dovecot: Reverted "environment array" changes. It broke overridi...
dovecot at dovecot.org
dovecot at dovecot.org
Sat Jan 5 01:28:50 EET 2008
details: http://hg.dovecot.org/dovecot/rev/e6823d781317
changeset: 7109:e6823d781317
user: Timo Sirainen <tss at iki.fi>
date: Sat Jan 05 01:28:46 2008 +0200
description:
Reverted "environment array" changes. It broke overriding imap/pop3 settings
from userdb and the performance improvements weren't all that great anyway.
diffstat:
19 files changed, 328 insertions(+), 424 deletions(-)
src/auth/main.c | 2
src/deliver/auth-client.c | 2
src/dict/main.c | 2
src/imap/main.c | 2
src/lib/env-util.c | 23 ---
src/lib/env-util.h | 8 -
src/lib/restrict-access.c | 130 ++++++------------
src/lib/restrict-access.h | 9 -
src/login-common/main.c | 2
src/master/auth-process.c | 146 ++++++++++-----------
src/master/child-process.c | 23 +--
src/master/child-process.h | 5
src/master/dict-process.c | 13 -
src/master/login-process.c | 113 ++++++++--------
src/master/mail-process.c | 261 ++++++++++++++++++--------------------
src/master/ssl-init.c | 5
src/plugins/expire/auth-client.c | 2
src/pop3/main.c | 2
src/util/rawlog.c | 2
diffs (truncated from 1443 to 300 lines):
diff -r fe74d0999e3a -r e6823d781317 src/auth/main.c
--- a/src/auth/main.c Fri Jan 04 04:38:03 2008 +0200
+++ b/src/auth/main.c Sat Jan 05 01:28:46 2008 +0200
@@ -209,7 +209,7 @@ static void drop_privileges(void)
add_extra_listeners();
/* Password lookups etc. may require roots, allow it. */
- restrict_access_by_env(NULL, FALSE);
+ restrict_access_by_env(FALSE);
}
static void main_init(bool nodaemon)
diff -r fe74d0999e3a -r e6823d781317 src/deliver/auth-client.c
--- a/src/deliver/auth-client.c Fri Jan 04 04:38:03 2008 +0200
+++ b/src/deliver/auth-client.c Sat Jan 05 01:28:46 2008 +0200
@@ -173,7 +173,7 @@ static void auth_parse_input(struct auth
extra_groups, NULL));
}
- restrict_access_by_env(NULL, TRUE);
+ restrict_access_by_env(TRUE);
return_value = EX_OK;
}
diff -r fe74d0999e3a -r e6823d781317 src/dict/main.c
--- a/src/dict/main.c Fri Jan 04 04:38:03 2008 +0200
+++ b/src/dict/main.c Sat Jan 05 01:28:46 2008 +0200
@@ -51,7 +51,7 @@ static void drop_privileges(void)
sql_drivers_init();
sql_drivers_register_all();
- restrict_access_by_env(NULL, FALSE);
+ restrict_access_by_env(FALSE);
}
static void main_init(void)
diff -r fe74d0999e3a -r e6823d781317 src/imap/main.c
--- a/src/imap/main.c Fri Jan 04 04:38:03 2008 +0200
+++ b/src/imap/main.c Sat Jan 05 01:28:46 2008 +0200
@@ -157,7 +157,7 @@ static void drop_privileges(void)
TRUE, version);
}
- restrict_access_by_env(NULL, !IS_STANDALONE());
+ restrict_access_by_env(!IS_STANDALONE());
}
static void main_init(void)
diff -r fe74d0999e3a -r e6823d781317 src/lib/env-util.c
--- a/src/lib/env-util.c Fri Jan 04 04:38:03 2008 +0200
+++ b/src/lib/env-util.c Sat Jan 05 01:28:46 2008 +0200
@@ -1,7 +1,6 @@
/* Copyright (c) 2002-2008 Dovecot authors, see the included COPYING file */
#include "lib.h"
-#include "array.h"
#include "env-util.h"
#include <stdlib.h>
@@ -27,25 +26,3 @@ void env_clean(void)
if (pool != NULL)
pool_unref(&pool);
}
-
-void envarr_add(ARRAY_TYPE(const_string) *arr,
- const char *key, const char *value)
-{
- const char *str = t_strconcat(key, "=", value, NULL);
-
- array_append(arr, &str, 1);
-}
-
-void envarr_addi(ARRAY_TYPE(const_string) *arr, const char *key,
- unsigned int value)
-{
- char str[MAX_INT_STRLEN];
-
- i_snprintf(str, sizeof(str), "%u", value);
- envarr_add(arr, key, str);
-}
-
-void envarr_addb(ARRAY_TYPE(const_string) *arr, const char *key)
-{
- envarr_add(arr, key, "1");
-}
diff -r fe74d0999e3a -r e6823d781317 src/lib/env-util.h
--- a/src/lib/env-util.h Fri Jan 04 04:38:03 2008 +0200
+++ b/src/lib/env-util.h Sat Jan 05 01:28:46 2008 +0200
@@ -7,12 +7,4 @@ void env_put(const char *env);
/* Clear all environment variables. */
void env_clean(void);
-/* Append a string containing key=value to the array */
-void envarr_add(ARRAY_TYPE(const_string) *arr,
- const char *key, const char *value);
-void envarr_addi(ARRAY_TYPE(const_string) *arr, const char *key,
- unsigned int value);
-/* Append a string containing key=1 to the array */
-void envarr_addb(ARRAY_TYPE(const_string) *arr, const char *key);
-
#endif
diff -r fe74d0999e3a -r e6823d781317 src/lib/restrict-access.c
--- a/src/lib/restrict-access.c Fri Jan 04 04:38:03 2008 +0200
+++ b/src/lib/restrict-access.c Sat Jan 05 01:28:46 2008 +0200
@@ -1,7 +1,6 @@
/* Copyright (c) 2002-2008 Dovecot authors, see the included COPYING file */
#include "lib.h"
-#include "array.h"
#include "restrict-access.h"
#include "env-util.h"
@@ -10,54 +9,31 @@
#include <time.h>
#include <grp.h>
-enum restrict_env {
- RESTRICT_ENV_USER,
- RESTRICT_ENV_CHROOT,
- RESTRICT_ENV_SETUID,
- RESTRICT_ENV_SETGID,
- RESTRICT_ENV_SETEXTRAGROUPS,
- RESTRICT_ENV_GID_FIRST,
- RESTRICT_ENV_GID_LAST,
-
- RESTRICT_ENV_COUNT
-};
-
-static const char *restrict_env_strings[RESTRICT_ENV_COUNT] = {
- "RESTRICT_USER",
- "RESTRICT_CHROOT",
- "RESTRICT_SETUID",
- "RESTRICT_SETGID",
- "RESTRICT_SETEXTRAGROUPS",
- "RESTRICT_GID_FIRST",
- "RESTRICT_GID_LAST"
-};
-
-static void renv_add(ARRAY_TYPE(const_string) *env, enum restrict_env key,
- const char *value)
-{
- envarr_add(env, restrict_env_strings[key], value);
-}
-
-void restrict_access_set_env(ARRAY_TYPE(const_string) *env,
- const char *user, uid_t uid, gid_t gid,
+void restrict_access_set_env(const char *user, uid_t uid, gid_t gid,
const char *chroot_dir,
gid_t first_valid_gid, gid_t last_valid_gid,
const char *extra_groups)
{
if (user != NULL && *user != '\0')
- renv_add(env, RESTRICT_ENV_USER, user);
+ env_put(t_strconcat("RESTRICT_USER=", user, NULL));
if (chroot_dir != NULL && *chroot_dir != '\0')
- renv_add(env, RESTRICT_ENV_CHROOT, chroot_dir);
-
- renv_add(env, RESTRICT_ENV_SETUID, dec2str(uid));
- renv_add(env, RESTRICT_ENV_SETGID, dec2str(gid));
- if (extra_groups != NULL && *extra_groups != '\0')
- renv_add(env, RESTRICT_ENV_SETEXTRAGROUPS, extra_groups);
-
- if (first_valid_gid != 0)
- renv_add(env, RESTRICT_ENV_GID_FIRST, dec2str(first_valid_gid));
- if (last_valid_gid != 0)
- renv_add(env, RESTRICT_ENV_GID_LAST, dec2str(last_valid_gid));
+ env_put(t_strconcat("RESTRICT_CHROOT=", chroot_dir, NULL));
+
+ env_put(t_strdup_printf("RESTRICT_SETUID=%s", dec2str(uid)));
+ env_put(t_strdup_printf("RESTRICT_SETGID=%s", dec2str(gid)));
+ if (extra_groups != NULL && *extra_groups != '\0') {
+ env_put(t_strconcat("RESTRICT_SETEXTRAGROUPS=",
+ extra_groups, NULL));
+ }
+
+ if (first_valid_gid != 0) {
+ env_put(t_strdup_printf("RESTRICT_GID_FIRST=%s",
+ dec2str(first_valid_gid)));
+ }
+ if (last_valid_gid != 0) {
+ env_put(t_strdup_printf("RESTRICT_GID_LAST=%s",
+ dec2str(last_valid_gid)));
+ }
}
static gid_t *get_groups_list(unsigned int *gid_count_r)
@@ -77,8 +53,7 @@ static gid_t *get_groups_list(unsigned i
return gid_list;
}
-static bool drop_restricted_groups(const char *const *env_values,
- gid_t *gid_list, unsigned int *gid_count,
+static bool drop_restricted_groups(gid_t *gid_list, unsigned int *gid_count,
bool *have_root_group)
{
/* @UNSAFE */
@@ -86,9 +61,9 @@ static bool drop_restricted_groups(const
const char *env;
unsigned int i, used;
- env = env_values[RESTRICT_ENV_GID_FIRST];
+ env = getenv("RESTRICT_GID_FIRST");
first_valid = env == NULL ? 0 : (gid_t)strtoul(env, NULL, 10);
- env = env_values[RESTRICT_ENV_GID_LAST];
+ env = getenv("RESTRICT_GID_LAST");
last_valid = env == NULL ? (gid_t)-1 : (gid_t)strtoul(env, NULL, 10);
for (i = 0, used = 0; i < *gid_count; i++) {
@@ -118,20 +93,19 @@ static gid_t get_group_id(const char *na
return group->gr_gid;
}
-static void fix_groups_list(const char *const *env_values, gid_t egid,
+static void fix_groups_list(const char *extra_groups, gid_t egid,
bool preserve_existing, bool *have_root_group)
{
gid_t *gid_list;
- const char *const *tmp, *extra_groups, *empty = NULL;
+ const char *const *tmp, *empty = NULL;
unsigned int gid_count;
- extra_groups = env_values[RESTRICT_ENV_SETEXTRAGROUPS];
tmp = extra_groups == NULL ? &empty :
t_strsplit_spaces(extra_groups, ", ");
if (preserve_existing) {
gid_list = get_groups_list(&gid_count);
- if (!drop_restricted_groups(env_values, gid_list, &gid_count,
+ if (!drop_restricted_groups(gid_list, &gid_count,
have_root_group) &&
*tmp == NULL) {
/* nothing dropped, no extra groups to grant. */
@@ -161,40 +135,17 @@ static void fix_groups_list(const char *
}
}
-void restrict_access_by_env(ARRAY_TYPE(const_string) *envarr,
- bool disallow_root)
-{
- const char *env_values[RESTRICT_ENV_COUNT], *const *envs, *env;
- const char *home = NULL;
- unsigned int i, j, count, len;
+void restrict_access_by_env(bool disallow_root)
+{
+ const char *env;
gid_t gid;
uid_t uid;
bool is_root, have_root_group, preserve_groups = FALSE;
- if (envarr == NULL) {
- /* use environment */
- for (i = 0; i < RESTRICT_ENV_COUNT; i++)
- env_values[i] = getenv(restrict_env_strings[i]);
- home = getenv("HOME");
- } else {
- envs = array_get(envarr, &count);
- memset(env_values, 0, sizeof(env_values));
- for (i = 0; i < count; i++) {
- for (j = 0; j < RESTRICT_ENV_COUNT; j++) {
- len = strlen(restrict_env_strings[j]);
- if (strncmp(envs[i], restrict_env_strings[j],
- len) == 0 &&
- envs[i][len] == '=')
- env_values[j] = envs[i] + len + 1;
- }
- if (strncmp(envs[i], "HOME=", 5) == 0)
- home = envs[i] + 5;
- }
- }
is_root = geteuid() == 0;
/* set the primary group */
- env = env_values[RESTRICT_ENV_SETGID];
+ env = getenv("RESTRICT_SETGID");
gid = env == NULL || *env == '\0' ? (gid_t)-1 :
(gid_t)strtoul(env, NULL, 10);
have_root_group = gid == 0;
@@ -207,7 +158,7 @@ void restrict_access_by_env(ARRAY_TYPE(c
}
/* set system user's groups */
- env = env_values[RESTRICT_ENV_USER];
+ env = getenv("RESTRICT_USER");
if (env != NULL && *env != '\0' && is_root) {
if (initgroups(env, gid) < 0) {
i_fatal("initgroups(%s, %s) failed: %m",
@@ -218,18 +169,20 @@ void restrict_access_by_env(ARRAY_TYPE(c
/* add extra groups. if we set system user's groups, drop the
restricted groups at the same time. */
+ env = getenv("RESTRICT_SETEXTRAGROUPS");
if (is_root) {
T_FRAME(
- fix_groups_list(env_values, gid, preserve_groups,
+ fix_groups_list(env, gid, preserve_groups,
&have_root_group);
);
}
/* chrooting */
More information about the dovecot-cvs
mailing list