Mercurial > masqmail
annotate src/permissions.c @ 434:f2a7271746d1 default tip
Removes Freshmeat.net from the docs
The site, which was later renamed to freecode.com, is no longer
maintained (contains only a static copy).
| author | markus schnalke <meillo@marmaro.de> |
|---|---|
| date | Sat, 07 Feb 2015 11:45:07 +0100 |
| parents | b27f66555ba8 |
| children |
| rev | line source |
|---|---|
|
367
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
1 /* |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
2 ** MasqMail |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
3 ** Copyright (C) 2000 Oliver Kurth |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
4 ** Copyright (C) 2010 markus schnalke <meillo@marmaro.de> |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
5 ** |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
6 ** This program is free software; you can redistribute it and/or modify |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
7 ** it under the terms of the GNU General Public License as published by |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
8 ** the Free Software Foundation; either version 2 of the License, or |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
9 ** (at your option) any later version. |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
10 ** |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
11 ** This program is distributed in the hope that it will be useful, |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
12 ** but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
13 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
14 ** GNU General Public License for more details. |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
15 ** |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
16 ** You should have received a copy of the GNU General Public License |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
17 ** along with this program; if not, write to the Free Software |
|
b27f66555ba8
Reformated multiline comments to have leading asterisks on each line
markus schnalke <meillo@marmaro.de>
parents:
366
diff
changeset
|
18 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| 0 | 19 */ |
| 20 | |
| 21 #include <pwd.h> | |
| 22 #include <grp.h> | |
| 23 | |
| 15 | 24 #include "masqmail.h" |
| 25 | |
| 0 | 26 /* is there really no function in libc for this? */ |
|
10
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
27 gboolean |
|
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
28 is_ingroup(uid_t uid, gid_t gid) |
| 0 | 29 { |
|
10
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
30 struct group *grent = getgrgid(gid); |
|
84
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
31 struct passwd *pwent = getpwuid(uid); |
|
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
32 char *entry; |
|
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
33 int i = 0; |
| 0 | 34 |
|
84
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
35 if (!grent) { |
|
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
36 return FALSE; |
|
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
37 } |
|
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
38 if (!pwent) { |
|
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
39 return FALSE; |
|
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
40 } |
|
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
41 /* check primary group */ |
|
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
42 if (pwent->pw_gid == gid) { |
|
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
43 return TRUE; |
|
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
44 } |
|
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
45 /* check secondary groups */ |
|
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
46 while ((entry = grent->gr_mem[i++])) { |
|
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
47 if (strcmp(pwent->pw_name, entry) == 0) |
|
ffeff2c33799
is_ingroup(): check for the primary group of a user too
meillo@marmaro.de
parents:
15
diff
changeset
|
48 return TRUE; |
|
10
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
49 } |
|
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
50 return FALSE; |
| 0 | 51 } |
| 52 | |
|
10
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
53 gboolean |
|
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
54 is_privileged_user(uid_t uid) |
| 0 | 55 { |
|
87
3cbcc46c7d49
added a comment on how to make group uucp trusted too
meillo@marmaro.de
parents:
84
diff
changeset
|
56 /* uncomment these lines if you need the `uucp' group to be trusted too |
|
366
41958685480d
Switched to `type *name' style
markus schnalke <meillo@marmaro.de>
parents:
262
diff
changeset
|
57 struct group *grent = getgrnam("uucp"); |
|
87
3cbcc46c7d49
added a comment on how to make group uucp trusted too
meillo@marmaro.de
parents:
84
diff
changeset
|
58 |
|
3cbcc46c7d49
added a comment on how to make group uucp trusted too
meillo@marmaro.de
parents:
84
diff
changeset
|
59 if (is_ingroup(uid, grent->gr_gid)) { |
|
3cbcc46c7d49
added a comment on how to make group uucp trusted too
meillo@marmaro.de
parents:
84
diff
changeset
|
60 return TRUE; |
|
3cbcc46c7d49
added a comment on how to make group uucp trusted too
meillo@marmaro.de
parents:
84
diff
changeset
|
61 } |
|
3cbcc46c7d49
added a comment on how to make group uucp trusted too
meillo@marmaro.de
parents:
84
diff
changeset
|
62 */ |
|
3cbcc46c7d49
added a comment on how to make group uucp trusted too
meillo@marmaro.de
parents:
84
diff
changeset
|
63 |
|
10
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
64 return (uid == 0) || (uid == conf.mail_uid) || (is_ingroup(uid, conf.mail_gid)); |
| 0 | 65 } |
| 66 | |
|
10
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
67 void |
|
366
41958685480d
Switched to `type *name' style
markus schnalke <meillo@marmaro.de>
parents:
262
diff
changeset
|
68 set_euidgid(gint uid, gint gid, uid_t *old_uid, gid_t *old_gid) |
| 0 | 69 { |
|
10
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
70 if (old_uid) |
|
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
71 *old_uid = geteuid(); |
|
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
72 if (old_gid) |
|
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
73 *old_gid = getegid(); |
| 0 | 74 |
|
10
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
75 seteuid(0); |
|
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
76 |
|
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
77 if (setegid(gid) != 0) { |
|
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
78 logwrite(LOG_ALERT, "could not change gid to %d: %s\n", gid, strerror(errno)); |
|
262
fc1c6425c024
s/EXIT_SUCCESS/0/ && s/EXIT_FAILURE/1/
markus schnalke <meillo@marmaro.de>
parents:
224
diff
changeset
|
79 exit(1); |
|
10
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
80 } |
|
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
81 if (seteuid(uid) != 0) { |
|
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
82 logwrite(LOG_ALERT, "could not change uid to %d: %s\n", uid, strerror(errno)); |
|
262
fc1c6425c024
s/EXIT_SUCCESS/0/ && s/EXIT_FAILURE/1/
markus schnalke <meillo@marmaro.de>
parents:
224
diff
changeset
|
83 exit(1); |
|
10
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
84 } |
| 0 | 85 } |
| 86 | |
|
10
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
87 void |
|
366
41958685480d
Switched to `type *name' style
markus schnalke <meillo@marmaro.de>
parents:
262
diff
changeset
|
88 set_identity(uid_t old_uid, gchar *task_name) |
| 0 | 89 { |
|
10
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
90 if (!conf.run_as_user) { |
|
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
91 if (!is_privileged_user(old_uid)) { |
|
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
92 fprintf(stderr, "must be root, %s or in group %s for %s.\n", DEF_MAIL_USER, DEF_MAIL_GROUP, task_name); |
|
262
fc1c6425c024
s/EXIT_SUCCESS/0/ && s/EXIT_FAILURE/1/
markus schnalke <meillo@marmaro.de>
parents:
224
diff
changeset
|
93 exit(1); |
|
10
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
94 } |
| 0 | 95 |
|
10
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
96 set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL); |
|
26e34ae9a3e3
changed indention and line wrapping to a more consistent style
meillo@marmaro.de
parents:
0
diff
changeset
|
97 } |
| 0 | 98 } |