diff options
author | alex <alex@FreeBSD.org> | 1997-11-13 23:14:34 +0000 |
---|---|---|
committer | alex <alex@FreeBSD.org> | 1997-11-13 23:14:34 +0000 |
commit | 3dc202d85adc098f47f71f217da8a6b23ebdcd73 (patch) | |
tree | 132542388d17eae8b6a0797112463730066e6481 | |
parent | 83b332152002f5dc498ef596c2e78bc8792cc211 (diff) | |
download | FreeBSD-src-3dc202d85adc098f47f71f217da8a6b23ebdcd73.zip FreeBSD-src-3dc202d85adc098f47f71f217da8a6b23ebdcd73.tar.gz |
Switch the effective uid to that of the user when writing mail files,
allowing quotas to be enforced on mail spools.
PR: 1111
Submitted by: Charles Henrich <henrich@crh.cl.msu.edu>
-rw-r--r-- | libexec/mail.local/mail.local.c | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/libexec/mail.local/mail.local.c b/libexec/mail.local/mail.local.c index cb47bfb..f324967 100644 --- a/libexec/mail.local/mail.local.c +++ b/libexec/mail.local/mail.local.c @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: mail.local.c,v 1.12 1997/02/22 14:21:48 peter Exp $ + * $Id: mail.local.c,v 1.13 1997/03/28 15:48:13 imp Exp $ */ #ifndef lint @@ -203,6 +203,7 @@ deliver(fd, name, nobiff) int mbfd, nr, nw, off; char biffmsg[100], buf[8*1024], path[MAXPATHLEN]; off_t curoff; + uid_t saveeuid; /* * Disallow delivery to unknown names -- special mailboxes can be @@ -238,6 +239,8 @@ deliver(fd, name, nobiff) * XXX * open(2) should support flock'ing the file. */ + saveeuid=geteuid(); + tryagain: if (lstat(path, &sb)) { mbfd = open(path, @@ -250,11 +253,27 @@ tryagain: warn("chown %u.%u: %s", pw->pw_uid, pw->pw_gid, name); return; } + + /* + * Now that the box is created and permissions are correct, we + * close it and go back to the top so that we will come in + * and write as the user. We dont seteuid() before the above + * open, because we have to be root/bin to write in var/mail + * -Crh (henrich@msu.edu) + */ + close(mbfd); + goto tryagain; } else if (sb.st_nlink != 1 || S_ISLNK(sb.st_mode)) { e_to_sys(errno); warn("%s: linked file", path); return; } else { + /* Become the user, so quota enforcement will occur */ + if(seteuid(pw->pw_uid) != 0) { + warn("Unable to seteuid()"); + return; + } + mbfd = open(path, O_APPEND|O_WRONLY, 0); if (mbfd != -1 && (fstat(mbfd, &fsb) || fsb.st_nlink != 1 || @@ -262,6 +281,7 @@ tryagain: sb.st_ino != fsb.st_ino)) { warn("%s: file changed after open", path); (void)close(mbfd); + seteuid(saveeuid); return; } } @@ -269,6 +289,7 @@ tryagain: if (mbfd == -1) { e_to_sys(errno); warn("%s: %s", path, strerror(errno)); + seteuid(saveeuid); return; } @@ -279,9 +300,8 @@ tryagain: goto err1; } + curoff = lseek(mbfd, (off_t)0, SEEK_END); if (!nobiff) { - /* Get the starting offset of the new message for biff. */ - curoff = lseek(mbfd, (off_t)0, SEEK_END); (void)snprintf(biffmsg, sizeof(biffmsg), "%s@%qd\n", name, curoff); } @@ -304,6 +324,7 @@ tryagain: warn("temporary file: %s", strerror(errno)); err2: (void)ftruncate(mbfd, curoff); err1: (void)close(mbfd); + seteuid(saveeuid); return; } @@ -320,9 +341,12 @@ err1: (void)close(mbfd); if (close(mbfd)) { e_to_sys(errno); warn("%s: %s", path, strerror(errno)); + seteuid(saveeuid); return; } + seteuid(saveeuid); + if (!nobiff) notifybiff(biffmsg); } |