From: eric Date: Fri, 26 Jan 2018 08:00:54 +0000 (+0000) Subject: allow unpriviledged user to run "encrypt" and "spf walk" X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=aee31bfd44eeb894411242c55e28130adccedc22;p=openbsd allow unpriviledged user to run "encrypt" and "spf walk" ok todd@, gilles@, sunil@ --- diff --git a/usr.sbin/smtpd/smtpctl.c b/usr.sbin/smtpd/smtpctl.c index ec2320b0a31..5642d1b5da2 100644 --- a/usr.sbin/smtpd/smtpctl.c +++ b/usr.sbin/smtpd/smtpctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpctl.c,v 1.155 2018/01/06 07:59:27 sunil Exp $ */ +/* $OpenBSD: smtpctl.c,v 1.156 2018/01/26 08:00:54 eric Exp $ */ /* * Copyright (c) 2013 Eric Faurot @@ -69,7 +69,7 @@ static int is_gzip_buffer(const char *); static FILE *offline_file(void); static void sendmail_compat(int, char **); -extern int do_spfwalk(int, struct parameter *); +extern int spfwalk(int, struct parameter *); extern char *__progname; int sendmail; @@ -478,6 +478,29 @@ srv_show_cmd(int cmd, const void *data, size_t len) } while (!done); } +static void +droppriv(void) +{ + struct passwd *pw; + + if (geteuid()) + return; + + if ((pw = getpwnam(SMTPD_USER)) == NULL) + errx(1, "unknown user " SMTPD_USER); + + if ((setgroups(1, &pw->pw_gid) || + setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || + setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))) + err(1, "cannot drop privileges"); +} + +static int +do_permission_denied(int argc, struct parameter *argv) +{ + errx(1, "need root privileges"); +} + static int do_log_brief(int argc, struct parameter *argv) { @@ -906,6 +929,8 @@ do_encrypt(int argc, struct parameter *argv) { const char *p = NULL; + droppriv(); + if (argv) p = argv[0].u.u_str; execl(PATH_ENCRYPT, "encrypt", p, (char *)NULL); @@ -1014,67 +1039,81 @@ do_uncorrupt(int argc, struct parameter *argv) return (0); } +static int +do_spf_walk(int argc, struct parameter *argv) +{ + droppriv(); + + return spfwalk(argc, argv); +} + +#define cmd_install_priv(s, f) \ + cmd_install((s), privileged ? (f) : do_permission_denied) + int main(int argc, char **argv) { gid_t gid; + int privileged; char *argv_mailq[] = { "show", "queue", NULL }; sendmail_compat(argc, argv); - if (geteuid()) - errx(1, "need root privileges"); + privileged = geteuid() == 0; gid = getgid(); if (setresgid(gid, gid, gid) == -1) err(1, "setresgid"); - cmd_install("discover ", do_discover); - cmd_install("discover ", do_discover); + /* Privileged commands */ + cmd_install_priv("discover ", do_discover); + cmd_install_priv("discover ", do_discover); + cmd_install_priv("pause mta from for ", do_block_mta); + cmd_install_priv("resume mta from for ", do_unblock_mta); + cmd_install_priv("show mta paused", do_show_mta_block); + cmd_install_priv("log brief", do_log_brief); + cmd_install_priv("log verbose", do_log_verbose); + cmd_install_priv("monitor", do_monitor); + cmd_install_priv("pause envelope ", do_pause_envelope); + cmd_install_priv("pause envelope ", do_pause_envelope); + cmd_install_priv("pause envelope all", do_pause_envelope); + cmd_install_priv("pause mda", do_pause_mda); + cmd_install_priv("pause mta", do_pause_mta); + cmd_install_priv("pause smtp", do_pause_smtp); + cmd_install_priv("profile ", do_profile); + cmd_install_priv("remove ", do_remove); + cmd_install_priv("remove ", do_remove); + cmd_install_priv("remove all", do_remove); + cmd_install_priv("resume envelope ", do_resume_envelope); + cmd_install_priv("resume envelope ", do_resume_envelope); + cmd_install_priv("resume envelope all", do_resume_envelope); + cmd_install_priv("resume mda", do_resume_mda); + cmd_install_priv("resume mta", do_resume_mta); + cmd_install_priv("resume route ", do_resume_route); + cmd_install_priv("resume smtp", do_resume_smtp); + cmd_install_priv("schedule ", do_schedule); + cmd_install_priv("schedule ", do_schedule); + cmd_install_priv("schedule all", do_schedule); + cmd_install_priv("show envelope ", do_show_envelope); + cmd_install_priv("show hoststats", do_show_hoststats); + cmd_install_priv("show message ", do_show_message); + cmd_install_priv("show message ", do_show_message); + cmd_install_priv("show queue", do_show_queue); + cmd_install_priv("show queue ", do_show_queue); + cmd_install_priv("show hosts", do_show_hosts); + cmd_install_priv("show relays", do_show_relays); + cmd_install_priv("show routes", do_show_routes); + cmd_install_priv("show stats", do_show_stats); + cmd_install_priv("show status", do_show_status); + cmd_install_priv("trace ", do_trace); + cmd_install_priv("uncorrupt ", do_uncorrupt); + cmd_install_priv("unprofile ", do_unprofile); + cmd_install_priv("untrace ", do_untrace); + cmd_install_priv("update table ", do_update_table); + + /* Unprivileged commands */ cmd_install("encrypt", do_encrypt); cmd_install("encrypt ", do_encrypt); - cmd_install("pause mta from for ", do_block_mta); - cmd_install("resume mta from for ", do_unblock_mta); - cmd_install("show mta paused", do_show_mta_block); - cmd_install("log brief", do_log_brief); - cmd_install("log verbose", do_log_verbose); - cmd_install("monitor", do_monitor); - cmd_install("pause envelope ", do_pause_envelope); - cmd_install("pause envelope ", do_pause_envelope); - cmd_install("pause envelope all", do_pause_envelope); - cmd_install("pause mda", do_pause_mda); - cmd_install("pause mta", do_pause_mta); - cmd_install("pause smtp", do_pause_smtp); - cmd_install("profile ", do_profile); - cmd_install("remove ", do_remove); - cmd_install("remove ", do_remove); - cmd_install("remove all", do_remove); - cmd_install("resume envelope ", do_resume_envelope); - cmd_install("resume envelope ", do_resume_envelope); - cmd_install("resume envelope all", do_resume_envelope); - cmd_install("resume mda", do_resume_mda); - cmd_install("resume mta", do_resume_mta); - cmd_install("resume route ", do_resume_route); - cmd_install("resume smtp", do_resume_smtp); - cmd_install("schedule ", do_schedule); - cmd_install("schedule ", do_schedule); - cmd_install("schedule all", do_schedule); - cmd_install("show envelope ", do_show_envelope); - cmd_install("show hoststats", do_show_hoststats); - cmd_install("show message ", do_show_message); - cmd_install("show message ", do_show_message); - cmd_install("show queue", do_show_queue); - cmd_install("show queue ", do_show_queue); - cmd_install("show hosts", do_show_hosts); - cmd_install("show relays", do_show_relays); - cmd_install("show routes", do_show_routes); - cmd_install("show stats", do_show_stats); - cmd_install("show status", do_show_status); - cmd_install("spf walk", do_spfwalk); - cmd_install("trace ", do_trace); - cmd_install("uncorrupt ", do_uncorrupt); - cmd_install("unprofile ", do_unprofile); - cmd_install("untrace ", do_untrace); - cmd_install("update table ", do_update_table); + cmd_install("spf walk", do_spf_walk); if (strcmp(__progname, "mailq") == 0) return cmd_run(2, argv_mailq); diff --git a/usr.sbin/smtpd/spfwalk.c b/usr.sbin/smtpd/spfwalk.c index 1e3ff8fbe67..46bff7086b9 100644 --- a/usr.sbin/smtpd/spfwalk.c +++ b/usr.sbin/smtpd/spfwalk.c @@ -25,7 +25,6 @@ #include #include #include -#include #include #include #include @@ -36,7 +35,7 @@ #include "unpack_dns.h" #include "parser.h" -int do_spfwalk(int, struct parameter *); +int spfwalk(int, struct parameter *); static void dispatch_txt(struct dns_rr *); static void dispatch_mx(struct dns_rr *); @@ -51,9 +50,8 @@ int ip_v6 = 0; int ip_both = 1; int -do_spfwalk(int argc, struct parameter *argv) +spfwalk(int argc, struct parameter *argv) { - struct passwd *pw; const char *ip_family = NULL; char *line = NULL; size_t linesize = 0; @@ -76,14 +74,6 @@ do_spfwalk(int argc, struct parameter *argv) argv += optind; argc -= optind; - if ((pw = getpwnam(SMTPD_USER)) == NULL) - errx(1, "unknown user " SMTPD_USER); - - if (setgroups(1, &pw->pw_gid) || - setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || - setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) - err(1, "do_spfwalk: cannot drop privileges"); - event_init(); while ((linelen = getline(&line, &linesize, stdin)) != -1) {