Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/lib/restrict-access.h @ 9147:c002187195bd HEAD
Added restrict_get_groups_list() for easily getting list of process's groups.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Sun, 21 Jun 2009 23:30:42 -0400 |
| parents | c9381a0fdc5e |
| children |
| rev | line source |
|---|---|
|
6410
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
1 #ifndef RESTRICT_ACCESS_H |
|
e4eb71ae8e96
Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents:
3863
diff
changeset
|
2 #define RESTRICT_ACCESS_H |
| 0 | 3 |
| 4 /* set environment variables so they can be read with | |
|
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
5 restrict_access_by_env(). If privileged_gid != (gid_t)-1, |
|
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
6 the privileged GID can be temporarily enabled/disabled. */ |
|
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
7 void restrict_access_set_env(const char *user, uid_t uid, |
|
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
8 gid_t gid, gid_t privileged_gid, |
|
1506
e7c627bacaaf
Allow first_valid_gid to be 0. Drop any supplementary groups not in valid
Timo Sirainen <tss@iki.fi>
parents:
1271
diff
changeset
|
9 const char *chroot_dir, |
|
2141
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
10 gid_t first_valid_gid, gid_t last_valid_gid, |
|
8690d2000e33
Added mail_extra_groups setting.
Timo Sirainen <tss@iki.fi>
parents:
1506
diff
changeset
|
11 const char *extra_groups); |
| 0 | 12 |
|
801
86224ff16bf6
Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents:
0
diff
changeset
|
13 /* chroot, setuid() and setgid() based on environment variables. |
|
86224ff16bf6
Drop root privileges earlier. Close syslog more later in imap-master when
Timo Sirainen <tss@iki.fi>
parents:
0
diff
changeset
|
14 If disallow_roots is TRUE, we'll kill ourself if we didn't have the |
|
7109
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
15 environment settings and we have root uid or gid. */ |
|
e6823d781317
Reverted "environment array" changes. It broke overriding imap/pop3 settings
Timo Sirainen <tss@iki.fi>
parents:
7091
diff
changeset
|
16 void restrict_access_by_env(bool disallow_root); |
| 0 | 17 |
|
8798
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
18 /* Try to set up the process in a way that core dumps are still allowed |
|
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
19 after calling restrict_access_by_env(). */ |
|
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
20 void restrict_access_allow_coredumps(bool allow); |
|
c9381a0fdc5e
Improved logging for core dumping. With Linux use PR_SET_DUMPABLE for imap/pop3.
Timo Sirainen <tss@iki.fi>
parents:
7341
diff
changeset
|
21 |
|
7341
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
22 /* If privileged_gid was set, these functions can be used to temporarily |
|
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
23 gain access to the group. */ |
|
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
24 int restrict_access_use_priv_gid(void); |
|
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
25 void restrict_access_drop_priv_gid(void); |
|
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
26 /* Returns TRUE if privileged GID exists for this process. */ |
|
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
27 bool restrict_access_have_priv_gid(void); |
|
af998ae4254b
Replaced mail_extra_groups setting with mail_privileged_group and
Timo Sirainen <tss@iki.fi>
parents:
7109
diff
changeset
|
28 |
|
9147
c002187195bd
Added restrict_get_groups_list() for easily getting list of process's groups.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
29 gid_t *restrict_get_groups_list(unsigned int *gid_count_r); |
|
c002187195bd
Added restrict_get_groups_list() for easily getting list of process's groups.
Timo Sirainen <tss@iki.fi>
parents:
8798
diff
changeset
|
30 |
| 0 | 31 #endif |