diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/Makefile.am | 1 | ||||
-rw-r--r-- | src/config.c | 82 | ||||
-rw-r--r-- | src/directive.c | 2 | ||||
-rw-r--r-- | src/diskio.c | 68 | ||||
-rw-r--r-- | src/lock.c | 2 | ||||
-rw-r--r-- | src/mail.c | 2 | ||||
-rw-r--r-- | src/triplet.c | 6 | ||||
-rw-r--r-- | src/userprivs.c | 118 | ||||
-rw-r--r-- | src/wydawca.c | 90 | ||||
-rw-r--r-- | src/wydawca.h | 14 |
10 files changed, 260 insertions, 125 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index c91669e..993ce0d 100644 --- a/src/Makefile.am +++ b/src/Makefile.am | |||
@@ -36,6 +36,7 @@ wydawca_SOURCES=\ | |||
36 | sql.h\ | 36 | sql.h\ |
37 | tcpwrap.c\ | 37 | tcpwrap.c\ |
38 | triplet.c\ | 38 | triplet.c\ |
39 | userprivs.c\ | ||
39 | verify.c\ | 40 | verify.c\ |
40 | wydawca.c\ | 41 | wydawca.c\ |
41 | wydawca.h\ | 42 | wydawca.h\ |
diff --git a/src/config.c b/src/config.c index b1f339f..b6e2533 100644 --- a/src/config.c +++ b/src/config.c | |||
@@ -978,6 +978,7 @@ cb_access_method_params (enum gconf_callback_command cmd, | |||
978 | 978 | ||
979 | meth->parmv[i] = xstrdup (vp->v.string); | 979 | meth->parmv[i] = xstrdup (vp->v.string); |
980 | } | 980 | } |
981 | gl_list_iterator_free (&itr); | ||
981 | meth->parmv[i] = NULL; | 982 | meth->parmv[i] = NULL; |
982 | } | 983 | } |
983 | return 0; | 984 | return 0; |
@@ -1224,6 +1225,82 @@ cb_spool (enum gconf_callback_command cmd, | |||
1224 | } | 1225 | } |
1225 | 1226 | ||
1226 | 1227 | ||
1228 | static int | ||
1229 | cb_user (enum gconf_callback_command cmd, | ||
1230 | gconf_locus_t *locus, | ||
1231 | void *varptr, | ||
1232 | gconf_value_t *value, | ||
1233 | void *cb_data) | ||
1234 | { | ||
1235 | int rc; | ||
1236 | struct passwd *pw; | ||
1237 | |||
1238 | if (assert_string_arg (locus, cmd, value)) | ||
1239 | return 1; | ||
1240 | |||
1241 | pw = getpwnam (value->v.string); | ||
1242 | if (!pw) | ||
1243 | { | ||
1244 | gconf_error (locus, 0, _("no such user: %s"), value->v.string); | ||
1245 | return 1; | ||
1246 | } | ||
1247 | |||
1248 | wydawca_uid = pw->pw_uid; | ||
1249 | wydawca_gid = pw->pw_gid; | ||
1250 | return 0; | ||
1251 | } | ||
1252 | |||
1253 | static int | ||
1254 | cb_supp_groups (enum gconf_callback_command cmd, | ||
1255 | gconf_locus_t *locus, | ||
1256 | void *varptr, | ||
1257 | gconf_value_t *value, | ||
1258 | void *cb_data) | ||
1259 | { | ||
1260 | if (cmd != gconf_callback_set_value) | ||
1261 | { | ||
1262 | gconf_error (locus, 0, _("Unexpected block statement")); | ||
1263 | return 1; | ||
1264 | } | ||
1265 | if (!value || value->type != GCONF_TYPE_LIST) | ||
1266 | { | ||
1267 | gconf_error (locus, 0, _("expected list value")); | ||
1268 | return 1; | ||
1269 | } | ||
1270 | |||
1271 | wydawca_supp_groupc = gl_list_size (value->v.list); | ||
1272 | if (wydawca_supp_groupc == 0) | ||
1273 | wydawca_supp_groups = NULL; | ||
1274 | else | ||
1275 | { | ||
1276 | int i; | ||
1277 | gl_list_iterator_t itr; | ||
1278 | const void *p; | ||
1279 | |||
1280 | wydawca_supp_groups = xcalloc (wydawca_supp_groupc, | ||
1281 | sizeof (wydawca_supp_groups[0])); | ||
1282 | itr = gl_list_iterator (value->v.list); | ||
1283 | for (i = 0; gl_list_iterator_next (&itr, &p, NULL); i++) | ||
1284 | { | ||
1285 | const gconf_value_t *vp = p; | ||
1286 | struct group *grp; | ||
1287 | |||
1288 | if (assert_string_arg (locus, cmd, vp)) | ||
1289 | break; | ||
1290 | grp = getgrnam (vp->v.string); | ||
1291 | if (!grp) | ||
1292 | { | ||
1293 | gconf_error (locus, 0, _("no such group: %s"), value->v.string); | ||
1294 | break; | ||
1295 | } | ||
1296 | wydawca_supp_groups[i] = grp->gr_gid; | ||
1297 | } | ||
1298 | gl_list_iterator_free (&itr); | ||
1299 | } | ||
1300 | return 0; | ||
1301 | } | ||
1302 | |||
1303 | |||
1227 | 1304 | ||
1228 | static struct gconf_keyword wydawca_kw[] = { | 1305 | static struct gconf_keyword wydawca_kw[] = { |
1229 | { "daemon", NULL, N_("Enable daemon mode"), | 1306 | { "daemon", NULL, N_("Enable daemon mode"), |
@@ -1237,6 +1314,11 @@ static struct gconf_keyword wydawca_kw[] = { | |||
1237 | { "pidfile", N_("file"), N_("Set pid file name"), | 1314 | { "pidfile", N_("file"), N_("Set pid file name"), |
1238 | gconf_type_string, &pidfile }, | 1315 | gconf_type_string, &pidfile }, |
1239 | 1316 | ||
1317 | { "user", N_("name"), N_("Run with UID and GID of this user"), | ||
1318 | gconf_type_string, NULL, 0, cb_user }, | ||
1319 | { "group", NULL, N_("Retain these supplementary groups"), | ||
1320 | gconf_type_string|GCONF_LIST, NULL, 0, cb_supp_groups }, | ||
1321 | |||
1240 | { "locking", NULL, N_("Enable or disable locking"), | 1322 | { "locking", NULL, N_("Enable or disable locking"), |
1241 | gconf_type_bool, &enable_locking }, | 1323 | gconf_type_bool, &enable_locking }, |
1242 | { "lockdir", N_("dir"), N_("Set directory for lock files"), | 1324 | { "lockdir", N_("dir"), N_("Set directory for lock files"), |
diff --git a/src/directive.c b/src/directive.c index 2915fee..416095f 100644 --- a/src/directive.c +++ b/src/directive.c | |||
@@ -337,9 +337,7 @@ process_directives (struct file_triplet *trp, const struct spool *spool) | |||
337 | break; | 337 | break; |
338 | 338 | ||
339 | case filename_dir: | 339 | case filename_dir: |
340 | wydawca_set_root_privs (); | ||
341 | rc = verify_detached_signature (trp, spool); | 340 | rc = verify_detached_signature (trp, spool); |
342 | wydawca_set_triplet_privs (trp); | ||
343 | if (rc == 0) | 341 | if (rc == 0) |
344 | { | 342 | { |
345 | if (move_file (trp, spool, file_dist, relative_dir) | 343 | if (move_file (trp, spool, file_dist, relative_dir) |
diff --git a/src/diskio.c b/src/diskio.c index fbd1050..35ba71e 100644 --- a/src/diskio.c +++ b/src/diskio.c | |||
@@ -58,9 +58,9 @@ concat_dir (const char *base, const char *name, size_t *pbaselen) | |||
58 | } | 58 | } |
59 | 59 | ||
60 | /* Create the directory DIR, eventually creating all intermediate directories | 60 | /* Create the directory DIR, eventually creating all intermediate directories |
61 | starting from DIR + BASELEN, with owner UID and GID. */ | 61 | starting from DIR + BASELEN. */ |
62 | int | 62 | int |
63 | create_hierarchy (char *dir, size_t baselen, uid_t uid, gid_t gid) | 63 | create_hierarchy (char *dir, size_t baselen) |
64 | { | 64 | { |
65 | int rc; | 65 | int rc; |
66 | struct stat st; | 66 | struct stat st; |
@@ -92,7 +92,7 @@ create_hierarchy (char *dir, size_t baselen, uid_t uid, gid_t gid) | |||
92 | *p = 0; | 92 | *p = 0; |
93 | } | 93 | } |
94 | 94 | ||
95 | rc = create_hierarchy (dir, baselen, uid, gid); | 95 | rc = create_hierarchy (dir, baselen); |
96 | if (rc == 0) | 96 | if (rc == 0) |
97 | { | 97 | { |
98 | if (p) | 98 | if (p) |
@@ -103,11 +103,6 @@ create_hierarchy (char *dir, size_t baselen, uid_t uid, gid_t gid) | |||
103 | dir, strerror (errno)); | 103 | dir, strerror (errno)); |
104 | rc = 1; | 104 | rc = 1; |
105 | } | 105 | } |
106 | if (chown (dir, uid, gid)) | ||
107 | { | ||
108 | logmsg (LOG_NOTICE, _("cannot change ownership of %s: %s"), | ||
109 | dir, strerror (errno)); | ||
110 | } | ||
111 | } | 106 | } |
112 | return rc; | 107 | return rc; |
113 | } | 108 | } |
@@ -116,18 +111,14 @@ create_hierarchy (char *dir, size_t baselen, uid_t uid, gid_t gid) | |||
116 | NAME). Use UID and GID as owner ids. | 111 | NAME). Use UID and GID as owner ids. |
117 | Do nothing if dry_run_mode is set. */ | 112 | Do nothing if dry_run_mode is set. */ |
118 | char * | 113 | char * |
119 | create_directory (const char *base, const char *name, uid_t uid, gid_t gid) | 114 | create_directory (const char *base, const char *name) |
120 | { | 115 | { |
121 | size_t baselen; | 116 | size_t baselen; |
122 | char *dir = concat_dir (base, name, &baselen); | 117 | char *dir = concat_dir (base, name, &baselen); |
123 | 118 | ||
124 | if (!dry_run_mode) | 119 | if (!dry_run_mode) |
125 | { | 120 | { |
126 | int rc; | 121 | if (create_hierarchy (dir, baselen)) |
127 | wydawca_set_root_privs (); | ||
128 | rc = create_hierarchy (dir, baselen, uid, gid); | ||
129 | wydawca_set_privs (uid, gid); | ||
130 | if (rc) | ||
131 | { | 122 | { |
132 | free (dir); | 123 | free (dir); |
133 | dir = NULL; | 124 | dir = NULL; |
@@ -137,9 +128,9 @@ create_directory (const char *base, const char *name, uid_t uid, gid_t gid) | |||
137 | } | 128 | } |
138 | 129 | ||
139 | 130 | ||
140 | /* Copy FILE to DST_FILE, creating the latter with owner UID and GID. */ | 131 | /* Copy FILE to DST_FILE. */ |
141 | int | 132 | int |
142 | copy_file (const char *file, const char *dst_file, uid_t uid, gid_t gid) | 133 | copy_file (const char *file, const char *dst_file) |
143 | { | 134 | { |
144 | int in_fd, out_fd; | 135 | int in_fd, out_fd; |
145 | struct stat st; | 136 | struct stat st; |
@@ -223,10 +214,9 @@ copy_file (const char *file, const char *dst_file, uid_t uid, gid_t gid) | |||
223 | } | 214 | } |
224 | 215 | ||
225 | /* Move FILE to DST_FILE. If they reside on different devices, use copy_file | 216 | /* Move FILE to DST_FILE. If they reside on different devices, use copy_file |
226 | + unlink. | 217 | + unlink. */ |
227 | UID and GID give DST_FILE ownership. */ | ||
228 | int | 218 | int |
229 | do_move_file (const char *file, const char *dst_file, uid_t uid, gid_t gid) | 219 | do_move_file (const char *file, const char *dst_file) |
230 | { | 220 | { |
231 | int rc = 0; | 221 | int rc = 0; |
232 | 222 | ||
@@ -234,7 +224,7 @@ do_move_file (const char *file, const char *dst_file, uid_t uid, gid_t gid) | |||
234 | { |