[dovecot-cvs]
dovecot/src/master auth-process.c,1.47,1.48 common.h,1.16,1.17
mail-process.c,1.26,1.27 main.c,1.45,1.46
master-settings.c,1.21,1.22 ssl-init.c,1.11,1.12
cras at procontrol.fi
cras at procontrol.fi
Sun Jul 13 03:43:18 EEST 2003
Update of /home/cvs/dovecot/src/master
In directory danu:/tmp/cvs-serv25277
Modified Files:
auth-process.c common.h mail-process.c main.c
master-settings.c ssl-init.c
Log Message:
Replaced geteuid() calls with one in the beginning and saving it to
master_uid. When chdir()ing to user's home dir, temporarily set euid to
user's uid.
Index: auth-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/auth-process.c,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -d -r1.47 -r1.48
--- auth-process.c 10 Jul 2003 03:04:07 -0000 1.47
+++ auth-process.c 12 Jul 2003 23:43:16 -0000 1.48
@@ -383,9 +383,10 @@
fd_close_on_exec(group->listen_fd, TRUE);
/* set correct permissions */
- if (chown(path, geteuid(), auth_set->parent->defaults->login_gid) < 0) {
+ if (chown(path, master_uid,
+ auth_set->parent->defaults->login_gid) < 0) {
i_fatal("login: chown(%s, %s, %s) failed: %m",
- path, dec2str(geteuid()),
+ path, dec2str(master_uid),
dec2str(auth_set->parent->defaults->login_gid));
}
Index: common.h
===================================================================
RCS file: /home/cvs/dovecot/src/master/common.h,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- common.h 10 Jul 2003 03:04:07 -0000 1.16
+++ common.h 12 Jul 2003 23:43:16 -0000 1.17
@@ -23,6 +23,7 @@
extern struct ioloop *ioloop;
extern struct hash_table *pids;
extern int null_fd, inetd_login_fd;
+extern uid_t master_uid;
#define IS_INETD() \
(inetd_login_fd != -1)
Index: mail-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/mail-process.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -d -r1.26 -r1.27
--- mail-process.c 12 Jul 2003 15:45:19 -0000 1.26
+++ mail-process.c 12 Jul 2003 23:43:16 -0000 1.27
@@ -27,7 +27,7 @@
return FALSE;
}
- if (set->login_uid == uid && geteuid() != uid) {
+ if (set->login_uid == uid && master_uid != uid) {
i_error("Can't log in using login processes UID %s (user %s) "
"(see login_user in config file).",
dec2str(uid), user);
@@ -112,7 +112,7 @@
const char *addr, *mail, *chroot_dir, *home_dir, *full_home_dir;
char title[1024];
pid_t pid;
- int i, err;
+ int i, err, ret;
// FIXME: per-group
if (mail_process_count == set->max_mail_processes) {
@@ -169,9 +169,22 @@
full_home_dir = *chroot_dir == '\0' ? home_dir :
t_strconcat(chroot_dir, "/", home_dir, NULL);
/* NOTE: if home directory is NFS-mounted, we might not
- have access to it as root. Ignore such errors. */
- if (chdir(full_home_dir) < 0 && errno != EACCES)
- i_fatal("chdir(%s) failed: %m", full_home_dir);
+ have access to it as root. Change the effective UID
+ temporarily to make it work. */
+ if (reply->uid != master_uid && seteuid(reply->uid) < 0)
+ i_fatal("seteuid(%s) failed: %m", dec2str(reply->uid));
+ ret = chdir(full_home_dir);
+ if (reply->uid != master_uid && seteuid(master_uid) < 0)
+ i_fatal("seteuid(%s) failed: %m", dec2str(master_uid));
+ if (ret < 0) {
+ i_fatal("chdir(%s) failed with uid %s: %m",
+ full_home_dir, dec2str(reply->uid));
+ }
+ } else {
+ /* We still have to change to some directory where we have
+ rx-access. /tmp should exist everywhere. */
+ if (chdir("/tmp") < 0)
+ i_fatal("chdir(/tmp) failed: %m");
}
env_put("LOGGED_IN=1");
@@ -263,6 +276,7 @@
for (i = 0; i < 3; i++)
(void)close(i);
+ errno = err;
i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m",
group->set->mail_executable);
Index: main.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/main.c,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -d -r1.45 -r1.46
--- main.c 10 Jul 2003 03:04:07 -0000 1.45
+++ main.c 12 Jul 2003 23:43:16 -0000 1.46
@@ -35,6 +35,7 @@
struct ioloop *ioloop;
struct hash_table *pids;
int null_fd, inetd_login_fd;
+uid_t master_uid;
int validate_str(const char *str, size_t max_len)
{
@@ -444,6 +445,7 @@
lib_init();
+ master_uid = geteuid();
inetd_login_fd = -1;
for (i = 1; i < argc; i++) {
if (strcmp(argv[i], "-F") == 0) {
Index: master-settings.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/master-settings.c,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- master-settings.c 10 Jul 2003 03:04:07 -0000 1.21
+++ master-settings.c 12 Jul 2003 23:43:16 -0000 1.22
@@ -377,7 +377,7 @@
/* since they're under /var/run by default, they may have been
deleted. */
- if (safe_mkdir(set->base_dir, 0700, geteuid(), getegid()) == 0) {
+ if (safe_mkdir(set->base_dir, 0700, master_uid, getegid()) == 0) {
i_warning("Corrected permissions for base directory %s",
PKG_RUNDIR);
}
@@ -388,7 +388,7 @@
return FALSE;
}
- if (safe_mkdir(set->login_dir, 0750, geteuid(), set->login_gid) == 0) {
+ if (safe_mkdir(set->login_dir, 0750, master_uid, set->login_gid) == 0) {
i_warning("Corrected permissions for login directory %s",
set->login_dir);
}
Index: ssl-init.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/ssl-init.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- ssl-init.c 10 Jul 2003 03:04:07 -0000 1.11
+++ ssl-init.c 12 Jul 2003 23:43:16 -0000 1.12
@@ -86,7 +86,7 @@
regen_time = st.st_mtime +
(time_t)(set->ssl_parameters_regenerate*3600);
if (regen_time < ioloop_time || (st.st_mode & 077) != 0 ||
- st.st_uid != geteuid() || st.st_gid != getegid()) {
+ st.st_uid != master_uid || st.st_gid != getegid()) {
start_generate_process(set);
return FALSE;
}
More information about the dovecot-cvs
mailing list