src/lib/restrict-access.c

	restrict-access.c revision b841e1770ae1e1f4afa3cc87650858adbc27d5fb
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen/*
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    Copyright (c) 2002 Timo Sirainen
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    Permission is hereby granted, free of charge, to any person obtaining
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    a copy of this software and associated documentation files (the
5e6042124b6429d60b352eaf951ee67e0a311a8cTimo Sirainen    "Software"), to deal in the Software without restriction, including
5e6042124b6429d60b352eaf951ee67e0a311a8cTimo Sirainen    without limitation the rights to use, copy, modify, merge, publish,
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    distribute, sublicense, and/or sell copies of the Software, and to
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    permit persons to whom the Software is furnished to do so, subject to
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    the following conditions:
5c2d695acf9f95ae0dcdda89c4d2391ceda4d672Timo Sirainen
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    The above copyright notice and this permission notice shall be
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    included in all copies or substantial portions of the Software.
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
5c2d695acf9f95ae0dcdda89c4d2391ceda4d672Timo Sirainen    TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
5c2d695acf9f95ae0dcdda89c4d2391ceda4d672Timo Sirainen*/
5c2d695acf9f95ae0dcdda89c4d2391ceda4d672Timo Sirainen
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen#include "lib.h"
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen#include "restrict-access.h"
5c2d695acf9f95ae0dcdda89c4d2391ceda4d672Timo Sirainen#include "env-util.h"
5c2d695acf9f95ae0dcdda89c4d2391ceda4d672Timo Sirainen
5c2d695acf9f95ae0dcdda89c4d2391ceda4d672Timo Sirainen#include <stdlib.h>
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen#include <unistd.h>
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen#include <time.h>
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen#include <grp.h>
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainenvoid restrict_access_set_env(const char *user, uid_t uid, gid_t gid,
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen                 const char *chroot_dir)
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen{
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    if (user != NULL && *user != '\0')
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen        env_put(t_strconcat("RESTRICT_USER=", user, NULL));
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    if (chroot_dir != NULL && *chroot_dir != '\0')
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen        env_put(t_strconcat("RESTRICT_CHROOT=", chroot_dir, NULL));
39224d71e56c50ccfbc0405eb1914281590064d6Timo Sirainen
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    env_put(t_strdup_printf("RESTRICT_SETUID=%s", dec2str(uid)));
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    env_put(t_strdup_printf("RESTRICT_SETGID=%s", dec2str(gid)));
5c2d695acf9f95ae0dcdda89c4d2391ceda4d672Timo Sirainen}
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainenvoid restrict_access_by_env(int disallow_root)
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen{
592270d9a3d666a1b687c146f6e1edf2aacd46e8Timo Sirainen    const char *env;
39224d71e56c50ccfbc0405eb1914281590064d6Timo Sirainen    gid_t gid;
39224d71e56c50ccfbc0405eb1914281590064d6Timo Sirainen    uid_t uid;
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    /* chrooting */
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    env = getenv("RESTRICT_CHROOT");
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    if (env != NULL) {
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen        /* kludge: localtime() must be called before chroot(),
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen           or the timezone isn't known */
592270d9a3d666a1b687c146f6e1edf2aacd46e8Timo Sirainen        time_t t = 0;
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen        (void)localtime(&t);
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen        if (chroot(env) != 0)
592270d9a3d666a1b687c146f6e1edf2aacd46e8Timo Sirainen            i_fatal("chroot(%s) failed: %m", env);
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen
39224d71e56c50ccfbc0405eb1914281590064d6Timo Sirainen        if (chdir("/") != 0)
39224d71e56c50ccfbc0405eb1914281590064d6Timo Sirainen            i_fatal("chdir(/) failed: %m");
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    }
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    /* groups - the getgid() checks are just so we don't fail if we're
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen       not running as root and try to just use our own GID. */
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    env = getenv("RESTRICT_SETGID");
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    gid = env == NULL ? 0 : (gid_t) atol(env);
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    if (gid != 0 && (gid != getgid() || gid != getegid())) {
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen        if (setgid(gid) != 0)
5c2d695acf9f95ae0dcdda89c4d2391ceda4d672Timo Sirainen            i_fatal("setgid(%s) failed: %m", dec2str(gid));
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen        env = getenv("RESTRICT_USER");
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen        if (env == NULL) {
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen            /* user not known, use only this one group */
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen            (void)setgroups(1, &gid);
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen        } else {
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen            if (initgroups(env, gid) != 0) {
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen                i_fatal("initgroups(%s, %s) failed: %m",
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen                    env, dec2str(gid));
5c2d695acf9f95ae0dcdda89c4d2391ceda4d672Timo Sirainen            }
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen        }
5c2d695acf9f95ae0dcdda89c4d2391ceda4d672Timo Sirainen    }
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    /* uid last */
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    env = getenv("RESTRICT_SETUID");
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    uid = env == NULL ? 0 : (uid_t) atol(env);
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    if (uid != 0) {
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen        if (setuid(uid) != 0)
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen            i_fatal("setuid(%s) failed: %m", dec2str(uid));
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    }
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    /* verify that we actually dropped the privileges */
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    if (uid != 0 || disallow_root) {
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen        if (setuid(0) == 0)
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen            i_fatal("We couldn't drop root privileges");
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    }
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    if ((gid != 0 && uid != 0) || disallow_root) {
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen        if (getgid() == 0 || getegid() == 0 || setgid(0) == 0)
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen            i_fatal("We couldn't drop root group privileges");
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen    }
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen}
4fc52b7b25c3d3f42348903e0154840f8761f306Timo Sirainen