Mercurial > masqmail
comparison src/permissions.c @ 10:26e34ae9a3e3
changed indention and line wrapping to a more consistent style
| author | meillo@marmaro.de |
|---|---|
| date | Mon, 27 Oct 2008 16:23:10 +0100 |
| parents | 08114f7dcc23 |
| children | f671821d8222 |
comparison
equal
deleted
inserted
replaced
| 9:31cc8a89cb74 | 10:26e34ae9a3e3 |
|---|---|
| 19 #include "masqmail.h" | 19 #include "masqmail.h" |
| 20 #include <pwd.h> | 20 #include <pwd.h> |
| 21 #include <grp.h> | 21 #include <grp.h> |
| 22 | 22 |
| 23 /* is there really no function in libc for this? */ | 23 /* is there really no function in libc for this? */ |
| 24 gboolean is_ingroup(uid_t uid, gid_t gid) | 24 gboolean |
| 25 is_ingroup(uid_t uid, gid_t gid) | |
| 25 { | 26 { |
| 26 struct group *grent = getgrgid(gid); | 27 struct group *grent = getgrgid(gid); |
| 27 | 28 |
| 28 if(grent){ | 29 if (grent) { |
| 29 struct passwd *pwent = getpwuid(uid); | 30 struct passwd *pwent = getpwuid(uid); |
| 30 if(pwent){ | 31 if (pwent) { |
| 31 char *entry; | 32 char *entry; |
| 32 int i = 0; | 33 int i = 0; |
| 33 while((entry = grent->gr_mem[i++])){ | 34 while ((entry = grent->gr_mem[i++])) { |
| 34 if(strcmp(pwent->pw_name, entry) == 0) | 35 if (strcmp(pwent->pw_name, entry) == 0) |
| 35 return TRUE; | 36 return TRUE; |
| 36 } | 37 } |
| 37 } | 38 } |
| 38 } | 39 } |
| 39 return FALSE; | 40 return FALSE; |
| 40 } | 41 } |
| 41 | 42 |
| 42 gboolean is_privileged_user(uid_t uid) | 43 gboolean |
| 44 is_privileged_user(uid_t uid) | |
| 43 { | 45 { |
| 44 return (uid == 0) || (uid == conf.mail_uid) || (is_ingroup(uid, conf.mail_gid)); | 46 return (uid == 0) || (uid == conf.mail_uid) || (is_ingroup(uid, conf.mail_gid)); |
| 45 } | 47 } |
| 46 | 48 |
| 47 void set_euidgid(gint uid, gint gid, uid_t *old_uid, gid_t *old_gid) | 49 void |
| 50 set_euidgid(gint uid, gint gid, uid_t * old_uid, gid_t * old_gid) | |
| 48 { | 51 { |
| 49 if(old_uid) *old_uid = geteuid(); | 52 if (old_uid) |
| 50 if(old_gid) *old_gid = getegid(); | 53 *old_uid = geteuid(); |
| 54 if (old_gid) | |
| 55 *old_gid = getegid(); | |
| 51 | 56 |
| 52 seteuid(0); | 57 seteuid(0); |
| 53 | 58 |
| 54 if(setegid(gid) != 0){ | 59 if (setegid(gid) != 0) { |
| 55 logwrite(LOG_ALERT, "could not change gid to %d: %s\n", | 60 logwrite(LOG_ALERT, "could not change gid to %d: %s\n", gid, strerror(errno)); |
| 56 gid, strerror(errno)); | 61 exit(EXIT_FAILURE); |
| 57 exit(EXIT_FAILURE); | 62 } |
| 58 } | 63 if (seteuid(uid) != 0) { |
| 59 if(seteuid(uid) != 0){ | 64 logwrite(LOG_ALERT, "could not change uid to %d: %s\n", uid, strerror(errno)); |
| 60 logwrite(LOG_ALERT, "could not change uid to %d: %s\n", | 65 exit(EXIT_FAILURE); |
| 61 uid, strerror(errno)); | 66 } |
| 62 exit(EXIT_FAILURE); | |
| 63 } | |
| 64 } | 67 } |
| 65 | 68 |
| 66 void set_identity(uid_t old_uid, gchar *task_name) | 69 void |
| 70 set_identity(uid_t old_uid, gchar * task_name) | |
| 67 { | 71 { |
| 68 if(!conf.run_as_user){ | 72 if (!conf.run_as_user) { |
| 69 if(!is_privileged_user(old_uid)){ | 73 if (!is_privileged_user(old_uid)) { |
| 70 fprintf(stderr, | 74 fprintf(stderr, "must be root, %s or in group %s for %s.\n", DEF_MAIL_USER, DEF_MAIL_GROUP, task_name); |
| 71 "must be root, %s or in group %s for %s.\n", | 75 exit(EXIT_FAILURE); |
| 72 DEF_MAIL_USER, DEF_MAIL_GROUP, task_name); | 76 } |
| 73 exit(EXIT_FAILURE); | |
| 74 } | |
| 75 | 77 |
| 76 set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL); | 78 set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL); |
| 77 } | 79 } |
| 78 } | 80 } |