a3d59b
diff -ruN mailman-2.1.12-a/configure.in mailman-2.1.12-b/configure.in
a3d59b
--- mailman-2.1.12-a/configure.in	2009-02-23 22:23:35.000000000 +0100
a3d59b
+++ mailman-2.1.12-b/configure.in	2009-07-28 12:19:47.000000000 +0200
a3d59b
@@ -249,26 +249,101 @@
a3d59b
 fi
a3d59b
 
a3d59b
 # new macro for finding group names
a3d59b
-AC_DEFUN([MM_FIND_GROUP_NAME], [
a3d59b
+# returns a comma separated list of quoted group names
a3d59b
+# the list is returned in the same order as specified with any duplicates removed
a3d59b
+# the filter flag must be "yes" or "no", e.g. this is permcheck
a3d59b
+#         "no"  ==> none existing groups are not filtered out
a3d59b
+#         "yes" ==> only those groups that are in the group database are included
a3d59b
+#                   in the list
a3d59b
+AC_DEFUN(MM_FIND_GROUP_LIST, [
a3d59b
 # $1 == variable name
a3d59b
-# $2 == user id to check for
a3d59b
+# $2 == white space separated list of groups to check,
a3d59b
+#       list may contain mix of id's and names
a3d59b
+# $3 == filter, if == 'yes' then remove any non-existing groups
a3d59b
 AC_SUBST($1)
a3d59b
 changequote(,)
a3d59b
 if test -z "$$1"
a3d59b
 then
a3d59b
     cat > conftest.py <
a3d59b
 import grp
a3d59b
-gid = ''
a3d59b
+group_names = []
a3d59b
+seen = {}
a3d59b
+filter = "$3"
a3d59b
+
a3d59b
 for group in "$2".split():
a3d59b
     try:
a3d59b
+        gid = int(group)
a3d59b
+        try:
a3d59b
+            gname = grp.getgrgid(gid)[0]
a3d59b
+        except KeyError:
a3d59b
+            gname = ''
a3d59b
+    except ValueError:
a3d59b
         try:
a3d59b
-            gname = grp.getgrgid(int(group))[0]
a3d59b
-            break
a3d59b
-        except ValueError:
a3d59b
             gname = grp.getgrnam(group)[0]
a3d59b
+        except KeyError:
a3d59b
+            if filter == "yes":
a3d59b
+                gname = ''
a3d59b
+            else:
a3d59b
+                gname = group
a3d59b
+    if gname:
a3d59b
+        if gname not in seen:
a3d59b
+            seen[gname] = 1
a3d59b
+            group_names.append(gname)
a3d59b
+
a3d59b
+if group_names:
a3d59b
+    val = '"' + '", "'.join(group_names) + '"'
a3d59b
+    #val = "'"+val+"'"
a3d59b
+else:
a3d59b
+    val = ''
a3d59b
+
a3d59b
+fp = open("conftest.out", "w")
a3d59b
+fp.write("%s\n" % val)
a3d59b
+fp.close()
a3d59b
+EOF
a3d59b
+    $PYTHON conftest.py
a3d59b
+    $1=`cat conftest.out`
a3d59b
+fi
a3d59b
+changequote([, ])
a3d59b
+rm -f conftest.out conftest.py])
a3d59b
+
a3d59b
+
a3d59b
+# new macro for finding group names
a3d59b
+AC_DEFUN(MM_FIND_GROUP_NAME, [
a3d59b
+# Given a list of tokens, either a name or a number (gid)
a3d59b
+# return the first one in the list that is found in the 
a3d59b
+# group database. The return value is always a name, possibly
a3d59b
+# translated from a gid. If permcheck is "no" then the group
a3d59b
+# database is not checked, instead the first token in the list
a3d59b
+# which is a name is returned (e.g. the default value). If permcheck
a3d59b
+# is no and only gid's are in the list then the null string is returned.
a3d59b
+# $1 == variable name
a3d59b
+# $2 == group id to check for
a3d59b
+# $3 == permcheck, either "yes" or "no"
a3d59b
+AC_SUBST($1)
a3d59b
+changequote(,)
a3d59b
+if test -z "$$1"
a3d59b
+then
a3d59b
+    cat > conftest.py <
a3d59b
+import grp
a3d59b
+gname=''
a3d59b
+if "$3" == "yes":
a3d59b
+    for group in "$2".split():
a3d59b
+        try:
a3d59b
+            try:
a3d59b
+                gname = grp.getgrgid(int(group))[0]
a3d59b
+                break
a3d59b
+            except ValueError:
a3d59b
+                gname = grp.getgrnam(group)[0]
a3d59b
+                break
a3d59b
+        except KeyError:
a3d59b
+            gname = ''
a3d59b
+else:
a3d59b
+    for group in "$2".split():
a3d59b
+        try:
a3d59b
+            int(group)
a3d59b
+        except ValueError:
a3d59b
+            gname = group
a3d59b
             break
a3d59b
-    except KeyError:
a3d59b
-        gname = ''
a3d59b
 fp = open("conftest.out", "w")
a3d59b
 fp.write("%s\n" % gname)
a3d59b
 fp.close()
a3d59b
@@ -282,25 +357,41 @@
a3d59b
 
a3d59b
 # new macro for finding UIDs
a3d59b
 AC_DEFUN([MM_FIND_USER_NAME], [
a3d59b
+# Given a list of tokens, either a name or a number (uid)
a3d59b
+# return the first one in the list that is found in the 
a3d59b
+# password database. The return value is always a name, possibly
a3d59b
+# translated from a uid. If permcheck is "no" then the password
a3d59b
+# database is not checked, instead the first token in the list
a3d59b
+# which is a name is returned (e.g. the default value). If permcheck
a3d59b
+# is no and only uid's are in the list then the null string is returned.
a3d59b
 # $1 == variable name
a3d59b
 # $2 == user id to check for
a3d59b
+# $3 == permcheck, either "yes" or "no"
a3d59b
 AC_SUBST($1)
a3d59b
 changequote(,)
a3d59b
 if test -z "$$1"
a3d59b
 then
a3d59b
     cat > conftest.py <
a3d59b
 import pwd
a3d59b
-uid = ''
a3d59b
-for user in "$2".split():
a3d59b
-    try:
a3d59b
+uname=''
a3d59b
+if "$3" == "yes":
a3d59b
+    for user in "$2".split():
a3d59b
         try:
a3d59b
-            uname = pwd.getpwuid(int(user))[0]
a3d59b
-            break
a3d59b
+            try:
a3d59b
+                uname = pwd.getpwuid(int(user))[0]
a3d59b
+                break
a3d59b
+            except ValueError:
a3d59b
+                uname = pwd.getpwnam(user)[0]
a3d59b
+                break
a3d59b
+        except KeyError:
a3d59b
+            uname = ''
a3d59b
+else:
a3d59b
+    for user in "$2".split():
a3d59b
+        try:
a3d59b
+            int(user)
a3d59b
         except ValueError:
a3d59b
-            uname = pwd.getpwnam(user)[0]
a3d59b
+            uname = user
a3d59b
             break
a3d59b
-    except KeyError:
a3d59b
-        uname = ''
a3d59b
 fp = open("conftest.out", "w")
a3d59b
 fp.write("%s\n" % uname)
a3d59b
 fp.close()
a3d59b
@@ -326,7 +417,7 @@
a3d59b
 # User `mailman' must exist
a3d59b
 AC_SUBST(MAILMAN_USER)
a3d59b
 AC_MSG_CHECKING(for user name \"$USERNAME\")
a3d59b
-MM_FIND_USER_NAME(MAILMAN_USER, $USERNAME)
a3d59b
+MM_FIND_USER_NAME(MAILMAN_USER, $USERNAME, $with_permcheck)
a3d59b
 if test -z "$MAILMAN_USER"
a3d59b
 then
a3d59b
   if test "$with_permcheck" = "yes"
a3d59b
@@ -357,7 +448,7 @@
a3d59b
 # Target group must exist
a3d59b
 AC_SUBST(MAILMAN_GROUP)
a3d59b
 AC_MSG_CHECKING(for group name \"$GROUPNAME\")
a3d59b
-MM_FIND_GROUP_NAME(MAILMAN_GROUP, $GROUPNAME)
a3d59b
+MM_FIND_GROUP_NAME(MAILMAN_GROUP, $GROUPNAME, $with_permcheck)
a3d59b
 if test -z "$MAILMAN_GROUP"
a3d59b
 then
a3d59b
   if test "$with_permcheck" = "yes"
a3d59b
@@ -380,11 +471,11 @@
a3d59b
 prefix = "$prefixcheck"
a3d59b
 groupname = "$GROUPNAME"
a3d59b
 mailmangroup = "$MAILMAN_GROUP"
a3d59b
-try:
a3d59b
-    mailmangid = grp.getgrnam(mailmangroup)[2]
a3d59b
-except KeyError:
a3d59b
-    mailmangid = -1
a3d59b
 problems = []
a3d59b
+try: mailmangid = grp.getgrnam(mailmangroup)[2]
a3d59b
+except KeyError:
a3d59b
+    problems.append("group doesn't exist: " + mailmangroup)
a3d59b
+    mailmangid = 41
a3d59b
 try: statdata = os.stat(prefix)
a3d59b
 except OSError:
a3d59b
     problems.append("Directory doesn't exist: " + prefix)
a3d59b
@@ -434,7 +525,7 @@
a3d59b
 then
a3d59b
     with_mail_gid="mailman other mail daemon"
a3d59b
 fi
a3d59b
-MM_FIND_GROUP_NAME(MAIL_GROUP, $with_mail_gid)
a3d59b
+MM_FIND_GROUP_LIST(MAIL_GROUP, $with_mail_gid, $with_permcheck)
a3d59b
 if test -z "$MAIL_GROUP"
a3d59b
 then
a3d59b
   if test "$with_permcheck" = "yes"
a3d59b
@@ -461,7 +552,7 @@
a3d59b
     with_cgi_gid="www www-data nobody"
a3d59b
 fi
a3d59b
 
a3d59b
-MM_FIND_GROUP_NAME(CGI_GROUP, $with_cgi_gid)
a3d59b
+MM_FIND_GROUP_LIST(CGI_GROUP, $with_cgi_gid, $with_permcheck)
a3d59b
 if test -z "$CGI_GROUP"
a3d59b
 then
a3d59b
   if test "$with_permcheck" = "yes"
a3d59b
diff -ruN mailman-2.1.12-a/src/cgi-wrapper.c mailman-2.1.12-b/src/cgi-wrapper.c
a3d59b
--- mailman-2.1.12-a/src/cgi-wrapper.c	2009-02-23 22:23:35.000000000 +0100
a3d59b
+++ mailman-2.1.12-b/src/cgi-wrapper.c	2009-07-28 12:19:47.000000000 +0200
a3d59b
@@ -28,11 +28,11 @@
a3d59b
 /* Group name that CGI scripts run as.  See your web server's documentation
a3d59b
  * for details.
a3d59b
  */
a3d59b
-#define LEGAL_PARENT_GROUP CGI_GROUP
a3d59b
+#define LEGAL_PARENT_GROUPS CGI_GROUP
a3d59b
 
a3d59b
 const char* logident = LOG_IDENT;
a3d59b
 char* script = SCRIPTNAME;
a3d59b
-const char* parentgroup = LEGAL_PARENT_GROUP;
a3d59b
+const char* parentgroups[] = {LEGAL_PARENT_GROUPS};
a3d59b
 
a3d59b
 
a3d59b
 int
a3d59b
@@ -42,7 +42,7 @@
a3d59b
         char* fake_argv[3];
a3d59b
 
a3d59b
         running_as_cgi = 1;
a3d59b
-        check_caller(logident, parentgroup);
a3d59b
+	check_caller(logident, parentgroups, sizeof(parentgroups) / sizeof(parentgroups[0]));
a3d59b
 
a3d59b
         /* For these CGI programs, we can ignore argc and argv since they
a3d59b
          * don't contain anything useful.  `script' will always be the driver
a3d59b
diff -ruN mailman-2.1.12-a/src/common.c mailman-2.1.12-b/src/common.c
a3d59b
--- mailman-2.1.12-a/src/common.c	2009-02-23 22:23:35.000000000 +0100
a3d59b
+++ mailman-2.1.12-b/src/common.c	2009-07-28 12:19:47.000000000 +0200
a3d59b
@@ -117,13 +117,14 @@
a3d59b
 /* Is the parent process allowed to call us?
a3d59b
  */
a3d59b
 void
a3d59b
-check_caller(const char* ident, const char* parentgroup)
a3d59b
+check_caller(const char* ident, const char** parentgroups, size_t numgroups)
a3d59b
 {
a3d59b
         GID_T mygid = getgid();
a3d59b
         struct group *mygroup = getgrgid(mygid);
a3d59b
         char* option;
a3d59b
         char* server;
a3d59b
         char* wrapper;
a3d59b
+	int i;
a3d59b
 
a3d59b
         if (running_as_cgi) {
a3d59b
                 option = "--with-cgi-gid";
a3d59b
@@ -136,28 +137,46 @@
a3d59b
                 wrapper = "mail";
a3d59b
         }
a3d59b
 
a3d59b
-        if (!mygroup)
a3d59b
-                fatal(ident, GROUP_NAME_NOT_FOUND,
a3d59b
-                      "Failure to find group name for GID %d.  Mailman\n"
a3d59b
-                      "expected the %s wrapper to be executed as group\n"
a3d59b
-                      "\"%s\", but the system's %s server executed the\n"
a3d59b
-                      "wrapper as GID %d for which the name could not be\n"
a3d59b
-                      "found.  Try adding GID %d to your system as \"%s\",\n"
a3d59b
-                      "or tweak your %s server to run the wrapper as group\n"
a3d59b
-                      "\"%s\".",
a3d59b
-                      mygid, wrapper, parentgroup, server, mygid, mygid,
a3d59b
-                      parentgroup, server, parentgroup);
a3d59b
+  	if (!mygroup)
a3d59b
+		fatal(ident, GROUP_ID_NOT_FOUND,
a3d59b
+		      "Failure to lookup via getgrgid() the group info for group id %d that this Mailman %s wrapper is executing under.\n"
a3d59b
+		      "This is probably due to an incorrectly configured system and is not a Mailman problem",
a3d59b
+		      mygid, wrapper);
a3d59b
+
a3d59b
+	for (i = 0; i < numgroups; i++) {
a3d59b
+		if (strcmp(parentgroups[i], mygroup->gr_name) == 0) break;
a3d59b
+	}
a3d59b
+
a3d59b
+        if (i >= numgroups) {
a3d59b
+		char *groupset = NULL;
a3d59b
+		size_t size = 0;
a3d59b
+
a3d59b
+		for (i = 0; i < numgroups; i++) {
a3d59b
+			size += strlen(parentgroups[i]) + 2;
a3d59b
+		}
a3d59b
+
a3d59b
+		groupset = malloc(size);
a3d59b
+
a3d59b
+		if (groupset) {
a3d59b
+			groupset[0] = 0;
a3d59b
+			for (i = 0; i < numgroups; i++) {
a3d59b
+				strcat(groupset, parentgroups[i]);
a3d59b
+				if (i < numgroups-1) strcat(groupset, ", ");
a3d59b
+			}
a3d59b
+		}
a3d59b
 
a3d59b
-        if (strcmp(parentgroup, mygroup->gr_name))
a3d59b
                 fatal(ident, GROUP_MISMATCH,
a3d59b
-                      "Group mismatch error.  Mailman expected the %s\n"
a3d59b
-                      "wrapper script to be executed as group \"%s\", but\n"
a3d59b
-                      "the system's %s server executed the %s script as\n"
a3d59b
-                      "group \"%s\".  Try tweaking the %s server to run the\n"
a3d59b
-                      "script as group \"%s\", or re-run configure, \n"
a3d59b
-                      "providing the command line option `%s=%s'.",
a3d59b
-                      wrapper, parentgroup, server, wrapper, mygroup->gr_name,
a3d59b
-                      server, parentgroup, option, mygroup->gr_name);
a3d59b
+		      "Group mismatch error. Mailman expected the %s wrapper script to be\n"
a3d59b
+		      "executed as one of the following groups:\n"
a3d59b
+		      "[%s],\n"
a3d59b
+		      "but the system's %s server executed the %s script as group: \"%s\".\n"
a3d59b
+		      "Try tweaking the %s server to run the script as one of these groups:\n"
a3d59b
+		      "[%s],\n"
a3d59b
+		      "or re-run configure providing the command line option:\n"
a3d59b
+		      "'%s=%s'.",
a3d59b
+		      wrapper, groupset, server, wrapper, mygroup->gr_name,
a3d59b
+		      server, groupset, option, mygroup->gr_name);
a3d59b
+	}
a3d59b
 }
a3d59b
 
a3d59b
 
a3d59b
diff -ruN mailman-2.1.12-a/src/common.h mailman-2.1.12-b/src/common.h
a3d59b
--- mailman-2.1.12-a/src/common.h	2009-02-23 22:23:35.000000000 +0100
a3d59b
+++ mailman-2.1.12-b/src/common.h	2009-07-28 12:19:47.000000000 +0200
a3d59b
@@ -33,7 +33,7 @@
a3d59b
 #define GID_T GETGROUPS_T
a3d59b
 
a3d59b
 extern void fatal(const char*, int, char*, ...);
a3d59b
-extern void check_caller(const char*, const char*);
a3d59b
+extern void check_caller(const char* ident, const char**, size_t);
a3d59b
 extern int run_script(const char*, int, char**, char**);
a3d59b
 
a3d59b
 /* Global variable used as a flag. */
a3d59b
@@ -51,7 +51,7 @@
a3d59b
 #define MAIL_USAGE_ERROR 5
a3d59b
 #define MAIL_ILLEGAL_COMMAND 6
a3d59b
 #define ADDALIAS_USAGE_ERROR 7
a3d59b
-#define GROUP_NAME_NOT_FOUND 8
a3d59b
+#define GROUP_ID_NOT_FOUND 8
a3d59b
 
a3d59b
 
a3d59b
 /*
a3d59b
diff -ruN mailman-2.1.12-a/src/mail-wrapper.c mailman-2.1.12-b/src/mail-wrapper.c
a3d59b
--- mailman-2.1.12-a/src/mail-wrapper.c	2009-02-23 22:23:35.000000000 +0100
a3d59b
+++ mailman-2.1.12-b/src/mail-wrapper.c	2009-07-28 12:19:47.000000000 +0200
a3d59b
@@ -23,9 +23,9 @@
a3d59b
 /* Group name that your mail programs run as.  See your mail server's
a3d59b
  * documentation for details.
a3d59b
  */
a3d59b
-#define LEGAL_PARENT_GROUP MAIL_GROUP
a3d59b
+#define LEGAL_PARENT_GROUPS MAIL_GROUP
a3d59b
 
a3d59b
-const char* parentgroup = LEGAL_PARENT_GROUP;
a3d59b
+const char* parentgroups[] = {LEGAL_PARENT_GROUPS};
a3d59b
 const char* logident = "Mailman mail-wrapper";
a3d59b
 
a3d59b
 
a3d59b
@@ -74,7 +74,7 @@
a3d59b
                 fatal(logident, MAIL_ILLEGAL_COMMAND,
a3d59b
                       "Illegal command: %s", argv[1]);
a3d59b
 
a3d59b
-        check_caller(logident, parentgroup);
a3d59b
+        check_caller(logident, parentgroups, sizeof(parentgroups) / sizeof(parentgroups[0]));
a3d59b
 
a3d59b
         /* If we got here, everything must be OK */
a3d59b
         status = run_script(argv[1], argc, argv, env);
a3d59b
diff -ruN mailman-2.1.12-a/src/Makefile.in mailman-2.1.12-b/src/Makefile.in
a3d59b
--- mailman-2.1.12-a/src/Makefile.in	2009-02-23 22:23:35.000000000 +0100
a3d59b
+++ mailman-2.1.12-b/src/Makefile.in	2009-07-28 12:19:47.000000000 +0200
a3d59b
@@ -49,9 +49,9 @@
a3d59b
 
a3d59b
 SHELL=		/bin/sh
a3d59b
 
a3d59b
-MAIL_FLAGS=	-DMAIL_GROUP="\"$(MAIL_GROUP)\""
a3d59b
+MAIL_FLAGS=	-DMAIL_GROUP='$(MAIL_GROUP)'
a3d59b
 
a3d59b
-CGI_FLAGS=	-DCGI_GROUP="\"$(CGI_GROUP)\""
a3d59b
+CGI_FLAGS=	-DCGI_GROUP='$(CGI_GROUP)'
a3d59b
 
a3d59b
 HELPFUL=	-DHELPFUL
a3d59b