masqmail-0.2

annotate src/permissions.c @ 84:ffeff2c33799

find changesets by author, revision, files, or words in the commit message
is_ingroup(): check for the primary group of a user too also some refactoring
author meillo@marmaro.de
date Sat, 19 Jun 2010 18:08:55 +0200
parents f671821d8222
children 3cbcc46c7d49
rev   line source
meillo@0 1 /* MasqMail
meillo@0 2 Copyright (C) 2000 Oliver Kurth
meillo@0 3
meillo@0 4 This program is free software; you can redistribute it and/or modify
meillo@0 5 it under the terms of the GNU General Public License as published by
meillo@0 6 the Free Software Foundation; either version 2 of the License, or
meillo@0 7 (at your option) any later version.
meillo@0 8
meillo@0 9 This program is distributed in the hope that it will be useful,
meillo@0 10 but WITHOUT ANY WARRANTY; without even the implied warranty of
meillo@0 11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
meillo@0 12 GNU General Public License for more details.
meillo@0 13
meillo@0 14 You should have received a copy of the GNU General Public License
meillo@0 15 along with this program; if not, write to the Free Software
meillo@0 16 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
meillo@0 17 */
meillo@0 18
meillo@0 19 #include <pwd.h>
meillo@0 20 #include <grp.h>
meillo@0 21
meillo@15 22 #include "masqmail.h"
meillo@15 23
meillo@0 24 /* is there really no function in libc for this? */
meillo@10 25 gboolean
meillo@10 26 is_ingroup(uid_t uid, gid_t gid)
meillo@0 27 {
meillo@10 28 struct group *grent = getgrgid(gid);
meillo@84 29 struct passwd *pwent = getpwuid(uid);
meillo@84 30 char *entry;
meillo@84 31 int i = 0;
meillo@0 32
meillo@84 33 if (!grent) {
meillo@84 34 return FALSE;
meillo@84 35 }
meillo@84 36 if (!pwent) {
meillo@84 37 return FALSE;
meillo@84 38 }
meillo@84 39 /* check primary group */
meillo@84 40 if (pwent->pw_gid == gid) {
meillo@84 41 return TRUE;
meillo@84 42 }
meillo@84 43 /* check secondary groups */
meillo@84 44 while ((entry = grent->gr_mem[i++])) {
meillo@84 45 if (strcmp(pwent->pw_name, entry) == 0)
meillo@84 46 return TRUE;
meillo@10 47 }
meillo@10 48 return FALSE;
meillo@0 49 }
meillo@0 50
meillo@10 51 gboolean
meillo@10 52 is_privileged_user(uid_t uid)
meillo@0 53 {
meillo@10 54 return (uid == 0) || (uid == conf.mail_uid) || (is_ingroup(uid, conf.mail_gid));
meillo@0 55 }
meillo@0 56
meillo@10 57 void
meillo@10 58 set_euidgid(gint uid, gint gid, uid_t * old_uid, gid_t * old_gid)
meillo@0 59 {
meillo@10 60 if (old_uid)
meillo@10 61 *old_uid = geteuid();
meillo@10 62 if (old_gid)
meillo@10 63 *old_gid = getegid();
meillo@0 64
meillo@10 65 seteuid(0);
meillo@0 66
meillo@10 67 if (setegid(gid) != 0) {
meillo@10 68 logwrite(LOG_ALERT, "could not change gid to %d: %s\n", gid, strerror(errno));
meillo@10 69 exit(EXIT_FAILURE);
meillo@10 70 }
meillo@10 71 if (seteuid(uid) != 0) {
meillo@10 72 logwrite(LOG_ALERT, "could not change uid to %d: %s\n", uid, strerror(errno));
meillo@10 73 exit(EXIT_FAILURE);
meillo@10 74 }
meillo@0 75 }
meillo@0 76
meillo@10 77 void
meillo@10 78 set_identity(uid_t old_uid, gchar * task_name)
meillo@0 79 {
meillo@10 80 if (!conf.run_as_user) {
meillo@10 81 if (!is_privileged_user(old_uid)) {
meillo@10 82 fprintf(stderr, "must be root, %s or in group %s for %s.\n", DEF_MAIL_USER, DEF_MAIL_GROUP, task_name);
meillo@10 83 exit(EXIT_FAILURE);
meillo@10 84 }
meillo@0 85
meillo@10 86 set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL);
meillo@10 87 }
meillo@0 88 }