Mercurial > dovecot > core-2.2
changeset 791:6efced4f80de HEAD
Clear separation of virtual and system usernames. passwd-file didn't work
before if the user didn't exist in system. Prefixed also all setuid/etc.
restriction environments with RESTRICT_.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 17 Dec 2002 05:00:44 +0200 |
parents | 27b28ba2a306 |
children | d573c53946ac |
files | src/auth/auth-interface.h src/auth/userinfo-passwd-file.c src/auth/userinfo-passwd.c src/auth/userinfo-vpopmail.c src/lib/restrict-access.c src/master/auth-process.c src/master/common.h src/master/imap-process.c src/master/login-process.c |
diffstat | 9 files changed, 50 insertions(+), 21 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-interface.h Tue Dec 17 04:21:46 2002 +0200 +++ b/src/auth/auth-interface.h Tue Dec 17 05:00:44 2002 +0200 @@ -7,6 +7,7 @@ #define AUTH_MAX_REPLY_DATA_SIZE 4096 #define AUTH_MAX_USER_LEN 64 +#define AUTH_MAX_VUSER_LEN 256 #define AUTH_MAX_HOME_LEN 256 #define AUTH_MAX_MAIL_LEN 256 @@ -77,7 +78,8 @@ int id; int success; /* FALSE if cookie wasn't found */ - char user[AUTH_MAX_USER_LEN]; /* system user, if available */ + char system_user[AUTH_MAX_USER_LEN]; /* system user, if available */ + char virtual_user[AUTH_MAX_VUSER_LEN]; /* for logging etc. */ uid_t uid; gid_t gid;
--- a/src/auth/userinfo-passwd-file.c Tue Dec 17 04:21:46 2002 +0200 +++ b/src/auth/userinfo-passwd-file.c Tue Dec 17 05:00:44 2002 +0200 @@ -87,6 +87,17 @@ strcpy(reply->mail, pu->mail); } + i_assert(sizeof(reply->virtual_user) > strlen(pu->user_realm)); + strcpy(reply->virtual_user, pu->user_realm); + + if (pu->realm != NULL) { + /* ':' -> '@' to make it look prettier */ + size_t pos; + + pos = (size_t) (pu->realm - (const char *) pu->user_realm); + reply->virtual_user[pos] = '@'; + } + reply->chroot = pu->chroot; return TRUE; }
--- a/src/auth/userinfo-passwd.c Tue Dec 17 04:21:46 2002 +0200 +++ b/src/auth/userinfo-passwd.c Tue Dec 17 05:00:44 2002 +0200 @@ -15,13 +15,15 @@ void passwd_fill_cookie_reply(struct passwd *pw, AuthCookieReplyData *reply) { - i_assert(sizeof(reply->user) > strlen(pw->pw_name)); + i_assert(sizeof(reply->system_user) > strlen(pw->pw_name)); + i_assert(sizeof(reply->virtual_user) > strlen(pw->pw_name)); i_assert(sizeof(reply->home) > strlen(pw->pw_dir)); reply->uid = pw->pw_uid; reply->gid = pw->pw_gid; - strcpy(reply->user, pw->pw_name); + strcpy(reply->system_user, pw->pw_name); + strcpy(reply->virtual_user, pw->pw_name); strcpy(reply->home, pw->pw_dir); }
--- a/src/auth/userinfo-vpopmail.c Tue Dec 17 04:21:46 2002 +0200 +++ b/src/auth/userinfo-vpopmail.c Tue Dec 17 05:00:44 2002 +0200 @@ -95,12 +95,18 @@ strlen(vpw->pw_dir), sizeof(reply->home)-1); } - if (strlen(vpw->pw_name) >= sizeof(reply->user)) { + if (strlen(vpw->pw_name) >= sizeof(reply->system_user)) { i_panic("Username too large (%u > %u)", - strlen(vpw->pw_name), sizeof(reply->user)-1); + strlen(vpw->pw_name), sizeof(reply->system_user)-1); } - strcpy(reply->user, vpw->pw_name); + if (strlen(vpw->pw_name) >= sizeof(reply->virtual_user)) { + i_panic("Username too large (%u > %u)", + strlen(vpw->pw_name), sizeof(reply->virtual_user)-1); + } + + strcpy(reply->system_user, vpw->pw_name); + strcpy(reply->virtual_user, vpw->pw_name); strcpy(reply->home, vpw->pw_dir); return TRUE;
--- a/src/lib/restrict-access.c Tue Dec 17 04:21:46 2002 +0200 +++ b/src/lib/restrict-access.c Tue Dec 17 05:00:44 2002 +0200 @@ -34,12 +34,12 @@ const char *chroot_dir) { if (user != NULL && *user != '\0') - env_put(t_strconcat("USER=", user, NULL)); + env_put(t_strconcat("RESTRICT_USER=", user, NULL)); if (chroot_dir != NULL && *chroot_dir != '\0') - env_put(t_strconcat("CHROOT=", chroot_dir, NULL)); + env_put(t_strconcat("RESTRICT_CHROOT=", chroot_dir, NULL)); - env_put(t_strdup_printf("SETUID=%ld", (long) uid)); - env_put(t_strdup_printf("SETGID=%ld", (long) gid)); + env_put(t_strdup_printf("RESTRICT_SETUID=%ld", (long) uid)); + env_put(t_strdup_printf("RESTRICT_SETGID=%ld", (long) gid)); } void restrict_access_by_env(void) @@ -49,7 +49,7 @@ uid_t uid; /* chrooting */ - env = getenv("CHROOT"); + env = getenv("RESTRICT_CHROOT"); if (env != NULL) { /* kludge: localtime() must be called before chroot(), or the timezone isn't known */ @@ -65,13 +65,13 @@ /* groups - the getgid() checks are just so we don't fail if we're not running as root and try to just use our own GID. */ - env = getenv("SETGID"); + env = getenv("RESTRICT_SETGID"); gid = env == NULL ? 0 : (gid_t) atol(env); if (gid != 0 && (gid != getgid() || gid != getegid())) { if (setgid(gid) != 0) i_fatal("setgid(%ld) failed: %m", (long) gid); - env = getenv("USER"); + env = getenv("RESTRICT_USER"); if (env == NULL) { /* user not known, use only this one group */ (void)setgroups(1, &gid); @@ -84,7 +84,7 @@ } /* uid last */ - env = getenv("SETUID"); + env = getenv("RESTRICT_SETUID"); uid = env == NULL ? 0 : (uid_t) atol(env); if (uid != 0) { if (setuid(uid) != 0)
--- a/src/master/auth-process.c Tue Dec 17 04:21:46 2002 +0200 +++ b/src/master/auth-process.c Tue Dec 17 05:00:44 2002 +0200 @@ -78,7 +78,8 @@ /* auth process isn't trusted, validate all data to make sure it's not trying to exploit us */ - if (!VALIDATE_STR(reply->user) || !VALIDATE_STR(reply->mail) || + if (!VALIDATE_STR(reply->system_user) || + !VALIDATE_STR(reply->virtual_user) || !VALIDATE_STR(reply->mail) || !VALIDATE_STR(reply->home)) { i_error("auth: Received corrupted data"); auth_process_destroy(process);
--- a/src/master/common.h Tue Dec 17 04:21:46 2002 +0200 +++ b/src/master/common.h Tue Dec 17 05:00:44 2002 +0200 @@ -33,7 +33,9 @@ void clean_child_process(void); -MasterReplyResult create_imap_process(int socket, IPADDR *ip, const char *user, +MasterReplyResult create_imap_process(int socket, IPADDR *ip, + const char *system_user, + const char *virtual_user, uid_t uid, gid_t gid, const char *home, int chroot, const char *env[]); void imap_process_destroyed(pid_t pid);
--- a/src/master/imap-process.c Tue Dec 17 04:21:46 2002 +0200 +++ b/src/master/imap-process.c Tue Dec 17 05:00:44 2002 +0200 @@ -101,7 +101,9 @@ return str->str; } -MasterReplyResult create_imap_process(int socket, IPADDR *ip, const char *user, +MasterReplyResult create_imap_process(int socket, IPADDR *ip, + const char *system_user, + const char *virtual_user, uid_t uid, gid_t gid, const char *home, int chroot, const char *env[]) { @@ -165,10 +167,12 @@ if (!found_mail && set_default_mail_env != NULL) { const char *mail; - mail = expand_mail_env(set_default_mail_env, user, home); + mail = expand_mail_env(set_default_mail_env, + virtual_user, home); env_put(t_strconcat("MAIL=", mail, NULL)); } + env_put(t_strconcat("USER=", virtual_user, NULL)); env_put(t_strconcat("HOME=", home, NULL)); env_put(t_strconcat("MAIL_CACHE_FIELDS=", set_mail_cache_fields, NULL)); env_put(t_strconcat("MAIL_NEVER_CACHE_FIELDS=", @@ -197,13 +201,13 @@ env_put("MBOX_READ_DOTLOCK=1"); if (set_verbose_proctitle && net_ip2host(ip, host) == 0) { - i_snprintf(title, sizeof(title), "[%s %s]", user, host); + i_snprintf(title, sizeof(title), "[%s %s]", virtual_user, host); argv[2] = title; } /* setup access environment - needs to be done after clean_child_process() since it clears environment */ - restrict_access_set_env(user, uid, gid, chroot ? home : NULL); + restrict_access_set_env(system_user, uid, gid, chroot ? home : NULL); restrict_process_size(set_imap_process_size);
--- a/src/master/login-process.c Tue Dec 17 04:21:46 2002 +0200 +++ b/src/master/login-process.c Tue Dec 17 05:00:44 2002 +0200 @@ -70,7 +70,8 @@ else { reply.result = create_imap_process(request->fd, &request->ip, - cookie_reply->user, + cookie_reply->system_user, + cookie_reply->virtual_user, cookie_reply->uid, cookie_reply->gid, cookie_reply->home,