Provide an egd socket for openssl

1. We always chroot to jaildir now; so message-copy-directory must be a subdirectory, and the jail must have o+x permissions and have var/run inside. 2. We no longer need the tlsproxy/messagecopy chrootModes. The code works, but the layout fails aox/servers.cpp checks.
aox · Apr 13, 2010 · 91f4c81 · 91f4c81
1 parent 0e96db2
commit 91f4c81
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 36 deletions.
diff --git a/Jamfile b/Jamfile
@@ -48,6 +48,7 @@ actions together Prepare
 
 
 Prepare $(INSTALLROOT)$(JAILDIR) ;
+Prepare $(INSTALLROOT)$(JAILDIR)/var/run ;
 Prepare $(INSTALLROOT)$(MESSAGEDIR) ;
 Prepare $(INSTALLROOT)$(PIDFILEDIR) ;
 Prepare $(INSTALLROOT)$(CONFIGDIR) ;
@@ -58,7 +59,7 @@ if ( $(LOGFILE:D) != "" && $(LOGFILE:D) != "syslog" ) {
 
 
 # if we make JAILDIR, we should chmod it so noone can read it:
-MODE on $(INSTALLROOT)$(JAILDIR) = 700 ;
+MODE on $(INSTALLROOT)$(JAILDIR) = 701 ;
 Chmod $(INSTALLROOT)$(JAILDIR) ;
 
 # if we make MESSAGEDIR, we should chmod it similarly. AOXUSER needs to

diff --git a/Jamsettings b/Jamsettings
@@ -45,7 +45,7 @@ JAILDIR = $(PREFIX)/jail ;
 
 # This is the default message-copy-directory.
 #
-MESSAGEDIR = $(PREFIX)/messages ;
+MESSAGEDIR = $(JAILDIR)/messages ;
 
 # The directory where the configuration file is located.
 #

diff --git a/archiveopteryx/archiveopteryx.cpp b/archiveopteryx/archiveopteryx.cpp
@@ -19,6 +19,8 @@
 #include "selector.h"
 #include "managesieve.h"
 #include "spoolmanager.h"
+#include "entropy.h"
+#include "egd.h"
 
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -75,8 +77,12 @@ int main( int argc, char *argv[] )
     Server s( "archiveopteryx", argc, argv );
     s.setup( Server::Report );
 
+    bool security( Configuration::toggle( Configuration::Security ) );
+    EString root( Configuration::text( Configuration::JailDir ) );
+
     if ( Configuration::toggle( Configuration::UseSmtp ) ||
-         Configuration::toggle( Configuration::UseLmtp ) ) {
+         Configuration::toggle( Configuration::UseLmtp ) )
+    {
         EString mc( Configuration::text( Configuration::MessageCopy ) );
         EString mcd( Configuration::text( Configuration::MessageCopyDir ) );
         if ( mc == "all" || mc == "errors" || mc == "delivered" ) {
@@ -86,7 +92,9 @@ int main( int argc, char *argv[] )
             else if ( ::stat( mcd.cstr(), &st ) < 0 || !S_ISDIR( st.st_mode ) )
                 log( "Inaccessible message-copy-directory: " + mcd,
                      Log::Disaster );
-            s.setChrootMode( Server::MessageCopyDir );
+            else if ( security && !mcd.startsWith( root ) )
+                log( "message-copy-directory must be under jail directory " +
+                     root, Log::Disaster );
         }
         else if ( mc == "none" ) {
             if ( Configuration::present( Configuration::MessageCopyDir ) )
@@ -156,6 +164,24 @@ int main( int argc, char *argv[] )
         ::log( "allow-plaintext-access is 'never', but use-tls is 'false'",
                Log::Disaster );
 
+    // set up an EGD server for openssl
+    Entropy::setup();
+    EString egd( root );
+    if ( !egd.endsWith( "/" ) )
+        egd.append( "/" );
+    egd.append( "var/run/egd-pool" );
+    (void)new Listener< EntropyProvider >( Endpoint( egd, 0 ), "EGD" );
+    if ( !security ) {
+        struct stat st;
+        if ( stat( "/var/run/edg-pool", &st ) < 0 ) {
+            log( "Security is disabled and /var/run/edg-pool does not exist. "
+                 "Creating it just in case openssl wants to access it." );
+            (void)new Listener< EntropyProvider >(
+                Endpoint( "/var/run/edg-pool", 0 ), "EGD(/)" );
+        }
+    }
+    if ( ::chmod( egd.cstr(), 0666 ) < 0 )
+        log( "Could not grant r/w access to EGD socket", Log::Disaster );
 
     Listener< IMAP >::create(
         "IMAP", Configuration::toggle( Configuration::UseImap ),
@@ -215,7 +241,7 @@ int main( int argc, char *argv[] )
     StartupWatcher * w = new StartupWatcher;
 
     Database::checkSchema( w );
-    if ( Configuration::toggle( Configuration::Security ) )
+    if ( security )
         Database::checkAccess( w );
     EventLoop::global()->setStartup( true );
     Mailbox::setup( w );
@@ -225,7 +251,7 @@ int main( int argc, char *argv[] )
     Flag::setup();
     IMAP::setup();
 
-    if ( !Configuration::toggle( Configuration::Security ) )
+    if ( !security )
         (void)new ConnectionObliterator;
 
     s.run();

diff --git a/installer/installer.cpp b/installer/installer.cpp
@@ -2125,7 +2125,7 @@ void permissions()
                         mcd.cstr() );
 
             if ( chmod( mcd.cstr(), 0700 ) < 0 )
-                fprintf( stderr, "Could not \"chmod 0600 %s\" (-%d).\n",
+                fprintf( stderr, "Could not \"chmod 0700 %s\" (-%d).\n",
                          mcd.cstr(), errno );
 
             if ( chown( mcd.cstr(), p->pw_uid, g->gr_gid ) < 0 )
@@ -2143,12 +2143,12 @@ void permissions()
              !( p && st.st_uid != p->pw_uid ) ) ||
            ( st.st_gid != 0 &&
              !( g && (gid_t)st.st_gid != (gid_t)g->gr_gid ) ) ||
-           ( st.st_mode & S_IRWXO ) != 0 ) )
+           ( st.st_mode & S_IRWXO ) != 1 ) )
     {
         if ( report ) {
             todo++;
             printf( " - Set permissions and ownership on %s.\n\n"
-                    "chmod 0700 %s\n"
+                    "chmod 0701 %s\n"
                     "chown root:root %s\n\n",
                     jd.cstr(), jd.cstr(), jd.cstr() );
         }
@@ -2157,8 +2157,8 @@ void permissions()
                 printf( "Setting ownership and permissions on %s\n",
                         jd.cstr() );
 
-            if ( chmod( jd.cstr(), 0700 ) < 0 )
-                fprintf( stderr, "Could not \"chmod 0600 %s\" (-%d).\n",
+            if ( chmod( jd.cstr(), 0701 ) < 0 )
+                fprintf( stderr, "Could not \"chmod 0701 %s\" (-%d).\n",
                          jd.cstr(), errno );
 
             if ( chown( jd.cstr(), 0, 0 ) < 0 )

diff --git a/server/server.cpp b/server/server.cpp
@@ -525,18 +525,9 @@ void Server::secure()
 
     EString root;
     switch ( d->chrootMode ) {
-    case MessageCopyDir:
-        root = Configuration::text( Configuration::MessageCopyDir );
-        break;
     case JailDir:
         root = Configuration::text( Configuration::JailDir );
         break;
-    case TlsProxyDir:
-        root = Configuration::compiledIn( Configuration::LibDir );
-        if ( !root.endsWith( "/" ) )
-            root.append( "/" );
-        root.append( "tlsproxy" );
-        break;
     case LogDir:
         root = Configuration::text( Configuration::LogFile );
         if ( root == "-" ) {
@@ -598,21 +589,6 @@ void Server::secure()
         exit( 1 );
     }
 
-    if ( d->chrootMode == JailDir ) {
-        // check that the jail directory really is a jail
-        DIR * slash = opendir( "/" ); // checks 'x' access
-        int fd = open( "/does/not/exist", O_RDONLY ); // checks 'r'
-        if ( slash || fd >= 0 || errno != EACCES ) {
-            log( "Cannot secure server " + d->name +
-                 " since jail directory " + root +
-                 " is accessible to user " + user,
-                 Log::Disaster );
-            exit( 1 );
-        }
-        if ( fd >= 0 ) {
-        }
-    }
-
     // one final check...
     if ( geteuid() != pw->pw_uid || getuid() != pw->pw_uid ) {
         log( "Cannot secure server " + d->name +

diff --git a/server/server.h b/server/server.h
@@ -16,7 +16,7 @@ class Server
     Server( const char *, int, char *[] );
 
     enum ChrootMode {
-        JailDir, LogDir, MessageCopyDir, TlsProxyDir
+        JailDir, LogDir
     };
 
     void setChrootMode( ChrootMode );