[dovecot-cvs] dovecot/src/master auth-process.c,1.45,1.46 login-process.c,1.45,1.46 mail-process.c,1.21,1.22

Mon May 26 19:26:31 EEST 2003

Update of /home/cvs/dovecot/src/master
In directory danu:/tmp/cvs-serv10925/src/master

Modified Files:
	auth-process.c login-process.c mail-process.c 
Log Message:
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
gid range.



Index: auth-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/auth-process.c,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -d -r1.45 -r1.46

--- auth-process.c	23 May 2003 14:40:50 -0000	1.45
+++ auth-process.c	26 May 2003 15:26:29 -0000	1.46
@@ -309,7 +309,7 @@
 
 	/* setup access environment */
 	restrict_access_set_env(group->set->user, pwd->pw_uid, pwd->pw_gid,
-				group->set->chroot);
+				group->set->chroot, 0, 0);
 
 	/* set other environment */
 	env_put(t_strconcat("AUTH_PROCESS=", dec2str(getpid()), NULL));

Index: login-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/login-process.c,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -d -r1.45 -r1.46
--- login-process.c	23 May 2003 14:40:50 -0000	1.45
+++ login-process.c	26 May 2003 15:26:29 -0000	1.46
@@ -390,7 +390,8 @@
 	   clean_child_process() since it clears environment */
 	restrict_access_set_env(group->set->user,
 				group->set->uid, set->login_gid,
-				set->login_chroot ? set->login_dir : NULL);
+				set->login_chroot ? set->login_dir : NULL,
+				0, 0);
 
 	env_put("DOVECOT_MASTER=1");
 

Index: mail-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/mail-process.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- mail-process.c	18 May 2003 16:37:05 -0000	1.21
+++ mail-process.c	26 May 2003 15:26:29 -0000	1.22
@@ -25,11 +25,6 @@
 		return FALSE;
 	}
 
-	if (uid != 0 && gid == 0) {
-		i_error("mail process isn't allowed to be in group 0");
-		return FALSE;
-	}
-
 	if (uid < (uid_t)set->first_valid_uid ||
 	    (set->last_valid_uid != 0 && uid > (uid_t)set->last_valid_uid)) {
 		i_error("mail process isn't allowed to use UID %s "
@@ -40,8 +35,9 @@
 
 	if (gid < (gid_t)set->first_valid_gid ||
 	    (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid)) {
-		i_error("mail process isn't allowed to use "
-			"GID %s (UID is %s)", dec2str(gid), dec2str(uid));
+		i_error("mail process isn't allowed to use primary group ID %s "
+			"with UID %s (see first_valid_gid in config file).",
+			dec2str(gid), dec2str(uid));
 		return FALSE;
 	}
 
@@ -154,7 +150,8 @@
 	/* setup environment - set the most important environment first
 	   (paranoia about filling up environment without noticing) */
 	restrict_access_set_env(data + reply->system_user_idx,
-				reply->uid, reply->gid, chroot_dir);
+				reply->uid, reply->gid, chroot_dir,
+				set->first_valid_gid, set->last_valid_gid);
 
 	restrict_process_size(process_size, (unsigned int)-1);
 

