[dovecot-cvs] dovecot/src/deliver auth-client.c, 1.1.2.1, 1.1.2.2 auth-client.h, 1.1.2.1, 1.1.2.2 deliver.c, 1.20.2.1, 1.20.2.2

cras at dovecot.org cras at dovecot.org
Sun Jun 11 14:37:41 EEST 2006


Update of /var/lib/cvs/dovecot/src/deliver
In directory talvi:/tmp/cvs-serv10012

Modified Files:
      Tag: branch_1_0
	auth-client.c auth-client.h deliver.c 
Log Message:
Don't try to change uid/gid to the same one it already is.



Index: auth-client.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/deliver/Attic/auth-client.c,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -d -r1.1.2.1 -r1.1.2.2
--- auth-client.c	11 Jun 2006 11:10:55 -0000	1.1.2.1
+++ auth-client.c	11 Jun 2006 11:37:38 -0000	1.1.2.2
@@ -9,6 +9,7 @@
 #include "restrict-access.h"
 #include "auth-client.h"
 
+#include <stdlib.h>
 #include <unistd.h>
 #include <sysexits.h>
 
@@ -24,6 +25,7 @@
 	struct ostream *output;
 
 	struct ioloop *ioloop;
+	uid_t euid;
 
 	unsigned int handshaked:1;
 };
@@ -40,18 +42,24 @@
 	i_free(conn);
 }
 
-static void auth_parse_input(const char *args)
+static void auth_parse_input(struct auth_connection *conn, const char *args)
 {
 	const char *const *tmp, *key, *value;
 	int home_found = FALSE;
 
 	for (tmp = t_strsplit(args, "\t"); *tmp != NULL; tmp++) {
 		if (strncmp(*tmp, "uid=", 4) == 0) {
-			env_put(t_strconcat("RESTRICT_SETUID=",
-					    *tmp + 4, NULL));
+			if (conn->euid != strtoul(*tmp + 3, NULL, 10)) {
+				env_put(t_strconcat("RESTRICT_SETUID=",
+						    *tmp + 4, NULL));
+			}
 		} else if (strncmp(*tmp, "gid=", 4) == 0) {
-			env_put(t_strconcat("RESTRICT_SETGID=",
-					    *tmp + 4, NULL));
+			gid_t gid = strtoul(*tmp + 4, NULL, 10);
+
+			if (conn->euid == 0 || getegid() != gid) {
+				env_put(t_strconcat("RESTRICT_SETGID=",
+						    *tmp + 4, NULL));
+			}
 		} else if (strncmp(*tmp, "chroot=", 7) == 0) {
 			env_put(t_strconcat("RESTRICT_CHROOT=",
 					    *tmp + 7, NULL));
@@ -115,7 +123,7 @@
 	line = i_stream_next_line(conn->input);
 	if (line != NULL) {
 		if (strncmp(line, "USER\t1\t", 7) == 0) {
-			auth_parse_input(line + 7);
+			auth_parse_input(conn, line + 7);
 		} else if (strcmp(line, "NOTFOUND\t1") == 0)
 			return_value = EX_NOUSER;
 		else if (strncmp(line, "FAIL\t1\t", 7) == 0)
@@ -150,14 +158,16 @@
 }
 
 int auth_client_put_user_env(struct ioloop *ioloop, const char *auth_socket,
-			     const char *user)
+			     const char *user, uid_t euid)
 {
         struct auth_connection *conn;
 
 	conn = auth_connection_new(auth_socket);
 	if (conn == NULL)
 		return EX_TEMPFAIL;
+
 	conn->ioloop = ioloop;
+	conn->euid = euid;
 
 	o_stream_send_str(conn->output,
 			  t_strconcat("VERSION\t1\t0\n"

Index: auth-client.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/deliver/Attic/auth-client.h,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -d -r1.1.2.1 -r1.1.2.2
--- auth-client.h	11 Jun 2006 11:10:55 -0000	1.1.2.1
+++ auth-client.h	11 Jun 2006 11:37:38 -0000	1.1.2.2
@@ -2,6 +2,6 @@
 #define __AUTH_CLIENT_H
 
 int auth_client_put_user_env(struct ioloop *ioloop, const char *auth_socket,
-			     const char *user);
+			     const char *user, uid_t euid);
 
 #endif

Index: deliver.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/deliver/deliver.c,v
retrieving revision 1.20.2.1
retrieving revision 1.20.2.2
diff -u -d -r1.20.2.1 -r1.20.2.2
--- deliver.c	11 Jun 2006 11:10:55 -0000	1.20.2.1
+++ deliver.c	11 Jun 2006 11:37:38 -0000	1.20.2.2
@@ -354,6 +354,7 @@
 	struct istream *input;
 	struct mailbox_transaction_context *t;
 	struct mail *mail;
+	uid_t process_euid;
 	int i, ret;
 
 	lib_init();
@@ -409,18 +410,20 @@
 				       "Unknown argument: %s", argv[1]);
 		}
 	}
+
+	process_euid = geteuid();
 	if (destination != NULL)
 		user = destination;
-	else if (geteuid() != 0) {
+	else if (process_euid != 0) {
 		/* we're non-root. get our username. */
 		struct passwd *pw;
 
-		pw = getpwuid(geteuid());
+		pw = getpwuid(process_euid);
 		if (pw != NULL)
 			user = t_strdup(pw->pw_name);
 		else {
 			i_fatal("Couldn't lookup our username (uid=%s)",
-				dec2str(geteuid()));
+				dec2str(process_euid));
 		}
 	} else {
 		i_fatal_status(EX_USAGE,
@@ -436,7 +439,7 @@
 			auth_socket = DEFAULT_AUTH_SOCKET_PATH;
 
 		ret = auth_client_put_user_env(ioloop, auth_socket,
-					       destination);
+					       destination, process_euid);
 		if (ret != 0)
 			return ret;
 



More information about the dovecot-cvs mailing list