masqmail-0.2: src/permissions.c annotate

masqmail-0.2

annotate src/permissions.c @ 190:fbb3417c1a54

Minor fixes in man pages, reported by lintian(1)

author	markus schnalke <meillo@marmaro.de>
date	Mon, 29 Aug 2011 19:22:51 +0200
parents	3cbcc46c7d49
children

rev	line source
meillo@0	1 /* MasqMail
meillo@0	2 Copyright (C) 2000 Oliver Kurth
meillo@174	3 Copyright (C) 2010 markus schnalke <meillo@marmaro.de>
meillo@0	4
meillo@0	5 This program is free software; you can redistribute it and/or modify
meillo@0	6 it under the terms of the GNU General Public License as published by
meillo@0	7 the Free Software Foundation; either version 2 of the License, or
meillo@0	8 (at your option) any later version.
meillo@0	9
meillo@0	10 This program is distributed in the hope that it will be useful,
meillo@0	11 but WITHOUT ANY WARRANTY; without even the implied warranty of
meillo@0	12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
meillo@0	13 GNU General Public License for more details.
meillo@0	14
meillo@0	15 You should have received a copy of the GNU General Public License
meillo@0	16 along with this program; if not, write to the Free Software
meillo@0	17 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
meillo@0	18 */
meillo@0	19
meillo@0	20 #include <pwd.h>
meillo@0	21 #include <grp.h>
meillo@0	22
meillo@15	23 #include "masqmail.h"
meillo@15	24
meillo@0	25 /* is there really no function in libc for this? */
meillo@10	26 gboolean
meillo@10	27 is_ingroup(uid_t uid, gid_t gid)
meillo@0	28 {
meillo@10	29 struct group *grent = getgrgid(gid);
meillo@84	30 struct passwd *pwent = getpwuid(uid);
meillo@84	31 char *entry;
meillo@84	32 int i = 0;
meillo@0	33
meillo@84	34 if (!grent) {
meillo@84	35 return FALSE;
meillo@84	36 }
meillo@84	37 if (!pwent) {
meillo@84	38 return FALSE;
meillo@84	39 }
meillo@84	40 /* check primary group */
meillo@84	41 if (pwent->pw_gid == gid) {
meillo@84	42 return TRUE;
meillo@84	43 }
meillo@84	44 /* check secondary groups */
meillo@84	45 while ((entry = grent->gr_mem[i++])) {
meillo@84	46 if (strcmp(pwent->pw_name, entry) == 0)
meillo@84	47 return TRUE;
meillo@10	48 }
meillo@10	49 return FALSE;
meillo@0	50 }
meillo@0	51
meillo@10	52 gboolean
meillo@10	53 is_privileged_user(uid_t uid)
meillo@0	54 {
meillo@87	55 /* uncomment these lines if you need the `uucp' group to be trusted too
meillo@87	56 struct group* grent = getgrnam("uucp");
meillo@87	57
meillo@87	58 if (is_ingroup(uid, grent->gr_gid)) {
meillo@87	59 return TRUE;
meillo@87	60 }
meillo@87	61 */
meillo@87	62
meillo@10	63 return (uid == 0) \|\| (uid == conf.mail_uid) \|\| (is_ingroup(uid, conf.mail_gid));
meillo@0	64 }
meillo@0	65
meillo@10	66 void
meillo@10	67 set_euidgid(gint uid, gint gid, uid_t * old_uid, gid_t * old_gid)
meillo@0	68 {
meillo@10	69 if (old_uid)
meillo@10	70 *old_uid = geteuid();
meillo@10	71 if (old_gid)
meillo@10	72 *old_gid = getegid();
meillo@0	73
meillo@10	74 seteuid(0);
meillo@0	75
meillo@10	76 if (setegid(gid) != 0) {
meillo@10	77 logwrite(LOG_ALERT, "could not change gid to %d: %s\n", gid, strerror(errno));
meillo@10	78 exit(EXIT_FAILURE);
meillo@10	79 }
meillo@10	80 if (seteuid(uid) != 0) {
meillo@10	81 logwrite(LOG_ALERT, "could not change uid to %d: %s\n", uid, strerror(errno));
meillo@10	82 exit(EXIT_FAILURE);
meillo@10	83 }
meillo@0	84 }
meillo@0	85
meillo@10	86 void
meillo@10	87 set_identity(uid_t old_uid, gchar * task_name)
meillo@0	88 {
meillo@10	89 if (!conf.run_as_user) {
meillo@10	90 if (!is_privileged_user(old_uid)) {
meillo@10	91 fprintf(stderr, "must be root, %s or in group %s for %s.\n", DEF_MAIL_USER, DEF_MAIL_GROUP, task_name);
meillo@10	92 exit(EXIT_FAILURE);
meillo@10	93 }
meillo@0	94
meillo@10	95 set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL);
meillo@10	96 }
meillo@0	97 }