masqmail

diff src/permissions.c @ 0:08114f7dcc23

find changesets by author, revision, files, or words in the commit message
this is masqmail-0.2.21 from oliver kurth
author meillo@marmaro.de
date Fri, 26 Sep 2008 17:05:23 +0200
parents
children 26e34ae9a3e3
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/src/permissions.c	Fri Sep 26 17:05:23 2008 +0200
     1.3 @@ -0,0 +1,78 @@
     1.4 +/*  MasqMail
     1.5 +    Copyright (C) 2000 Oliver Kurth
     1.6 +
     1.7 +    This program is free software; you can redistribute it and/or modify
     1.8 +    it under the terms of the GNU General Public License as published by
     1.9 +    the Free Software Foundation; either version 2 of the License, or
    1.10 +    (at your option) any later version.
    1.11 +
    1.12 +    This program is distributed in the hope that it will be useful,
    1.13 +    but WITHOUT ANY WARRANTY; without even the implied warranty of
    1.14 +    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    1.15 +    GNU General Public License for more details.
    1.16 +
    1.17 +    You should have received a copy of the GNU General Public License
    1.18 +    along with this program; if not, write to the Free Software
    1.19 +    Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
    1.20 +*/
    1.21 +
    1.22 +#include "masqmail.h"
    1.23 +#include <pwd.h>
    1.24 +#include <grp.h>
    1.25 +
    1.26 +/* is there really no function in libc for this? */
    1.27 +gboolean is_ingroup(uid_t uid, gid_t gid)
    1.28 +{
    1.29 +  struct group *grent = getgrgid(gid);
    1.30 +
    1.31 +  if(grent){
    1.32 +    struct passwd *pwent = getpwuid(uid);
    1.33 +    if(pwent){
    1.34 +      char *entry;
    1.35 +      int i = 0;
    1.36 +      while((entry = grent->gr_mem[i++])){
    1.37 +	if(strcmp(pwent->pw_name, entry) == 0)
    1.38 +	  return TRUE;
    1.39 +      }
    1.40 +    }
    1.41 +  }
    1.42 +  return FALSE;
    1.43 +}
    1.44 +
    1.45 +gboolean is_privileged_user(uid_t uid)
    1.46 +{
    1.47 +  return (uid == 0) || (uid == conf.mail_uid) || (is_ingroup(uid, conf.mail_gid));
    1.48 +}
    1.49 +
    1.50 +void set_euidgid(gint uid, gint gid, uid_t *old_uid, gid_t *old_gid)
    1.51 +{
    1.52 +  if(old_uid) *old_uid = geteuid();
    1.53 +  if(old_gid) *old_gid = getegid();
    1.54 +
    1.55 +  seteuid(0);
    1.56 +
    1.57 +  if(setegid(gid) != 0){
    1.58 +    logwrite(LOG_ALERT, "could not change gid to %d: %s\n",
    1.59 +	     gid, strerror(errno));
    1.60 +    exit(EXIT_FAILURE);
    1.61 +  }
    1.62 +  if(seteuid(uid) != 0){
    1.63 +    logwrite(LOG_ALERT, "could not change uid to %d: %s\n",
    1.64 +	     uid, strerror(errno));
    1.65 +    exit(EXIT_FAILURE);
    1.66 +  }
    1.67 +}
    1.68 +
    1.69 +void set_identity(uid_t old_uid, gchar *task_name)
    1.70 +{
    1.71 +  if(!conf.run_as_user){
    1.72 +    if(!is_privileged_user(old_uid)){
    1.73 +      fprintf(stderr,
    1.74 +	      "must be root, %s or in group %s for %s.\n",
    1.75 +	      DEF_MAIL_USER, DEF_MAIL_GROUP, task_name);
    1.76 +      exit(EXIT_FAILURE);
    1.77 +    }
    1.78 +
    1.79 +    set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL);
    1.80 +  }
    1.81 +}