock (lock);
lock_free (lock);
free (sock_name);
free (cfgfile);
return rc;
}/*}}}*/
int main(int argc, char **argv) {
char *my_socket, *pt;
const struct optstruct *opt;
struct optstruct *opts;
time_t currtime;
mode_t umsk;
int ret;
cl_initialize_crypto();
memset(&descr, 0, sizeof(struct smfiDesc));
descr.xxfi_name = "ClamAV"; /* filter name */
descr.xxfi_version = SMFI_VERSION; /* milter version */
descr.xxfi_flags = SMFIF_QUARANTINE; /* flags */
descr.xxfi_connect = clamfi_connect; /* connection info filter */
descr.xxfi_envfrom = clamfi_envfrom; /* envelope sender filter */
descr.xxfi_envrcpt = clamfi_envrcpt; /* envelope recipient filter */
descr.xxfi_header = clamfi_header; /* header filter */
descr.xxfi_body = clamfi_body; /* body block */
descr.xxfi_eom = clamfi_eom; /* end of message */
descr.xxfi_abort = clamfi_abort; /* message aborted */
opts = optparse(NULL, argc, argv, 1, OPT_MILTER, 0, NULL);
if (!opts) {
mprintf("!Can't parse command line options\n");
return 1;
}
if(optget(opts, "help")->enabled) {
printf("Usage: %s [-c <config-file>]\n\n", argv[0]);
printf(" --help -h Show this help\n");
printf(" --version -V Show version and exit\n");
printf(" --config-file <file> -c Read configuration from file\n\n");
optfree(opts);
return 0;
}
if(opts->filename) {
int x;
for(x = 0; opts->filename[x]; x++)
mprintf("^Ignoring option %s\n", opts->filename[x]);
}
if(optget(opts, "version")->enabled) {
printf("clamav-milter %s\n", get_version());
optfree(opts);
return 0;
}
pt = strdup(optget(opts, "config-file")->strarg);
if (pt == NULL) {
printf("Unable to allocate memory for config file\n");
return 1;
}
if((opts = optparse(pt, 0, NULL, 1, OPT_MILTER, 0, opts)) == NULL) {
printf("%s: cannot parse config file %s\n", argv[0], pt);
free(pt);
return 1;
}
free(pt);
if((opt = optget(opts, "Chroot"))->enabled) {
if(chdir(opt->strarg) != 0) {
logg("!Cannot change directory to %s\n", opt->strarg);
return 1;
}
if(chroot(opt->strarg) != 0) {
logg("!chroot to %s failed. Are you root?\n", opt->strarg);
return 1;
}
}
pt = optget(opts, "AddHeader")->strarg;
if (strcasecmp(pt, "No")) {
char myname[255];
if (((opt = optget(opts, "ReportHostname"))->enabled &&
strncpy(myname, opt->strarg, sizeof(myname))) ||
!gethostname(myname, sizeof(myname))) {
myname[sizeof(myname)-1] = '\0';
snprintf(xvirushdr, sizeof(xvirushdr), "clamav-milter %s at %s",
get_version(), myname);
} else {
snprintf(xvirushdr, sizeof(xvirushdr), "clamav-milter %s",
get_version());
}
xvirushdr[sizeof(xvirushdr)-1] = '\0';
descr.xxfi_flags |= SMFIF_ADDHDRS;
if (strcasecmp(pt, "Add")) { /* Replace or Yes */
descr.xxfi_flags |= SMFIF_CHGHDRS;
addxvirus = 1;
} else { /* Add */
addxvirus = 2;
}
}
if(!(my_socket = optget(opts, "MilterSocket")->strarg)) {
logg("!Please configure the MilterSocket directive\n");
logg_close();
optfree(opts);
return 1;
}
if(smfi_setconn(my_socket) == MI_FAILURE) {
logg("!smfi_setconn failed\n");
logg_close();
optfree(opts);
return 1;
}
if(smfi_register(descr) == MI_FAILURE) {
logg("!smfi_register failed\n");
logg_close();
optfree(opts);
return 1;
}
opt = optget(opts, "FixStaleSocket");
umsk = umask(0777); /* socket is created with 000 to avoid races */
if(smfi_opensocket(opt->enabled) == MI_FAILURE) {
logg("!Failed to create socket %s\n", my_socket);
logg_close();
optfree(opts);
return 1;
}
umask(umsk); /* restore umask */
if(strncmp(my_socket, "inet:", 5) && strncmp(my_socket, "inet6:", 6)) {
/* set group ownership and perms on the local socket */
char *sock_name = my_socket;
mode_t sock_mode;
if(!strncmp(my_socket, "unix:", 5))
sock_name += 5;
if(!strncmp(my_socket, "local:", 6))
sock_name += 6;
if(*my_socket == ':')
sock_name ++;
if(optget(opts, "MilterSocketGroup")->enabled) {
char *gname = optget(opts, "MilterSocketGroup")->strarg, *end;
gid_t sock_gid = strtol(gname, &end, 10);
if(*end) {
struct group *pgrp = getgrnam(gname);
if(!pgrp) {
logg("!Unknown group %s\n", gname);
logg_close();
optfree(opts);
return 1;
}
sock_gid = pgrp->gr_gid;
}
if(chown(sock_name, -1, sock_gid)) {
logg("!Failed to change socket ownership to group %s\n", gname);
logg_close();
optfree(opts);
return 1;
}
}
if ((opt = optget(opts, "User"))->enabled) {
struct passwd *user;
if ((user = getpwnam(opt->strarg)) == NULL) {
logg("ERROR: Can't get information about user %s.\n",
opt->strarg);
logg_close();
optfree(opts);
return 1;
}
if(chown(sock_name, user->pw_uid, -1)) {
logg("!Failed to change socket ownership to user %s\n", user->pw_name);
optfree(opts);
logg_close();
return 1;
}
}
if(optget(opts, "MilterSocketMode")->enabled) {
char *end;
sock_mode = strtol(optget(opts, "MilterSocketMode")->strarg, &end, 8);
if(*end) {
logg("!Invalid MilterSocketMode %s\n", optget(opts, "MilterSocketMode")->strarg);
logg_close();
optfree(opts);
return 1;
}
} else
sock_mode = 0777 & ~umsk;
if(chmod(sock_name, sock_mode & 0666)) {
logg("!Cannot set milter socket permission to %s\n", optget(opts, "MilterSocketMode")->strarg);
logg_close();
optfree(opts);
return 1;
}
}
if(geteuid() == 0 && (opt = optget(opts, "User"))->enabled) {
struct passwd *user = NULL;
if((user = getpwnam(opt->strarg)) == NULL) {
fprintf(stderr, "ERROR: Can't get information about user %s.\n", opt->strarg);
optfree(opts);
return 1;
}
if(optget(opts, "AllowSupplementaryGroups")->enabled) {
#ifdef HAVE_INITGROUPS
if(initgroups(opt->strarg, user->pw_gid)) {
fprintf(stderr, "ERROR: initgroups() failed.\n");
optfree(opts);
return 1;
}
#else
mprintf("!AllowSupplementaryGroups: initgroups() is not available, please disable AllowSupplementaryGroups\n");
optfree(opts);
return 1;
#endif
} else {
#ifdef HAVE_SETGROUPS
if(setgroups(1, &user->pw_gid)) {
fprintf(stderr, "ERROR: setgroups() failed.\n");
optfree(opts);
return 1;
}
#endif
}
if(setgid(user->pw_gid)) {
fprintf(stderr, "ERROR: setgid(%d) failed.\n", (int) user->pw_gid);
optfree(opts);
return 1;
}
if(setuid(user->pw_uid)) {
fprintf(stderr, "ERROR: setuid(%d) failed.\n", (int) user->pw_uid);
optfree(opts);
return 1;
}
}
logg_lock = !optget(opts, "LogFileUnlock")->enabled;
logg_time = optget(opts, "LogTime")->enabled;
logg_size = optget(opts, "LogFileMaxSize")->numarg;
logg_verbose = mprintf_verbose = optget(opts, "LogVerbose")->enabled;
if (logg_size)
logg_rotate = optget(opts, "LogRotate")->enabled;
if((opt = optget(opts, "LogFile"))->enabled) {
logg_file = opt->strarg;
if(!cli_is_abspath(logg_file)) {
fprintf(stderr, "ERROR: LogFile requires full path.\n");
logg_close();
optfree(opts);
return 1;
}
} else
logg_file = NULL;
#if defined(USE_SYSLOG) && !defined(C_AIX)
if(optget(opts, "LogSyslog")->enabled) {
int fac;
opt = optget(opts, "LogFacility");
if((fac = logg_facility(opt->strarg)) == -1) {
logg("!LogFacility: %s: No such facility.\n", opt->strarg);
logg_close();
optfree(opts);
return 1;
}
openlog("clamav-milter", LOG_PID, fac);
logg_syslog = 1;
}
#endif
time(&currtime);
if(logg("#+++ Started at %s", ctime(&currtime))) {
fprintf(stderr, "ERROR: Can't initialize the internal logger\n");
logg_close();
optfree(opts);
return 1;
}
if((opt = optget(opts, "TemporaryDirectory"))->enabled)
tempdir = opt->strarg;
if(localnets_init(opts) || init_actions(opts)) {
logg_close();
optfree(opts);
return 1;
}
if((opt = optget(opts, "Whitelist"))->enabled && whitelist_init(opt->strarg)) {
localnets_free();
logg_close();
optfree(opts);
return 1;
}
if((opt = optget(opts, "SkipAuthenticated"))->enabled && smtpauth_init(opt->strarg)) {
localnets_free();
whitelist_free();
logg_close();
optfree(opts);
return 1;
}
multircpt = optget(opts, "SupportMultipleRecipients")->enabled;
if(!optget(opts, "Foreground")->enabled) {
if(daemonize() == -1) {
logg("!daemonize() failed\n");
localnets_free();
whitelist_free();
cpool_free();
logg_close();
optfree(opts);
return 1;
}
if(chdir("/") == -1)
logg("^Can't change current working directory to root\n");
}
maxfilesize = optget(opts, "MaxFileSize")->numarg;
if(!maxfilesize) {
logg("^Invalid MaxFileSize, using default (%d)\n", CLI_DEFAULT_MAXFILESIZE);
maxfilesize = CLI_DEFAULT_MAXFILESIZE;
}
readtimeout = optget(opts, "ReadTimeout")->numarg;
cpool_init(opts);
if (!cp) {
logg("!Failed to init the socket pool\n");
localnets_free();
whitelist_free();
logg_close();
optfree(opts);
return 1;
}
if((opt = optget(opts, "PidFile"))->enabled) {
FILE *fd;
mode_t old_umask = umask(0002);
if((fd = fopen(opt->strarg, "w")) == NULL) {
logg("!Can't save PID in file %s\n", opt->strarg);
} else {
if (fprintf(fd, "%u\n", (unsigned int)getpid())<0) {
logg("!Can't save PID in file %s\n", opt->strarg);
}
fclose(fd);
}
umask(old_umask);
}
ret = smfi_main();
optfree(opts);
logg_close();
cpool_free();
localnets_free();
whitelist_free();
return ret;
}
int
main(int argc, char **argv)
{
const char *progname = argv[0];
const char *port;
const char *mail_log = DEFAULT_MAIL_LOG;
int c;
pthread_t tid;
struct smfiDesc smfilter = {
"blacklist", /* filter name */
SMFI_VERSION, /* version code -- leave untouched */
SMFIF_NONE, /* flags - we only look */
blacklist_connect, /* connection callback */
NULL, /* HELO filter callback */
NULL, /* envelope sender filter callback */
NULL, /* envelope recipient filter callback */
blacklist_header, /* header filter callback */
NULL, /* end of header callback */
blacklist_body, /* body filter callback */
NULL, /* end of message callback */
blacklist_cleanup, /* message aborted callback */
blacklist_cleanup, /* connection cleanup callback */
#if SMFI_VERSION > 2
NULL, /* Unrecognised command */
#endif
#if SMFI_VERSION > 3
NULL, /* DATA command callback */
#endif
#if SMFI_VERSION >= 0x01000000
NULL, /* Negotiation callback */
#endif
};
while((c = getopt(argc, argv, "f:")) != EOF)
switch(c) {
case 'f':
mail_log = optarg;
break;
default:
fprintf(stderr, "Usage: %s [ -f log_file ] socket-addr\n", progname);
return EX_USAGE;
}
if(optind >= argc) {
fprintf(stderr, "Usage: %s [ -f log_file ] socket-addr\n", progname);
return EX_USAGE;
}
if(access(mail_log, R_OK) < 0) {
perror(mail_log);
return EX_NOINPUT;
}
openlog("blacklist-milter", LOG_CONS|LOG_PID, LOG_MAIL);
#ifndef DEBUG
switch(fork()) {
case -1:
perror("fork");
return EX_OSERR;
case 0: /* child */
break;
default: /* parent */
return EX_OK;
}
#endif
port = argv[optind];
if(strncasecmp(port, "unix:", 5) == 0) {
if(unlink(&port[5]) < 0)
if(errno != ENOENT)
perror(&port[5]);
} else if(strncasecmp(port, "local:", 6) == 0) {
if(unlink(&port[6]) < 0)
if(errno != ENOENT)
perror(&port[6]);
} else if(port[0] == '/') {
if(unlink(port) < 0)
if(errno != ENOENT)
perror(port);
}
/* sendmail->milter comms */
if(smfi_setconn(port) == MI_FAILURE) {
fprintf(stderr, "%s: smfi_setconn failed\n", progname);
return EX_SOFTWARE;
}
if(smfi_register(smfilter) == MI_FAILURE) {
fprintf(stderr, "%s: smfi_register failed\n", progname);
return EX_UNAVAILABLE;
}
if(smfi_opensocket(1) == MI_FAILURE) {
fprintf(stderr, "%s: can't open/create %s\n", progname, port);
return EX_CONFIG;
}
syslog(LOG_INFO, "Starting blacklist");
#ifndef DEBUG
close(0);
close(1);
close(2);
open("/dev/null", O_RDONLY);
open("/dev/console", O_WRONLY);
if(dup(1) < 0) {
perror("dup");
return EX_OSERR;
}
#endif
setpgrp();
pthread_create(&tid, NULL, watchdog, mail_log);
return smfi_main();
}
int main(int argc, char *argv[])
{
int c, r;
extern int yynerrs;
extern FILE *yyin;
const char *args = "c:hndv";
char *cfg_file = NULL;
FILE *f;
pthread_t reload_thr;
rmilter_pidfh_t *pfh = NULL;
pid_t pid;
daemonize = 1;
/* Process command line options */
while ((c = getopt (argc, argv, args)) != -1) {
switch (c) {
case 'c':
if (optarg == NULL || *optarg == '\0') {
fprintf (stderr, "Illegal config_file: %s\n", optarg);
exit (EX_USAGE);
}
else {
cfg_file = strdup (optarg);
}
break;
case 'n':
daemonize = 0;
break;
case 'd':
yydebug = 1;
break;
case 'v':
version ();
break;
case 'h':
default:
usage ();
break;
}
}
openlog ("rmilter.startup", LOG_PID, LOG_MAIL);
cfg = (struct config_file*) malloc (sizeof(struct config_file));
if (cfg == NULL) {
msg_warn("malloc: %s", strerror (errno));
return -1;
}
bzero (cfg, sizeof(struct config_file));
init_defaults (cfg);
if (cfg_file == NULL) {
cfg_file = strdup ("/usr/local/etc/rmilter.conf");
}
f = fopen (cfg_file, "r");
if (f == NULL) {
msg_warn("cannot open file: %s", cfg_file);
return EBADF;
}
yyin = f;
yyrestart (yyin);
if (yyparse () != 0 || yynerrs > 0) {
msg_warn("yyparse: cannot parse config file, %d errors", yynerrs);
return EBADF;
}
closelog ();
openlog (cfg->syslog_name, LOG_PID, LOG_MAIL);
if (!cfg->cache_use_redis) {
msg_warn("rmilter is configured to work with legacy memcached cache,"
" please consider switching to redis by adding "
"'use_redis = true;' into configuration");
}
fclose (f);
if (argv[0] && strrchr (argv[0], '/') != NULL) {
_rmilter_progname = strrchr (argv[0], '/') + 1;
}
else {
_rmilter_progname = argv[0];
}
cfg->cfg_name = strdup (cfg_file);
/* Strictly set temp dir */
if (!cfg->temp_dir) {
msg_warn("tempdir is not set, trying to use $TMPDIR");
cfg->temp_dir = getenv ("TMPDIR");
if (!cfg->temp_dir) {
cfg->temp_dir = strdup ("/tmp");
}
}
if (cfg->sizelimit == 0) {
msg_warn("maxsize is not set, no limits on size of scanned mail");
}
#ifdef HAVE_SRANDOMDEV
srandomdev();
#else
srand (time (NULL));
#endif
umask (0);
rng_state = get_prng_state ();
smfi_setconn (cfg->sock_cred);
if (smfi_register (smfilter) == MI_FAILURE) {
msg_err("smfi_register failed");
exit (EX_UNAVAILABLE);
}
if (smfi_opensocket (true) == MI_FAILURE) {
msg_err("Unable to open listening socket");
exit (EX_UNAVAILABLE);
}
if (daemonize && daemon (0, 0) == -1) {
msg_err("Unable to daemonize");
exit (EX_UNAVAILABLE);
}
msg_info("main: starting rmilter version %s, listen on %s", MVERSION,
cfg->sock_cred);
if (pthread_create (&reload_thr, NULL, reload_thread, NULL)) {
msg_warn("main: cannot start reload thread, ignoring error");
}
if (cfg->pid_file) {
pfh = rmilter_pidfile_open (cfg->pid_file, 0644, &pid);
if (pfh == NULL) {
msg_err("Unable to open pidfile %s", cfg->pid_file);
exit (EX_UNAVAILABLE);
}
rmilter_pidfile_write (pfh);
}
r = smfi_main ();
if (cfg_file != NULL)
free (cfg_file);
if (pfh) {
rmilter_pidfile_close (pfh);
}
return r;
}
int main(int argc, char** argv) {
int c;
char* p;
uid_t uid, gid, client_gid, root_gid;
struct passwd* pw;
struct group* gr;
struct stat st;
int localsocket = 1;
/*
* compilerwarnung: "client_gid may be used uninitialized"
* sowas will man ja nun wirklich nicht ...
*/
uid = gid = client_gid = root_gid = 0;
while ((c = getopt(argc, argv, "bc:d:hfg:k:m:n:s:t:u:vx")) > 0) {
switch (c) {
case 'b': /* break contentheader */
logmsg(LOG_INFO, "option -b is ignored for compatibily reasons, you may remove it safely");
break;
case 'c': /* clientgroup */
opt_clientgroup = optarg;
if ((gr = getgrnam(opt_clientgroup)) == NULL) {
logmsg(LOG_ERR, "unknown clientgroup: getgrnam(%s) failed", opt_group);
exit(EX_DATAERR);
}
client_gid = gr->gr_gid;
break;
case 'd': /* Loglevel */
opt_loglevel = (int) strtoul(optarg, &p, 10);
if (p != NULL && *p != '\0') {
printf("debug-level is not valid integer: %s\n", optarg);
exit(EX_DATAERR);
}
p = NULL;
if (opt_loglevel < 0 || opt_loglevel > 7) {
printf("loglevel out of range 0..7: %i\n", opt_loglevel);
exit(EX_DATAERR);
}
break;
case 'f': /* signer from header, not from envelope */
opt_signerfromheader = 1;
break;
case 'g': /* group */
opt_group = optarg;
if ((gr = getgrnam(opt_group)) == NULL) {
printf("unknown group: getgrnam(%s) failed", opt_group);
exit(EX_DATAERR);
}
break;
case 'k': /* keepdir */
opt_keepdir = optarg;
if (stat(opt_keepdir, &st) < 0) {
printf("directory to keep data: %s: %s", opt_keepdir, strerror(errno));
exit(EX_DATAERR);
}
if (!S_ISDIR(st.st_mode)) {
printf("directory to keep data: %s is not a directory", opt_keepdir);
exit(EX_DATAERR);
}
/* Zugriffsrechte werden spaeter geprueft, wenn zur richtigen uid gewechselt wurde */
break;
case '?': /* help */
case 'h':
usage();
exit(EX_OK);
case 'm': /* Signingtable cdbfilename */
opt_signingtable = optarg;
break;
case 'n': /* Modetable cdbfilename */
opt_modetable = optarg;
break;
case 's': /* Miltersocket */
opt_miltersocket = optarg;
break;
case 't': /* Timeout */
opt_timeout = (int) strtoul(optarg, &p, 10);
if (p != NULL && *p != '\0') {
printf("timeout is not valid integer: %s\n", optarg);
exit(EX_DATAERR);
}
p = NULL;
if (opt_timeout < 0 ) {
printf("negative milter connection timeout: %i\n", opt_timeout);
exit(EX_DATAERR);
}
break;
case 'u': /* user */
opt_user = optarg;
/* get passwd/group entries for opt_user and opt_group */
if ((pw = getpwnam(opt_user)) == NULL) {
logmsg(LOG_ERR, "unknown user: getpwnam(%s) failed", opt_user);
exit(EX_DATAERR);
}
break;
case 'v': /* Version */
version();
exit(EX_OK);
case 'x': /* add X-Header */
opt_addxheader = (int) !opt_addxheader;
break;
default:
usage();
exit(EX_USAGE);
}
}
/* open syslog an say helo */
openlog(STR_PROGNAME, LOG_PID, LOG_MAIL);
logmsg(LOG_NOTICE, "starting %s %s listening on %s, loglevel %i",
STR_PROGNAME, STR_PROGVERSION, opt_miltersocket, opt_loglevel);
/* force a new processgroup */
if ((setsid() == -1))
logmsg(LOG_DEBUG, "ignoring that setsid() failed");
if (opt_timeout > 0 && smfi_settimeout(opt_timeout) != MI_SUCCESS) {
logmsg(LOG_ERR, "could not set milter timeout");
exit(EX_SOFTWARE);
}
logmsg(LOG_INFO, "miltertimeout set to %i", opt_timeout);
if (smfi_setconn(opt_miltersocket) != MI_SUCCESS) {
logmsg(LOG_ERR, "could not set milter socket");
exit(EX_SOFTWARE);
}
if (smfi_register(callbacks) != MI_SUCCESS) {
logmsg(LOG_ERR, "could not register milter");
exit(EX_SOFTWARE);
}
/*
* User- und Gruppennamen stehen nun fest. Testen, ob es diese gibt
* und uid / gid ermitteln
*/
if ((pw = getpwnam(opt_user)) == NULL) {
logmsg(LOG_ERR, "unknown user: getpwnam(%s) failed", opt_user);
exit(EX_DATAERR);
}
uid = pw->pw_uid;
if ((gr = getgrnam(opt_group)) == NULL) {
logmsg(LOG_ERR, "unknown group: getgrnam(%s) failed", opt_group);
exit(EX_SOFTWARE);
}
gid = gr->gr_gid;
/* wenn nicht als Parameter angegeben, gehört ein Unix-Socket erstmal der gleichen Gruppe */
if (opt_clientgroup == NULL)
client_gid = gid;
/* wenn inet in optarg gefunden wird *und* das auch noch direkt am Anfang
* dann ist's kein lokaler socket */
if (((p = strstr(opt_miltersocket, "inet")) != NULL) && opt_miltersocket == p)
localsocket = 0;
if (localsocket == 1) {
/* den Socket oeffnen */
if (smfi_opensocket(REMOVE_EXISTING_SOCKETS) != MI_SUCCESS) {
logmsg(LOG_ERR, "could not open milter socket %s", opt_miltersocket);
exit(EX_SOFTWARE);
}
/* testen, ob's den Socket nun gibt */
p = opt_miltersocket + strlen("local:");
if (stat(p, &st) < 0) {
p = opt_miltersocket + strlen("unix:");
if (stat(p, &st) < 0) {
logmsg(LOG_ERR, "miltersocket does not exist: %m", strerror(errno));
exit(EX_DATAERR);
}
}
/* gid der Gruppe root */
if ((gr = getgrnam("root")) == NULL) {
logmsg(LOG_ERR, "unknown rootgroup: getgrnam(root) failed");
exit(EX_SOFTWARE);
}
root_gid = gr->gr_gid;
/* clientgroup muss != root und != opt_group sein */
if ((client_gid == gid) || (client_gid == root_gid)) {
logmsg(LOG_ERR, "clientgroup %s must be neither %s nor %s", opt_clientgroup, "root", opt_group);
exit(EX_DATAERR);
}
/* nun die Rechte setzen */
if (chown(p, uid, client_gid) != 0) {
logmsg(LOG_ERR, "chown(%s, %i, %i) failed: %m", p, uid, client_gid, strerror(errno));
exit(EX_SOFTWARE);
}
if (chmod(p, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP) != 0) {
logmsg(LOG_ERR, "chmod(%s, 0660) failed: %m", p, strerror(errno));
exit(EX_SOFTWARE);
}
logmsg(LOG_INFO, "changed socket %s to owner/group: %i/%i, mode: 0660", opt_miltersocket, uid, client_gid);
}
/* gid/uid setzen */
if (setgid(gid) != 0) {
logmsg(LOG_ERR, "setgid(%i) failed: %s", gr->gr_gid, strerror(errno));
exit(EX_SOFTWARE);
}
if (setuid(uid) != 0) {
logmsg(LOG_ERR, "setuid(%i) failed: %s", pw->pw_uid, strerror(errno));
exit(EX_SOFTWARE);
}
/* aktuelle uid/gid pruefen und loggen */
uid = getuid();
gid = getgid();
if (uid == 0 || gid == 0) {
logmsg(LOG_ERR, "too much priveleges, %s will not start under root", STR_PROGNAME);
exit(EX_DATAERR);
}
logmsg(LOG_INFO, "running as uid: %i, gid: %i", (int) uid, (int) gid);
if (opt_keepdir != NULL) {
if (S_IRWXO & st.st_mode) {
logmsg(LOG_ERR, "directory to keep data: %s: permissions too open: remove any access for other", opt_keepdir);
exit(EX_DATAERR);
}
if (access(opt_keepdir, R_OK) < 0 && errno == EACCES) {
logmsg(LOG_ERR, "directory to keep data: %s: permissions too strong: no read access", opt_keepdir);
exit(EX_DATAERR);
}
if (access(opt_keepdir, W_OK) < 0 && errno == EACCES) {
logmsg(LOG_ERR, "directory to keep data: %s: permissions too strong: no write access", opt_keepdir);
exit(EX_DATAERR);
}
if (access(opt_keepdir, X_OK) < 0 && errno == EACCES) {
logmsg(LOG_ERR, "directory to keep data: %s: permissions too strong: no execute access", opt_keepdir);
exit(EX_DATAERR);
}
logmsg(LOG_INFO, "directory to keep data: %s", opt_keepdir);
}
dict_open(opt_signingtable, &dict_signingtable);
if (opt_modetable)
dict_open(opt_modetable, &dict_modetable);
/* initialize OpenSSL */
SSL_library_init();
OpenSSL_add_all_algorithms();
/* get meaningful error messages */
SSL_load_error_strings();
ERR_load_crypto_strings();
/* Statistik initialisieren */
init_stats();
/* Signal-Handler fuer SIGALRM */
signal(SIGALRM, sig_handler);
/* Run milter */
if ((c = smfi_main()) != MI_SUCCESS)
logmsg(LOG_ERR, "Milter startup failed");
else
logmsg(LOG_NOTICE, "stopping %s %s listening on %s", STR_PROGNAME, STR_PROGVERSION, opt_miltersocket);
dict_close(&dict_signingtable);
if (opt_modetable)
dict_close(&dict_modetable);
/* cleanup OpenSSL */
ERR_free_strings();
EVP_cleanup();
output_stats();
#ifdef DMALLOC
dmalloc_log_stats();
dmalloc_log_unfreed();
dmalloc_shutdown();
#endif
exit(c);
}
int main(int argc, char **argv) {
char *my_socket, *pt;
const struct optstruct *opt;
struct optstruct *opts;
time_t currtime;
int ret;
memset(&descr, 0, sizeof(struct smfiDesc));
descr.xxfi_name = "ClamAV"; /* filter name */
descr.xxfi_version = SMFI_VERSION; /* milter version */
descr.xxfi_flags = SMFIF_QUARANTINE; /* flags */
descr.xxfi_connect = clamfi_connect; /* connection info filter */
descr.xxfi_envfrom = clamfi_envfrom; /* envelope sender filter */
descr.xxfi_envrcpt = clamfi_envrcpt; /* envelope recipient filter */
descr.xxfi_header = clamfi_header; /* header filter */
descr.xxfi_body = clamfi_body; /* body block */
descr.xxfi_eom = clamfi_eom; /* end of message */
descr.xxfi_abort = clamfi_abort; /* message aborted */
opts = optparse(NULL, argc, argv, 1, OPT_MILTER, 0, NULL);
if (!opts) {
mprintf("!Can't parse command line options\n");
return 1;
}
if(optget(opts, "help")->enabled) {
printf("Usage: %s [-c <config-file>]\n\n", argv[0]);
printf(" --help -h Show this help\n");
printf(" --version -V Show version and exit\n");
printf(" --config-file <file> -c Read configuration from file\n\n");
optfree(opts);
return 0;
}
if(opts->filename) {
int x;
for(x = 0; opts->filename[x]; x++)
mprintf("^Ignoring option %s\n", opts->filename[x]);
}
if(optget(opts, "version")->enabled) {
printf("clamav-milter %s\n", get_version());
optfree(opts);
return 0;
}
pt = strdup(optget(opts, "config-file")->strarg);
if((opts = optparse(pt, 0, NULL, 1, OPT_MILTER, 0, opts)) == NULL) {
printf("%s: cannot parse config file %s\n", argv[0], pt);
free(pt);
return 1;
}
free(pt);
if((opt = optget(opts, "Chroot"))->enabled) {
if(chdir(opt->strarg) != 0) {
logg("!Cannot change directory to %s\n", opt->strarg);
return 1;
}
if(chroot(opt->strarg) != 0) {
logg("!chroot to %s failed. Are you root?\n", opt->strarg);
return 1;
}
}
if(geteuid() == 0 && (opt = optget(opts, "User"))->enabled) {
struct passwd *user = NULL;
if((user = getpwnam(opt->strarg)) == NULL) {
fprintf(stderr, "ERROR: Can't get information about user %s.\n", opt->strarg);
optfree(opts);
return 1;
}
if(optget(opts, "AllowSupplementaryGroups")->enabled) {
#ifdef HAVE_INITGROUPS
if(initgroups(opt->strarg, user->pw_gid)) {
fprintf(stderr, "ERROR: initgroups() failed.\n");
optfree(opts);
return 1;
}
#else
mprintf("!AllowSupplementaryGroups: initgroups() is not available, please disable AllowSupplementaryGroups\n");
optfree(opts);
return 1;
#endif
} else {
#ifdef HAVE_SETGROUPS
if(setgroups(1, &user->pw_gid)) {
fprintf(stderr, "ERROR: setgroups() failed.\n");
optfree(opts);
return 1;
}
#endif
}
if(setgid(user->pw_gid)) {
fprintf(stderr, "ERROR: setgid(%d) failed.\n", (int) user->pw_gid);
optfree(opts);
return 1;
}
if(setuid(user->pw_uid)) {
fprintf(stderr, "ERROR: setuid(%d) failed.\n", (int) user->pw_uid);
optfree(opts);
return 1;
}
}
logg_lock = !optget(opts, "LogFileUnlock")->enabled;
logg_time = optget(opts, "LogTime")->enabled;
logg_size = optget(opts, "LogFileMaxSize")->numarg;
logg_verbose = mprintf_verbose = optget(opts, "LogVerbose")->enabled;
if((opt = optget(opts, "LogFile"))->enabled) {
logg_file = opt->strarg;
if(strlen(logg_file) < 2 || logg_file[0] != '/') {
fprintf(stderr, "ERROR: LogFile requires full path.\n");
logg_close();
optfree(opts);
return 1;
}
} else
logg_file = NULL;
#if defined(USE_SYSLOG) && !defined(C_AIX)
if(optget(opts, "LogSyslog")->enabled) {
int fac;
opt = optget(opts, "LogFacility");
if((fac = logg_facility(opt->strarg)) == -1) {
logg("!LogFacility: %s: No such facility.\n", opt->strarg);
logg_close();
optfree(opts);
return 1;
}
openlog("clamav-milter", LOG_PID, fac);
logg_syslog = 1;
}
#endif
time(&currtime);
if(logg("#+++ Started at %s", ctime(&currtime))) {
fprintf(stderr, "ERROR: Can't initialize the internal logger\n");
logg_close();
optfree(opts);
return 1;
}
if((opt = optget(opts, "TemporaryDirectory"))->enabled)
tempdir = opt->strarg;
if(localnets_init(opts) || init_actions(opts)) {
logg_close();
optfree(opts);
return 1;
}
if((opt = optget(opts, "Whitelist"))->enabled && whitelist_init(opt->strarg)) {
localnets_free();
logg_close();
optfree(opts);
return 1;
}
if((opt = optget(opts, "SkipAuthenticated"))->enabled && smtpauth_init(opt->strarg)) {
localnets_free();
whitelist_free();
logg_close();
optfree(opts);
return 1;
}
pt = optget(opts, "AddHeader")->strarg;
if(strcasecmp(pt, "No")) {
char myname[255];
if(!gethostname(myname, sizeof(myname))) {
myname[sizeof(myname)-1] = '\0';
snprintf(xvirushdr, sizeof(xvirushdr), "clamav-milter %s at %s", get_version(), myname);
xvirushdr[sizeof(xvirushdr)-1] = '\0';
} else {
snprintf(xvirushdr, sizeof(xvirushdr), "clamav-milter %s", get_version());
xvirushdr[sizeof(xvirushdr)-1] = '\0';
}
descr.xxfi_flags |= SMFIF_ADDHDRS;
if(strcasecmp(pt, "Add")) { /* Replace or Yes */
descr.xxfi_flags |= SMFIF_CHGHDRS;
addxvirus = 1;
} else { /* Add */
addxvirus = 2;
}
}
if(!(my_socket = optget(opts, "MilterSocket")->strarg)) {
logg("!Please configure the MilterSocket directive\n");
localnets_free();
whitelist_free();
logg_close();
optfree(opts);
return 1;
}
if(!optget(opts, "Foreground")->enabled) {
if(daemonize() == -1) {
logg("!daemonize() failed\n");
localnets_free();
whitelist_free();
cpool_free();
logg_close();
optfree(opts);
return 1;
}
if(chdir("/") == -1)
logg("^Can't change current working directory to root\n");
}
if(smfi_setconn(my_socket) == MI_FAILURE) {
logg("!smfi_setconn failed\n");
localnets_free();
whitelist_free();
logg_close();
optfree(opts);
return 1;
}
if(smfi_register(descr) == MI_FAILURE) {
logg("!smfi_register failed\n");
localnets_free();
whitelist_free();
logg_close();
optfree(opts);
return 1;
}
opt = optget(opts, "FixStaleSocket");
if(smfi_opensocket(opt->enabled) == MI_FAILURE) {
logg("!Failed to create socket %s\n", my_socket);
localnets_free();
whitelist_free();
logg_close();
optfree(opts);
return 1;
}
maxfilesize = optget(opts, "MaxFileSize")->numarg;
readtimeout = optget(opts, "ReadTimeout")->numarg;
cpool_init(opts);
if (!cp) {
logg("!Failed to init the socket pool\n");
localnets_free();
whitelist_free();
logg_close();
optfree(opts);
return 1;
}
if((opt = optget(opts, "PidFile"))->enabled) {
FILE *fd;
mode_t old_umask = umask(0006);
if((fd = fopen(opt->strarg, "w")) == NULL) {
logg("!Can't save PID in file %s\n", opt->strarg);
} else {
if (fprintf(fd, "%u", (unsigned int)getpid())<0) {
logg("!Can't save PID in file %s\n", opt->strarg);
}
fclose(fd);
}
umask(old_umask);
}
ret = smfi_main();
optfree(opts);
logg_close();
cpool_free();
localnets_free();
whitelist_free();
return ret;
}
int
main(int argc, char **argv)
{
int u_flag;
int s_flag;
int d_flag;
int W_flag;
int w_flag;
int l_flag;
int ret;
char *user;
char *socket;
char *ep;
int uid;
struct passwd *pwd;
pid_t pid;
int fd;
u_flag = s_flag = d_flag = l_flag = w_flag = W_flag = 0;
dnsbls = dnswls = wl_domains = NULL;
while ((ret = getopt(argc, argv, "hdu:s:l:w:W:")) != -1) {
switch(ret) {
case 'd':
d_flag++;
break;
case 'u':
u_flag++;
user = optarg;
break;
case 's':
s_flag++;
socket = optarg;
break;
case 'l':
dnsbls = add_list(dnsbls, optarg);
l_flag++;
break;
case 'w':
dnswls = add_list(dnswls, optarg);
w_flag++;
break;
case 'W':
wl_domains = add_list(wl_domains, optarg);
W_flag++;
break;
case 'h':
default:
usage(_progname);
}
}
argc -= optind;
argv += optind;
if (!u_flag) {
fprintf(stderr, "You must specify a user!\n");
usage(_progname);
}
if (!s_flag) {
fprintf(stderr, "You must specify a socket!\n");
usage(_progname);
}
if (w_flag) {
printf("Using whitelists:\n");
print_list(dnswls);
}
if (W_flag) {
printf("Whitelisting domains:\n");
print_list(wl_domains);
}
if (!l_flag) {
fprintf(stderr, "You must specify at least one DNSBL!\n");
usage(_progname);
} else {
printf("Using blacklists:\n");
print_list(dnsbls);
}
if (getuid() != 0) {
fprintf(stderr, "%s: cannot switch to user %s if not started as root!\n", _progname, user);
exit(EX_USAGE);
}
/* OK running as root, now switch to user */
uid = strtol(user, &ep, 0);
if (*ep == '\0') {
pwd = getpwuid(uid);
} else {
pwd = getpwnam(user);
}
if (pwd == NULL) {
fprintf(stderr, "%s: unknown user: %s\n", _progname, user);
exit(EX_NOUSER);
}
if (setgroups(0, NULL) < 0) {
perror("setgroups()");
exit(1);
}
if (setgid(pwd->pw_gid) < 0) {
perror("setgid()");
exit(1);
}
if (initgroups(user, pwd->pw_gid) < 0) {
perror("initgroups()"); /* not a critical failure */
}
if (setuid(pwd->pw_uid) < 0) {
perror("setuid()");
exit(1);
}
openlog(_progname, 0, LOG_MAIL);
if (smfi_register(smfilter) == MI_FAILURE) {
fprintf(stderr, "smfi_register() failed.\n");
exit(EX_UNAVAILABLE);
}
if (smfi_setconn(socket) == MI_FAILURE) {
fprintf(stderr, "smfi_setconn() %s\n", strerror(errno));
exit(EX_SOFTWARE);
}
if (smfi_opensocket(1) == MI_FAILURE) {
fprintf(stderr, "smfi_opensocket() %s\n", strerror(errno));
exit(EX_SOFTWARE);
}
(void) smfi_settimeout(7200);
if (!d_flag) {
fprintf(stderr, "Warning: not starting as daemon");
} else {
if (daemon(0, 0) < 0) {
perror("daemon()");
exit(1);
}
}
syslog(LOG_INFO, "%s started successfuly!", _progname);
return(smfi_main()); /* start doing business */
}
