changeset 1724:b3526668de78 HEAD

Make sure auth process and login process don't share uids.
author Timo Sirainen <tss@iki.fi>
date Sun, 24 Aug 2003 10:37:41 +0300
parents c090fc199013
children cc0690f92d96
files src/master/auth-process.c src/master/login-process.c src/master/master-settings.c src/master/master-settings.h
diffstat 4 files changed, 34 insertions(+), 17 deletions(-) [+]
line wrap: on
line diff
--- a/src/master/auth-process.c	Sun Aug 24 10:21:30 2003 +0300
+++ b/src/master/auth-process.c	Sun Aug 24 10:37:41 2003 +0300
@@ -253,13 +253,9 @@
 static pid_t create_auth_process(struct auth_process_group *group)
 {
 	static char *argv[] = { NULL, NULL };
-	struct passwd *pwd;
 	pid_t pid;
 	int fd[2], i;
 
-	if ((pwd = getpwnam(group->set->user)) == NULL)
-		i_fatal("Auth user doesn't exist: %s", group->set->user);
-
 	/* create communication to process with a socket pair */
 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, fd) == -1) {
 		i_error("socketpair() failed: %m");
@@ -308,8 +304,8 @@
 		fd_close_on_exec(i, FALSE);
 
 	/* setup access environment */
-	restrict_access_set_env(group->set->user, pwd->pw_uid, pwd->pw_gid,
-				group->set->chroot, 0, 0);
+	restrict_access_set_env(group->set->user, group->set->uid,
+				group->set->gid, group->set->chroot, 0, 0);
 
 	/* set other environment */
 	env_put(t_strconcat("AUTH_PROCESS=", dec2str(getpid()), NULL));
@@ -383,11 +379,10 @@
 	fd_close_on_exec(group->listen_fd, TRUE);
 
 	/* set correct permissions */
-	if (chown(path, master_uid,
-		  auth_set->parent->defaults->login_gid) < 0) {
+	if (chown(path, master_uid, auth_set->parent->login_gid) < 0) {
 		i_fatal("login: chown(%s, %s, %s) failed: %m",
 			path, dec2str(master_uid),
-			dec2str(auth_set->parent->defaults->login_gid));
+			dec2str(auth_set->parent->login_gid));
 	}
 
 	group->next = process_groups;
--- a/src/master/login-process.c	Sun Aug 24 10:21:30 2003 +0300
+++ b/src/master/login-process.c	Sun Aug 24 10:37:41 2003 +0300
@@ -374,7 +374,8 @@
 
 	/* setup access environment - needs to be done after
 	   clean_child_process() since it clears environment */
-	restrict_access_set_env(set->login_user, set->login_uid, set->login_gid,
+	restrict_access_set_env(set->login_user, set->login_uid,
+				set->server->login_gid,
 				set->login_chroot ? set->login_dir : NULL,
 				0, 0);
 
--- a/src/master/master-settings.c	Sun Aug 24 10:21:30 2003 +0300
+++ b/src/master/master-settings.c	Sun Aug 24 10:37:41 2003 +0300
@@ -225,7 +225,6 @@
 
 	/* .. */
 	MEMBER(login_uid) 0,
-	MEMBER(login_gid) 0,
 	MEMBER(listen_fd) -1,
 	MEMBER(ssl_listen_fd) -1
 };
@@ -273,11 +272,11 @@
 		return FALSE;
 	}
 
-	if (set->login_gid == 0)
-		set->login_gid = pw->pw_gid;
-	else if (set->login_gid != pw->pw_gid) {
+	if (set->server->login_gid == 0)
+		set->server->login_gid = pw->pw_gid;
+	else if (set->server->login_gid != pw->pw_gid) {
 		i_error("All login process users must belong to same group "
-			"(%s vs %s)", dec2str(set->login_gid),
+			"(%s vs %s)", dec2str(set->server->login_gid),
 			dec2str(pw->pw_gid));
 		return FALSE;
 	}
@@ -288,6 +287,22 @@
 
 static int auth_settings_verify(struct auth_settings *auth)
 {
+	struct passwd *pw;
+
+	if ((pw = getpwnam(auth->user)) == NULL) {
+		i_error("Auth user doesn't exist: %s", auth->user);
+		return FALSE;
+	}
+
+	if (auth->parent->defaults->login_uid == pw->pw_uid &&
+	    master_uid != pw->pw_uid) {
+		i_error("login_user %s (uid %s) must not be same as auth_user",
+			auth->user, dec2str(pw->pw_uid));
+		return FALSE;
+	}
+	auth->uid = pw->pw_uid;
+	auth->gid = pw->pw_gid;
+
 	if (access(auth->executable, X_OK) < 0) {
 		i_error("Can't use auth executable %s: %m", auth->executable);
 		return FALSE;
@@ -430,7 +445,8 @@
 		return FALSE;
 	}
 
-	if (safe_mkdir(set->login_dir, 0750, master_uid, set->login_gid) == 0) {
+	if (safe_mkdir(set->login_dir, 0750,
+		       master_uid, set->server->login_gid) == 0) {
 		i_warning("Corrected permissions for login directory %s",
 			  set->login_dir);
 	}
--- a/src/master/master-settings.h	Sun Aug 24 10:21:30 2003 +0300
+++ b/src/master/master-settings.h	Sun Aug 24 10:37:41 2003 +0300
@@ -81,7 +81,6 @@
 
 	/* .. */
 	uid_t login_uid;
-	gid_t login_gid;
 
 	int listen_fd, ssl_listen_fd;
 };
@@ -106,6 +105,10 @@
 
 	unsigned int count;
 	unsigned int process_size;
+
+	/* .. */
+	uid_t uid;
+	gid_t gid;
 };
 
 struct namespace_settings {
@@ -128,6 +131,8 @@
 	struct auth_settings *auths;
 	struct auth_settings auth_defaults;
         struct namespace_settings *namespaces;
+
+	gid_t login_gid;
 };
 
 extern struct server_settings *settings_root;