diff options
author | Daichi GOTO <daichi@FreeBSD.org> | 2003-06-27 04:34:39 +0000 |
---|---|---|
committer | Daichi GOTO <daichi@FreeBSD.org> | 2003-06-27 04:34:39 +0000 |
commit | 83a3a4bb088725a362a0ddda96d09f8eb5be38d5 (patch) | |
tree | 369a9b11cb82dc5d57d201226e442a73647e1e45 /mail | |
parent | 46e7b8c896f1d25ef46c77f38ab041acddf1f8f8 (diff) | |
download | ports-83a3a4bb088725a362a0ddda96d09f8eb5be38d5.tar.gz ports-83a3a4bb088725a362a0ddda96d09f8eb5be38d5.zip |
Notes
Diffstat (limited to 'mail')
-rw-r--r-- | mail/dovecot-devel/files/patch-allow-zero-gid | 172 | ||||
-rw-r--r-- | mail/dovecot/files/patch-allow-zero-gid | 172 |
2 files changed, 0 insertions, 344 deletions
diff --git a/mail/dovecot-devel/files/patch-allow-zero-gid b/mail/dovecot-devel/files/patch-allow-zero-gid deleted file mode 100644 index ac8f08b63cab..000000000000 --- a/mail/dovecot-devel/files/patch-allow-zero-gid +++ /dev/null @@ -1,172 +0,0 @@ -Index: src/lib/restrict-access.c -=================================================================== -RCS file: /home/cvs/dovecot/src/lib/restrict-access.c,v -retrieving revision 1.10 -diff -u -3 -p -r1.10 restrict-access.c ---- src/lib/restrict-access.c 4 Mar 2003 04:00:13 -0000 1.10 -+++ src/lib/restrict-access.c 15 Apr 2003 17:37:26 -0000 -@@ -31,12 +31,14 @@ - #include <grp.h> - - void restrict_access_set_env(const char *user, uid_t uid, gid_t gid, -- const char *chroot_dir) -+ const char *chroot_dir, int allow_zg) - { - if (user != NULL && *user != '\0') - env_put(t_strconcat("RESTRICT_USER=", user, NULL)); - if (chroot_dir != NULL && *chroot_dir != '\0') - env_put(t_strconcat("RESTRICT_CHROOT=", chroot_dir, NULL)); -+ if (allow_zg == TRUE) -+ env_put(t_strdup("ALLOW_ZERO_GID=TRUE")); - - env_put(t_strdup_printf("RESTRICT_SETUID=%s", dec2str(uid))); - env_put(t_strdup_printf("RESTRICT_SETGID=%s", dec2str(gid))); -@@ -45,6 +47,7 @@ void restrict_access_set_env(const char - void restrict_access_by_env(int disallow_root) - { - const char *env; -+ int allow_zero_gid; - gid_t gid; - uid_t uid; - -@@ -97,8 +100,14 @@ void restrict_access_by_env(int disallow - i_fatal("We couldn't drop root privileges"); - } - -- if ((gid != 0 && uid != 0) || disallow_root) { -+ /* allow users with zero group id permission for BSD */ -+ env = getenv("ALLOW_ZERO_GID"); -+ allow_zero_gid = env == NULL ? FALSE : TRUE; -+ -+ if (allow_zero_gid == FALSE && -+ ((gid != 0 && uid != 0) || disallow_root)) { - if (getgid() == 0 || getegid() == 0 || setgid(0) == 0) - i_fatal("We couldn't drop root group privileges"); - } -+ - } -Index: src/lib/restrict-access.h -=================================================================== -RCS file: /home/cvs/dovecot/src/lib/restrict-access.h,v -retrieving revision 1.4 -diff -u -3 -p -r1.4 restrict-access.h ---- src/lib/restrict-access.h 4 Mar 2003 04:00:13 -0000 1.4 -+++ src/lib/restrict-access.h 15 Apr 2003 17:37:26 -0000 -@@ -4,7 +4,7 @@ - /* set environment variables so they can be read with - restrict_access_by_env() */ - void restrict_access_set_env(const char *user, uid_t uid, gid_t gid, -- const char *chroot_dir); -+ const char *chroot_dir, int allow_zg); - - /* chroot, setuid() and setgid() based on environment variables. - If disallow_roots is TRUE, we'll kill ourself if we didn't have the -Index: src/master/auth-process.c -=================================================================== -RCS file: /home/cvs/dovecot/src/master/auth-process.c,v -retrieving revision 1.41 -diff -u -3 -p -r1.41 auth-process.c ---- src/master/auth-process.c 2 Apr 2003 02:09:41 -0000 1.41 -+++ src/master/auth-process.c 15 Apr 2003 17:37:27 -0000 -@@ -307,7 +307,7 @@ static pid_t create_auth_process(struct - - /* setup access environment */ - restrict_access_set_env(group->set->user, pwd->pw_uid, pwd->pw_gid, -- group->set->chroot); -+ group->set->chroot, set->allow_zero_gid); - - /* set other environment */ - env_put(t_strconcat("AUTH_PROCESS=", dec2str(getpid()), NULL)); -Index: src/master/login-process.c -=================================================================== -RCS file: /home/cvs/dovecot/src/master/login-process.c,v -retrieving revision 1.40 -diff -u -3 -p -r1.40 login-process.c ---- src/master/login-process.c 15 Apr 2003 16:58:48 -0000 1.40 -+++ src/master/login-process.c 15 Apr 2003 17:37:27 -0000 -@@ -384,7 +384,8 @@ static void login_process_init_env(struc - clean_child_process() since it clears environment */ - restrict_access_set_env(group->set->user, - group->set->uid, set->login_gid, -- set->login_chroot ? set->login_dir : NULL); -+ set->login_chroot ? set->login_dir : NULL, -+ FALSE); - - env_put("DOVECOT_MASTER=1"); - -Index: src/master/mail-process.c -=================================================================== -RCS file: /home/cvs/dovecot/src/master/mail-process.c,v -retrieving revision 1.13 -diff -u -3 -p -r1.13 mail-process.c ---- src/master/mail-process.c 15 Apr 2003 16:58:48 -0000 1.13 -+++ src/master/mail-process.c 15 Apr 2003 17:37:28 -0000 -@@ -25,7 +25,7 @@ static int validate_uid_gid(uid_t uid, g - return FALSE; - } - -- if (uid != 0 && gid == 0) { -+ if (set->allow_zero_gid == FALSE && uid != 0 && gid == 0) { - i_error("mail process isn't allowed to be in group 0"); - return FALSE; - } -@@ -38,8 +38,9 @@ static int validate_uid_gid(uid_t uid, g - return FALSE; - } - -- if (gid < (gid_t)set->first_valid_gid || -- (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid)) { -+ if (set->allow_zero_gid == FALSE && -+ (gid < (gid_t)set->first_valid_gid || -+ (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid))) { - i_error("mail process isn't allowed to use " - "GID %s (UID is %s)", dec2str(gid), dec2str(uid)); - return FALSE; -@@ -150,7 +151,8 @@ int create_mail_process(int socket, stru - (paranoia about filling up environment without noticing) */ - restrict_access_set_env(data + reply->system_user_idx, - reply->uid, reply->gid, -- reply->chroot ? data + reply->home_idx : NULL); -+ reply->chroot ? data + reply->home_idx : NULL, -+ set->allow_zero_gid); - - restrict_process_size(process_size, (unsigned int)-1); - -Index: src/master/master-settings.c -=================================================================== -RCS file: /home/cvs/dovecot/src/master/master-settings.c,v -retrieving revision 1.16 -diff -u -3 -p -r1.16 master-settings.c ---- src/master/master-settings.c 2 Apr 2003 02:09:41 -0000 1.16 -+++ src/master/master-settings.c 15 Apr 2003 17:37:28 -0000 -@@ -46,6 +46,7 @@ static struct setting_def setting_defs[] - DEF(SET_INT, max_mail_processes), - DEF(SET_BOOL, verbose_proctitle), - -+ DEF(SET_BOOL, allow_zero_gid), - DEF(SET_INT, first_valid_uid), - DEF(SET_INT, last_valid_uid), - DEF(SET_INT, first_valid_gid), -@@ -153,6 +154,7 @@ struct settings default_settings = { - MEMBER(max_mail_processes) 1024, - MEMBER(verbose_proctitle) FALSE, - -+ MEMBER(allow_zero_gid) FALSE, - MEMBER(first_valid_uid) 500, - MEMBER(last_valid_uid) 0, - MEMBER(first_valid_gid) 1, -Index: src/master/master-settings.h -=================================================================== -RCS file: /home/cvs/dovecot/src/master/master-settings.h,v -retrieving revision 1.10 -diff -u -3 -p -r1.10 master-settings.h ---- src/master/master-settings.h 2 Apr 2003 02:09:41 -0000 1.10 -+++ src/master/master-settings.h 15 Apr 2003 17:37:29 -0000 -@@ -32,6 +32,7 @@ struct settings { - unsigned int max_mail_processes; - int verbose_proctitle; - -+ int allow_zero_gid; - unsigned int first_valid_uid, last_valid_uid; - unsigned int first_valid_gid, last_valid_gid; - diff --git a/mail/dovecot/files/patch-allow-zero-gid b/mail/dovecot/files/patch-allow-zero-gid deleted file mode 100644 index ac8f08b63cab..000000000000 --- a/mail/dovecot/files/patch-allow-zero-gid +++ /dev/null @@ -1,172 +0,0 @@ -Index: src/lib/restrict-access.c -=================================================================== -RCS file: /home/cvs/dovecot/src/lib/restrict-access.c,v -retrieving revision 1.10 -diff -u -3 -p -r1.10 restrict-access.c ---- src/lib/restrict-access.c 4 Mar 2003 04:00:13 -0000 1.10 -+++ src/lib/restrict-access.c 15 Apr 2003 17:37:26 -0000 -@@ -31,12 +31,14 @@ - #include <grp.h> - - void restrict_access_set_env(const char *user, uid_t uid, gid_t gid, -- const char *chroot_dir) -+ const char *chroot_dir, int allow_zg) - { - if (user != NULL && *user != '\0') - env_put(t_strconcat("RESTRICT_USER=", user, NULL)); - if (chroot_dir != NULL && *chroot_dir != '\0') - env_put(t_strconcat("RESTRICT_CHROOT=", chroot_dir, NULL)); -+ if (allow_zg == TRUE) -+ env_put(t_strdup("ALLOW_ZERO_GID=TRUE")); - - env_put(t_strdup_printf("RESTRICT_SETUID=%s", dec2str(uid))); - env_put(t_strdup_printf("RESTRICT_SETGID=%s", dec2str(gid))); -@@ -45,6 +47,7 @@ void restrict_access_set_env(const char - void restrict_access_by_env(int disallow_root) - { - const char *env; -+ int allow_zero_gid; - gid_t gid; - uid_t uid; - -@@ -97,8 +100,14 @@ void restrict_access_by_env(int disallow - i_fatal("We couldn't drop root privileges"); - } - -- if ((gid != 0 && uid != 0) || disallow_root) { -+ /* allow users with zero group id permission for BSD */ -+ env = getenv("ALLOW_ZERO_GID"); -+ allow_zero_gid = env == NULL ? FALSE : TRUE; -+ -+ if (allow_zero_gid == FALSE && -+ ((gid != 0 && uid != 0) || disallow_root)) { - if (getgid() == 0 || getegid() == 0 || setgid(0) == 0) - i_fatal("We couldn't drop root group privileges"); - } -+ - } -Index: src/lib/restrict-access.h -=================================================================== -RCS file: /home/cvs/dovecot/src/lib/restrict-access.h,v -retrieving revision 1.4 -diff -u -3 -p -r1.4 restrict-access.h ---- src/lib/restrict-access.h 4 Mar 2003 04:00:13 -0000 1.4 -+++ src/lib/restrict-access.h 15 Apr 2003 17:37:26 -0000 -@@ -4,7 +4,7 @@ - /* set environment variables so they can be read with - restrict_access_by_env() */ - void restrict_access_set_env(const char *user, uid_t uid, gid_t gid, -- const char *chroot_dir); -+ const char *chroot_dir, int allow_zg); - - /* chroot, setuid() and setgid() based on environment variables. - If disallow_roots is TRUE, we'll kill ourself if we didn't have the -Index: src/master/auth-process.c -=================================================================== -RCS file: /home/cvs/dovecot/src/master/auth-process.c,v -retrieving revision 1.41 -diff -u -3 -p -r1.41 auth-process.c ---- src/master/auth-process.c 2 Apr 2003 02:09:41 -0000 1.41 -+++ src/master/auth-process.c 15 Apr 2003 17:37:27 -0000 -@@ -307,7 +307,7 @@ static pid_t create_auth_process(struct - - /* setup access environment */ - restrict_access_set_env(group->set->user, pwd->pw_uid, pwd->pw_gid, -- group->set->chroot); -+ group->set->chroot, set->allow_zero_gid); - - /* set other environment */ - env_put(t_strconcat("AUTH_PROCESS=", dec2str(getpid()), NULL)); -Index: src/master/login-process.c -=================================================================== -RCS file: /home/cvs/dovecot/src/master/login-process.c,v -retrieving revision 1.40 -diff -u -3 -p -r1.40 login-process.c ---- src/master/login-process.c 15 Apr 2003 16:58:48 -0000 1.40 -+++ src/master/login-process.c 15 Apr 2003 17:37:27 -0000 -@@ -384,7 +384,8 @@ static void login_process_init_env(struc - clean_child_process() since it clears environment */ - restrict_access_set_env(group->set->user, - group->set->uid, set->login_gid, -- set->login_chroot ? set->login_dir : NULL); -+ set->login_chroot ? set->login_dir : NULL, -+ FALSE); - - env_put("DOVECOT_MASTER=1"); - -Index: src/master/mail-process.c -=================================================================== -RCS file: /home/cvs/dovecot/src/master/mail-process.c,v -retrieving revision 1.13 -diff -u -3 -p -r1.13 mail-process.c ---- src/master/mail-process.c 15 Apr 2003 16:58:48 -0000 1.13 -+++ src/master/mail-process.c 15 Apr 2003 17:37:28 -0000 -@@ -25,7 +25,7 @@ static int validate_uid_gid(uid_t uid, g - return FALSE; - } - -- if (uid != 0 && gid == 0) { -+ if (set->allow_zero_gid == FALSE && uid != 0 && gid == 0) { - i_error("mail process isn't allowed to be in group 0"); - return FALSE; - } -@@ -38,8 +38,9 @@ static int validate_uid_gid(uid_t uid, g - return FALSE; - } - -- if (gid < (gid_t)set->first_valid_gid || -- (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid)) { -+ if (set->allow_zero_gid == FALSE && -+ (gid < (gid_t)set->first_valid_gid || -+ (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid))) { - i_error("mail process isn't allowed to use " - "GID %s (UID is %s)", dec2str(gid), dec2str(uid)); - return FALSE; -@@ -150,7 +151,8 @@ int create_mail_process(int socket, stru - (paranoia about filling up environment without noticing) */ - restrict_access_set_env(data + reply->system_user_idx, - reply->uid, reply->gid, -- reply->chroot ? data + reply->home_idx : NULL); -+ reply->chroot ? data + reply->home_idx : NULL, -+ set->allow_zero_gid); - - restrict_process_size(process_size, (unsigned int)-1); - -Index: src/master/master-settings.c -=================================================================== -RCS file: /home/cvs/dovecot/src/master/master-settings.c,v -retrieving revision 1.16 -diff -u -3 -p -r1.16 master-settings.c ---- src/master/master-settings.c 2 Apr 2003 02:09:41 -0000 1.16 -+++ src/master/master-settings.c 15 Apr 2003 17:37:28 -0000 -@@ -46,6 +46,7 @@ static struct setting_def setting_defs[] - DEF(SET_INT, max_mail_processes), - DEF(SET_BOOL, verbose_proctitle), - -+ DEF(SET_BOOL, allow_zero_gid), - DEF(SET_INT, first_valid_uid), - DEF(SET_INT, last_valid_uid), - DEF(SET_INT, first_valid_gid), -@@ -153,6 +154,7 @@ struct settings default_settings = { - MEMBER(max_mail_processes) 1024, - MEMBER(verbose_proctitle) FALSE, - -+ MEMBER(allow_zero_gid) FALSE, - MEMBER(first_valid_uid) 500, - MEMBER(last_valid_uid) 0, - MEMBER(first_valid_gid) 1, -Index: src/master/master-settings.h -=================================================================== -RCS file: /home/cvs/dovecot/src/master/master-settings.h,v -retrieving revision 1.10 -diff -u -3 -p -r1.10 master-settings.h ---- src/master/master-settings.h 2 Apr 2003 02:09:41 -0000 1.10 -+++ src/master/master-settings.h 15 Apr 2003 17:37:29 -0000 -@@ -32,6 +32,7 @@ struct settings { - unsigned int max_mail_processes; - int verbose_proctitle; - -+ int allow_zero_gid; - unsigned int first_valid_uid, last_valid_uid; - unsigned int first_valid_gid, last_valid_gid; - |