Mercurial > masqmail
comparison src/permissions.c @ 0:08114f7dcc23 0.2.21
this is masqmail-0.2.21 from oliver kurth
| author | meillo@marmaro.de |
|---|---|
| date | Fri, 26 Sep 2008 17:05:23 +0200 |
| parents | |
| children | 26e34ae9a3e3 |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:08114f7dcc23 |
|---|---|
| 1 /* MasqMail | |
| 2 Copyright (C) 2000 Oliver Kurth | |
| 3 | |
| 4 This program is free software; you can redistribute it and/or modify | |
| 5 it under the terms of the GNU General Public License as published by | |
| 6 the Free Software Foundation; either version 2 of the License, or | |
| 7 (at your option) any later version. | |
| 8 | |
| 9 This program is distributed in the hope that it will be useful, | |
| 10 but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 12 GNU General Public License for more details. | |
| 13 | |
| 14 You should have received a copy of the GNU General Public License | |
| 15 along with this program; if not, write to the Free Software | |
| 16 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
| 17 */ | |
| 18 | |
| 19 #include "masqmail.h" | |
| 20 #include <pwd.h> | |
| 21 #include <grp.h> | |
| 22 | |
| 23 /* is there really no function in libc for this? */ | |
| 24 gboolean is_ingroup(uid_t uid, gid_t gid) | |
| 25 { | |
| 26 struct group *grent = getgrgid(gid); | |
| 27 | |
| 28 if(grent){ | |
| 29 struct passwd *pwent = getpwuid(uid); | |
| 30 if(pwent){ | |
| 31 char *entry; | |
| 32 int i = 0; | |
| 33 while((entry = grent->gr_mem[i++])){ | |
| 34 if(strcmp(pwent->pw_name, entry) == 0) | |
| 35 return TRUE; | |
| 36 } | |
| 37 } | |
| 38 } | |
| 39 return FALSE; | |
| 40 } | |
| 41 | |
| 42 gboolean is_privileged_user(uid_t uid) | |
| 43 { | |
| 44 return (uid == 0) || (uid == conf.mail_uid) || (is_ingroup(uid, conf.mail_gid)); | |
| 45 } | |
| 46 | |
| 47 void set_euidgid(gint uid, gint gid, uid_t *old_uid, gid_t *old_gid) | |
| 48 { | |
| 49 if(old_uid) *old_uid = geteuid(); | |
| 50 if(old_gid) *old_gid = getegid(); | |
| 51 | |
| 52 seteuid(0); | |
| 53 | |
| 54 if(setegid(gid) != 0){ | |
| 55 logwrite(LOG_ALERT, "could not change gid to %d: %s\n", | |
| 56 gid, strerror(errno)); | |
| 57 exit(EXIT_FAILURE); | |
| 58 } | |
| 59 if(seteuid(uid) != 0){ | |
| 60 logwrite(LOG_ALERT, "could not change uid to %d: %s\n", | |
| 61 uid, strerror(errno)); | |
| 62 exit(EXIT_FAILURE); | |
| 63 } | |
| 64 } | |
| 65 | |
| 66 void set_identity(uid_t old_uid, gchar *task_name) | |
| 67 { | |
| 68 if(!conf.run_as_user){ | |
| 69 if(!is_privileged_user(old_uid)){ | |
| 70 fprintf(stderr, | |
| 71 "must be root, %s or in group %s for %s.\n", | |
| 72 DEF_MAIL_USER, DEF_MAIL_GROUP, task_name); | |
| 73 exit(EXIT_FAILURE); | |
| 74 } | |
| 75 | |
| 76 set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL); | |
| 77 } | |
| 78 } |