masqmail

annotate src/permissions.c @ 281:ea5f86e0a81c

find changesets by author, revision, files, or words in the commit message
modes are now enforced exclusive Other MTAs (exim, postfix) are more relaxing, but as combinations of exclusive modes are senseless we behave more obvious if we fail early. This makes understanding the behavior easier too.
author markus schnalke <meillo@marmaro.de>
date Tue, 07 Dec 2010 14:04:56 -0300
parents 996b53a50f55
children 41958685480d
rev   line source
meillo@0 1 /* MasqMail
meillo@0 2 Copyright (C) 2000 Oliver Kurth
meillo@224 3 Copyright (C) 2010 markus schnalke <meillo@marmaro.de>
meillo@0 4
meillo@0 5 This program is free software; you can redistribute it and/or modify
meillo@0 6 it under the terms of the GNU General Public License as published by
meillo@0 7 the Free Software Foundation; either version 2 of the License, or
meillo@0 8 (at your option) any later version.
meillo@0 9
meillo@0 10 This program is distributed in the hope that it will be useful,
meillo@0 11 but WITHOUT ANY WARRANTY; without even the implied warranty of
meillo@0 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
meillo@0 13 GNU General Public License for more details.
meillo@0 14
meillo@0 15 You should have received a copy of the GNU General Public License
meillo@0 16 along with this program; if not, write to the Free Software
meillo@0 17 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
meillo@0 18 */
meillo@0 19
meillo@0 20 #include <pwd.h>
meillo@0 21 #include <grp.h>
meillo@0 22
meillo@15 23 #include "masqmail.h"
meillo@15 24
meillo@0 25 /* is there really no function in libc for this? */
meillo@10 26 gboolean
meillo@10 27 is_ingroup(uid_t uid, gid_t gid)
meillo@0 28 {
meillo@10 29 struct group *grent = getgrgid(gid);
meillo@84 30 struct passwd *pwent = getpwuid(uid);
meillo@84 31 char *entry;
meillo@84 32 int i = 0;
meillo@0 33
meillo@84 34 if (!grent) {
meillo@84 35 return FALSE;
meillo@84 36 }
meillo@84 37 if (!pwent) {
meillo@84 38 return FALSE;
meillo@84 39 }
meillo@84 40 /* check primary group */
meillo@84 41 if (pwent->pw_gid == gid) {
meillo@84 42 return TRUE;
meillo@84 43 }
meillo@84 44 /* check secondary groups */
meillo@84 45 while ((entry = grent->gr_mem[i++])) {
meillo@84 46 if (strcmp(pwent->pw_name, entry) == 0)
meillo@84 47 return TRUE;
meillo@10 48 }
meillo@10 49 return FALSE;
meillo@0 50 }
meillo@0 51
meillo@10 52 gboolean
meillo@10 53 is_privileged_user(uid_t uid)
meillo@0 54 {
meillo@87 55 /* uncomment these lines if you need the `uucp' group to be trusted too
meillo@87 56 struct group* grent = getgrnam("uucp");
meillo@87 57
meillo@87 58 if (is_ingroup(uid, grent->gr_gid)) {
meillo@87 59 return TRUE;
meillo@87 60 }
meillo@87 61 */
meillo@87 62
meillo@10 63 return (uid == 0) || (uid == conf.mail_uid) || (is_ingroup(uid, conf.mail_gid));
meillo@0 64 }
meillo@0 65
meillo@10 66 void
meillo@10 67 set_euidgid(gint uid, gint gid, uid_t * old_uid, gid_t * old_gid)
meillo@0 68 {
meillo@10 69 if (old_uid)
meillo@10 70 *old_uid = geteuid();
meillo@10 71 if (old_gid)
meillo@10 72 *old_gid = getegid();
meillo@0 73
meillo@10 74 seteuid(0);
meillo@0 75
meillo@10 76 if (setegid(gid) != 0) {
meillo@10 77 logwrite(LOG_ALERT, "could not change gid to %d: %s\n", gid, strerror(errno));
meillo@262 78 exit(1);
meillo@10 79 }
meillo@10 80 if (seteuid(uid) != 0) {
meillo@10 81 logwrite(LOG_ALERT, "could not change uid to %d: %s\n", uid, strerror(errno));
meillo@262 82 exit(1);
meillo@10 83 }
meillo@0 84 }
meillo@0 85
meillo@10 86 void
meillo@10 87 set_identity(uid_t old_uid, gchar * task_name)
meillo@0 88 {
meillo@10 89 if (!conf.run_as_user) {
meillo@10 90 if (!is_privileged_user(old_uid)) {
meillo@10 91 fprintf(stderr, "must be root, %s or in group %s for %s.\n", DEF_MAIL_USER, DEF_MAIL_GROUP, task_name);
meillo@262 92 exit(1);
meillo@10 93 }
meillo@0 94
meillo@10 95 set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL);
meillo@10 96 }
meillo@0 97 }