masqmail
view src/permissions.c @ 421:f37384470855
Changed lockdir to /var/lock/masqmail; Create lockdir and piddir on startup.
Moved the lockdir out of the spool dir. (When /var/lock is a ramdisk
we do well to have the lock files there.) Added the new configure option
--with-lockdir to change that location. Nontheless, if we run_as_user,
then lock files are always stored in the spool dir directly.
Instead of installing the lockdir and piddir at installation time, we
create them on startup time now if they are missing. This is necessary
if lockdir or piddir are a tmpfs.
author | markus schnalke <meillo@marmaro.de> |
---|---|
date | Wed, 30 May 2012 09:38:38 +0200 |
parents | 41958685480d |
children |
line source
1 /*
2 ** MasqMail
3 ** Copyright (C) 2000 Oliver Kurth
4 ** Copyright (C) 2010 markus schnalke <meillo@marmaro.de>
5 **
6 ** This program is free software; you can redistribute it and/or modify
7 ** it under the terms of the GNU General Public License as published by
8 ** the Free Software Foundation; either version 2 of the License, or
9 ** (at your option) any later version.
10 **
11 ** This program is distributed in the hope that it will be useful,
12 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
13 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 ** GNU General Public License for more details.
15 **
16 ** You should have received a copy of the GNU General Public License
17 ** along with this program; if not, write to the Free Software
18 ** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19 */
21 #include <pwd.h>
22 #include <grp.h>
24 #include "masqmail.h"
26 /* is there really no function in libc for this? */
27 gboolean
28 is_ingroup(uid_t uid, gid_t gid)
29 {
30 struct group *grent = getgrgid(gid);
31 struct passwd *pwent = getpwuid(uid);
32 char *entry;
33 int i = 0;
35 if (!grent) {
36 return FALSE;
37 }
38 if (!pwent) {
39 return FALSE;
40 }
41 /* check primary group */
42 if (pwent->pw_gid == gid) {
43 return TRUE;
44 }
45 /* check secondary groups */
46 while ((entry = grent->gr_mem[i++])) {
47 if (strcmp(pwent->pw_name, entry) == 0)
48 return TRUE;
49 }
50 return FALSE;
51 }
53 gboolean
54 is_privileged_user(uid_t uid)
55 {
56 /* uncomment these lines if you need the `uucp' group to be trusted too
57 struct group *grent = getgrnam("uucp");
59 if (is_ingroup(uid, grent->gr_gid)) {
60 return TRUE;
61 }
62 */
64 return (uid == 0) || (uid == conf.mail_uid) || (is_ingroup(uid, conf.mail_gid));
65 }
67 void
68 set_euidgid(gint uid, gint gid, uid_t *old_uid, gid_t *old_gid)
69 {
70 if (old_uid)
71 *old_uid = geteuid();
72 if (old_gid)
73 *old_gid = getegid();
75 seteuid(0);
77 if (setegid(gid) != 0) {
78 logwrite(LOG_ALERT, "could not change gid to %d: %s\n", gid, strerror(errno));
79 exit(1);
80 }
81 if (seteuid(uid) != 0) {
82 logwrite(LOG_ALERT, "could not change uid to %d: %s\n", uid, strerror(errno));
83 exit(1);
84 }
85 }
87 void
88 set_identity(uid_t old_uid, gchar *task_name)
89 {
90 if (!conf.run_as_user) {
91 if (!is_privileged_user(old_uid)) {
92 fprintf(stderr, "must be root, %s or in group %s for %s.\n", DEF_MAIL_USER, DEF_MAIL_GROUP, task_name);
93 exit(1);
94 }
96 set_euidgid(conf.mail_uid, conf.mail_gid, NULL, NULL);
97 }
98 }