dovecot-2.0: lib-storage: Give restrict_access() uid/gid source ...
dovecot at dovecot.org
dovecot at dovecot.org
Mon Feb 7 22:37:49 EET 2011
details: http://hg.dovecot.org/dovecot-2.0/rev/888999441619
changeset: 12587:888999441619
user: Timo Sirainen <tss at iki.fi>
date: Mon Feb 07 22:37:45 2011 +0200
description:
lib-storage: Give restrict_access() uid/gid source (userdb or mail_u/gid setting).
diffstat:
src/lib-storage/mail-storage-service.c | 27 +++++++++++++++++----------
1 files changed, 17 insertions(+), 10 deletions(-)
diffs (96 lines):
diff -r cb2c008ae3e8 -r 888999441619 src/lib-storage/mail-storage-service.c
--- a/src/lib-storage/mail-storage-service.c Mon Feb 07 22:37:19 2011 +0200
+++ b/src/lib-storage/mail-storage-service.c Mon Feb 07 22:37:45 2011 +0200
@@ -58,7 +58,7 @@
pool_t pool;
struct mail_storage_service_input input;
- const char *system_groups_user;
+ const char *system_groups_user, *uid_source, *gid_source;
const struct mail_user_settings *user_set;
const struct setting_parser_info *user_info;
struct setting_parser_context *set_parser;
@@ -178,10 +178,13 @@
*error_r = "userdb returned 0 as uid";
return -1;
}
+ user->uid_source = "userdb lookup";
set_keyval(ctx, user, "mail_uid", dec2str(reply->uid));
}
- if (reply->gid != (uid_t)-1)
+ if (reply->gid != (uid_t)-1) {
+ user->gid_source = "userdb lookup";
set_keyval(ctx, user, "mail_gid", dec2str(reply->gid));
+ }
if (home != NULL && chroot == NULL &&
*user->user_set->valid_chroot_dirs != '\0' &&
@@ -299,8 +302,8 @@
}
static int
-service_drop_privileges(const struct mail_user_settings *set,
- const char *system_groups_user,
+service_drop_privileges(struct mail_storage_service_user *user,
+ const struct mail_user_settings *set,
const char *home, const char *chroot,
bool disallow_root, bool keep_setuid_root,
bool setenv_only, const char **error_r)
@@ -327,6 +330,7 @@
dec2str(rset.uid));
return -1;
}
+ rset.uid_source = user->uid_source;
} else if (rset.uid == (uid_t)-1 &&
disallow_root && current_euid == 0) {
*error_r = "User is missing UID (see mail_uid setting)";
@@ -347,6 +351,7 @@
dec2str(rset.gid));
return -1;
}
+ rset.gid_source = user->gid_source;
} else if (rset.gid == (gid_t)-1 && disallow_root &&
set->first_valid_gid > 0 && getegid() == 0) {
*error_r = "User is missing GID (see mail_gid setting)";
@@ -370,7 +375,7 @@
/* we can't chroot if we want to switch between users. there's not
much point either (from security point of view) */
rset.chroot_dir = *chroot == '\0' || keep_setuid_root ? NULL : chroot;
- rset.system_groups_user = system_groups_user;
+ rset.system_groups_user = user->system_groups_user;
cur_chroot = restrict_access_get_current_chroot();
if (cur_chroot != NULL) {
@@ -820,6 +825,8 @@
i_panic("settings_parser_check() failed: %s", error);
user->user_set = settings_parser_get_list(user->set_parser)[1];
+ user->gid_source = "mail_gid setting";
+ user->uid_source = "mail_uid setting";
if (!userdb_lookup) {
const char *home = getenv("HOME");
@@ -903,9 +910,9 @@
mail_storage_service_init_log(ctx, user);
if ((ctx->flags & MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS) == 0) {
- if (service_drop_privileges(user_set, user->system_groups_user,
- home, chroot, disallow_root,
- temp_priv_drop, FALSE, &error) < 0) {
+ if (service_drop_privileges(user, user_set, home, chroot,
+ disallow_root, temp_priv_drop,
+ FALSE, &error) < 0) {
i_error("user %s: Couldn't drop privileges: %s",
user->input.username, error);
return -1;
@@ -939,8 +946,8 @@
chroot = user_expand_varstr(ctx->service, &user->input,
user_set->mail_chroot);
- if (service_drop_privileges(user_set, user->system_groups_user,
- home, chroot, FALSE, FALSE, TRUE,
+ if (service_drop_privileges(user, user_set, home, chroot,
+ FALSE, FALSE, TRUE,
&error) < 0)
i_fatal("%s", error);
}
More information about the dovecot-cvs
mailing list