Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/plugins/expire/auth-client.c @ 8373:9524ec6e14fc HEAD
auth-master API cleanups.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Sat, 01 Nov 2008 15:12:14 +0200 |
| parents | ffe34451c01a |
| children | b9faf4db2a9f |
| rev | line source |
|---|---|
|
7086
7ed926ed7aa4
Updated copyright notices to include year 2008.
Timo Sirainen <tss@iki.fi>
parents:
6429
diff
changeset
|
1 /* Copyright (c) 2005-2008 Dovecot authors, see the included COPYING file */ |
|
4523
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
2 |
|
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
3 #include "lib.h" |
|
8370
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
4 #include "array.h" |
|
4523
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
5 #include "env-util.h" |
|
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
6 #include "restrict-access.h" |
|
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
7 #include "auth-client.h" |
|
8370
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
8 #include "auth-master.h" |
|
4523
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
9 |
|
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
10 #include <unistd.h> |
|
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
11 |
|
8370
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
12 static uid_t current_uid = 0; |
|
4523
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
13 |
|
8370
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
14 static void auth_set_env(const char *user, struct auth_user_reply *reply) |
|
4523
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
15 { |
|
8370
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
16 const char *const *fields, *key, *value; |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
17 unsigned int i, count; |
|
4523
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
18 |
|
8370
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
19 if (reply->gid != (gid_t)-1 && getegid() != reply->gid) { |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
20 env_put(t_strconcat("RESTRICT_SETGID=", |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
21 dec2str(reply->gid), NULL)); |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
22 } |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
23 if (reply->chroot != NULL) |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
24 env_put(t_strconcat("RESTRICT_CHROOT=", reply->chroot, NULL)); |
|
4523
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
25 |
|
8370
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
26 if (reply->home == NULL) { |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
27 /* we must have a home directory */ |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
28 i_error("userdb(%s) didn't return a home directory", user); |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
29 return; |
|
4523
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
30 } |
|
8370
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
31 if (reply->uid == (uid_t)-1) { |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
32 i_error("userdb(%s) didn't return uid", user); |
|
4523
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
33 return; |
|
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
34 } |
|
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
35 |
|
8370
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
36 if (reply->uid != current_uid && current_uid != 0) { |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
37 /* we're changing the UID, switch back to root */ |
|
7551
5b27f5cbf016
expire-tool: Fixed changing uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
38 if (seteuid(0) != 0) |
|
5b27f5cbf016
expire-tool: Fixed changing uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
39 i_fatal("seteuid(0) failed: %m"); |
|
8370
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
40 current_uid = 0; |
|
7551
5b27f5cbf016
expire-tool: Fixed changing uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
41 } |
|
5b27f5cbf016
expire-tool: Fixed changing uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
42 |
|
5b27f5cbf016
expire-tool: Fixed changing uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
43 /* change GID */ |
|
5b27f5cbf016
expire-tool: Fixed changing uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
44 restrict_access_by_env(FALSE); |
|
5b27f5cbf016
expire-tool: Fixed changing uid/gid.
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
45 |
|
4523
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
46 /* we'll change only effective UID. This is a bit unfortunate since |
|
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
47 it allows reverting back to root, but we'll have to be able to |
|
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
48 access different users' mailboxes.. */ |
|
8370
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
49 if (reply->uid != current_uid) { |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
50 if (seteuid(reply->uid) < 0) |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
51 i_fatal("seteuid(%s) failed: %m", dec2str(reply->uid)); |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
52 current_uid = reply->uid; |
|
4523
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
53 } |
|
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
54 |
|
8370
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
55 fields = array_get(&reply->extra_fields, &count); |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
56 for (i = 0; i < count; i++) { |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
57 key = t_str_ucase(t_strcut(fields[i], '=')); |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
58 value = strchr(fields[i], '='); |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
59 if (value != NULL) |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
60 value++; |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
61 else |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
62 value = "1"; |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
63 env_put(t_strconcat(key, "=", value, NULL)); |
|
4523
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
64 } |
|
8370
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
65 env_put(t_strconcat("HOME=", reply->home, NULL)); |
|
4523
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
66 } |
|
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
67 |
| 8373 | 68 int auth_client_put_user_env(struct auth_master_connection *conn, |
|
4523
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
69 const char *user) |
|
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
70 { |
|
8370
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
71 struct auth_user_reply reply; |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
72 pool_t pool; |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
73 int ret; |
|
4523
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
74 |
|
8370
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
75 pool = pool_alloconly_create("userdb lookup", 512); |
| 8373 | 76 ret = auth_master_user_lookup(conn, user, AUTH_SERVICE_INTERNAL, |
| 77 pool, &reply); | |
|
8370
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
78 if (ret > 0) |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
79 auth_set_env(user, &reply); |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
80 pool_unref(&pool); |
|
ffe34451c01a
expire-tool: Use the new auth-master API instead of doing the lookup ourself.
Timo Sirainen <tss@iki.fi>
parents:
7551
diff
changeset
|
81 return ret; |
|
4523
99699cf9df43
Initial import of expire plugin code. Seems to work with at least one user. :)
Timo Sirainen <timo.sirainen@movial.fi>
parents:
diff
changeset
|
82 } |