]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d080f54)
auth: userdb passwd iteration now skips users not in first/last_valid_gid range
authorTimo Sirainen <timo.sirainen@dovecot.fi>
Tue, 28 Jun 2016 21:56:56 +0000 (00:56 +0300)
committerGitLab <gitlab@git.dovecot.net>
Wed, 29 Jun 2016 12:37:20 +0000 (15:37 +0300)
Patch by Michal Hlavinka / Red Hat

src/auth/auth-settings.c patch | blob | blame | history
src/auth/auth-settings.h patch | blob | blame | history
src/auth/userdb-passwd.c patch | blob | blame | history

diff --git a/src/auth/auth-settings.c b/src/auth/auth-settings.c
index c942819c1fb637199d7a24cfc1f25eb06ead8613..ea987cb6fde62593a62c350e3f998da265f8a887 100644 (file)
--- a/src/auth/auth-settings.c
+++ b/src/auth/auth-settings.c
@@ -264,6 +264,8 @@ static const struct setting_define auth_setting_defines[] = {
        DEF_NOPREFIX(SET_BOOL, verbose_proctitle),
        DEF_NOPREFIX(SET_UINT, first_valid_uid),
        DEF_NOPREFIX(SET_UINT, last_valid_uid),
+       DEF_NOPREFIX(SET_UINT, first_valid_gid),
+       DEF_NOPREFIX(SET_UINT, last_valid_gid),
 
        SETTING_DEFINE_LIST_END
 };
@@ -313,6 +315,8 @@ static const struct auth_settings auth_default_settings = {
        .verbose_proctitle = FALSE,
        .first_valid_uid = 500,
        .last_valid_uid = 0,
+       .first_valid_gid = 1,
+       .last_valid_gid = 0,
 };
 
 const struct setting_parser_info auth_setting_parser_info = {
diff --git a/src/auth/auth-settings.h b/src/auth/auth-settings.h
index 1313576a978d561e67974636ffa197bb4fb3306d..409653fd94f0b449d7db6d563e18437d191995f2 100644 (file)
--- a/src/auth/auth-settings.h
+++ b/src/auth/auth-settings.h
@@ -79,6 +79,8 @@ struct auth_settings {
        bool verbose_proctitle;
        unsigned int first_valid_uid;
        unsigned int last_valid_uid;
+       unsigned int first_valid_gid;
+       unsigned int last_valid_gid;
 
        /* generated: */
        char username_chars_map[256];
diff --git a/src/auth/userdb-passwd.c b/src/auth/userdb-passwd.c
index f50bcba18f157dd1cfe198a288db202696adce9e..a1f187140c91c7818c9156a2a44d8689520353ed 100644 (file)
--- a/src/auth/userdb-passwd.c
+++ b/src/auth/userdb-passwd.c
@@ -145,6 +145,10 @@ passwd_iterate_want_pw(struct passwd *pw, const struct auth_settings *set)
                return FALSE;
        if (pw->pw_uid > (uid_t)set->last_valid_uid && set->last_valid_uid != 0)
                return FALSE;
+       if (pw->pw_gid < (gid_t)set->first_valid_gid)
+               return FALSE;
+       if (pw->pw_gid > (gid_t)set->last_valid_gid && set->last_valid_gid != 0)
+               return FALSE;
        return TRUE;
 }
 
Mirror of https://github.com/dovecot/core.git