Add option to drop root when starting couriertls.

8 files changed, 29 insertions, 13 deletions

diff --git a/imap/ChangeLog b/imap/ChangeLog
index e74c129..8908705 100644
--- a/imap/ChangeLog
+++ b/imap/ChangeLog
@@ -1,3 +1,16 @@
+2018-06-21  Sam Varshavchik  <mrsam@courier-mta.com>
+
+	* libs/tcpd/tlsclient.h: add username option, used in couriertls_start
+	to set the child process's uid and gid.
+
+	* imaplogin.c (starttls): Set username option for couriertls
+
+	* pop3login.c (starttls): Set username option for couriertls
+
+	* imapd-ssl.dist, pop3d-ssl.dist: Use separate imap and pop3 session
+	cache files. Startup script: remove/set ownership and permsission
+	on the imap and pop3 session cache files.
+
 2018-02-13  Sam Varshavchik  <mrsam@courier-mta.com>
 
 	* libs/tcpd/libcouriergnutls.c: Remove usage of deprecated OpenPGP
diff --git a/imap/configure.ac b/imap/configure.ac
index 40108cd..b7f31fd 100644
--- a/imap/configure.ac
+++ b/imap/configure.ac
@@ -99,6 +99,7 @@ AC_SUBST(RANDOMV)
 AC_ARG_WITH(mailuser, [], mailuser="$withval",
         AC_MSG_ERROR(--with-mailuser missing))
 AC_SUBST(mailuser)
+AC_DEFINE_UNQUOTED(MAILUSER, ["$mailuser"], [ Mail system user ])
 
 dnl Checks for libraries.
 
diff --git a/imap/imapd-ssl.dist.in.git b/imap/imapd-ssl.dist.in.git
index df5cf02..50f1879 100644
--- a/imap/imapd-ssl.dist.in.git
+++ b/imap/imapd-ssl.dist.in.git
@@ -200,10 +200,8 @@ TLS_STARTTLS_PROTOCOL="$TLS_PROTOCOL"
 
 ##NAME: TLS_CERTFILE:0
 #
-# TLS_CERTFILE - certificate to use.  TLS_CERTFILE is required for SSL/TLS
-# servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
-# treated as confidential, and must not be world-readable. Set TLS_CERTFILE
-# instead of TLS_DHCERTFILE if this is a garden-variety certificate
+# TLS_CERTFILE - certificate to use. TLS_CERTFILE must be owned
+# by the "@mailuser@" user, and must not be world-readable.
 #
 # VIRTUAL HOSTS ON THE SAME IP ADDRESS.
 #
@@ -285,14 +283,14 @@ TLS_VERIFYPEER=NONE
 # field. The certificate's emailaddress subject must match exactly the login
 # ID in the courier-authlib database.
 
-##NAME: TLS_CACHE:0
+##NAME: TLS_CACHE:1
 #
 # A TLS/SSL session cache may slightly improve response for IMAP clients
 # that open multiple SSL sessions to the server.  TLS_CACHEFILE will be
 # automatically created, TLS_CACHESIZE bytes long, and used as a cache
 # buffer.
 
-TLS_CACHEFILE=@localstatedir@/couriersslcache
+TLS_CACHEFILE=@localstatedir@/couriersslpop3cache
 TLS_CACHESIZE=524288
 
 ##NAME: MAILDIRPATH:0
diff --git a/imap/imaplogin.c b/imap/imaplogin.c
index 0f0b0bf..a445a35 100644
--- a/imap/imaplogin.c
+++ b/imap/imaplogin.c
@@ -96,6 +96,7 @@ static int	starttls(const char *tag)
 
 	cmdsuccess(tag, "Begin SSL/TLS negotiation now.\r\n");
 	writeflush();
+	cinfo.username=MAILUSER;
 
 	if (couriertls_start(argvec, &cinfo))
 	{
diff --git a/imap/pop3d-ssl.dist.in.git b/imap/pop3d-ssl.dist.in.git
index 43a68e5..ec16ce8 100644
--- a/imap/pop3d-ssl.dist.in.git
+++ b/imap/pop3d-ssl.dist.in.git
@@ -194,10 +194,8 @@ TLS_STARTTLS_PROTOCOL="$TLS_PROTOCOL"
 
 ##NAME: TLS_CERTFILE:0
 #
-# TLS_CERTFILE - certificate to use.  TLS_CERTFILE is required for SSL/TLS
-# servers, and is optional for SSL/TLS clients.  TLS_CERTFILE is usually
-# treated as confidential, and must not be world-readable. Set TLS_CERTFILE
-# instead of TLS_DHCERTFILE if this is a garden-variety certificate
+# TLS_CERTFILE - certificate to use. TLS_CERTFILE must be owned
+# by the "@mailuser@" user, and must not be world-readable.
 #
 # VIRTUAL HOSTS ON THE SAME IP ADDRESS.
 #
@@ -279,7 +277,7 @@ TLS_VERIFYPEER=NONE
 # field. The certificate's emailaddress subject must match exactly the login
 # ID in the courier-authlib database.
 
-##NAME: TLS_CACHE:0
+##NAME: TLS_CACHE:1
 #
 # A TLS/SSL session cache may slightly improve response for long-running
 # POP3 clients. TLS_CACHEFILE will be automatically created, TLS_CACHESIZE
@@ -289,7 +287,7 @@ TLS_VERIFYPEER=NONE
 # problems with SSL clients.  Disable SSL caching by commenting out the
 # following settings:
 
-TLS_CACHEFILE=@localstatedir@/couriersslcache
+TLS_CACHEFILE=@localstatedir@/couriersslimapcache
 TLS_CACHESIZE=524288
 
 ##NAME: MAILDIRPATH:0
diff --git a/imap/pop3login.c b/imap/pop3login.c
index e6ee33f..d541254 100644
--- a/imap/pop3login.c
+++ b/imap/pop3login.c
@@ -75,6 +75,7 @@ static int	starttls()
 	printf("+OK Begin SSL/TLS negotiation now.\r\n");
 	fflush(stdout);
 	fflush(stdin);
+	cinfo.username=MAILUSER;
 
 	if (couriertls_start(argvec, &cinfo))
 	{
diff --git a/tcpd/tlsclient.c b/tcpd/tlsclient.c
index f68bb16..e0c76ef 100644
--- a/tcpd/tlsclient.c
+++ b/tcpd/tlsclient.c
@@ -343,6 +343,9 @@ static int do_couriertls_start(char **args, struct couriertls_info *cinfo)
 		close(statuspipe_fd[0]);
 		close(x509_fd[0]);
 
+		if (cinfo->username)
+			libmail_changeusername(cinfo->username, 0);
+
 		fp=fdopen(statuspipe_fd[1], "w");
 
 		if (!fp)
diff --git a/tcpd/tlsclient.h b/tcpd/tlsclient.h
index 1619449..b8eadbc 100644
--- a/tcpd/tlsclient.h
+++ b/tcpd/tlsclient.h
@@ -2,7 +2,7 @@
 #define	tlsclient_h
 
 /*
-** Copyright 2000-2001 Double Precision, Inc.
+** Copyright 2000-2018 Double Precision, Inc.
 ** See COPYING for distribution information.
 */
 
@@ -36,6 +36,7 @@ struct couriertls_info {
 
 	const char *cipher;
 	const char *version;
+	const char *username;
 	int bits;
 } ;