[dovecot-cvs] dovecot/src/master mail-process.c, 1.96.2.5, 1.96.2.6 master-settings.c, 1.125.2.9, 1.125.2.10
cras at dovecot.org
cras at dovecot.org
Sun Aug 6 23:37:16 EEST 2006
Update of /var/lib/cvs/dovecot/src/master
In directory talvi:/tmp/cvs-serv4254
Modified Files:
Tag: branch_1_0
mail-process.c master-settings.c
Log Message:
Run imap dump-capability process only after all the settings have been
verified to be correct. Added checks against trying
mail_drop_priv_before_exec=yes and chrooting, since we can't exec the imap
process if that's done. Fixed NFS check with chrooting.
Index: mail-process.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/mail-process.c,v
retrieving revision 1.96.2.5
retrieving revision 1.96.2.6
diff -u -d -r1.96.2.5 -r1.96.2.6
--- mail-process.c 1 Jul 2006 17:44:45 -0000 1.96.2.5
+++ mail-process.c 6 Aug 2006 20:37:14 -0000 1.96.2.6
@@ -347,7 +347,8 @@
i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m", executable);
}
-static void nfs_warn_if_found(const char *mail, const char *home)
+static void nfs_warn_if_found(const char *mail, const char *chroot,
+ const char *home)
{
struct mountpoint point;
const char *path;
@@ -372,6 +373,8 @@
}
}
path = t_strcut(path, ':');
+ if (*chroot != '\0')
+ path = t_strconcat(chroot, "/", path, NULL);
}
if (mountpoint_get(path, pool_datastack_create(), &point) <= 0)
@@ -456,11 +459,19 @@
if (*chroot_dir == '\0' && *set->mail_chroot != '\0')
chroot_dir = set->mail_chroot;
- if (*chroot_dir != '\0' && !validate_chroot(set, chroot_dir)) {
- i_error("Invalid chroot directory '%s' (user %s) "
- "(see valid_chroot_dirs in config file)",
- chroot_dir, user);
- return FALSE;
+ if (*chroot_dir != '\0') {
+ if (!validate_chroot(set, chroot_dir)) {
+ i_error("Invalid chroot directory '%s' (user %s) "
+ "(see valid_chroot_dirs in config file)",
+ chroot_dir, user);
+ return FALSE;
+ }
+ if (set->mail_drop_priv_before_exec) {
+ i_error("Can't chroot to directory '%s' (user %s) "
+ "with mail_drop_priv_before_exec=yes",
+ chroot_dir, user);
+ return FALSE;
+ }
}
if (!dump_capability)
@@ -608,7 +619,7 @@
if (nfs_check) {
if (*chroot_dir != '\0')
home_dir = t_strconcat(chroot_dir, "/", home_dir, NULL);
- nfs_warn_if_found(getenv("MAIL"), home_dir);
+ nfs_warn_if_found(getenv("MAIL"), chroot_dir, home_dir);
}
env_put("LOGGED_IN=1");
Index: master-settings.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/master-settings.c,v
retrieving revision 1.125.2.9
retrieving revision 1.125.2.10
diff -u -d -r1.125.2.9 -r1.125.2.10
--- master-settings.c 6 Aug 2006 20:05:25 -0000 1.125.2.9
+++ master-settings.c 6 Aug 2006 20:37:14 -0000 1.125.2.10
@@ -657,6 +657,7 @@
"killed with signal %d", WTERMSIG(status));
} else {
i_error("imap dump-capability process returned %d",
+ WIFEXITED(status) ? WEXITSTATUS(status) :
status);
}
return FALSE;
@@ -702,26 +703,6 @@
return FALSE;
}
-#ifdef HAVE_MODULES
- if (*set->mail_plugins != '\0' &&
- access(set->mail_plugin_dir, R_OK | X_OK) < 0) {
- i_error("Can't access mail module directory: %s: %m",
- set->mail_plugin_dir);
- return FALSE;
- }
- if (*set->mail_plugins != '\0' && set->protocol == MAIL_PROTOCOL_IMAP &&
- *set->imap_capability == '\0') {
- if (!get_imap_capability(set))
- return FALSE;
- }
-#else
- if (*set->mail_plugins != '\0') {
- i_error("Module support wasn't built into Dovecot, "
- "can't load modules: %s", set->mail_plugins);
- return FALSE;
- }
-#endif
-
if (*set->log_path != '\0' && access(set->log_path, W_OK) < 0) {
dir = get_directory(set->log_path);
if (access(dir, W_OK) < 0) {
@@ -835,6 +816,11 @@
i_error("first_valid_gid can't be larger than last_valid_gid");
return FALSE;
}
+ if (set->mail_drop_priv_before_exec && *set->mail_chroot != '\0') {
+ i_error("mail_drop_priv_before_exec=yes and mail_chroot "
+ "don't work together");
+ return FALSE;
+ }
if (access(t_strcut(set->login_executable, ' '), X_OK) < 0) {
i_error("Can't use login executable %s: %m",
@@ -851,6 +837,25 @@
return FALSE;
}
+#ifdef HAVE_MODULES
+ if (*set->mail_plugins != '\0' &&
+ access(set->mail_plugin_dir, R_OK | X_OK) < 0) {
+ i_error("Can't access mail module directory: %s: %m",
+ set->mail_plugin_dir);
+ return FALSE;
+ }
+ if (*set->mail_plugins != '\0' && set->protocol == MAIL_PROTOCOL_IMAP &&
+ *set->imap_capability == '\0') {
+ if (!get_imap_capability(set))
+ return FALSE;
+ }
+#else
+ if (*set->mail_plugins != '\0') {
+ i_error("Module support wasn't built into Dovecot, "
+ "can't load modules: %s", set->mail_plugins);
+ return FALSE;
+ }
+#endif
return TRUE;
}
More information about the dovecot-cvs
mailing list