[dovecot-cvs] dovecot/src/master mail-process.c, 1.96.2.5, 1.96.2.6 master-settings.c, 1.125.2.9, 1.125.2.10

Sun Aug 6 23:37:16 EEST 2006

Update of /var/lib/cvs/dovecot/src/master
In directory talvi:/tmp/cvs-serv4254

Modified Files:
      Tag: branch_1_0
	mail-process.c master-settings.c 
Log Message:
Run imap dump-capability process only after all the settings have been
verified to be correct. Added checks against trying
mail_drop_priv_before_exec=yes and chrooting, since we can't exec the imap
process if that's done. Fixed NFS check with chrooting.



Index: mail-process.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/mail-process.c,v
retrieving revision 1.96.2.5
retrieving revision 1.96.2.6
diff -u -d -r1.96.2.5 -r1.96.2.6

--- mail-process.c	1 Jul 2006 17:44:45 -0000	1.96.2.5
+++ mail-process.c	6 Aug 2006 20:37:14 -0000	1.96.2.6
@@ -347,7 +347,8 @@
 	i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m", executable);
 }
 
-static void nfs_warn_if_found(const char *mail, const char *home)
+static void nfs_warn_if_found(const char *mail, const char *chroot,
+			      const char *home)
 {
 	struct mountpoint point;
 	const char *path;
@@ -372,6 +373,8 @@
 			}
 		}
 		path = t_strcut(path, ':');
+		if (*chroot != '\0')
+			path = t_strconcat(chroot, "/", path, NULL);
 	}
 
 	if (mountpoint_get(path, pool_datastack_create(), &point) <= 0)
@@ -456,11 +459,19 @@
 	if (*chroot_dir == '\0' && *set->mail_chroot != '\0')
 		chroot_dir = set->mail_chroot;
 
-	if (*chroot_dir != '\0' && !validate_chroot(set, chroot_dir)) {
-		i_error("Invalid chroot directory '%s' (user %s) "
-			"(see valid_chroot_dirs in config file)",
-			chroot_dir, user);
-		return FALSE;
+	if (*chroot_dir != '\0') {
+		if (!validate_chroot(set, chroot_dir)) {
+			i_error("Invalid chroot directory '%s' (user %s) "
+				"(see valid_chroot_dirs in config file)",
+				chroot_dir, user);
+			return FALSE;
+		}
+		if (set->mail_drop_priv_before_exec) {
+			i_error("Can't chroot to directory '%s' (user %s) "
+				"with mail_drop_priv_before_exec=yes",
+				chroot_dir, user);
+			return FALSE;
+		}
 	}
 
 	if (!dump_capability)
@@ -608,7 +619,7 @@
 	if (nfs_check) {
 		if (*chroot_dir != '\0')
 			home_dir = t_strconcat(chroot_dir, "/", home_dir, NULL);
-		nfs_warn_if_found(getenv("MAIL"), home_dir);
+		nfs_warn_if_found(getenv("MAIL"), chroot_dir, home_dir);
 	}
 
 	env_put("LOGGED_IN=1");

Index: master-settings.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/master-settings.c,v
retrieving revision 1.125.2.9
retrieving revision 1.125.2.10
diff -u -d -r1.125.2.9 -r1.125.2.10
--- master-settings.c	6 Aug 2006 20:05:25 -0000	1.125.2.9
+++ master-settings.c	6 Aug 2006 20:37:14 -0000	1.125.2.10
@@ -657,6 +657,7 @@
 				"killed with signal %d", WTERMSIG(status));
 		} else {
 			i_error("imap dump-capability process returned %d",
+				WIFEXITED(status) ? WEXITSTATUS(status) :
 				status);
 		}
 		return FALSE;
@@ -702,26 +703,6 @@
 		return FALSE;
 	}
 
-#ifdef HAVE_MODULES
-	if (*set->mail_plugins != '\0' &&
-	    access(set->mail_plugin_dir, R_OK | X_OK) < 0) {
-		i_error("Can't access mail module directory: %s: %m",
-			set->mail_plugin_dir);
-		return FALSE;
-	}
-	if (*set->mail_plugins != '\0' && set->protocol == MAIL_PROTOCOL_IMAP &&
-	    *set->imap_capability == '\0') {
-		if (!get_imap_capability(set))
-			return FALSE;
-	}
-#else
-	if (*set->mail_plugins != '\0') {
-		i_error("Module support wasn't built into Dovecot, "
-			"can't load modules: %s", set->mail_plugins);
-		return FALSE;
-	}
-#endif
-
 	if (*set->log_path != '\0' && access(set->log_path, W_OK) < 0) {
 		dir = get_directory(set->log_path);
 		if (access(dir, W_OK) < 0) {
@@ -835,6 +816,11 @@
 		i_error("first_valid_gid can't be larger than last_valid_gid");
 		return FALSE;
 	}
+	if (set->mail_drop_priv_before_exec && *set->mail_chroot != '\0') {
+		i_error("mail_drop_priv_before_exec=yes and mail_chroot "
+			"don't work together");
+		return FALSE;
+	}
 
 	if (access(t_strcut(set->login_executable, ' '), X_OK) < 0) {
 		i_error("Can't use login executable %s: %m",
@@ -851,6 +837,25 @@
 		return FALSE;
 	}
 
+#ifdef HAVE_MODULES
+	if (*set->mail_plugins != '\0' &&
+	    access(set->mail_plugin_dir, R_OK | X_OK) < 0) {
+		i_error("Can't access mail module directory: %s: %m",
+			set->mail_plugin_dir);
+		return FALSE;
+	}
+	if (*set->mail_plugins != '\0' && set->protocol == MAIL_PROTOCOL_IMAP &&
+	    *set->imap_capability == '\0') {
+		if (!get_imap_capability(set))
+			return FALSE;
+	}
+#else
+	if (*set->mail_plugins != '\0') {
+		i_error("Module support wasn't built into Dovecot, "
+			"can't load modules: %s", set->mail_plugins);
+		return FALSE;
+	}
+#endif
 	return TRUE;
 }
 

