dovecot-2.0: Added restrict_access_get_env()
dovecot at dovecot.org
dovecot at dovecot.org
Wed May 12 17:39:06 EEST 2010
details: http://hg.dovecot.org/dovecot-2.0/rev/a8a8686e6979
changeset: 11284:a8a8686e6979
user: Timo Sirainen <tss at iki.fi>
date: Wed May 12 16:39:03 2010 +0200
description:
Added restrict_access_get_env()
diffstat:
src/lib/restrict-access.c | 60 ++++++++++++++++--------------
src/lib/restrict-access.h | 2 +
2 files changed, 34 insertions(+), 28 deletions(-)
diffs (86 lines):
diff -r 6599d3d52c76 -r a8a8686e6979 src/lib/restrict-access.c
--- a/src/lib/restrict-access.c Wed May 12 16:07:40 2010 +0200
+++ b/src/lib/restrict-access.c Wed May 12 16:39:03 2010 +0200
@@ -376,38 +376,42 @@
return str == NULL || *str == '\0' ? NULL : str;
}
+void restrict_access_get_env(struct restrict_access_settings *set_r)
+{
+ const char *value;
+
+ restrict_access_init(set_r);
+ if ((value = getenv("RESTRICT_SETUID")) != NULL) {
+ if (str_to_uid(value, &set_r->uid) < 0)
+ i_fatal("Invalid uid: %s", value);
+ }
+ if ((value = getenv("RESTRICT_SETGID")) != NULL) {
+ if (str_to_gid(value, &set_r->gid) < 0)
+ i_fatal("Invalid gid: %s", value);
+ }
+ if ((value = getenv("RESTRICT_SETGID_PRIV")) != NULL) {
+ if (str_to_gid(value, &set_r->privileged_gid) < 0)
+ i_fatal("Invalid privileged_gid: %s", value);
+ }
+ if ((value = getenv("RESTRICT_GID_FIRST")) != NULL) {
+ if (str_to_gid(value, &set_r->first_valid_gid) < 0)
+ i_fatal("Invalid first_valid_gid: %s", value);
+ }
+ if ((value = getenv("RESTRICT_GID_LAST")) != NULL) {
+ if (str_to_gid(value, &set_r->last_valid_gid) < 0)
+ i_fatal("Invalid last_value_gid: %s", value);
+ }
+
+ set_r->extra_groups = null_if_empty(getenv("RESTRICT_SETEXTRAGROUPS"));
+ set_r->system_groups_user = null_if_empty(getenv("RESTRICT_USER"));
+ set_r->chroot_dir = null_if_empty(getenv("RESTRICT_CHROOT"));
+}
+
void restrict_access_by_env(const char *home, bool disallow_root)
{
struct restrict_access_settings set;
- const char *value;
- restrict_access_init(&set);
-
- if ((value = getenv("RESTRICT_SETUID")) != NULL) {
- if (str_to_uid(value, &set.uid) < 0)
- i_fatal("Invalid uid: %s", value);
- }
- if ((value = getenv("RESTRICT_SETGID")) != NULL) {
- if (str_to_gid(value, &set.gid) < 0)
- i_fatal("Invalid gid: %s", value);
- }
- if ((value = getenv("RESTRICT_SETGID_PRIV")) != NULL) {
- if (str_to_gid(value, &set.privileged_gid) < 0)
- i_fatal("Invalid privileged_gid: %s", value);
- }
- if ((value = getenv("RESTRICT_GID_FIRST")) != NULL) {
- if (str_to_gid(value, &set.first_valid_gid) < 0)
- i_fatal("Invalid first_valid_gid: %s", value);
- }
- if ((value = getenv("RESTRICT_GID_LAST")) != NULL) {
- if (str_to_gid(value, &set.last_valid_gid) < 0)
- i_fatal("Invalid last_value_gid: %s", value);
- }
-
- set.extra_groups = null_if_empty(getenv("RESTRICT_SETEXTRAGROUPS"));
- set.system_groups_user = null_if_empty(getenv("RESTRICT_USER"));
- set.chroot_dir = null_if_empty(getenv("RESTRICT_CHROOT"));
-
+ restrict_access_get_env(&set);
restrict_access(&set, home, disallow_root);
/* clear the environment, so we don't fail if we get back here */
diff -r 6599d3d52c76 -r a8a8686e6979 src/lib/restrict-access.h
--- a/src/lib/restrict-access.h Wed May 12 16:07:40 2010 +0200
+++ b/src/lib/restrict-access.h Wed May 12 16:39:03 2010 +0200
@@ -32,6 +32,8 @@
/* Set environment variables so they can be read with
restrict_access_by_env(). */
void restrict_access_set_env(const struct restrict_access_settings *set);
+/* Read restrict_access_set_env() environments back into struct. */
+void restrict_access_get_env(struct restrict_access_settings *set_r);
/* Read restrictions from environment and call restrict_access().
If disallow_roots is TRUE, we'll kill ourself if we didn't have the
environment settings. */
More information about the dovecot-cvs
mailing list