masqmail-0.2
view src/permissions.c @ 73:9db75b801dc4
made a comment more exact
author | meillo@marmaro.de |
---|---|
date | Wed, 16 Jun 2010 10:35:13 +0200 |
parents | 26e34ae9a3e3 |
children | ffeff2c33799 |
line source
1 /* MasqMail
2 Copyright (C) 2000 Oliver Kurth
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
17 */
19 #include <pwd.h>
20 #include <grp.h>
22 #include "masqmail.h"
24 /* is there really no function in libc for this? */
25 gboolean
26 is_ingroup(uid_t uid, gid_t gid)
27 {
28 struct group *grent = getgrgid(gid);
30 if (grent) {
31 struct passwd *pwent = getpwuid(uid);
32 if (pwent) {
33 char *entry;
34 int i = 0;
35 while ((entry = grent->gr_mem[i++])) {
36 if (strcmp(pwent->pw_name, entry) == 0)
37 return TRUE;
38 }
39 }
40 }
41 return FALSE;
42 }
44 gboolean
45 is_privileged_user(uid_t uid)
46 {
47 return (uid == 0) || (uid == conf.mail_uid) || (is_ingroup(uid, conf.mail_gid));
48 }
50 void
51 set_euidgid(gint uid, gint gid, uid_t * old_uid, gid_t * old_gid)
52 {
53 if (old_uid)
54 *old_uid = geteuid();
55 if (old_gid)
56 *old_gid = getegid();
58 seteuid(0);
60 if (setegid(gid) != 0) {
61 logwrite(LOG_ALERT, "could not change gid to %d: %s\n", gid, strerror(errno));
62 exit(EXIT_FAILURE);
63 }
64 if (seteuid(uid) != 0) {
65 logwrite(LOG_ALERT, "could not change uid to %d: %s\n", uid, strerror(errno));
66 exit(EXIT_FAILURE);
67 }
68 }
70 void
71 set_identity(uid_t old_uid, gchar * task_name)
72 {
73 if (!conf.run_as_user) {
74 if (!is_privileged_user(old_uid)) {
75 fprintf(stderr, "must be root, %s or in group %s for %s.\n", DEF_MAIL_USER, DEF_MAIL_GROUP, task_name);
76 exit(EXIT_FAILURE);
77 }
79 set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL);
80 }
81 }