From 3745246d0a0848cc6233a2f9239e9f66fd2c689e Mon Sep 17 00:00:00 2001 From: scrappy Date: Tue, 22 Oct 1996 22:52:37 +0000 Subject: Last time I trust 'sucess's on a non-context diff... Pointed out by: Bill Fenner --- libexec/mail.local/mail.local.c | 45 +++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 22 deletions(-) (limited to 'libexec/mail.local') diff --git a/libexec/mail.local/mail.local.c b/libexec/mail.local/mail.local.c index 733762a..91871bc 100644 --- a/libexec/mail.local/mail.local.c +++ b/libexec/mail.local/mail.local.c @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: mail.local.c,v 1.7 1996/09/22 21:54:07 wosch Exp $ + * $Id: mail.local.c,v 1.8 1996/10/22 21:01:01 scrappy Exp $ */ #ifndef lint @@ -197,13 +197,13 @@ void deliver(fd, name, nobiff) int fd, nobiff; char *name; - uid_t saveeuid; { struct stat fsb, sb; struct passwd *pw; int mbfd, nr, nw, off; char biffmsg[100], buf[8*1024], path[MAXPATHLEN]; off_t curoff; + uid_t saveeuid; /* * Disallow delivery to unknown names -- special mailboxes can be @@ -233,8 +233,6 @@ deliver(fd, name, nobiff) * If we created the mailbox, set the owner/group. If that fails, * just return. Another process may have already opened it, so we * can't unlink it. Historically, binmail set the owner/group at - - saveeuid=geteuid(); * each mail delivery. We no longer do this, assuming that if the * ownership or permissions were changed there was a reason. @@ -242,6 +240,8 @@ deliver(fd, name, nobiff) * XXX * open(2) should support flock'ing the file. */ + + saveeuid=geteuid(); tryagain: if (lstat(path, &sb)) { mbfd = open(path, @@ -249,6 +249,14 @@ tryagain: if (mbfd == -1) { if (errno == EEXIST) + + goto tryagain; + } else if (fchown(mbfd, pw->pw_uid, pw->pw_gid)) { + e_to_sys(errno); + warn("chown %u.%u: %s", pw->pw_uid, pw->pw_gid, name); + return; + } + /* Now that the box is created and permissions are correct, we close it and go back to the top so that we will come in and write as the user. We dont seteuid() before the above @@ -257,12 +265,11 @@ tryagain: close(mbfd); goto tryagain; - goto tryagain; - } else if (fchown(mbfd, pw->pw_uid, pw->pw_gid)) { - e_to_sys(errno); - warn("chown %u.%u: %s", pw->pw_uid, pw->pw_gid, name); - return; - + } else if (sb.st_nlink != 1 || S_ISLNK(sb.st_mode)) { + e_to_sys(errno); + warn("%s: linked file", path); + return; + } else { /* Become the user, so quota enforcement will occur */ if(seteuid(pw->pw_uid) != 0) { @@ -270,22 +277,15 @@ tryagain: return; } - } - } else if (sb.st_nlink != 1 || S_ISLNK(sb.st_mode)) { - e_to_sys(errno); - warn("%s: linked file", path); - return; - } else { mbfd = open(path, O_APPEND|O_WRONLY, 0); - seteuid(saveeuid); if (mbfd != -1 && (fstat(mbfd, &fsb) || fsb.st_nlink != 1 || S_ISLNK(fsb.st_mode) || sb.st_dev != fsb.st_dev || sb.st_ino != fsb.st_ino)) { warn("%s: file changed after open", path); (void)close(mbfd); + seteuid(saveeuid); return; - seteuid(saveeuid); } } @@ -294,6 +294,7 @@ tryagain: e_to_sys(errno); warn("%s: %s", path, strerror(errno)); return; + seteuid(saveeuid); } /* Wait until we can get a lock on the file. */ @@ -327,19 +328,16 @@ tryagain: if (nr < 0) { e_to_sys(errno); warn("temporary file: %s", strerror(errno)); - seteuid(saveeuid); err2: (void)ftruncate(mbfd, curoff); err1: (void)close(mbfd); + seteuid(saveeuid); return; } #ifndef DONT_FSYNC /* Flush to disk, don't wait for update. */ - seteuid(saveeuid); if (fsync(mbfd)) { e_to_sys(errno); - - seteuid(saveeuid); warn("%s: %s", path, strerror(errno)); goto err2; } @@ -349,9 +347,12 @@ err1: (void)close(mbfd); if (close(mbfd)) { e_to_sys(errno); warn("%s: %s", path, strerror(errno)); + seteuid(saveeuid); return; } + seteuid(saveeuid); + if (!nobiff) notifybiff(biffmsg); } -- cgit v1.1