masqmail

view src/permissions.c @ 304:d5ce2ba71e7b

find changesets by author, revision, files, or words in the commit message
manual formating of Received: hdrs; changed hdr for local receival Now the Received: headers are much friendlier to read. About folding: We must fold any line at 998 chars before transfer. We should fold the lines we produce at 78 chars. That is what RFC 2821 requests. We should think about it, somewhen. The header for locally (i.e. non-SMTP) received mail is changed to the format postfix uses. This matches RFC 2821 better. The `from' clause should contain a domain or IP, not a user name. Also, the `with' clause should contain a registered standard protocol name, which ``local'' is not.
author markus schnalke <meillo@marmaro.de>
date Thu, 09 Dec 2010 18:28:11 -0300
parents 996b53a50f55
children 41958685480d
line source
1 /* MasqMail
2 Copyright (C) 2000 Oliver Kurth
3 Copyright (C) 2010 markus schnalke <meillo@marmaro.de>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18 */
19
20 #include <pwd.h>
21 #include <grp.h>
22
23 #include "masqmail.h"
24
25 /* is there really no function in libc for this? */
26 gboolean
27 is_ingroup(uid_t uid, gid_t gid)
28 {
29 struct group *grent = getgrgid(gid);
30 struct passwd *pwent = getpwuid(uid);
31 char *entry;
32 int i = 0;
33
34 if (!grent) {
35 return FALSE;
36 }
37 if (!pwent) {
38 return FALSE;
39 }
40 /* check primary group */
41 if (pwent->pw_gid == gid) {
42 return TRUE;
43 }
44 /* check secondary groups */
45 while ((entry = grent->gr_mem[i++])) {
46 if (strcmp(pwent->pw_name, entry) == 0)
47 return TRUE;
48 }
49 return FALSE;
50 }
51
52 gboolean
53 is_privileged_user(uid_t uid)
54 {
55 /* uncomment these lines if you need the `uucp' group to be trusted too
56 struct group* grent = getgrnam("uucp");
57
58 if (is_ingroup(uid, grent->gr_gid)) {
59 return TRUE;
60 }
61 */
62
63 return (uid == 0) || (uid == conf.mail_uid) || (is_ingroup(uid, conf.mail_gid));
64 }
65
66 void
67 set_euidgid(gint uid, gint gid, uid_t * old_uid, gid_t * old_gid)
68 {
69 if (old_uid)
70 *old_uid = geteuid();
71 if (old_gid)
72 *old_gid = getegid();
73
74 seteuid(0);
75
76 if (setegid(gid) != 0) {
77 logwrite(LOG_ALERT, "could not change gid to %d: %s\n", gid, strerror(errno));
78 exit(1);
79 }
80 if (seteuid(uid) != 0) {
81 logwrite(LOG_ALERT, "could not change uid to %d: %s\n", uid, strerror(errno));
82 exit(1);
83 }
84 }
85
86 void
87 set_identity(uid_t old_uid, gchar * task_name)
88 {
89 if (!conf.run_as_user) {
90 if (!is_privileged_user(old_uid)) {
91 fprintf(stderr, "must be root, %s or in group %s for %s.\n", DEF_MAIL_USER, DEF_MAIL_GROUP, task_name);
92 exit(1);
93 }
94
95 set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL);
96 }
97 }