diff options
Diffstat (limited to 'mail/dovecot-devel/files')
| -rw-r--r-- | mail/dovecot-devel/files/README.FreeBSD | 58 | ||||
| -rw-r--r-- | mail/dovecot-devel/files/dovecot.sh.sample | 21 | ||||
| -rw-r--r-- | mail/dovecot-devel/files/patch-allow-zero-gid | 172 | ||||
| -rw-r--r-- | mail/dovecot-devel/files/patch-dovecot-example.conf | 193 | ||||
| -rw-r--r-- | mail/dovecot-devel/files/patch-mkcert.sh | 11 |
5 files changed, 0 insertions, 455 deletions
diff --git a/mail/dovecot-devel/files/README.FreeBSD b/mail/dovecot-devel/files/README.FreeBSD deleted file mode 100644 index 093fdf57ea81..000000000000 --- a/mail/dovecot-devel/files/README.FreeBSD +++ /dev/null @@ -1,58 +0,0 @@ -# -# README.FreeBSD -# -# $FreeBSD$ -# - - o Dovecot currently will not allow users with a user or group id of 0 - to login. Because of this you will not be able to open root's - mailbox, or any of the mailboxes of users in the wheel group. This is - intended as a security feature, and isn't an issue on Linux because - the concept of wheel is not enforced by GNU su. - - + 2003/04/15 - It is now possible to change this behavior to allow wheel users to - check their mailboxes with Dovecot. Add the following line to your - dovecot.conf: - - allow_zero_gid = yes - - o The configuration which is supplied with this port is installed into - PREFIX/etc/dovecot-example.conf and PREFIX defaults to /usr/local. - I have attempted to choose what appears to be the best mixture of - performance and compatibility and set Dovecot up to start POP3 and - IMAP services for all the local users of the machine. This should be - enough for the simplest sites to get up and running straight away. - - o Enabling SSL services should be easy, the Dovecot port is configured - by default to keep its SSL information under /var/dovecot/ssl, if you - already have certificates you wish to use then you can override this - in the configuration. If you don't have a certificate and wish to - make your own it should be as simple as: - - # cd PREFIX/share/doc/dovecot/ - # vi dovecot-openssl.conf - - Add information which describes your enivironment. - - # sh mkcert.sh - - Execute the certificate generator. This will put a new certificate - and private key under /var/dovecot/ssl. - - # cd PREFIX/etc/ - # vi dovecot.conf - - Reconfigure Dovecot to use SSL. - - The variables you will want to set in dovecot.conf to allow a SSL - secured POP3 and IMAP service are: - - + protocols = imap imaps pop3 pop3s - + ssl_disable = no - - You may wish to also change the following variables to reflect the - location of SSL certificates on your system. - - + ssl_cert_file = /var/dovecot/ssl/certs/imapd.pem - + ssl_key_file = /var/dovecot/ssl/private/imapd.pem diff --git a/mail/dovecot-devel/files/dovecot.sh.sample b/mail/dovecot-devel/files/dovecot.sh.sample deleted file mode 100644 index 625021fa6def..000000000000 --- a/mail/dovecot-devel/files/dovecot.sh.sample +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - -if ! PREFIX=$(expr $0 : "\(/.*\)/etc/rc\.d/$(basename $0)\$"); then - echo "$0: Cannot determine the PREFIX" >&2 - exit 1 -fi - -case "$1" in -start) - [ -x ${PREFIX}/sbin/dovecot ] && \ - ${PREFIX}/sbin/dovecot && echo -n ' dovecot' - ;; -stop) - /usr/bin/killall dovecot && echo -n ' dovecot' - ;; -*) - echo "Usage: `basename $0` { start | stop }" >&2 - ;; -esac - -exit 0 diff --git a/mail/dovecot-devel/files/patch-allow-zero-gid b/mail/dovecot-devel/files/patch-allow-zero-gid deleted file mode 100644 index ac8f08b63cab..000000000000 --- a/mail/dovecot-devel/files/patch-allow-zero-gid +++ /dev/null @@ -1,172 +0,0 @@ -Index: src/lib/restrict-access.c -=================================================================== -RCS file: /home/cvs/dovecot/src/lib/restrict-access.c,v -retrieving revision 1.10 -diff -u -3 -p -r1.10 restrict-access.c ---- src/lib/restrict-access.c 4 Mar 2003 04:00:13 -0000 1.10 -+++ src/lib/restrict-access.c 15 Apr 2003 17:37:26 -0000 -@@ -31,12 +31,14 @@ - #include <grp.h> - - void restrict_access_set_env(const char *user, uid_t uid, gid_t gid, -- const char *chroot_dir) -+ const char *chroot_dir, int allow_zg) - { - if (user != NULL && *user != '\0') - env_put(t_strconcat("RESTRICT_USER=", user, NULL)); - if (chroot_dir != NULL && *chroot_dir != '\0') - env_put(t_strconcat("RESTRICT_CHROOT=", chroot_dir, NULL)); -+ if (allow_zg == TRUE) -+ env_put(t_strdup("ALLOW_ZERO_GID=TRUE")); - - env_put(t_strdup_printf("RESTRICT_SETUID=%s", dec2str(uid))); - env_put(t_strdup_printf("RESTRICT_SETGID=%s", dec2str(gid))); -@@ -45,6 +47,7 @@ void restrict_access_set_env(const char - void restrict_access_by_env(int disallow_root) - { - const char *env; -+ int allow_zero_gid; - gid_t gid; - uid_t uid; - -@@ -97,8 +100,14 @@ void restrict_access_by_env(int disallow - i_fatal("We couldn't drop root privileges"); - } - -- if ((gid != 0 && uid != 0) || disallow_root) { -+ /* allow users with zero group id permission for BSD */ -+ env = getenv("ALLOW_ZERO_GID"); -+ allow_zero_gid = env == NULL ? FALSE : TRUE; -+ -+ if (allow_zero_gid == FALSE && -+ ((gid != 0 && uid != 0) || disallow_root)) { - if (getgid() == 0 || getegid() == 0 || setgid(0) == 0) - i_fatal("We couldn't drop root group privileges"); - } -+ - } -Index: src/lib/restrict-access.h -=================================================================== -RCS file: /home/cvs/dovecot/src/lib/restrict-access.h,v -retrieving revision 1.4 -diff -u -3 -p -r1.4 restrict-access.h ---- src/lib/restrict-access.h 4 Mar 2003 04:00:13 -0000 1.4 -+++ src/lib/restrict-access.h 15 Apr 2003 17:37:26 -0000 -@@ -4,7 +4,7 @@ - /* set environment variables so they can be read with - restrict_access_by_env() */ - void restrict_access_set_env(const char *user, uid_t uid, gid_t gid, -- const char *chroot_dir); -+ const char *chroot_dir, int allow_zg); - - /* chroot, setuid() and setgid() based on environment variables. - If disallow_roots is TRUE, we'll kill ourself if we didn't have the -Index: src/master/auth-process.c -=================================================================== -RCS file: /home/cvs/dovecot/src/master/auth-process.c,v -retrieving revision 1.41 -diff -u -3 -p -r1.41 auth-process.c ---- src/master/auth-process.c 2 Apr 2003 02:09:41 -0000 1.41 -+++ src/master/auth-process.c 15 Apr 2003 17:37:27 -0000 -@@ -307,7 +307,7 @@ static pid_t create_auth_process(struct - - /* setup access environment */ - restrict_access_set_env(group->set->user, pwd->pw_uid, pwd->pw_gid, -- group->set->chroot); -+ group->set->chroot, set->allow_zero_gid); - - /* set other environment */ - env_put(t_strconcat("AUTH_PROCESS=", dec2str(getpid()), NULL)); -Index: src/master/login-process.c -=================================================================== -RCS file: /home/cvs/dovecot/src/master/login-process.c,v -retrieving revision 1.40 -diff -u -3 -p -r1.40 login-process.c ---- src/master/login-process.c 15 Apr 2003 16:58:48 -0000 1.40 -+++ src/master/login-process.c 15 Apr 2003 17:37:27 -0000 -@@ -384,7 +384,8 @@ static void login_process_init_env(struc - clean_child_process() since it clears environment */ - restrict_access_set_env(group->set->user, - group->set->uid, set->login_gid, -- set->login_chroot ? set->login_dir : NULL); -+ set->login_chroot ? set->login_dir : NULL, -+ FALSE); - - env_put("DOVECOT_MASTER=1"); - -Index: src/master/mail-process.c -=================================================================== -RCS file: /home/cvs/dovecot/src/master/mail-process.c,v -retrieving revision 1.13 -diff -u -3 -p -r1.13 mail-process.c ---- src/master/mail-process.c 15 Apr 2003 16:58:48 -0000 1.13 -+++ src/master/mail-process.c 15 Apr 2003 17:37:28 -0000 -@@ -25,7 +25,7 @@ static int validate_uid_gid(uid_t uid, g - return FALSE; - } - -- if (uid != 0 && gid == 0) { -+ if (set->allow_zero_gid == FALSE && uid != 0 && gid == 0) { - i_error("mail process isn't allowed to be in group 0"); - return FALSE; - } -@@ -38,8 +38,9 @@ static int validate_uid_gid(uid_t uid, g - return FALSE; - } - -- if (gid < (gid_t)set->first_valid_gid || -- (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid)) { -+ if (set->allow_zero_gid == FALSE && -+ (gid < (gid_t)set->first_valid_gid || -+ (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid))) { - i_error("mail process isn't allowed to use " - "GID %s (UID is %s)", dec2str(gid), dec2str(uid)); - return FALSE; -@@ -150,7 +151,8 @@ int create_mail_process(int socket, stru - (paranoia about filling up environment without noticing) */ - restrict_access_set_env(data + reply->system_user_idx, - reply->uid, reply->gid, -- reply->chroot ? data + reply->home_idx : NULL); -+ reply->chroot ? data + reply->home_idx : NULL, -+ set->allow_zero_gid); - - restrict_process_size(process_size, (unsigned int)-1); - -Index: src/master/master-settings.c -=================================================================== -RCS file: /home/cvs/dovecot/src/master/master-settings.c,v -retrieving revision 1.16 -diff -u -3 -p -r1.16 master-settings.c ---- src/master/master-settings.c 2 Apr 2003 02:09:41 -0000 1.16 -+++ src/master/master-settings.c 15 Apr 2003 17:37:28 -0000 -@@ -46,6 +46,7 @@ static struct setting_def setting_defs[] - DEF(SET_INT, max_mail_processes), - DEF(SET_BOOL, verbose_proctitle), - -+ DEF(SET_BOOL, allow_zero_gid), - DEF(SET_INT, first_valid_uid), - DEF(SET_INT, last_valid_uid), - DEF(SET_INT, first_valid_gid), -@@ -153,6 +154,7 @@ struct settings default_settings = { - MEMBER(max_mail_processes) 1024, - MEMBER(verbose_proctitle) FALSE, - -+ MEMBER(allow_zero_gid) FALSE, - MEMBER(first_valid_uid) 500, - MEMBER(last_valid_uid) 0, - MEMBER(first_valid_gid) 1, -Index: src/master/master-settings.h -=================================================================== -RCS file: /home/cvs/dovecot/src/master/master-settings.h,v -retrieving revision 1.10 -diff -u -3 -p -r1.10 master-settings.h ---- src/master/master-settings.h 2 Apr 2003 02:09:41 -0000 1.10 -+++ src/master/master-settings.h 15 Apr 2003 17:37:29 -0000 -@@ -32,6 +32,7 @@ struct settings { - unsigned int max_mail_processes; - int verbose_proctitle; - -+ int allow_zero_gid; - unsigned int first_valid_uid, last_valid_uid; - unsigned int first_valid_gid, last_valid_gid; - diff --git a/mail/dovecot-devel/files/patch-dovecot-example.conf b/mail/dovecot-devel/files/patch-dovecot-example.conf deleted file mode 100644 index 21bd705f7319..000000000000 --- a/mail/dovecot-devel/files/patch-dovecot-example.conf +++ /dev/null @@ -1,193 +0,0 @@ ---- dovecot-example.conf.orig Fri Apr 4 13:17:25 2003 -+++ dovecot-example.conf Sat Apr 19 14:11:40 2003 -@@ -7,11 +7,11 @@ - # --with-ssldir=/etc/ssl - - # Base directory where to store runtime data. --#base_dir = /var/run/dovecot/ -+base_dir = /var/dovecot/ - - # Protocols we want to be serving: - # imap imaps pop3 pop3s --#protocols = imap imaps -+protocols = imap pop3 - - # IP or host address where to listen in for connections. It's not currently - # possible to specify multiple addresses. "*" listens in all IPv4 interfaces. -@@ -27,18 +27,18 @@ - #pop3s_listen = - - # Disable SSL/TLS support. --#ssl_disable = no -+ssl_disable = yes - - # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before - # dropping root privileges, so keep the key file unreadable by anyone but - # root. Included doc/mkcert.sh can be used to easily generate self-signed - # certificate, just make sure to update the domains in dovecot-openssl.cnf --#ssl_cert_file = /etc/ssl/certs/dovecot.pem --#ssl_key_file = /etc/ssl/private/dovecot.pem -+ssl_cert_file = %%SSLDIR%%/certs/imapd.pem -+ssl_key_file = %%SSLDIR%%/private/imapd.pem - - # SSL parameter file. Master process generates this file for login processes. - # It contains Diffie Hellman and RSA parameters. --#ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat -+ssl_parameters_file = %%SSLDIR%%/parameters.dat - - # How often to regenerate the SSL parameters file. Generation is quite CPU - # intensive operation. The value is in hours, 0 disables regeneration -@@ -67,11 +67,11 @@ - # Directory where authentication process places authentication UNIX sockets - # which login needs to be able to connect to. The sockets are created when - # running as root, so you don't have to worry about permissions. --#login_dir = /var/run/dovecot/login -+login_dir = /var/dovecot/login - - # chroot login process to the login_dir. Only reason not to do this is if you - # wish to run the whole Dovecot without roots. --#login_chroot = yes -+login_chroot = yes - - - ## -@@ -81,12 +81,12 @@ - login = imap - - # Executable location. --#login_executable = /usr/libexec/dovecot/imap-login -+login_executable = %%PREFIX%%/libexec/dovecot/imap-login - - # User to use for the login process. The user must belong to a group where - # only it has access, it's used to control access for authentication process - # named sockets. --#login_user = dovecot -+login_user = dovecot - - # Set max. process size in megabytes. If you don't use - # login_process_per_connection you might need to grow this. -@@ -100,7 +100,7 @@ - - # Number of login processes to create. If login_process_per_user is - # yes, this is the number of extra processes waiting for users to log in. --#login_processes_count = 3 -+login_processes_count = 1 - - # Maximum number of extra login processes to create. The extra process count - # usually stays at login_processes_count, but when multiple users start logging -@@ -126,7 +126,7 @@ - login = pop3 - - # Exception to above rule being the executable location. --#login_executable = /usr/libexec/dovecot/pop3-login -+login_executable = %%PREFIX%%/libexec/dovecot/pop3-login - - ## - ## Mail processes -@@ -139,10 +139,10 @@ - # Show more verbose process titles (in ps). Currently shows user name and - # IP address. Useful for seeing who are actually using the IMAP processes - # (eg. shared mailboxes or if same uid is used for multiple accounts). --#verbose_proctitle = no -+verbose_proctitle = yes - - # Show protocol level SSL errors. --#verbose_ssl = no -+verbose_ssl = yes - - # Valid UID/GID ranges for users, defaults to 500 and above. This is mostly - # to make sure that users can't log in as daemons or other system users. -@@ -160,7 +160,7 @@ - # WARNING: Never add directories here which local users can modify, that - # may lead to root exploit. Usually this should be done only if you don't - # allow shell access for users. See doc/configuration.txt for more information. --#valid_chroot_dirs = -+valid_chroot_dirs = /var/mail - - # Default MAIL environment to use when it's not set. By leaving this empty - # dovecot tries to do some automatic detection as described in -@@ -179,7 +179,7 @@ - # mbox:~/mail/:INBOX=/var/mail/%u - # mbox:/var/mail/%d/%n/:INDEX=/var/indexes/%d/%n - # --#default_mail_env = -+default_mail_env = mbox:/var/mail/%u - - # Space-separated list of fields to cache for all mails. Currently these - # fields are allowed followed by a list of commands they speed up: -@@ -224,7 +224,7 @@ - # arrives in half a hour, Dovecot closes the connection. This is still - # fine, except Outlook doesn't connect back so you don't see if new mail - # arrives. --#client_workarounds = -+client_workarounds = oe6-fetch-no-newmail outlook-idle - - # Dovecot can notify client of new mail in selected mailbox soon after it's - # received. This setting specifies the minimum interval in seconds between -@@ -249,7 +249,7 @@ - # Save mails with CR+LF instead of plain LF. This makes sending those mails - # take less CPU, especially with sendfile() syscall with Linux and FreeBSD. - # But it also creates a bit more disk I/O which may just make it slower. --#mail_save_crlf = no -+mail_save_crlf = yes - - # Use mmap() instead of read() to read mail files. read() seems to be a bit - # faster with my Linux/x86 and it's better with NFS, so that's the default. -@@ -261,7 +261,7 @@ - # know any MUA which would modify mail files directly. IMAP protocol also - # requires that the mails don't change, so it would be problematic in any case. - # If you care about performance, enable it. --#maildir_copy_with_hardlinks = no -+maildir_copy_with_hardlinks = yes - - # Check if mails' content has been changed by external programs. This slows - # down things as extra stat() needs to be called for each file. If changes are -@@ -280,7 +280,7 @@ - # with is important to avoid deadlocks if other MTAs/MUAs are using both fcntl - # and flock. Some operating systems don't allow using both of them - # simultaneously, eg. BSDs. If dotlock is used, it's always created first. --#mbox_locks = dotlock fcntl -+mbox_locks = fcntl - - # Should we create dotlock file even when we want only a read-lock? Setting - # this to yes hurts the performance when the mailbox is accessed simultaneously -@@ -310,7 +310,7 @@ - ## - - # Executable location --#imap_executable = /usr/libexec/dovecot/imap -+imap_executable = %%PREFIX%%/libexec/dovecot/imap - - # Set max. process size in megabytes. Most of the memory goes to mmap()ing - # files, so it shouldn't harm much even if this limit is set pretty high. -@@ -321,7 +321,7 @@ - ## - - # Executable location --#pop3_executable = /usr/libexec/dovecot/pop3 -+pop3_executable = %%PREFIX%%/libexec/dovecot/pop3 - - # Set max. process size in megabytes. Most of the memory goes to mmap()ing - # files, so it shouldn't harm much even if this limit is set pretty high. -@@ -374,10 +374,10 @@ - # vpopmail: vpopmail authentication - # ldap <config path>: LDAP, see doc/dovecot-ldap.conf - # pgsql <config path>: a PostgreSQL database, see doc/dovecot-pgsql.conf --auth_passdb = pam -+auth_passdb = passwd - - # Executable location --#auth_executable = /usr/libexec/dovecot/dovecot-auth -+auth_executable = %%PREFIX%%/libexec/dovecot/dovecot-auth - - # Set max. process size in megabytes. - #auth_process_size = 256 -@@ -402,7 +402,7 @@ - - # More verbose logging. Useful for figuring out why authentication isn't - # working. --#auth_verbose = no -+auth_verbose = yes - - # digest-md5 authentication process. It requires special MD5 passwords which - # /etc/shadow and PAM doesn't support, so we never need roots to handle it. diff --git a/mail/dovecot-devel/files/patch-mkcert.sh b/mail/dovecot-devel/files/patch-mkcert.sh deleted file mode 100644 index 1874649612a2..000000000000 --- a/mail/dovecot-devel/files/patch-mkcert.sh +++ /dev/null @@ -1,11 +0,0 @@ ---- doc/mkcert.sh Tue Apr 15 14:28:24 2003 -+++ mkcert.sh.new Tue Apr 15 14:28:52 2003 -@@ -4,7 +4,7 @@ - # Edit dovecot-openssl.cnf before running this. - - OPENSSL=${OPENSSL-openssl} --SSLDIR=${SSLDIR-/etc/ssl} -+SSLDIR=${SSLDIR-%%SSLDIR%%} - OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf} - - CERTFILE=$SSLDIR/certs/imapd.pem |