[dovecot-cvs] dovecot/src/login main.c,1.10,1.11

cras at procontrol.fi cras at procontrol.fi
Wed Dec 18 06:00:03 EET 2002


Update of /home/cvs/dovecot/src/login
In directory danu:/tmp/cvs-serv2284/login

Modified Files:
	main.c 
Log Message:
Drop root privileges earlier. Close syslog more later in imap-master when   
forking new processes, so that any errors get logged. Make sure that all   
errors show up in log files - use specific exit status codes if we can't
write to log file. Make sure imap and login processes always drop root
privileges even if master process didn't ask for it for some reason.
putenv() wasn't verified to succeed - luckily we never allowed large user
given data there.     



Index: main.c
===================================================================
RCS file: /home/cvs/dovecot/src/login/main.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- main.c	3 Dec 2002 00:13:17 -0000	1.10
+++ main.c	18 Dec 2002 04:00:01 -0000	1.11
@@ -115,27 +115,36 @@
 	}
 }
 
-static void main_init(void)
+static void open_logfile(void)
 {
-	const char *logfile, *value;
+	if (getenv("IMAP_USE_SYSLOG") != NULL)
+		i_set_failure_syslog("imap-login", LOG_NDELAY, LOG_MAIL);
+	else {
+		/* log to file or stderr */
+		i_set_failure_file(getenv("IMAP_LOGFILE"), "imap-login");
+		i_set_failure_timestamp_format(getenv("IMAP_LOGSTAMP"));
+	}
+}
 
-	lib_init_signals(sig_quit);
+static void drop_privileges(void)
+{
+	/* Log file or syslog opening probably requires roots */
+	open_logfile();
 
-	logfile = getenv("IMAP_LOGFILE");
-	if (logfile == NULL) {
-		/* open the syslog immediately so chroot() won't
-		   break logging */
-		openlog("imap-login", LOG_NDELAY, LOG_MAIL);
+	/* Initialize SSL proxy so it can read certificate and private
+	   key file. */
+	ssl_proxy_init();
 
-		i_set_panic_handler(i_syslog_panic_handler);
-		i_set_fatal_handler(i_syslog_fatal_handler);
-		i_set_error_handler(i_syslog_error_handler);
-		i_set_warning_handler(i_syslog_warning_handler);
-	} else {
-		/* log failures into specified log file */
-		i_set_failure_file(logfile, "imap-login");
-		i_set_failure_timestamp_format(getenv("IMAP_LOGSTAMP"));
-	}
+	/* Refuse to run as root - we should never need it and it's
+	   dangerous with SSL. */
+	restrict_access_by_env(TRUE);
+}
+
+static void main_init(void)
+{
+	const char *value;
+
+	lib_init_signals(sig_quit);
 
 	disable_plaintext_auth = getenv("DISABLE_PLAINTEXT_AUTH") != NULL;
 	process_per_connection = getenv("PROCESS_PER_CONNECTION") != NULL;
@@ -147,12 +156,6 @@
         closing_down = FALSE;
 	main_refcount = 0;
 
-	/* Initialize SSL proxy before dropping privileges so it can read
-	   the certificate and private key file. */
-	ssl_proxy_init();
-
-	restrict_access_by_env();
-
 	auth_connection_init();
 	master_init();
 	clients_init();
@@ -204,7 +207,9 @@
 	/* NOTE: we start rooted, so keep the code minimal until
 	   restrict_access_by_env() is called */
 	lib_init();
-        process_title_init(argv, envp);
+	drop_privileges();
+
+	process_title_init(argv, envp);
 	ioloop = io_loop_create(system_pool);
 
 	main_init();




More information about the dovecot-cvs mailing list