Attachment #32602 for bug #53796

View | Details | Raw Unified | Return to bug 53796
Collapse All | Expand All




# New ports collection makefile for:	dovecot
# Date created:				12/08/2002
# Whom:			Dominic Marks <dominic.marks@btinternet.com>
#
# $FreeBSD: ports/mail/dovecot/Makefile,v 1.13 2003/06/24 01:06:02 leeym Exp $
#

PORTNAME=	dovecot
PORTVERSION=	0.99.10
CATEGORIES=	mail ipv6
MASTER_SITES=	http://dovecot.procontrol.fi/


Line 1 Link Here

(-)/usr/ports/mail/dovecot/distinfo (-1 / +1 lines)
1	MD5 (dovecot-0.99.9.1.tar.gz) = d8d51af34a3467b65b20dc9d09140fbe	1	MD5 (dovecot-0.99.10.tar.gz) = 26d8452366a28418cc8a114781a721b6




Index: src/lib/restrict-access.c
===================================================================
RCS file: /home/cvs/dovecot/src/lib/restrict-access.c,v
retrieving revision 1.10
diff -u -3 -p -r1.10 restrict-access.c
--- src/lib/restrict-access.c	4 Mar 2003 04:00:13 -0000	1.10
+++ src/lib/restrict-access.c	15 Apr 2003 17:37:26 -0000
@@ -31,12 +31,14 @@
 #include <grp.h>
 
 void restrict_access_set_env(const char *user, uid_t uid, gid_t gid,
-			     const char *chroot_dir)
+		 	     const char *chroot_dir, int allow_zg)
 {
 	if (user != NULL && *user != '\0')
 		env_put(t_strconcat("RESTRICT_USER=", user, NULL));
 	if (chroot_dir != NULL && *chroot_dir != '\0')
 		env_put(t_strconcat("RESTRICT_CHROOT=", chroot_dir, NULL));
+	if (allow_zg == TRUE)
+		env_put(t_strdup("ALLOW_ZERO_GID=TRUE"));
 
 	env_put(t_strdup_printf("RESTRICT_SETUID=%s", dec2str(uid)));
 	env_put(t_strdup_printf("RESTRICT_SETGID=%s", dec2str(gid)));
@@ -45,6 +47,7 @@ void restrict_access_set_env(const char 
 void restrict_access_by_env(int disallow_root)
 {
 	const char *env;
+	int allow_zero_gid;
 	gid_t gid;
 	uid_t uid;
 
@@ -97,8 +100,14 @@ void restrict_access_by_env(int disallow
 			i_fatal("We couldn't drop root privileges");
 	}
 
-	if ((gid != 0 && uid != 0) || disallow_root) {
+	/* allow users with zero group id permission for BSD */
+	env = getenv("ALLOW_ZERO_GID");
+	allow_zero_gid = env == NULL ? FALSE : TRUE;
+
+	if (allow_zero_gid == FALSE &&
+		((gid != 0 && uid != 0) || disallow_root)) {
 		if (getgid() == 0 || getegid() == 0 || setgid(0) == 0)
 			i_fatal("We couldn't drop root group privileges");
 	}
+
 }
Index: src/lib/restrict-access.h
===================================================================
RCS file: /home/cvs/dovecot/src/lib/restrict-access.h,v
retrieving revision 1.4
diff -u -3 -p -r1.4 restrict-access.h
--- src/lib/restrict-access.h	4 Mar 2003 04:00:13 -0000	1.4
+++ src/lib/restrict-access.h	15 Apr 2003 17:37:26 -0000
@@ -4,7 +4,7 @@
 /* set environment variables so they can be read with
    restrict_access_by_env() */
 void restrict_access_set_env(const char *user, uid_t uid, gid_t gid,
-			     const char *chroot_dir);
+			     const char *chroot_dir, int allow_zg);
 
 /* chroot, setuid() and setgid() based on environment variables.
    If disallow_roots is TRUE, we'll kill ourself if we didn't have the
Index: src/master/auth-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/auth-process.c,v
retrieving revision 1.41
diff -u -3 -p -r1.41 auth-process.c
--- src/master/auth-process.c	2 Apr 2003 02:09:41 -0000	1.41
+++ src/master/auth-process.c	15 Apr 2003 17:37:27 -0000
@@ -307,7 +307,7 @@ static pid_t create_auth_process(struct 
 
 	/* setup access environment */
 	restrict_access_set_env(group->set->user, pwd->pw_uid, pwd->pw_gid,
-				group->set->chroot);
+				group->set->chroot, set->allow_zero_gid);
 
 	/* set other environment */
 	env_put(t_strconcat("AUTH_PROCESS=", dec2str(getpid()), NULL));
Index: src/master/login-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/login-process.c,v
retrieving revision 1.40
diff -u -3 -p -r1.40 login-process.c
--- src/master/login-process.c	15 Apr 2003 16:58:48 -0000	1.40
+++ src/master/login-process.c	15 Apr 2003 17:37:27 -0000
@@ -384,7 +384,8 @@ static void login_process_init_env(struc
 	   clean_child_process() since it clears environment */
 	restrict_access_set_env(group->set->user,
 				group->set->uid, set->login_gid,
-				set->login_chroot ? set->login_dir : NULL);
+				set->login_chroot ? set->login_dir : NULL,
+				FALSE);
 
 	env_put("DOVECOT_MASTER=1");
 
Index: src/master/mail-process.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/mail-process.c,v
retrieving revision 1.13
diff -u -3 -p -r1.13 mail-process.c
--- src/master/mail-process.c	15 Apr 2003 16:58:48 -0000	1.13
+++ src/master/mail-process.c	15 Apr 2003 17:37:28 -0000
@@ -25,7 +25,7 @@ static int validate_uid_gid(uid_t uid, g
 		return FALSE;
 	}
 
-	if (uid != 0 && gid == 0) {
+	if (set->allow_zero_gid == FALSE && uid != 0 && gid == 0) {
 		i_error("mail process isn't allowed to be in group 0");
 		return FALSE;
 	}
@@ -38,8 +38,9 @@ static int validate_uid_gid(uid_t uid, g
 		return FALSE;
 	}
 
-	if (gid < (gid_t)set->first_valid_gid ||
-	    (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid)) {
+	if (set->allow_zero_gid == FALSE &&
+	    (gid < (gid_t)set->first_valid_gid ||
+	    (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid))) {
 		i_error("mail process isn't allowed to use "
 			"GID %s (UID is %s)", dec2str(gid), dec2str(uid));
 		return FALSE;
@@ -150,7 +151,8 @@ int create_mail_process(int socket, stru
 	   (paranoia about filling up environment without noticing) */
 	restrict_access_set_env(data + reply->system_user_idx,
 				reply->uid, reply->gid,
-				reply->chroot ? data + reply->home_idx : NULL);
+				reply->chroot ? data + reply->home_idx : NULL,
+				set->allow_zero_gid);
 
 	restrict_process_size(process_size, (unsigned int)-1);
 
Index: src/master/master-settings.c
===================================================================
RCS file: /home/cvs/dovecot/src/master/master-settings.c,v
retrieving revision 1.16
diff -u -3 -p -r1.16 master-settings.c
--- src/master/master-settings.c	2 Apr 2003 02:09:41 -0000	1.16
+++ src/master/master-settings.c	15 Apr 2003 17:37:28 -0000
@@ -46,6 +46,7 @@ static struct setting_def setting_defs[]
 	DEF(SET_INT, max_mail_processes),
 	DEF(SET_BOOL, verbose_proctitle),
 
+	DEF(SET_BOOL, allow_zero_gid),
 	DEF(SET_INT, first_valid_uid),
 	DEF(SET_INT, last_valid_uid),
 	DEF(SET_INT, first_valid_gid),
@@ -153,6 +154,7 @@ struct settings default_settings = {
 	MEMBER(max_mail_processes) 1024,
 	MEMBER(verbose_proctitle) FALSE,
 
+	MEMBER(allow_zero_gid) FALSE,
 	MEMBER(first_valid_uid) 500,
 	MEMBER(last_valid_uid) 0,
 	MEMBER(first_valid_gid) 1,
Index: src/master/master-settings.h
===================================================================
RCS file: /home/cvs/dovecot/src/master/master-settings.h,v
retrieving revision 1.10
diff -u -3 -p -r1.10 master-settings.h
--- src/master/master-settings.h	2 Apr 2003 02:09:41 -0000	1.10
+++ src/master/master-settings.h	15 Apr 2003 17:37:29 -0000
@@ -32,6 +32,7 @@ struct settings {
 	unsigned int max_mail_processes;
 	int verbose_proctitle;
 
+	int allow_zero_gid;
 	unsigned int first_valid_uid, last_valid_uid;
 	unsigned int first_valid_gid, last_valid_gid;
 




--- dovecot-example.conf.orig	Thu Jun 26 17:11:06 2003
+++ dovecot-example.conf	Thu Jun 26 22:36:08 2003
@@ -7,11 +7,11 @@
 # --with-ssldir=/etc/ssl
 

-#login_executable = /usr/libexec/dovecot/imap-login
+login_executable = %%PREFIX%%/libexec/dovecot/imap-login
 
 # User to use for the login process. Create a completely new user for this,
 # and don't use it anywhere else. The user must also belong to a group where
 # only it has access, it's used to control access for authentication process.
-#login_user = dovecot
+login_user = dovecot
 

-#verbose_ssl = no
+verbose_ssl = yes
 
 # Valid UID range for users, defaults to 500 and above. This is mostly
 # to make sure that users can't log in as daemons or other system users.
@@ -155,7 +155,7 @@
 # non-valid GID as primary group ID aren't allowed to log in. If user
 # belongs to supplementary groups with non-valid GIDs, those groups are
 # not set.
-#first_valid_gid = 1
+first_valid_gid = 0
 #last_valid_gid = 0
 
 # ':' separated list of directories under which chrooting is allowed for mail
@@ -164,7 +164,7 @@
 # WARNING: Never add directories here which local users can modify, that
 # may lead to root exploit. Usually this should be done only if you don't
 # allow shell access for users. See doc/configuration.txt for more information.

 
 # Default MAIL environment to use when it's not set. By leaving this empty
 # dovecot tries to do some automatic detection as described in
@@ -183,7 +183,7 @@
 #   mbox:~/mail/:INBOX=/var/mail/%u
 #   mbox:/var/mail/%d/%n/:INDEX=/var/indexes/%d/%n
 #

 
 # Space-separated list of fields to cache for all mails. Currently these
 # fields are allowed followed by a list of commands they speed up:
@@ -228,7 +228,7 @@
 #     arrives in half a hour, Dovecot closes the connection. This is still
 #     fine, except Outlook doesn't connect back so you don't see if new mail
 #     arrives.

 
 # Dovecot can notify client of new mail in selected mailbox soon after it's
 # received. This setting specifies the minimum interval in seconds between
@@ -253,7 +253,7 @@
 # Save mails with CR+LF instead of plain LF. This makes sending those mails
 # take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
 # But it also creates a bit more disk I/O which may just make it slower.

 
 # Use mmap() instead of read() to read mail files. read() seems to be a bit
 # faster with my Linux/x86 and it's better with NFS, so that's the default.
@@ -265,7 +265,7 @@
 # know any MUA which would modify mail files directly. IMAP protocol also
 # requires that the mails don't change, so it would be problematic in any case.
 # If you care about performance, enable it.

 
 # Check if mails' content has been changed by external programs. This slows
 # down things as extra stat() needs to be called for each file. If changes are
@@ -284,7 +284,7 @@
 # with is important to avoid deadlocks if other MTAs/MUAs are using both fcntl
 # and flock. Some operating systems don't allow using both of them
 # simultaneously, eg. BSDs. If dotlock is used, it's always created first.

 
 # Should we create dotlock file even when we want only a read-lock? Setting
 # this to yes hurts the performance when the mailbox is accessed simultaneously
@@ -314,7 +314,7 @@
 ##
 
 # Executable location

 
 # Set max. process size in megabytes. Most of the memory goes to mmap()ing
 # files, so it shouldn't harm much even if this limit is set pretty high.
@@ -322,14 +322,14 @@
 
 # Support for dynamically loadable modules.
 #imap_use_modules = no
-#imap_modules = /usr/lib/dovecot/imap
+#imap_modules = %%PREFIX%%/lib/dovecot/imap
 
 ##
 ## POP3 process
 ##
 
 # Executable location

 
 # Set max. process size in megabytes. Most of the memory goes to mmap()ing
 # files, so it shouldn't harm much even if this limit is set pretty high.
@@ -337,7 +337,7 @@
 
 # Support for dynamically loadable modules.
 #pop3_use_modules = no
-#pop3_modules = /usr/lib/dovecot/pop3
+#pop3_modules = %%PREFIX%%/lib/dovecot/pop3
 
 ##
 ## Authentication processes
@@ -386,10 +386,10 @@
 #   vpopmail: vpopmail authentication
 #   ldap <config path>: LDAP, see doc/dovecot-ldap.conf
 #   pgsql <config path>: a PostgreSQL database, see doc/dovecot-pgsql.conf

 
 # Set max. process size in megabytes.
 #auth_process_size = 256
@@ -397,7 +397,7 @@
 # User to use for the process. This user needs access to only user and
 # password databases, nothing else. Only shadow and pam authentication
 # requires roots, so use something else if possible.
-auth_user = root
+auth_user = dovecot
 
 # Directory where to chroot the process. Most authentication backends don't
 # work if this is set, and there's no point chrooting if auth_user is root.
@@ -418,7 +418,7 @@
 
 # More verbose logging. Useful for figuring out why authentication isn't
 # working.

Return to bug 53796

Lines 1-5 Link Here

(-)/usr/ports/mail/dovecot/files/patch-dovecot-example.conf (-16 / +51 lines)
1	--- dovecot-example.conf.orig Fri Apr 4 13:17:25 2003	1	--- dovecot-example.conf.orig Thu Jun 26 17:11:06 2003
2	+++ dovecot-example.conf Sat Apr 19 14:11:40 2003	2	+++ dovecot-example.conf Thu Jun 26 22:36:08 2003
3	@@ -7,11 +7,11 @@	3	@@ -7,11 +7,11 @@
4	# --with-ssldir=/etc/ssl	4	# --with-ssldir=/etc/ssl
5		5
Lines 58-66 Link Here
58	-#login_executable = /usr/libexec/dovecot/imap-login	58	-#login_executable = /usr/libexec/dovecot/imap-login
59	+login_executable = %%PREFIX%%/libexec/dovecot/imap-login	59	+login_executable = %%PREFIX%%/libexec/dovecot/imap-login
60		60
61	# User to use for the login process. The user must belong to a group where	61	# User to use for the login process. Create a completely new user for this,
62	# only it has access, it's used to control access for authentication process	62	# and don't use it anywhere else. The user must also belong to a group where
63	# named sockets.	63	# only it has access, it's used to control access for authentication process.
64	-#login_user = dovecot	64	-#login_user = dovecot
65	+login_user = dovecot	65	+login_user = dovecot
66		66
Lines 95-103 Link Here
95	-#verbose_ssl = no	95	-#verbose_ssl = no
96	+verbose_ssl = yes	96	+verbose_ssl = yes
97		97
98	# Valid UID/GID ranges for users, defaults to 500 and above. This is mostly	98	# Valid UID range for users, defaults to 500 and above. This is mostly
99	# to make sure that users can't log in as daemons or other system users.	99	# to make sure that users can't log in as daemons or other system users.
100	@@ -160,7 +160,7 @@	100	@@ -155,7 +155,7 @@
		101	# non-valid GID as primary group ID aren't allowed to log in. If user
		102	# belongs to supplementary groups with non-valid GIDs, those groups are
		103	# not set.
		104	-#first_valid_gid = 1
		105	+first_valid_gid = 0
		106	#last_valid_gid = 0
		107
		108	# ':' separated list of directories under which chrooting is allowed for mail
		109	@@ -164,7 +164,7 @@
101	# WARNING: Never add directories here which local users can modify, that	110	# WARNING: Never add directories here which local users can modify, that
102	# may lead to root exploit. Usually this should be done only if you don't	111	# may lead to root exploit. Usually this should be done only if you don't
103	# allow shell access for users. See doc/configuration.txt for more information.	112	# allow shell access for users. See doc/configuration.txt for more information.
Lines 106-112 Link Here
106		115
107	# Default MAIL environment to use when it's not set. By leaving this empty	116	# Default MAIL environment to use when it's not set. By leaving this empty
108	# dovecot tries to do some automatic detection as described in	117	# dovecot tries to do some automatic detection as described in
109	@@ -179,7 +179,7 @@	118	@@ -183,7 +183,7 @@
110	# mbox:~/mail/:INBOX=/var/mail/%u	119	# mbox:~/mail/:INBOX=/var/mail/%u
111	# mbox:/var/mail/%d/%n/:INDEX=/var/indexes/%d/%n	120	# mbox:/var/mail/%d/%n/:INDEX=/var/indexes/%d/%n
112	#	121	#
Lines 115-121 Link Here
115		124
116	# Space-separated list of fields to cache for all mails. Currently these	125	# Space-separated list of fields to cache for all mails. Currently these
117	# fields are allowed followed by a list of commands they speed up:	126	# fields are allowed followed by a list of commands they speed up:
118	@@ -224,7 +224,7 @@	127	@@ -228,7 +228,7 @@
119	# arrives in half a hour, Dovecot closes the connection. This is still	128	# arrives in half a hour, Dovecot closes the connection. This is still
120	# fine, except Outlook doesn't connect back so you don't see if new mail	129	# fine, except Outlook doesn't connect back so you don't see if new mail
121	# arrives.	130	# arrives.
Lines 124-130 Link Here
124		133
125	# Dovecot can notify client of new mail in selected mailbox soon after it's	134	# Dovecot can notify client of new mail in selected mailbox soon after it's
126	# received. This setting specifies the minimum interval in seconds between	135	# received. This setting specifies the minimum interval in seconds between
127	@@ -249,7 +249,7 @@	136	@@ -253,7 +253,7 @@
128	# Save mails with CR+LF instead of plain LF. This makes sending those mails	137	# Save mails with CR+LF instead of plain LF. This makes sending those mails
129	# take less CPU, especially with sendfile() syscall with Linux and FreeBSD.	138	# take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
130	# But it also creates a bit more disk I/O which may just make it slower.	139	# But it also creates a bit more disk I/O which may just make it slower.
Lines 133-139 Link Here
133		142
134	# Use mmap() instead of read() to read mail files. read() seems to be a bit	143	# Use mmap() instead of read() to read mail files. read() seems to be a bit
135	# faster with my Linux/x86 and it's better with NFS, so that's the default.	144	# faster with my Linux/x86 and it's better with NFS, so that's the default.
136	@@ -261,7 +261,7 @@	145	@@ -265,7 +265,7 @@
137	# know any MUA which would modify mail files directly. IMAP protocol also	146	# know any MUA which would modify mail files directly. IMAP protocol also
138	# requires that the mails don't change, so it would be problematic in any case.	147	# requires that the mails don't change, so it would be problematic in any case.
139	# If you care about performance, enable it.	148	# If you care about performance, enable it.
Lines 142-148 Link Here
142		151
143	# Check if mails' content has been changed by external programs. This slows	152	# Check if mails' content has been changed by external programs. This slows
144	# down things as extra stat() needs to be called for each file. If changes are	153	# down things as extra stat() needs to be called for each file. If changes are
145	@@ -280,7 +280,7 @@	154	@@ -284,7 +284,7 @@
146	# with is important to avoid deadlocks if other MTAs/MUAs are using both fcntl	155	# with is important to avoid deadlocks if other MTAs/MUAs are using both fcntl
147	# and flock. Some operating systems don't allow using both of them	156	# and flock. Some operating systems don't allow using both of them
148	# simultaneously, eg. BSDs. If dotlock is used, it's always created first.	157	# simultaneously, eg. BSDs. If dotlock is used, it's always created first.
Lines 151-157 Link Here
151		160
152	# Should we create dotlock file even when we want only a read-lock? Setting	161	# Should we create dotlock file even when we want only a read-lock? Setting
153	# this to yes hurts the performance when the mailbox is accessed simultaneously	162	# this to yes hurts the performance when the mailbox is accessed simultaneously
154	@@ -310,7 +310,7 @@	163	@@ -314,7 +314,7 @@
155	##	164	##
156		165
157	# Executable location	166	# Executable location
Lines 160-166 Link Here
160		169
161	# Set max. process size in megabytes. Most of the memory goes to mmap()ing	170	# Set max. process size in megabytes. Most of the memory goes to mmap()ing
162	# files, so it shouldn't harm much even if this limit is set pretty high.	171	# files, so it shouldn't harm much even if this limit is set pretty high.
163	@@ -321,7 +321,7 @@	172	@@ -322,14 +322,14 @@
		173
		174	# Support for dynamically loadable modules.
		175	#imap_use_modules = no
		176	-#imap_modules = /usr/lib/dovecot/imap
		177	+#imap_modules = %%PREFIX%%/lib/dovecot/imap
		178
		179	##
		180	## POP3 process
164	##	181	##
165		182
166	# Executable location	183	# Executable location
Lines 169-175 Link Here
169		186
170	# Set max. process size in megabytes. Most of the memory goes to mmap()ing	187	# Set max. process size in megabytes. Most of the memory goes to mmap()ing
171	# files, so it shouldn't harm much even if this limit is set pretty high.	188	# files, so it shouldn't harm much even if this limit is set pretty high.
172	@@ -374,10 +374,10 @@	189	@@ -337,7 +337,7 @@
		190
		191	# Support for dynamically loadable modules.
		192	#pop3_use_modules = no
		193	-#pop3_modules = /usr/lib/dovecot/pop3
		194	+#pop3_modules = %%PREFIX%%/lib/dovecot/pop3
		195
		196	##
		197	## Authentication processes
		198	@@ -386,10 +386,10 @@
173	# vpopmail: vpopmail authentication	199	# vpopmail: vpopmail authentication
174	# ldap <config path>: LDAP, see doc/dovecot-ldap.conf	200	# ldap <config path>: LDAP, see doc/dovecot-ldap.conf
175	# pgsql <config path>: a PostgreSQL database, see doc/dovecot-pgsql.conf	201	# pgsql <config path>: a PostgreSQL database, see doc/dovecot-pgsql.conf
Lines 182-188 Link Here
182		208
183	# Set max. process size in megabytes.	209	# Set max. process size in megabytes.
184	#auth_process_size = 256	210	#auth_process_size = 256
185	@@ -402,7 +402,7 @@	211	@@ -397,7 +397,7 @@
		212	# User to use for the process. This user needs access to only user and
		213	# password databases, nothing else. Only shadow and pam authentication
		214	# requires roots, so use something else if possible.
		215	-auth_user = root
		216	+auth_user = dovecot
		217
		218	# Directory where to chroot the process. Most authentication backends don't
		219	# work if this is set, and there's no point chrooting if auth_user is root.
		220	@@ -418,7 +418,7 @@
186		221
187	# More verbose logging. Useful for figuring out why authentication isn't	222	# More verbose logging. Useful for figuring out why authentication isn't
188	# working.	223	# working.

Lines 1-12 Link Here

(-)/usr/ports/mail/dovecot/Makefile (-2 / +2 lines)
1	# New ports collection makefile for: dovecot	1	# New ports collection makefile for: dovecot
2	# Date created: 12/08/2002	2	# Date created: 12/08/2002
3	# Whom: Dominic Marks <d.marks@student.umist.ac.uk>	3	# Whom: Dominic Marks <dominic.marks@btinternet.com>
4	#	4	#
5	# $FreeBSD: ports/mail/dovecot/Makefile,v 1.13 2003/06/24 01:06:02 leeym Exp $	5	# $FreeBSD: ports/mail/dovecot/Makefile,v 1.13 2003/06/24 01:06:02 leeym Exp $
6	#	6	#
7		7
8	PORTNAME= dovecot	8	PORTNAME= dovecot
9	PORTVERSION= 0.99.9.1	9	PORTVERSION= 0.99.10
10	CATEGORIES= mail ipv6	10	CATEGORIES= mail ipv6
11	MASTER_SITES= http://dovecot.procontrol.fi/	11	MASTER_SITES= http://dovecot.procontrol.fi/
12		12

Lines 1-172 Link Here

(-)/usr/ports/mail/dovecot/files/patch-allow-zero-gid (-172 lines)
1	Index: src/lib/restrict-access.c
2	===================================================================
3	RCS file: /home/cvs/dovecot/src/lib/restrict-access.c,v
4	retrieving revision 1.10
5	diff -u -3 -p -r1.10 restrict-access.c
6	--- src/lib/restrict-access.c 4 Mar 2003 04:00:13 -0000 1.10
7	+++ src/lib/restrict-access.c 15 Apr 2003 17:37:26 -0000
8	@@ -31,12 +31,14 @@
9	#include <grp.h>
10
11	void restrict_access_set_env(const char *user, uid_t uid, gid_t gid,
12	- const char *chroot_dir)
13	+ const char *chroot_dir, int allow_zg)
14	{
15	if (user != NULL && *user != '\0')
16	env_put(t_strconcat("RESTRICT_USER=", user, NULL));
17	if (chroot_dir != NULL && *chroot_dir != '\0')
18	env_put(t_strconcat("RESTRICT_CHROOT=", chroot_dir, NULL));
19	+ if (allow_zg == TRUE)
20	+ env_put(t_strdup("ALLOW_ZERO_GID=TRUE"));
21
22	env_put(t_strdup_printf("RESTRICT_SETUID=%s", dec2str(uid)));
23	env_put(t_strdup_printf("RESTRICT_SETGID=%s", dec2str(gid)));
24	@@ -45,6 +47,7 @@ void restrict_access_set_env(const char
25	void restrict_access_by_env(int disallow_root)
26	{
27	const char *env;
28	+ int allow_zero_gid;
29	gid_t gid;
30	uid_t uid;
31
32	@@ -97,8 +100,14 @@ void restrict_access_by_env(int disallow
33	i_fatal("We couldn't drop root privileges");
34	}
35
36	- if ((gid != 0 && uid != 0) \|\| disallow_root) {
37	+ /* allow users with zero group id permission for BSD */
38	+ env = getenv("ALLOW_ZERO_GID");
39	+ allow_zero_gid = env == NULL ? FALSE : TRUE;
40	+
41	+ if (allow_zero_gid == FALSE &&
42	+ ((gid != 0 && uid != 0) \|\| disallow_root)) {
43	if (getgid() == 0 \|\| getegid() == 0 \|\| setgid(0) == 0)
44	i_fatal("We couldn't drop root group privileges");
45	}
46	+
47	}
48	Index: src/lib/restrict-access.h
49	===================================================================
50	RCS file: /home/cvs/dovecot/src/lib/restrict-access.h,v
51	retrieving revision 1.4
52	diff -u -3 -p -r1.4 restrict-access.h
53	--- src/lib/restrict-access.h 4 Mar 2003 04:00:13 -0000 1.4
54	+++ src/lib/restrict-access.h 15 Apr 2003 17:37:26 -0000
55	@@ -4,7 +4,7 @@
56	/* set environment variables so they can be read with
57	restrict_access_by_env() */
58	void restrict_access_set_env(const char *user, uid_t uid, gid_t gid,
59	- const char *chroot_dir);
60	+ const char *chroot_dir, int allow_zg);
61
62	/* chroot, setuid() and setgid() based on environment variables.
63	If disallow_roots is TRUE, we'll kill ourself if we didn't have the
64	Index: src/master/auth-process.c
65	===================================================================
66	RCS file: /home/cvs/dovecot/src/master/auth-process.c,v
67	retrieving revision 1.41
68	diff -u -3 -p -r1.41 auth-process.c
69	--- src/master/auth-process.c 2 Apr 2003 02:09:41 -0000 1.41
70	+++ src/master/auth-process.c 15 Apr 2003 17:37:27 -0000
71	@@ -307,7 +307,7 @@ static pid_t create_auth_process(struct
72
73	/* setup access environment */
74	restrict_access_set_env(group->set->user, pwd->pw_uid, pwd->pw_gid,
75	- group->set->chroot);
76	+ group->set->chroot, set->allow_zero_gid);
77
78	/* set other environment */
79	env_put(t_strconcat("AUTH_PROCESS=", dec2str(getpid()), NULL));
80	Index: src/master/login-process.c
81	===================================================================
82	RCS file: /home/cvs/dovecot/src/master/login-process.c,v
83	retrieving revision 1.40
84	diff -u -3 -p -r1.40 login-process.c
85	--- src/master/login-process.c 15 Apr 2003 16:58:48 -0000 1.40
86	+++ src/master/login-process.c 15 Apr 2003 17:37:27 -0000
87	@@ -384,7 +384,8 @@ static void login_process_init_env(struc
88	clean_child_process() since it clears environment */
89	restrict_access_set_env(group->set->user,
90	group->set->uid, set->login_gid,
91	- set->login_chroot ? set->login_dir : NULL);
92	+ set->login_chroot ? set->login_dir : NULL,
93	+ FALSE);
94
95	env_put("DOVECOT_MASTER=1");
96
97	Index: src/master/mail-process.c
98	===================================================================
99	RCS file: /home/cvs/dovecot/src/master/mail-process.c,v
100	retrieving revision 1.13
101	diff -u -3 -p -r1.13 mail-process.c
102	--- src/master/mail-process.c 15 Apr 2003 16:58:48 -0000 1.13
103	+++ src/master/mail-process.c 15 Apr 2003 17:37:28 -0000
104	@@ -25,7 +25,7 @@ static int validate_uid_gid(uid_t uid, g
105	return FALSE;
106	}
107
108	- if (uid != 0 && gid == 0) {
109	+ if (set->allow_zero_gid == FALSE && uid != 0 && gid == 0) {
110	i_error("mail process isn't allowed to be in group 0");
111	return FALSE;
112	}
113	@@ -38,8 +38,9 @@ static int validate_uid_gid(uid_t uid, g
114	return FALSE;
115	}
116
117	- if (gid < (gid_t)set->first_valid_gid \|\|
118	- (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid)) {
119	+ if (set->allow_zero_gid == FALSE &&
120	+ (gid < (gid_t)set->first_valid_gid \|\|
121	+ (set->last_valid_gid != 0 && gid > (gid_t)set->last_valid_gid))) {
122	i_error("mail process isn't allowed to use "
123	"GID %s (UID is %s)", dec2str(gid), dec2str(uid));
124	return FALSE;
125	@@ -150,7 +151,8 @@ int create_mail_process(int socket, stru
126	(paranoia about filling up environment without noticing) */
127	restrict_access_set_env(data + reply->system_user_idx,
128	reply->uid, reply->gid,
129	- reply->chroot ? data + reply->home_idx : NULL);
130	+ reply->chroot ? data + reply->home_idx : NULL,
131	+ set->allow_zero_gid);
132
133	restrict_process_size(process_size, (unsigned int)-1);
134
135	Index: src/master/master-settings.c
136	===================================================================
137	RCS file: /home/cvs/dovecot/src/master/master-settings.c,v
138	retrieving revision 1.16
139	diff -u -3 -p -r1.16 master-settings.c
140	--- src/master/master-settings.c 2 Apr 2003 02:09:41 -0000 1.16
141	+++ src/master/master-settings.c 15 Apr 2003 17:37:28 -0000
142	@@ -46,6 +46,7 @@ static struct setting_def setting_defs[]
143	DEF(SET_INT, max_mail_processes),
144	DEF(SET_BOOL, verbose_proctitle),
145
146	+ DEF(SET_BOOL, allow_zero_gid),
147	DEF(SET_INT, first_valid_uid),
148	DEF(SET_INT, last_valid_uid),
149	DEF(SET_INT, first_valid_gid),
150	@@ -153,6 +154,7 @@ struct settings default_settings = {
151	MEMBER(max_mail_processes) 1024,
152	MEMBER(verbose_proctitle) FALSE,
153
154	+ MEMBER(allow_zero_gid) FALSE,
155	MEMBER(first_valid_uid) 500,
156	MEMBER(last_valid_uid) 0,
157	MEMBER(first_valid_gid) 1,
158	Index: src/master/master-settings.h
159	===================================================================
160	RCS file: /home/cvs/dovecot/src/master/master-settings.h,v
161	retrieving revision 1.10
162	diff -u -3 -p -r1.10 master-settings.h
163	--- src/master/master-settings.h 2 Apr 2003 02:09:41 -0000 1.10
164	+++ src/master/master-settings.h 15 Apr 2003 17:37:29 -0000
165	@@ -32,6 +32,7 @@ struct settings {
166	unsigned int max_mail_processes;
167	int verbose_proctitle;
168
169	+ int allow_zero_gid;
170	unsigned int first_valid_uid, last_valid_uid;
171	unsigned int first_valid_gid, last_valid_gid;
172