dovecot-2.0: master: Fail service if home directory path is rela...
dovecot at dovecot.org
dovecot at dovecot.org
Fri Jul 10 02:20:07 EEST 2009
details: http://hg.dovecot.org/dovecot-2.0/rev/155a5ddb26f3
changeset: 9600:155a5ddb26f3
user: Timo Sirainen <tss at iki.fi>
date: Thu Jul 09 19:20:00 2009 -0400
description:
master: Fail service if home directory path is relative.
diffstat:
1 file changed, 11 insertions(+), 13 deletions(-)
src/master/service-process.c | 24 +++++++++++-------------
diffs (71 lines):
diff -r a032deb40060 -r 155a5ddb26f3 src/master/service-process.c
--- a/src/master/service-process.c Thu Jul 09 13:30:22 2009 -0400
+++ b/src/master/service-process.c Thu Jul 09 19:20:00 2009 -0400
@@ -148,13 +148,12 @@ service_dup_fds(struct service *service,
env_put(t_strdup_printf("SSL_SOCKET_COUNT=%d", ssl_socket_count));
}
-static int validate_uid_gid(struct master_settings *set, uid_t uid, gid_t gid,
- const char *user)
+static void validate_uid_gid(struct master_settings *set, uid_t uid, gid_t gid,
+ const char *user)
{
if (uid == 0) {
- i_error("User %s not allowed to log in using UNIX UID 0 "
+ i_fatal("User %s not allowed to log in using UNIX UID 0 "
"(root logins are never allowed)", user);
- return FALSE;
}
if (uid < (uid_t)set->first_valid_uid ||
@@ -162,13 +161,12 @@ static int validate_uid_gid(struct maste
struct passwd *pw;
pw = getpwuid(uid);
- i_error("User %s not allowed to log in using too %s "
+ i_fatal("User %s not allowed to log in using too %s "
"UNIX UID %s%s (see first_valid_uid in config file)",
user,
uid < (uid_t)set->first_valid_uid ? "low" : "high",
dec2str(uid), pw == NULL ? "" :
t_strdup_printf("(%s)", pw->pw_name));
- return FALSE;
}
if (gid < (gid_t)set->first_valid_gid ||
@@ -176,16 +174,13 @@ static int validate_uid_gid(struct maste
struct group *gr;
gr = getgrgid(gid);
- i_error("User %s not allowed to log in using too %s primary "
+ i_fatal("User %s not allowed to log in using too %s primary "
"UNIX group ID %s%s (see first_valid_gid in config file)",
user,
gid < (gid_t)set->first_valid_gid ? "low" : "high",
dec2str(gid), gr == NULL ? "" :
t_strdup_printf("(%s)", gr->gr_name));
- return FALSE;
- }
-
- return TRUE;
+ }
}
static void auth_args_apply(const char *const *args,
@@ -288,11 +283,14 @@ static void drop_privileges(struct servi
auth_success_write();
auth_args_apply(auth_args + 1, &rset, &home);
- if (!validate_uid_gid(master_set, rset.uid, rset.gid, user))
- exit(FATAL_DEFAULT);
+ validate_uid_gid(master_set, rset.uid, rset.gid, user);
}
if (home != NULL) {
+ if (*home != '/') {
+ i_fatal("Relative home directory paths not supported "
+ "(user %s): %s", user, home);
+ }
if (chdir(home) < 0 && errno != ENOENT)
i_error("chdir(%s) failed: %m", home);
}
More information about the dovecot-cvs
mailing list