diff options
| author | Gilles Chehade <gilles@cvs.openbsd.org> | 2009-01-27 23:39:42 +0000 |
|---|---|---|
| committer | Gilles Chehade <gilles@cvs.openbsd.org> | 2009-01-27 23:39:42 +0000 |
| commit | bc603e6123ea32451ec99e1057acba35a3034cce (patch) | |
| tree | d115174ca41a3017d26bab1a2bf132df579077e9 /usr.sbin | |
| parent | d44500fae66ec8a666491c61ddc7d1214225cfc6 (diff) | |
instead of relying on socket permissions to allow or disallow imsg's that
come from the external process (smtpctl/send-mail/etc...), make the socket
world-writeable and request credentials with getpeereid().
discussed with pyr@ who was happy to hand me over UNP opened at the
"passing credentials through a unix socket" page, but hopefully saved by
dlg@ who knew about getpeereid() :-)
cvs: ----------------------------------------------------------------------
cvs: eNTER lOG. lINES BEGINNING WITH `cvs:' ARE REMOVED AUTOMATICALLY
cvs:
cvs: cOMMITTING IN .
cvs:
cvs: mODIFIED fILES:
cvs: CONTROL.C PARSE.Y SMTP.C SMTPD.C SMTPD.H STORE.C
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/smtpd/control.c | 35 |
1 files changed, 33 insertions, 2 deletions
diff --git a/usr.sbin/smtpd/control.c b/usr.sbin/smtpd/control.c index f0c3da3b2d2..387751f1c02 100644 --- a/usr.sbin/smtpd/control.c +++ b/usr.sbin/smtpd/control.c @@ -1,4 +1,4 @@ -/* $OpenBSD: control.c,v 1.9 2009/01/27 22:48:29 gilles Exp $ */ +/* $OpenBSD: control.c,v 1.10 2009/01/27 23:39:41 gilles Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -124,7 +124,7 @@ control(struct smtpd *env) } (void)umask(old_umask); - if (chmod(SMTPD_SOCKET, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP) == -1) { + if (chmod(SMTPD_SOCKET, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH) == -1) { (void)unlink(SMTPD_SOCKET); fatal("control: chmod"); } @@ -270,6 +270,11 @@ control_dispatch_ext(int fd, short event, void *arg) struct smtpd *env = arg; struct imsg imsg; int n; + uid_t euid; + gid_t egid; + + if (getpeereid(fd, &euid, &egid) == -1) + fatal("getpeereid"); if ((c = control_connbyfd(fd)) == NULL) { log_warn("control_dispatch_ext: fd %d: not found", fd); @@ -344,6 +349,10 @@ control_dispatch_ext(int fd, short event, void *arg) case IMSG_CTL_SHUTDOWN: /* NEEDS_FIX */ log_debug("received shutdown request"); + + if (euid) + goto badcred; + if (env->sc_flags & SMTPD_EXITING) { imsg_compose(&c->ibuf, IMSG_CTL_FAIL, 0, 0, -1, NULL, 0); @@ -353,6 +362,9 @@ control_dispatch_ext(int fd, short event, void *arg) imsg_compose(&c->ibuf, IMSG_CTL_OK, 0, 0, -1, NULL, 0); break; case IMSG_MDA_PAUSE: + if (euid) + goto badcred; + if (env->sc_flags & SMTPD_MDA_PAUSED) { imsg_compose(&c->ibuf, IMSG_CTL_FAIL, 0, 0, -1, NULL, 0); @@ -364,6 +376,9 @@ control_dispatch_ext(int fd, short event, void *arg) imsg_compose(&c->ibuf, IMSG_CTL_OK, 0, 0, -1, NULL, 0); break; case IMSG_MTA_PAUSE: + if (euid) + goto badcred; + if (env->sc_flags & SMTPD_MTA_PAUSED) { imsg_compose(&c->ibuf, IMSG_CTL_FAIL, 0, 0, -1, NULL, 0); @@ -375,6 +390,9 @@ control_dispatch_ext(int fd, short event, void *arg) imsg_compose(&c->ibuf, IMSG_CTL_OK, 0, 0, -1, NULL, 0); break; case IMSG_SMTP_PAUSE: + if (euid) + goto badcred; + if (env->sc_flags & SMTPD_SMTP_PAUSED) { imsg_compose(&c->ibuf, IMSG_CTL_FAIL, 0, 0, -1, NULL, 0); @@ -386,6 +404,9 @@ control_dispatch_ext(int fd, short event, void *arg) imsg_compose(&c->ibuf, IMSG_CTL_OK, 0, 0, -1, NULL, 0); break; case IMSG_MDA_RESUME: + if (euid) + goto badcred; + if (! (env->sc_flags & SMTPD_MDA_PAUSED)) { imsg_compose(&c->ibuf, IMSG_CTL_FAIL, 0, 0, -1, NULL, 0); @@ -397,6 +418,9 @@ control_dispatch_ext(int fd, short event, void *arg) imsg_compose(&c->ibuf, IMSG_CTL_OK, 0, 0, -1, NULL, 0); break; case IMSG_MTA_RESUME: + if (euid) + goto badcred; + if (!(env->sc_flags & SMTPD_MTA_PAUSED)) { imsg_compose(&c->ibuf, IMSG_CTL_FAIL, 0, 0, -1, NULL, 0); @@ -408,6 +432,9 @@ control_dispatch_ext(int fd, short event, void *arg) imsg_compose(&c->ibuf, IMSG_CTL_OK, 0, 0, -1, NULL, 0); break; case IMSG_SMTP_RESUME: + if (euid) + goto badcred; + if (!(env->sc_flags & SMTPD_SMTP_PAUSED)) { imsg_compose(&c->ibuf, IMSG_CTL_FAIL, 0, 0, -1, NULL, 0); @@ -424,6 +451,10 @@ control_dispatch_ext(int fd, short event, void *arg) break; } imsg_free(&imsg); + continue; +badcred: + imsg_compose(&c->ibuf, IMSG_CTL_FAIL, 0, 0, -1, + NULL, 0); } imsg_event_add(&c->ibuf); |