Mercurial > dovecot > core-2.2
annotate src/lib/restrict-access.h @ 23007:36e01285b5b8
lib: buffer - Improve header comment for buffer_insert() and buffer_delete().
author | Stephan Bosch <stephan.bosch@dovecot.fi> |
---|---|
date | Mon, 18 Mar 2019 00:52:37 +0100 |
parents | 44e84dd9b363 |
children |
rev | line source |
---|---|
6410
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
1 #ifndef RESTRICT_ACCESS_H |
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
2 #define RESTRICT_ACCESS_H |
0 | 3 |
9044
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
4 struct restrict_access_settings { |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
5 /* UID to use, or (uid_t)-1 if you don't want to change it */ |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
6 uid_t uid; |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
7 /* Effective GID to use, or (gid_t)-1 if you don't want to change it */ |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
8 gid_t gid; |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
9 /* If not (gid_t)-1, the privileged GID can be temporarily |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
10 enabled/disabled. */ |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
11 gid_t privileged_gid; |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
12 |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
13 /* Add access to these space or comma -separated extra groups */ |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
14 const char *extra_groups; |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
15 /* Add access to groups this system user belongs to */ |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
16 const char *system_groups_user; |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
17 |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
18 /* All specified GIDs must be in this range. If extra_groups or system |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
19 group user contains other GIDs, they're silently dropped. */ |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
20 gid_t first_valid_gid, last_valid_gid; |
0 | 21 |
12721
cb2c008ae3e8
restrict_access(): Show uid/gid source in setuid()/setgid() failure messages if given.
Timo Sirainen <tss@iki.fi>
parents:
11284
diff
changeset
|
22 /* Human readable "source" of UID and GID values. If non-NULL, |
cb2c008ae3e8
restrict_access(): Show uid/gid source in setuid()/setgid() failure messages if given.
Timo Sirainen <tss@iki.fi>
parents:
11284
diff
changeset
|
23 displayed on error messages about failing to change uid/gid. */ |
cb2c008ae3e8
restrict_access(): Show uid/gid source in setuid()/setgid() failure messages if given.
Timo Sirainen <tss@iki.fi>
parents:
11284
diff
changeset
|
24 const char *uid_source, *gid_source; |
cb2c008ae3e8
restrict_access(): Show uid/gid source in setuid()/setgid() failure messages if given.
Timo Sirainen <tss@iki.fi>
parents:
11284
diff
changeset
|
25 |
9044
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
26 /* Chroot directory */ |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
27 const char *chroot_dir; |
20913
c3ac9a0de205
lib: Add drop_setuid_root for restrict_access
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
14629
diff
changeset
|
28 |
c3ac9a0de205
lib: Add drop_setuid_root for restrict_access
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
14629
diff
changeset
|
29 /* Set TRUE to attempt to drop any root privileges |
c3ac9a0de205
lib: Add drop_setuid_root for restrict_access
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
14629
diff
changeset
|
30 FIXME: Reverse logic on v2.3 */ |
c3ac9a0de205
lib: Add drop_setuid_root for restrict_access
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
14629
diff
changeset
|
31 bool drop_setuid_root; |
9044
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
32 }; |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
33 |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
34 /* Initialize settings with values that don't change anything. */ |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
35 void restrict_access_init(struct restrict_access_settings *set); |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
36 /* Restrict access as specified by the settings. If home is not NULL, |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
37 it's chdir()ed after chrooting, otherwise it chdirs to / (the chroot). */ |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
38 void restrict_access(const struct restrict_access_settings *set, |
14629
c93ca5e46a8a
Marked functions parameters that are allowed to be NULL. Some APIs were also changed.
Timo Sirainen <tss@iki.fi>
parents:
12721
diff
changeset
|
39 const char *home, bool disallow_root) ATTR_NULL(2); |
9044
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
40 /* Set environment variables so they can be read with |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
41 restrict_access_by_env(). */ |
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
42 void restrict_access_set_env(const struct restrict_access_settings *set); |
11284
a8a8686e6979
Added restrict_access_get_env()
Timo Sirainen <tss@iki.fi>
parents:
9500
diff
changeset
|
43 /* Read restrict_access_set_env() environments back into struct. */ |
a8a8686e6979
Added restrict_access_get_env()
Timo Sirainen <tss@iki.fi>
parents:
9500
diff
changeset
|
44 void restrict_access_get_env(struct restrict_access_settings *set_r); |
9044
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
45 /* Read restrictions from environment and call restrict_access(). |
801
86224ff16bf6
Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents:
0
diff
changeset
|
46 If disallow_roots is TRUE, we'll kill ourself if we didn't have the |
9044
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
47 environment settings. */ |
14629
c93ca5e46a8a
Marked functions parameters that are allowed to be NULL. Some APIs were also changed.
Timo Sirainen <tss@iki.fi>
parents:
12721
diff
changeset
|
48 void restrict_access_by_env(const char *home, bool disallow_root) ATTR_NULL(1); |
0 | 49 |
9159
6324a79d3ee1
Initial commit for v2.0 master rewrite. Several features are still missing.
Timo Sirainen <tss@iki.fi>
parents:
9052
diff
changeset
|
50 /* Return the chrooted directory if restrict_access*() chrooted, |
6324a79d3ee1
Initial commit for v2.0 master rewrite. Several features are still missing.
Timo Sirainen <tss@iki.fi>
parents:
9052
diff
changeset
|
51 otherwise NULL. */ |
6324a79d3ee1
Initial commit for v2.0 master rewrite. Several features are still missing.
Timo Sirainen <tss@iki.fi>
parents:
9052
diff
changeset
|
52 const char *restrict_access_get_current_chroot(void); |
6324a79d3ee1
Initial commit for v2.0 master rewrite. Several features are still missing.
Timo Sirainen <tss@iki.fi>
parents:
9052
diff
changeset
|
53 |
22825
2df6a22a5ad1
lib: Clarify restrict_access_allow_coredumps
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20913
diff
changeset
|
54 /* |
2df6a22a5ad1
lib: Clarify restrict_access_allow_coredumps
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20913
diff
changeset
|
55 Checks if PR_SET_DUMPABLE environment variable is set, and if it is, |
2df6a22a5ad1
lib: Clarify restrict_access_allow_coredumps
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20913
diff
changeset
|
56 calls restrict_access_set_dumpable(allow). |
2df6a22a5ad1
lib: Clarify restrict_access_allow_coredumps
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20913
diff
changeset
|
57 */ |
8798
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
58 void restrict_access_allow_coredumps(bool allow); |
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
59 |
22826
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
60 /* Sets process dumpable true or false. Setting this true allows core dumping, |
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
61 reading /proc/self/io, attaching with PTRACE_ATTACH, and also changes |
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
62 ownership of /proc/[pid] directory. */ |
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
63 void restrict_access_set_dumpable(bool allow); |
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
64 |
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
65 /* Gets process dumpability, returns TRUE if not supported, because |
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
66 we then assume that constraint is not present. */ |
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
67 bool restrict_access_get_dumpable(void); |
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
68 |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
69 /* If privileged_gid was set, these functions can be used to temporarily |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
70 gain access to the group. */ |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
71 int restrict_access_use_priv_gid(void); |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
72 void restrict_access_drop_priv_gid(void); |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
73 /* Returns TRUE if privileged GID exists for this process. */ |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
74 bool restrict_access_have_priv_gid(void); |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
75 |
9500
5074914f2dba
Added restrict_get_groups_list() for easily getting list of process's groups.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
76 gid_t *restrict_get_groups_list(unsigned int *gid_count_r); |
5074914f2dba
Added restrict_get_groups_list() for easily getting list of process's groups.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
77 |
0 | 78 #endif |