Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/lib/restrict-access.c @ 9610:4f84f3fe15eb HEAD
Fixed setgid() failure error message.
Based on patch by Clint Adams
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 31 Aug 2010 17:06:20 +0100 |
parents | 6794893d03c9 |
children |
rev | line source |
---|---|
9532
00cd9aacd03c
Updated copyright notices to include year 2010.
Timo Sirainen <tss@iki.fi>
parents:
9147
diff
changeset
|
1 /* Copyright (c) 2002-2010 Dovecot authors, see the included COPYING file */ |
0 | 2 |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
3 #define _GNU_SOURCE /* setresgid() */ |
7936 | 4 #include <stdio.h> /* for AIX */ |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
5 #include <sys/types.h> |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
6 #include <unistd.h> |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
7 |
0 | 8 #include "lib.h" |
9 #include "restrict-access.h" | |
697
7814b29d0862
Created env_put() and env_clean() for a bit easier handling of environment
Timo Sirainen <tss@iki.fi>
parents:
372
diff
changeset
|
10 #include "env-util.h" |
0 | 11 |
12 #include <stdlib.h> | |
372
fb674793e75a
kludge: localtime() must be called before chroot(), or the timezone isn't
Timo Sirainen <tss@iki.fi>
parents:
0
diff
changeset
|
13 #include <time.h> |
8565
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
14 #include <pwd.h> |
0 | 15 #include <grp.h> |
8798
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
16 #ifdef HAVE_PR_SET_DUMPABLE |
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
17 # include <sys/prctl.h> |
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
18 #endif |
0 | 19 |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
20 static gid_t process_primary_gid = (gid_t)-1; |
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
21 static gid_t process_privileged_gid = (gid_t)-1; |
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
22 static bool process_using_priv_gid = FALSE; |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
23 |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
24 void restrict_access_set_env(const char *user, uid_t uid, |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
25 gid_t gid, gid_t privileged_gid, |
1506
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1271
diff
changeset
|
26 const char *chroot_dir, |
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
27 gid_t first_valid_gid, gid_t last_valid_gid, |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
28 const char *extra_groups) |
0 | 29 { |
30 if (user != NULL && *user != '\0') | |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
31 env_put(t_strconcat("RESTRICT_USER=", user, NULL)); |
0 | 32 if (chroot_dir != NULL && *chroot_dir != '\0') |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
33 env_put(t_strconcat("RESTRICT_CHROOT=", chroot_dir, NULL)); |
0 | 34 |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
35 env_put(t_strdup_printf("RESTRICT_SETUID=%s", dec2str(uid))); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
36 env_put(t_strdup_printf("RESTRICT_SETGID=%s", dec2str(gid))); |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
37 if (privileged_gid != (gid_t)-1) { |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
38 env_put(t_strdup_printf("RESTRICT_SETGID_PRIV=%s", |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
39 dec2str(privileged_gid))); |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
40 } |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
41 if (extra_groups != NULL && *extra_groups != '\0') { |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
42 env_put(t_strconcat("RESTRICT_SETEXTRAGROUPS=", |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
43 extra_groups, NULL)); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
44 } |
1506
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1271
diff
changeset
|
45 |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
46 if (first_valid_gid != 0) { |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
47 env_put(t_strdup_printf("RESTRICT_GID_FIRST=%s", |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
48 dec2str(first_valid_gid))); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
49 } |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
50 if (last_valid_gid != 0) { |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
51 env_put(t_strdup_printf("RESTRICT_GID_LAST=%s", |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
52 dec2str(last_valid_gid))); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
53 } |
1506
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1271
diff
changeset
|
54 } |
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1271
diff
changeset
|
55 |
8565
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
56 static const char *get_uid_str(uid_t uid) |
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
57 { |
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
58 const struct passwd *pw; |
8566
1c462a3c21ba
Fix to previous change: Don't lose errno during uid/gid naming.
Timo Sirainen <tss@iki.fi>
parents:
8565
diff
changeset
|
59 const char *ret; |
1c462a3c21ba
Fix to previous change: Don't lose errno during uid/gid naming.
Timo Sirainen <tss@iki.fi>
parents:
8565
diff
changeset
|
60 int old_errno = errno; |
8565
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
61 |
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
62 pw = getpwuid(uid); |
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
63 if (pw == NULL) |
8566
1c462a3c21ba
Fix to previous change: Don't lose errno during uid/gid naming.
Timo Sirainen <tss@iki.fi>
parents:
8565
diff
changeset
|
64 ret = dec2str(uid); |
8565
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
65 else |
8566
1c462a3c21ba
Fix to previous change: Don't lose errno during uid/gid naming.
Timo Sirainen <tss@iki.fi>
parents:
8565
diff
changeset
|
66 ret = t_strdup_printf("%s(%s)", dec2str(uid), pw->pw_name); |
1c462a3c21ba
Fix to previous change: Don't lose errno during uid/gid naming.
Timo Sirainen <tss@iki.fi>
parents:
8565
diff
changeset
|
67 errno = old_errno; |
1c462a3c21ba
Fix to previous change: Don't lose errno during uid/gid naming.
Timo Sirainen <tss@iki.fi>
parents:
8565
diff
changeset
|
68 return ret; |
8565
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
69 } |
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
70 |
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
71 static const char *get_gid_str(gid_t gid) |
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
72 { |
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
73 const struct group *group; |
8566
1c462a3c21ba
Fix to previous change: Don't lose errno during uid/gid naming.
Timo Sirainen <tss@iki.fi>
parents:
8565
diff
changeset
|
74 const char *ret; |
1c462a3c21ba
Fix to previous change: Don't lose errno during uid/gid naming.
Timo Sirainen <tss@iki.fi>
parents:
8565
diff
changeset
|
75 int old_errno = errno; |
8565
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
76 |
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
77 group = getgrgid(gid); |
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
78 if (group == NULL) |
8566
1c462a3c21ba
Fix to previous change: Don't lose errno during uid/gid naming.
Timo Sirainen <tss@iki.fi>
parents:
8565
diff
changeset
|
79 ret = dec2str(gid); |
8565
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
80 else |
8566
1c462a3c21ba
Fix to previous change: Don't lose errno during uid/gid naming.
Timo Sirainen <tss@iki.fi>
parents:
8565
diff
changeset
|
81 ret = t_strdup_printf("%s(%s)", dec2str(gid), group->gr_name); |
1c462a3c21ba
Fix to previous change: Don't lose errno during uid/gid naming.
Timo Sirainen <tss@iki.fi>
parents:
8565
diff
changeset
|
82 errno = old_errno; |
1c462a3c21ba
Fix to previous change: Don't lose errno during uid/gid naming.
Timo Sirainen <tss@iki.fi>
parents:
8565
diff
changeset
|
83 return ret; |
8565
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
84 } |
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
85 |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
86 static void restrict_init_groups(gid_t primary_gid, gid_t privileged_gid) |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
87 { |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
88 if (privileged_gid == (gid_t)-1) { |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
89 if (primary_gid == getgid() && primary_gid == getegid()) { |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
90 /* everything is already set */ |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
91 return; |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
92 } |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
93 |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
94 if (setgid(primary_gid) != 0) { |
9549
6794893d03c9
Improved setgid/setuid failure's error message.
Timo Sirainen <tss@iki.fi>
parents:
9532
diff
changeset
|
95 i_fatal("setgid(%s) failed with " |
6794893d03c9
Improved setgid/setuid failure's error message.
Timo Sirainen <tss@iki.fi>
parents:
9532
diff
changeset
|
96 "euid=%s, gid=%s, egid=%s: %m " |
6794893d03c9
Improved setgid/setuid failure's error message.
Timo Sirainen <tss@iki.fi>
parents:
9532
diff
changeset
|
97 "(This binary should probably be called with " |
6794893d03c9
Improved setgid/setuid failure's error message.
Timo Sirainen <tss@iki.fi>
parents:
9532
diff
changeset
|
98 "process group set to %s instead of %s)", |
8565
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
99 get_gid_str(primary_gid), get_uid_str(geteuid()), |
9549
6794893d03c9
Improved setgid/setuid failure's error message.
Timo Sirainen <tss@iki.fi>
parents:
9532
diff
changeset
|
100 get_gid_str(getgid()), get_gid_str(getegid()), |
9610
4f84f3fe15eb
Fixed setgid() failure error message.
Timo Sirainen <tss@iki.fi>
parents:
9549
diff
changeset
|
101 get_gid_str(primary_gid), get_gid_str(getegid())); |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
102 } |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
103 return; |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
104 } |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
105 |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
106 if (getegid() != 0 && primary_gid == getgid() && |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
107 primary_gid == getegid()) { |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
108 /* privileged_gid is hopefully in saved ID. if not, |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
109 there's nothing we can do about it. */ |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
110 return; |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
111 } |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
112 |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
113 #ifdef HAVE_SETRESGID |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
114 if (setresgid(primary_gid, primary_gid, privileged_gid) != 0) { |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
115 i_fatal("setresgid(%s,%s,%s) failed with euid=%s: %m", |
8565
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
116 get_gid_str(primary_gid), get_gid_str(primary_gid), |
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
117 get_gid_str(privileged_gid), get_uid_str(geteuid())); |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
118 } |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
119 #else |
7386
85934050fdbd
mail_privileged_group didn't work with systems where setresgid() wasn't
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
120 if (geteuid() == 0) { |
85934050fdbd
mail_privileged_group didn't work with systems where setresgid() wasn't
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
121 /* real, effective, saved -> privileged_gid */ |
85934050fdbd
mail_privileged_group didn't work with systems where setresgid() wasn't
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
122 if (setgid(privileged_gid) < 0) { |
85934050fdbd
mail_privileged_group didn't work with systems where setresgid() wasn't
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
123 i_fatal("setgid(%s) failed: %m", |
8565
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
124 get_gid_str(privileged_gid)); |
7386
85934050fdbd
mail_privileged_group didn't work with systems where setresgid() wasn't
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
125 } |
85934050fdbd
mail_privileged_group didn't work with systems where setresgid() wasn't
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
126 } |
85934050fdbd
mail_privileged_group didn't work with systems where setresgid() wasn't
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
127 /* real, effective -> primary_gid |
85934050fdbd
mail_privileged_group didn't work with systems where setresgid() wasn't
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
128 saved -> keep */ |
85934050fdbd
mail_privileged_group didn't work with systems where setresgid() wasn't
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
129 if (setregid(primary_gid, primary_gid) != 0) { |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
130 i_fatal("setregid(%s,%s) failed with euid=%s: %m", |
8565
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
131 get_gid_str(primary_gid), get_gid_str(privileged_gid), |
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
132 get_uid_str(geteuid())); |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
133 } |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
134 #endif |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
135 } |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
136 |
9147
c002187195bd
Added restrict_get_groups_list() for easily getting list of process's groups.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
137 gid_t *restrict_get_groups_list(unsigned int *gid_count_r) |
1506
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1271
diff
changeset
|
138 { |
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
139 gid_t *gid_list; |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
140 int ret, gid_count; |
1506
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1271
diff
changeset
|
141 |
2817
cc27696fb36d
getgroups() was used wrongly before and caused problems if there were lots
Timo Sirainen <tss@iki.fi>
parents:
2767
diff
changeset
|
142 if ((gid_count = getgroups(0, NULL)) < 0) |
cc27696fb36d
getgroups() was used wrongly before and caused problems if there were lots
Timo Sirainen <tss@iki.fi>
parents:
2767
diff
changeset
|
143 i_fatal("getgroups() failed: %m"); |
1506
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1271
diff
changeset
|
144 |
2817
cc27696fb36d
getgroups() was used wrongly before and caused problems if there were lots
Timo Sirainen <tss@iki.fi>
parents:
2767
diff
changeset
|
145 /* @UNSAFE */ |
cc27696fb36d
getgroups() was used wrongly before and caused problems if there were lots
Timo Sirainen <tss@iki.fi>
parents:
2767
diff
changeset
|
146 gid_list = t_new(gid_t, gid_count); |
cc27696fb36d
getgroups() was used wrongly before and caused problems if there were lots
Timo Sirainen <tss@iki.fi>
parents:
2767
diff
changeset
|
147 if ((ret = getgroups(gid_count, gid_list)) < 0) |
cc27696fb36d
getgroups() was used wrongly before and caused problems if there were lots
Timo Sirainen <tss@iki.fi>
parents:
2767
diff
changeset
|
148 i_fatal("getgroups() failed: %m"); |
1506
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1271
diff
changeset
|
149 |
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
150 *gid_count_r = ret; |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
151 return gid_list; |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
152 } |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
153 |
7387
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
154 static void drop_restricted_groups(gid_t *gid_list, unsigned int *gid_count, |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
155 bool *have_root_group) |
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
156 { |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
157 /* @UNSAFE */ |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
158 gid_t first_valid, last_valid; |
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
159 const char *env; |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
160 unsigned int i, used; |
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
161 |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
162 env = getenv("RESTRICT_GID_FIRST"); |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
163 first_valid = env == NULL ? 0 : (gid_t)strtoul(env, NULL, 10); |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
164 env = getenv("RESTRICT_GID_LAST"); |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
165 last_valid = env == NULL ? (gid_t)-1 : (gid_t)strtoul(env, NULL, 10); |
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
166 |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
167 for (i = 0, used = 0; i < *gid_count; i++) { |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
168 if (gid_list[i] >= first_valid && |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
169 (last_valid == (gid_t)-1 || gid_list[i] <= last_valid)) { |
4867
1120c8b667e5
restrict_gid_first/last wasn't working correctly for non-primary groups.
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
170 if (gid_list[i] == 0) |
1120c8b667e5
restrict_gid_first/last wasn't working correctly for non-primary groups.
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
171 *have_root_group = TRUE; |
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
172 gid_list[used++] = gid_list[i]; |
4867
1120c8b667e5
restrict_gid_first/last wasn't working correctly for non-primary groups.
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
173 } |
1506
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1271
diff
changeset
|
174 } |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
175 *gid_count = used; |
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
176 } |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
177 |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
178 static gid_t get_group_id(const char *name) |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
179 { |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
180 struct group *group; |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
181 |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
182 if (is_numeric(name, '\0')) |
3416 | 183 return (gid_t)strtoul(name, NULL, 10); |
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
184 |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
185 group = getgrnam(name); |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
186 if (group == NULL) |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
187 i_fatal("unknown group name in extra_groups: %s", name); |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
188 return group->gr_gid; |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
189 } |
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
190 |
7387
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
191 static void fix_groups_list(const char *extra_groups, |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
192 bool preserve_existing, bool *have_root_group) |
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
193 { |
7387
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
194 gid_t gid, *gid_list, *gid_list2; |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
195 const char *const *tmp, *empty = NULL; |
7387
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
196 unsigned int i, gid_count; |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
197 bool add_primary_gid; |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
198 |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
199 /* if we're using a privileged GID, we can temporarily drop our |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
200 effective GID. we still want to be able to use its privileges, |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
201 so add it to supplementary groups. */ |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
202 add_primary_gid = process_privileged_gid != (gid_t)-1; |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
203 |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
204 tmp = extra_groups == NULL ? &empty : |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
205 t_strsplit_spaces(extra_groups, ", "); |
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
206 |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
207 if (preserve_existing) { |
9147
c002187195bd
Added restrict_get_groups_list() for easily getting list of process's groups.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
208 gid_list = restrict_get_groups_list(&gid_count); |
7387
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
209 drop_restricted_groups(gid_list, &gid_count, |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
210 have_root_group); |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
211 /* see if the list already contains the primary GID */ |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
212 for (i = 0; i < gid_count; i++) { |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
213 if (gid_list[i] == process_primary_gid) { |
7387
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
214 add_primary_gid = FALSE; |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
215 break; |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
216 } |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
217 } |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
218 } else { |
7387
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
219 gid_list = NULL; |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
220 gid_count = 0; |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
221 } |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
222 if (gid_count == 0) { |
6991
d7a48bf83a0e
Don't use empty setgroups() list to drop groups. It doesn't work at least
Timo Sirainen <tss@iki.fi>
parents:
6972
diff
changeset
|
223 /* Some OSes don't like an empty groups list, |
7387
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
224 so use the primary GID as the only one. */ |
6991
d7a48bf83a0e
Don't use empty setgroups() list to drop groups. It doesn't work at least
Timo Sirainen <tss@iki.fi>
parents:
6972
diff
changeset
|
225 gid_list = t_new(gid_t, 2); |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
226 gid_list[0] = process_primary_gid; |
6991
d7a48bf83a0e
Don't use empty setgroups() list to drop groups. It doesn't work at least
Timo Sirainen <tss@iki.fi>
parents:
6972
diff
changeset
|
227 gid_count = 1; |
7387
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
228 add_primary_gid = FALSE; |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
229 } |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
230 |
7387
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
231 if (*tmp != NULL || add_primary_gid) { |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
232 /* @UNSAFE: add extra groups and/or primary GID to gids list */ |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
233 gid_list2 = t_new(gid_t, gid_count + str_array_length(tmp) + 1); |
7124 | 234 memcpy(gid_list2, gid_list, gid_count * sizeof(gid_t)); |
7387
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
235 for (; *tmp != NULL; tmp++) { |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
236 gid = get_group_id(*tmp); |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
237 if (gid != process_primary_gid) |
7387
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
238 gid_list2[gid_count++] = gid; |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
239 } |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
240 if (add_primary_gid) |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
241 gid_list2[gid_count++] = process_primary_gid; |
7124 | 242 gid_list = gid_list2; |
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
243 } |
7124 | 244 |
6509
d0689497bb11
Use better error messages for setgroups() failures.
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
245 if (setgroups(gid_count, gid_list) < 0) { |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
246 if (errno == EINVAL) { |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
247 i_fatal("setgroups(%s) failed: Too many extra groups", |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
248 extra_groups == NULL ? "" : extra_groups); |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
249 } else { |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
250 i_fatal("setgroups() failed: %m"); |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
251 } |
6509
d0689497bb11
Use better error messages for setgroups() failures.
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
252 } |
0 | 253 } |
254 | |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
255 void restrict_access_by_env(bool disallow_root) |
0 | 256 { |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
257 const char *env; |
0 | 258 uid_t uid; |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
259 bool is_root, have_root_group, preserve_groups = FALSE; |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
260 bool allow_root_gid; |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
261 |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
262 is_root = geteuid() == 0; |
0 | 263 |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
264 /* set the primary/privileged group */ |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
265 env = getenv("RESTRICT_SETGID"); |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
266 process_primary_gid = env == NULL || *env == '\0' ? (gid_t)-1 : |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
267 (gid_t)strtoul(env, NULL, 10); |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
268 env = getenv("RESTRICT_SETGID_PRIV"); |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
269 process_privileged_gid = env == NULL || *env == '\0' ? (gid_t)-1 : |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
270 (gid_t)strtoul(env, NULL, 10); |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
271 |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
272 have_root_group = process_primary_gid == 0; |
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
273 if (process_primary_gid != (gid_t)-1 || |
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
274 process_privileged_gid != (gid_t)-1) { |
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
275 if (process_primary_gid == (gid_t)-1) |
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
276 process_primary_gid = getegid(); |
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
277 restrict_init_groups(process_primary_gid, |
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
278 process_privileged_gid); |
7387
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
279 } else { |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
280 if (process_primary_gid == (gid_t)-1) |
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
281 process_primary_gid = getegid(); |
1506
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1271
diff
changeset
|
282 } |
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1271
diff
changeset
|
283 |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
284 /* set system user's groups */ |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
285 env = getenv("RESTRICT_USER"); |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
286 if (env != NULL && *env != '\0' && is_root) { |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
287 if (initgroups(env, process_primary_gid) < 0) { |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
288 i_fatal("initgroups(%s, %s) failed: %m", |
8565
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
289 env, get_gid_str(process_primary_gid)); |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
290 } |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
291 preserve_groups = TRUE; |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
292 } |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
293 |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
294 /* add extra groups. if we set system user's groups, drop the |
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
295 restricted groups at the same time. */ |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
296 env = getenv("RESTRICT_SETEXTRAGROUPS"); |
7387
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
297 if (is_root) T_BEGIN { |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
298 fix_groups_list(env, preserve_groups, &have_root_group); |
2bef36355718
Make sure the primary GID is in supplementary groups when using
Timo Sirainen <tss@iki.fi>
parents:
7386
diff
changeset
|
299 } T_END; |
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
300 |
0 | 301 /* chrooting */ |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
302 env = getenv("RESTRICT_CHROOT"); |
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1741
diff
changeset
|
303 if (env != NULL && *env != '\0') { |
372
fb674793e75a
kludge: localtime() must be called before chroot(), or the timezone isn't
Timo Sirainen <tss@iki.fi>
parents:
0
diff
changeset
|
304 /* kludge: localtime() must be called before chroot(), |
fb674793e75a
kludge: localtime() must be called before chroot(), or the timezone isn't
Timo Sirainen <tss@iki.fi>
parents:
0
diff
changeset
|
305 or the timezone isn't known */ |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
306 const char *home = getenv("HOME"); |
372
fb674793e75a
kludge: localtime() must be called before chroot(), or the timezone isn't
Timo Sirainen <tss@iki.fi>
parents:
0
diff
changeset
|
307 time_t t = 0; |
fb674793e75a
kludge: localtime() must be called before chroot(), or the timezone isn't
Timo Sirainen <tss@iki.fi>
parents:
0
diff
changeset
|
308 (void)localtime(&t); |
fb674793e75a
kludge: localtime() must be called before chroot(), or the timezone isn't
Timo Sirainen <tss@iki.fi>
parents:
0
diff
changeset
|
309 |
0 | 310 if (chroot(env) != 0) |
311 i_fatal("chroot(%s) failed: %m", env); | |
312 | |
5445
3a7ec48f8808
After chrooting try to chroot to $HOME instead of to /. If home doesn't
Timo Sirainen <tss@iki.fi>
parents:
4867
diff
changeset
|
313 if (home != NULL) { |
3a7ec48f8808
After chrooting try to chroot to $HOME instead of to /. If home doesn't
Timo Sirainen <tss@iki.fi>
parents:
4867
diff
changeset
|
314 if (chdir(home) < 0) { |
3a7ec48f8808
After chrooting try to chroot to $HOME instead of to /. If home doesn't
Timo Sirainen <tss@iki.fi>
parents:
4867
diff
changeset
|
315 i_error("chdir(%s) failed: %m", home); |
3a7ec48f8808
After chrooting try to chroot to $HOME instead of to /. If home doesn't
Timo Sirainen <tss@iki.fi>
parents:
4867
diff
changeset
|
316 home = NULL; |
3a7ec48f8808
After chrooting try to chroot to $HOME instead of to /. If home doesn't
Timo Sirainen <tss@iki.fi>
parents:
4867
diff
changeset
|
317 } |
3a7ec48f8808
After chrooting try to chroot to $HOME instead of to /. If home doesn't
Timo Sirainen <tss@iki.fi>
parents:
4867
diff
changeset
|
318 } |
3a7ec48f8808
After chrooting try to chroot to $HOME instead of to /. If home doesn't
Timo Sirainen <tss@iki.fi>
parents:
4867
diff
changeset
|
319 if (home == NULL) { |
3a7ec48f8808
After chrooting try to chroot to $HOME instead of to /. If home doesn't
Timo Sirainen <tss@iki.fi>
parents:
4867
diff
changeset
|
320 if (chdir("/") != 0) |
3a7ec48f8808
After chrooting try to chroot to $HOME instead of to /. If home doesn't
Timo Sirainen <tss@iki.fi>
parents:
4867
diff
changeset
|
321 i_fatal("chdir(/) failed: %m"); |
3a7ec48f8808
After chrooting try to chroot to $HOME instead of to /. If home doesn't
Timo Sirainen <tss@iki.fi>
parents:
4867
diff
changeset
|
322 } |
0 | 323 } |
324 | |
325 /* uid last */ | |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
326 env = getenv("RESTRICT_SETUID"); |
6972
296ee9005d80
Code cleanups and error handling fixes to setting/dropping groups.
Timo Sirainen <tss@iki.fi>
parents:
6940
diff
changeset
|
327 uid = env == NULL || *env == '\0' ? 0 : (uid_t)strtoul(env, NULL, 10); |
0 | 328 if (uid != 0) { |
6661
dbe6224b0309
If setuid() fails, log the current effective uid.
Timo Sirainen <tss@iki.fi>
parents:
6640
diff
changeset
|
329 if (setuid(uid) != 0) { |
9549
6794893d03c9
Improved setgid/setuid failure's error message.
Timo Sirainen <tss@iki.fi>
parents:
9532
diff
changeset
|
330 i_fatal("setuid(%s) failed with euid=%s: %m " |
6794893d03c9
Improved setgid/setuid failure's error message.
Timo Sirainen <tss@iki.fi>
parents:
9532
diff
changeset
|
331 "(This binary should probably be called with " |
6794893d03c9
Improved setgid/setuid failure's error message.
Timo Sirainen <tss@iki.fi>
parents:
9532
diff
changeset
|
332 "process user set to %s instead of %s)", |
6794893d03c9
Improved setgid/setuid failure's error message.
Timo Sirainen <tss@iki.fi>
parents:
9532
diff
changeset
|
333 get_uid_str(uid), get_uid_str(geteuid()), |
8565
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
334 get_uid_str(uid), get_uid_str(geteuid())); |
6661
dbe6224b0309
If setuid() fails, log the current effective uid.
Timo Sirainen <tss@iki.fi>
parents:
6640
diff
changeset
|
335 } |
801
86224ff16bf6
Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents:
800
diff
changeset
|
336 } |
0 | 337 |
801
86224ff16bf6
Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents:
800
diff
changeset
|
338 /* verify that we actually dropped the privileges */ |
86224ff16bf6
Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents:
800
diff
changeset
|
339 if (uid != 0 || disallow_root) { |
2669 | 340 if (setuid(0) == 0) { |
341 if (uid == 0) | |
342 i_fatal("Running as root isn't permitted"); | |
0 | 343 i_fatal("We couldn't drop root privileges"); |
2669 | 344 } |
0 | 345 } |
801
86224ff16bf6
Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents:
800
diff
changeset
|
346 |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
347 env = getenv("RESTRICT_GID_FIRST"); |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
348 if (env != NULL && atoi(env) != 0) |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
349 allow_root_gid = FALSE; |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
350 else if (process_primary_gid == 0 || process_privileged_gid == 0) |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
351 allow_root_gid = TRUE; |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
352 else |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
353 allow_root_gid = FALSE; |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
354 |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
355 if (!allow_root_gid && uid != 0) { |
2669 | 356 if (getgid() == 0 || getegid() == 0 || setgid(0) == 0) { |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
357 if (process_primary_gid == 0) |
2669 | 358 i_fatal("GID 0 isn't permitted"); |
359 i_fatal("We couldn't drop root group privileges " | |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
360 "(wanted=%s, gid=%s, egid=%s)", |
8565
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
361 get_gid_str(process_primary_gid), |
23ae9c63ae47
If uid/gid changing fails, log also the name of the uid/gid instead of just the number.
Timo Sirainen <tss@iki.fi>
parents:
7936
diff
changeset
|
362 get_gid_str(getgid()), get_gid_str(getegid())); |
2669 | 363 } |
801
86224ff16bf6
Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents:
800
diff
changeset
|
364 } |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
365 |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
366 /* clear the environment, so we don't fail if we get back here */ |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
367 env_put("RESTRICT_USER="); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
368 env_put("RESTRICT_CHROOT="); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
369 env_put("RESTRICT_SETUID="); |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
370 if (process_privileged_gid == (gid_t)-1) { |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
371 /* if we're dropping privileges before executing and |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
372 a privileged group is set, the groups must be fixed |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
373 after exec */ |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
374 env_put("RESTRICT_SETGID="); |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
375 env_put("RESTRICT_SETGID_PRIV="); |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
376 } |
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
377 env_put("RESTRICT_SETEXTRAGROUPS="); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
378 env_put("RESTRICT_GID_FIRST="); |
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
379 env_put("RESTRICT_GID_LAST="); |
0 | 380 } |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
381 |
8798
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
382 void restrict_access_allow_coredumps(bool allow ATTR_UNUSED) |
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
383 { |
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
384 #ifdef HAVE_PR_SET_DUMPABLE |
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
385 (void)prctl(PR_SET_DUMPABLE, allow, 0, 0, 0); |
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
386 #endif |
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
387 } |
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
8590
diff
changeset
|
388 |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
389 int restrict_access_use_priv_gid(void) |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
390 { |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
391 i_assert(!process_using_priv_gid); |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
392 |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
393 if (process_privileged_gid == (gid_t)-1) |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
394 return 0; |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
395 if (setegid(process_privileged_gid) < 0) { |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
396 i_error("setegid(privileged) failed: %m"); |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
397 return -1; |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
398 } |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
399 process_using_priv_gid = TRUE; |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
400 return 0; |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
401 } |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
402 |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
403 void restrict_access_drop_priv_gid(void) |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
404 { |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
405 if (!process_using_priv_gid) |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
406 return; |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
407 |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
408 if (setegid(process_primary_gid) < 0) |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
409 i_fatal("setegid(primary) failed: %m"); |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
410 process_using_priv_gid = FALSE; |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
411 } |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
412 |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
413 bool restrict_access_have_priv_gid(void) |
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
414 { |
7561
1a58b18652a6
Avoid using shadow variables. Unfortunately -Wshadow also complains about
Timo Sirainen <tss@iki.fi>
parents:
7387
diff
changeset
|
415 return process_privileged_gid != (gid_t)-1; |
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7226
diff
changeset
|
416 } |