(imap4d_login): Call imap4d_check_home_dir before switching to user's

privileges. Bail out if it returns with an error. Use util_chdir instead of chdir to change to user's home directory.

(imap4d_login): Call imap4d_check_home_dir before switching to user's
privileges. Bail out if it returns with an error. Use util_chdir instead of chdir to change to user's home directory.
Sergey Poznyakoff
Commit c42f9ecf ... c42f9ecf7d9829739bbaa8efe7a098637ece4b89 authored 2006-01-20 11:19:43 +0000 by Sergey Poznyakoff
Showing 1 changed file with 9 additions and 4 deletions
imap4d/login.c
--- a/imap4d/login.c
View file @c42f9ec
+++ b/imap4d/login.c
View file @c42f9ec
 /* GNU Mailutils -- a suite of utilities for electronic mail
-   Copyright (C) 1999, 2001, 2002 Free Software Foundation, Inc.
+   Copyright (C) 1999, 2001, 2002, 2006 Free Software Foundation, Inc.
   GNU Mailutils is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -54,12 +54,17 @@ imap4d_login (struct imap4d_command *command, char *arg)
      syslog (LOG_INFO, _("Login failed: %s"), username);
      return util_finish (command, RESP_NO, "User name or passwd rejected");
    }
+  homedir = mu_normalize_path (strdup (auth_data->dir), "/");
+  if (imap4d_check_home_dir (homedir, auth_data->uid, auth_data->gid))
+    return util_finish (command, RESP_NO,
+			"User name or passwd rejected");
  if (auth_data->change_uid)
    setuid (auth_data->uid);
-  homedir = mu_normalize_path (strdup (auth_data->dir), "/");
+  util_chdir (homedir);
-  chdir (homedir);
  namespace_init (homedir);
  syslog (LOG_INFO, _("User `%s' logged in"), username);
  return util_finish (command, RESP_OK, "Completed");