masqmail
view src/permissions.c @ 310:f10a56dc7481
reworked online_detect to the simpler online_query
Only pipe is supported now. Use
online_query="/bin/cat /path/to/file"
instead of
online_detect=file
online_file=/path/to/file
and
online_query="/path/to/some/script foo"
instead of
online_detect=pipe
online_pipe="/path/to/some/script foo"
See man page masqmail.conf(5) and admin/config-transition.
author | meillo@marmaro.de |
---|---|
date | Sun, 24 Apr 2011 19:14:38 +0200 |
parents | 996b53a50f55 |
children | 41958685480d |
line source
1 /* MasqMail
2 Copyright (C) 2000 Oliver Kurth
3 Copyright (C) 2010 markus schnalke <meillo@marmaro.de>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18 */
20 #include <pwd.h>
21 #include <grp.h>
23 #include "masqmail.h"
25 /* is there really no function in libc for this? */
26 gboolean
27 is_ingroup(uid_t uid, gid_t gid)
28 {
29 struct group *grent = getgrgid(gid);
30 struct passwd *pwent = getpwuid(uid);
31 char *entry;
32 int i = 0;
34 if (!grent) {
35 return FALSE;
36 }
37 if (!pwent) {
38 return FALSE;
39 }
40 /* check primary group */
41 if (pwent->pw_gid == gid) {
42 return TRUE;
43 }
44 /* check secondary groups */
45 while ((entry = grent->gr_mem[i++])) {
46 if (strcmp(pwent->pw_name, entry) == 0)
47 return TRUE;
48 }
49 return FALSE;
50 }
52 gboolean
53 is_privileged_user(uid_t uid)
54 {
55 /* uncomment these lines if you need the `uucp' group to be trusted too
56 struct group* grent = getgrnam("uucp");
58 if (is_ingroup(uid, grent->gr_gid)) {
59 return TRUE;
60 }
61 */
63 return (uid == 0) || (uid == conf.mail_uid) || (is_ingroup(uid, conf.mail_gid));
64 }
66 void
67 set_euidgid(gint uid, gint gid, uid_t * old_uid, gid_t * old_gid)
68 {
69 if (old_uid)
70 *old_uid = geteuid();
71 if (old_gid)
72 *old_gid = getegid();
74 seteuid(0);
76 if (setegid(gid) != 0) {
77 logwrite(LOG_ALERT, "could not change gid to %d: %s\n", gid, strerror(errno));
78 exit(1);
79 }
80 if (seteuid(uid) != 0) {
81 logwrite(LOG_ALERT, "could not change uid to %d: %s\n", uid, strerror(errno));
82 exit(1);
83 }
84 }
86 void
87 set_identity(uid_t old_uid, gchar * task_name)
88 {
89 if (!conf.run_as_user) {
90 if (!is_privileged_user(old_uid)) {
91 fprintf(stderr, "must be root, %s or in group %s for %s.\n", DEF_MAIL_USER, DEF_MAIL_GROUP, task_name);
92 exit(1);
93 }
95 set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL);
96 }
97 }