masqmail

annotate src/permissions.c @ 1:af25f5c39d90

added diff from debian (masqmail-0.2.21-4)
author meillo@marmaro.de
date Fri, 26 Sep 2008 20:56:23 +0200
parents
children 26e34ae9a3e3
rev   line source
meillo@0 1 /* MasqMail
meillo@0 2 Copyright (C) 2000 Oliver Kurth
meillo@0 3
meillo@0 4 This program is free software; you can redistribute it and/or modify
meillo@0 5 it under the terms of the GNU General Public License as published by
meillo@0 6 the Free Software Foundation; either version 2 of the License, or
meillo@0 7 (at your option) any later version.
meillo@0 8
meillo@0 9 This program is distributed in the hope that it will be useful,
meillo@0 10 but WITHOUT ANY WARRANTY; without even the implied warranty of
meillo@0 11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
meillo@0 12 GNU General Public License for more details.
meillo@0 13
meillo@0 14 You should have received a copy of the GNU General Public License
meillo@0 15 along with this program; if not, write to the Free Software
meillo@0 16 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
meillo@0 17 */
meillo@0 18
meillo@0 19 #include "masqmail.h"
meillo@0 20 #include <pwd.h>
meillo@0 21 #include <grp.h>
meillo@0 22
meillo@0 23 /* is there really no function in libc for this? */
meillo@0 24 gboolean is_ingroup(uid_t uid, gid_t gid)
meillo@0 25 {
meillo@0 26 struct group *grent = getgrgid(gid);
meillo@0 27
meillo@0 28 if(grent){
meillo@0 29 struct passwd *pwent = getpwuid(uid);
meillo@0 30 if(pwent){
meillo@0 31 char *entry;
meillo@0 32 int i = 0;
meillo@0 33 while((entry = grent->gr_mem[i++])){
meillo@0 34 if(strcmp(pwent->pw_name, entry) == 0)
meillo@0 35 return TRUE;
meillo@0 36 }
meillo@0 37 }
meillo@0 38 }
meillo@0 39 return FALSE;
meillo@0 40 }
meillo@0 41
meillo@0 42 gboolean is_privileged_user(uid_t uid)
meillo@0 43 {
meillo@0 44 return (uid == 0) || (uid == conf.mail_uid) || (is_ingroup(uid, conf.mail_gid));
meillo@0 45 }
meillo@0 46
meillo@0 47 void set_euidgid(gint uid, gint gid, uid_t *old_uid, gid_t *old_gid)
meillo@0 48 {
meillo@0 49 if(old_uid) *old_uid = geteuid();
meillo@0 50 if(old_gid) *old_gid = getegid();
meillo@0 51
meillo@0 52 seteuid(0);
meillo@0 53
meillo@0 54 if(setegid(gid) != 0){
meillo@0 55 logwrite(LOG_ALERT, "could not change gid to %d: %s\n",
meillo@0 56 gid, strerror(errno));
meillo@0 57 exit(EXIT_FAILURE);
meillo@0 58 }
meillo@0 59 if(seteuid(uid) != 0){
meillo@0 60 logwrite(LOG_ALERT, "could not change uid to %d: %s\n",
meillo@0 61 uid, strerror(errno));
meillo@0 62 exit(EXIT_FAILURE);
meillo@0 63 }
meillo@0 64 }
meillo@0 65
meillo@0 66 void set_identity(uid_t old_uid, gchar *task_name)
meillo@0 67 {
meillo@0 68 if(!conf.run_as_user){
meillo@0 69 if(!is_privileged_user(old_uid)){
meillo@0 70 fprintf(stderr,
meillo@0 71 "must be root, %s or in group %s for %s.\n",
meillo@0 72 DEF_MAIL_USER, DEF_MAIL_GROUP, task_name);
meillo@0 73 exit(EXIT_FAILURE);
meillo@0 74 }
meillo@0 75
meillo@0 76 set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL);
meillo@0 77 }
meillo@0 78 }