annotate src/lib/restrict-access.h @ 9191:b340ecb24469 HEAD

Fix VPATH build of RQUOTA support. Some rpcgen derive #include "..." paths from the infile argument. This will be off for VPATH builds, as the generated rquota_xdr.c code will look in $(srcdir), but we'll generate the rquota.h file in $(builddir). Play safe and copy rquota.x to $(builddir) first. This fixes the build on openSUSE 11.1.
author Matthias Andree <matthias.andree@gmx.de>
date Tue, 07 Jul 2009 21:01:36 +0200
parents c002187195bd
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6410
e4eb71ae8e96 Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents: 3863
diff changeset
1 #ifndef RESTRICT_ACCESS_H
e4eb71ae8e96 Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents: 3863
diff changeset
2 #define RESTRICT_ACCESS_H
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
4 /* set environment variables so they can be read with
7341
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents: 7109
diff changeset
5 restrict_access_by_env(). If privileged_gid != (gid_t)-1,
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents: 7109
diff changeset
6 the privileged GID can be temporarily enabled/disabled. */
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents: 7109
diff changeset
7 void restrict_access_set_env(const char *user, uid_t uid,
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents: 7109
diff changeset
8 gid_t gid, gid_t privileged_gid,
1506
e7c627bacaaf Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents: 1271
diff changeset
9 const char *chroot_dir,
2141
8690d2000e33 Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents: 1506
diff changeset
10 gid_t first_valid_gid, gid_t last_valid_gid,
8690d2000e33 Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents: 1506
diff changeset
11 const char *extra_groups);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
12
801
86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents: 0
diff changeset
13 /* chroot, setuid() and setgid() based on environment variables.
86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents: 0
diff changeset
14 If disallow_roots is TRUE, we'll kill ourself if we didn't have the
7109
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents: 7091
diff changeset
15 environment settings and we have root uid or gid. */
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents: 7091
diff changeset
16 void restrict_access_by_env(bool disallow_root);
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
17
8798
c9381a0fdc5e Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents: 7341
diff changeset
18 /* Try to set up the process in a way that core dumps are still allowed
c9381a0fdc5e Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents: 7341
diff changeset
19 after calling restrict_access_by_env(). */
c9381a0fdc5e Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents: 7341
diff changeset
20 void restrict_access_allow_coredumps(bool allow);
c9381a0fdc5e Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents: 7341
diff changeset
21
7341
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents: 7109
diff changeset
22 /* If privileged_gid was set, these functions can be used to temporarily
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents: 7109
diff changeset
23 gain access to the group. */
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents: 7109
diff changeset
24 int restrict_access_use_priv_gid(void);
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents: 7109
diff changeset
25 void restrict_access_drop_priv_gid(void);
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents: 7109
diff changeset
26 /* Returns TRUE if privileged GID exists for this process. */
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents: 7109
diff changeset
27 bool restrict_access_have_priv_gid(void);
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents: 7109
diff changeset
28
9147
c002187195bd Added restrict_get_groups_list() for easily getting list of process's groups.
Timo Sirainen <tss@iki.fi>
parents: 8798
diff changeset
29 gid_t *restrict_get_groups_list(unsigned int *gid_count_r);
c002187195bd Added restrict_get_groups_list() for easily getting list of process's groups.
Timo Sirainen <tss@iki.fi>
parents: 8798
diff changeset
30
0
3b1985cbc908 Initial revision
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
31 #endif