dovecot-2.0: Added mail_storage_service_restrict_setenv().
dovecot at dovecot.org
dovecot at dovecot.org
Mon Dec 14 02:28:25 EET 2009
details: http://hg.dovecot.org/dovecot-2.0/rev/2a74d458339d
changeset: 10462:2a74d458339d
user: Timo Sirainen <tss at iki.fi>
date: Sun Dec 13 19:28:16 2009 -0500
description:
Added mail_storage_service_restrict_setenv().
diffstat:
2 files changed, 27 insertions(+), 4 deletions(-)
src/lib-storage/mail-storage-service.c | 29 +++++++++++++++++++++++++----
src/lib-storage/mail-storage-service.h | 2 ++
diffs (72 lines):
diff -r 21c0676961e8 -r 2a74d458339d src/lib-storage/mail-storage-service.c
--- a/src/lib-storage/mail-storage-service.c Sun Dec 13 19:27:27 2009 -0500
+++ b/src/lib-storage/mail-storage-service.c Sun Dec 13 19:28:16 2009 -0500
@@ -239,7 +239,8 @@ service_drop_privileges(const struct mai
service_drop_privileges(const struct mail_user_settings *set,
const char *system_groups_user,
const char *home, const char *chroot,
- bool disallow_root, bool keep_setuid_root)
+ bool disallow_root, bool keep_setuid_root,
+ bool setenv_only)
{
struct restrict_access_settings rset;
uid_t current_euid, setuid_uid = 0;
@@ -301,8 +302,13 @@ service_drop_privileges(const struct mai
rset.uid = (uid_t)-1;
disallow_root = FALSE;
}
- restrict_access(&rset, *home == '\0' ? NULL : home, disallow_root);
- if (setuid_uid != 0) {
+ if (!setenv_only) {
+ restrict_access(&rset, *home == '\0' ? NULL : home,
+ disallow_root);
+ } else {
+ restrict_access_set_env(&rset);
+ }
+ if (setuid_uid != 0 && !setenv_only) {
if (seteuid(setuid_uid) < 0)
i_fatal("seteuid(%s) failed: %m", dec2str(setuid_uid));
}
@@ -774,7 +780,7 @@ int mail_storage_service_next(struct mai
service_drop_privileges(user_set, user->system_groups_user,
home, chroot,
(ctx->flags & MAIL_STORAGE_SERVICE_FLAG_DISALLOW_ROOT) != 0,
- temp_priv_drop);
+ temp_priv_drop, FALSE);
if (!temp_priv_drop ||
(ctx->flags & MAIL_STORAGE_SERVICE_FLAG_ENABLE_CORE_DUMPS) != 0)
restrict_access_allow_coredumps(TRUE);
@@ -808,6 +814,21 @@ int mail_storage_service_next(struct mai
return 0;
}
+void mail_storage_service_restrict_setenv(struct mail_storage_service_ctx *ctx,
+ struct mail_storage_service_user *user)
+{
+ const struct mail_user_settings *user_set = user->user_set;
+ const char *home, *chroot;
+
+ home = user_expand_varstr(ctx->service, &user->input,
+ user_set->mail_home);
+ chroot = user_expand_varstr(ctx->service, &user->input,
+ user_set->mail_chroot);
+
+ service_drop_privileges(user_set, user->system_groups_user,
+ home, chroot, FALSE, FALSE, TRUE);
+}
+
int mail_storage_service_lookup_next(struct mail_storage_service_ctx *ctx,
const struct mail_storage_service_input *input,
struct mail_storage_service_user **user_r,
diff -r 21c0676961e8 -r 2a74d458339d src/lib-storage/mail-storage-service.h
--- a/src/lib-storage/mail-storage-service.h Sun Dec 13 19:27:27 2009 -0500
+++ b/src/lib-storage/mail-storage-service.h Sun Dec 13 19:28:16 2009 -0500
@@ -64,6 +64,8 @@ int mail_storage_service_next(struct mai
struct mail_storage_service_user *user,
struct mail_user **mail_user_r,
const char **error_r);
+void mail_storage_service_restrict_setenv(struct mail_storage_service_ctx *ctx,
+ struct mail_storage_service_user *user);
/* Combine lookup() and next() into one call. */
int mail_storage_service_lookup_next(struct mail_storage_service_ctx *ctx,
const struct mail_storage_service_input *input,
More information about the dovecot-cvs
mailing list