dovecot-2.0: script-login: When -d isn't given, drop privileges ...
dovecot at dovecot.org
dovecot at dovecot.org
Mon May 9 20:11:08 EEST 2011
details: http://hg.dovecot.org/dovecot-2.0/rev/25a452227a09
changeset: 12784:25a452227a09
user: Timo Sirainen <tss at iki.fi>
date: Mon May 09 20:11:00 2011 +0300
description:
script-login: When -d isn't given, drop privileges as specified by the service settings.
diffstat:
src/util/script-login.c | 18 +++++++++++++-----
1 files changed, 13 insertions(+), 5 deletions(-)
diffs (53 lines):
diff -r 56a1b3082b4b -r 25a452227a09 src/util/script-login.c
--- a/src/util/script-login.c Mon May 09 20:03:24 2011 +0300
+++ b/src/util/script-login.c Mon May 09 20:11:00 2011 +0300
@@ -22,7 +22,7 @@
#define SCRIPT_COMM_FD 3
static const char **exec_args;
-static bool drop_privileges = FALSE;
+static bool drop_to_userdb_privileges = FALSE;
static void client_connected(struct master_service_connection *conn)
{
@@ -119,7 +119,7 @@
i_fatal("%s", error);
mail_storage_service_restrict_setenv(service_ctx, user);
- if (drop_privileges)
+ if (drop_to_userdb_privileges)
restrict_access_by_env(getenv("HOME"), TRUE);
if (dup2(fd, STDIN_FILENO) < 0)
@@ -190,7 +190,7 @@
while ((c = master_getopt(master_service)) > 0) {
switch (c) {
case 'd':
- drop_privileges = TRUE;
+ drop_to_userdb_privileges = TRUE;
break;
default:
return FATAL_DEFAULT;
@@ -200,12 +200,20 @@
argv += optind;
master_service_init_log(master_service, "script-login: ");
+
+ if (!drop_to_userdb_privileges &&
+ (flags & MASTER_SERVICE_FLAG_STANDALONE) == 0) {
+ /* drop to privileges defined by service settings */
+ restrict_access_by_env(NULL, FALSE);
+ }
+
master_service_init_finish(master_service);
master_service_set_service_count(master_service, 1);
- if ((flags & MASTER_SERVICE_FLAG_STANDALONE) != 0)
+ if ((flags & MASTER_SERVICE_FLAG_STANDALONE) != 0) {
+ /* The last post-login script is calling us to finish login */
script_execute_finish();
- else {
+ } else {
if (argv[0] == NULL)
i_fatal("Missing script path");
exec_args = i_new(const char *, argc + 2);
More information about the dovecot-cvs
mailing list