masqmail
view src/permissions.c @ 87:3cbcc46c7d49
added a comment on how to make group uucp trusted too
this is intended to be a hack only for those who really need it
author | meillo@marmaro.de |
---|---|
date | Sat, 19 Jun 2010 18:52:19 +0200 |
parents | ffeff2c33799 |
children | 996b53a50f55 |
line source
1 /* MasqMail
2 Copyright (C) 2000 Oliver Kurth
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
17 */
19 #include <pwd.h>
20 #include <grp.h>
22 #include "masqmail.h"
24 /* is there really no function in libc for this? */
25 gboolean
26 is_ingroup(uid_t uid, gid_t gid)
27 {
28 struct group *grent = getgrgid(gid);
29 struct passwd *pwent = getpwuid(uid);
30 char *entry;
31 int i = 0;
33 if (!grent) {
34 return FALSE;
35 }
36 if (!pwent) {
37 return FALSE;
38 }
39 /* check primary group */
40 if (pwent->pw_gid == gid) {
41 return TRUE;
42 }
43 /* check secondary groups */
44 while ((entry = grent->gr_mem[i++])) {
45 if (strcmp(pwent->pw_name, entry) == 0)
46 return TRUE;
47 }
48 return FALSE;
49 }
51 gboolean
52 is_privileged_user(uid_t uid)
53 {
54 /* uncomment these lines if you need the `uucp' group to be trusted too
55 struct group* grent = getgrnam("uucp");
57 if (is_ingroup(uid, grent->gr_gid)) {
58 return TRUE;
59 }
60 */
62 return (uid == 0) || (uid == conf.mail_uid) || (is_ingroup(uid, conf.mail_gid));
63 }
65 void
66 set_euidgid(gint uid, gint gid, uid_t * old_uid, gid_t * old_gid)
67 {
68 if (old_uid)
69 *old_uid = geteuid();
70 if (old_gid)
71 *old_gid = getegid();
73 seteuid(0);
75 if (setegid(gid) != 0) {
76 logwrite(LOG_ALERT, "could not change gid to %d: %s\n", gid, strerror(errno));
77 exit(EXIT_FAILURE);
78 }
79 if (seteuid(uid) != 0) {
80 logwrite(LOG_ALERT, "could not change uid to %d: %s\n", uid, strerror(errno));
81 exit(EXIT_FAILURE);
82 }
83 }
85 void
86 set_identity(uid_t old_uid, gchar * task_name)
87 {
88 if (!conf.run_as_user) {
89 if (!is_privileged_user(old_uid)) {
90 fprintf(stderr, "must be root, %s or in group %s for %s.\n", DEF_MAIL_USER, DEF_MAIL_GROUP, task_name);
91 exit(EXIT_FAILURE);
92 }
94 set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL);
95 }
96 }