lib-storage: Fix using NO_RESTRICT_ACCESS flag with TEMP_PRIV_DROP

The following changes will use MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS
with e.g. shared user lookups. The process UID must not be changed in this
case. However, if MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP was set, the
code was still reseting UID to root, which isn't wanted.

diff --git a/src/lib-storage/mail-storage-service.c b/src/lib-storage/mail-storage-service.c
index cf4baba95644ba5f6251057be9ad4f9b866c6c42..f1f53587816c2ba5e03e697c123b2ca6c8f808e2 100644 (file)
--- a/src/lib-storage/mail-storage-service.c
+++ b/src/lib-storage/mail-storage-service.c
@@ -1268,7 +1268,8 @@ mail_storage_service_lookup_real(struct mail_storage_service_ctx *ctx,
        flags = mail_storage_service_input_get_flags(ctx, input);
 
        if ((flags & MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP) != 0 &&
-           geteuid() != 0) {
+           geteuid() != 0 &&
+           (flags & MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS) == 0) {
                /* we dropped privileges only temporarily. switch back to root
                   before reading settings, so we'll definitely have enough
                   permissions to connect to the config socket. */