lib-program-client, global: Remove program_client_parameters.restrict_set, home,...

No callers were actually trying to change them, and generally it wouldn't
even be possible. The processes using lib-program-client aren't running
as root. If different uid/gid/etc is wanted, tcp/unix drivers can be used.

diff --git a/src/lib-program-client/program-client-local.c b/src/lib-program-client/program-client-local.c
index 648269dbb70aff1e054363e431505bc2cc76b3c0..8db8a919dd1e943738d578035d9f5ef869035646 100644 (file)
--- a/src/lib-program-client/program-client-local.c
+++ b/src/lib-program-client/program-client-local.c
@@ -247,13 +247,6 @@ program_client_local_connect(struct program_client *pclient)
                        }
                }
 
-               /* if we want to allow root, then we will not drop
-                  root privileges */
-               restrict_access(&pclient->params.restrict_set,
-                               (pclient->params.allow_root ?
-                                       RESTRICT_ACCESS_FLAG_ALLOW_ROOT : 0),
-                               pclient->params.home);
-
                exec_child(plclient->bin_path, pclient->args, &pclient->envs,
                           fd_in[0], fd_out[1], child_extra_fds, event);
                i_unreached();

diff --git a/src/lib-program-client/program-client.c b/src/lib-program-client/program-client.c
index 6fd76e8e48a92dafe34a74d628c88957a0af528a..1f497cc551983381f8c938030cbfab20e3e09fcf 100644 (file)
--- a/src/lib-program-client/program-client.c
+++ b/src/lib-program-client/program-client.c
@@ -479,7 +479,6 @@ void program_client_init(struct program_client *pclient, pool_t pool,
                pclient->params = *params;
                pclient->params.dns_client_socket_path =
                        p_strdup(pool, params->dns_client_socket_path);
-               pclient->params.home = p_strdup(pool, params->home);
 
                pclient->event = event_create(params->event);
        }

diff --git a/src/lib-program-client/program-client.h b/src/lib-program-client/program-client.h
index 9090ebf16f8c0485217382c36385ca7ecf95c2cc..d62f951c4a654709b075926fd4fd7ca17c50015f 100644 (file)
--- a/src/lib-program-client/program-client.h
+++ b/src/lib-program-client/program-client.h
@@ -15,17 +15,11 @@ enum program_client_exit_status {
 struct program_client_parameters {
        unsigned int client_connect_timeout_msecs;
        unsigned int input_idle_timeout_msecs;
-       /* initialize with
-          restrict_access_init(&set.restrict_set);
-       */
-       struct restrict_access_settings restrict_set;
        const char *dns_client_socket_path;
-       const char *home;
 
        /* Event to use for the program client. */
        struct event *event;
 
-       bool allow_root:1;
        /* use o_stream_dot, which is mainly useful to make sure that an
           unexpectedly closed connection doesn't cause the partial input to
           be accepted as valid and complete program input. This is always

diff --git a/src/lib-program-client/test-program-client-local.c b/src/lib-program-client/test-program-client-local.c
index b680819cd5bf84c3a4f322ad24b62ede0622d771..b08e229ff1078c3a91bae2cad3698fc00539e3d8 100644 (file)
--- a/src/lib-program-client/test-program-client-local.c
+++ b/src/lib-program-client/test-program-client-local.c
@@ -26,12 +26,6 @@ static const char *pclient_test_io_string =
 static struct program_client_parameters pc_params = {
        .client_connect_timeout_msecs = 10000,
        .input_idle_timeout_msecs = 5000,
-       .restrict_set = {
-               .uid = (uid_t)-1,
-               .gid = (gid_t)-1,
-       },
-       /* we need to permit root when running make check as root */
-       .allow_root = TRUE,
 };
 
 static void test_program_success(void)

diff --git a/src/lib-smtp/smtp-submit.c b/src/lib-smtp/smtp-submit.c
index 5bc0513dd00a4768af43d4056e29c76d878e5b86..a947b39e1209d904e25d99d1ed8a3f3ca74efcf4 100644 (file)
--- a/src/lib-smtp/smtp-submit.c
+++ b/src/lib-smtp/smtp-submit.c
@@ -412,9 +412,6 @@ smtp_submit_send_sendmail(struct smtp_submit *subm)
        pc_params.input_idle_timeout_msecs = set->submission_timeout * 1000;
        pc_params.event = subm->event;
 
-       pc_params.allow_root = TRUE;
-       restrict_access_init(&pc_params.restrict_set);
-
        pc = program_client_local_create
                (sendmail_bin, array_front(&args), &pc_params);
 

diff --git a/src/plugins/quota/quota.c b/src/plugins/quota/quota.c
index aecc0d24d82fb1a22ac157ddbfbfc1b3619b69b1..16cd35cae129ca6988682d78860d95d1ea3a3285 100644 (file)
--- a/src/plugins/quota/quota.c
+++ b/src/plugins/quota/quota.c
@@ -1014,8 +1014,6 @@ static void quota_warning_execute(struct quota_root *root, const char *cmd,
        };
        struct program_client *pc;
 
-       restrict_access_init(&params.restrict_set);
-
        e_debug(root->quota->event, "Executing warning: %s (because %s)", cmd, reason);
 
        args = t_strsplit_spaces(cmd, " ");

diff --git a/src/plugins/welcome/welcome-plugin.c b/src/plugins/welcome/welcome-plugin.c
index 0b2fea8b744f26a6f7341b3ffba22816dad696e4..45d434d9e365b81f1180bad6d4c5a1625e0e19cc 100644 (file)
--- a/src/plugins/welcome/welcome-plugin.c
+++ b/src/plugins/welcome/welcome-plugin.c
@@ -47,15 +47,11 @@ static void script_finish(enum program_client_exit_status ret,
 
 static void script_execute(struct mail_user *user, const char *cmd, bool wait)
 {
-       const char *socket_path, *home, *const *args;
-
-       if (mail_user_get_home(user, &home) < 0)
-               home = NULL;
+       const char *socket_path, *const *args;
 
        struct program_client_parameters params = {
                .client_connect_timeout_msecs = 1000,
                .event = user->event,
-               .home = home,
        };
 
        e_debug(user->event, "welcome: Executing %s (wait=%d)", cmd, wait ? 1 : 0);