masqmail
view src/permissions.c @ 371:f122535c589e
Refactoring: early failure exit.
author | markus schnalke <meillo@marmaro.de> |
---|---|
date | Tue, 25 Oct 2011 13:51:43 +0200 |
parents | 41958685480d |
children |
line source
1 /*
2 ** MasqMail
3 ** Copyright (C) 2000 Oliver Kurth
4 ** Copyright (C) 2010 markus schnalke <meillo@marmaro.de>
5 **
6 ** This program is free software; you can redistribute it and/or modify
7 ** it under the terms of the GNU General Public License as published by
8 ** the Free Software Foundation; either version 2 of the License, or
9 ** (at your option) any later version.
10 **
11 ** This program is distributed in the hope that it will be useful,
12 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
13 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 ** GNU General Public License for more details.
15 **
16 ** You should have received a copy of the GNU General Public License
17 ** along with this program; if not, write to the Free Software
18 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19 */
21 #include <pwd.h>
22 #include <grp.h>
24 #include "masqmail.h"
26 /* is there really no function in libc for this? */
27 gboolean
28 is_ingroup(uid_t uid, gid_t gid)
29 {
30 struct group *grent = getgrgid(gid);
31 struct passwd *pwent = getpwuid(uid);
32 char *entry;
33 int i = 0;
35 if (!grent) {
36 return FALSE;
37 }
38 if (!pwent) {
39 return FALSE;
40 }
41 /* check primary group */
42 if (pwent->pw_gid == gid) {
43 return TRUE;
44 }
45 /* check secondary groups */
46 while ((entry = grent->gr_mem[i++])) {
47 if (strcmp(pwent->pw_name, entry) == 0)
48 return TRUE;
49 }
50 return FALSE;
51 }
53 gboolean
54 is_privileged_user(uid_t uid)
55 {
56 /* uncomment these lines if you need the `uucp' group to be trusted too
57 struct group *grent = getgrnam("uucp");
59 if (is_ingroup(uid, grent->gr_gid)) {
60 return TRUE;
61 }
62 */
64 return (uid == 0) || (uid == conf.mail_uid) || (is_ingroup(uid, conf.mail_gid));
65 }
67 void
68 set_euidgid(gint uid, gint gid, uid_t *old_uid, gid_t *old_gid)
69 {
70 if (old_uid)
71 *old_uid = geteuid();
72 if (old_gid)
73 *old_gid = getegid();
75 seteuid(0);
77 if (setegid(gid) != 0) {
78 logwrite(LOG_ALERT, "could not change gid to %d: %s\n", gid, strerror(errno));
79 exit(1);
80 }
81 if (seteuid(uid) != 0) {
82 logwrite(LOG_ALERT, "could not change uid to %d: %s\n", uid, strerror(errno));
83 exit(1);
84 }
85 }
87 void
88 set_identity(uid_t old_uid, gchar *task_name)
89 {
90 if (!conf.run_as_user) {
91 if (!is_privileged_user(old_uid)) {
92 fprintf(stderr, "must be root, %s or in group %s for %s.\n", DEF_MAIL_USER, DEF_MAIL_GROUP, task_name);
93 exit(1);
94 }
96 set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL);
97 }
98 }