make ppa: force lower version number

[people/ms/dma.git] / dma.c

diff --git a/dma.c b/dma.c
index 49b1634499427e3d78f78082c13b265b3ab219bc..5a287fa9da860c63dc503d1c9870ea889e85b81c 100644 (file)
--- a/dma.c
+++ b/dma.c
@@ -64,21 +64,22 @@ static void deliver(struct qitem *);
 struct aliases aliases = LIST_HEAD_INITIALIZER(aliases);
 struct strlist tmpfs = SLIST_HEAD_INITIALIZER(tmpfs);
 struct authusers authusers = LIST_HEAD_INITIALIZER(authusers);
-const char *username;
+char username[USERNAME_SIZE];
+uid_t useruid;
 const char *logident_base;
+char errmsg[ERRMSG_SIZE];
 
 static int daemonize = 1;
 
 struct config config = {
        .smarthost      = NULL,
        .port           = 25,
-       .aliases        = "/var/mail/aliases",
+       .aliases        = "/etc/aliases",
        .spooldir       = "/var/spool/dma",
        .authpath       = NULL,
        .certfile       = NULL,
        .features       = 0,
        .mailname       = NULL,
-       .mailnamefile   = NULL,
 };
 
 
@@ -216,9 +217,6 @@ go_background(struct queue *queue)
        daemonize = 0;
 
        bzero(&sa, sizeof(sa));
-#ifdef SA_NOCLDWAIT
-       sa.sa_flags = SA_NOCLDWAIT;
-#endif
        sa.sa_handler = SIG_IGN;
        sigaction(SIGCHLD, &sa, NULL);
 
@@ -271,17 +269,18 @@ deliver(struct qitem *it)
 {
        int error;
        unsigned int backoff = MIN_RETRY;
-       const char *errmsg = "unknown bounce reason";
        struct timeval now;
        struct stat st;
 
+       snprintf(errmsg, sizeof(errmsg), "unknown bounce reason");
+
 retry:
        syslog(LOG_INFO, "trying delivery");
 
        if (it->remote)
-               error = deliver_remote(it, &errmsg);
+               error = deliver_remote(it);
        else
-               error = deliver_local(it, &errmsg);
+               error = deliver_local(it);
 
        switch (error) {
        case 0:
@@ -296,7 +295,7 @@ retry:
                }
                if (gettimeofday(&now, NULL) == 0 &&
                    (now.tv_sec - st.st_mtim.tv_sec > MAX_TIMEOUT)) {
-                       asprintf(__DECONST(void *, &errmsg),
+                       snprintf(errmsg, sizeof(errmsg),
                                 "Could not deliver for the last %d seconds. Giving up.",
                                 MAX_TIMEOUT);
                        goto bounce;
@@ -374,6 +373,26 @@ main(int argc, char **argv)
        int nodot = 0, doqueue = 0, showq = 0, queue_only = 0;
        int recp_from_header = 0;
 
+       set_username();
+
+       /*
+        * We never run as root.  If called by root, drop permissions
+        * to the mail user.
+        */
+       if (geteuid() == 0 || getuid() == 0) {
+               struct passwd *pw;
+
+               pw = getpwnam(DMA_ROOT_USER);
+               if (pw == NULL)
+                       err(1, "cannot drop root privileges");
+
+               if (setuid(pw->pw_uid) != 0)
+                       err(1, "cannot drop root privileges");
+
+               if (geteuid() == 0 || getuid() == 0)
+                       errx(1, "cannot drop root privileges");
+       }
+
        atexit(deltmp);
        init_random();
 
@@ -478,9 +497,6 @@ skipopts:
        if (logident_base == NULL)
                logident_base = "dma";
        setlogident(NULL);
-       set_username();
-
-       /* XXX fork root here */
 
        act.sa_handler = sighup_handler;
        act.sa_flags = 0;