2 files changed, 56 insertions, 35 deletions

diff --git a/tcpd/couriertls.sgml b/tcpd/couriertls.sgml
index 63e5e40..a7a8e72 100644
--- a/tcpd/couriertls.sgml
+++ b/tcpd/couriertls.sgml
@@ -1,5 +1,5 @@
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
-<!-- Copyright 2000-2009 Double Precision, Inc.  See COPYING for -->
+<!-- Copyright 2000-2018 Double Precision, Inc.  See COPYING for -->
 <!-- distribution information. -->
 <refentry>
   <info><author><firstname>Sam</firstname><surname>Varshavchik</surname><contrib>Author</contrib></author><productname>Courier Mail Server</productname></info>
@@ -12,13 +12,13 @@
 
   <refnamediv>
     <refname>couriertls</refname>
-    <refpurpose>the <application moreinfo="none">Courier</application> mail server
+    <refpurpose>the <application>Courier</application> mail server
 TLS/SSL protocol wrapper</refpurpose>
   </refnamediv>
 
   <refsynopsisdiv>
     <cmdsynopsis sepchar=" ">
-      <command moreinfo="none">couriertls</command>
+      <command>couriertls</command>
       <arg rep="repeat" choice="opt"><replaceable>option</replaceable></arg>
       <arg choice="req" rep="norepeat"><replaceable>program</replaceable></arg>
       <arg choice="req" rep="repeat"><replaceable>arg</replaceable></arg>
@@ -29,16 +29,16 @@ TLS/SSL protocol wrapper</refpurpose>
     <title>DESCRIPTION</title>
 
     <para>
-The <command moreinfo="none">couriertls</command> program is used by applications to encrypt a
+The <command>couriertls</command> program is used by applications to encrypt a
 network connection using SSL/TLS, without having the application deal with the
-gory details of SSL/TLS. <command moreinfo="none">couriertls</command> is used by the
-<application moreinfo="none">Courier</application> mail server
+gory details of SSL/TLS. <command>couriertls</command> is used by the
+<application>Courier</application> mail server
 IMAP and ESMTP servers.</para>
 
     <para>
-<command moreinfo="none">couriertls</command> is not usually run directly from the commandline.
+<command>couriertls</command> is not usually run directly from the commandline.
 An application typically creates a network connection, then runs
-<command moreinfo="none">couriertls</command> with appropriate options to encrypt the network
+<command>couriertls</command> with appropriate options to encrypt the network
 connection with SSL/TLS.</para>
   </refsect1>
 
@@ -52,7 +52,7 @@ connection with SSL/TLS.</para>
 	  <para>
 These options are
 used instead of <option>-remotefd</option>, mostly for debugging purposes.
-<command moreinfo="none">couriertls</command> connects to the specified server and immediately
+<command>couriertls</command> connects to the specified server and immediately
 starts SSL/TLS negotation when the connection is established.</para>
 	</listitem>
       </varlistentry>
@@ -76,7 +76,7 @@ If SSL starts
 succesfully, reading on <replaceable>n</replaceable> gets an immediate EOF.
 Otherwise, a
 single line of text - the error message - is read; the file descriptor is
-closed; and <command moreinfo="none">couriertls</command> terminates.</para>
+closed; and <command>couriertls</command> terminates.</para>
 	</listitem>
       </varlistentry>
 
@@ -87,7 +87,7 @@ closed; and <command moreinfo="none">couriertls</command> terminates.</para>
 Print the x509 certificate on file
 descriptor <replaceable>n</replaceable> then close it.  The x509 certificate is printed before
 SSL/TLS encryption starts.  The application may immediately read the
-certificate after running <command moreinfo="none">couriertls</command>, until the file
+certificate after running <command>couriertls</command>, until the file
 descriptor is closed.</para>
 	</listitem>
       </varlistentry>
@@ -115,15 +115,26 @@ negotiated.</para>
 	<term>-tcpd</term>
 	<listitem>
 	  <para>
-<command moreinfo="none">couriertls</command> is being called from
-<command moreinfo="none">couriertcpd</command>, and the remote socket is present on descriptors
+<command>couriertls</command> is being called from
+<command>couriertcpd</command>, and the remote socket is present on descriptors
 0 and 1.  <option>-tcpd</option> means, basically, the same as
-<option>-remotefd=0</option>, but <command moreinfo="none">couriertls</command> closes file
+<option>-remotefd=0</option>, but <command>couriertls</command> closes file
 descriptor 1, and redirects file descriptor 1 to file descriptor 2.</para>
 	</listitem>
       </varlistentry>
 
       <varlistentry>
+	<term>-user=<replaceable>username</replaceable></term>
+	<listitem>
+	  <para>
+	    Used when
+	    <command>couriertls</command> needs to get started as root
+	    and fork off a root child process (see below), before dropping
+	    root and running as the specified user.
+	  </para>
+	</listitem>
+      </varlistentry>
+      <varlistentry>
 	<term>-verify=<replaceable>domain</replaceable></term>
 	<listitem>
 	  <para>
@@ -131,7 +142,7 @@ Verify that <replaceable>domain</replaceable> is set in
 the CN field of the trusted X.509 certificate presented by the SSL/TLS
 peer. TLS_TRUSTCERTS must be initialized (see below), and the certificate
 must be signed by one of the trusted certificates. The CN field can
-contain a wildcard: <literal moreinfo="none">CN=*.example</literal> will match
+contain a wildcard: <literal>CN=*.example</literal> will match
 <option>-verify=foo.example.com</option>. For
 SSL/TLS clients,
 <envar>TLS_VERIFYPEER</envar> must be set to PEER (see below).</para>
@@ -144,7 +155,7 @@ SSL/TLS clients,
 	  <para>
 Send <replaceable>proto</replaceable> protocol
 commands before enabling SSL/TLS on the remote connection. <replaceable>proto</replaceable> is
-either "<literal moreinfo="none">smtp</literal>" or "<literal moreinfo="none">imap</literal>".
+either "<literal>smtp</literal>" or "<literal>imap</literal>".
 This is a debugging option that can be used to
 troubleshoot SSL/TLS with a remote IMAP or SMTP server.</para>
 	</listitem>
@@ -156,8 +167,11 @@ If the <option>-remotefd=<replaceable>n</replaceable></option> option is not
 specified, the rest of
 the command line specifies the program to run -- and its arguments -- whose
 standard input and output is encrypted via SSL/TLS over the network
-connection.  If the program is not specified, the standard input and output of
-<command moreinfo="none">couriertls</command> itself is encrypted.</para>
+connection.
+This is done before the <option>-user</option> option drops root and
+<command>couriertls</command> continues to run as the indicated user.
+If the program is not specified, the standard input and output of
+<command>couriertls</command> itself is encrypted.</para>
 
   </refsect1>
 
@@ -165,7 +179,7 @@ connection.  If the program is not specified, the standard input and output of
     <title>ENVIRONMENT VARIABLES</title>
 
 <para>
-<command moreinfo="none">couriertls</command> reads the following environment variables in
+<command>couriertls</command> reads the following environment variables in
 order to configure the SSL/TLS protocol:</para>
 
     <variablelist>
@@ -174,8 +188,8 @@ order to configure the SSL/TLS protocol:</para>
 	<listitem>
 	  <para>
 Set the protocol version.  The possible versions are:
-<literal moreinfo="none">SSL2</literal>, <literal moreinfo="none">SSL3</literal>,
-<literal moreinfo="none">TLS1</literal>.</para>
+<literal>SSL2</literal>, <literal>SSL3</literal>,
+<literal>TLS1</literal>.</para>
 	</listitem>
       </varlistentry>
 
@@ -231,11 +245,11 @@ can be a file or a directory. If a
 file, the file should contain a list of trusted certificates, in PEM
 format. If a directory, the directory should contain the trusted
 certificates, in PEM format, one per file and hashed using OpenSSL's
-<command moreinfo="none">c_rehash</command> script. <envar>TLS_TRUSTCERTS</envar> is used by
+<command>c_rehash</command> script. <envar>TLS_TRUSTCERTS</envar> is used by
 SSL/TLS clients (by
 specifying the <option>-domain</option> option) and by SSL/TLS servers
-(<envar>TLS_VERIFYPEER</envar> is set to <literal moreinfo="none">PEER</literal> or
-<literal moreinfo="none">REQUIREPEER</literal>).</para> 
+(<envar>TLS_VERIFYPEER</envar> is set to <literal>PEER</literal> or
+<literal>REQUIREPEER</literal>).</para>
 	</listitem>
       </varlistentry>
 
@@ -245,18 +259,18 @@ specifying the <option>-domain</option> option) and by SSL/TLS servers
 	  <para>
 Whether to verify peer's
 X.509 certificate.  The exact meaning of this option depends upon whether
-<command moreinfo="none">couriertls</command> is used in the client or server mode.
+<command>couriertls</command> is used in the client or server mode.
 In server mode:
-<literal moreinfo="none">NONE</literal> - do not request an X.509 certificate from the client;
-<literal moreinfo="none">PEER</literal> - request an optional X.509 certificate from the
+<literal>NONE</literal> - do not request an X.509 certificate from the client;
+<literal>PEER</literal> - request an optional X.509 certificate from the
 client, if the client returns one,
 the SSL/TLS connection is shut down unless the certificate is signed by a
 trusted certificate authority (see TLS_TRUSTCERTS);
-<literal moreinfo="none">REQUIREPEER</literal> - same as
+<literal>REQUIREPEER</literal> - same as
 PEER, except that the SSL/TLS connects is also shut down if the client
 does not return the optional X.509 certificate.  In client mode:
-<literal moreinfo="none">NONE</literal> - ignore the server's X.509 certificate;
-<literal moreinfo="none">PEER</literal> - verify the server's
+<literal>NONE</literal> - ignore the server's X.509 certificate;
+<literal>PEER</literal> - verify the server's
 X.509 certificate according to the <option>-domain</option> option,
 (see above).</para>
 	</listitem>
diff --git a/tcpd/starttls.c b/tcpd/starttls.c
index 23c4a69..cb3bd2c 100644
--- a/tcpd/starttls.c
+++ b/tcpd/starttls.c
@@ -10,6 +10,8 @@
 #include	"tlscache.h"
 #include	"rfc1035/rfc1035.h"
 #include	"soxwrap/soxwrap.h"
+#include	"numlib/numlib.h"
+
 #ifdef  getc
 #undef  getc
 #endif
@@ -74,6 +76,7 @@ const char *statusfd=0;
 const char *tcpd=0;
 const char *peer_verify_domain=0;
 const char *fdprotocol=0;
+const char *username=0;
 static FILE *errfp;
 static FILE *statusfp;
 
@@ -536,6 +539,14 @@ static int dossl(int fd, int argn, int argc, char **argv)
 	info.connect_callback= &verify_connection;
 	info.app_data=NULL;
 
+	stdin_fd=0;
+	stdout_fd=1;
+
+	startclient(argn, argc, argv, fd, &stdin_fd, &stdout_fd);
+
+	if (username)
+		libmail_changeusername(username, 0);
+
 	ctx=tls_create(server ? 1:0, &info);
 	if (ctx == 0)	return (1);
 
@@ -555,11 +566,6 @@ static int dossl(int fd, int argn, int argc, char **argv)
 		return 1;
 	}
 
-	stdin_fd=0;
-	stdout_fd=1;
-
-	startclient(argn, argc, argv, fd, &stdin_fd, &stdout_fd);
-
 	docopy(ssl, fd, stdin_fd, stdout_fd);
 
 	tls_disconnect(ssl, fd);
@@ -778,6 +784,7 @@ static struct args arginfo[] = {
 	{ "verify", &peer_verify_domain},
 	{ "statusfd", &statusfd},
 	{ "protocol", &fdprotocol},
+	{ "user", &username},
 	{0}};
 void (*protocol_func)(int)=0;