From: Timo Sirainen Date: Fri, 10 Apr 2009 00:26:30 +0000 (-0400) Subject: Removed unnecessary code. X-Git-Tag: 2.0.alpha1~992 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c1f1b82bf90ccec67c2af620ed76d21330f917ec;p=thirdparty%2Fdovecot%2Fcore.git Removed unnecessary code. --HG-- branch : HEAD --- diff --git a/src/deliver/auth-client.c b/src/deliver/auth-client.c deleted file mode 100644 index c52e8e2b3d..0000000000 --- a/src/deliver/auth-client.c +++ /dev/null @@ -1,153 +0,0 @@ -/* Copyright (c) 2005-2009 Dovecot authors, see the included COPYING file */ - -#include "lib.h" -#include "array.h" -#include "ioloop.h" -#include "network.h" -#include "istream.h" -#include "ostream.h" -#include "env-util.h" -#include "restrict-access.h" -#include "deliver.h" -#include "auth-client.h" -#include "auth-master.h" - -#include -#include -#include -#include -#include - -static bool parse_uid(const char *str, uid_t *uid_r) -{ - struct passwd *pw; - char *p; - - if (*str >= '0' && *str <= '9') { - *uid_r = (uid_t)strtoul(str, &p, 10); - if (*p == '\0') - return TRUE; - } - - pw = getpwnam(str); - if (pw == NULL) - return FALSE; - - *uid_r = pw->pw_uid; - return TRUE; -} - -static bool parse_gid(const char *str, gid_t *gid_r) -{ - struct group *gr; - char *p; - - if (*str >= '0' && *str <= '9') { - *gid_r = (gid_t)strtoul(str, &p, 10); - if (*p == '\0') - return TRUE; - } - - gr = getgrnam(str); - if (gr == NULL) - return FALSE; - - *gid_r = gr->gr_gid; - return TRUE; -} - -static int set_env(struct auth_user_reply *reply, - const char *user, uid_t euid) -{ - const char *extra_groups; - unsigned int len; - - if (reply->uid == 0) { - i_error("userdb(%s) returned 0 as uid", user); - return -1; - } else if (reply->uid == (uid_t)-1) { - if (*deliver_set->mail_uid != '\0') { - if (!parse_uid(deliver_set->mail_uid, &reply->uid) || - reply->uid == 0) { - i_error("mail_uid setting is invalid"); - return -1; - } - } else { - i_error("User %s is missing UID (set mail_uid)", user); - return -1; - } - } - if (reply->gid == 0) { - i_error("userdb(%s) returned 0 as gid", user); - return -1; - } else if (reply->gid == (gid_t)-1) { - if (*deliver_set->mail_gid != '\0') { - if (!parse_gid(deliver_set->mail_gid, &reply->gid) || - reply->gid == 0) { - i_error("mail_gid setting is invalid"); - return -1; - } - } else { - i_error("User %s is missing GID (set mail_gid)", user); - return -1; - } - } - - if (euid != reply->uid) { - env_put(t_strconcat("RESTRICT_SETUID=", - dec2str(reply->uid), NULL)); - } - if (euid == 0 || getegid() != reply->gid) { - env_put(t_strconcat("RESTRICT_SETGID=", - dec2str(reply->gid), NULL)); - } - - if (reply->chroot == NULL) - reply->chroot = deliver_set->mail_chroot; - if (reply->chroot != NULL) { - len = strlen(reply->chroot); - if (len > 2 && strcmp(reply->chroot + len - 2, "/.") == 0 && - reply->home != NULL && - strncmp(reply->home, reply->chroot, len - 2) == 0) { - /* strip chroot dir from home dir */ - reply->home += len - 2; - } - env_put(t_strconcat("RESTRICT_CHROOT=", reply->chroot, NULL)); - } - if (reply->home != NULL) - env_put(t_strconcat("HOME=", reply->home, NULL)); - - extra_groups = deliver_set->mail_access_groups; - if (extra_groups != NULL) { - env_put(t_strconcat("RESTRICT_SETEXTRAGROUPS=", - extra_groups, NULL)); - } - return 0; -} - -int auth_client_lookup_and_restrict(const char *auth_socket, bool debug, - const char **user, uid_t euid, pool_t pool, - ARRAY_TYPE(const_string) *extra_fields_r) -{ - struct auth_master_connection *conn; - struct auth_user_reply reply; - int ret = EX_TEMPFAIL; - - conn = auth_master_init(auth_socket, debug); - switch (auth_master_user_lookup(conn, *user, "deliver", pool, &reply)) { - case 0: - ret = EX_NOUSER; - break; - case 1: - if (set_env(&reply, *user, euid) == 0) { - *user = p_strdup(pool, reply.user); - restrict_access_by_env(getenv("HOME"), TRUE); - ret = EX_OK; - } - break; - } - - *extra_fields_r = reply.extra_fields; - auth_master_deinit(&conn); - return ret; -} diff --git a/src/deliver/auth-client.h b/src/deliver/auth-client.h deleted file mode 100644 index 1d9dbe1d8e..0000000000 --- a/src/deliver/auth-client.h +++ /dev/null @@ -1,8 +0,0 @@ -#ifndef AUTH_CLIENT_H -#define AUTH_CLIENT_H - -int auth_client_lookup_and_restrict(const char *auth_socket, bool debug, - const char **user, uid_t euid, pool_t pool, - ARRAY_TYPE(const_string) *extra_fields_r); - -#endif diff --git a/src/plugins/expire/auth-client.c b/src/plugins/expire/auth-client.c deleted file mode 100644 index 86ee2dff26..0000000000 --- a/src/plugins/expire/auth-client.c +++ /dev/null @@ -1,91 +0,0 @@ -/* Copyright (c) 2005-2009 Dovecot authors, see the included COPYING file */ - -#include "lib.h" -#include "array.h" -#include "env-util.h" -#include "restrict-access.h" -#include "str.h" -#include "auth-client.h" -#include "auth-master.h" - -#include -#include - -static uid_t current_uid = 0; - -static void auth_set_env(const char *user, struct auth_user_reply *reply) -{ - const char *const *fields, *key, *value; - string_t *expanded_vars; - unsigned int i, count; - - if (reply->gid != (gid_t)-1 && getegid() != reply->gid) { - env_put(t_strconcat("RESTRICT_SETGID=", - dec2str(reply->gid), NULL)); - } - if (reply->chroot != NULL) - env_put(t_strconcat("RESTRICT_CHROOT=", reply->chroot, NULL)); - - if (reply->home == NULL) { - /* we must have a home directory */ - i_error("userdb(%s) didn't return a home directory", user); - return; - } - if (reply->uid == (uid_t)-1) { - i_error("userdb(%s) didn't return uid", user); - return; - } - - if (reply->uid != current_uid && current_uid != 0) { - /* we're changing the UID, switch back to root */ - if (seteuid(0) != 0) - i_fatal("seteuid(0) failed: %m"); - current_uid = 0; - } - - /* change GID */ - restrict_access_by_env(getenv("HOME"), FALSE); - - /* we'll change only effective UID. This is a bit unfortunate since - it allows reverting back to root, but we'll have to be able to - access different users' mailboxes.. */ - if (reply->uid != current_uid) { - if (seteuid(reply->uid) < 0) - i_fatal("seteuid(%s) failed: %m", dec2str(reply->uid)); - current_uid = reply->uid; - } - - expanded_vars = t_str_new(128); - str_append(expanded_vars, "VARS_EXPANDED="); - fields = array_get(&reply->extra_fields, &count); - for (i = 0; i < count; i++) { - key = t_strcut(fields[i], '='); - value = strchr(fields[i], '='); - if (value != NULL) - value++; - else - value = "1"; - env_put(t_strconcat(t_str_ucase(key), "=", value, NULL)); - - str_append(expanded_vars, key); - str_append_c(expanded_vars, ' '); - } - env_put(str_c(expanded_vars)); - env_put(t_strconcat("HOME=", reply->home, NULL)); -} - -int auth_client_put_user_env(struct auth_master_connection *conn, - const char *user) -{ - struct auth_user_reply reply; - pool_t pool; - int ret; - - pool = pool_alloconly_create("userdb lookup", 512); - ret = auth_master_user_lookup(conn, user, MASTER_SERVICE_INTERNAL, - pool, &reply); - if (ret > 0) - auth_set_env(user, &reply); - pool_unref(&pool); - return ret; -} diff --git a/src/plugins/expire/auth-client.h b/src/plugins/expire/auth-client.h deleted file mode 100644 index 73263b43fe..0000000000 --- a/src/plugins/expire/auth-client.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef AUTH_CLIENT_H -#define AUTH_CLIENT_H - -struct auth_master_connection; - -/* Returns -1 = error, 0 = user not found, 1 = ok */ -int auth_client_put_user_env(struct auth_master_connection *conn, - const char *user); - -#endif