X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Frouters%2Fqueryprogram.c;h=11e1fdc34f656815fd07458c5d1bd0734b7789c3;hb=76146973f89f0e9265d85827285b9258910a56d7;hp=2aed3ef8263ad6d017fb14f9d1bbd8915cf2ecf9;hpb=f1e894f37fb99398f7447220925a915bd031491a;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/routers/queryprogram.c b/src/src/routers/queryprogram.c index 2aed3ef82..11e1fdc34 100644 --- a/src/src/routers/queryprogram.c +++ b/src/src/routers/queryprogram.c @@ -1,10 +1,8 @@ -/* $Cambridge: exim/src/src/routers/queryprogram.c,v 1.5 2005/06/27 14:29:44 ph10 Exp $ */ - /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2005 */ +/* Copyright (c) University of Cambridge 1995 - 2009 */ /* See the file NOTICE for conditions of use and distribution. */ #include "../exim.h" @@ -122,6 +120,9 @@ while (generated != NULL) next->next = *addr_new; *addr_new = next; + if (addr->child_count == SHRT_MAX) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router generated more than %d " + "child addresses for <%s>", rblock->name, SHRT_MAX, addr->address); addr->child_count++; DEBUG(D_route) @@ -181,7 +182,7 @@ queryprogram_router_entry( router_instance *rblock, /* data for this instantiation */ address_item *addr, /* address we are working on */ struct passwd *pw, /* passwd entry after check_local_user */ - BOOL verify, /* TRUE when verifying */ + int verify, /* v_none/v_recipient/v_sender/v_expn */ address_item **addr_local, /* add it to this if it's local */ address_item **addr_remote, /* add it to this if it's remote */ address_item **addr_new, /* put new addresses on here */ @@ -198,8 +199,12 @@ queryprogram_router_options_block *ob = (queryprogram_router_options_block *)(rblock->options_block); uschar *current_directory = ob->current_directory; ugid_block ugid; +uid_t curr_uid = getuid(); +gid_t curr_gid = getgid(); uid_t uid = ob->cmd_uid; gid_t gid = ob->cmd_gid; +uid_t *puid = &uid; +gid_t *pgid = &gid; DEBUG(D_route) debug_printf("%s router called for %s: domain = %s\n", rblock->name, addr->address, addr->domain); @@ -250,9 +255,24 @@ if (!ob->cmd_gid_set) } } -DEBUG(D_route) debug_printf("uid=%ld gid=%ld current_directory=%s\n", +DEBUG(D_route) debug_printf("requires uid=%ld gid=%ld current_directory=%s\n", (long int)uid, (long int)gid, current_directory); +/* If we are not running as root, we will not be able to change uid/gid. */ + +if (curr_uid != root_uid && (uid != curr_uid || gid != curr_gid)) + { + DEBUG(D_route) + { + debug_printf("not running as root: cannot change uid/gid\n"); + debug_printf("subprocess will run with uid=%ld gid=%ld\n", + (long int)curr_uid, (long int)curr_gid); + } + puid = pgid = NULL; + } + +/* Set up the command to run */ + if (!transport_set_up_command(&argvptr, /* anchor for arg list */ ob->command, /* raw command */ TRUE, /* expand the arguments */ @@ -266,7 +286,7 @@ if (!transport_set_up_command(&argvptr, /* anchor for arg list */ /* Create the child process, making it a group leader. */ -pid = child_open_uid(argvptr, NULL, 0077, &uid, &gid, &fd_in, &fd_out, +pid = child_open_uid(argvptr, NULL, 0077, puid, pgid, &fd_in, &fd_out, current_directory, TRUE); if (pid < 0) @@ -356,6 +376,7 @@ if (strcmpic(rword, US"REDIRECT") == 0) RDO_REWRITE, /* rewrite generated addresses */ NULL, /* :include: directory not relevant */ NULL, /* sieve vacation directory not relevant */ + NULL, /* sieve enotify mailto owner not relevant */ NULL, /* sieve useraddress not relevant */ NULL, /* sieve subaddress not relevant */ &ugid, /* uid/gid (but not set) */