Mercurial > dovecot > core-2.2
annotate src/lib/restrict-access.h @ 23007:36e01285b5b8
lib: buffer - Improve header comment for buffer_insert() and buffer_delete().
| author | Stephan Bosch <stephan.bosch@dovecot.fi> |
|---|---|
| date | Mon, 18 Mar 2019 00:52:37 +0100 |
| parents | 44e84dd9b363 |
| children |
| rev | line source |
|---|---|
|
6410
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
1 #ifndef RESTRICT_ACCESS_H |
|
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
2 #define RESTRICT_ACCESS_H |
| 0 | 3 |
|
9044
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
4 struct restrict_access_settings { |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
5 /* UID to use, or (uid_t)-1 if you don't want to change it */ |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
6 uid_t uid; |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
7 /* Effective GID to use, or (gid_t)-1 if you don't want to change it */ |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
8 gid_t gid; |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
9 /* If not (gid_t)-1, the privileged GID can be temporarily |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
10 enabled/disabled. */ |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
11 gid_t privileged_gid; |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
12 |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
13 /* Add access to these space or comma -separated extra groups */ |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
14 const char *extra_groups; |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
15 /* Add access to groups this system user belongs to */ |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
16 const char *system_groups_user; |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
17 |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
18 /* All specified GIDs must be in this range. If extra_groups or system |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
19 group user contains other GIDs, they're silently dropped. */ |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
20 gid_t first_valid_gid, last_valid_gid; |
| 0 | 21 |
|
12721
cb2c008ae3e8
restrict_access(): Show uid/gid source in setuid()/setgid() failure messages if given.
Timo Sirainen <tss@iki.fi>
parents:
11284
diff
changeset
|
22 /* Human readable "source" of UID and GID values. If non-NULL, |
|
cb2c008ae3e8
restrict_access(): Show uid/gid source in setuid()/setgid() failure messages if given.
Timo Sirainen <tss@iki.fi>
parents:
11284
diff
changeset
|
23 displayed on error messages about failing to change uid/gid. */ |
|
cb2c008ae3e8
restrict_access(): Show uid/gid source in setuid()/setgid() failure messages if given.
Timo Sirainen <tss@iki.fi>
parents:
11284
diff
changeset
|
24 const char *uid_source, *gid_source; |
|
cb2c008ae3e8
restrict_access(): Show uid/gid source in setuid()/setgid() failure messages if given.
Timo Sirainen <tss@iki.fi>
parents:
11284
diff
changeset
|
25 |
|
9044
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
26 /* Chroot directory */ |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
27 const char *chroot_dir; |
|
20913
c3ac9a0de205
lib: Add drop_setuid_root for restrict_access
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
14629
diff
changeset
|
28 |
|
c3ac9a0de205
lib: Add drop_setuid_root for restrict_access
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
14629
diff
changeset
|
29 /* Set TRUE to attempt to drop any root privileges |
|
c3ac9a0de205
lib: Add drop_setuid_root for restrict_access
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
14629
diff
changeset
|
30 FIXME: Reverse logic on v2.3 */ |
|
c3ac9a0de205
lib: Add drop_setuid_root for restrict_access
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
14629
diff
changeset
|
31 bool drop_setuid_root; |
|
9044
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
32 }; |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
33 |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
34 /* Initialize settings with values that don't change anything. */ |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
35 void restrict_access_init(struct restrict_access_settings *set); |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
36 /* Restrict access as specified by the settings. If home is not NULL, |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
37 it's chdir()ed after chrooting, otherwise it chdirs to / (the chroot). */ |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
38 void restrict_access(const struct restrict_access_settings *set, |
|
14629
c93ca5e46a8a
Marked functions parameters that are allowed to be NULL. Some APIs were also changed.
Timo Sirainen <tss@iki.fi>
parents:
12721
diff
changeset
|
39 const char *home, bool disallow_root) ATTR_NULL(2); |
|
9044
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
40 /* Set environment variables so they can be read with |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
41 restrict_access_by_env(). */ |
|
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
42 void restrict_access_set_env(const struct restrict_access_settings *set); |
|
11284
a8a8686e6979
Added restrict_access_get_env()
Timo Sirainen <tss@iki.fi>
parents:
9500
diff
changeset
|
43 /* Read restrict_access_set_env() environments back into struct. */ |
|
a8a8686e6979
Added restrict_access_get_env()
Timo Sirainen <tss@iki.fi>
parents:
9500
diff
changeset
|
44 void restrict_access_get_env(struct restrict_access_settings *set_r); |
|
9044
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
45 /* Read restrictions from environment and call restrict_access(). |
|
801
86224ff16bf6
Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents:
0
diff
changeset
|
46 If disallow_roots is TRUE, we'll kill ourself if we didn't have the |
|
9044
967bfafe6c0a
Cleaned up restrict_access*() API.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
47 environment settings. */ |
|
14629
c93ca5e46a8a
Marked functions parameters that are allowed to be NULL. Some APIs were also changed.
Timo Sirainen <tss@iki.fi>
parents:
12721
diff
changeset
|
48 void restrict_access_by_env(const char *home, bool disallow_root) ATTR_NULL(1); |
| 0 | 49 |
|
9159
6324a79d3ee1
Initial commit for v2.0 master rewrite. Several features are still missing.
Timo Sirainen <tss@iki.fi>
parents:
9052
diff
changeset
|
50 /* Return the chrooted directory if restrict_access*() chrooted, |
|
6324a79d3ee1
Initial commit for v2.0 master rewrite. Several features are still missing.
Timo Sirainen <tss@iki.fi>
parents:
9052
diff
changeset
|
51 otherwise NULL. */ |
|
6324a79d3ee1
Initial commit for v2.0 master rewrite. Several features are still missing.
Timo Sirainen <tss@iki.fi>
parents:
9052
diff
changeset
|
52 const char *restrict_access_get_current_chroot(void); |
|
6324a79d3ee1
Initial commit for v2.0 master rewrite. Several features are still missing.
Timo Sirainen <tss@iki.fi>
parents:
9052
diff
changeset
|
53 |
|
22825
2df6a22a5ad1
lib: Clarify restrict_access_allow_coredumps
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20913
diff
changeset
|
54 /* |
|
2df6a22a5ad1
lib: Clarify restrict_access_allow_coredumps
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20913
diff
changeset
|
55 Checks if PR_SET_DUMPABLE environment variable is set, and if it is, |
|
2df6a22a5ad1
lib: Clarify restrict_access_allow_coredumps
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20913
diff
changeset
|
56 calls restrict_access_set_dumpable(allow). |
|
2df6a22a5ad1
lib: Clarify restrict_access_allow_coredumps
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
20913
diff
changeset
|
57 */ |
|
8798
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
58 void restrict_access_allow_coredumps(bool allow); |
|
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
59 |
|
22826
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
60 /* Sets process dumpable true or false. Setting this true allows core dumping, |
|
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
61 reading /proc/self/io, attaching with PTRACE_ATTACH, and also changes |
|
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
62 ownership of /proc/[pid] directory. */ |
|
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
63 void restrict_access_set_dumpable(bool allow); |
|
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
64 |
|
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
65 /* Gets process dumpability, returns TRUE if not supported, because |
|
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
66 we then assume that constraint is not present. */ |
|
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
67 bool restrict_access_get_dumpable(void); |
|
44e84dd9b363
lib: Add restrict_access_get/set_dumpable
Aki Tuomi <aki.tuomi@dovecot.fi>
parents:
22825
diff
changeset
|
68 |
|
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
69 /* If privileged_gid was set, these functions can be used to temporarily |
|
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
70 gain access to the group. */ |
|
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
71 int restrict_access_use_priv_gid(void); |
|
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
72 void restrict_access_drop_priv_gid(void); |
|
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
73 /* Returns TRUE if privileged GID exists for this process. */ |
|
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
74 bool restrict_access_have_priv_gid(void); |
|
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
75 |
|
9500
5074914f2dba
Added restrict_get_groups_list() for easily getting list of process's groups.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
76 gid_t *restrict_get_groups_list(unsigned int *gid_count_r); |
|
5074914f2dba
Added restrict_get_groups_list() for easily getting list of process's groups.
Timo Sirainen <tss@iki.fi>
parents:
9159
diff
changeset
|
77 |
| 0 | 78 #endif |