From: Timo Sirainen Date: Mon, 12 Aug 2024 09:20:59 +0000 (+0300) Subject: lib-program-client, global: Remove program_client_parameters.restrict_set, home,... X-Git-Tag: 2.4.0~432 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c535403eada07cc3c2234e775f863952a78d1a6c;p=thirdparty%2Fdovecot%2Fcore.git lib-program-client, global: Remove program_client_parameters.restrict_set, home, allow_root No callers were actually trying to change them, and generally it wouldn't even be possible. The processes using lib-program-client aren't running as root. If different uid/gid/etc is wanted, tcp/unix drivers can be used. --- diff --git a/src/lib-program-client/program-client-local.c b/src/lib-program-client/program-client-local.c index 648269dbb7..8db8a919dd 100644 --- a/src/lib-program-client/program-client-local.c +++ b/src/lib-program-client/program-client-local.c @@ -247,13 +247,6 @@ program_client_local_connect(struct program_client *pclient) } } - /* if we want to allow root, then we will not drop - root privileges */ - restrict_access(&pclient->params.restrict_set, - (pclient->params.allow_root ? - RESTRICT_ACCESS_FLAG_ALLOW_ROOT : 0), - pclient->params.home); - exec_child(plclient->bin_path, pclient->args, &pclient->envs, fd_in[0], fd_out[1], child_extra_fds, event); i_unreached(); diff --git a/src/lib-program-client/program-client.c b/src/lib-program-client/program-client.c index 6fd76e8e48..1f497cc551 100644 --- a/src/lib-program-client/program-client.c +++ b/src/lib-program-client/program-client.c @@ -479,7 +479,6 @@ void program_client_init(struct program_client *pclient, pool_t pool, pclient->params = *params; pclient->params.dns_client_socket_path = p_strdup(pool, params->dns_client_socket_path); - pclient->params.home = p_strdup(pool, params->home); pclient->event = event_create(params->event); } diff --git a/src/lib-program-client/program-client.h b/src/lib-program-client/program-client.h index 9090ebf16f..d62f951c4a 100644 --- a/src/lib-program-client/program-client.h +++ b/src/lib-program-client/program-client.h @@ -15,17 +15,11 @@ enum program_client_exit_status { struct program_client_parameters { unsigned int client_connect_timeout_msecs; unsigned int input_idle_timeout_msecs; - /* initialize with - restrict_access_init(&set.restrict_set); - */ - struct restrict_access_settings restrict_set; const char *dns_client_socket_path; - const char *home; /* Event to use for the program client. */ struct event *event; - bool allow_root:1; /* use o_stream_dot, which is mainly useful to make sure that an unexpectedly closed connection doesn't cause the partial input to be accepted as valid and complete program input. This is always diff --git a/src/lib-program-client/test-program-client-local.c b/src/lib-program-client/test-program-client-local.c index b680819cd5..b08e229ff1 100644 --- a/src/lib-program-client/test-program-client-local.c +++ b/src/lib-program-client/test-program-client-local.c @@ -26,12 +26,6 @@ static const char *pclient_test_io_string = static struct program_client_parameters pc_params = { .client_connect_timeout_msecs = 10000, .input_idle_timeout_msecs = 5000, - .restrict_set = { - .uid = (uid_t)-1, - .gid = (gid_t)-1, - }, - /* we need to permit root when running make check as root */ - .allow_root = TRUE, }; static void test_program_success(void) diff --git a/src/lib-smtp/smtp-submit.c b/src/lib-smtp/smtp-submit.c index 5bc0513dd0..a947b39e12 100644 --- a/src/lib-smtp/smtp-submit.c +++ b/src/lib-smtp/smtp-submit.c @@ -412,9 +412,6 @@ smtp_submit_send_sendmail(struct smtp_submit *subm) pc_params.input_idle_timeout_msecs = set->submission_timeout * 1000; pc_params.event = subm->event; - pc_params.allow_root = TRUE; - restrict_access_init(&pc_params.restrict_set); - pc = program_client_local_create (sendmail_bin, array_front(&args), &pc_params); diff --git a/src/plugins/quota/quota.c b/src/plugins/quota/quota.c index aecc0d24d8..16cd35cae1 100644 --- a/src/plugins/quota/quota.c +++ b/src/plugins/quota/quota.c @@ -1014,8 +1014,6 @@ static void quota_warning_execute(struct quota_root *root, const char *cmd, }; struct program_client *pc; - restrict_access_init(¶ms.restrict_set); - e_debug(root->quota->event, "Executing warning: %s (because %s)", cmd, reason); args = t_strsplit_spaces(cmd, " "); diff --git a/src/plugins/welcome/welcome-plugin.c b/src/plugins/welcome/welcome-plugin.c index 0b2fea8b74..45d434d9e3 100644 --- a/src/plugins/welcome/welcome-plugin.c +++ b/src/plugins/welcome/welcome-plugin.c @@ -47,15 +47,11 @@ static void script_finish(enum program_client_exit_status ret, static void script_execute(struct mail_user *user, const char *cmd, bool wait) { - const char *socket_path, *home, *const *args; - - if (mail_user_get_home(user, &home) < 0) - home = NULL; + const char *socket_path, *const *args; struct program_client_parameters params = { .client_connect_timeout_msecs = 1000, .event = user->event, - .home = home, }; e_debug(user->event, "welcome: Executing %s (wait=%d)", cmd, wait ? 1 : 0);