If mail_chroot ends with "/.", remove chroot prefix from home directory.

--HG--
branch : HEAD

diff --git a/dovecot-example.conf b/dovecot-example.conf
index f0f9137690f7a98ff4bbef5bf2092b57b824a1a0..b9c07d4e2cedff80e0ad6fbdfd77c253d2d719c4 100644 (file)
--- a/dovecot-example.conf
+++ b/dovecot-example.conf
@@ -380,7 +380,8 @@
 # specific users in user database by giving /./ in user's home directory
 # (eg. /home/./user chroots into /home). Note that usually there is no real
 # need to do chrooting, Dovecot doesn't allow users to access files outside
-# their mail directory anyway. <doc/wiki/Chrooting.txt>
+# their mail directory anyway. If your home directories are prefixed with
+# the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
 #mail_chroot = 
 
 ##

diff --git a/src/deliver/auth-client.c b/src/deliver/auth-client.c
index 568c5bd42d41b50ad1aa8b123b9464ef71bf0773..8a82344a853d9ecb68604f17ca66935425d4e691 100644 (file)
--- a/src/deliver/auth-client.c
+++ b/src/deliver/auth-client.c
@@ -96,7 +96,9 @@ static void auth_parse_input(struct auth_connection *conn, const char *args)
        uid_t uid = 0;
        gid_t gid = 0;
        const char *chroot = getenv("MAIL_CHROOT");
+       const char *home_dir = NULL;
        bool debug = getenv("DEBUG") != NULL;
+       unsigned int len;
 
        for (tmp = t_strsplit(args, "\t"); *tmp != NULL; tmp++) {
                if (debug)
@@ -124,7 +126,7 @@ static void auth_parse_input(struct auth_connection *conn, const char *args)
                        char *field = i_strdup(*tmp);
 
                        if (strncmp(field, "home=", 5) == 0)
-                               env_put(t_strconcat("HOME=", field + 5, NULL));
+                               home_dir = field + 5;
 
                        array_append(conn->extra_fields, &field, 1);
                }
@@ -160,8 +162,18 @@ static void auth_parse_input(struct auth_connection *conn, const char *args)
        if (conn->euid == 0 || getegid() != gid)
                env_put(t_strconcat("RESTRICT_SETGID=", dec2str(gid), NULL));
 
-       if (chroot != NULL)
+       if (chroot != NULL) {
+               len = strlen(chroot);
+               if (len > 2 && strcmp(chroot + len - 2, "/.") == 0 &&
+                   home_dir != NULL &&
+                   strncmp(home_dir, chroot, len - 2) == 0) {
+                       /* strip chroot dir from home dir */
+                       home_dir += len - 2;
+               }
                env_put(t_strconcat("RESTRICT_CHROOT=", chroot, NULL));
+       }
+       if (home_dir != NULL)
+               env_put(t_strconcat("HOME=", home_dir, NULL));
 
        extra_groups = getenv("MAIL_EXTRA_GROUPS");
        if (extra_groups != NULL) {

diff --git a/src/master/mail-process.c b/src/master/mail-process.c
index 1adbd6b1e9755da6e988dcba6b22043a58e0e8ff..c82a05bd084c7e35562f620496d4bffa4d4f4b7c 100644 (file)
--- a/src/master/mail-process.c
+++ b/src/master/mail-process.c
@@ -535,7 +535,7 @@ create_mail_process(enum process_type process_type, struct settings *set,
        uid_t uid;
        gid_t gid;
        ARRAY_DEFINE(extra_args, const char *);
-       unsigned int i, count, left, process_count, throttle;
+       unsigned int i, len, count, left, process_count, throttle;
        int ret, log_fd, nice, chdir_errno;
        bool home_given, nfs_check;
 
@@ -638,6 +638,12 @@ create_mail_process(enum process_type process_type, struct settings *set,
                        chroot_dir, user);
                return MASTER_LOGIN_STATUS_INTERNAL_ERROR;
        }
+       len = strlen(chroot_dir);
+       if (len > 2 && strcmp(chroot_dir + len - 2, "/.") == 0 &&
+           strncmp(home_dir, chroot_dir, len - 2) == 0) {
+               /* strip chroot dir from home dir */
+               home_dir += len - 2;
+       }
 
        if (!dump_capability) {
                throttle = set->mail_debug ? 0 :
@@ -736,7 +742,7 @@ create_mail_process(enum process_type process_type, struct settings *set,
        if (dump_capability)
                env_put("DUMP_CAPABILITY=1");
 
-       if (*home_dir == '\0') {
+       if (*home_dir == '\0' && *chroot_dir == '\0') {
                full_home_dir = "";
                ret = -1;
        } else {