comparison src/permissions.c @ 10:26e34ae9a3e3

changed indention and line wrapping to a more consistent style
author meillo@marmaro.de
date Mon, 27 Oct 2008 16:23:10 +0100
parents 08114f7dcc23
children f671821d8222
comparison
equal deleted inserted replaced
9:31cc8a89cb74 10:26e34ae9a3e3
19 #include "masqmail.h" 19 #include "masqmail.h"
20 #include <pwd.h> 20 #include <pwd.h>
21 #include <grp.h> 21 #include <grp.h>
22 22
23 /* is there really no function in libc for this? */ 23 /* is there really no function in libc for this? */
24 gboolean is_ingroup(uid_t uid, gid_t gid) 24 gboolean
25 is_ingroup(uid_t uid, gid_t gid)
25 { 26 {
26 struct group *grent = getgrgid(gid); 27 struct group *grent = getgrgid(gid);
27 28
28 if(grent){ 29 if (grent) {
29 struct passwd *pwent = getpwuid(uid); 30 struct passwd *pwent = getpwuid(uid);
30 if(pwent){ 31 if (pwent) {
31 char *entry; 32 char *entry;
32 int i = 0; 33 int i = 0;
33 while((entry = grent->gr_mem[i++])){ 34 while ((entry = grent->gr_mem[i++])) {
34 if(strcmp(pwent->pw_name, entry) == 0) 35 if (strcmp(pwent->pw_name, entry) == 0)
35 return TRUE; 36 return TRUE;
36 } 37 }
37 } 38 }
38 } 39 }
39 return FALSE; 40 return FALSE;
40 } 41 }
41 42
42 gboolean is_privileged_user(uid_t uid) 43 gboolean
44 is_privileged_user(uid_t uid)
43 { 45 {
44 return (uid == 0) || (uid == conf.mail_uid) || (is_ingroup(uid, conf.mail_gid)); 46 return (uid == 0) || (uid == conf.mail_uid) || (is_ingroup(uid, conf.mail_gid));
45 } 47 }
46 48
47 void set_euidgid(gint uid, gint gid, uid_t *old_uid, gid_t *old_gid) 49 void
50 set_euidgid(gint uid, gint gid, uid_t * old_uid, gid_t * old_gid)
48 { 51 {
49 if(old_uid) *old_uid = geteuid(); 52 if (old_uid)
50 if(old_gid) *old_gid = getegid(); 53 *old_uid = geteuid();
54 if (old_gid)
55 *old_gid = getegid();
51 56
52 seteuid(0); 57 seteuid(0);
53 58
54 if(setegid(gid) != 0){ 59 if (setegid(gid) != 0) {
55 logwrite(LOG_ALERT, "could not change gid to %d: %s\n", 60 logwrite(LOG_ALERT, "could not change gid to %d: %s\n", gid, strerror(errno));
56 gid, strerror(errno)); 61 exit(EXIT_FAILURE);
57 exit(EXIT_FAILURE); 62 }
58 } 63 if (seteuid(uid) != 0) {
59 if(seteuid(uid) != 0){ 64 logwrite(LOG_ALERT, "could not change uid to %d: %s\n", uid, strerror(errno));
60 logwrite(LOG_ALERT, "could not change uid to %d: %s\n", 65 exit(EXIT_FAILURE);
61 uid, strerror(errno)); 66 }
62 exit(EXIT_FAILURE);
63 }
64 } 67 }
65 68
66 void set_identity(uid_t old_uid, gchar *task_name) 69 void
70 set_identity(uid_t old_uid, gchar * task_name)
67 { 71 {
68 if(!conf.run_as_user){ 72 if (!conf.run_as_user) {
69 if(!is_privileged_user(old_uid)){ 73 if (!is_privileged_user(old_uid)) {
70 fprintf(stderr, 74 fprintf(stderr, "must be root, %s or in group %s for %s.\n", DEF_MAIL_USER, DEF_MAIL_GROUP, task_name);
71 "must be root, %s or in group %s for %s.\n", 75 exit(EXIT_FAILURE);
72 DEF_MAIL_USER, DEF_MAIL_GROUP, task_name); 76 }
73 exit(EXIT_FAILURE);
74 }
75 77
76 set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL); 78 set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL);
77 } 79 }
78 } 80 }