diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/Makefile.am | 1 | ||||
| -rw-r--r-- | src/config.c | 82 | ||||
| -rw-r--r-- | src/directive.c | 2 | ||||
| -rw-r--r-- | src/diskio.c | 68 | ||||
| -rw-r--r-- | src/lock.c | 2 | ||||
| -rw-r--r-- | src/mail.c | 2 | ||||
| -rw-r--r-- | src/triplet.c | 6 | ||||
| -rw-r--r-- | src/userprivs.c | 118 | ||||
| -rw-r--r-- | src/wydawca.c | 90 | ||||
| -rw-r--r-- | src/wydawca.h | 14 |
10 files changed, 260 insertions, 125 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index c91669e..993ce0d 100644 --- a/src/Makefile.am +++ b/src/Makefile.am | |||
| @@ -36,6 +36,7 @@ wydawca_SOURCES=\ | |||
| 36 | sql.h\ | 36 | sql.h\ |
| 37 | tcpwrap.c\ | 37 | tcpwrap.c\ |
| 38 | triplet.c\ | 38 | triplet.c\ |
| 39 | userprivs.c\ | ||
| 39 | verify.c\ | 40 | verify.c\ |
| 40 | wydawca.c\ | 41 | wydawca.c\ |
| 41 | wydawca.h\ | 42 | wydawca.h\ |
diff --git a/src/config.c b/src/config.c index b1f339f..b6e2533 100644 --- a/src/config.c +++ b/src/config.c | |||
| @@ -978,6 +978,7 @@ cb_access_method_params (enum gconf_callback_command cmd, | |||
| 978 | 978 | ||
| 979 | meth->parmv[i] = xstrdup (vp->v.string); | 979 | meth->parmv[i] = xstrdup (vp->v.string); |
| 980 | } | 980 | } |
| 981 | gl_list_iterator_free (&itr); | ||
| 981 | meth->parmv[i] = NULL; | 982 | meth->parmv[i] = NULL; |
| 982 | } | 983 | } |
| 983 | return 0; | 984 | return 0; |
| @@ -1224,6 +1225,82 @@ cb_spool (enum gconf_callback_command cmd, | |||
| 1224 | } | 1225 | } |
| 1225 | 1226 | ||
| 1226 | 1227 | ||
| 1228 | static int | ||
| 1229 | cb_user (enum gconf_callback_command cmd, | ||
| 1230 | gconf_locus_t *locus, | ||
| 1231 | void *varptr, | ||
| 1232 | gconf_value_t *value, | ||
| 1233 | void *cb_data) | ||
| 1234 | { | ||
| 1235 | int rc; | ||
| 1236 | struct passwd *pw; | ||
| 1237 | |||
| 1238 | if (assert_string_arg (locus, cmd, value)) | ||
| 1239 | return 1; | ||
| 1240 | |||
| 1241 | pw = getpwnam (value->v.string); | ||
| 1242 | if (!pw) | ||
| 1243 | { | ||
| 1244 | gconf_error (locus, 0, _("no such user: %s"), value->v.string); | ||
| 1245 | return 1; | ||
| 1246 | } | ||
| 1247 | |||
| 1248 | wydawca_uid = pw->pw_uid; | ||
| 1249 | wydawca_gid = pw->pw_gid; | ||
| 1250 | return 0; | ||
| 1251 | } | ||
| 1252 | |||
| 1253 | static int | ||
| 1254 | cb_supp_groups (enum gconf_callback_command cmd, | ||
| 1255 | gconf_locus_t *locus, | ||
| 1256 | void *varptr, | ||
| 1257 | gconf_value_t *value, | ||
| 1258 | void *cb_data) | ||
| 1259 | { | ||
| 1260 | if (cmd != gconf_callback_set_value) | ||
| 1261 | { | ||
| 1262 | gconf_error (locus, 0, _("Unexpected block statement")); | ||
| 1263 | return 1; | ||
| 1264 | } | ||
| 1265 | if (!value || value->type != GCONF_TYPE_LIST) | ||
| 1266 | { | ||
| 1267 | gconf_error (locus, 0, _("expected list value")); | ||
| 1268 | return 1; | ||
| 1269 | } | ||
| 1270 | |||
| 1271 | wydawca_supp_groupc = gl_list_size (value->v.list); | ||
| 1272 | if (wydawca_supp_groupc == 0) | ||
| 1273 | wydawca_supp_groups = NULL; | ||
| 1274 | else | ||
| 1275 | { | ||
| 1276 | int i; | ||
| 1277 | gl_list_iterator_t itr; | ||
| 1278 | const void *p; | ||
| 1279 | |||
| 1280 | wydawca_supp_groups = xcalloc (wydawca_supp_groupc, | ||
| 1281 | sizeof (wydawca_supp_groups[0])); | ||
| 1282 | itr = gl_list_iterator (value->v.list); | ||
| 1283 | for (i = 0; gl_list_iterator_next (&itr, &p, NULL); i++) | ||
| 1284 | { | ||
| 1285 | const gconf_value_t *vp = p; | ||
| 1286 | struct group *grp; | ||
| 1287 | |||
| 1288 | if (assert_string_arg (locus, cmd, vp)) | ||
| 1289 | break; | ||
| 1290 | grp = getgrnam (vp->v.string); | ||
| 1291 | if (!grp) | ||
| 1292 | { | ||
| 1293 | gconf_error (locus, 0, _("no such group: %s"), value->v.string); | ||
| 1294 | break; | ||
| 1295 | } | ||
| 1296 | wydawca_supp_groups[i] = grp->gr_gid; | ||
| 1297 | } | ||
| 1298 | gl_list_iterator_free (&itr); | ||
| 1299 | } | ||
| 1300 | return 0; | ||
| 1301 | } | ||
| 1302 | |||
| 1303 | |||
| 1227 | 1304 | ||
| 1228 | static struct gconf_keyword wydawca_kw[] = { | 1305 | static struct gconf_keyword wydawca_kw[] = { |
| 1229 | { "daemon", NULL, N_("Enable daemon mode"), | 1306 | { "daemon", NULL, N_("Enable daemon mode"), |
| @@ -1237,6 +1314,11 @@ static struct gconf_keyword wydawca_kw[] = { | |||
| 1237 | { "pidfile", N_("file"), N_("Set pid file name"), | 1314 | { "pidfile", N_("file"), N_("Set pid file name"), |
| 1238 | gconf_type_string, &pidfile }, | 1315 | gconf_type_string, &pidfile }, |
| 1239 | 1316 | ||
| 1317 | { "user", N_("name"), N_("Run with UID and GID of this user"), | ||
| 1318 | gconf_type_string, NULL, 0, cb_user }, | ||
| 1319 | { "group", NULL, N_("Retain these supplementary groups"), | ||
| 1320 | gconf_type_string|GCONF_LIST, NULL, 0, cb_supp_groups }, | ||
| 1321 | |||
| 1240 | { "locking", NULL, N_("Enable or disable locking"), | 1322 | { "locking", NULL, N_("Enable or disable locking"), |
| 1241 | gconf_type_bool, &enable_locking }, | 1323 | gconf_type_bool, &enable_locking }, |
| 1242 | { "lockdir", N_("dir"), N_("Set directory for lock files"), | 1324 | { "lockdir", N_("dir"), N_("Set directory for lock files"), |
diff --git a/src/directive.c b/src/directive.c index 2915fee..416095f 100644 --- a/src/directive.c +++ b/src/directive.c | |||
| @@ -337,9 +337,7 @@ process_directives (struct file_triplet *trp, const struct spool *spool) | |||
| 337 | break; | 337 | break; |
| 338 | 338 | ||
| 339 | case filename_dir: | 339 | case filename_dir: |
| 340 | wydawca_set_root_privs (); | ||
| 341 | rc = verify_detached_signature (trp, spool); | 340 | rc = verify_detached_signature (trp, spool); |
| 342 | wydawca_set_triplet_privs (trp); | ||
| 343 | if (rc == 0) | 341 | if (rc == 0) |
| 344 | { | 342 | { |
| 345 | if (move_file (trp, spool, file_dist, relative_dir) | 343 | if (move_file (trp, spool, file_dist, relative_dir) |
diff --git a/src/diskio.c b/src/diskio.c index fbd1050..35ba71e 100644 --- a/src/diskio.c +++ b/src/diskio.c | |||
| @@ -58,9 +58,9 @@ concat_dir (const char *base, const char *name, size_t *pbaselen) | |||
| 58 | } | 58 | } |
| 59 | 59 | ||
| 60 | /* Create the directory DIR, eventually creating all intermediate directories | 60 | /* Create the directory DIR, eventually creating all intermediate directories |
| 61 | starting from DIR + BASELEN, with owner UID and GID. */ | 61 | starting from DIR + BASELEN. */ |
| 62 | int | 62 | int |
| 63 | create_hierarchy (char *dir, size_t baselen, uid_t uid, gid_t gid) | 63 | create_hierarchy (char *dir, size_t baselen) |
| 64 | { | 64 | { |
| 65 | int rc; | 65 | int rc; |
| 66 | struct stat st; | 66 | struct stat st; |
| @@ -92,7 +92,7 @@ create_hierarchy (char *dir, size_t baselen, uid_t uid, gid_t gid) | |||
| 92 | *p = 0; | 92 | *p = 0; |
| 93 | } | 93 | } |
| 94 | 94 | ||
| 95 | rc = create_hierarchy (dir, baselen, uid, gid); | 95 | rc = create_hierarchy (dir, baselen); |
| 96 | if (rc == 0) | 96 | if (rc == 0) |
| 97 | { | 97 | { |
| 98 | if (p) | 98 | if (p) |
| @@ -103,11 +103,6 @@ create_hierarchy (char *dir, size_t baselen, uid_t uid, gid_t gid) | |||
| 103 | dir, strerror (errno)); | 103 | dir, strerror (errno)); |
| 104 | rc = 1; | 104 | rc = 1; |
| 105 | } | 105 | } |
| 106 | if (chown (dir, uid, gid)) | ||
| 107 | { | ||
| 108 | logmsg (LOG_NOTICE, _("cannot change ownership of %s: %s"), | ||
| 109 | dir, strerror (errno)); | ||
| 110 | } | ||
| 111 | } | 106 | } |
| 112 | return rc; | 107 | return rc; |
| 113 | } | 108 | } |
| @@ -116,18 +111,14 @@ create_hierarchy (char *dir, size_t baselen, uid_t uid, gid_t gid) | |||
| 116 | NAME). Use UID and GID as owner ids. | 111 | NAME). Use UID and GID as owner ids. |
| 117 | Do nothing if dry_run_mode is set. */ | 112 | Do nothing if dry_run_mode is set. */ |
| 118 | char * | 113 | char * |
| 119 | create_directory (const char *base, const char *name, uid_t uid, gid_t gid) | 114 | create_directory (const char *base, const char *name) |
| 120 | { | 115 | { |
| 121 | size_t baselen; | 116 | size_t baselen; |
| 122 | char *dir = concat_dir (base, name, &baselen); | 117 | char *dir = concat_dir (base, name, &baselen); |
| 123 | 118 | ||
| 124 | if (!dry_run_mode) | 119 | if (!dry_run_mode) |
| 125 | { | 120 | { |
| 126 | int rc; | 121 | if (create_hierarchy (dir, baselen)) |
| 127 | wydawca_set_root_privs (); | ||
| 128 | rc = create_hierarchy (dir, baselen, uid, gid); | ||
| 129 | wydawca_set_privs (uid, gid); | ||
| 130 | if (rc) | ||
| 131 | { | 122 | { |
| 132 | free (dir); | 123 | free (dir); |
| 133 | dir = NULL; | 124 | dir = NULL; |
| @@ -137,9 +128,9 @@ create_directory (const char *base, const char *name, uid_t uid, gid_t gid) | |||
| 137 | } | 128 | } |
| 138 | 129 | ||
| 139 | 130 | ||
| 140 | /* Copy FILE to DST_FILE, creating the latter with owner UID and GID. */ | 131 | /* Copy FILE to DST_FILE. */ |
| 141 | int | 132 | int |
| 142 | copy_file (const char *file, const char *dst_file, uid_t uid, gid_t gid) | 133 | copy_file (const char *file, const char *dst_file) |
| 143 | { | 134 | { |
| 144 | int in_fd, out_fd; | 135 | int in_fd, out_fd; |
| 145 | struct stat st; | 136 | struct stat st; |
| @@ -223,10 +214,9 @@ copy_file (const char *file, const char *dst_file, uid_t uid, gid_t gid) | |||
| 223 | } | 214 | } |
| 224 | 215 | ||
| 225 | /* Move FILE to DST_FILE. If they reside on different devices, use copy_file | 216 | /* Move FILE to DST_FILE. If they reside on different devices, use copy_file |
| 226 | + unlink. | 217 | + unlink. */ |
| 227 | UID and GID give DST_FILE ownership. */ | ||
| 228 | int | 218 | int |
| 229 | do_move_file (const char *file, const char *dst_file, uid_t uid, gid_t gid) | 219 | do_move_file (const char *file, const char *dst_file) |
| 230 | { | 220 | { |
| 231 | int rc = 0; | 221 | int rc = 0; |
| 232 | 222 | ||
| @@ -234,7 +224,7 @@ do_move_file (const char *file, const char *dst_file, uid_t uid, gid_t gid) | |||
| 234 | { | ||