Mercurial > dovecot > core-2.2
changeset 13006:25a452227a09
script-login: When -d isn't given, drop privileges as specified by the service settings.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 09 May 2011 20:11:00 +0300 |
parents | 56a1b3082b4b |
children | 40a5f8f07bd2 |
files | src/util/script-login.c |
diffstat | 1 files changed, 13 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/src/util/script-login.c Mon May 09 20:03:24 2011 +0300 +++ b/src/util/script-login.c Mon May 09 20:11:00 2011 +0300 @@ -22,7 +22,7 @@ #define SCRIPT_COMM_FD 3 static const char **exec_args; -static bool drop_privileges = FALSE; +static bool drop_to_userdb_privileges = FALSE; static void client_connected(struct master_service_connection *conn) { @@ -119,7 +119,7 @@ i_fatal("%s", error); mail_storage_service_restrict_setenv(service_ctx, user); - if (drop_privileges) + if (drop_to_userdb_privileges) restrict_access_by_env(getenv("HOME"), TRUE); if (dup2(fd, STDIN_FILENO) < 0) @@ -190,7 +190,7 @@ while ((c = master_getopt(master_service)) > 0) { switch (c) { case 'd': - drop_privileges = TRUE; + drop_to_userdb_privileges = TRUE; break; default: return FATAL_DEFAULT; @@ -200,12 +200,20 @@ argv += optind; master_service_init_log(master_service, "script-login: "); + + if (!drop_to_userdb_privileges && + (flags & MASTER_SERVICE_FLAG_STANDALONE) == 0) { + /* drop to privileges defined by service settings */ + restrict_access_by_env(NULL, FALSE); + } + master_service_init_finish(master_service); master_service_set_service_count(master_service, 1); - if ((flags & MASTER_SERVICE_FLAG_STANDALONE) != 0) + if ((flags & MASTER_SERVICE_FLAG_STANDALONE) != 0) { + /* The last post-login script is calling us to finish login */ script_execute_finish(); - else { + } else { if (argv[0] == NULL) i_fatal("Missing script path"); exec_args = i_new(const char *, argc + 2);