X-Git-Url: http://git.marmaro.de/?p=mmh;a=blobdiff_plain;f=uip%2Finc.c;h=8947a66e05d093d856738365a836d70b345a255a;hp=f9aae76ad1fb76c6d5ba38b3e47c72942eec9335;hb=ced6090a330d3d83d0bce709f756aa3d7d65fea4;hpb=337338b404931f06f0db2119c9e145e8ca5a9860 diff --git a/uip/inc.c b/uip/inc.c index f9aae76..8947a66 100644 --- a/uip/inc.c +++ b/uip/inc.c @@ -1,28 +1,29 @@ /* - * inc.c -- incorporate messages from a maildrop into a folder - * - * This code is Copyright (c) 2002, by the authors of nmh. See the - * COPYRIGHT file in the root directory of the nmh distribution for - * complete copyright information. - */ +** inc.c -- incorporate messages from a maildrop into a folder +** +** This code is Copyright (c) 2002, by the authors of nmh. See the +** COPYRIGHT file in the root directory of the nmh distribution for +** complete copyright information. +*/ #ifdef MAILGROUP -/* Revised: Sat Apr 14 17:08:17 PDT 1990 (marvit@hplabs) - * Added hpux hacks to set and reset gid to be "mail" as needed. The reset - * is necessary so inc'ed mail is the group of the inc'er, rather than - * "mail". We setgid to egid only when [un]locking the mail file. This - * is also a major security precaution which will not be explained here. - * - * Fri Feb 7 16:04:57 PST 1992 John Romine - * NB: I'm not 100% sure that this setgid stuff is secure even now. - * - * See the *GROUPPRIVS() macros later. I'm reasonably happy with the setgid - * attribute. Running setuid root is probably not a terribly good idea, though. - * -- Peter Maydell , 04/1998 - * - * Peter Maydell's patch slightly modified for nmh 0.28-pre2. - * Ruud de Rooij Wed, 22 Jul 1998 13:24:22 +0200 - */ +/* +** Revised: Sat Apr 14 17:08:17 PDT 1990 (marvit@hplabs) +** Added hpux hacks to set and reset gid to be "mail" as needed. The reset +** is necessary so inc'ed mail is the group of the inc'er, rather than +** "mail". We setgid to egid only when [un]locking the mail file. This +** is also a major security precaution which will not be explained here. +** +** Fri Feb 7 16:04:57 PST 1992 John Romine +** NB: I'm not 100% sure that this setgid stuff is secure even now. +** +** See the *GROUPPRIVS() macros later. I'm reasonably happy with the setgid +** attribute. Running setuid root is probably not a terribly good idea, though. +** -- Peter Maydell , 04/1998 +** +** Peter Maydell's patch slightly modified for nmh 0.28-pre2. +** Ruud de Rooij Wed, 22 Jul 1998 13:24:22 +0200 +*/ #endif #include @@ -68,34 +69,35 @@ static struct swit switches[] = { { "help", 0 }, }; -/* This is an attempt to simplify things by putting all the - * privilege ops into macros. - * *GROUPPRIVS() is related to handling the setgid MAIL property, - * and only applies if MAILGROUP is defined. - * Basically, SAVEGROUPPRIVS() is called right at the top of main() - * to initialise things, and then DROPGROUPPRIVS() and GETGROUPPRIVS() - * do the obvious thing. TRYDROPGROUPPRIVS() has to be safe to call - * before DROPUSERPRIVS() is called [this is needed because setgid() - * sets both effective and real uids if euid is root.] - * - * There's probably a better implementation if we're allowed to use - * BSD-style setreuid() rather than using POSIX saved-ids. - * Anyway, if you're euid root it's a bit pointless to drop the group - * permissions... - * - * I'm pretty happy that the security is good provided we aren't setuid root. - * The only things we trust with group=mail privilege are lkfopen() - * and lkfclose(). - */ +/* +** This is an attempt to simplify things by putting all the +** privilege ops into macros. +** *GROUPPRIVS() is related to handling the setgid MAIL property, +** and only applies if MAILGROUP is defined. +** Basically, SAVEGROUPPRIVS() is called right at the top of main() +** to initialise things, and then DROPGROUPPRIVS() and GETGROUPPRIVS() +** do the obvious thing. TRYDROPGROUPPRIVS() has to be safe to call +** before DROPUSERPRIVS() is called [this is needed because setgid() +** sets both effective and real uids if euid is root.] +** +** There's probably a better implementation if we're allowed to use +** BSD-style setreuid() rather than using POSIX saved-ids. +** Anyway, if you're euid root it's a bit pointless to drop the group +** permissions... +** +** I'm pretty happy that the security is good provided we aren't setuid root. +** The only things we trust with group=mail privilege are lkfopen() +** and lkfclose(). +*/ /* - * For setting and returning to "mail" gid - */ +** For setting and returning to "mail" gid +*/ #ifdef MAILGROUP static int return_gid; -/* easy case; we're not setuid root, so can drop group privs - * immediately. - */ +/* +** easy case; we're not setuid root, so can drop group privs immediately. +*/ #define TRYDROPGROUPPRIVS() DROPGROUPPRIVS() #define DROPGROUPPRIVS() setgid(getgid()) #define GETGROUPPRIVS() setgid(return_gid) @@ -108,14 +110,17 @@ static int return_gid; #define SAVEGROUPPRIVS() #endif /* not MAILGROUP */ -/* these variables have to be globals so that done() can correctly clean up the lockfile */ +/* +** these variables have to be globals so that done() can correctly clean +** up the lockfile +*/ static int locked = 0; static char *newmail; static FILE *in; /* - * prototypes - */ +** prototypes +*/ char *map_name(char *); static void inc_done(int) NORETURN; @@ -127,7 +132,10 @@ main (int argc, char **argv) int chgflag = 1, trnflag = 1; int noisy = 1, width = 0; int hghnum = 0, msgnum = 0; - int incerr = 0; /* <0 if inc hits an error which means it should not truncate mailspool */ + int incerr = 0; /* + ** <0 if inc hits an error which means it should + ** not truncate mailspool + */ char *cp, *maildir = NULL, *folder = NULL; char *format = NULL, *form = NULL; char *audfile = NULL, *from = NULL; @@ -145,9 +153,10 @@ main (int argc, char **argv) done=inc_done; -/* absolutely the first thing we do is save our privileges, - * and drop them if we can. - */ +/* +** absolutely the first thing we do is save our privileges, +** and drop them if we can. +*/ SAVEGROUPPRIVS(); TRYDROPGROUPPRIVS(); @@ -197,12 +206,12 @@ main (int argc, char **argv) continue; /* - * The flag `trnflag' has the value: - * - * 2 if -truncate is given - * 1 by default (truncating is default) - * 0 if -notruncate is given - */ + ** The flag `trnflag' has the value: + ** + ** 2 if -truncate is given + ** 1 by default (truncating is default) + ** 0 if -notruncate is given + */ case TRNCSW: trnflag = 2; continue; @@ -216,9 +225,9 @@ main (int argc, char **argv) from = path (cp, TFILE); /* - * If the truncate file is in default state, - * change to not truncate. - */ + ** If the truncate file is in default state, + ** change to not truncate. + */ if (trnflag == 1) trnflag = 0; continue; @@ -258,16 +267,17 @@ main (int argc, char **argv) } } - /* NOTE: above this point you should use TRYDROPGROUPPRIVS(), - * not DROPGROUPPRIVS(). - */ + /* + ** NOTE: above this point you should use TRYDROPGROUPPRIVS(), + ** not DROPGROUPPRIVS(). + */ /* guarantee dropping group priveleges; we might not have done so earlier */ DROPGROUPPRIVS(); /* - * We will get the mail from a file - * (typically the standard maildrop) - */ + ** We will get the mail from a file + ** (typically the standard maildrop) + */ if (from) newmail = from; else if ((newmail = getenv ("MAILDROP")) && *newmail) @@ -295,9 +305,10 @@ main (int argc, char **argv) adios (maildir, "error allocating memory to copy maildir"); if (!folder_exists(maildir)) { - /* If the folder doesn't exist, and we're given the -silent flag, - * just fail. - */ + /* + ** If the folder doesn't exist, and we're given the -silent + ** flag, just fail. + */ if (noisy) create_folder(maildir, 0, done); else @@ -371,15 +382,15 @@ main (int argc, char **argv) } /* - * Get the mail from file (usually mail spool) - */ + ** Get the mail from file (usually mail spool) + */ m_unknown (in); /* the MAGIC invocation... */ hghnum = msgnum = mp->hghmsg; for (;;) { /* - * Check if we need to allocate more space for message status. - * If so, then add space for an additional 100 messages. - */ + ** Check if we need to allocate more space for message status. + ** If so, then add space for an additional 100 messages. + */ if (msgnum >= mp->hghoff && !(mp = folder_realloc (mp, mp->lowoff, mp->hghoff + 100))) { advise (NULL, "unable to allocate folder storage"); @@ -412,8 +423,8 @@ main (int argc, char **argv) case SCNMSG: case SCNENC: /* - * Run the external program hook on the message. - */ + ** Run the external program hook on the message. + */ (void)snprintf(b, sizeof (b), "%s/%d", maildir_copy, msgnum + 1); (void)ext_hook("add-hook", b, (char *)0); @@ -437,9 +448,10 @@ main (int argc, char **argv) mp->msgflags |= SEQMOD; continue; } - /* If we get here there was some sort of error from scan(), - * so stop processing anything more from the spool. - */ + /* + ** If we get here there was some sort of error from scan(), + ** so stop processing anything more from the spool. + */ break; } @@ -447,7 +459,10 @@ main (int argc, char **argv) if (locked) { GETGROUPPRIVS(); /* Be sure we can unlock mail file */ (void) lkfclose (in, newmail); in = NULL; - DROPGROUPPRIVS(); /* And then return us to normal privileges */ + DROPGROUPPRIVS(); /* + ** And then return us to normal + ** privileges + */ } else { fclose (in); in = NULL; } @@ -466,8 +481,8 @@ main (int argc, char **argv) fflush (stdout); /* - * truncate file we are incorporating from - */ + ** truncate file we are incorporating from + */ if (trnflag) { if (stat (newmail, &st) != NOTOK && s1.st_mtime != st.st_mtime) advise (NULL, "new messages have arrived!\007"); @@ -479,9 +494,8 @@ main (int argc, char **argv) admonish (newmail, "error zero'ing"); unlink(map_name(newmail)); } - } else { - if (noisy) - printf ("%s not zero'd\n", newmail); + } else if (noisy) { + printf ("%s not zero'd\n", newmail); } if (msgnum == hghnum) { @@ -498,8 +512,8 @@ main (int argc, char **argv) } /* - * unlock the mail spool - */ + ** unlock the mail spool + */ if (locked) { GETGROUPPRIVS(); /* Be sure we can unlock mail file */ (void) lkfclose (in, newmail); in = NULL;