Mercurial > dovecot > original-hg > dovecot-1.2
changeset 7486:9edaf878bb96 HEAD
If mail_chroot ends with "/.", remove chroot prefix from home directory.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 04 May 2008 20:42:51 +0300 |
parents | 8bed019c834d |
children | 6dfa085a49d6 |
files | dovecot-example.conf src/deliver/auth-client.c src/master/mail-process.c |
diffstat | 3 files changed, 24 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/dovecot-example.conf Sun May 04 19:39:04 2008 +0300 +++ b/dovecot-example.conf Sun May 04 20:42:51 2008 +0300 @@ -380,7 +380,8 @@ # specific users in user database by giving /./ in user's home directory # (eg. /home/./user chroots into /home). Note that usually there is no real # need to do chrooting, Dovecot doesn't allow users to access files outside -# their mail directory anyway. <doc/wiki/Chrooting.txt> +# their mail directory anyway. If your home directories are prefixed with +# the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt> #mail_chroot = ##
--- a/src/deliver/auth-client.c Sun May 04 19:39:04 2008 +0300 +++ b/src/deliver/auth-client.c Sun May 04 20:42:51 2008 +0300 @@ -96,7 +96,9 @@ uid_t uid = 0; gid_t gid = 0; const char *chroot = getenv("MAIL_CHROOT"); + const char *home_dir = NULL; bool debug = getenv("DEBUG") != NULL; + unsigned int len; for (tmp = t_strsplit(args, "\t"); *tmp != NULL; tmp++) { if (debug) @@ -124,7 +126,7 @@ char *field = i_strdup(*tmp); if (strncmp(field, "home=", 5) == 0) - env_put(t_strconcat("HOME=", field + 5, NULL)); + home_dir = field + 5; array_append(conn->extra_fields, &field, 1); } @@ -160,8 +162,18 @@ if (conn->euid == 0 || getegid() != gid) env_put(t_strconcat("RESTRICT_SETGID=", dec2str(gid), NULL)); - if (chroot != NULL) + if (chroot != NULL) { + len = strlen(chroot); + if (len > 2 && strcmp(chroot + len - 2, "/.") == 0 && + home_dir != NULL && + strncmp(home_dir, chroot, len - 2) == 0) { + /* strip chroot dir from home dir */ + home_dir += len - 2; + } env_put(t_strconcat("RESTRICT_CHROOT=", chroot, NULL)); + } + if (home_dir != NULL) + env_put(t_strconcat("HOME=", home_dir, NULL)); extra_groups = getenv("MAIL_EXTRA_GROUPS"); if (extra_groups != NULL) {
--- a/src/master/mail-process.c Sun May 04 19:39:04 2008 +0300 +++ b/src/master/mail-process.c Sun May 04 20:42:51 2008 +0300 @@ -535,7 +535,7 @@ uid_t uid; gid_t gid; ARRAY_DEFINE(extra_args, const char *); - unsigned int i, count, left, process_count, throttle; + unsigned int i, len, count, left, process_count, throttle; int ret, log_fd, nice, chdir_errno; bool home_given, nfs_check; @@ -638,6 +638,12 @@ chroot_dir, user); return MASTER_LOGIN_STATUS_INTERNAL_ERROR; } + len = strlen(chroot_dir); + if (len > 2 && strcmp(chroot_dir + len - 2, "/.") == 0 && + strncmp(home_dir, chroot_dir, len - 2) == 0) { + /* strip chroot dir from home dir */ + home_dir += len - 2; + } if (!dump_capability) { throttle = set->mail_debug ? 0 : @@ -736,7 +742,7 @@ if (dump_capability) env_put("DUMP_CAPABILITY=1"); - if (*home_dir == '\0') { + if (*home_dir == '\0' && *chroot_dir == '\0') { full_home_dir = ""; ret = -1; } else {