Commit a9e36974 a9e36974c11d4a4c429867a63bc0814917985089 by Sergey Poznyakoff

libmu_dbm: Functions for DB creation take default safety flags in their last argument.

* configure.ac (check_dbm_impl): Fix improper usage of expr in BDB=* case.
* include/mailutils/dbm.h (mu_dbm_create_from_url)
(mu_dbm_create): Take default safety flags as the last argument.
* libmailutils/base/filesafety.c (_check_linkwrdir): Check for both
hard and symbolic links.  Fix the latter check.
* libmailutils/tests/fsaf.at: Add check for softlink in a writable dir.
* libmu_dbm/create.c (mu_dbm_create): Take default file safety as the
last argument.
* libmu_dbm/dbm.c (mu_dbm_create_from_url): Likewise.
* maidag/mailquota.c (dbm_retrieve_quota): Update call to mu_dbm_create.
Impose MU_FILE_SAFETY_ALL by default.
* mu/dbm.c (open_db_file): Update call to mu_dbm_create.  No checks
by default.
* pop3d/apop.c (pop3d_apopuser): Update call to mu_dbm_create.  Use
apop_database_safety as the default checks.
* pop3d/bulletin.c (read_bulletin_db,write_bulletin_db): Update calls to
mu_dbm_create.  Use DEFAULT_GROUP_DB_SAFETY as default.
* pop3d/logindelay.c (open_stat_db): Update call to mu_dbm_create.
Use DEFAULT_GROUP_DB_SAFETY as default.
* pop3d/pop3d.c (apop_database_safety): Initialize to MU_FILE_SAFETY_ALL.
(apop_database_safety_set): Remove.
* pop3d/pop3d.h (apop_database_safety_set): Remove.
* pop3d/popauth.c (open_db_file): Update call to mu_dbm_create.  Use
safety_flags by default.
1 parent d2207485
......@@ -518,7 +518,7 @@ check_dbm_impl() {
done;;
BDB=*)
name=`expr $use_dbm : 'BDB=\(.*\)'`
name=`expr $1 : 'BDB=\(.*\)'`
case $name in
[[0-9]]*) check_slackware_bdb $name;;
*) for version in 4 3 2
......
......@@ -53,8 +53,8 @@ void mu_dbm_init (void);
mu_url_t mu_dbm_get_hint (void);
int mu_dbm_register (struct mu_dbm_impl *impl);
int mu_dbm_create_from_url (mu_url_t url, mu_dbm_file_t *db);
int mu_dbm_create (char *name, mu_dbm_file_t *db);
int mu_dbm_create_from_url (mu_url_t url, mu_dbm_file_t *db, int defsafety);
int mu_dbm_create (char *name, mu_dbm_file_t *db, int defsafety);
int mu_dbm_close (mu_dbm_file_t db);
void mu_dbm_datum_free (struct mu_dbm_datum *datum);
int mu_dbm_delete (mu_dbm_file_t db, struct mu_dbm_datum const *key);
......
......@@ -68,8 +68,9 @@ _check_awrfil (struct file_check_buffer *fb)
static int
_check_linkwrdir (struct file_check_buffer *fb)
{
return (fb->filst.st_mode & S_IFLNK) &&
(fb->dirst.st_mode & (S_IWGRP | S_IWOTH));
return ((((fb->filst.st_mode & S_IFMT) == S_IFLNK) ||
fb->filst.st_nlink > 1) &&
(fb->dirst.st_mode & (S_IWGRP | S_IWOTH)));
}
static int
......@@ -199,7 +200,7 @@ mu_file_safety_check (const char *filename, int mode,
if (!filename)
return EFAULT;
memset (&buf, 0, sizeof (buf));
if (stat (filename, &buf.filst) == 0)
if (lstat (filename, &buf.filst) == 0)
{
struct safety_checker *pck;
......
......@@ -59,6 +59,15 @@ ln ../data file
],
[Linked file in a writable directory])
FSAFCODE([+linkwrdir],
[mkdir dir
chmod g+w dir
> data
cd dir
ln -s ../data file
],
[Linked file in a writable directory])
FSAFCODE([+awrdir],
[mkdir dir
chmod o+w dir
......
......@@ -29,7 +29,7 @@
#include "mudbm.h"
int
mu_dbm_create (char *name, mu_dbm_file_t *db)
mu_dbm_create (char *name, mu_dbm_file_t *db, int defsafety)
{
int rc;
mu_url_t url;
......@@ -38,7 +38,7 @@ mu_dbm_create (char *name, mu_dbm_file_t *db)
rc = mu_url_create_hint (&url, name, 0, mu_dbm_hint);
if (rc)
return rc;
rc = mu_dbm_create_from_url (url, db);
rc = mu_dbm_create_from_url (url, db, defsafety);
mu_url_destroy (&url);
return rc;
}
......
......@@ -132,7 +132,7 @@ mu_dbm_register (struct mu_dbm_impl *impl)
}
int
mu_dbm_create_from_url (mu_url_t url, mu_dbm_file_t *db)
mu_dbm_create_from_url (mu_url_t url, mu_dbm_file_t *db, int defsafety)
{
mu_dbm_file_t p;
int flags;
......@@ -142,6 +142,7 @@ mu_dbm_create_from_url (mu_url_t url, mu_dbm_file_t *db)
struct mu_dbm_impl *impl;
struct mu_auth_data *auth;
int safety_flags = 0;
int safety_flags_set = 0;
uid_t owner_uid = getuid ();
mu_dbm_init ();
......@@ -183,7 +184,8 @@ mu_dbm_create_from_url (mu_url_t url, mu_dbm_file_t *db)
}
else if (*name == '+')
name++;
safety_flags_set = 1;
if (strncmp (name, "owner", 5) == 0)
{
val = MU_FILE_SAFETY_OWNER_MISMATCH;
......@@ -243,7 +245,8 @@ mu_dbm_create_from_url (mu_url_t url, mu_dbm_file_t *db)
free (p);
return ENOMEM;
}
p->db_safety_flags = safety_flags;
p->db_safety_flags = safety_flags_set ? safety_flags : defsafety;
p->db_owner = owner_uid;
p->db_sys = impl;
......@@ -257,3 +260,4 @@ mu_dbm_impl_iterator (mu_iterator_t *itr)
mu_dbm_init ();
return mu_list_get_iterator (implist, itr);
}
......
......@@ -77,7 +77,7 @@ dbm_retrieve_quota (char *name, mu_off_t *quota)
if (!quotadbname)
return RETR_FAILURE;
rc = mu_dbm_create (quotadbname, &db);
rc = mu_dbm_create (quotadbname, &db, MU_FILE_SAFETY_ALL);
if (rc)
{
mu_error (_("unable to create quota db"));
......
......@@ -106,7 +106,7 @@ open_db_file (int mode)
exit (EX_USAGE);
}
rc = mu_dbm_create (db_name, &db);
rc = mu_dbm_create (db_name, &db, 0);
if (rc)
{
mu_diag_output (MU_DIAG_ERROR, _("unable to create database %s: %s"),
......
......@@ -50,16 +50,13 @@ pop3d_apopuser (const char *user)
mu_dbm_file_t db;
struct mu_dbm_datum key, data;
rc = mu_dbm_create (apop_database_name, &db);
rc = mu_dbm_create (apop_database_name, &db, apop_database_safety);
if (rc)
{
mu_diag_output (MU_DIAG_ERROR, _("unable to create APOP db"));
return NULL;
}
if (apop_database_safety_set)
mu_dbm_safety_set_flags (db, apop_database_safety);
rc = mu_dbm_safety_check (db);
if (rc)
{
......
......@@ -126,7 +126,7 @@ read_bulletin_db (size_t *pnum)
size_t s;
char *p;
rc = mu_dbm_create (bulletin_db_name, &db);
rc = mu_dbm_create (bulletin_db_name, &db, DEFAULT_GROUP_DB_SAFETY);
if (rc)
{
mu_diag_output (MU_DIAG_ERROR, _("unable to create bulletin db"));
......@@ -220,15 +220,13 @@ write_bulletin_db (size_t num)
int rc;
const char *p;
rc = mu_dbm_create (bulletin_db_name, &db);
rc = mu_dbm_create (bulletin_db_name, &db, DEFAULT_GROUP_DB_SAFETY);
if (rc)
{
mu_diag_output (MU_DIAG_ERROR, _("unable to create bulletin db"));
return rc;
}
mu_dbm_safety_set_flags (db, DEFAULT_GROUP_DB_SAFETY);
rc = mu_dbm_safety_check (db);
if (rc && rc != ENOENT)
{
......
......@@ -25,15 +25,13 @@ open_stat_db (int mode)
mu_dbm_file_t db;
int rc;
rc = mu_dbm_create (login_stat_file, &db);
rc = mu_dbm_create (login_stat_file, &db, DEFAULT_GROUP_DB_SAFETY);
if (rc)
{
mu_diag_output (MU_DIAG_ERROR, _("unable to create statistics db"));
return NULL;
}
mu_dbm_safety_set_flags (db, DEFAULT_GROUP_DB_SAFETY);
rc = mu_dbm_safety_check (db);
if (rc && rc != ENOENT)
{
......
......@@ -33,8 +33,7 @@ int debug_mode;
int tls_required;
int pop3d_xlines;
char *apop_database_name = APOP_PASSFILE;
int apop_database_safety;
int apop_database_safety_set;
int apop_database_safety = MU_FILE_SAFETY_ALL;
#ifdef WITH_TLS
int tls_available;
......@@ -92,7 +91,6 @@ cb2_file_safety_checks (const char *name, void *data)
static int
cb_apop_safety_checks (void *data, mu_config_value_t *arg)
{
apop_database_safety_set = 1;
return mu_cfg_string_value_cb (arg, cb2_file_safety_checks,
&apop_database_safety);
}
......
......@@ -199,7 +199,6 @@ extern size_t pop3d_output_bufsize;
extern int pop3d_xlines;
extern char *apop_database_name;
extern int apop_database_safety;
extern int apop_database_safety_set;
/* Safety checks for group-rw database files, such as stat and bulletin
databases */
......
......@@ -273,15 +273,6 @@ open_db_file (int action, struct action_data *ap, int *my_file)
uid = getuid ();
rc = mu_dbm_create (db_name, &db);
if (rc)
{
mu_diag_output (MU_DIAG_ERROR, _("unable to create database %s: %s"),
db_name, mu_strerror (rc));
exit (EX_SOFTWARE);
}
// mu_dbm_safety_set_owner (db, uid);
/* Adjust safety flags */
if (permissions & 0002)
safety_flags &= ~MU_FILE_SAFETY_WORLD_WRITABLE;
......@@ -291,8 +282,15 @@ open_db_file (int action, struct action_data *ap, int *my_file)
safety_flags &= ~MU_FILE_SAFETY_GROUP_WRITABLE;
if (permissions & 0040)
safety_flags &= ~MU_FILE_SAFETY_GROUP_READABLE;
mu_dbm_safety_set_flags (db, safety_flags);
rc = mu_dbm_create (db_name, &db, safety_flags);
if (rc)
{
mu_diag_output (MU_DIAG_ERROR, _("unable to create database %s: %s"),
db_name, mu_strerror (rc));
exit (EX_SOFTWARE);
}
rc = mu_dbm_safety_check (db);
if (rc && rc != ENOENT)
{
......