Mercurial > dovecot > original-hg > dovecot-1.2

diff src/lib/restrict-access.h @ 7341:af998ae4254b HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Replaced mail_extra_groups setting with mail_privileged_group and mail_access_groups settings. mail_privileged_group allows temporary access to the group when creating mbox INBOX dotlocks.
author Timo Sirainen <tss@iki.fi>
date Tue, 04 Mar 2008 07:54:53 +0200
parents e6823d781317
children c9381a0fdc5e
line wrap: on
line diff
--- a/src/lib/restrict-access.h	Tue Mar 04 07:54:41 2008 +0200
+++ b/src/lib/restrict-access.h	Tue Mar 04 07:54:53 2008 +0200
@@ -2,8 +2,10 @@
 #define RESTRICT_ACCESS_H
 
 /* set environment variables so they can be read with
-   restrict_access_by_env() */
-void restrict_access_set_env(const char *user, uid_t uid, gid_t gid,
+   restrict_access_by_env(). If privileged_gid != (gid_t)-1,
+   the privileged GID can be temporarily enabled/disabled. */
+void restrict_access_set_env(const char *user, uid_t uid,
+			     gid_t gid, gid_t privileged_gid,
 			     const char *chroot_dir,
 			     gid_t first_valid_gid, gid_t last_valid_gid,
 			     const char *extra_groups);
@@ -13,4 +15,11 @@
    environment settings and we have root uid or gid. */
 void restrict_access_by_env(bool disallow_root);
 
+/* If privileged_gid was set, these functions can be used to temporarily
+   gain access to the group. */
+int restrict_access_use_priv_gid(void);
+void restrict_access_drop_priv_gid(void);
+/* Returns TRUE if privileged GID exists for this process. */
+bool restrict_access_have_priv_gid(void);
+
 #endif