--- lmtp2nntp.c 2001/10/12 08:57:50 1.84
+++ lmtp2nntp.c 2001/10/12 10:08:57 1.85
@@ -34,6 +34,7 @@
#include <sys/time.h>
#include <sys/types.h>
#include <sys/wait.h>
+#include <sys/stat.h>
#include <signal.h>
#include <pwd.h>
@@ -397,6 +398,10 @@
char *cpPrefixLen;
struct passwd *sPasswd;
+ /* drop effective uid/gid priviledges */
+ seteuid(getuid());
+ setegid(getgid());
+
/* library version check (run-time) */
if (l2_version.v_hex < L2_VERSION_HEX_REQ) {
fprintf(stderr, "require OSSP L2 >= %s, found %s\n", L2_VERSION_STR_REQ, L2_VERSION_STR);
@@ -428,7 +433,7 @@
ctx->option_levelmask = L2_LEVEL_NONE;
ctx->option_pidfile = NULL;
ctx->option_killflag = FALSE;
- ctx->option_uid = geteuid();
+ ctx->option_uid = getuid();
ctx->option_daemon = FALSE;
ctx->l2 = NULL;
ctx->saaAltio = NULL;
@@ -520,16 +525,67 @@
break;
case 'b': /*POD [B<-b> I<addr>[I<:port>]|C<->|I<path>] */
if (strcmp(optarg, "-") != 0) {
+ if ((rc = sa_create(&ctx->saAltio)) != SA_OK) {
+ fprintf(stderr, "%s:Error: Creating TCP socket failed for \"%s\": %s\n",
+ ctx->progname, optarg, strerror(errno));
+ CU(ERR_EXECUTION);
+ }
if ((rc = sa_addr_create(&ctx->saaAltio)) != SA_OK) {
fprintf(stderr, "%s:Error: Creating address failed for -a option (%d)\n",
ctx->progname, rc);
}
if (optarg[0] == '/') {
- if ((rc = sa_addr_u2a(ctx->saaAltio, "unix:%s", optarg)) != SA_OK) {
+ char *cpPath;
+ char *cpPerm;
+ int nPerm;
+ int n;
+
+ cpPath = strdup(optarg);
+ cpPerm = NULL;
+ nPerm = -1;
+ if ((cpPerm = strrchr(cpPath, ':')) != NULL) {
+ *cpPerm++ = '\0';
+ nPerm = 0;
+ for (i = 0; i < 4 && cpPerm[i] != '\0'; i++) {
+ if (!isdigit((int)cpPerm[i])) {
+ nPerm = -1;
+ break;
+ }
+ n = cpPerm[i] - '0';
+ if (n > 7) {
+ nPerm = -1;
+ break;
+ }
+ nPerm = ((nPerm << 3) | n);
+ }
+ if (nPerm == -1 || cpPerm[i] != '\0') {
+ fprintf(stderr, "%s:Error: Invalid permissions \"%s\"\n", ctx->progname, cpPerm);
+ CU(ERR_EXECUTION);
+ }
+ }
+ if ((rc = sa_addr_u2a(ctx->saaAltio, "unix:%s", cpPath)) != SA_OK) {
fprintf(stderr, "%s:Error: Parsing alternate IO guessing UNIX domain socket failed for \"%s\" (%d)\n",
- ctx->progname, optarg, rc);
+ ctx->progname, cpPath, rc);
+ CU(ERR_EXECUTION);
+ }
+ if ((rc = sa_bind(ctx->saAltio, ctx->saaAltio)) != SA_OK) {
+ fprintf(stderr, "%s:Error: Bind failed for \"%s\": %s\n",
+ ctx->progname, cpPath, strerror(errno));
CU(ERR_EXECUTION);
}
+ if (nPerm != -1) {
+ if (chmod(cpPath, nPerm) == -1) {
+ fprintf(stderr, "%s:Error: chmod failed for \"%s\": %s\n", ctx->progname, cpPath, strerror(errno));
+ CU(ERR_EXECUTION);
+ }
+ }
+ if (getuid() == 0 && getuid() != ctx->option_uid) {
+ if (chown(cpPath, ctx->option_uid, -1) == -1) {
+ fprintf(stderr, "%s:Error: chown failed for \"%s\": %s\n", ctx->progname, cpPath, strerror(errno));
+ CU(ERR_EXECUTION);
+ }
+ }
+ free(cpPath);
}
else {
if ((rc = sa_addr_u2a(ctx->saaAltio, "inet://%s", optarg)) != SA_OK) {
@@ -537,16 +593,11 @@
ctx->progname, optarg, rc);
CU(ERR_EXECUTION);
}
- }
- if ((rc = sa_create(&ctx->saAltio)) != SA_OK) {
- fprintf(stderr, "%s:Error: Creating TCP socket failed for \"%s\": %s\n",
- ctx->progname, optarg, strerror(errno));
- CU(ERR_EXECUTION);
- }
- if ((rc = sa_bind(ctx->saAltio, ctx->saaAltio)) != SA_OK) {
- fprintf(stderr, "%s:Error: Bind failed for \"%s\": %s\n",
- ctx->progname, optarg, strerror(errno));
- CU(ERR_EXECUTION);
+ if ((rc = sa_bind(ctx->saAltio, ctx->saaAltio)) != SA_OK) {
+ fprintf(stderr, "%s:Error: Bind failed for \"%s\": %s\n",
+ ctx->progname, optarg, strerror(errno));
+ CU(ERR_EXECUTION);
+ }
}
if ((rc = sa_listen(ctx->saAltio, -1)) != SA_OK) {
fprintf(stderr, "%s:Error: Listen to failed for \"%s\": %s\n",
@@ -766,7 +817,6 @@
}
}
else {
-
if ((sPasswd = getpwnam(optarg)) == NULL) {
fprintf(stderr, "%s:Error: loginname \"%s\" not found for -u option.\n", ctx->progname, optarg);
CU(ERR_EXECUTION);
@@ -840,10 +890,12 @@
}
#endif
- if (setuid(ctx->option_uid) == -1) {
- fprintf(stderr, "%s:Error: Setting UID to %d failed: %s\n",
- ctx->progname, ctx->option_uid, strerror(errno));
- CU(ERR_EXECUTION);
+ if (getuid() != ctx->option_uid) {
+ if (setuid(ctx->option_uid) == -1) {
+ fprintf(stderr, "%s:Error: Setting UID to %d failed: %s\n",
+ ctx->progname, ctx->option_uid, strerror(errno));
+ CU(ERR_EXECUTION);
+ }
}
if ((ctx->l2 = l2_stream_create()) == NULL) {
|
