|
 |
854985 |
From ca5b3ec5331545b46ec1f1c4ecfa1302ddb10653 Mon Sep 17 00:00:00 2001
|
|
|
854985 |
From: Timo Sirainen <timo.sirainen@dovecot.fi>
|
|
|
854985 |
Date: Wed, 29 Jun 2016 00:56:56 +0300
|
|
|
854985 |
Subject: [PATCH] auth: userdb passwd iteration now skips users not in
|
|
|
854985 |
first/last_valid_gid range
|
|
|
854985 |
|
|
|
854985 |
Patch by Michal Hlavinka / Red Hat
|
|
|
854985 |
---
|
|
|
854985 |
src/auth/auth-settings.c | 4 ++++
|
|
|
854985 |
src/auth/auth-settings.h | 2 ++
|
|
|
854985 |
src/auth/userdb-passwd.c | 4 ++++
|
|
|
854985 |
3 files changed, 10 insertions(+)
|
|
|
854985 |
|
|
|
854985 |
diff --git a/src/auth/auth-settings.c b/src/auth/auth-settings.c
|
|
|
854985 |
index c942819..ea987cb 100644
|
|
|
854985 |
--- a/src/auth/auth-settings.c
|
|
|
854985 |
+++ b/src/auth/auth-settings.c
|
|
|
854985 |
@@ -264,6 +264,8 @@ static const struct setting_define auth_setting_defines[] = {
|
|
|
854985 |
DEF_NOPREFIX(SET_BOOL, verbose_proctitle),
|
|
|
854985 |
DEF_NOPREFIX(SET_UINT, first_valid_uid),
|
|
|
854985 |
DEF_NOPREFIX(SET_UINT, last_valid_uid),
|
|
|
854985 |
+ DEF_NOPREFIX(SET_UINT, first_valid_gid),
|
|
|
854985 |
+ DEF_NOPREFIX(SET_UINT, last_valid_gid),
|
|
|
854985 |
|
|
|
854985 |
SETTING_DEFINE_LIST_END
|
|
|
854985 |
};
|
|
|
854985 |
@@ -313,6 +315,8 @@ static const struct auth_settings auth_default_settings = {
|
|
|
854985 |
.verbose_proctitle = FALSE,
|
|
|
854985 |
.first_valid_uid = 500,
|
|
|
854985 |
.last_valid_uid = 0,
|
|
|
854985 |
+ .first_valid_gid = 1,
|
|
|
854985 |
+ .last_valid_gid = 0,
|
|
|
854985 |
};
|
|
|
854985 |
|
|
|
854985 |
const struct setting_parser_info auth_setting_parser_info = {
|
|
|
854985 |
diff --git a/src/auth/auth-settings.h b/src/auth/auth-settings.h
|
|
|
854985 |
index 1313576..409653f 100644
|
|
|
854985 |
--- a/src/auth/auth-settings.h
|
|
|
854985 |
+++ b/src/auth/auth-settings.h
|
|
|
854985 |
@@ -79,6 +79,8 @@ struct auth_settings {
|
|
|
854985 |
bool verbose_proctitle;
|
|
|
854985 |
unsigned int first_valid_uid;
|
|
|
854985 |
unsigned int last_valid_uid;
|
|
|
854985 |
+ unsigned int first_valid_gid;
|
|
|
854985 |
+ unsigned int last_valid_gid;
|
|
|
854985 |
|
|
|
854985 |
/* generated: */
|
|
|
854985 |
char username_chars_map[256];
|
|
|
854985 |
diff --git a/src/auth/userdb-passwd.c b/src/auth/userdb-passwd.c
|
|
|
854985 |
index f50bcba..a1f1871 100644
|
|
|
854985 |
--- a/src/auth/userdb-passwd.c
|
|
|
854985 |
+++ b/src/auth/userdb-passwd.c
|
|
|
854985 |
@@ -145,6 +145,10 @@ passwd_iterate_want_pw(struct passwd *pw, const struct auth_settings *set)
|
|
|
854985 |
return FALSE;
|
|
|
854985 |
if (pw->pw_uid > (uid_t)set->last_valid_uid && set->last_valid_uid != 0)
|
|
|
854985 |
return FALSE;
|
|
|
854985 |
+ if (pw->pw_gid < (gid_t)set->first_valid_gid)
|
|
|
854985 |
+ return FALSE;
|
|
|
854985 |
+ if (pw->pw_gid > (gid_t)set->last_valid_gid && set->last_valid_gid != 0)
|
|
|
854985 |
+ return FALSE;
|
|
|
854985 |
return TRUE;
|
|
|
854985 |
}
|
|
|
854985 |
|