struct strlist tmpfs = SLIST_HEAD_INITIALIZER(tmpfs);
struct authusers authusers = LIST_HEAD_INITIALIZER(authusers);
char username[USERNAME_SIZE];
+uid_t useruid;
const char *logident_base;
char errmsg[ERRMSG_SIZE];
.certfile = NULL,
.features = 0,
.mailname = NULL,
+ .masquerade_host = NULL,
+ .masquerade_user = NULL,
};
if (sender == NULL)
return (NULL);
} else {
- if (asprintf(&sender, "%s@%s", username, hostname()) <= 0)
+ const char *from_user = username;
+ const char *from_host = hostname();
+
+ if (config.masquerade_user)
+ from_user = config.masquerade_user;
+ if (config.masquerade_host)
+ from_host = config.masquerade_host;
+ if (asprintf(&sender, "%s@%s", from_user, from_host) <= 0)
return (NULL);
}
int nodot = 0, doqueue = 0, showq = 0, queue_only = 0;
int recp_from_header = 0;
+ set_username();
+
+ /*
+ * We never run as root. If called by root, drop permissions
+ * to the mail user.
+ */
+ if (geteuid() == 0 || getuid() == 0) {
+ struct passwd *pw;
+
+ pw = getpwnam(DMA_ROOT_USER);
+ if (pw == NULL)
+ err(1, "cannot drop root privileges");
+
+ if (setuid(pw->pw_uid) != 0)
+ err(1, "cannot drop root privileges");
+
+ if (geteuid() == 0 || getuid() == 0)
+ errx(1, "cannot drop root privileges");
+ }
+
atexit(deltmp);
init_random();
if (logident_base == NULL)
logident_base = "dma";
setlogident(NULL);
- set_username();
-
- /* XXX fork root here */
act.sa_handler = sighup_handler;
act.sa_flags = 0;
if (sigaction(SIGHUP, &act, NULL) != 0)
syslog(LOG_WARNING, "can not set signal handler: %m");
- parse_conf(CONF_PATH);
+ parse_conf(CONF_PATH "/dma.conf");
if (config.authpath != NULL)
parse_authfile(config.authpath);