dovecot-2.0: master: Fail service if home directory path is rela...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.0/rev/155a5ddb26f3
changeset: 9600:155a5ddb26f3
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Jul 09 19:20:00 2009 -0400
description:
master: Fail service if home directory path is relative.

diffstat:

1 file changed, 11 insertions(+), 13 deletions(-)
src/master/service-process.c |   24 +++++++++++-------------

diffs (71 lines):

diff -r a032deb40060 -r 155a5ddb26f3 src/master/service-process.c
--- a/src/master/service-process.c	Thu Jul 09 13:30:22 2009 -0400
+++ b/src/master/service-process.c	Thu Jul 09 19:20:00 2009 -0400
@@ -148,13 +148,12 @@ service_dup_fds(struct service *service,
 	env_put(t_strdup_printf("SSL_SOCKET_COUNT=%d", ssl_socket_count));
 }
 
-static int validate_uid_gid(struct master_settings *set, uid_t uid, gid_t gid,
-			    const char *user)
+static void validate_uid_gid(struct master_settings *set, uid_t uid, gid_t gid,
+			     const char *user)
 {
 	if (uid == 0) {
-		i_error("User %s not allowed to log in using UNIX UID 0 "
+		i_fatal("User %s not allowed to log in using UNIX UID 0 "
 			"(root logins are never allowed)", user);
-		return FALSE;
 	}
 
 	if (uid < (uid_t)set->first_valid_uid ||
@@ -162,13 +161,12 @@ static int validate_uid_gid(struct maste
 		struct passwd *pw;
 
 		pw = getpwuid(uid);
-		i_error("User %s not allowed to log in using too %s "
+		i_fatal("User %s not allowed to log in using too %s "
 			"UNIX UID %s%s (see first_valid_uid in config file)",
 			user,
 			uid < (uid_t)set->first_valid_uid ? "low" : "high",
 			dec2str(uid), pw == NULL ? "" :
 			t_strdup_printf("(%s)", pw->pw_name));
-		return FALSE;
 	}
 
 	if (gid < (gid_t)set->first_valid_gid ||
@@ -176,16 +174,13 @@ static int validate_uid_gid(struct maste
 		struct group *gr;
 
 		gr = getgrgid(gid);
-		i_error("User %s not allowed to log in using too %s primary "
+		i_fatal("User %s not allowed to log in using too %s primary "
 			"UNIX group ID %s%s (see first_valid_gid in config file)",
 			user,
 			gid < (gid_t)set->first_valid_gid ? "low" : "high",
 			dec2str(gid), gr == NULL ? "" :
 			t_strdup_printf("(%s)", gr->gr_name));
-		return FALSE;
-	}
-
-	return TRUE;
+	}
 }
 
 static void auth_args_apply(const char *const *args,
@@ -288,11 +283,14 @@ static void drop_privileges(struct servi
 		auth_success_write();
 		auth_args_apply(auth_args + 1, &rset, &home);
 
-		if (!validate_uid_gid(master_set, rset.uid, rset.gid, user))
-			exit(FATAL_DEFAULT);
+		validate_uid_gid(master_set, rset.uid, rset.gid, user);
 	}
 
 	if (home != NULL) {
+		if (*home != '/') {
+			i_fatal("Relative home directory paths not supported "
+				"(user %s): %s", user, home);
+		}
 		if (chdir(home) < 0 && errno != ENOENT)
 			i_error("chdir(%s) failed: %m", home);
 	}