directory.o dns.o drtables.o enq.o exim.o expand.o filter.o \
filtertest.o globals.o dkim.o dkim_transport.o dnsbl.o hash.o \
header.o host.o ip.o log.o lss.o match.o md5.o moan.o \
- os.o parse.o queue.o \
+ os.o parse.o priv.o queue.o \
rda.o readconf.o receive.o retry.o rewrite.o rfc2047.o \
route.o search.o sieve.o smtp_in.o smtp_out.o spool_in.o spool_out.o \
std-crypto.o store.o string.o tls.o tod.o transport.o tree.o verify.o \
moan.o: $(HDRS) moan.c
os.o: $(HDRS) $(OS_C_INCLUDES) os.c
parse.o: $(HDRS) parse.c
+priv.o: $(HDRS) priv.c
queue.o: $(HDRS) queue.c
rda.o: $(HDRS) rda.c
readconf.o: $(HDRS) readconf.c
deliver.c directory.c dns.c dnsbl.c drtables.c dummies.c enq.c exim.c \
exim_dbmbuild.c exim_dbutil.c exim_lock.c expand.c filter.c filtertest.c \
globals.c hash.c header.c host.c ip.c log.c lss.c match.c md5.c moan.c \
- parse.c perl.c queue.c rda.c readconf.c receive.c retry.c rewrite.c \
+ parse.c perl.c priv.c queue.c rda.c readconf.c receive.c retry.c rewrite.c \
rfc2047.c route.c search.c setenv.c environment.c \
sieve.c smtp_in.c smtp_out.c spool_in.c spool_out.c std-crypto.c store.c \
string.c tls.c tlscert-gnu.c tlscert-openssl.c tls-cipher-stdname.c \
#endif
-
-
-static enum {
- PRIV_DROPPING, PRIV_DROPPED,
- PRIV_RESTORING, PRIV_RESTORED
-} priv_state = PRIV_RESTORED;
-
-static uid_t priv_euid;
-static gid_t priv_egid;
-static gid_t priv_groups[EXIM_GROUPLIST_SIZE + 1];
-static int priv_ngroups;
-
-/* Inspired by OpenSSH's temporarily_use_uid(). Thanks! */
-
-static void
-priv_drop_temp(const uid_t temp_uid, const gid_t temp_gid)
-{
-if (priv_state != PRIV_RESTORED) _exit(EXIT_FAILURE);
-priv_state = PRIV_DROPPING;
-
-priv_euid = geteuid();
-if (priv_euid == root_uid)
- {
- priv_egid = getegid();
- priv_ngroups = getgroups(nelem(priv_groups), priv_groups);
- if (priv_ngroups < 0) _exit(EXIT_FAILURE);
-
- if (priv_ngroups > 0 && setgroups(1, &temp_gid) != 0) _exit(EXIT_FAILURE);
- if (setegid(temp_gid) != 0) _exit(EXIT_FAILURE);
- if (seteuid(temp_uid) != 0) _exit(EXIT_FAILURE);
-
- if (geteuid() != temp_uid) _exit(EXIT_FAILURE);
- if (getegid() != temp_gid) _exit(EXIT_FAILURE);
- }
-
-priv_state = PRIV_DROPPED;
-}
-
-/* Inspired by OpenSSH's restore_uid(). Thanks! */
-
-static void
-priv_restore(void)
-{
-if (priv_state != PRIV_DROPPED) _exit(EXIT_FAILURE);
-priv_state = PRIV_RESTORING;
-
-if (priv_euid == root_uid)
- {
- if (seteuid(priv_euid) != 0) _exit(EXIT_FAILURE);
- if (setegid(priv_egid) != 0) _exit(EXIT_FAILURE);
- if (priv_ngroups > 0 && setgroups(priv_ngroups, priv_groups) != 0) _exit(EXIT_FAILURE);
-
- if (geteuid() != priv_euid) _exit(EXIT_FAILURE);
- if (getegid() != priv_egid) _exit(EXIT_FAILURE);
- }
-
-priv_state = PRIV_RESTORED;
-}
-
-
-
-
/*************************************************
* Open and lock a database file *
*************************************************/
extern const uschar *parse_message_id(const uschar *, uschar **, uschar **);
extern const uschar *parse_quote_2047(const uschar *, int, uschar *, BOOL);
extern const uschar *parse_date_time(const uschar *str, time_t *t);
+extern void priv_drop_temp(const uid_t, const gid_t);
+extern void priv_restore(void);
extern int vaguely_random_number(int);
#ifndef DISABLE_TLS
extern int vaguely_random_number_fallback(int);
--- /dev/null
+#include "exim.h"
+#include <sys/types.h>
+#include <unistd.h>
+#include <string.h>
+
+static enum {
+ PRIV_DROPPING, PRIV_DROPPED,
+ PRIV_RESTORING, PRIV_RESTORED
+} priv_state = PRIV_RESTORED;
+
+
+static uid_t priv_euid;
+static gid_t priv_egid;
+static gid_t priv_groups[EXIM_GROUPLIST_SIZE + 1];
+static int priv_ngroups;
+
+/* Inspired by OpenSSH's temporarily_use_uid(). Thanks! */
+
+void
+priv_drop_temp(const uid_t temp_uid, const gid_t temp_gid)
+{
+if (priv_state != PRIV_RESTORED)
+ log_write(0, LOG_PANIC_DIE, "priv_drop_temp: unexpected priv_state %d != %d", priv_state, PRIV_RESTORED);
+
+priv_state = PRIV_DROPPING;
+
+priv_euid = geteuid();
+if (priv_euid == root_uid)
+ {
+ priv_egid = getegid();
+ priv_ngroups = getgroups(nelem(priv_groups), priv_groups);
+ if (priv_ngroups < 0)
+ log_write(0, LOG_PANIC_DIE, "getgroups: %s", strerror(errno));
+
+ if (priv_ngroups > 0 && setgroups(1, &temp_gid) != 0)
+ log_write(0, LOG_PANIC_DIE, "setgroups: %s", strerror(errno));
+ if (setegid(temp_gid) != 0)
+ log_write(0, LOG_PANIC_DIE, "setegid(%d): %s", temp_gid, strerror(errno));
+ if (seteuid(temp_uid) != 0)
+ log_write(0, LOG_PANIC_DIE, "seteuid(%d): %s", temp_uid, strerror(errno));
+
+ if (geteuid() != temp_uid)
+ log_write(0, LOG_PANIC_DIE, "getdeuid() != %d", temp_uid);
+ if (getegid() != temp_gid)
+ log_write(0, LOG_PANIC_DIE, "getegid() != %d", temp_gid);
+ }
+
+priv_state = PRIV_DROPPED;
+}
+
+/* Inspired by OpenSSH's restore_uid(). Thanks! */
+
+void
+priv_restore(void)
+{
+if (priv_state != PRIV_DROPPED)
+ log_write(0, LOG_PANIC_DIE, "priv_restore: unexpected priv_state %d != %d", priv_state, PRIV_DROPPED);
+priv_state = PRIV_RESTORING;
+
+if (priv_euid == root_uid)
+ {
+ if (seteuid(priv_euid) != 0)
+ log_write(0, LOG_PANIC_DIE, "seteuid(%d): %s", priv_euid, strerror(errno));
+ if (setegid(priv_egid) != 0)
+ log_write(0, LOG_PANIC_DIE, "setegid(%d): %s", priv_egid, strerror(errno));
+ if (priv_ngroups > 0 && setgroups(priv_ngroups, priv_groups) != 0)
+ log_write(0, LOG_PANIC_DIE, "setgroups: %s", strerror(errno));
+
+ if (geteuid() != priv_euid)
+ log_write(0, LOG_PANIC_DIE, "getdeuid() != %d", priv_euid);
+ if (getegid() != priv_egid)
+ log_write(0, LOG_PANIC_DIE, "getdegid() != %d", priv_egid);
+ }
+
+priv_state = PRIV_RESTORED;
+}
locked TESTSUITE/spool/db/retry.lockfile
EXIM_DBOPEN: file <TESTSUITE/spool/db/retry> dir <TESTSUITE/spool/db> flags=O_RDONLY
returned from EXIM_DBOPEN: (nil)
- ensuring TESTSUITE/spool/db/retry.lockfile is owned by exim
failed to open DB file TESTSUITE/spool/db/retry: No such file or directory
no retry data available
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
locked TESTSUITE/spool/db/retry.lockfile
EXIM_DBOPEN: file <TESTSUITE/spool/db/retry> dir <TESTSUITE/spool/db> flags=O_RDONLY
returned from EXIM_DBOPEN: (nil)
- ensuring TESTSUITE/spool/db/retry.lockfile is owned by exim
failed to open DB file TESTSUITE/spool/db/retry: No such file or directory
no retry data available
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
locked TESTSUITE/spool/db/retry.lockfile
EXIM_DBOPEN: file <TESTSUITE/spool/db/retry> dir <TESTSUITE/spool/db> flags=O_RDONLY
returned from EXIM_DBOPEN: (nil)
- ensuring TESTSUITE/spool/db/retry.lockfile is owned by exim
failed to open DB file TESTSUITE/spool/db/retry: No such file or directory
no retry data available
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
locked TESTSUITE/spool/db/retry.lockfile
EXIM_DBOPEN: file <TESTSUITE/spool/db/retry> dir <TESTSUITE/spool/db> flags=O_RDONLY
returned from EXIM_DBOPEN: (nil)
- ensuring TESTSUITE/spool/db/retry.lockfile is owned by exim
failed to open DB file TESTSUITE/spool/db/retry: No such file or directory
no retry data available
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
locked TESTSUITE/spool/db/retry.lockfile
EXIM_DBOPEN: file <TESTSUITE/spool/db/retry> dir <TESTSUITE/spool/db> flags=O_RDONLY
returned from EXIM_DBOPEN: (nil)
- ensuring TESTSUITE/spool/db/retry.lockfile is owned by exim
failed to open DB file TESTSUITE/spool/db/retry: No such file or directory
no retry data available
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
locked TESTSUITE/spool/db/retry.lockfile
EXIM_DBOPEN: file <TESTSUITE/spool/db/retry> dir <TESTSUITE/spool/db> flags=O_RDONLY
returned from EXIM_DBOPEN: (nil)
- ensuring TESTSUITE/spool/db/retry.lockfile is owned by exim
failed to open DB file TESTSUITE/spool/db/retry: No such file or directory
no retry data available
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
locked TESTSUITE/spool/db/retry.lockfile
EXIM_DBOPEN: file <TESTSUITE/spool/db/retry> dir <TESTSUITE/spool/db> flags=O_RDONLY
returned from EXIM_DBOPEN: (nil)
- ensuring TESTSUITE/spool/db/retry.lockfile is owned by exim
failed to open DB file TESTSUITE/spool/db/retry: No such file or directory
no retry data available
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
locked TESTSUITE/spool/db/retry.lockfile
EXIM_DBOPEN: file <TESTSUITE/spool/db/retry> dir <TESTSUITE/spool/db> flags=O_RDONLY
returned from EXIM_DBOPEN: (nil)
- ensuring TESTSUITE/spool/db/retry.lockfile is owned by exim
failed to open DB file TESTSUITE/spool/db/retry: No such file or directory
no retry data available
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
locked TESTSUITE/spool/db/retry.lockfile
EXIM_DBOPEN: file <TESTSUITE/spool/db/retry> dir <TESTSUITE/spool/db> flags=O_RDONLY
returned from EXIM_DBOPEN: (nil)
- ensuring TESTSUITE/spool/db/retry.lockfile is owned by exim
failed to open DB file TESTSUITE/spool/db/retry: No such file or directory
no retry data available
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>