[dovecot-cvs] dovecot/src/deliver auth-client.c, 1.1.2.1,
1.1.2.2 auth-client.h, 1.1.2.1, 1.1.2.2 deliver.c, 1.20.2.1,
1.20.2.2
cras at dovecot.org
cras at dovecot.org
Sun Jun 11 14:37:41 EEST 2006
Update of /var/lib/cvs/dovecot/src/deliver
In directory talvi:/tmp/cvs-serv10012
Modified Files:
Tag: branch_1_0
auth-client.c auth-client.h deliver.c
Log Message:
Don't try to change uid/gid to the same one it already is.
Index: auth-client.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/deliver/Attic/auth-client.c,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -d -r1.1.2.1 -r1.1.2.2
--- auth-client.c 11 Jun 2006 11:10:55 -0000 1.1.2.1
+++ auth-client.c 11 Jun 2006 11:37:38 -0000 1.1.2.2
@@ -9,6 +9,7 @@
#include "restrict-access.h"
#include "auth-client.h"
+#include <stdlib.h>
#include <unistd.h>
#include <sysexits.h>
@@ -24,6 +25,7 @@
struct ostream *output;
struct ioloop *ioloop;
+ uid_t euid;
unsigned int handshaked:1;
};
@@ -40,18 +42,24 @@
i_free(conn);
}
-static void auth_parse_input(const char *args)
+static void auth_parse_input(struct auth_connection *conn, const char *args)
{
const char *const *tmp, *key, *value;
int home_found = FALSE;
for (tmp = t_strsplit(args, "\t"); *tmp != NULL; tmp++) {
if (strncmp(*tmp, "uid=", 4) == 0) {
- env_put(t_strconcat("RESTRICT_SETUID=",
- *tmp + 4, NULL));
+ if (conn->euid != strtoul(*tmp + 3, NULL, 10)) {
+ env_put(t_strconcat("RESTRICT_SETUID=",
+ *tmp + 4, NULL));
+ }
} else if (strncmp(*tmp, "gid=", 4) == 0) {
- env_put(t_strconcat("RESTRICT_SETGID=",
- *tmp + 4, NULL));
+ gid_t gid = strtoul(*tmp + 4, NULL, 10);
+
+ if (conn->euid == 0 || getegid() != gid) {
+ env_put(t_strconcat("RESTRICT_SETGID=",
+ *tmp + 4, NULL));
+ }
} else if (strncmp(*tmp, "chroot=", 7) == 0) {
env_put(t_strconcat("RESTRICT_CHROOT=",
*tmp + 7, NULL));
@@ -115,7 +123,7 @@
line = i_stream_next_line(conn->input);
if (line != NULL) {
if (strncmp(line, "USER\t1\t", 7) == 0) {
- auth_parse_input(line + 7);
+ auth_parse_input(conn, line + 7);
} else if (strcmp(line, "NOTFOUND\t1") == 0)
return_value = EX_NOUSER;
else if (strncmp(line, "FAIL\t1\t", 7) == 0)
@@ -150,14 +158,16 @@
}
int auth_client_put_user_env(struct ioloop *ioloop, const char *auth_socket,
- const char *user)
+ const char *user, uid_t euid)
{
struct auth_connection *conn;
conn = auth_connection_new(auth_socket);
if (conn == NULL)
return EX_TEMPFAIL;
+
conn->ioloop = ioloop;
+ conn->euid = euid;
o_stream_send_str(conn->output,
t_strconcat("VERSION\t1\t0\n"
Index: auth-client.h
===================================================================
RCS file: /var/lib/cvs/dovecot/src/deliver/Attic/auth-client.h,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -d -r1.1.2.1 -r1.1.2.2
--- auth-client.h 11 Jun 2006 11:10:55 -0000 1.1.2.1
+++ auth-client.h 11 Jun 2006 11:37:38 -0000 1.1.2.2
@@ -2,6 +2,6 @@
#define __AUTH_CLIENT_H
int auth_client_put_user_env(struct ioloop *ioloop, const char *auth_socket,
- const char *user);
+ const char *user, uid_t euid);
#endif
Index: deliver.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/deliver/deliver.c,v
retrieving revision 1.20.2.1
retrieving revision 1.20.2.2
diff -u -d -r1.20.2.1 -r1.20.2.2
--- deliver.c 11 Jun 2006 11:10:55 -0000 1.20.2.1
+++ deliver.c 11 Jun 2006 11:37:38 -0000 1.20.2.2
@@ -354,6 +354,7 @@
struct istream *input;
struct mailbox_transaction_context *t;
struct mail *mail;
+ uid_t process_euid;
int i, ret;
lib_init();
@@ -409,18 +410,20 @@
"Unknown argument: %s", argv[1]);
}
}
+
+ process_euid = geteuid();
if (destination != NULL)
user = destination;
- else if (geteuid() != 0) {
+ else if (process_euid != 0) {
/* we're non-root. get our username. */
struct passwd *pw;
- pw = getpwuid(geteuid());
+ pw = getpwuid(process_euid);
if (pw != NULL)
user = t_strdup(pw->pw_name);
else {
i_fatal("Couldn't lookup our username (uid=%s)",
- dec2str(geteuid()));
+ dec2str(process_euid));
}
} else {
i_fatal_status(EX_USAGE,
@@ -436,7 +439,7 @@
auth_socket = DEFAULT_AUTH_SOCKET_PATH;
ret = auth_client_put_user_env(ioloop, auth_socket,
- destination);
+ destination, process_euid);
if (ret != 0)
return ret;
More information about the dovecot-cvs
mailing list