From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Thu, 26 Jan 2023 18:28:43 +0000 (+0200)
Subject: lib-storage: Fix using NO_RESTRICT_ACCESS flag with TEMP_PRIV_DROP
X-Git-Tag: 2.4.0~3114
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=383e8f75a08905b983753637121cc54d9170d21b;p=thirdparty%2Fdovecot%2Fcore.git

lib-storage: Fix using NO_RESTRICT_ACCESS flag with TEMP_PRIV_DROP

The following changes will use MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS
with e.g. shared user lookups. The process UID must not be changed in this
case. However, if MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP was set, the
code was still reseting UID to root, which isn't wanted.
---

diff --git a/src/lib-storage/mail-storage-service.c b/src/lib-storage/mail-storage-service.c
index cf4baba956..f1f5358781 100644
--- a/src/lib-storage/mail-storage-service.c
+++ b/src/lib-storage/mail-storage-service.c
@@ -1268,7 +1268,8 @@ mail_storage_service_lookup_real(struct mail_storage_service_ctx *ctx,
 	flags = mail_storage_service_input_get_flags(ctx, input);
 
 	if ((flags & MAIL_STORAGE_SERVICE_FLAG_TEMP_PRIV_DROP) != 0 &&
-	    geteuid() != 0) {
+	    geteuid() != 0 &&
+	    (flags & MAIL_STORAGE_SERVICE_FLAG_NO_RESTRICT_ACCESS) == 0) {
 		/* we dropped privileges only temporarily. switch back to root
 		   before reading settings, so we'll definitely have enough
 		   permissions to connect to the config socket. */