dovecot/original-hg/dovecot-1.2: src/lib/restrict-access.c annotate

annotate src/lib/restrict-access.c @ 9147:c002187195bd HEAD

Added restrict_get_groups_list() for easily getting list of process's groups.

author	Timo Sirainen <tss@iki.fi>
date	Sun, 21 Jun 2009 23:30:42 -0400
parents	c9381a0fdc5e
children	00cd9aacd03c

rev	line source
8590 b9faf4db2a9f Updated copyright notices to include year 2009. Timo Sirainen <tss@iki.fi> parents: 8566 diff changeset	1 /* Copyright (c) 2002-2009 Dovecot authors, see the included COPYING file */
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	2
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	3 #define _GNU_SOURCE /* setresgid() */
7936 bdc5cf87dbaa AIX compiling fix. Timo Sirainen <tss@iki.fi> parents: 7901 diff changeset	4 #include <stdio.h> /* for AIX */
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	5 #include <sys/types.h>
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	6 #include <unistd.h>
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	7
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	8 #include "lib.h"
3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	9 #include "restrict-access.h"
697 7814b29d0862 Created env_put() and env_clean() for a bit easier handling of environment Timo Sirainen <tss@iki.fi> parents: 372 diff changeset	10 #include "env-util.h"
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	11
3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	12 #include <stdlib.h>
372 fb674793e75a kludge: localtime() must be called before chroot(), or the timezone isn't Timo Sirainen <tss@iki.fi> parents: 0 diff changeset	13 #include <time.h>
8565 23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	14 #include <pwd.h>
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	15 #include <grp.h>
8798 c9381a0fdc5e Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	16 #ifdef HAVE_PR_SET_DUMPABLE
c9381a0fdc5e Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	17 # include <sys/prctl.h>
c9381a0fdc5e Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	18 #endif
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	19
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	20 static gid_t process_primary_gid = (gid_t)-1;
1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	21 static gid_t process_privileged_gid = (gid_t)-1;
1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	22 static bool process_using_priv_gid = FALSE;
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	23
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	24 void restrict_access_set_env(const char *user, uid_t uid,
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	25 gid_t gid, gid_t privileged_gid,
1506 e7c627bacaaf Allow first_valid_gid to be 0. Drop any supplementary groups not in valid Timo Sirainen <tss@iki.fi> parents: 1271 diff changeset	26 const char *chroot_dir,
2141 8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	27 gid_t first_valid_gid, gid_t last_valid_gid,
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	28 const char *extra_groups)
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	29 {
3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	30 if (user != NULL && *user != '\0')
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	31 env_put(t_strconcat("RESTRICT_USER=", user, NULL));
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	32 if (chroot_dir != NULL && *chroot_dir != '\0')
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	33 env_put(t_strconcat("RESTRICT_CHROOT=", chroot_dir, NULL));
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	34
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	35 env_put(t_strdup_printf("RESTRICT_SETUID=%s", dec2str(uid)));
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	36 env_put(t_strdup_printf("RESTRICT_SETGID=%s", dec2str(gid)));
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	37 if (privileged_gid != (gid_t)-1) {
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	38 env_put(t_strdup_printf("RESTRICT_SETGID_PRIV=%s",
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	39 dec2str(privileged_gid)));
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	40 }
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	41 if (extra_groups != NULL && *extra_groups != '\0') {
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	42 env_put(t_strconcat("RESTRICT_SETEXTRAGROUPS=",
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	43 extra_groups, NULL));
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	44 }
1506 e7c627bacaaf Allow first_valid_gid to be 0. Drop any supplementary groups not in valid Timo Sirainen <tss@iki.fi> parents: 1271 diff changeset	45
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	46 if (first_valid_gid != 0) {
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	47 env_put(t_strdup_printf("RESTRICT_GID_FIRST=%s",
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	48 dec2str(first_valid_gid)));
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	49 }
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	50 if (last_valid_gid != 0) {
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	51 env_put(t_strdup_printf("RESTRICT_GID_LAST=%s",
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	52 dec2str(last_valid_gid)));
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	53 }
1506 e7c627bacaaf Allow first_valid_gid to be 0. Drop any supplementary groups not in valid Timo Sirainen <tss@iki.fi> parents: 1271 diff changeset	54 }
e7c627bacaaf Allow first_valid_gid to be 0. Drop any supplementary groups not in valid Timo Sirainen <tss@iki.fi> parents: 1271 diff changeset	55
8565 23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	56 static const char *get_uid_str(uid_t uid)
23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	57 {
23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	58 const struct passwd *pw;
8566 1c462a3c21ba Fix to previous change: Don't lose errno during uid/gid naming. Timo Sirainen <tss@iki.fi> parents: 8565 diff changeset	59 const char *ret;
1c462a3c21ba Fix to previous change: Don't lose errno during uid/gid naming. Timo Sirainen <tss@iki.fi> parents: 8565 diff changeset	60 int old_errno = errno;
8565 23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	61
23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	62 pw = getpwuid(uid);
23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	63 if (pw == NULL)
8566 1c462a3c21ba Fix to previous change: Don't lose errno during uid/gid naming. Timo Sirainen <tss@iki.fi> parents: 8565 diff changeset	64 ret = dec2str(uid);
8565 23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	65 else
8566 1c462a3c21ba Fix to previous change: Don't lose errno during uid/gid naming. Timo Sirainen <tss@iki.fi> parents: 8565 diff changeset	66 ret = t_strdup_printf("%s(%s)", dec2str(uid), pw->pw_name);
1c462a3c21ba Fix to previous change: Don't lose errno during uid/gid naming. Timo Sirainen <tss@iki.fi> parents: 8565 diff changeset	67 errno = old_errno;
1c462a3c21ba Fix to previous change: Don't lose errno during uid/gid naming. Timo Sirainen <tss@iki.fi> parents: 8565 diff changeset	68 return ret;
8565 23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	69 }
23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	70
23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	71 static const char *get_gid_str(gid_t gid)
23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	72 {
23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	73 const struct group *group;
8566 1c462a3c21ba Fix to previous change: Don't lose errno during uid/gid naming. Timo Sirainen <tss@iki.fi> parents: 8565 diff changeset	74 const char *ret;
1c462a3c21ba Fix to previous change: Don't lose errno during uid/gid naming. Timo Sirainen <tss@iki.fi> parents: 8565 diff changeset	75 int old_errno = errno;
8565 23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	76
23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	77 group = getgrgid(gid);
23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	78 if (group == NULL)
8566 1c462a3c21ba Fix to previous change: Don't lose errno during uid/gid naming. Timo Sirainen <tss@iki.fi> parents: 8565 diff changeset	79 ret = dec2str(gid);
8565 23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	80 else
8566 1c462a3c21ba Fix to previous change: Don't lose errno during uid/gid naming. Timo Sirainen <tss@iki.fi> parents: 8565 diff changeset	81 ret = t_strdup_printf("%s(%s)", dec2str(gid), group->gr_name);
1c462a3c21ba Fix to previous change: Don't lose errno during uid/gid naming. Timo Sirainen <tss@iki.fi> parents: 8565 diff changeset	82 errno = old_errno;
1c462a3c21ba Fix to previous change: Don't lose errno during uid/gid naming. Timo Sirainen <tss@iki.fi> parents: 8565 diff changeset	83 return ret;
8565 23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	84 }
23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	85
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	86 static void restrict_init_groups(gid_t primary_gid, gid_t privileged_gid)
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	87 {
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	88 if (privileged_gid == (gid_t)-1) {
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	89 if (primary_gid == getgid() && primary_gid == getegid()) {
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	90 /* everything is already set */
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	91 return;
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	92 }
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	93
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	94 if (setgid(primary_gid) != 0) {
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	95 i_fatal("setgid(%s) failed with euid=%s, "
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	96 "gid=%s, egid=%s: %m",
8565 23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	97 get_gid_str(primary_gid), get_uid_str(geteuid()),
23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	98 get_gid_str(getgid()), get_gid_str(getegid()));
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	99 }
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	100 return;
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	101 }
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	102
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	103 if (getegid() != 0 && primary_gid == getgid() &&
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	104 primary_gid == getegid()) {
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	105 /* privileged_gid is hopefully in saved ID. if not,
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	106 there's nothing we can do about it. */
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	107 return;
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	108 }
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	109
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	110 #ifdef HAVE_SETRESGID
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	111 if (setresgid(primary_gid, primary_gid, privileged_gid) != 0) {
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	112 i_fatal("setresgid(%s,%s,%s) failed with euid=%s: %m",
8565 23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	113 get_gid_str(primary_gid), get_gid_str(primary_gid),
23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	114 get_gid_str(privileged_gid), get_uid_str(geteuid()));
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	115 }
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	116 #else
7386 85934050fdbd mail_privileged_group didn't work with systems where setresgid() wasn't Timo Sirainen <tss@iki.fi> parents: 7341 diff changeset	117 if (geteuid() == 0) {
85934050fdbd mail_privileged_group didn't work with systems where setresgid() wasn't Timo Sirainen <tss@iki.fi> parents: 7341 diff changeset	118 /* real, effective, saved -> privileged_gid */
85934050fdbd mail_privileged_group didn't work with systems where setresgid() wasn't Timo Sirainen <tss@iki.fi> parents: 7341 diff changeset	119 if (setgid(privileged_gid) < 0) {
85934050fdbd mail_privileged_group didn't work with systems where setresgid() wasn't Timo Sirainen <tss@iki.fi> parents: 7341 diff changeset	120 i_fatal("setgid(%s) failed: %m",
8565 23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	121 get_gid_str(privileged_gid));
7386 85934050fdbd mail_privileged_group didn't work with systems where setresgid() wasn't Timo Sirainen <tss@iki.fi> parents: 7341 diff changeset	122 }
85934050fdbd mail_privileged_group didn't work with systems where setresgid() wasn't Timo Sirainen <tss@iki.fi> parents: 7341 diff changeset	123 }
85934050fdbd mail_privileged_group didn't work with systems where setresgid() wasn't Timo Sirainen <tss@iki.fi> parents: 7341 diff changeset	124 /* real, effective -> primary_gid
85934050fdbd mail_privileged_group didn't work with systems where setresgid() wasn't Timo Sirainen <tss@iki.fi> parents: 7341 diff changeset	125 saved -> keep */
85934050fdbd mail_privileged_group didn't work with systems where setresgid() wasn't Timo Sirainen <tss@iki.fi> parents: 7341 diff changeset	126 if (setregid(primary_gid, primary_gid) != 0) {
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	127 i_fatal("setregid(%s,%s) failed with euid=%s: %m",
8565 23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	128 get_gid_str(primary_gid), get_gid_str(privileged_gid),
23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	129 get_uid_str(geteuid()));
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	130 }
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	131 #endif
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	132 }
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	133
9147 c002187195bd Added restrict_get_groups_list() for easily getting list of process's groups. Timo Sirainen <tss@iki.fi> parents: 8798 diff changeset	134 gid_t restrict_get_groups_list(unsigned int gid_count_r)
1506 e7c627bacaaf Allow first_valid_gid to be 0. Drop any supplementary groups not in valid Timo Sirainen <tss@iki.fi> parents: 1271 diff changeset	135 {
2141 8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	136 gid_t *gid_list;
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	137 int ret, gid_count;
1506 e7c627bacaaf Allow first_valid_gid to be 0. Drop any supplementary groups not in valid Timo Sirainen <tss@iki.fi> parents: 1271 diff changeset	138
2817 cc27696fb36d getgroups() was used wrongly before and caused problems if there were lots Timo Sirainen <tss@iki.fi> parents: 2767 diff changeset	139 if ((gid_count = getgroups(0, NULL)) < 0)
cc27696fb36d getgroups() was used wrongly before and caused problems if there were lots Timo Sirainen <tss@iki.fi> parents: 2767 diff changeset	140 i_fatal("getgroups() failed: %m");
1506 e7c627bacaaf Allow first_valid_gid to be 0. Drop any supplementary groups not in valid Timo Sirainen <tss@iki.fi> parents: 1271 diff changeset	141
2817 cc27696fb36d getgroups() was used wrongly before and caused problems if there were lots Timo Sirainen <tss@iki.fi> parents: 2767 diff changeset	142 /* @UNSAFE */
cc27696fb36d getgroups() was used wrongly before and caused problems if there were lots Timo Sirainen <tss@iki.fi> parents: 2767 diff changeset	143 gid_list = t_new(gid_t, gid_count);
cc27696fb36d getgroups() was used wrongly before and caused problems if there were lots Timo Sirainen <tss@iki.fi> parents: 2767 diff changeset	144 if ((ret = getgroups(gid_count, gid_list)) < 0)
cc27696fb36d getgroups() was used wrongly before and caused problems if there were lots Timo Sirainen <tss@iki.fi> parents: 2767 diff changeset	145 i_fatal("getgroups() failed: %m");
1506 e7c627bacaaf Allow first_valid_gid to be 0. Drop any supplementary groups not in valid Timo Sirainen <tss@iki.fi> parents: 1271 diff changeset	146
2141 8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	147 *gid_count_r = ret;
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	148 return gid_list;
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	149 }
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	150
7387 2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	151 static void drop_restricted_groups(gid_t gid_list, unsigned int gid_count,
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	152 bool *have_root_group)
2141 8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	153 {
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	154 /* @UNSAFE */
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	155 gid_t first_valid, last_valid;
2141 8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	156 const char *env;
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	157 unsigned int i, used;
2141 8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	158
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	159 env = getenv("RESTRICT_GID_FIRST");
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	160 first_valid = env == NULL ? 0 : (gid_t)strtoul(env, NULL, 10);
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	161 env = getenv("RESTRICT_GID_LAST");
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	162 last_valid = env == NULL ? (gid_t)-1 : (gid_t)strtoul(env, NULL, 10);
2141 8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	163
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	164 for (i = 0, used = 0; i < *gid_count; i++) {
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	165 if (gid_list[i] >= first_valid &&
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	166 (last_valid == (gid_t)-1 \|\| gid_list[i] <= last_valid)) {
4867 1120c8b667e5 restrict_gid_first/last wasn't working correctly for non-primary groups. Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	167 if (gid_list[i] == 0)
1120c8b667e5 restrict_gid_first/last wasn't working correctly for non-primary groups. Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	168 *have_root_group = TRUE;
2141 8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	169 gid_list[used++] = gid_list[i];
4867 1120c8b667e5 restrict_gid_first/last wasn't working correctly for non-primary groups. Timo Sirainen <tss@iki.fi> parents: 3863 diff changeset	170 }
1506 e7c627bacaaf Allow first_valid_gid to be 0. Drop any supplementary groups not in valid Timo Sirainen <tss@iki.fi> parents: 1271 diff changeset	171 }
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	172 *gid_count = used;
2141 8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	173 }
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	174
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	175 static gid_t get_group_id(const char *name)
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	176 {
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	177 struct group *group;
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	178
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	179 if (is_numeric(name, '\0'))
3416 27312b7941e9 32bit UID/GIDs were truncated Timo Sirainen <tss@iki.fi> parents: 3198 diff changeset	180 return (gid_t)strtoul(name, NULL, 10);
2141 8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	181
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	182 group = getgrnam(name);
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	183 if (group == NULL)
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	184 i_fatal("unknown group name in extra_groups: %s", name);
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	185 return group->gr_gid;
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	186 }
8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	187
7387 2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	188 static void fix_groups_list(const char *extra_groups,
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	189 bool preserve_existing, bool *have_root_group)
2141 8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	190 {
7387 2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	191 gid_t gid, gid_list, gid_list2;
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	192 const char const tmp, *empty = NULL;
7387 2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	193 unsigned int i, gid_count;
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	194 bool add_primary_gid;
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	195
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	196 /* if we're using a privileged GID, we can temporarily drop our
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	197 effective GID. we still want to be able to use its privileges,
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	198 so add it to supplementary groups. */
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	199 add_primary_gid = process_privileged_gid != (gid_t)-1;
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	200
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	201 tmp = extra_groups == NULL ? &empty :
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	202 t_strsplit_spaces(extra_groups, ", ");
2141 8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	203
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	204 if (preserve_existing) {
9147 c002187195bd Added restrict_get_groups_list() for easily getting list of process's groups. Timo Sirainen <tss@iki.fi> parents: 8798 diff changeset	205 gid_list = restrict_get_groups_list(&gid_count);
7387 2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	206 drop_restricted_groups(gid_list, &gid_count,
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	207 have_root_group);
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	208 /* see if the list already contains the primary GID */
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	209 for (i = 0; i < gid_count; i++) {
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	210 if (gid_list[i] == process_primary_gid) {
7387 2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	211 add_primary_gid = FALSE;
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	212 break;
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	213 }
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	214 }
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	215 } else {
7387 2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	216 gid_list = NULL;
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	217 gid_count = 0;
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	218 }
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	219 if (gid_count == 0) {
6991 d7a48bf83a0e Don't use empty setgroups() list to drop groups. It doesn't work at least Timo Sirainen <tss@iki.fi> parents: 6972 diff changeset	220 /* Some OSes don't like an empty groups list,
7387 2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	221 so use the primary GID as the only one. */
6991 d7a48bf83a0e Don't use empty setgroups() list to drop groups. It doesn't work at least Timo Sirainen <tss@iki.fi> parents: 6972 diff changeset	222 gid_list = t_new(gid_t, 2);
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	223 gid_list[0] = process_primary_gid;
6991 d7a48bf83a0e Don't use empty setgroups() list to drop groups. It doesn't work at least Timo Sirainen <tss@iki.fi> parents: 6972 diff changeset	224 gid_count = 1;
7387 2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	225 add_primary_gid = FALSE;
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	226 }
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	227
7387 2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	228 if (*tmp != NULL \|\| add_primary_gid) {
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	229 /* @UNSAFE: add extra groups and/or primary GID to gids list */
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	230 gid_list2 = t_new(gid_t, gid_count + str_array_length(tmp) + 1);
7124 fe42e3097e23 Setting extra groups crashed. Timo Sirainen <tss@iki.fi> parents: 7112 diff changeset	231 memcpy(gid_list2, gid_list, gid_count * sizeof(gid_t));
7387 2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	232 for (; *tmp != NULL; tmp++) {
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	233 gid = get_group_id(*tmp);
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	234 if (gid != process_primary_gid)
7387 2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	235 gid_list2[gid_count++] = gid;
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	236 }
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	237 if (add_primary_gid)
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	238 gid_list2[gid_count++] = process_primary_gid;
7124 fe42e3097e23 Setting extra groups crashed. Timo Sirainen <tss@iki.fi> parents: 7112 diff changeset	239 gid_list = gid_list2;
2141 8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	240 }
7124 fe42e3097e23 Setting extra groups crashed. Timo Sirainen <tss@iki.fi> parents: 7112 diff changeset	241
6509 d0689497bb11 Use better error messages for setgroups() failures. Timo Sirainen <tss@iki.fi> parents: 6429 diff changeset	242 if (setgroups(gid_count, gid_list) < 0) {
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	243 if (errno == EINVAL) {
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	244 i_fatal("setgroups(%s) failed: Too many extra groups",
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	245 extra_groups == NULL ? "" : extra_groups);
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	246 } else {
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	247 i_fatal("setgroups() failed: %m");
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	248 }
6509 d0689497bb11 Use better error messages for setgroups() failures. Timo Sirainen <tss@iki.fi> parents: 6429 diff changeset	249 }
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	250 }
3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	251
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	252 void restrict_access_by_env(bool disallow_root)
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	253 {
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	254 const char *env;
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	255 uid_t uid;
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	256 bool is_root, have_root_group, preserve_groups = FALSE;
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	257 bool allow_root_gid;
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	258
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	259 is_root = geteuid() == 0;
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	260
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	261 /* set the primary/privileged group */
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	262 env = getenv("RESTRICT_SETGID");
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	263 process_primary_gid = env == NULL \|\| *env == '\0' ? (gid_t)-1 :
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	264 (gid_t)strtoul(env, NULL, 10);
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	265 env = getenv("RESTRICT_SETGID_PRIV");
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	266 process_privileged_gid = env == NULL \|\| *env == '\0' ? (gid_t)-1 :
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	267 (gid_t)strtoul(env, NULL, 10);
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	268
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	269 have_root_group = process_primary_gid == 0;
1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	270 if (process_primary_gid != (gid_t)-1 \|\|
1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	271 process_privileged_gid != (gid_t)-1) {
1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	272 if (process_primary_gid == (gid_t)-1)
1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	273 process_primary_gid = getegid();
1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	274 restrict_init_groups(process_primary_gid,
1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	275 process_privileged_gid);
7387 2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	276 } else {
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	277 if (process_primary_gid == (gid_t)-1)
1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	278 process_primary_gid = getegid();
1506 e7c627bacaaf Allow first_valid_gid to be 0. Drop any supplementary groups not in valid Timo Sirainen <tss@iki.fi> parents: 1271 diff changeset	279 }
e7c627bacaaf Allow first_valid_gid to be 0. Drop any supplementary groups not in valid Timo Sirainen <tss@iki.fi> parents: 1271 diff changeset	280
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	281 /* set system user's groups */
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	282 env = getenv("RESTRICT_USER");
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	283 if (env != NULL && *env != '\0' && is_root) {
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	284 if (initgroups(env, process_primary_gid) < 0) {
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	285 i_fatal("initgroups(%s, %s) failed: %m",
8565 23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	286 env, get_gid_str(process_primary_gid));
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	287 }
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	288 preserve_groups = TRUE;
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	289 }
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	290
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	291 /* add extra groups. if we set system user's groups, drop the
296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	292 restricted groups at the same time. */
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	293 env = getenv("RESTRICT_SETEXTRAGROUPS");
7387 2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	294 if (is_root) T_BEGIN {
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	295 fix_groups_list(env, preserve_groups, &have_root_group);
2bef36355718 Make sure the primary GID is in supplementary groups when using Timo Sirainen <tss@iki.fi> parents: 7386 diff changeset	296 } T_END;
2141 8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	297
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	298 /* chrooting */
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	299 env = getenv("RESTRICT_CHROOT");
2141 8690d2000e33 Added mail_extra_groups setting. Timo Sirainen <tss@iki.fi> parents: 1741 diff changeset	300 if (env != NULL && *env != '\0') {
372 fb674793e75a kludge: localtime() must be called before chroot(), or the timezone isn't Timo Sirainen <tss@iki.fi> parents: 0 diff changeset	301 /* kludge: localtime() must be called before chroot(),
fb674793e75a kludge: localtime() must be called before chroot(), or the timezone isn't Timo Sirainen <tss@iki.fi> parents: 0 diff changeset	302 or the timezone isn't known */
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	303 const char *home = getenv("HOME");
372 fb674793e75a kludge: localtime() must be called before chroot(), or the timezone isn't Timo Sirainen <tss@iki.fi> parents: 0 diff changeset	304 time_t t = 0;
fb674793e75a kludge: localtime() must be called before chroot(), or the timezone isn't Timo Sirainen <tss@iki.fi> parents: 0 diff changeset	305 (void)localtime(&t);
fb674793e75a kludge: localtime() must be called before chroot(), or the timezone isn't Timo Sirainen <tss@iki.fi> parents: 0 diff changeset	306
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	307 if (chroot(env) != 0)
3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	308 i_fatal("chroot(%s) failed: %m", env);
3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	309
5445 3a7ec48f8808 After chrooting try to chroot to $HOME instead of to /. If home doesn't Timo Sirainen <tss@iki.fi> parents: 4867 diff changeset	310 if (home != NULL) {
3a7ec48f8808 After chrooting try to chroot to $HOME instead of to /. If home doesn't Timo Sirainen <tss@iki.fi> parents: 4867 diff changeset	311 if (chdir(home) < 0) {
3a7ec48f8808 After chrooting try to chroot to $HOME instead of to /. If home doesn't Timo Sirainen <tss@iki.fi> parents: 4867 diff changeset	312 i_error("chdir(%s) failed: %m", home);
3a7ec48f8808 After chrooting try to chroot to $HOME instead of to /. If home doesn't Timo Sirainen <tss@iki.fi> parents: 4867 diff changeset	313 home = NULL;
3a7ec48f8808 After chrooting try to chroot to $HOME instead of to /. If home doesn't Timo Sirainen <tss@iki.fi> parents: 4867 diff changeset	314 }
3a7ec48f8808 After chrooting try to chroot to $HOME instead of to /. If home doesn't Timo Sirainen <tss@iki.fi> parents: 4867 diff changeset	315 }
3a7ec48f8808 After chrooting try to chroot to $HOME instead of to /. If home doesn't Timo Sirainen <tss@iki.fi> parents: 4867 diff changeset	316 if (home == NULL) {
3a7ec48f8808 After chrooting try to chroot to $HOME instead of to /. If home doesn't Timo Sirainen <tss@iki.fi> parents: 4867 diff changeset	317 if (chdir("/") != 0)
3a7ec48f8808 After chrooting try to chroot to $HOME instead of to /. If home doesn't Timo Sirainen <tss@iki.fi> parents: 4867 diff changeset	318 i_fatal("chdir(/) failed: %m");
3a7ec48f8808 After chrooting try to chroot to $HOME instead of to /. If home doesn't Timo Sirainen <tss@iki.fi> parents: 4867 diff changeset	319 }
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	320 }
3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	321
3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	322 /* uid last */
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	323 env = getenv("RESTRICT_SETUID");
6972 296ee9005d80 Code cleanups and error handling fixes to setting/dropping groups. Timo Sirainen <tss@iki.fi> parents: 6940 diff changeset	324 uid = env == NULL \|\| *env == '\0' ? 0 : (uid_t)strtoul(env, NULL, 10);
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	325 if (uid != 0) {
6661 dbe6224b0309 If setuid() fails, log the current effective uid. Timo Sirainen <tss@iki.fi> parents: 6640 diff changeset	326 if (setuid(uid) != 0) {
dbe6224b0309 If setuid() fails, log the current effective uid. Timo Sirainen <tss@iki.fi> parents: 6640 diff changeset	327 i_fatal("setuid(%s) failed with euid=%s: %m",
8565 23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	328 get_uid_str(uid), get_uid_str(geteuid()));
6661 dbe6224b0309 If setuid() fails, log the current effective uid. Timo Sirainen <tss@iki.fi> parents: 6640 diff changeset	329 }
801 86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when Timo Sirainen <tss@iki.fi> parents: 800 diff changeset	330 }
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	331
801 86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when Timo Sirainen <tss@iki.fi> parents: 800 diff changeset	332 /* verify that we actually dropped the privileges */
86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when Timo Sirainen <tss@iki.fi> parents: 800 diff changeset	333 if (uid != 0 \|\| disallow_root) {
2669 242bb128d493 updated error messages Timo Sirainen <tss@iki.fi> parents: 2499 diff changeset	334 if (setuid(0) == 0) {
242bb128d493 updated error messages Timo Sirainen <tss@iki.fi> parents: 2499 diff changeset	335 if (uid == 0)
242bb128d493 updated error messages Timo Sirainen <tss@iki.fi> parents: 2499 diff changeset	336 i_fatal("Running as root isn't permitted");
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	337 i_fatal("We couldn't drop root privileges");
2669 242bb128d493 updated error messages Timo Sirainen <tss@iki.fi> parents: 2499 diff changeset	338 }
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	339 }
801 86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when Timo Sirainen <tss@iki.fi> parents: 800 diff changeset	340
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	341 env = getenv("RESTRICT_GID_FIRST");
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	342 if (env != NULL && atoi(env) != 0)
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	343 allow_root_gid = FALSE;
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	344 else if (process_primary_gid == 0 \|\| process_privileged_gid == 0)
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	345 allow_root_gid = TRUE;
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	346 else
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	347 allow_root_gid = FALSE;
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	348
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	349 if (!allow_root_gid && uid != 0) {
2669 242bb128d493 updated error messages Timo Sirainen <tss@iki.fi> parents: 2499 diff changeset	350 if (getgid() == 0 \|\| getegid() == 0 \|\| setgid(0) == 0) {
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	351 if (process_primary_gid == 0)
2669 242bb128d493 updated error messages Timo Sirainen <tss@iki.fi> parents: 2499 diff changeset	352 i_fatal("GID 0 isn't permitted");
242bb128d493 updated error messages Timo Sirainen <tss@iki.fi> parents: 2499 diff changeset	353 i_fatal("We couldn't drop root group privileges "
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	354 "(wanted=%s, gid=%s, egid=%s)",
8565 23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	355 get_gid_str(process_primary_gid),
23ae9c63ae47 If uid/gid changing fails, log also the name of the uid/gid instead of just the number. Timo Sirainen <tss@iki.fi> parents: 7936 diff changeset	356 get_gid_str(getgid()), get_gid_str(getegid()));
2669 242bb128d493 updated error messages Timo Sirainen <tss@iki.fi> parents: 2499 diff changeset	357 }
801 86224ff16bf6 Drop root privileges earlier. Close syslog more later in imap-master when Timo Sirainen <tss@iki.fi> parents: 800 diff changeset	358 }
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	359
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	360 /* clear the environment, so we don't fail if we get back here */
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	361 env_put("RESTRICT_USER=");
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	362 env_put("RESTRICT_CHROOT=");
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	363 env_put("RESTRICT_SETUID=");
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	364 if (process_privileged_gid == (gid_t)-1) {
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	365 /* if we're dropping privileges before executing and
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	366 a privileged group is set, the groups must be fixed
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	367 after exec */
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	368 env_put("RESTRICT_SETGID=");
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	369 env_put("RESTRICT_SETGID_PRIV=");
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	370 }
7109 e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	371 env_put("RESTRICT_SETEXTRAGROUPS=");
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	372 env_put("RESTRICT_GID_FIRST=");
e6823d781317 Reverted "environment array" changes. It broke overriding imap/pop3 settings Timo Sirainen <tss@iki.fi> parents: 7091 diff changeset	373 env_put("RESTRICT_GID_LAST=");
0 3b1985cbc908 Initial revision Timo Sirainen <tss@iki.fi> parents: diff changeset	374 }
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	375
8798 c9381a0fdc5e Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	376 void restrict_access_allow_coredumps(bool allow ATTR_UNUSED)
c9381a0fdc5e Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	377 {
c9381a0fdc5e Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	378 #ifdef HAVE_PR_SET_DUMPABLE
c9381a0fdc5e Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	379 (void)prctl(PR_SET_DUMPABLE, allow, 0, 0, 0);
c9381a0fdc5e Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	380 #endif
c9381a0fdc5e Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	381 }
c9381a0fdc5e Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3. Timo Sirainen <tss@iki.fi> parents: 8590 diff changeset	382
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	383 int restrict_access_use_priv_gid(void)
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	384 {
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	385 i_assert(!process_using_priv_gid);
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	386
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	387 if (process_privileged_gid == (gid_t)-1)
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	388 return 0;
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	389 if (setegid(process_privileged_gid) < 0) {
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	390 i_error("setegid(privileged) failed: %m");
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	391 return -1;
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	392 }
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	393 process_using_priv_gid = TRUE;
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	394 return 0;
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	395 }
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	396
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	397 void restrict_access_drop_priv_gid(void)
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	398 {
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	399 if (!process_using_priv_gid)
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	400 return;
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	401
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	402 if (setegid(process_primary_gid) < 0)
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	403 i_fatal("setegid(primary) failed: %m");
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	404 process_using_priv_gid = FALSE;
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	405 }
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	406
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	407 bool restrict_access_have_priv_gid(void)
af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	408 {
7561 1a58b18652a6 Avoid using shadow variables. Unfortunately -Wshadow also complains about Timo Sirainen <tss@iki.fi> parents: 7387 diff changeset	409 return process_privileged_gid != (gid_t)-1;
7341 af998ae4254b Replaced mail_extra_groups setting with mail_privileged_group and Timo Sirainen <tss@iki.fi> parents: 7226 diff changeset	410 }

Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/lib/restrict-access.c @ 9147:c002187195bd HEAD