[dovecot] PATCH allow_zero_gid option

Dominic Marks dom at cus.org.uk
Tue Apr 15 20:45:21 EEST 2003 

Hey,

Well, that was easy :-) Patch against CVS follows:

Summary:
 Created a boolean option allow_zero_gid, when set to yes it will allow
 logins from users whose group id is zero. Tested with KMail 3.1.1 on
 FreeBSD 4.8. I'm not sure if my method for passing the boolean via the
 environment is correct, it looks a little on the ugly side.

Index: src/lib/restrict-access.c
===================================================================
RCS file: /home/cvs/dovecot/src/lib/restrict-access.c,v
retrieving revision 1.10
diff -u -3 -p -r1.10 restrict-access.c
--- src/lib/restrict-access.c	4 Mar 2003 04:00:13 -0000	1.10
+++ src/lib/restrict-access.c	15 Apr 2003 17:37:26 -0000
@@ -31,12 +31,14 @@
 #include <grp.h>
 
 void restrict_access_set_env(const char *user, uid_t uid, gid_t gid,
-			     const char *chroot_dir)
+		 	     const char *chroot_dir, int allow_zg)
 {
 	if (user != NULL && *user != '\0')
 		env_put(t_strconcat("RESTRICT_USER=", user, NULL));
 	if (chroot_dir != NULL && *chroot_dir != '\0')
 		env_put(t_strconcat("RESTRICT_CHROOT=", chroot_dir, NULL));
+	if (allow_zg == TRUE)
+		env_put(t_strdup("ALLOW_ZERO_GID=TRUE"));
 
 	env_put(t_strdup_printf("RESTRICT_SETUID=%s", dec2str(uid)));
 	env_put(t_strdup_printf("RESTRICT_SETGID=%s", dec2str(gid)));
@@ -45,6 +47,7 @@ void restrict_access_set_env(const char 
 void restrict_access_by_env(int disallow_root)
 {
 	const char *env;
+	int allow_zero_gid;
 	gid_t gid;
 	uid_t uid;
 
@@ -97,8 +100,14 @@ void restrict_access_by_env(int disallow
 			i_fatal("We couldn't drop root privileges");
 	}
 
-	if ((gid != 0 && uid != 0) || disallow_root) {
+	/* allow users with zero group id permission for BSD */
+	env = getenv("ALLOW_ZERO_GID");
+	allow_zero_gid = env == NULL ? FALSE : TRUE;
+
+	if (allow_zero_gid == FALSE &&
+		((gid != 0 && uid != 0) || disallow_root)) {
 		if (getgid() == 0 || getegid() == 0 || setgid(0) == 0)
 			i_fatal("We couldn't drop root group privileges");
 	}
+
 }
Index: src/lib/restrict-access.h
===================================================================
RCS file: /home/cvs/dovecot/src/lib/restrict-access.h,v
retrieving revision 1.4
diff -u -3 -p -r1.4 restrict-access.h
--- src/lib/restrict-access.h	4 Mar 2003 04:00:13 -0000	1.4
+++ src/lib/restrict-access.h	15 Apr 2003 17:37:26 -0000
@@ -4,7 +4,7 @@
 /* set environment variables so they can be read with
    restrict_access_by_env() */
 void restrict_access_set_env(const char *user, uid_t uid, gid_t gid,
-			     const char *chroot_dir);
+			     const char *chroot_dir, int allow_zg);
 
 /* chroot, setuid() and setgid() based on environment variables.
    If disallow_roots is TRUE, we'll kill ourself if we didn't have the
Index: src/master/auth-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/auth-process.c,v
retrieving revision 1.41
diff -u -3 -p -r1.41 auth-process.c
--- src/master/auth-process.c	2 Apr 2003 02:09:41 -0000	1.41
+++ src/master/auth-process.c	15 Apr 2003 17:37:27 -0000
@@ -307,7 +307,7 @@ static pid_t create_auth_process(struct 
 
 	/* setup access environment */
 	restrict_access_set_env(group->set->user, pwd->pw_uid, pwd->pw_gid,
-				group->set->chroot);
+				group->set->chroot, set->allow_zero_gid);
 
 	/* set other environment */
 	env_put(t_strconcat("AUTH_PROCESS=", dec2str(getpid()), NULL));
Index: src/master/login-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/login-process.c,v
retrieving revision 1.40
diff -u -3 -p -r1.40 login-process.c
--- src/master/login-process.c	15 Apr 2003 16:58:48 -0000	1.40
+++ src/master/login-process.c	15 Apr 2003 17:37:27 -0000
@@ -384,7 +384,8 @@ static void login_process_init_env(struc
 	   clean_child_process() since it clears environment */
 	restrict_access_set_env(group->set->user,
 				group->set->uid, set->login_gid,
-				set->login_chroot ? set->login_dir : NULL);
+				set->login_chroot ? set->login_dir : NULL,
+				set->allow_zero_gid);
 
 	env_put("DOVECOT_MASTER=1");
 
Index: src/master/mail-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/mail-process.c,v
retrieving revision 1.13
diff -u -3 -p -r1.13 mail-process.c
--- src/master/mail-process.c	15 Apr 2003 16:58:48 -0000	1.13
+++ src/master/mail-process.c	15 Apr 2003 17:37:28 -0000
@@ -25,7 +25,7 @@ static int validate_uid_gid(uid_t uid, g
 		return FALSE;
 	}
 
-	if (uid != 0 && gid == 0) {
+	if (set->allow_zero_gid == FALSE && uid != 0 && gid == 0) {
 		i_error("mail process isn't allowed to be in group 0");
 		return FALSE;
 	}
@@ -38,8 +38,9 @@ static int validate_uid_gid(uid_t uid, g
 		return FALSE;
 	}
 
-	if (gid < (gid_t)set->first_valid_gid ||
-	    (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid)) {
+	if (set->allow_zero_gid == FALSE &&
+	    (gid < (gid_t)set->first_valid_gid ||
+	    (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid))) {
 		i_error("mail process isn't allowed to use "
 			"GID %s (UID is %s)", dec2str(gid), dec2str(uid));
 		return FALSE;
@@ -150,7 +151,8 @@ int create_mail_process(int socket, stru
 	   (paranoia about filling up environment without noticing) */
 	restrict_access_set_env(data + reply->system_user_idx,
 				reply->uid, reply->gid,
-				reply->chroot ? data + reply->home_idx : NULL);
+				reply->chroot ? data + reply->home_idx : NULL,
+				set->allow_zero_gid);
 
 	restrict_process_size(process_size, (unsigned int)-1);
 
Index: src/master/master-settings.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/master-settings.c,v
retrieving revision 1.16
diff -u -3 -p -r1.16 master-settings.c
--- src/master/master-settings.c	2 Apr 2003 02:09:41 -0000	1.16
+++ src/master/master-settings.c	15 Apr 2003 17:37:28 -0000
@@ -46,6 +46,7 @@ static struct setting_def setting_defs[]
 	DEF(SET_INT, max_mail_processes),
 	DEF(SET_BOOL, verbose_proctitle),
 
+	DEF(SET_BOOL, allow_zero_gid),
 	DEF(SET_INT, first_valid_uid),
 	DEF(SET_INT, last_valid_uid),
 	DEF(SET_INT, first_valid_gid),
@@ -153,6 +154,7 @@ struct settings default_settings = {
 	MEMBER(max_mail_processes) 1024,
 	MEMBER(verbose_proctitle) FALSE,
 
+	MEMBER(allow_zero_gid) FALSE,
 	MEMBER(first_valid_uid) 500,
 	MEMBER(last_valid_uid) 0,
 	MEMBER(first_valid_gid) 1,
Index: src/master/master-settings.h
===================================================================
RCS file: /home/cvs/dovecot/src/master/master-settings.h,v
retrieving revision 1.10
diff -u -3 -p -r1.10 master-settings.h
--- src/master/master-settings.h	2 Apr 2003 02:09:41 -0000	1.10
+++ src/master/master-settings.h	15 Apr 2003 17:37:29 -0000
@@ -32,6 +32,7 @@ struct settings {
 	unsigned int max_mail_processes;
 	int verbose_proctitle;
 
+	int allow_zero_gid;
 	unsigned int first_valid_uid, last_valid_uid;
 	unsigned int first_valid_gid, last_valid_gid;
 
Thanks,
-- 
Dominic
 <dom at cus.org.uk> <d.marks at student.umist.ac.uk>

More information about the dovecot mailing list